201109971 六、發明說明: [0001] 【發明所屬之技術領域】 本發明涉及-種安全管控系統及方法,尤其關於一種檔 案傳輸安全管控系統及方法。 [00021 【先前技術】 電腦網路的主要功能之一是實現資訊共用,資訊共用的 重要内容之一是檔案傳輸。網際網路上廣泛利用檔案傳 輸協議(file transfer pr〇t〇c〇i,FTP)來進行檔 案傳輸。一般情況下,用戶登錄Ftp伺服器後可以對FTP ❹ .. ..... 伺服器上的檔案進行各種操作,例如上择、下載、刪除 以及修改檔案。對於企業而言,FTp提供了便捷的檔案傳 輪服務,报大拜度上滿足了企業資訊共用的需求。然而 ,用戶隨意地對FTP伺服器上的檔案進行各種操作,將對 企業的資訊安全構成嚴重威脅。例如,用戶可能將需要 保密的資料上傳至FTP伺服器,從而造成秘密洩漏。 【發明内容】 [0003] 〇 鑒於以上内容,有必要提供一種檔案傳輸安全管控系統 及方法,能夠對檔案傳輸過程進行管控。 [0004] 一種棺案傳輸安全管控系統,用於對客戶機及檔案伺服 器間的槽案傳輸進行管控,該系統包括·記錄模組,用 於當用戶透過客戶機向檔案伺服器提出訪問請求時記錄 訪問請求的相關資訊;解析模組,用於解析訪問請求的 相關資訊,確定訪問請求對應的審核人員;通知模組, 用於通知審核人員對訪問請求進行審核;接收模組,用 於接收審核人員對訪問請求的審核結果;及執行楔組’ 098130899 表單編號A0101 第3頁/共15頁 咖2〇53〇3 201109971 用於根據接收的審核結果執行相對應的操作。 [0005] [0006] [0007] 、種稽案傳輸安全管控方法m包括㈣:當用戶 透過客戶機向檔_服器提出訪問請求時,記錄訪問請 才關貝λ ’解析訪問請求的相關資訊’確定訪問請 求+應的審核人貝’通知審核人員對訪問請求進行審核 審核人員對訪問請求的審核結果;及根據接收的 審核結果執行相對應的操作。 本發明a剌戶對_伺服⑽訪問請求並對訪問請求 進行審核1¾止了用戶隨意地訪問播案伺服器中的槽案 ,增加了檔案傳輸的安全性。 【實施方式】 參閱圖1所不係本發明稽案傳輸安全管控系統較佳實施 例的運行環境示意®。所述㈣傳輸安全管㈣統1〇運 行於應用伺服器11中,該應用伺服器1丨透過第-網路14 與多個客戶機12A-12Z相_,該應用词服心旧透過第 二網路15與播案伺服器13‘連崩本衆施例中,所述標 案祠服器13是難傳輪减(file transfer pro — tocol ’ FTP)伺服益,該FTp伺服器依照FTp協定提供檔 案傳輸服務。所述第—網路14是企業内部網,例如企掌 級局域網’所述第二網路15是企料部網,例如網際網 路。田用戶透過客戶機12a-12Z向檔案词服器13提出訪 問請求’需要對檔案旬服器13上的檔案進行各種操作時 ’該訪問請求首先到達檔㈣輸安全管控线iq。稽案 傳輸安全管«統_所述關請求進行審核,並根據 審核結果執行相對應的操作。所述訪問請*包括上傳、 098130899 表單編號A0101 第4頁/共15頁 0982053036-0 201109971 下載、刪除以及修改播案。其中,上傳是將檔案從客戶 機i2A-m拷貝至稽案伺服器13,下載是從標案伺服突 13拷貝播案至客戶機12A,,修改包括槽案名的修改 以及檔案内容的修改。 酬參閱圖2所示,係本發明槽案傳輪安全管控系統較佳實施 例的功能模組圖。所述_傳輪安全管控系統ig包括纪 錄模組200、解析模組210、通知模組220、接收模組230 及執行模組240。 [0009] 〇 〇 所述記錄模組200用於當用戶,客戶機m_i2z向標案 祠服器13提出訪問請求時記錄訪問請求的相關資訊。在 本實施例中,所述訪問請求的相關f訊㈣用戶㈣、 訪問時間、客戶機1P位址、檔案名以及樓案大小。例如 ,當某-用戶透過客戶機12A請求上傳檔案至標案飼服器 13時,記錄模組200記錄下該用戶的用戶帳號、訪問時間 、客戶機12A的IP位址、上傳檔案的檔案名以及檔案大小 。需要說明的是,用戶透過客―戶機12a_12z向槽案飼服器 提出上傳檔案的訪問凊求時,同時將需要上傳的槽案傳 送給應用祠服is 11。s己錄模組2 〇 〇記錄訪問請求的相關資 訊,並且接收需要上傳的檔案。 [0010] 所述解析模組21 〇用於解析訪問請求的相關資訊,確定訪 問請求對應的審核人員。在本實施例中,解析模組21 〇根 據用戶帳號確定訪問請求對應的審核人員。解析模組21〇 還可以根據其他的訪問請求的相關資訊,例如根據客戶 機IP位址確定對應的審核人員。 098130899 表單煸號A0101 第5頁/共15頁 0982053036-0 201109971 [0011] 户斤述通知模組220用於通知審核人員對訪問請求進行審核 。在本實施例中,所述通知模組22〇透過電子郵件的方式 通知審核人員對訪問請求進行審核。所述通知模組22〇還 可以透過手機短信的方式通知審核人員對訪問請求進行 審核。 [0012] 所述接收模組230用於接收審核人員對訪問請求的審核結 果。在本實施例中,接收模組23〇接收審核人員透過電子 郵件回復的審核結果,或者接收審核人員透過手機短信 回復的審核結果。接收模組23〇還可以根據記錄的訪問請 求的相關資訊生成一個審核介面,供審核人員對訪問請 求進行審核。例如,接收模組23〇將訪問請求的相關資訊 讀入資料庫表中,按照時間順序將訪問請求的相關資訊 進行排序,生成審核介面,利用該審核介面接收訪問請 求的審核結果。需要說明的是,審核人員在對上傳檔案 請求進行審核時,可以查看記錄模組2〇〇接收的需要上傳 的槽案。 [0013] 所述執行模組240用於根據接收的審核結果執行相對應的 操作。例如,對於用戶的上傳檔案請求,若通過審核, 執行模組240將需要上傳的檔案透過第二網路15拷貝至檔 案伺服器13,否則,若未通過審核,執行模組24〇返回消 息至客戶機12A-12Z,通知用戶無法上傳檔案。又如,對 於用戶的刪除檔案請求’若通過審核,執行模組24〇從檔 案伺服器13删除相對應的檔案,否則’若未通過審核, 執行模組240返回消息至客戶機Ϊ2Α-12Ζ,通知用戶無法 刪除檔案。再如,對於用戶的修改檔案請求,若通過審 098130899 表單蝙號A0101 第6頁/共15頁 0982053036-0 201109971 [0014] [0015] Ο Ο [0016] 核,執行模組240對檔案伺服器13上的檔案進行相對應的 修改,否則,若未通過審核,則執行模組返回消息至客 戶機12Α-12Ζ,通知用戶無法修改檔案。 參閱圖3所示’係本發明檔案傳輸安全管控方法較佳實施 例的流程圖。 步驟S301,當用戶透過客戶機12Α_12Ζ向檔案伺服器13 提出訪問請求時,記錄模組2〇〇記錄訪問請求的相關資訊 。所述訪問請求包括上傳、下載、刪除以及修改檔案。 在本實施例中,所述訪問請求的相關資訊包括用戶帳號 、訪問時間、客戶機Iρ位址、檔案名饮及播案大小。例 如,當某一用戶透過客戶機J2A請求上傳檔案至檔案伺服 器13時,記錄模組2〇〇記錄下該用戶的用戶帳號、訪問時 間、客戶機12Α的IP位址、上傳檔案的檔案名以及檔案大 小。需要說明的是,用戶透過客戶機12A-i2Z向檔案伺服 器提出上傳檔案的訪問請求時,同時將需要上傳的檔案 傳送給應用伺服器11。記錄模組200記錄訪問請求的相關 資訊,並且接收需要上傳的檔案。 步驟S302,解析模組210解析訪問請求的相關資訊,確定 訪問請求對應的審核人員。在本實施例中,解析模組210 根據用戶帳號確定訪問請求對應的審核人員。解析模組 210還可以根據其他的訪問請求的相關資訊,例如根據客 戶機IP位址確定對應的審核人員。 步驟S303 ’通知模組220通知審核人員對訪問請求進行審 核。在本實施例中,所述通知模組220透過電子郵件的方 098130899 表單編號A0101 第7頁/共15頁 0982053036-0 [0017] 201109971 201109971 行審核 式通知審核人員對訪⑽求進㈣核。所親知模組-還可乂透過手機短信的方式通知審核人員對訪問請求進 [0018] 步驟S3G4,接收模組230用於接收審核人員對訪問請求的 審核、、.。果。在本實施例巾,接收模組⑽接收審核人員透 過電子郵件回復的審核結果,或者接收審核人員透過手 機短信回復㈣減果。料,純触财以根據 兄錄的访問請求的相關資訊生成_個審核介面供審核 人員對㈣π求進行審核。例如,接收模組⑽將記錄的 訪問請求的相關資訊讀人資料庫表中,按照時間順序將 訪問請求的相關資訊進行排序,從而生成審核介面。需 要說明蚊,審核Μ在對上傳檔案請求進行審核時, 可以查看記錄模組·接收的需要上傳的播案。 [0019] 步驟咖5 ’執行模組2_於根據接收㈣核結果執行相 1應的操作。例如’對於用戶的场檔案請求,若通過 ==模組24°將需要上_案透過第二網路15拷 和=伺«13,制,__,_組240 客戶機12A_12Z’通知用戶無法上傳㈣。又 240奸㈡戶_除檔㈣求’若通過審核,執行模組 二:案伺服器13刪除相對應的槽案,否則,若未通^ 審枱執仃模組240返回消息至客 戶無法刪除檔案。再如,對於用戶^ 通知用 1 用戶的修改檔案請求,若 u審核’執行模組2觸«例 對應的修改,否則,甚去m 13上的檔案進灯相 自至客戶& 審核,則執行模組返回消 客戶機12A—122,通知用戶無法修改槽案。 098130899 表單編蜣A0101 第8頁/共】5頁 0982053036-0 201109971 [0020] 综上所述,本發明符合發明專利要件,爰依法提出專利 [0021] 申請。惟,以上所述者僅為本發明之較佳實施例,本發 明之範圍並不以上述實施例為限,舉凡熟悉本案技藝之 人士援依本發明之精神所作之等效修飾或變化,皆應涵 蓋於以下申請專利範圍内。 【圖式簡單說明】 圖1係本發明檔案傳輸安全管控系統較佳實施例的運行環 境示意圖。 [0022] ❹ 圖2係本發明檔案傳輸安全管控系統較佳實施例的功能模 組圖。 [0023] 圖3係本發明檔案傳輸安全管控方法較佳實施例的流程圖 〇 [0024] 【主要元件符號說明】 檔案傳輸安全管控系統10 [0025] 應用伺服器11 q [0026] 客戶機12A-12Z [0027] 檔案伺服器13 [0028] 第一網路14 [0029] 第二網路15 [0030] 記錄模組20 0 [0031] 解析模組210 [0032] 通知模組2 2 0 098130899 表單編號A0101 第9頁/共15頁 0982053036-0 201109971 [0033] 接收模組230 [0034] 執行模組240 [0035] 記錄訪問請求的相關資訊S301 [0036] 解析訪問請求的相關資訊S302 [0037] 通知審核人員對訪問請求進行審核S303 [0038] 接收審核結果S304 [0039] 執行相對應的操作S305 098130899 表單編號A0101 第10頁/共15頁 0982053036-0201109971 VI. Description of the Invention: [0001] The present invention relates to a security management system and method, and more particularly to a file transmission security management system and method. [00021 [Prior Art] One of the main functions of the computer network is to realize information sharing, and one of the important contents of information sharing is file transmission. The file transfer protocol (file transfer pr〇t〇c〇i, FTP) is widely used on the Internet for file transfer. Under normal circumstances, after logging in to the Ftp server, the user can perform various operations on the files on the FTP server, such as selecting, downloading, deleting, and modifying files. For enterprises, FTp provides a convenient file transfer service, which meets the needs of corporate information sharing. However, users are free to perform various operations on the files on the FTP server, which will pose a serious threat to the information security of the enterprise. For example, a user may upload confidential data to an FTP server, causing a secret leak. SUMMARY OF THE INVENTION [0003] In view of the above, it is necessary to provide a file transmission security management system and method, which can control the file transmission process. [0004] A file transmission security management system for controlling the transmission of a slot between a client and a file server, the system comprising: a recording module, configured to provide an access request to a file server by a client through a client The information about the access request is recorded; the parsing module is configured to parse the relevant information of the access request, and the auditing personnel corresponding to the access request are determined; the notification module is configured to notify the auditing personnel to review the access request; and the receiving module is configured to Receive auditor's audit result of the access request; and execute the wedge group ' 098130899 Form No. A0101 Page 3 / 15 pages of coffee 2〇53〇3 201109971 Used to perform the corresponding operation based on the received audit result. [0006] [0007], the type of document transmission security management method m includes (4): when the user makes an access request to the file server through the client, the record access is only closed λ 'resolving the access request related information 'Determining the access request + the auditor to be notified' informs the auditor of the audit request to review the access request by the reviewer; and performs the corresponding operation based on the received audit result. The present invention increases the security of file transmission by arbitrarily accessing the slot request in the broadcast server by arbitrarily accessing the servlet (10) access request and reviewing the access request. [Embodiment] Referring to Fig. 1, an operating environment diagram of a preferred embodiment of the document transmission safety management system of the present invention is shown. The (4) transmission security management system (4) runs in the application server 11, and the application server 1 transmits the first network through the first network 14 to the plurality of clients 12A-12Z. The network 15 and the broadcast server 13' are in a collapsed manner. In the embodiment, the standard server 13 is a file transfer pro-tocol 'FTP' servo benefit, and the FTp server is in accordance with the FTp protocol. Provide file transfer service. The first network 14 is an intranet, such as a corporate local area network. The second network 15 is a corporate network, such as an internetwork. The user of the field submits an access request to the file server 13 via the client 12a-12Z. When the file needs to be operated on the file on the file server 13, the access request first arrives at the file (4) and the security control line iq. The auditing transmission security management system* reviews the relevant request and performs the corresponding operation according to the audit result. The access please *including upload, 098130899 Form No. A0101 Page 4 / Total 15 Page 0982053036-0 201109971 Download, delete and modify the broadcast. Among them, the upload is to copy the file from the client i2A-m to the audit server 13, and the download is from the copy of the sample servo burst 13 to the client 12A, and the modification includes the modification of the slot name and the modification of the file content. Referring to Figure 2, there is shown a functional block diagram of a preferred embodiment of the slot control safety control system of the present invention. The _ wheel safety management system ig includes a recording module 200, an analysis module 210, a notification module 220, a receiving module 230, and an execution module 240. [0009] The recording module 200 is configured to record related information of the access request when the user, the client m_i2z makes an access request to the target server 13. In this embodiment, the access request is related to (4) the user (4), the access time, the client 1P address, the file name, and the size of the building. For example, when a certain user requests uploading a file to the standard feeder 13 through the client 12A, the recording module 200 records the user account of the user, the access time, the IP address of the client 12A, and the file name of the uploaded file. And the file size. It should be noted that when the user requests the slot file feeder to upload the file through the client-to-home machine 12a_12z, the user needs to upload the slot to the application server. s Recording Module 2 〇 Record the relevant information of the access request and receive the file to be uploaded. [0010] The parsing module 21 is configured to parse related information of the access request, and determine an auditor corresponding to the access request. In this embodiment, the parsing module 21 determines the auditor corresponding to the access request according to the user account. The parsing module 21 can also determine the corresponding auditor based on the information of other access requests, for example, based on the client IP address. 098130899 Form nickname A0101 Page 5 of 15 0982053036-0 201109971 [0011] The account notification module 220 is used to notify the auditor to review the access request. In this embodiment, the notification module 22 notifies the auditor to review the access request by means of an email. The notification module 22 can also notify the auditor to review the access request by means of a mobile phone short message. [0012] The receiving module 230 is configured to receive an auditing result of an auditor's access request. In this embodiment, the receiving module 23 receives the audit result of the auditor's reply through the e-mail, or receives the audit result of the auditor's reply through the mobile phone text message. The receiving module 23A can also generate an auditing interface based on the information of the recorded access request for the auditor to review the access request. For example, the receiving module 23 reads the related information of the access request into the database table, sorts the related information of the access request in chronological order, generates an audit interface, and uses the audit interface to receive the audit result of the access request. It should be noted that when the auditor reviews the upload file request, the auditor can view the slot that needs to be uploaded by the recording module 2〇〇. [0013] The execution module 240 is configured to perform a corresponding operation according to the received audit result. For example, if the user uploads the file request, the execution module 240 copies the file that needs to be uploaded to the file server 13 through the second network 15 if the file is uploaded, otherwise, if the file is not approved, the execution module 24 returns a message to The client 12A-12Z notifies the user that the file cannot be uploaded. For another example, if the user deletes the file request 'if the audit is performed, the execution module 24 deletes the corresponding file from the file server 13, otherwise 'if the audit is not passed, the execution module 240 returns a message to the client Α2Α-12Ζ, Notify users that they cannot delete files. For another example, if the user requests the modified file, if the user passes the 098130899 form bat number A0101 page 6 / 15 pages 0982003036-0 201109971 [0014] [0015] Ο Ο [0016] core, the execution module 240 pairs the file server The file on 13 is correspondingly modified. Otherwise, if the audit is not passed, the execution module returns a message to the client 12Α-12Ζ, notifying the user that the file cannot be modified. Referring to Figure 3, there is shown a flow chart of a preferred embodiment of the file transfer security management method of the present invention. In step S301, when the user makes an access request to the file server 13 through the client 12Α_12, the recording module 2 records the related information of the access request. The access request includes uploading, downloading, deleting, and modifying the file. In this embodiment, the related information of the access request includes a user account, an access time, a client Ip address, an archive name, and a broadcast size. For example, when a user requests to upload a file to the file server 13 through the client J2A, the recording module 2 records the user account of the user, the access time, the IP address of the client 12, and the file name of the uploaded file. And the file size. It should be noted that when the user requests the file server to upload the file through the client 12A-i2Z, the file to be uploaded is simultaneously transmitted to the application server 11. The recording module 200 records related information of the access request and receives the file to be uploaded. In step S302, the parsing module 210 parses the related information of the access request, and determines the auditor corresponding to the access request. In this embodiment, the parsing module 210 determines an auditor corresponding to the access request according to the user account. The parsing module 210 can also determine corresponding auditors based on other access request information, for example, based on the client IP address. Step S303' notification module 220 notifies the auditor to review the access request. In this embodiment, the notification module 220 uses the email 098130899 Form No. A0101 Page 7 / Total 15 Page 0982053036-0 [0017] 201109971 201109971 The auditing mode informs the auditor to visit (10) for the (4) core. The known module can also notify the auditor of the access request by means of the short message of the mobile phone. [0018] Step S3G4, the receiving module 230 is configured to receive an auditor's review of the access request, . fruit. In the embodiment, the receiving module (10) receives the audit result of the auditor's reply by email, or receives the auditor's reply via the mobile phone text message (4). It is expected that the pure touch will generate a review interface based on the relevant information of the interview request of the brothers for the auditor to review the (4) π request. For example, the receiving module (10) reads the related information of the recorded access request into the database table, and sorts the related information of the access request in chronological order to generate a review interface. Need to explain the mosquitoes, review Μ When reviewing the upload file request, you can check the record module and receive the broadcast that needs to be uploaded. [0019] The step coffee 5' execution module 2_ performs the operation of the phase response according to the reception (four) core result. For example, for the user's field file request, if the == module 24° will need to be uploaded via the second network 15 and the = servo «13, system, __, _ group 240 client 12A_12Z' inform the user can not upload (4). 240 (2) households _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ file. For another example, if the user ^ informs the user to modify the file request with 1 user, if u review the modification of the 'execution module 2 touch' example, otherwise, even the file on the m 13 is sent to the customer & The execution module returns to the client 12A-122, notifying the user that the slot cannot be modified. 098130899 Form Compilation A0101 Page 8/Total] 5 Pages 0982053036-0 201109971 [0020] In summary, the present invention meets the requirements of the invention patent, and the patent is filed according to law [0021]. The above is only the preferred embodiment of the present invention, and the scope of the present invention is not limited to the above-described embodiments, and equivalent modifications or variations made by those skilled in the art in light of the spirit of the present invention are It should be covered by the following patent application. BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 is a schematic diagram showing the operating environment of a preferred embodiment of the file transmission security management system of the present invention. [0022] FIG. 2 is a functional block diagram of a preferred embodiment of the file transmission security management system of the present invention. 3 is a flow chart of a preferred embodiment of the file transmission security management method of the present invention [0024] [Description of main component symbols] File transmission security management system 10 [0025] Application server 11 q [0026] Client 12A -12Z [0027] File Server 13 [0028] First Network 14 [0029] Second Network 15 [0030] Recording Module 20 [0031] Resolution Module 210 [0032] Notification Module 2 2 0 098130899 Form No. A0101 Page 9/15 pages 0982053036-0 201109971 [0033] Receiving Module 230 [0034] Execution Module 240 [0035] Recording Access Request Related Information S301 [0036] Resolving Access Request Related Information S302 [0037] ] Notifying the auditor to review the access request S303 [0038] Receiving the audit result S304 [0039] Performing the corresponding operation S305 098130899 Form number A0101 Page 10 of 15 page 0985203036-0