CN116720212A - File protection method and device, computer equipment and computer readable storage medium - Google Patents
File protection method and device, computer equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN116720212A CN116720212A CN202311000150.8A CN202311000150A CN116720212A CN 116720212 A CN116720212 A CN 116720212A CN 202311000150 A CN202311000150 A CN 202311000150A CN 116720212 A CN116720212 A CN 116720212A
- Authority
- CN
- China
- Prior art keywords
- file
- target
- executable
- client
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 230000006870 function Effects 0.000 claims description 56
- 239000011159 matrix material Substances 0.000 claims description 16
- 230000006837 decompression Effects 0.000 claims description 15
- 238000012545 processing Methods 0.000 claims description 15
- 230000007613 environmental effect Effects 0.000 claims description 14
- 230000004044 response Effects 0.000 claims description 10
- 238000002513 implantation Methods 0.000 claims description 3
- 238000004590 computer program Methods 0.000 description 7
- 238000013461 design Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 3
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000007943 implant Substances 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 230000007480 spreading Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
- G06F8/44—Encoding
- G06F8/447—Target code generation
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Automation & Control Theory (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a file protection method and device, a computer device and a computer readable storage medium, wherein the method comprises the following steps: responding to a downloading request aiming at a target file, and acquiring an executable file frame with a preset protection function; implanting the target file into the appointed position of the executable file frame to obtain an intermediate file, and setting the protection association information of the target file as the configuration information of the intermediate file; converting the intermediate file into an executable file in an EXE format through a GCC compiling mode; and sending the executable file to a client side sending the downloading request, so that the client side obtains the temporary access right of the target file after decrypting the executable file. According to the technical scheme, the downloaded file is conveniently monitored and managed remotely by the file provider, and legal rights enjoyed by the file provider are protected.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and apparatus for protecting a file, a computer device, and a computer readable storage medium.
Background
With the development of science and technology, file providers often can allow others to obtain files by providing download functions. However, after other people acquire the file, the file provider is difficult to monitor the subsequent processing condition of the file, which easily causes the illegal copying, using, changing, spreading and other conditions of the file to damage the legal interests of the file provider.
Therefore, how to effectively monitor and manage the downloaded file by the file provider becomes a technical problem to be solved in the present day.
Disclosure of Invention
The embodiment of the application provides a file protection method and device, computer equipment and a computer readable storage medium, and aims to solve the technical problem that a file provider in the related art is difficult to monitor and manage a downloaded file.
In a first aspect, an embodiment of the present application provides a file protection method, including:
responding to a downloading request aiming at a target file, acquiring an executable file frame with a preset protection function, wherein the preset protection function comprises file encryption and at least one of file previewing, file decompressing, file operation tracing and file overtime processing, and is used for protecting an object positioned at a designated position in the executable file frame;
Implanting the target file into the appointed position of the executable file frame to obtain an intermediate file, and setting protection association information of the target file as configuration information of the intermediate file, wherein the protection association information comprises: the unique identifier of the downloading request, the request sending date of the downloading request, the file encryption type, the file MD5 value and the file validity period;
converting the intermediate file into an executable file in an EXE format through a GCC compiling mode;
and sending the executable file to a client side sending the downloading request, so that the client side obtains the temporary access right of the target file after decrypting the executable file.
In a second aspect, an embodiment of the present application provides a file protection device, including:
an executable file frame obtaining unit, configured to obtain an executable file frame with a preset protection function in response to a download request for a target file, where the preset protection function includes file encryption, and at least one of file preview, file decompression, file operation tracing and file timeout processing, and is configured to protect an object located at a specified position in the executable file frame;
The target file implantation unit is used for implanting the target file into the appointed position of the executable file frame to obtain an intermediate file, and setting protection association information of the target file as configuration information of the intermediate file, wherein the protection association information comprises: the unique identifier of the downloading request, the request sending date of the downloading request, the file encryption type, the file MD5 value and the file validity period;
the executable file generation unit is used for converting the intermediate file into an executable file in an EXE format in a GCC compiling mode;
and the executable file issuing unit is used for sending the executable file to a client side sending the downloading request, so that the client side obtains the temporary access right of the target file after decrypting the executable file.
In a third aspect, an embodiment of the present application provides a computer apparatus, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions being arranged to perform the method of the first aspect described above.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium storing computer-executable instructions for performing the method of the first aspect.
According to the technical scheme, the technical problem that the file provider in the related art is difficult to monitor and manage the downloaded file is solved, when the download request is faced, the target file requested to be downloaded by the download request is embedded into the executable file frame, the protection associated information of the target file is used as the configuration information of the executable file frame, and the executable file frame embedded with the target file is compiled into the executable file in the EXE format and is used as the download content fed back to the client side sending the download request. Therefore, the method and the device can realize real-time shell adding of the target file requested to be downloaded by the downloading request when the downloading request is received, are convenient for a file provider to remotely monitor and manage the downloaded file, improve the safety of the file, and are beneficial to protecting legal rights enjoyed by the file provider on the file.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 illustrates a flow chart of a method of file protection according to one embodiment of the application;
FIG. 2 shows a flow chart of a method of file protection according to another embodiment of the application;
FIG. 3 shows a block diagram of a file protection device according to one embodiment of the application;
FIG. 4 shows a block diagram of a computer device according to one embodiment of the application;
FIG. 5 illustrates a block diagram of a computer device according to one embodiment of the application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
FIG. 1 illustrates a flow chart of a method of file protection according to one embodiment of the application.
As shown in fig. 1, a file protection method according to an embodiment of the present application includes:
step 102, an executable file frame with a preset protection function is obtained in response to a downloading request for a target file, wherein the preset protection function comprises file encryption and at least one of file preview, file decompression, file operation tracing and file overtime processing, and is used for protecting an object located at a designated position in the executable file frame.
The object file refers to a downloadable file provided by a file provider, and the file types include docx, doc, rtf, txt, xltx, xls, xlsm, xlsb, csv, xml, pptx, ppt, xps,. Key,. Pages, rar, etc., and may also be any other file types capable of being downloaded by means of a network, such as a picture file, an audio file, a video file, etc., which are not limited herein.
The downloading request aiming at the target file is sent to the file provider by the file downloading request party, and the file provider can be any object which can provide the file downloading function, such as a server side, a platform and the like, and the file downloading request party is any object with the file downloading function, such as a mobile phone, a computer and the like.
Once the file provider receives the downloading request for the target file, the executable file frame is obtained, and the executable file frame has a preset protection function and is used for protecting the object positioned at the appointed position in the executable file frame. In other words, the retrieval of the executable file frame facilitates further protection processing of the target file.
Step 104, implanting the target file into the designated position of the executable file frame to obtain an intermediate file, and setting protection association information of the target file as configuration information of the intermediate file, wherein the protection association information comprises: the unique identification of the download request, the request sending date of the download request, the file encryption type, the file MD5 value and the file validity period.
Implanting the target file into the appointed position of the executable file frame is equivalent to setting the target file as a protected object positioned at the appointed position in the executable file frame. The protection association information of the target file is used for perfecting the preset protection function of the executable file frame on the target file after the target file is implanted into the executable file frame.
In one possible design, the preset protection function of the executable file frame includes file encryption. And encrypting the target file according to the protection association information of the target file when the target file is implanted in the appointed position of the executable file frame.
The unique identifier of the download request refers to a unique identifier for marking the download request or the download task, that is, the unique identifier of the download request. For the same file, the unique identifiers corresponding to the same file when the same file is downloaded through different downloading requests are different. On the basis, when the preset protection function of file encryption is executed on the target file, the unique identifier of the download request can be used as one of conditions for generating the file encryption key, so that the target file obtained by each download request is ensured to have different keys.
The file encryption type comprises two types of file preview encryption and file compression encryption, namely, aiming at the preview requirement of a file download requester and the requirement of file opening and viewing, keys which respectively adapt to the respective security requirements of file preview and file opening and viewing can be provided.
In one possible design, the keys required for file previews are consistent with the keys required for file decompression.
In another possible design, the file preview and the file decompress each have separate keys.
In one possible design, at least two items of protection related information of the target file are spliced through specified splicing characters or random splicing characters to obtain splicing information; acquiring an MD5 value of the splicing information; and determining a character string formed by characters with specific bit numbers in the MD5 value of the splicing information as a temporary key used for encrypting the file, and obtaining the temporary access authority of the target file by inputting the temporary key when the client accesses the executable file, wherein the temporary key comprises a preview key and a decompression key.
Optionally, if the file encryption type of the target file is file Preview encryption, splicing the unique identifier of the download request of the target file, the MD5 value of the file and the request sending date of the download request with a specified splicing character #preview# to obtain a first character string, taking the MD5 value of the first character string, and intercepting the last six bits of the MD5 value of the first character string as a temporary key, that is, a Preview key, of the target file in the request sending date.
Optionally, if the file encryption type of the target file is file compression encryption, splicing the unique identifier of the download request of the target file, the MD5 value of the file and the request sending date of the download request with a designated splicing character #decompensation# to obtain a second character string, taking the MD5 value of the second character string, and intercepting the second to seventh bits of the MD5 value of the first character string as the temporary key, that is, the Decompression key, of the target file in the request sending date.
In another possible design, a JSON string may be generated based on at least two items of protection-related information for the target file; obtaining an MD5 value of the JSON character string; and determining a character string formed by characters with designated bit numbers in the MD5 value of the JSON character string as a temporary key used for encrypting the file, and obtaining the temporary access authority of the target file by inputting the temporary key when the client accesses the executable file, wherein the temporary key comprises a preview key and a decompression key.
Optionally, a JSON string is generated based on the unique identifier of the download request of the target file and the MD5 value of the file, and then the last six bits of the MD5 value of the JSON string are used as the temporary key, i.e. the preview key, of the target file requested to be downloaded by the download request.
Optionally, a JSON string is generated based on the unique identifier of the download request of the target file, the request sending date of the download request, and the file validity period, and then the last six bits of the MD5 value of the JSON string are used as the temporary key, that is, the preview key, of the target file requested to be downloaded by the download request.
Of course, the protection association information used to generate the splice information and JSON string may be any single protection association information or a combination of multiple protection association information, without being limited to the above examples. The specified splice characters include, but are not limited to, # Preview #, and #Decompression #, but can be any other character. The character of the designated number of bits in the MD5 value is not limited to the last six bits or the second to seventh bits in the above example, but may be any designated six-bit character or any random six-bit character in the MD5 value.
In addition, the preset protection function of the executable file frame further comprises file previewing, file decompressing, file operation tracing and file overtime processing on the basis of file encrypting, namely when a file downloading request party executes file previewing, file decompressing and file operation on a target file and the time length after file downloading exceeds the valid period of the file, the file provider can perform corresponding safety control processing on the target file.
Specifically, when the file download requester performs file preview and file decompression operations on the target file, the target file needs to be previewed or decompressed to be checked by inputting a preview key or a decompression key through the executable file frame. When the file download requester performs other operations except file preview and file decompression on the target file, the executable file framework can trace the other operations, namely obtain information such as operation time and operation user of the other operations, and send the information to the file provider so as to comprehensively control and manage any operation on the target file by the file provider. If the time length after downloading the target file exceeds the valid period of the file, the executable file frame refuses any operation of a file downloading requester under the file overtime processing function of the executable file frame, so that the information security of the target file is protected.
And step 106, converting the intermediate file into an executable file in an EXE format through a GCC compiling mode.
GCC (GNU Compiler Collection) is a programming language compiler, which can support multiple languages such as c language, c++, fortran and Java, and has high compiling efficiency and high compiling speed. The intermediate file at this time refers to an executable file frame in which the target file is implanted and the protection related information of the target file is taken as configuration information, and the intermediate file can be compiled into an executable file in EXE format by adopting a GCC compiling mode, which is equivalent to packaging the intermediate file, so as to realize any technical scheme.
And step 108, the executable file is sent to the client side sending the downloading request, so that the client side obtains the temporary access right of the target file after decrypting the executable file.
And finally, sending the executable file in the EXE format to a client side which sends the downloading request, namely a file downloading requester, as the downloading content. The download content obtained by the client side sending the download request is an executable file obtained by converting an executable file frame implanted with the target file and taking the protection association information of the target file as configuration information. The executable file is equivalent to a layer of shell relative to the target file, and a file provider can realize remote control of the downloaded target file by means of the layer of shell.
According to the technical scheme, when the downloading request is faced, the target file requested to be downloaded by the downloading request is embedded into the executable file frame, protection related information of the target file is used as configuration information of the executable file frame, and the executable file frame embedded with the target file is compiled into the executable file in the EXE format and is used as feedback to be the downloading content of the client side sending the downloading request. Therefore, the method and the device can realize real-time shell adding of the target file requested to be downloaded by the downloading request when the downloading request is received, are convenient for a file provider to remotely monitor and manage the downloaded file, improve the safety of the file, and are beneficial to protecting legal rights enjoyed by the file provider on the file.
Fig. 2 shows a flow chart of a file protection method according to another embodiment of the application.
As shown in fig. 2, a file protection method according to another embodiment of the present application includes:
step 202, determining a preset protection function of a target file in response to a downloading request for the target file.
The security requirements of the files have high and low differences due to different file contents and file types, and correspondingly, the types of the preset protection functions required by the files also have differences. Therefore, one or more preset protection functions required by different target files can be selected for the target files so as to adapt to the actual security requirements of the files.
Step 204, selecting a target executable code template corresponding to the preset protection function from preset executable code templates.
For this, a plurality of executable code templates for protecting and setting the target file when receiving the download request can be preset, and the target executable code template corresponding to the preset protection function is selected based on the preset protection function required by the target file requested to be downloaded by the download request, so as to set the preset protection function.
And 206, filling the target executable code template based on the protection association information of the target file, and setting the filled target executable code template at the file head of the executable file frame.
The unique protection association information of the target file can be implanted into a target executable code template corresponding to a preset protection function required by the target file, so that the filled target executable code template has the protection function which is suitable for the security requirement of the target file.
Further, the filled target executable code template can be arranged at the file head of the executable file frame, so that the executable file frame has the preset protection function required by the target file.
Step 208, if the number of the target executable code templates is plural, acquiring the environmental security information of the client that sends the download request.
If the number of the target executable code templates is multiple, it is indicated that there are multiple preset protection functions required by the target file, and the target file generates a synchronous requirement for the multiple preset protection functions, so that the executable file frame preferentially executes which preset protection function is a problem to be solved.
For this purpose, the environmental security information of the client that sent the download request may be obtained first, where this environmental security information reflects the security level of the client, and the security level of the client is closely related to the protection function implemented on the target file. Therefore, the environment security information of the client side sending the download request can be used as the basis for judging which preset protection function is executed preferentially.
The environmental security information includes, but is not limited to, a total amount of downloaded files of the client in a unit period, a total amount of downloaded files of a file type to which the target file belongs, a total number of issuing history download requests, a number of issuing first history download requests for the target file, a number of refused first history download requests, a number of issuing second history download requests for the file of the file type to which the target file belongs, and a number of refused second history download requests, and a number of outgoing files of the client in a unit period, a number of outgoing files refused, a number of outgoing files of a file of the file type to which the target file belongs, and a number of outgoing files of the file type to which the target file belongs.
Step 210, calculating the confidence of the client based on the environmental security information.
Step 212, determining the security level to which the confidence of the client belongs.
The environmental security information of the client reflects the degree of trustworthiness, i.e. the confidence level, of the client in a security dimension. The confidence level reflects the security level of the client correspondingly.
In one possible design, the confidence level is calculated in the following way: and obtaining a first evolution value of the product of every three items of environment safety information of the client to form a first feature vector, wherein the first feature vector is used for reflecting the common influence of every three items of environment safety information of the client on the safety of the client.
And then, obtaining a second evolution value of the product of every fourth item of the environment safety information of the client to form a second feature vector, wherein the second feature vector is used for reflecting the common influence of every fourth item of the environment safety information of the client on the safety of the client.
Then, a third evolution value of the product of every five items of the environmental security information of the client is obtained; and overlapping and splicing the first characteristic vector and the second characteristic vector to obtain a splicing matrix, and randomly filling a plurality of third square values in blank positions of the second characteristic vector in the splicing matrix.
The splice matrix reflects the distribution condition of the common influence of every three items of the environment safety information of the client on the client safety and the common influence of every four items of the environment safety information on the client safety, and the third evolution value is used for reflecting the common influence of every five items of the environment safety information of the client on the client safety. Each item of environment safety information corresponds to one presentation dimension of the client safety, and each of the combination of every three items of environment safety information, the combination of every four items of environment safety information and the combination of every five items of environment safety information is one presentation dimension of the client safety. Therefore, the blank elements of the splicing matrix are subjected to the position by the third evolution value, so that the statistical loss of the common influence on the environmental safety information caused by the loss of the elements of the splicing matrix can be avoided, the safety dimension which can be reflected by the splicing matrix is expanded, and the accurate representation of the client safety by the splicing matrix is realized.
Finally, based on the filled splicing matrix, the confidence of the client is determined.
Optionally, taking the rank of the filled splicing matrix as the confidence of the client.
Optionally, taking the evolution value of the rank of the filled splicing matrix as the confidence of the client.
Step 214, determining the execution priority of the preset protection function corresponding to each of the target executable code templates based on the weights corresponding to the target executable code templates under the security level.
Each target executable code template has a preset weight at each security level, the weight reflecting the protection contribution level of the preset protection function corresponding to the target executable code template under the security level.
Specifically, for each of the target executable code templates, a ratio of the client's confidence level over a historical period to the current confidence level may be obtained, the ratio being used to reflect a confidence level variation ratio of the client.
And then, updating the weight corresponding to the target executable code template under the security level based on the ratio to obtain an updated weight, wherein the updated weight is the product of the weight before updating and the ratio. The confidence coefficient variation proportion of the client is used as a weight variation coefficient of the target executable code template, and the weight of the target executable code template is updated.
For example, the security level is classified into high, medium and low levels, for a target executable code template for performing file operation tracing, the current confidence of 7 months under the three security levels of high, medium and low is respectively 0.45, 0.75 and 0.8, and the historical confidence of 6 months under the three security levels of high, medium and low is respectively 0.3, 0.5 and 0.8, and then the ratio of the confidence of the three weights in the historical period to the current confidence is respectively 1.5, 1.5 and 1. In addition, the weights of 6 months under the three safety levels of high, medium and low are respectively 0.1, 0.15 and 0.2, and then the updated weights of 7 months under the three safety levels of high, medium and low are respectively 0.15, 0.025 and 0.2 based on the update coefficient distributions of 1.5, 1.5 and 1 are respectively corrected.
And finally, sorting the plurality of target executable code templates from large to small according to the updated weights, and determining the execution priority of the preset protection function corresponding to each of the plurality of target executable code templates according to the sorting result.
And after the updated weights of the target executable code templates under each security level are calculated, sequencing the target executable code templates under each security level from large to small according to the updated weights of the target executable code templates to determine the execution priority of the target executable code templates.
Step 216, implanting the target file into the designated position of the executable file frame to obtain an intermediate file, and setting protection association information of the target file as configuration information of the intermediate file, wherein the protection association information includes: the unique identification of the download request, the request sending date of the download request, the file encryption type, the file MD5 value and the file validity period.
And step 218, converting the intermediate file into an executable file in an EXE format in a GCC compiling mode.
Step 220, the executable file is sent to the client side sending the downloading request, so that the client side obtains the temporary access right of the target file after decrypting the executable file.
According to the technical scheme, the actual safety protection requirement of the target file can be effectively judged, and the preset protection function corresponding to the target executable code template with higher safety protection requirement is preferentially executed based on the actual safety protection requirement, so that the safety of the target file is improved, and the management and control capability of a file provider of the target file on the downloaded target file is ensured.
FIG. 3 shows a block diagram of a file protection device according to one embodiment of the application.
As shown in fig. 3, a file protection apparatus 300 according to an embodiment of the present application includes:
an executable file frame obtaining unit 302, configured to obtain an executable file frame with a preset protection function in response to a download request for a target file, where the preset protection function includes file encryption, and at least one of file previewing, file decompressing, file operation tracing, and file timeout processing, and is configured to protect an object located at a specified position in the executable file frame;
an object file implantation unit 304, configured to implant the object file into a specified position of the executable file frame to obtain an intermediate file, and set protection association information of the object file as configuration information of the intermediate file, where the protection association information includes: the unique identifier of the downloading request, the request sending date of the downloading request, the file encryption type, the file MD5 value and the file validity period;
an executable file generating unit 306, configured to convert the intermediate file into an executable file in EXE format in a GCC compiling manner;
and the executable file issuing unit 308 is configured to send the executable file to a client that sends the download request, so that the client obtains the temporary access right of the target file after decrypting the executable file.
The file protection device 300 further includes:
the first encryption unit is used for splicing at least two items of protection association information of the target file through specified splicing characters or random splicing characters to obtain splicing information; acquiring an MD5 value of the splicing information; and determining a character string formed by characters with specific bit numbers in the MD5 value of the splicing information as a temporary key used for encrypting the file, and obtaining the temporary access authority of the target file by inputting the temporary key when the client accesses the executable file, wherein the temporary key comprises a preview key and a decompression key.
The file protection device 300 further includes:
the second encryption unit is used for generating a JSON character string based on at least two items of protection association information of the target file; obtaining an MD5 value of the JSON character string; and determining a character string formed by characters with designated bit numbers in the MD5 value of the JSON character string as a temporary key used for encrypting the file, and obtaining the temporary access authority of the target file by inputting the temporary key when the client accesses the executable file, wherein the temporary key comprises a preview key and a decompression key.
The executable file frame acquisition unit 302 is configured to:
responding to a downloading request aiming at a target file, and determining a preset protection function of the target file; selecting a target executable code template corresponding to the preset protection function from preset executable code templates; and filling the target executable code template based on the protection association information of the target file, and setting the filled target executable code template at the file head of the executable file frame.
The file protection device 300 further includes:
an environmental security information obtaining unit, configured to obtain, if the number of the target executable code templates is multiple, environmental security information of a client that sends the download request, where the environmental security information includes a total amount of files downloaded by the client in a unit period, a total amount of files downloaded for a file type to which the target file belongs, a total number of times of sending a history download request, a number of times of sending a first history download request for the target file, a number of times of refusing the first history download request, a number of times of sending a second history download request for a file of a file type to which the target file belongs, and a number of times of refusing the second history download request, and a number of times of file outgoing, a refusing file outgoing, a number of times of outgoing of files of a file type to which the target file belongs, and a number of times of outgoing of files of a file type to which the target file belongs in the unit period;
The confidence calculating unit is used for calculating the confidence of the client based on the environment safety information;
the security level determining unit is used for determining the security level to which the confidence coefficient of the client belongs;
and the execution priority determining unit is used for determining the execution priority of the preset protection function corresponding to each of the target executable code templates based on the weights corresponding to the target executable code templates under the security level.
Wherein, the confidence coefficient calculating unit is used for:
acquiring a first evolution value of the product of every three items of environment safety information of the client to form a first feature vector; acquiring a second evolution value of the product of every four items of environment safety information of the client to form a second feature vector; acquiring a third evolution value of the product of every five items of the environmental security information of the client; overlapping and splicing the first characteristic vector and the second characteristic vector to obtain a splicing matrix, and randomly filling a plurality of third square values in blank positions of the second characteristic vector in the splicing matrix; and determining the confidence of the client based on the filled splicing matrix.
The confidence calculating unit is used for:
for each target executable code template, obtaining the ratio of the confidence coefficient of the client in a historical period to the current confidence coefficient; updating the weight corresponding to the target executable code template under the security level based on the ratio to obtain an updated weight, wherein the updated weight is the product of the weight before updating and the ratio; and sorting the plurality of target executable code templates from large to small according to the updated weights, and determining the execution priority of the preset protection function corresponding to each of the plurality of target executable code templates according to the sorting result.
The document protection device 300 uses the solution described in any of the above embodiments, and therefore, has all the technical effects described above, and will not be described herein.
In addition, in one embodiment, the present application provides a computer device, which may be a server, and an internal structure diagram thereof may be as shown in fig. 4. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes non-volatile and/or volatile storage media and internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the computer device is for communicating with an external client via a network connection. The computer program may implement the file protection method according to any of the above embodiments when executed by a processor.
In one embodiment, the present application also provides a computer device, which may be a client, and an internal structure thereof may be as shown in fig. 5. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the computer device is for communicating with an external server via a network connection. The computer program may implement the file protection method according to any of the above embodiments when executed by a processor.
Any of the computer devices described above in accordance with embodiments of the present application exist in a variety of forms including, but not limited to:
(1) A mobile communication device: such devices are characterized by mobile communication capabilities and are primarily aimed at providing voice, data communications. Such terminals include: smart phones (e.g., iPhone), multimedia phones, functional phones, and low-end phones, etc.
(2) Ultra mobile personal computer device: such devices are in the category of personal computers, having computing and processing functions, and generally also having mobile internet access characteristics. Such terminals include: PDA, MID, and UMPC devices, etc., such as iPad.
(3) Portable entertainment device: such devices may display and play multimedia content. The device comprises: audio, video players (e.g., iPod), palm game consoles, electronic books, and smart toys, wearable devices, and portable car navigation devices.
(4) And (3) a server: the configuration of the server includes a processor, a hard disk, a memory, a system bus, and the like, and the server is similar to a general computer architecture, but is required to provide highly reliable services, and thus has high requirements in terms of processing capacity, stability, reliability, security, scalability, manageability, and the like.
(5) Other electronic devices with data interaction function.
In addition, an embodiment of the present application provides a computer-readable storage medium storing computer-executable instructions for performing the steps of:
responding to a downloading request aiming at a target file, acquiring an executable file frame with a preset protection function, wherein the preset protection function comprises file encryption and at least one of file previewing, file decompressing, file operation tracing and file overtime processing, and is used for protecting an object positioned at a designated position in the executable file frame;
Implanting the target file into the appointed position of the executable file frame to obtain an intermediate file, and setting protection association information of the target file as configuration information of the intermediate file, wherein the protection association information comprises: the unique identifier of the downloading request, the request sending date of the downloading request, the file encryption type, the file MD5 value and the file validity period;
converting the intermediate file into an executable file in an EXE format through a GCC compiling mode;
and sending the executable file to a client side sending the downloading request, so that the client side obtains the temporary access right of the target file after decrypting the executable file.
It should be noted that, the functions or steps that can be implemented by the computer readable storage medium or the computer device may correspond to the relevant descriptions in the foregoing method embodiments, and are not described herein for avoiding repetition.
The technical scheme of the application is described in detail above with reference to the accompanying drawings, by which when the downloading request is faced, the target file requested to be downloaded by the downloading request is embedded into the executable file frame, the protection associated information of the target file is used as the configuration information of the executable file frame, and then the executable file frame embedded with the target file is compiled into the executable file in the EXE format and is used as the downloading content fed back to the client side sending the downloading request. Therefore, the method and the device can realize real-time shell adding of the target file requested to be downloaded by the downloading request when the downloading request is received, are convenient for a file provider to remotely monitor and manage the downloaded file, improve the safety of the file, and are beneficial to protecting legal rights enjoyed by the file provider on the file.
It should be understood that although the terms first, second, etc. may be used in embodiments of the present application to describe historical download requests, these historical download requests should not be limited to these terms. These terms are only used to distinguish historical download requests from one another. For example, a first historical download request may also be referred to as a second historical download request, and similarly, a second historical download request may also be referred to as a first historical download request without departing from the scope of embodiments of the present application.
Depending on the context, the word "if" as used herein may be interpreted as "at … …" or "at … …" or "in response to a determination" or "in response to detection". Similarly, the phrase "if determined" or "if detected (stated condition or event)" may be interpreted as "when determined" or "in response to determination" or "when detected (stated condition or event)" or "in response to detection (stated condition or event), depending on the context.
The terminology used in the embodiments of the application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the elements is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple elements or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in hardware plus software functional units.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
The above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention, and are intended to be included in the scope of the present invention.
Claims (10)
1. A method of protecting a document, comprising:
responding to a downloading request aiming at a target file, acquiring an executable file frame with a preset protection function, wherein the preset protection function comprises file encryption and at least one of file previewing, file decompressing, file operation tracing and file overtime processing, and is used for protecting an object positioned at a designated position in the executable file frame;
implanting the target file into the appointed position of the executable file frame to obtain an intermediate file, and setting protection association information of the target file as configuration information of the intermediate file, wherein the protection association information comprises: the unique identifier of the downloading request, the request sending date of the downloading request, the file encryption type, the file MD5 value and the file validity period;
Converting the intermediate file into an executable file in an EXE format through a GCC compiling mode;
and sending the executable file to a client side sending the downloading request, so that the client side obtains the temporary access right of the target file after decrypting the executable file.
2. The method of file protection according to claim 1, further comprising:
splicing at least two items of protection association information of the target file through specified splicing characters or random splicing characters to obtain splicing information;
acquiring an MD5 value of the splicing information;
and determining a character string formed by characters with specific bit numbers in the MD5 value of the splicing information as a temporary key used for encrypting the file, and obtaining the temporary access authority of the target file by inputting the temporary key when the client accesses the executable file, wherein the temporary key comprises a preview key and a decompression key.
3. The method of file protection according to claim 1, further comprising:
generating a JSON character string based on at least two items of protection association information of the target file;
obtaining an MD5 value of the JSON character string;
And determining a character string formed by characters with designated bit numbers in the MD5 value of the JSON character string as a temporary key used for encrypting the file, and obtaining the temporary access authority of the target file by inputting the temporary key when the client accesses the executable file, wherein the temporary key comprises a preview key and a decompression key.
4. The method according to claim 1, wherein the obtaining, in response to the download request for the target file, an executable file frame having a preset protection function includes:
responding to a downloading request aiming at a target file, and determining a preset protection function of the target file;
selecting a target executable code template corresponding to the preset protection function from preset executable code templates;
and filling the target executable code template based on the protection association information of the target file, and setting the filled target executable code template at the file head of the executable file frame.
5. The method of file protection according to claim 4, further comprising:
if the number of the target executable code templates is a plurality of, acquiring the environment security information of the client side sending the downloading request, wherein,
The environment security information comprises the total amount of downloaded files of the client in a unit time period, the total amount of downloaded files of the file type of the target file, the total number of sending out history downloading requests, the number of sending out first history downloading requests of the target file, the number of refused first history downloading requests, the number of sending out second history downloading requests of the file type of the target file and the number of refused second history downloading requests, and the number of outgoing files of the client in the unit time period, the number of outgoing files refused, the number of outgoing files of the file type of the target file and the number of outgoing files of the file type of the target file refused;
calculating the confidence coefficient of the client based on the environment safety information;
determining the security level to which the confidence of the client belongs;
and determining the execution priority of the preset protection function corresponding to each of the target executable code templates based on the weights corresponding to the target executable code templates under the security level.
6. The method according to claim 5, wherein calculating the confidence level of the client based on the environmental security information includes:
Acquiring a first evolution value of the product of every three items of environment safety information of the client to form a first feature vector;
acquiring a second evolution value of the product of every four items of environment safety information of the client to form a second feature vector;
acquiring a third evolution value of the product of every five items of the environmental security information of the client;
overlapping and splicing the first characteristic vector and the second characteristic vector to obtain a splicing matrix, and randomly filling a plurality of third square values in blank positions of the second characteristic vector in the splicing matrix;
and determining the confidence of the client based on the filled splicing matrix.
7. The method according to claim 5, wherein determining the execution priority of the preset protection function corresponding to each of the plurality of target executable code templates based on the weights corresponding to the plurality of target executable code templates at the security level comprises:
for each of the target executable code templates,
acquiring the ratio of the confidence coefficient of the client in the historical period to the current confidence coefficient;
updating the weight corresponding to the target executable code template under the security level based on the ratio to obtain an updated weight, wherein the updated weight is the product of the weight before updating and the ratio;
And sorting the plurality of target executable code templates from large to small according to the updated weights, and determining the execution priority of the preset protection function corresponding to each of the plurality of target executable code templates according to the sorting result.
8. A document protection device, comprising:
an executable file frame obtaining unit, configured to obtain an executable file frame with a preset protection function in response to a download request for a target file, where the preset protection function includes file encryption, and at least one of file preview, file decompression, file operation tracing and file timeout processing, and is configured to protect an object located at a specified position in the executable file frame;
the target file implantation unit is used for implanting the target file into the appointed position of the executable file frame to obtain an intermediate file, and setting protection association information of the target file as configuration information of the intermediate file, wherein the protection association information comprises: the unique identifier of the downloading request, the request sending date of the downloading request, the file encryption type, the file MD5 value and the file validity period;
The executable file generation unit is used for converting the intermediate file into an executable file in an EXE format in a GCC compiling mode;
and the executable file issuing unit is used for sending the executable file to a client side sending the downloading request, so that the client side obtains the temporary access right of the target file after decrypting the executable file.
9. A computer device, comprising: at least one processor; and a memory communicatively coupled to the at least one processor;
wherein the memory stores instructions executable by the at least one processor, the instructions being arranged to perform the method of any of the preceding claims 1 to 7.
10. A computer readable storage medium storing computer executable instructions for performing the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311000150.8A CN116720212B (en) | 2023-08-10 | 2023-08-10 | File protection method and device, computer equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311000150.8A CN116720212B (en) | 2023-08-10 | 2023-08-10 | File protection method and device, computer equipment and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116720212A true CN116720212A (en) | 2023-09-08 |
| CN116720212B CN116720212B (en) | 2023-11-17 |
Family
ID=87868383
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311000150.8A Active CN116720212B (en) | 2023-08-10 | 2023-08-10 | File protection method and device, computer equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116720212B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102136053A (en) * | 2011-03-14 | 2011-07-27 | 中兴通讯股份有限公司 | Method and device for protecting source code of executable file |
| CN104021321A (en) * | 2014-06-17 | 2014-09-03 | 北京奇虎科技有限公司 | Reinforcing protection method and device for software installation package |
| CN104601548A (en) * | 2014-12-24 | 2015-05-06 | 深圳市大成天下信息技术有限公司 | Generation method and device of encrypted file and computing equipment |
| CN106254151A (en) * | 2016-09-18 | 2016-12-21 | 国家电网公司 | A kind of SCD file visualization display and management method |
| US20170235963A1 (en) * | 2016-02-11 | 2017-08-17 | Line Corporation | Method, apparatus, system and non-transitory computer readable medium for code protection |
| CN107659632A (en) * | 2017-09-19 | 2018-02-02 | 咪咕数字传媒有限公司 | A kind of file encryption-decryption method, device and computer-readable recording medium |
| CN108011879A (en) * | 2017-11-30 | 2018-05-08 | 广州酷狗计算机科技有限公司 | File encryption, method, apparatus, equipment and the storage medium of decryption |
| CN110443051A (en) * | 2019-07-30 | 2019-11-12 | 空气动力学国家重点实验室 | A method of prevent security files in transmission on Internet |
| CN115039096A (en) * | 2020-05-20 | 2022-09-09 | 深圳市欢太科技有限公司 | File processing method, file processing device, storage medium and electronic equipment |
-
2023
- 2023-08-10 CN CN202311000150.8A patent/CN116720212B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102136053A (en) * | 2011-03-14 | 2011-07-27 | 中兴通讯股份有限公司 | Method and device for protecting source code of executable file |
| CN104021321A (en) * | 2014-06-17 | 2014-09-03 | 北京奇虎科技有限公司 | Reinforcing protection method and device for software installation package |
| CN104601548A (en) * | 2014-12-24 | 2015-05-06 | 深圳市大成天下信息技术有限公司 | Generation method and device of encrypted file and computing equipment |
| US20170235963A1 (en) * | 2016-02-11 | 2017-08-17 | Line Corporation | Method, apparatus, system and non-transitory computer readable medium for code protection |
| CN106254151A (en) * | 2016-09-18 | 2016-12-21 | 国家电网公司 | A kind of SCD file visualization display and management method |
| CN107659632A (en) * | 2017-09-19 | 2018-02-02 | 咪咕数字传媒有限公司 | A kind of file encryption-decryption method, device and computer-readable recording medium |
| CN108011879A (en) * | 2017-11-30 | 2018-05-08 | 广州酷狗计算机科技有限公司 | File encryption, method, apparatus, equipment and the storage medium of decryption |
| CN110443051A (en) * | 2019-07-30 | 2019-11-12 | 空气动力学国家重点实验室 | A method of prevent security files in transmission on Internet |
| CN115039096A (en) * | 2020-05-20 | 2022-09-09 | 深圳市欢太科技有限公司 | File processing method, file processing device, storage medium and electronic equipment |
Non-Patent Citations (1)
| Title |
|---|
| 李秉璋;景征骏;潘瑜;罗烨;柳益君;: "数据可信平台关键技术研究", 计算机工程与设计, no. 03 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116720212B (en) | 2023-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109634619B (en) | Trusted execution environment implementation method and device, terminal device and readable storage medium | |
| CN110704863B (en) | Configuration information processing method and device, computer equipment and storage medium | |
| CN111475824B (en) | Data access method, device, equipment and storage medium | |
| CN111143869B (en) | Application package processing method and device, electronic equipment and storage medium | |
| US9607134B2 (en) | System and method for protected publication of sensitive documents | |
| CN110888838A (en) | Object storage based request processing method, device, equipment and storage medium | |
| CN106845167A (en) | The reinforcement means and device of a kind of APK, and dynamic loading method and device | |
| US10536462B1 (en) | Single use identifier values for network accessible devices | |
| KR20230165398A (en) | System and method for managing metadata of non-fungible token for three dimensional asset | |
| CN114048506A (en) | Application control method, device, equipment and storage medium | |
| CN112560006B (en) | Single sign-on method and system under multi-application system | |
| US8850602B2 (en) | Method for protecting application and method for executing application using the same | |
| CN116235174A (en) | Apparatus and method for performing encryption algorithm | |
| CN116720212B (en) | File protection method and device, computer equipment and computer readable storage medium | |
| CN111147235B (en) | Object access method and device, electronic equipment and machine-readable storage medium | |
| CN109766084B (en) | Customized development method and device for payment application, computer equipment and storage medium | |
| CN108259609B (en) | Family cloud data management method and cloud server | |
| CN108259456B (en) | Method, device, equipment and computer storage medium for realizing user login-free | |
| CN112732676B (en) | Block chain-based data migration method, device, equipment and storage medium | |
| CN104796771A (en) | Control downloading method, system and downloading guiding module | |
| CN110798478B (en) | Data processing method and device | |
| CN113590994A (en) | Data processing method, data processing device, computer equipment and storage medium | |
| CN112163224A (en) | Android software integrity verification method and device | |
| CN111787019B (en) | Information acquisition method and device based on block chain | |
| JP2019021310A (en) | File protection method and system for protecting executable compressed file |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |