WO2017000638A1 - Network file access control method and device - Google Patents

Network file access control method and device Download PDF

Info

Publication number
WO2017000638A1
WO2017000638A1 PCT/CN2016/079924 CN2016079924W WO2017000638A1 WO 2017000638 A1 WO2017000638 A1 WO 2017000638A1 CN 2016079924 W CN2016079924 W CN 2016079924W WO 2017000638 A1 WO2017000638 A1 WO 2017000638A1
Authority
WO
WIPO (PCT)
Prior art keywords
privacy
terminal
address
server
password
Prior art date
Application number
PCT/CN2016/079924
Other languages
French (fr)
Chinese (zh)
Inventor
陈湘宁
范超
谭小兵
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017000638A1 publication Critical patent/WO2017000638A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Definitions

  • the present application relates to, but is not limited to, the field of network file storage, and in particular, to a network file access control method and apparatus.
  • terminals such as smart phones, notebook computers, PDAs (personal digital assistants), PADs (tablets), PMPs (portable multimedia players), digital cameras, etc. are becoming more and more widely used.
  • PDAs personal digital assistants
  • PADs tablets
  • PMPs portable multimedia players
  • digital cameras etc.
  • Blu-ray video lossless music, high-pixel photos, etc.
  • the need for privacy in home storage data is increasing.
  • most common data can be shared by all family members' electronic devices (smartphones, PCs, tablets, smart TVs, etc.); a small amount of special data (such as privacy photos, privacy videos, important documents and materials), etc. It can only be accessed by special means by electronic devices of a small number of family members.
  • a network file access control method includes:
  • the privacy directory corresponding to the IP address of the terminal is sent to the terminal.
  • the method further includes:
  • the obtained privacy directory is used as a privacy directory corresponding to the IP address of the terminal, and the IP address corresponding to the terminal and the privacy directory corresponding to the IP address of the terminal are saved to the server.
  • performing privacy password verification on the terminal includes:
  • the method further includes:
  • the received privacy password is used as the privacy password corresponding to the created privacy directory and saved in the created privacy file.
  • the method further includes:
  • the terminal receives the private file deletion request.
  • the privacy directory and the privacy file corresponding to the privacy password saved by the server are deleted.
  • a network file access control device comprising:
  • Obtaining a module configured to acquire an IP address of the terminal when receiving a privacy file access request of the terminal;
  • the comparison module is configured to compare the IP address of the terminal with an IP address saved by the server;
  • the sending module is configured to send the privacy directory corresponding to the IP address of the terminal to the terminal if the IP address of the terminal is the same as the IP address saved by the server.
  • the network file access control device further includes a verification module and a storage module;
  • the verification module is configured to perform a privacy password verification on the terminal when receiving the privacy file verification request of the terminal before acquiring the IP address of the terminal;
  • the obtaining module is further configured to: when the password verification of the terminal passes, obtain a privacy directory corresponding to the privacy password input by the terminal;
  • the storage module is configured to use the acquired privacy directory as a privacy directory corresponding to the IP address of the terminal, and save the IP address of the terminal and the privacy directory corresponding to the IP address of the terminal to the server.
  • the verification module includes a receiving unit, a matching unit, and a determining unit;
  • the receiving unit is configured to receive a privacy password input by the terminal when receiving the privacy file verification request of the terminal;
  • the matching unit is configured to match a privacy password input by the terminal with a privacy password saved by the server;
  • the determining unit is configured to determine that the privacy password verification of the terminal passes if the privacy password input by the terminal is the same as the privacy password saved by the server.
  • the network file access control device further includes a creation module
  • the creating module is configured to: before receiving the privacy file verification request of the terminal, before performing the privacy password verification on the terminal, create a privacy directory and a corresponding privacy file when receiving the privacy file creation request of the terminal ;
  • the obtaining module is further configured to receive a privacy password input by the terminal;
  • the storage module is further configured to use the received privacy password as a privacy password corresponding to the created privacy directory and save the created privacy file.
  • the network file access control device further includes a deletion module
  • the obtaining module is further configured to: if the IP address of the terminal is the same as the IP address saved by the server, before receiving the privacy directory corresponding to the IP address of the terminal to the terminal, receiving the privacy of the terminal Receiving a privacy password entered by the terminal when the file is deleted;
  • the comparison module is further configured to match a privacy password input by the terminal with a privacy password saved by the server;
  • the deleting module is configured to delete the privacy directory and the privacy file corresponding to the privacy password saved by the server if the password entered by the terminal is the same as the privacy password saved by the server.
  • a computer readable storage medium storing computer executable instructions that, when executed by a processor, implement the network file access control method described above.
  • the IP address of the terminal is verified, and the IP address is associated with the privacy directory and the privacy file, so that only the terminal with the same IP address saved by the server can view the privacy directory corresponding to the IP address of the terminal.
  • the privacy file corresponding to the privacy directory access the terminal different from the IP address saved by the server cannot view the privacy directory and access the privacy file, and the terminal cannot view the privacy directory and the privacy file that do not correspond to the terminal IP address.
  • FIG. 1 is a schematic flowchart of a first embodiment of a network file access control method according to the present invention
  • FIG. 2 is a schematic flowchart of a second embodiment of a network file access control method according to the present invention.
  • FIG. 3 is a schematic flowchart of a preferred embodiment of performing a privacy password verification step on a terminal when receiving a privacy file verification request of a terminal according to the present invention
  • FIG. 4 is a schematic flowchart of a third embodiment of a network file access control method according to the present invention.
  • FIG. 5 is a schematic flowchart diagram of a fourth embodiment of a network file access control method according to the present invention.
  • FIG. 6 is a schematic diagram of functional modules of a first embodiment of a network file access control apparatus according to the present invention.
  • FIG. 7 is a schematic diagram of functional modules of a second embodiment of a network file access control apparatus according to the present invention.
  • FIG. 8 is a schematic diagram of functional modules of a preferred embodiment of the verification module of the present invention.
  • FIG. 9 is a schematic diagram of functional modules of a third embodiment of a network file access control apparatus according to the present invention.
  • FIG. 10 is a schematic diagram of functional modules of a fourth embodiment of a network file access control apparatus according to the present invention.
  • the main purpose of the embodiment of the present invention is to solve the problem that a privacy file in a related network file system cannot be secretly protected.
  • the main solution of the embodiment of the present invention is: when receiving the privacy file access request of the terminal, acquiring the IP address of the terminal; comparing the IP address of the terminal with the IP address saved by the server; if the terminal The IP address is the same as the IP address saved by the server, and the privacy directory corresponding to the IP address of the terminal is sent to the terminal, so that the terminal accesses the corresponding privacy file through the privacy directory.
  • the embodiment of the invention provides a network file access control method.
  • FIG. 1 is a schematic flowchart diagram of a first embodiment of a network file access control method according to the present invention.
  • the network file access control method includes steps S101 to S103:
  • the server receives the privacy file access request from the terminal, and obtains the IP address of the terminal when receiving the privacy file access request of the terminal.
  • the terminal may include a mobile terminal such as a mobile phone, a smart phone, a notebook computer, a digital broadcast receiver, a PDA (Personal Digital Assistant), a PAD (Tablet), a PMP (Portable Multimedia Player), a digital camera, etc., and the like Fixed terminal for digital TV, desktop computer, etc.
  • the privacy file access request may provide a shortcut icon of the privacy file access by the terminal, so that the user triggers the privacy file access request based on the shortcut icon, and sends the privacy file access request to the server; or
  • the physical button accessed by the privacy file may also be provided by the terminal for the user to trigger a privacy file access request based on the physical button, and send the privacy file access request to the server.
  • the server may obtain the IP address of the terminal when receiving the terminal privacy file access request; or, when the terminal logs in, obtain the IP address of the terminal, and save the IP address of the terminal.
  • the IP address of the terminal is locally read from the server.
  • the server may perform legality verification on the request to determine whether the request is legal.
  • the request is further executed.
  • the operation to improve the security of the privacy file For example, when the server receives the privacy file access request of the terminal, the server performs legality verification on the access request, and when the validity of the access request is verified, the step of acquiring the IP address of the terminal and subsequent steps are performed. .
  • the process of verifying the validity of the received session request by the server may be implemented by: when the terminal logs in to the server, acquiring an IP address of the terminal and a session ID when the terminal logs in, and The IP address of the terminal and the corresponding session ID are stored in the server.
  • the server receives the session request from the terminal, the IP address and the session ID of the terminal are acquired again, and the obtained IP address and The session ID is compared with the IP address saved by the server and the corresponding session ID, and the obtained IP address is matched with the session ID. If the obtained IP address matches the session ID, the validity of the session request is determined. Passing; if the obtained IP address does not match the session ID, it is determined that the validity verification of the request fails.
  • the process of verifying the validity of the received session request by the server may also be implemented by: obtaining a sending timestamp and a receiving timestamp of the request, and determining a sending timestamp and receiving of the request. Whether the timestamps match, if the sending timestamp of the request matches the receiving timestamp, determining that the validity of the request is verified; if the sending timestamp of the request does not match the receiving timestamp, determining the request The legality verification failed.
  • matching means that two objects that are compared with each other are identical or the difference value is less than or equal to a preset difference threshold.
  • the server compares the IP address of the terminal with an IP address saved by the server.
  • the IP address saved by the server may be a preset IP address that is allowed to access the privacy file stored in the server configuration file; or may be saved by the server when the terminal authenticates through the privacy password of the privacy file.
  • the IP address of the authenticated terminal within the configuration file may be a preset IP address that is allowed to access the privacy file stored in the server configuration file; or may be saved by the server when the terminal authenticates through the privacy password of the privacy file.
  • IP address of the terminal is the same as the IP address saved by the server, send a privacy directory corresponding to the IP address of the terminal to the terminal, so that the terminal accesses the corresponding content through the privacy directory. Privacy document.
  • the device matches the saved IP address to the same IP address as the terminal's IP address.
  • the server sends a privacy directory corresponding to the IP address of the terminal to the terminal by querying the correspondence between the IP address and the privacy directory saved by the server, so that the terminal accesses the corresponding privacy through the privacy directory. file.
  • the IP address may correspond to a privacy directory or multiple privacy directories.
  • the privacy directory and the corresponding privacy file are stored on the server, and the privacy directory is configured to access the corresponding privacy file saved by the server through the privacy directory when the terminal accesses the server.
  • the terminal may write the privacy data into the privacy file through the privacy directory; or, the data in the privacy file may also be read through the privacy directory.
  • the terminal writes the private data to the privacy file through the privacy directory, and the server encrypts the written private data and saves the data in the privacy file; the terminal reads the location through the privacy directory.
  • the server first decrypts the data in the privacy file, and sends the decrypted data to the terminal.
  • the embodiment of the present invention verifies the IP address of the terminal, and associates the IP address with the privacy directory and the privacy file, so that only the terminal with the same IP address saved by the server can view the privacy directory corresponding to the terminal IP address, and pass the
  • the privacy directory accesses the corresponding privacy file, and the terminal different from the IP address saved by the server cannot view the privacy directory and access the privacy file, and the terminal cannot view the privacy directory and the privacy file that do not correspond to the IP address of the terminal, thereby greatly improving
  • the privacy of private files in the network file system improves the security of private files.
  • FIG. 2 is a schematic flowchart diagram of a second embodiment of a network file access control method according to the present invention. Based on the first embodiment of the foregoing network file access control method, before step S101, steps S201 to S203 are further included:
  • the server When receiving the privacy file verification request of the terminal, the server performs privacy password verification on the terminal.
  • the privacy password corresponds to a privacy directory and a privacy file, and is configured to verify a terminal that accesses the privacy directory and the privacy file, and only the verified terminal IP can access the corresponding privacy directory and the privacy file, and the privacy password is preferably a number and a password.
  • the key composed of letters.
  • FIG. 3 is a schematic diagram of the present invention when receiving a privacy file verification request of the terminal.
  • a schematic flowchart of a preferred embodiment of the step of performing a privacy password verification process by the terminal, when receiving the privacy file verification request of the terminal, performing privacy password verification on the terminal includes steps S301-S303:
  • the user may perform privacy password verification on the terminal: the server receives the terminal's privacy file verification request, and receives the terminal. Entering a privacy password and encrypting the privacy password entered by the terminal; the server matching the encrypted privacy password with the encrypted private password saved by the server; if matching the same encrypted private password The server determines that the terminal's privacy password verification is passed.
  • the privacy password saved by the server is subjected to irreversible encryption processing, the privacy password cannot be decrypted, and the security of the privacy password is improved.
  • the server may perform legality verification on the request to determine whether the request is legal, and when the legality verification of the request passes, perform the Request the corresponding operation.
  • the method is the same as the process of verifying the validity of the received session request by the server in the first embodiment, and details are not described herein again.
  • the server passes the password verification of the terminal, the server obtains a privacy directory corresponding to the privacy password input by the terminal by querying the correspondence between the privacy password and the privacy directory saved by the server.
  • the privacy password entered by the terminal is matched with the privacy password saved by the server. Since the privacy password of the server is stored in the corresponding privacy file when the privacy file is created, when the server matches the same privacy password, according to the description
  • the save path of the privacy password determines the privacy file and the privacy directory corresponding to the privacy password.
  • the obtained privacy directory is used as a privacy directory corresponding to the IP address of the terminal, and the IP address corresponding to the terminal and the privacy directory corresponding to the IP address of the terminal are saved to the server.
  • the server uses the acquired privacy directory as a privacy directory corresponding to the IP address of the terminal, and saves the IP address of the terminal and the privacy directory corresponding to the IP address of the terminal in the server.
  • the terminal IP address verified by the privacy password and the privacy directory corresponding to the privacy password are stored in the server, and the IP address of the terminal can be verified when the terminal accesses the privacy file, and the privacy password verified by the terminal IP address is verified.
  • a file is displayed to the terminal for viewing access by the terminal.
  • the server performs a privacy password verification on the terminal when receiving the privacy file close request of the terminal; when the password verification of the terminal passes, the server deletes the terminal input in the configuration file
  • the privacy password corresponds to the privacy directory.
  • the IP address of the terminal through which the privacy password is verified and the privacy directory corresponding to the privacy password are stored in the server, and the IP address of the terminal is performed according to the IP address saved by the server and the corresponding privacy directory. Verification, and the IP address is associated with the privacy directory and the privacy file, so that only the terminal IP address verified by the privacy password can view the privacy directory corresponding to the terminal IP address, and access the corresponding privacy file through the privacy directory, and save with the server.
  • the terminal with different IP addresses cannot view the privacy directory and access the privacy file, and the terminal cannot view the privacy directory and the privacy file that do not correspond to the IP address of the terminal, thereby greatly improving the privacy of the privacy file in the network file system. Improve the security of private files.
  • FIG. 4 is a schematic flowchart diagram of a third embodiment of a network file access control method according to the present invention. Based on the second embodiment of the foregoing network file access control method, before the step S201, the method further includes steps S401 to S403:
  • the server When receiving the privacy file creation request of the terminal, the server creates a privacy directory in a preset directory, and creates a privacy file with the same name as the privacy directory under the preset directory.
  • the privacy file includes the user's privacy data.
  • the server may perform legality verification on the request to determine whether the request is legal, and when the legality verification of the request passes, perform the The operation method corresponding to the request is the same as the process of verifying the validity of the received session request by the server in the first embodiment, and details are not described herein again.
  • the received privacy password is used as a privacy password corresponding to the created privacy directory and saved in the created privacy file.
  • the server receives the privacy password input by the terminal; the server uses the received privacy password as a privacy password corresponding to the created privacy directory and saves the created privacy file.
  • the terminal may provide a privacy password input interface for the user to input a privacy password based on the input interface, and send the input privacy password to the server when detecting the input completion command triggered by the user based on the input interface.
  • the privacy password may be encrypted and saved in a corresponding privacy file, and the encryption process is preferably an irreversible encryption process to improve the security of the privacy password.
  • the server when the server creates the privacy file, the privacy password corresponding to the privacy file is saved in the privacy file, so that the server performs the privacy password verification on the terminal according to the saved privacy password and the corresponding privacy directory, and the privacy password is verified.
  • the IP address of the passed terminal and the privacy directory corresponding to the privacy password are stored in the server, and the IP address of the terminal is verified according to the IP address saved by the server and the corresponding privacy directory, and the IP address is associated with the privacy directory and the privacy file.
  • the terminal that is the same as the IP address saved by the server can view the privacy directory corresponding to the IP address of the terminal, and access the corresponding privacy file through the privacy directory.
  • the terminal different from the IP address saved by the server cannot view the privacy directory and access the private directory.
  • the privacy file and the terminal cannot view the privacy directory and the privacy file that do not correspond to the IP address of the terminal, which greatly improves the privacy of the privacy file in the network file system and improves the security of the privacy file.
  • FIG. 5 is a schematic flowchart diagram of a fourth embodiment of a network file access control method according to the present invention. Based on the first embodiment of the foregoing network file access control method, after the step S103, the method further includes steps S501 to S503:
  • IP address of the terminal is the same as the IP address saved by the server, before receiving the privacy file deletion request of the terminal, receiving the privacy directory corresponding to the IP address of the terminal, The privacy password entered by the terminal.
  • the server may perform legality verification on the request to determine whether the request is legal, and when the legality verification of the request passes, perform the Request the corresponding operation.
  • the method is the same as the process of verifying the validity of the received session request by the server in the first embodiment, and details are not described herein again.
  • the IP address of the terminal is verified, and the IP address is associated with the privacy directory and the privacy file, so that only the terminal with the same IP address saved by the server can view the privacy directory corresponding to the terminal IP address, and pass the
  • the privacy directory accesses the corresponding privacy file, and the terminal different from the IP address saved by the server cannot view the privacy directory and access the privacy file, and the terminal cannot view the privacy directory and the privacy file that do not correspond to the terminal IP address, which greatly improves the access.
  • the privacy of private files in the network file system improves the security of private files.
  • the execution bodies of the network file access control methods of the above first to fourth embodiments may each be a network file storage device or a network file system server.
  • the network file access control method can be implemented by a network file storage program installed on a network file storage device or a network file system server.
  • the embodiment of the invention further provides a network file access control device.
  • FIG. 6 is a schematic diagram of functional modules of a first embodiment of a network file access control apparatus according to the present invention.
  • the network file access control apparatus includes: an obtaining module 10, a comparison module 20, and a sending module 30.
  • the obtaining module 10 is configured to acquire an IP address of the terminal when receiving a privacy file access request of the terminal.
  • the server receives the privacy file access request from the terminal, and obtains the IP address of the terminal when receiving the privacy file access request of the terminal.
  • the terminal may include a mobile terminal such as a mobile phone, a smart phone, a notebook computer, a digital broadcast receiver, a PDA (Personal Digital Assistant), a PAD (Tablet), a PMP (Portable Multimedia Player), a digital camera, etc., and the like Fixed terminal for digital TV, desktop computer, etc.
  • the privacy file access request may provide a shortcut icon of the privacy file access by the terminal, so that the user triggers the privacy file access request based on the shortcut icon, and sends the privacy file access request to the server; or
  • the physical button accessed by the privacy file may also be provided by the terminal for the user to trigger a privacy file access request based on the physical button, and send the privacy file access request to the server.
  • the server may obtain the IP address of the terminal when receiving the terminal privacy file access request; or, when the terminal logs in, obtain the IP address of the terminal, and save the IP address of the terminal.
  • the IP address of the terminal is locally read from the server.
  • the server may perform legality verification on the request to determine whether the request is legal.
  • the request is further executed.
  • the operation to improve the security of the privacy file For example, when the server receives the privacy file access request of the terminal, the server performs legality verification on the access request, and when the validity of the access request is verified, the step of acquiring the IP address of the terminal and subsequent steps are performed. .
  • the process of verifying the validity of the received session request by the server may be implemented by: when the terminal logs in to the server, acquiring the IP address of the terminal and the terminal End session login ID, and save the IP address of the terminal and the corresponding session ID in the server, and when the server receives the session request from the terminal, acquire the IP address and session ID of the terminal again. And comparing the obtained IP address and the session ID with the IP address saved by the server and the corresponding session ID, and determining whether the obtained IP address matches the session ID. If the obtained IP address matches the session ID, then Determining that the validity of the session request is verified; if the acquired IP address does not match the session ID, it is determined that the validity verification of the request fails.
  • the process of verifying the validity of the received session request by the server may also be implemented by: obtaining a sending timestamp and a receiving timestamp of the request, and determining a sending timestamp and receiving of the request. Whether the timestamps match, if the sending timestamp of the request matches the receiving timestamp, determining that the validity of the request is verified; if the sending timestamp of the request does not match the receiving timestamp, determining the request The legality verification failed.
  • matching means that two objects that are compared with each other are identical or the difference value is less than or equal to a preset difference threshold.
  • the comparison module 20 is configured to compare the IP address of the terminal with an IP address saved by the server;
  • the server compares the IP address of the terminal with an IP address saved by the server.
  • the IP address saved by the server may be a preset IP address that is allowed to access the privacy file stored in the server configuration file; or may be saved by the server when the terminal authenticates through the privacy password of the privacy file.
  • the IP address of the authenticated terminal within the configuration file may be a preset IP address that is allowed to access the privacy file stored in the server configuration file; or may be saved by the server when the terminal authenticates through the privacy password of the privacy file.
  • the sending module 30 is configured to: if the IP address of the terminal is the same as the IP address saved by the server, send a privacy directory corresponding to the IP address of the terminal to the terminal, so that the terminal passes the The privacy directory accesses the corresponding privacy file.
  • the server If the IP address of the terminal is the same as the IP address saved by the server, that is, the server matches the same IP address as the IP address of the terminal in the saved IP address.
  • the server sends a privacy directory corresponding to the IP address of the terminal to the terminal by querying the correspondence between the IP address and the privacy directory saved by the server, so that the terminal accesses the corresponding privacy through the privacy directory. file.
  • the IP address may correspond to a privacy directory or multiple privacy directories.
  • the privacy directory and the corresponding privacy file are stored on the server, and the privacy directory is configured to access the corresponding privacy file saved by the server through the privacy directory when the terminal accesses the server.
  • the terminal may write the privacy data into the privacy file through the privacy directory; or, the data in the privacy file may also be read through the privacy directory.
  • the terminal writes the private data to the privacy file through the privacy directory, and the server encrypts the written private data and saves the data in the privacy file; the terminal reads the location through the privacy directory.
  • the server first decrypts the data in the privacy file, and sends the decrypted data to the terminal.
  • the embodiment of the present invention verifies the IP address of the terminal, and associates the IP address with the privacy directory and the privacy file, so that only the terminal with the same IP address saved by the server can view the privacy directory corresponding to the terminal IP address, and pass the
  • the privacy directory accesses the corresponding privacy file, and the terminal different from the IP address saved by the server cannot view the privacy directory and access the privacy file, and the terminal cannot view the privacy directory and the privacy file that do not correspond to the IP address of the terminal, thereby greatly improving
  • the privacy of private files in the network file system improves the security of private files.
  • FIG. 7 is a schematic diagram of functional modules of a second embodiment of a network file access control apparatus according to the present invention.
  • the network file access control device further includes a verification module 40 and a storage module 50, based on the first embodiment of the network file access control device;
  • the verification module 40 is configured to perform privacy password verification on the terminal when receiving the privacy file verification request of the terminal.
  • the server When receiving the privacy file verification request of the terminal, the server performs privacy password verification on the terminal.
  • the privacy password corresponds to a privacy directory and a privacy file, and is configured to verify a terminal that accesses the privacy directory and the privacy file, and only the verified terminal IP can access the corresponding privacy directory and the privacy file, and the privacy password is preferably a number and a password.
  • the key composed of letters.
  • the verification module 40 includes a receiving unit 41, a matching unit 42 and a determining unit 43;
  • the receiving unit 41 is configured to receive a privacy password input by the terminal when receiving the privacy file verification request of the terminal.
  • the matching unit 42 is configured to match the privacy password input by the terminal with the privacy password saved by the server.
  • the determining unit 43 is configured to save the password entered by the terminal and the server If the privacy password is the same, it is determined that the terminal's privacy password verification is passed.
  • the user may perform privacy password verification on the terminal: the server receives the terminal's privacy file verification request, and receives the terminal. Entering a privacy password and encrypting the privacy password entered by the terminal; the server matching the encrypted privacy password with the encrypted private password saved by the server; if matching the same encrypted private password The server determines that the terminal's privacy password verification is passed.
  • the privacy password saved by the server is subjected to irreversible encryption processing, the privacy password cannot be decrypted, and the security of the privacy password is improved.
  • the server may perform legality verification on the request to determine whether the request is legal, and when the legality verification of the request passes, perform the Request the corresponding operation.
  • the method is the same as the process of verifying the validity of the received session request by the server in the first embodiment, and details are not described herein again.
  • the obtaining module 10 is further configured to acquire a privacy directory corresponding to the privacy password input by the terminal when the password verification of the terminal is passed.
  • the server passes the password verification of the terminal, the server obtains a privacy directory corresponding to the privacy password input by the terminal by querying the correspondence between the privacy password and the privacy directory saved by the server.
  • the privacy password input by the terminal may be matched with the privacy password saved by the server.
  • the privacy file is created, the privacy password of the server is saved in the corresponding privacy file. Therefore, when the server matches the same privacy password, the privacy file and the privacy directory corresponding to the privacy password are determined according to the save path of the privacy password.
  • the storage module 50 is configured to use the acquired privacy directory as a privacy directory corresponding to the IP address of the terminal, and save the IP address of the terminal and the privacy directory corresponding to the IP address of the terminal to the server.
  • the server uses the acquired privacy directory as a privacy target corresponding to the IP address of the terminal Recording, and storing the IP address of the terminal and the privacy directory corresponding to the IP address of the terminal in the server.
  • the terminal IP address verified by the privacy password and the privacy directory corresponding to the privacy password are stored in the server, and the IP address of the terminal can be verified when the terminal accesses the privacy file, and the privacy password verified by the terminal IP address is verified.
  • a file is displayed to the terminal for viewing access by the terminal.
  • the server performs a privacy password verification on the terminal when receiving the privacy file close request of the terminal; when the password verification of the terminal passes, the server deletes the terminal input in the configuration file
  • the privacy password corresponds to the privacy directory.
  • the IP address of the terminal through which the privacy password is verified and the privacy directory corresponding to the privacy password are stored in the server, and the IP address of the terminal is performed according to the IP address saved by the server and the corresponding privacy directory. Verification, and the IP address is associated with the privacy directory and the privacy file, so that only the terminal IP address verified by the privacy password can view the privacy directory corresponding to the terminal IP address, and access the corresponding privacy file through the privacy directory, and save with the server.
  • the terminal with different IP addresses cannot view the privacy directory and access the privacy file, and the terminal cannot view the privacy directory and the privacy file that do not correspond to the IP address of the terminal, thereby greatly improving the privacy of the privacy file in the network file system. Improve the security of private files.
  • FIG. 9 is a schematic diagram of functional modules of a third embodiment of a network file access control apparatus according to the present invention. Based on the second embodiment of the network file access control device, the network file access control device further includes a creation module 60;
  • the creating module 60 is configured to: before receiving the privacy file verification request of the terminal, before performing the privacy password verification on the terminal, create a privacy directory and corresponding privacy when receiving the privacy file creation request of the terminal file.
  • the server When receiving the privacy file creation request of the terminal, the server creates a privacy directory in a preset directory, and creates a privacy file with the same name as the privacy directory under the preset directory.
  • the privacy file includes the user's privacy data.
  • the server may perform legality verification on the request to determine whether the request is legal, and when the legality verification of the request passes, perform the Request the corresponding operation.
  • the method is the same as the process of verifying the validity of the received session request by the server in the first embodiment, and details are not described herein again.
  • the obtaining module 10 is further configured to receive a privacy password input by the terminal.
  • the storage module 50 is further configured to store the received privacy password as a privacy password corresponding to the created privacy directory and save the created privacy file.
  • the server receives the privacy password input by the terminal; the server uses the received privacy password as a privacy password corresponding to the created privacy directory and saves the created privacy file.
  • the terminal may provide a privacy password input interface for the user to input a privacy password based on the input interface, and send the input privacy password to the server when detecting the input completion command triggered by the user based on the input interface.
  • the privacy password may be encrypted and saved in a corresponding privacy file, and the encryption process is preferably an irreversible encryption process to improve the security of the privacy password.
  • the server when the server creates the privacy file, the privacy password corresponding to the privacy file is saved in the privacy file, so that the server performs the privacy password verification on the terminal according to the saved privacy password and the corresponding privacy directory, and the privacy password is verified.
  • the IP address of the passed terminal and the privacy directory corresponding to the privacy password are stored in the server, and the IP address of the terminal is verified according to the IP address saved by the server and the corresponding privacy directory, and the IP address is associated with the privacy directory and the privacy file.
  • the terminal that is the same as the IP address saved by the server can view the privacy directory corresponding to the IP address of the terminal, and access the corresponding privacy file through the privacy directory.
  • the terminal different from the IP address saved by the server cannot view the privacy directory and access the private directory.
  • the privacy file and the terminal cannot view the privacy directory and the privacy file that do not correspond to the IP address of the terminal, which greatly improves the privacy of the privacy file in the network file system and improves the security of the privacy file.
  • FIG. 10 is a schematic diagram of functional modules of a fourth embodiment of a network file access control apparatus according to the present invention.
  • the network file access control device further includes a deletion module 70, based on the third embodiment of the network file access control device;
  • the obtaining module 10 is further configured to: if the IP address of the terminal is the same as the IP address saved by the server, before sending the privacy directory corresponding to the IP address of the terminal to the terminal, Upon receiving the privacy file deletion request of the terminal, the privacy password input by the terminal is received.
  • the comparison module 20 is further configured to match the privacy password input by the terminal with the privacy password saved by the server.
  • the deleting module 70 is configured to delete the privacy directory and the privacy file corresponding to the privacy password saved by the server if the privacy password input by the terminal is the same as the privacy password saved by the server.
  • the server may perform legality verification on the request to determine whether the request is legal, and when the legality verification of the request passes, perform the Request the corresponding operation.
  • the method is the same as the process of verifying the validity of the received session request by the server in the first embodiment, and details are not described herein again.
  • the IP address of the terminal is verified, and the IP address is associated with the privacy directory and the privacy file, so that only the terminal with the same IP address saved by the server can view the privacy directory corresponding to the terminal IP address, and pass the
  • the privacy directory accesses the corresponding privacy file, and the terminal different from the IP address saved by the server cannot view the privacy directory and access the privacy file, and the terminal cannot view the privacy directory and the privacy file that do not correspond to the terminal IP address, which greatly improves the access.
  • the privacy of private files in the network file system improves the security of private files.
  • the embodiment method can be implemented by means of software plus a necessary general hardware platform, of course, also through hardware, but in many cases the former is a better implementation.
  • the technical solution of the present invention in essence or the contribution to the related art can be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, CD-ROM).
  • the instructions include a number of instructions for causing a terminal device (which may be a cell phone, computer, server, air conditioner, or network device, etc.) to perform the methods described in various embodiments of the present invention.
  • all or part of the steps of the above embodiments may also be implemented by using an integrated circuit. These steps may be separately fabricated into individual integrated circuit modules, or multiple modules or steps may be fabricated into a single integrated circuit module. achieve.
  • the devices/function modules/functional units in the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
  • the device/function module/functional unit in the above embodiment When the device/function module/functional unit in the above embodiment is implemented in the form of a software function module and sold or used as a stand-alone product, it can be stored in a computer readable storage medium.
  • the above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
  • the IP address of the terminal is verified, and the IP address is associated with the privacy directory and the privacy file, so that only the terminal with the same IP address saved by the server can view the privacy directory corresponding to the IP address of the terminal.
  • the privacy file corresponding to the privacy directory access the terminal different from the IP address saved by the server cannot view the privacy directory and access the privacy file, and the terminal cannot view the privacy directory and the privacy file that do not correspond to the terminal IP address.

Abstract

A network file access control method and device. The method comprises: when a privacy file access request of a terminal is received, acquiring the IP address of the terminal; comparing the IP address of the terminal to a saved IP address; and if the IP address of the terminal is the same as the saved IP address, sending a privacy directory corresponding to the IP address of the terminal to the terminal.

Description

一种网络文件访问控制方法及装置Network file access control method and device 技术领域Technical field
本申请涉及但不限于网络文件存储领域,尤其涉及一种网络文件访问控制方法及装置。The present application relates to, but is not limited to, the field of network file storage, and in particular, to a network file access control method and apparatus.
背景技术Background technique
目前,随着通信技术和终端技术的不断发展,智能电话、笔记本电脑、PDA(个人数字助理)、PAD(平板电脑)、PMP(便携式多媒体播放器)、数码相机等终端的使用越来越广泛。而随着蓝光视频、无损音乐、高像素照片等的出现,家庭数据量出现了大规模地增长。同时,对家庭存储数据的私密性需求也越来越高。例如:大部分普通数据都能被所有家庭成员的电子设备(智能手机、PC、平板电脑、智能电视等)共享访问;小部分特殊数据(如隐私照片、隐私视频、重要文档及资料)等,只能被少部分家庭成员的电子设备通过特殊途径进行访问。At present, with the continuous development of communication technology and terminal technology, terminals such as smart phones, notebook computers, PDAs (personal digital assistants), PADs (tablets), PMPs (portable multimedia players), digital cameras, etc. are becoming more and more widely used. . With the advent of Blu-ray video, lossless music, high-pixel photos, etc., the amount of household data has grown on a large scale. At the same time, the need for privacy in home storage data is increasing. For example, most common data can be shared by all family members' electronic devices (smartphones, PCs, tablets, smart TVs, etc.); a small amount of special data (such as privacy photos, privacy videos, important documents and materials), etc. It can only be accessed by special means by electronic devices of a small number of family members.
而相关的网络文件系统中,将网络文件系统中的所有文件显示给经过身份验证后的终端,使得终端通过身份验证后,就可以查看到网络文件系统中的所有文件。由此,造成了相关的网络文件系统中的隐私文件无法被隐密保护的问题。In the related network file system, all the files in the network file system are displayed to the authenticated terminal, so that after the terminal is authenticated, all the files in the network file system can be viewed. As a result, the privacy file in the related network file system cannot be secretly protected.
发明内容Summary of the invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this document. This Summary is not intended to limit the scope of the claims.
一种网络文件访问控制方法,所述网络文件访问控制方法包括:A network file access control method, the network file access control method includes:
在接收到终端的隐私文件访问请求时,获取所述终端的IP地址;Obtaining an IP address of the terminal when receiving a privacy file access request of the terminal;
将所述终端的IP地址与服务器保存的IP地址进行比对;Comparing the IP address of the terminal with the IP address saved by the server;
如果所述终端的IP地址与所述服务器保存的IP地址相同,则将所述终端的IP地址对应的隐私目录发送至所述终端。If the IP address of the terminal is the same as the IP address saved by the server, the privacy directory corresponding to the IP address of the terminal is sent to the terminal.
优选地,所述方法还包括:Preferably, the method further includes:
在获取所述终端的IP地址的步骤之前,在接收到所述终端的隐私文件验 证请求时,对所述终端进行隐私口令验证;Receiving the privacy document of the terminal before the step of acquiring the IP address of the terminal When the request is made, the terminal is authenticated by the password;
在所述终端的隐私口令验证通过时,获取所述终端输入的隐私口令对应的隐私目录;Obtaining a privacy directory corresponding to the privacy password input by the terminal when the password verification of the terminal is passed;
将所获取的隐私目录作为所述终端的IP地址对应的隐私目录,并将所述终端的IP地址及所述终端的IP地址对应的隐私目录保存至服务器。The obtained privacy directory is used as a privacy directory corresponding to the IP address of the terminal, and the IP address corresponding to the terminal and the privacy directory corresponding to the IP address of the terminal are saved to the server.
优选地,所述在接收到所述终端的隐私文件验证请求时,对所述终端进行隐私口令验证包括:Preferably, when receiving the privacy file verification request of the terminal, performing privacy password verification on the terminal includes:
在接收到所述终端的隐私文件验证请求时,接收所述终端输入的隐私口令;Receiving a privacy password input by the terminal when receiving the privacy file verification request of the terminal;
将所述终端输入的隐私口令与所述服务器保存的隐私口令进行匹配;Matching the privacy password entered by the terminal with the privacy password saved by the server;
如果所述终端输入的隐私口令与所述服务器保存的隐私口令相同,则确定所述终端的隐私口令验证通过。If the privacy password entered by the terminal is the same as the privacy password saved by the server, it is determined that the terminal's private password verification is passed.
优选地,所述方法还包括:Preferably, the method further includes:
在接收到所述终端的隐私文件验证请求,对所述终端进行隐私口令验证的步骤之前,在接收到所述终端的隐私文件创建请求时,创建隐私目录及对应的隐私文件;Before receiving the privacy file verification request of the terminal, before performing the step of performing the privacy password verification on the terminal, when receiving the privacy file creation request of the terminal, creating a privacy directory and a corresponding privacy file;
接收所述终端输入的隐私口令;Receiving a privacy password input by the terminal;
将所接收到的隐私口令作为所创建的隐私目录对应的隐私口令并保存在所创建的隐私文件中。The received privacy password is used as the privacy password corresponding to the created privacy directory and saved in the created privacy file.
优选地,所述方法还包括:Preferably, the method further includes:
如果所述终端的IP地址与所述服务器保存的IP地址相同,在将所述终端的IP地址对应的隐私目录发送至所述终端之前,在接收到终端的隐私文件删除请求时,接收所述终端输入的隐私口令;If the IP address of the terminal is the same as the IP address saved by the server, before receiving the privacy file deletion request corresponding to the terminal's IP address, the terminal receives the private file deletion request. The password entered by the terminal;
将所述终端输入的隐私口令与所述服务器保存的隐私口令进行匹配;Matching the privacy password entered by the terminal with the privacy password saved by the server;
如果所述终端输入的隐私口令与所述服务器保存的隐私口令相同,则删除所述服务器保存的隐私口令对应的隐私目录及隐私文件。If the privacy password input by the terminal is the same as the privacy password saved by the server, the privacy directory and the privacy file corresponding to the privacy password saved by the server are deleted.
一种网络文件访问控制装置,所述网络文件访问控制装置包括:A network file access control device, the network file access control device comprising:
获取模块,设置为在接收到终端的隐私文件访问请求时,获取所述终端的IP地址; Obtaining a module, configured to acquire an IP address of the terminal when receiving a privacy file access request of the terminal;
比对模块,设置为将所述终端的IP地址与服务器保存的IP地址进行比对;The comparison module is configured to compare the IP address of the terminal with an IP address saved by the server;
发送模块,设置为如果所述终端的IP地址与所述服务器保存的IP地址相同,则将所述终端的IP地址对应的隐私目录发送至所述终端。The sending module is configured to send the privacy directory corresponding to the IP address of the terminal to the terminal if the IP address of the terminal is the same as the IP address saved by the server.
优选地,所述网络文件访问控制装置还包括验证模块及存储模块;Preferably, the network file access control device further includes a verification module and a storage module;
所述验证模块,设置为在获取所述终端的IP地址之前,在接收到所述终端的隐私文件验证请求时,对所述终端进行隐私口令验证;The verification module is configured to perform a privacy password verification on the terminal when receiving the privacy file verification request of the terminal before acquiring the IP address of the terminal;
所述获取模块,还设置为在所述终端的隐私口令验证通过时,获取所述终端输入的隐私口令对应的隐私目录;The obtaining module is further configured to: when the password verification of the terminal passes, obtain a privacy directory corresponding to the privacy password input by the terminal;
所述存储模块,设置为将所获取的隐私目录作为所述终端的IP地址对应的隐私目录,并将所述终端的IP地址及所述终端的IP地址对应的隐私目录保存至服务器。The storage module is configured to use the acquired privacy directory as a privacy directory corresponding to the IP address of the terminal, and save the IP address of the terminal and the privacy directory corresponding to the IP address of the terminal to the server.
优选地,所述验证模块包括接收单元、匹配单元及确定单元;Preferably, the verification module includes a receiving unit, a matching unit, and a determining unit;
所述接收单元,设置为在接收到所述终端的隐私文件验证请求时,接收所述终端输入的隐私口令;The receiving unit is configured to receive a privacy password input by the terminal when receiving the privacy file verification request of the terminal;
所述匹配单元,设置为将所述终端输入的隐私口令与所述服务器保存的隐私口令进行匹配;The matching unit is configured to match a privacy password input by the terminal with a privacy password saved by the server;
所述确定单元,设置为如果所述终端输入的隐私口令与所述服务器保存的隐私口令相同,则确定所述终端的隐私口令验证通过。The determining unit is configured to determine that the privacy password verification of the terminal passes if the privacy password input by the terminal is the same as the privacy password saved by the server.
优选地,所述网络文件访问控制装置还包括创建模块;Preferably, the network file access control device further includes a creation module;
所述创建模块,设置为在接收到所述终端的隐私文件验证请求,对所述终端进行隐私口令验证之前,在接收到所述终端的隐私文件创建请求时,创建隐私目录及对应的隐私文件;The creating module is configured to: before receiving the privacy file verification request of the terminal, before performing the privacy password verification on the terminal, create a privacy directory and a corresponding privacy file when receiving the privacy file creation request of the terminal ;
所述获取模块,还设置为接收所述终端输入的隐私口令;The obtaining module is further configured to receive a privacy password input by the terminal;
所述存储模块,还设置为将所接收到的隐私口令作为所创建的隐私目录对应的隐私口令并保存在所创建的隐私文件中。The storage module is further configured to use the received privacy password as a privacy password corresponding to the created privacy directory and save the created privacy file.
优选地,所述网络文件访问控制装置还包括删除模块;Preferably, the network file access control device further includes a deletion module;
所述获取模块,还设置为如果所述终端的IP地址与所述服务器保存的IP地址相同,在将所述终端的IP地址对应的隐私目录发送至所述终端之前,在接收到终端的隐私文件删除请求时,接收所述终端输入的隐私口令; The obtaining module is further configured to: if the IP address of the terminal is the same as the IP address saved by the server, before receiving the privacy directory corresponding to the IP address of the terminal to the terminal, receiving the privacy of the terminal Receiving a privacy password entered by the terminal when the file is deleted;
所述比对模块,还设置为将所述终端输入的隐私口令与所述服务器保存的隐私口令进行匹配;The comparison module is further configured to match a privacy password input by the terminal with a privacy password saved by the server;
所述删除模块,设置为如果所述终端输入的隐私口令与所述服务器保存的隐私口令相同,则删除所述服务器保存的隐私口令对应的隐私目录及隐私文件。The deleting module is configured to delete the privacy directory and the privacy file corresponding to the privacy password saved by the server if the password entered by the terminal is the same as the privacy password saved by the server.
一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被处理器执行时实现上述的网络文件访问控制方法。A computer readable storage medium storing computer executable instructions that, when executed by a processor, implement the network file access control method described above.
本发明实施例的方案,通过对终端的IP地址进行验证,并将IP地址与隐私目录及隐私文件对应起来,使得只有与服务器保存的IP地址相同的终端能够查看该终端IP地址对应的隐私目录,以及与该隐私目录访问对应的隐私文件,与服务器保存的IP地址不同的终端无法查看该隐私目录并访问该隐私文件,且终端无法查看访问与该终端IP地址不对应的隐私目录及隐私文件,大大提高了网络文件系统中隐私文件的隐密性,提高了隐私文件的安全性。In the solution of the embodiment of the present invention, the IP address of the terminal is verified, and the IP address is associated with the privacy directory and the privacy file, so that only the terminal with the same IP address saved by the server can view the privacy directory corresponding to the IP address of the terminal. And the privacy file corresponding to the privacy directory access, the terminal different from the IP address saved by the server cannot view the privacy directory and access the privacy file, and the terminal cannot view the privacy directory and the privacy file that do not correspond to the terminal IP address. , greatly improving the privacy of the privacy file in the network file system and improving the security of the privacy file.
附图概述BRIEF abstract
图1为本发明网络文件访问控制方法的第一实施例的流程示意图;1 is a schematic flowchart of a first embodiment of a network file access control method according to the present invention;
图2为本发明网络文件访问控制方法的第二实施例的流程示意图;2 is a schematic flowchart of a second embodiment of a network file access control method according to the present invention;
图3为本发明在接收到终端的隐私文件验证请求时,对所述终端进行隐私口令验证步骤的较佳实施例的流程示意图;3 is a schematic flowchart of a preferred embodiment of performing a privacy password verification step on a terminal when receiving a privacy file verification request of a terminal according to the present invention;
图4为本发明网络文件访问控制方法的第三实施例的流程示意图;4 is a schematic flowchart of a third embodiment of a network file access control method according to the present invention;
图5为本发明网络文件访问控制方法的第四实施例的流程示意图;FIG. 5 is a schematic flowchart diagram of a fourth embodiment of a network file access control method according to the present invention; FIG.
图6为本发明网络文件访问控制装置的第一实施例的功能模块示意图;6 is a schematic diagram of functional modules of a first embodiment of a network file access control apparatus according to the present invention;
图7为本发明网络文件访问控制装置的第二实施例的功能模块示意图;FIG. 7 is a schematic diagram of functional modules of a second embodiment of a network file access control apparatus according to the present invention; FIG.
图8为本发明验证模块的较佳实施例的功能模块示意图;8 is a schematic diagram of functional modules of a preferred embodiment of the verification module of the present invention;
图9为本发明网络文件访问控制装置的第三实施例的功能模块示意图;9 is a schematic diagram of functional modules of a third embodiment of a network file access control apparatus according to the present invention;
图10为本发明网络文件访问控制装置的第四实施例的功能模块示意图。FIG. 10 is a schematic diagram of functional modules of a fourth embodiment of a network file access control apparatus according to the present invention.
本发明的实施方式Embodiments of the invention
下面结合附图对本发明的实施方式进行描述。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互任意组合。 Embodiments of the present invention will be described below with reference to the accompanying drawings. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments in the present application may be arbitrarily combined with each other.
本发明实施例的主要目的在于解决相关的网络文件系统中的隐私文件无法被隐密保护的问题。The main purpose of the embodiment of the present invention is to solve the problem that a privacy file in a related network file system cannot be secretly protected.
本发明实施例的主要解决方案是:在接收到终端的隐私文件访问请求时,获取所述终端的IP地址;将所述终端的IP地址与服务器保存的IP地址进行比对;如果所述终端的IP地址与所述服务器保存的IP地址相同,则将所述终端的IP地址对应的隐私目录发送至所述终端,以供所述终端通过所述隐私目录访问对应的隐私文件。The main solution of the embodiment of the present invention is: when receiving the privacy file access request of the terminal, acquiring the IP address of the terminal; comparing the IP address of the terminal with the IP address saved by the server; if the terminal The IP address is the same as the IP address saved by the server, and the privacy directory corresponding to the IP address of the terminal is sent to the terminal, so that the terminal accesses the corresponding privacy file through the privacy directory.
相关的网络文件系统中,将网络文件系统中的所有文件显示给经过身份验证后的终端,使得终端通过身份验证后,就可以查看到网络文件系统中的所有文件。由此,造成了相关的网络文件系统中的隐私文件无法被隐密保护的问题。In the related network file system, all the files in the network file system are displayed to the authenticated terminal, so that after the terminal is authenticated, all the files in the network file system can be viewed. As a result, the privacy file in the related network file system cannot be secretly protected.
本发明实施例提供了一种网络文件访问控制方法。The embodiment of the invention provides a network file access control method.
参照图1,图1为本发明网络文件访问控制方法的第一实施例的流程示意图。Referring to FIG. 1, FIG. 1 is a schematic flowchart diagram of a first embodiment of a network file access control method according to the present invention.
所述网络文件访问控制方法包括步骤S101~S103:The network file access control method includes steps S101 to S103:
S101、在接收到终端的隐私文件访问请求时,获取所述终端的IP地址。S101. Acquire an IP address of the terminal when receiving a privacy file access request of the terminal.
服务器接收来自终端的隐私文件访问请求,在接收到终端的隐私文件访问请求时,获取所述终端的IP地址。所述终端可以包括诸如移动电话、智能电话、笔记本电脑、数字广播接收器、PDA(个人数字助理)、PAD(平板电脑)、PMP(便携式多媒体播放器)、数码相机等等的移动终端以及诸如数字TV、台式计算机等等的固定终端。The server receives the privacy file access request from the terminal, and obtains the IP address of the terminal when receiving the privacy file access request of the terminal. The terminal may include a mobile terminal such as a mobile phone, a smart phone, a notebook computer, a digital broadcast receiver, a PDA (Personal Digital Assistant), a PAD (Tablet), a PMP (Portable Multimedia Player), a digital camera, etc., and the like Fixed terminal for digital TV, desktop computer, etc.
所述隐私文件访问请求,可以通过所述终端提供隐私文件访问的快捷图标,以供用户基于所述快捷图标触发隐私文件访问请求,并将所述隐私文件访问请求发送至所述服务器;或者,也可以通过所述终端提供隐私文件访问的物理按键,以供用户基于所述物理按键触发隐私文件访问请求,并将所述隐私文件访问请求发送至所述服务器。The privacy file access request may provide a shortcut icon of the privacy file access by the terminal, so that the user triggers the privacy file access request based on the shortcut icon, and sends the privacy file access request to the server; or The physical button accessed by the privacy file may also be provided by the terminal for the user to trigger a privacy file access request based on the physical button, and send the privacy file access request to the server.
所述服务器可以在接收到终端隐私文件访问请求时,获取所述终端的IP地址;或者,也可以在所述终端登录时,获取所述终端的IP地址,并将所述终端的IP地址保存在服务器,在服务器接收到所述终端的隐私文件访问请求时,从服务器本地读取所述终端的IP地址。 The server may obtain the IP address of the terminal when receiving the terminal privacy file access request; or, when the terminal logs in, obtain the IP address of the terminal, and save the IP address of the terminal. At the server, when the server receives the privacy file access request of the terminal, the IP address of the terminal is locally read from the server.
优选地,所述服务器在接收到终端的会话请求时,可以对所述请求进行合法性验证,以确定所述请求是否合法,在所述请求的合法性验证通过时,再执行所述请求对应的操作,以提高隐私文件的安全性。例如:所述服务器在接收到终端的隐私文件访问请求时,对所述访问请求进行合法性验证,在所述访问请求的合法性验证通过时,执行获取所述终端的IP地址及之后的步骤。Preferably, when receiving the session request of the terminal, the server may perform legality verification on the request to determine whether the request is legal. When the validity of the request is verified, the request is further executed. The operation to improve the security of the privacy file. For example, when the server receives the privacy file access request of the terminal, the server performs legality verification on the access request, and when the validity of the access request is verified, the step of acquiring the IP address of the terminal and subsequent steps are performed. .
所述服务器对接收到的会话请求进行合法性验证的过程,可以通过如下实施方式实施:在所述终端登录服务器时,获取所述终端的IP地址及所述终端登录时的会话ID,并将所述终端的IP地址及对应的会话ID保存在服务器,在所述服务器接收到来自所述终端的会话请求时,再次获取所述终端的IP地址及会话ID,并将所获取的IP地址及会话ID与服务器保存的IP地址及对应的会话ID进行比对,判断所获取的IP地址与会话ID是否匹配,如果所获取的IP地址与会话ID匹配,则确定所述会话请求的合法性验证通过;如果所获取的IP地址与会话ID不匹配,则确定所述请求的合法性验证未通过。The process of verifying the validity of the received session request by the server may be implemented by: when the terminal logs in to the server, acquiring an IP address of the terminal and a session ID when the terminal logs in, and The IP address of the terminal and the corresponding session ID are stored in the server. When the server receives the session request from the terminal, the IP address and the session ID of the terminal are acquired again, and the obtained IP address and The session ID is compared with the IP address saved by the server and the corresponding session ID, and the obtained IP address is matched with the session ID. If the obtained IP address matches the session ID, the validity of the session request is determined. Passing; if the obtained IP address does not match the session ID, it is determined that the validity verification of the request fails.
所述服务器对接收到的会话请求进行合法性验证的过程,也可以通过如下另一实施方式实施:获取所述请求的发送时间戳及接收时间戳,并判断所述请求的发送时间戳与接收时间戳是否匹配,如果所述请求的发送时间戳与接收时间戳匹配,则确定所述请求的合法性验证通过;如果所述请求的发送时间戳与接收时间戳不匹配,则确定所述请求的合法性验证未通过。在本发明实施例中,匹配是指相互比较的两个对象完全相同或者差异值小于或等于预设的差异阈值。The process of verifying the validity of the received session request by the server may also be implemented by: obtaining a sending timestamp and a receiving timestamp of the request, and determining a sending timestamp and receiving of the request. Whether the timestamps match, if the sending timestamp of the request matches the receiving timestamp, determining that the validity of the request is verified; if the sending timestamp of the request does not match the receiving timestamp, determining the request The legality verification failed. In the embodiment of the present invention, matching means that two objects that are compared with each other are identical or the difference value is less than or equal to a preset difference threshold.
S102、将所述终端的IP地址与服务器保存的IP地址进行比对。S102. Compare the IP address of the terminal with an IP address saved by the server.
所述服务器将所述终端的IP地址与服务器保存的IP地址进行比对。所述服务器保存的IP地址,可以是预设的保存在所述服务器配置文件内的允许访问所述隐私文件的IP地址;或者,也可以是在终端通过隐私文件的隐私口令验证时,服务器保存在配置文件内的已验证的终端的IP地址。The server compares the IP address of the terminal with an IP address saved by the server. The IP address saved by the server may be a preset IP address that is allowed to access the privacy file stored in the server configuration file; or may be saved by the server when the terminal authenticates through the privacy password of the privacy file. The IP address of the authenticated terminal within the configuration file.
S103、如果所述终端的IP地址与所述服务器保存的IP地址相同,则将所述终端的IP地址对应的隐私目录发送至所述终端,以供所述终端通过所述隐私目录访问对应的隐私文件。S103. If the IP address of the terminal is the same as the IP address saved by the server, send a privacy directory corresponding to the IP address of the terminal to the terminal, so that the terminal accesses the corresponding content through the privacy directory. Privacy document.
如果所述终端的IP地址与所述服务器保存的IP地址相同,即所述服务 器在保存的IP地址中匹配到与所述终端的IP地址相同的IP地址。所述服务器通过查询所述服务器保存的IP地址与隐私目录的对应关系,将所述终端的IP地址对应的隐私目录发送至所述终端,以供所述终端通过所述隐私目录访问对应的隐私文件。所述IP地址对应的可以是一个隐私目录,也可以是多个隐私目录。所述隐私目录及对应的隐私文件存储在所述服务器端,所述隐私目录设置为在终端访问服务器时,终端可以通过隐私目录访问服务器保存的对应的隐私文件。If the IP address of the terminal is the same as the IP address saved by the server, that is, the service The device matches the saved IP address to the same IP address as the terminal's IP address. The server sends a privacy directory corresponding to the IP address of the terminal to the terminal by querying the correspondence between the IP address and the privacy directory saved by the server, so that the terminal accesses the corresponding privacy through the privacy directory. file. The IP address may correspond to a privacy directory or multiple privacy directories. The privacy directory and the corresponding privacy file are stored on the server, and the privacy directory is configured to access the corresponding privacy file saved by the server through the privacy directory when the terminal accesses the server.
所述终端可以通过所述隐私目录向所述隐私文件中写入隐私数据;或者,也可以通过所述隐私目录读取所述隐私文件中的数据。优选地,所述终端通过所述隐私目录向所述隐私文件中写入隐私数据,服务器将写入的隐私数据进行加密处理后保存在隐私文件中;所述终端通过所述隐私目录读取所述隐私文件中的数据时,所述服务器先对隐私文件中的数据进行解密处理,将解密后的数据发送给所述终端。通过对隐私文件中的数据进行加密处理,可以有效的提高隐私文件数据的安全性。The terminal may write the privacy data into the privacy file through the privacy directory; or, the data in the privacy file may also be read through the privacy directory. Preferably, the terminal writes the private data to the privacy file through the privacy directory, and the server encrypts the written private data and saves the data in the privacy file; the terminal reads the location through the privacy directory. When the data in the privacy file is described, the server first decrypts the data in the privacy file, and sends the decrypted data to the terminal. By encrypting the data in the privacy file, the security of the privacy file data can be effectively improved.
本发明实施例通过对终端的IP地址进行验证,并将IP地址与隐私目录及隐私文件对应起来,使得只有与服务器保存的IP地址相同的终端能够查看该终端IP地址对应的隐私目录,并通过该隐私目录访问对应的隐私文件,与服务器保存的IP地址不同的终端无法查看该隐私目录并访问该隐私文件,且终端无法查看访问与该终端IP地址不对应的隐私目录及隐私文件,大大提高了网络文件系统中隐私文件的隐密性,提高了隐私文件的安全性。The embodiment of the present invention verifies the IP address of the terminal, and associates the IP address with the privacy directory and the privacy file, so that only the terminal with the same IP address saved by the server can view the privacy directory corresponding to the terminal IP address, and pass the The privacy directory accesses the corresponding privacy file, and the terminal different from the IP address saved by the server cannot view the privacy directory and access the privacy file, and the terminal cannot view the privacy directory and the privacy file that do not correspond to the IP address of the terminal, thereby greatly improving The privacy of private files in the network file system improves the security of private files.
参照图2,图2为本发明网络文件访问控制方法的第二实施例的流程示意图。基于上述网络文件访问控制方法的第一实施例,在步骤S101之前,还包括步骤S201~S203:Referring to FIG. 2, FIG. 2 is a schematic flowchart diagram of a second embodiment of a network file access control method according to the present invention. Based on the first embodiment of the foregoing network file access control method, before step S101, steps S201 to S203 are further included:
S201、在获取所述终端的IP地址之前,在接收到所述终端的隐私文件验证请求时,对所述终端进行隐私口令验证。S201: Before obtaining the IP address of the terminal, perform a privacy password verification on the terminal when receiving the privacy file verification request of the terminal.
所述服务器在接收到终端的隐私文件验证请求时,对所述终端进行隐私口令验证。所述隐私口令对应隐私目录及隐私文件,设置为对访问该隐私目录及隐私文件的终端进行验证,只有通过验证的终端IP才能访问对应的隐私目录及隐私文件,所述隐私口令优选为数字及字母组成的密钥。When receiving the privacy file verification request of the terminal, the server performs privacy password verification on the terminal. The privacy password corresponds to a privacy directory and a privacy file, and is configured to verify a terminal that accesses the privacy directory and the privacy file, and only the verified terminal IP can access the corresponding privacy directory and the privacy file, and the privacy password is preferably a number and a password. The key composed of letters.
参照图3,图3为本发明在接收到所述终端的隐私文件验证请求时,对 所述终端进行隐私口令验证步骤的较佳实施例的流程示意图,所述在接收到所述终端的隐私文件验证请求时,对所述终端进行隐私口令验证包括步骤S301~S303:Referring to FIG. 3, FIG. 3 is a schematic diagram of the present invention when receiving a privacy file verification request of the terminal. A schematic flowchart of a preferred embodiment of the step of performing a privacy password verification process by the terminal, when receiving the privacy file verification request of the terminal, performing privacy password verification on the terminal includes steps S301-S303:
S301、在接收到所述终端的隐私文件验证请求时,接收所述终端输入的隐私口令。S301. Receive a privacy password input by the terminal when receiving the privacy file verification request of the terminal.
S302、将所述终端输入的隐私口令与所述服务器保存的隐私口令进行匹配。S302. Match a privacy password input by the terminal with a privacy password saved by the server.
S303、如果所述终端输入的隐私口令与所述服务器保存的隐私口令相同,则确定所述终端的隐私口令验证通过。S303. If the privacy password input by the terminal is the same as the privacy password saved by the server, determine that the password verification of the terminal passes.
所述服务器在接收到终端的隐私文件验证请求时,接收所述终端输入的隐私口令;所述服务器将所述终端输入的隐私口令与服务器保存的隐私口令进行匹配;如果所述终端输入的隐私口令与所述服务器保存的隐私口令相同,所述服务器则确定所述终端的隐私口令验证通过。Receiving, by the server, a privacy password input by the terminal when receiving the privacy file verification request of the terminal; the server matching the privacy password input by the terminal with the privacy password saved by the server; if the terminal inputs the privacy The password is the same as the privacy password saved by the server, and the server determines that the terminal's privacy password verification is passed.
优选地,如果所述服务器保存的隐私口令经过了不可逆的加密处理,可以通过如下过程实现对所述终端进行隐私口令验证:所述服务器在接收到终端的隐私文件验证请求时,接收所述终端输入的隐私口令,并对所述终端输入的隐私口令进行加密处理;所述服务器将加密后的隐私口令与服务器保存的已加密的隐私口令进行匹配;如果匹配到与相同的已加密的隐私口令,所述服务器则确定所述终端的隐私口令验证通过。在服务器保存的隐私口令经过了不可逆的加密处理时,所述隐私口令不可被解密,提高了隐私口令的安全性。Preferably, if the privacy password saved by the server is subjected to irreversible encryption processing, the user may perform privacy password verification on the terminal: the server receives the terminal's privacy file verification request, and receives the terminal. Entering a privacy password and encrypting the privacy password entered by the terminal; the server matching the encrypted privacy password with the encrypted private password saved by the server; if matching the same encrypted private password The server determines that the terminal's privacy password verification is passed. When the privacy password saved by the server is subjected to irreversible encryption processing, the privacy password cannot be decrypted, and the security of the privacy password is improved.
优选地,所述服务器在接收到终端的隐私文件验证请求时,可以对所述请求进行合法性验证,以确定所述请求是否合法,在所述请求的合法性验证通过时,再执行所述请求对应的操作。方法与上述第一实施例中所述服务器对接收到的会话请求进行合法性验证的过程相同,在此不再赘述。Preferably, when receiving the privacy file verification request of the terminal, the server may perform legality verification on the request to determine whether the request is legal, and when the legality verification of the request passes, perform the Request the corresponding operation. The method is the same as the process of verifying the validity of the received session request by the server in the first embodiment, and details are not described herein again.
S202、在所述终端的隐私口令验证通过时,获取所述终端输入的隐私口令对应的隐私目录。S202. Acquire a privacy directory corresponding to the privacy password input by the terminal when the password verification of the terminal is passed.
所述服务器在所述终端的隐私口令验证通过时,所述服务器通过查询服务器保存的隐私口令与隐私目录的对应关系,获取所述终端输入的隐私口令对应的隐私目录。或者,也可以在所述终端进行隐私口令验证过程中,将所 述终端输入的隐私口令与服务器保存的隐私口令进行匹配,由于创建隐私文件时,服务器端的隐私口令是保存在对应的隐私文件中的,因此,在服务器匹配到相同的隐私口令时,根据所述隐私口令的保存路径确定所述隐私口令对应的隐私文件及隐私目录。When the server passes the password verification of the terminal, the server obtains a privacy directory corresponding to the privacy password input by the terminal by querying the correspondence between the privacy password and the privacy directory saved by the server. Alternatively, in the process of performing the privacy password verification on the terminal, The privacy password entered by the terminal is matched with the privacy password saved by the server. Since the privacy password of the server is stored in the corresponding privacy file when the privacy file is created, when the server matches the same privacy password, according to the description The save path of the privacy password determines the privacy file and the privacy directory corresponding to the privacy password.
S203、将所获取的隐私目录作为所述终端的IP地址对应的隐私目录,并将所述终端的IP地址及所述终端的IP地址对应的隐私目录保存至服务器。S203. The obtained privacy directory is used as a privacy directory corresponding to the IP address of the terminal, and the IP address corresponding to the terminal and the privacy directory corresponding to the IP address of the terminal are saved to the server.
所述服务器将所获取的隐私目录作为所述终端的IP地址对应的隐私目录,并将所述终端的IP地址及所述终端的IP地址对应的隐私目录保存在所述服务器。将通过隐私口令验证的终端IP地址及该隐私口令对应的隐私目录保存在服务器,可以在终端访问隐私文件时,对终端的IP地址进行验证,并将终端IP地址对应的经过隐私口令验证的隐私文件显示给所述终端,以供所述终端进行查看访问。The server uses the acquired privacy directory as a privacy directory corresponding to the IP address of the terminal, and saves the IP address of the terminal and the privacy directory corresponding to the IP address of the terminal in the server. The terminal IP address verified by the privacy password and the privacy directory corresponding to the privacy password are stored in the server, and the IP address of the terminal can be verified when the terminal accesses the privacy file, and the privacy password verified by the terminal IP address is verified. A file is displayed to the terminal for viewing access by the terminal.
所述服务器在接收到所述终端的隐私文件关闭请求时,对所述终端进行隐私口令验证;在所述终端的隐私口令验证通过时,所述服务器删除所述配置文件内的所述终端输入的隐私口令对应的隐私目录。通过删除服务器配置文件内的隐私目录,使得所述终端下次访问隐私文件时,无法查看到所述隐私目录,进而无法通过所述隐私目录访问所述隐私文件,如果想要再次访问所述隐私文件,则需再次进行隐私口令验证,在所述隐私口令验证通过之后,才能再次访问所述隐私文件。The server performs a privacy password verification on the terminal when receiving the privacy file close request of the terminal; when the password verification of the terminal passes, the server deletes the terminal input in the configuration file The privacy password corresponds to the privacy directory. By deleting the privacy directory in the server configuration file, the terminal cannot view the privacy directory when accessing the privacy file next time, and thus cannot access the privacy file through the privacy directory, if the user wants to access the privacy again. For the file, the privacy password verification is performed again, and the privacy file can be accessed again after the private password verification is passed.
本实施例通过对终端进行隐私口令验证,将隐私口令验证通过的终端的IP地址及该隐私口令对应的隐私目录保存在服务器,根据服务器保存的IP地址及对应的隐私目录对终端的IP地址进行验证,并将IP地址与隐私目录及隐私文件对应起来,使得只有通过隐私口令验证的终端IP地址能够查看该终端IP地址对应的隐私目录,并通过该隐私目录访问对应的隐私文件,与服务器保存的IP地址不同的终端无法查看该隐私目录并访问该隐私文件,且终端无法查看访问与该终端IP地址不对应的隐私目录及隐私文件,大大提高了网络文件系统中隐私文件的隐密性,提高了隐私文件的安全性。In this embodiment, by performing privacy password verification on the terminal, the IP address of the terminal through which the privacy password is verified and the privacy directory corresponding to the privacy password are stored in the server, and the IP address of the terminal is performed according to the IP address saved by the server and the corresponding privacy directory. Verification, and the IP address is associated with the privacy directory and the privacy file, so that only the terminal IP address verified by the privacy password can view the privacy directory corresponding to the terminal IP address, and access the corresponding privacy file through the privacy directory, and save with the server. The terminal with different IP addresses cannot view the privacy directory and access the privacy file, and the terminal cannot view the privacy directory and the privacy file that do not correspond to the IP address of the terminal, thereby greatly improving the privacy of the privacy file in the network file system. Improve the security of private files.
参照图4,图4为本发明网络文件访问控制方法的第三实施例的流程示意图。基于上述网络文件访问控制方法的第二实施例,所述步骤S201之前,还包括步骤S401~S403: Referring to FIG. 4, FIG. 4 is a schematic flowchart diagram of a third embodiment of a network file access control method according to the present invention. Based on the second embodiment of the foregoing network file access control method, before the step S201, the method further includes steps S401 to S403:
S401、在接收到所述终端的隐私文件验证请求,对所述终端进行隐私口令验证之前,在接收到所述终端的隐私文件创建请求时,创建隐私目录及对应的隐私文件。S401. Before receiving the privacy file verification request of the terminal, before performing the privacy password verification on the terminal, when receiving the privacy file creation request of the terminal, create a privacy directory and a corresponding privacy file.
所述服务器在接收到终端的隐私文件创建请求时,在预设目录下创建隐私目录,并在所述预设目录下创建与所述隐私目录同名的隐私文件。所述隐私文件内包括有用户的隐私数据。When receiving the privacy file creation request of the terminal, the server creates a privacy directory in a preset directory, and creates a privacy file with the same name as the privacy directory under the preset directory. The privacy file includes the user's privacy data.
优选地,所述服务器在接收到终端的隐私文件创建请求时,可以对所述请求进行合法性验证,以确定所述请求是否合法,在所述请求的合法性验证通过时,再执行所述请求对应的操作方法与上述第一实施例中所述服务器对接收到的会话请求进行合法性验证的过程相同,在此不再赘述。Preferably, when receiving the privacy file creation request of the terminal, the server may perform legality verification on the request to determine whether the request is legal, and when the legality verification of the request passes, perform the The operation method corresponding to the request is the same as the process of verifying the validity of the received session request by the server in the first embodiment, and details are not described herein again.
S402、接收所述终端输入的隐私口令。S402. Receive a privacy password input by the terminal.
S403、将所接收到的隐私口令作为所创建的隐私目录对应的隐私口令并保存在所创建的隐私文件中。S403. The received privacy password is used as a privacy password corresponding to the created privacy directory and saved in the created privacy file.
所述服务器接收所述终端输入的隐私口令;所述服务器将所接收到的隐私口令作为所创建的隐私目录对应的隐私口令并保存在所创建的隐私文件中。优选地,可以通过所述终端提供隐私口令输入界面,供用户基于所述输入界面输入隐私口令,在侦测到用户基于所述输入界面触发的输入完毕指令时,将输入的隐私口令发送给服务器。优选地,可以将所述隐私口令进行加密后保存在对应的隐私文件中,所述加密处理优选为不可逆的加密处理,以提高隐私口令的安全性。The server receives the privacy password input by the terminal; the server uses the received privacy password as a privacy password corresponding to the created privacy directory and saves the created privacy file. Preferably, the terminal may provide a privacy password input interface for the user to input a privacy password based on the input interface, and send the input privacy password to the server when detecting the input completion command triggered by the user based on the input interface. . Preferably, the privacy password may be encrypted and saved in a corresponding privacy file, and the encryption process is preferably an irreversible encryption process to improve the security of the privacy password.
本实施例在服务器创建隐私文件时,将隐私文件对应的隐私口令保存在所述隐私文件中,以供服务器根据保存的隐私口令及对应的隐私目录对终端进行隐私口令验证,并将隐私口令验证通过的终端的IP地址及该隐私口令对应的隐私目录保存在服务器,根据服务器保存的IP地址及对应的隐私目录对终端的IP地址进行验证,并将IP地址与隐私目录及隐私文件对应起来,使得只有与服务器保存的IP地址相同的终端能够查看该终端IP地址对应的隐私目录,并通过该隐私目录访问对应的隐私文件,与服务器保存的IP地址不同的终端无法查看该隐私目录并访问该隐私文件,且终端无法查看访问与该终端IP地址不对应的隐私目录及隐私文件,大大提高了网络文件系统中隐私文件的隐密性,提高了隐私文件的安全性。 In this embodiment, when the server creates the privacy file, the privacy password corresponding to the privacy file is saved in the privacy file, so that the server performs the privacy password verification on the terminal according to the saved privacy password and the corresponding privacy directory, and the privacy password is verified. The IP address of the passed terminal and the privacy directory corresponding to the privacy password are stored in the server, and the IP address of the terminal is verified according to the IP address saved by the server and the corresponding privacy directory, and the IP address is associated with the privacy directory and the privacy file. The terminal that is the same as the IP address saved by the server can view the privacy directory corresponding to the IP address of the terminal, and access the corresponding privacy file through the privacy directory. The terminal different from the IP address saved by the server cannot view the privacy directory and access the private directory. The privacy file and the terminal cannot view the privacy directory and the privacy file that do not correspond to the IP address of the terminal, which greatly improves the privacy of the privacy file in the network file system and improves the security of the privacy file.
参照图5,图5为本发明网络文件访问控制方法的第四实施例的流程示意图。基于上述网络文件访问控制方法的第一实施例,所述步骤S103之后,还包括步骤S501~S503:Referring to FIG. 5, FIG. 5 is a schematic flowchart diagram of a fourth embodiment of a network file access control method according to the present invention. Based on the first embodiment of the foregoing network file access control method, after the step S103, the method further includes steps S501 to S503:
S501、如果所述终端的IP地址与所述服务器保存的IP地址相同,在将所述终端的IP地址对应的隐私目录发送至所述终端之前,在接收到终端的隐私文件删除请求时,接收所述终端输入的隐私口令。S501. If the IP address of the terminal is the same as the IP address saved by the server, before receiving the privacy file deletion request of the terminal, receiving the privacy directory corresponding to the IP address of the terminal, The privacy password entered by the terminal.
S502、将所述终端输入的隐私口令与所述服务器保存的隐私口令进行匹配。S502. Match a privacy password input by the terminal with a privacy password saved by the server.
S503、如果所述终端输入的隐私口令与所述服务器保存的隐私口令相同,则删除所述服务器保存的隐私口令对应的隐私目录及隐私文件。S503. If the privacy password input by the terminal is the same as the privacy password saved by the server, deleting the privacy directory and the privacy file corresponding to the privacy password saved by the server.
所述服务器在接收到终端的隐私文件删除请求时,接收所述终端输入的隐私口令;所述服务器将所述终端输入的隐私口令与所述服务器保存的隐私口令进行匹配;如果所述终端输入的隐私口令与所述服务器保存的隐私口令相同,所述服务器则删除所述服务器保存的隐私口令对应的隐私目录及隐私文件。Receiving, by the server, a privacy password input by the terminal when receiving the privacy file deletion request of the terminal; the server matching the privacy password input by the terminal with the privacy password saved by the server; if the terminal inputs The privacy password is the same as the privacy password saved by the server, and the server deletes the privacy directory and the privacy file corresponding to the privacy password saved by the server.
优选地,所述服务器在接收到终端的隐私文件删除请求时,可以对所述请求进行合法性验证,以确定所述请求是否合法,在所述请求的合法性验证通过时,再执行所述请求对应的操作。方法与上述第一实施例中所述服务器对接收到的会话请求进行合法性验证的过程相同,在此不再赘述。Preferably, when receiving the privacy file deletion request of the terminal, the server may perform legality verification on the request to determine whether the request is legal, and when the legality verification of the request passes, perform the Request the corresponding operation. The method is the same as the process of verifying the validity of the received session request by the server in the first embodiment, and details are not described herein again.
本实施例通过对终端的IP地址进行验证,并将IP地址与隐私目录及隐私文件对应起来,使得只有与服务器保存的IP地址相同的终端能够查看该终端IP地址对应的隐私目录,并通过该隐私目录访问对应的隐私文件,与服务器保存的IP地址不同的终端无法查看该隐私目录并访问该隐私文件,且终端无法查看访问与该终端IP地址不对应的隐私目录及隐私文件,大大提高了网络文件系统中隐私文件的隐密性,提高了隐私文件的安全性。In this embodiment, the IP address of the terminal is verified, and the IP address is associated with the privacy directory and the privacy file, so that only the terminal with the same IP address saved by the server can view the privacy directory corresponding to the terminal IP address, and pass the The privacy directory accesses the corresponding privacy file, and the terminal different from the IP address saved by the server cannot view the privacy directory and access the privacy file, and the terminal cannot view the privacy directory and the privacy file that do not correspond to the terminal IP address, which greatly improves the access. The privacy of private files in the network file system improves the security of private files.
上述第一至第四实施例的网络文件访问控制方法的执行主体均可以为网络文件存储设备或网络文件系统服务器。并且所述网络文件访问控制方法可以由安装在网络文件存储设备或网络文件系统服务器上的网络文件存储程序实现。 The execution bodies of the network file access control methods of the above first to fourth embodiments may each be a network file storage device or a network file system server. And the network file access control method can be implemented by a network file storage program installed on a network file storage device or a network file system server.
本发明实施例还提供了一种网络文件访问控制装置。The embodiment of the invention further provides a network file access control device.
参照图6,图6为本发明网络文件访问控制装置的第一实施例的功能模块示意图。Referring to FIG. 6, FIG. 6 is a schematic diagram of functional modules of a first embodiment of a network file access control apparatus according to the present invention.
在本实施例中,所述网络文件访问控制装置包括:获取模块10、比对模块20及发送模块30。In this embodiment, the network file access control apparatus includes: an obtaining module 10, a comparison module 20, and a sending module 30.
所述获取模块10,设置为在接收到终端的隐私文件访问请求时,获取所述终端的IP地址。The obtaining module 10 is configured to acquire an IP address of the terminal when receiving a privacy file access request of the terminal.
服务器接收来自终端的隐私文件访问请求,在接收到终端的隐私文件访问请求时,获取所述终端的IP地址。所述终端可以包括诸如移动电话、智能电话、笔记本电脑、数字广播接收器、PDA(个人数字助理)、PAD(平板电脑)、PMP(便携式多媒体播放器)、数码相机等等的移动终端以及诸如数字TV、台式计算机等等的固定终端。The server receives the privacy file access request from the terminal, and obtains the IP address of the terminal when receiving the privacy file access request of the terminal. The terminal may include a mobile terminal such as a mobile phone, a smart phone, a notebook computer, a digital broadcast receiver, a PDA (Personal Digital Assistant), a PAD (Tablet), a PMP (Portable Multimedia Player), a digital camera, etc., and the like Fixed terminal for digital TV, desktop computer, etc.
所述隐私文件访问请求,可以通过所述终端提供隐私文件访问的快捷图标,以供用户基于所述快捷图标触发隐私文件访问请求,并将所述隐私文件访问请求发送至所述服务器;或者,也可以通过所述终端提供隐私文件访问的物理按键,以供用户基于所述物理按键触发隐私文件访问请求,并将所述隐私文件访问请求发送至所述服务器。The privacy file access request may provide a shortcut icon of the privacy file access by the terminal, so that the user triggers the privacy file access request based on the shortcut icon, and sends the privacy file access request to the server; or The physical button accessed by the privacy file may also be provided by the terminal for the user to trigger a privacy file access request based on the physical button, and send the privacy file access request to the server.
所述服务器可以在接收到终端隐私文件访问请求时,获取所述终端的IP地址;或者,也可以在所述终端登录时,获取所述终端的IP地址,并将所述终端的IP地址保存在服务器,在服务器接收到所述终端的隐私文件访问请求时,从服务器本地读取所述终端的IP地址。The server may obtain the IP address of the terminal when receiving the terminal privacy file access request; or, when the terminal logs in, obtain the IP address of the terminal, and save the IP address of the terminal. At the server, when the server receives the privacy file access request of the terminal, the IP address of the terminal is locally read from the server.
优选地,所述服务器在接收到终端的会话请求时,可以对所述请求进行合法性验证,以确定所述请求是否合法,在所述请求的合法性验证通过时,再执行所述请求对应的操作,以提高隐私文件的安全性。例如:所述服务器在接收到终端的隐私文件访问请求时,对所述访问请求进行合法性验证,在所述访问请求的合法性验证通过时,执行获取所述终端的IP地址及之后的步骤。Preferably, when receiving the session request of the terminal, the server may perform legality verification on the request to determine whether the request is legal. When the validity of the request is verified, the request is further executed. The operation to improve the security of the privacy file. For example, when the server receives the privacy file access request of the terminal, the server performs legality verification on the access request, and when the validity of the access request is verified, the step of acquiring the IP address of the terminal and subsequent steps are performed. .
所述服务器对接收到的会话请求进行合法性验证的过程,可以通过如下实施方式实施:在所述终端登录服务器时,获取所述终端的IP地址及所述终 端登录时的会话ID,并将所述终端的IP地址及对应的会话ID保存在服务器,在所述服务器接收到来自所述终端的会话请求时,再次获取所述终端的IP地址及会话ID,并将所获取的IP地址及会话ID与服务器保存的IP地址及对应的会话ID进行比对,判断所获取的IP地址与会话ID是否匹配,如果所获取的IP地址与会话ID匹配,则确定所述会话请求的合法性验证通过;如果所获取的IP地址与会话ID不匹配,则确定所述请求的合法性验证未通过。The process of verifying the validity of the received session request by the server may be implemented by: when the terminal logs in to the server, acquiring the IP address of the terminal and the terminal End session login ID, and save the IP address of the terminal and the corresponding session ID in the server, and when the server receives the session request from the terminal, acquire the IP address and session ID of the terminal again. And comparing the obtained IP address and the session ID with the IP address saved by the server and the corresponding session ID, and determining whether the obtained IP address matches the session ID. If the obtained IP address matches the session ID, then Determining that the validity of the session request is verified; if the acquired IP address does not match the session ID, it is determined that the validity verification of the request fails.
所述服务器对接收到的会话请求进行合法性验证的过程,也可以通过如下另一实施方式实施:获取所述请求的发送时间戳及接收时间戳,并判断所述请求的发送时间戳与接收时间戳是否匹配,如果所述请求的发送时间戳与接收时间戳匹配,则确定所述请求的合法性验证通过;如果所述请求的发送时间戳与接收时间戳不匹配,则确定所述请求的合法性验证未通过。在本发明实施例中,匹配是指相互比较的两个对象完全相同或者差异值小于或等于预设的差异阈值。The process of verifying the validity of the received session request by the server may also be implemented by: obtaining a sending timestamp and a receiving timestamp of the request, and determining a sending timestamp and receiving of the request. Whether the timestamps match, if the sending timestamp of the request matches the receiving timestamp, determining that the validity of the request is verified; if the sending timestamp of the request does not match the receiving timestamp, determining the request The legality verification failed. In the embodiment of the present invention, matching means that two objects that are compared with each other are identical or the difference value is less than or equal to a preset difference threshold.
所述比对模块20,设置为将所述终端的IP地址与服务器保存的IP地址进行比对;The comparison module 20 is configured to compare the IP address of the terminal with an IP address saved by the server;
所述服务器将所述终端的IP地址与服务器保存的IP地址进行比对。所述服务器保存的IP地址,可以是预设的保存在所述服务器配置文件内的允许访问所述隐私文件的IP地址;或者,也可以是在终端通过隐私文件的隐私口令验证时,服务器保存在配置文件内的已验证的终端的IP地址。The server compares the IP address of the terminal with an IP address saved by the server. The IP address saved by the server may be a preset IP address that is allowed to access the privacy file stored in the server configuration file; or may be saved by the server when the terminal authenticates through the privacy password of the privacy file. The IP address of the authenticated terminal within the configuration file.
所述发送模块30,设置为如果所述终端的IP地址与所述服务器保存的IP地址相同,则将所述终端的IP地址对应的隐私目录发送至所述终端,以供所述终端通过所述隐私目录访问对应的隐私文件。The sending module 30 is configured to: if the IP address of the terminal is the same as the IP address saved by the server, send a privacy directory corresponding to the IP address of the terminal to the terminal, so that the terminal passes the The privacy directory accesses the corresponding privacy file.
如果所述终端的IP地址与所述服务器保存的IP地址相同,即所述服务器在保存的IP地址中匹配到与所述终端的IP地址相同的IP地址。所述服务器通过查询所述服务器保存的IP地址与隐私目录的对应关系,将所述终端的IP地址对应的隐私目录发送至所述终端,以供所述终端通过所述隐私目录访问对应的隐私文件。所述IP地址对应的可以是一个隐私目录,也可以是多个隐私目录。所述隐私目录及对应的隐私文件存储在所述服务器端,所述隐私目录设置为在终端访问服务器时,终端可以通过隐私目录访问服务器保存的对应的隐私文件。 If the IP address of the terminal is the same as the IP address saved by the server, that is, the server matches the same IP address as the IP address of the terminal in the saved IP address. The server sends a privacy directory corresponding to the IP address of the terminal to the terminal by querying the correspondence between the IP address and the privacy directory saved by the server, so that the terminal accesses the corresponding privacy through the privacy directory. file. The IP address may correspond to a privacy directory or multiple privacy directories. The privacy directory and the corresponding privacy file are stored on the server, and the privacy directory is configured to access the corresponding privacy file saved by the server through the privacy directory when the terminal accesses the server.
所述终端可以通过所述隐私目录向所述隐私文件中写入隐私数据;或者,也可以通过所述隐私目录读取所述隐私文件中的数据。优选地,所述终端通过所述隐私目录向所述隐私文件中写入隐私数据,服务器将写入的隐私数据进行加密处理后保存在隐私文件中;所述终端通过所述隐私目录读取所述隐私文件中的数据时,所述服务器先对隐私文件中的数据进行解密处理,将解密后的数据发送给所述终端。通过对隐私文件中的数据进行加密处理,可以有效的提高隐私文件数据的安全性。The terminal may write the privacy data into the privacy file through the privacy directory; or, the data in the privacy file may also be read through the privacy directory. Preferably, the terminal writes the private data to the privacy file through the privacy directory, and the server encrypts the written private data and saves the data in the privacy file; the terminal reads the location through the privacy directory. When the data in the privacy file is described, the server first decrypts the data in the privacy file, and sends the decrypted data to the terminal. By encrypting the data in the privacy file, the security of the privacy file data can be effectively improved.
本发明实施例通过对终端的IP地址进行验证,并将IP地址与隐私目录及隐私文件对应起来,使得只有与服务器保存的IP地址相同的终端能够查看该终端IP地址对应的隐私目录,并通过该隐私目录访问对应的隐私文件,与服务器保存的IP地址不同的终端无法查看该隐私目录并访问该隐私文件,且终端无法查看访问与该终端IP地址不对应的隐私目录及隐私文件,大大提高了网络文件系统中隐私文件的隐密性,提高了隐私文件的安全性。The embodiment of the present invention verifies the IP address of the terminal, and associates the IP address with the privacy directory and the privacy file, so that only the terminal with the same IP address saved by the server can view the privacy directory corresponding to the terminal IP address, and pass the The privacy directory accesses the corresponding privacy file, and the terminal different from the IP address saved by the server cannot view the privacy directory and access the privacy file, and the terminal cannot view the privacy directory and the privacy file that do not correspond to the IP address of the terminal, thereby greatly improving The privacy of private files in the network file system improves the security of private files.
参照图7,图7为本发明网络文件访问控制装置的第二实施例的功能模块示意图。基于上述网络文件访问控制装置的第一实施例,所述网络文件访问控制装置还包括验证模块40及存储模块50;Referring to FIG. 7, FIG. 7 is a schematic diagram of functional modules of a second embodiment of a network file access control apparatus according to the present invention. The network file access control device further includes a verification module 40 and a storage module 50, based on the first embodiment of the network file access control device;
所述验证模块40,设置为在接收到所述终端的隐私文件验证请求时,对所述终端进行隐私口令验证。The verification module 40 is configured to perform privacy password verification on the terminal when receiving the privacy file verification request of the terminal.
所述服务器在接收到终端的隐私文件验证请求时,对所述终端进行隐私口令验证。所述隐私口令对应隐私目录及隐私文件,设置为对访问该隐私目录及隐私文件的终端进行验证,只有通过验证的终端IP才能访问对应的隐私目录及隐私文件,所述隐私口令优选为数字及字母组成的密钥。When receiving the privacy file verification request of the terminal, the server performs privacy password verification on the terminal. The privacy password corresponds to a privacy directory and a privacy file, and is configured to verify a terminal that accesses the privacy directory and the privacy file, and only the verified terminal IP can access the corresponding privacy directory and the privacy file, and the privacy password is preferably a number and a password. The key composed of letters.
参照图8,图8为本发明验证模块40的较佳实施例的功能模块示意图,所述验证模块40包括接收单元41、匹配单元42及确定单元43;8 is a schematic diagram of a functional module of a preferred embodiment of the verification module 40 of the present invention, the verification module 40 includes a receiving unit 41, a matching unit 42 and a determining unit 43;
所述接收单元41,设置为在接收到所述终端的隐私文件验证请求时,接收所述终端输入的隐私口令。The receiving unit 41 is configured to receive a privacy password input by the terminal when receiving the privacy file verification request of the terminal.
所述匹配单元42,设置为将所述终端输入的隐私口令与所述服务器保存的隐私口令进行匹配。The matching unit 42 is configured to match the privacy password input by the terminal with the privacy password saved by the server.
所述确定单元43,设置为若所述终端输入的隐私口令与所述服务器保存 的隐私口令相同,则确定所述终端的隐私口令验证通过。The determining unit 43 is configured to save the password entered by the terminal and the server If the privacy password is the same, it is determined that the terminal's privacy password verification is passed.
所述服务器在接收到终端的隐私文件验证请求时,接收所述终端输入的隐私口令;所述服务器将所述终端输入的隐私口令与服务器保存的隐私口令进行匹配;若所述终端输入的隐私口令与所述服务器保存的隐私口令相同,所述服务器则确定所述终端的隐私口令验证通过。Receiving, by the server, a privacy password input by the terminal when receiving the privacy file verification request of the terminal; the server matching the privacy password input by the terminal with the privacy password saved by the server; if the terminal inputs the privacy The password is the same as the privacy password saved by the server, and the server determines that the terminal's privacy password verification is passed.
优选地,如果所述服务器保存的隐私口令经过了不可逆的加密处理,可以通过如下过程实现对所述终端进行隐私口令验证:所述服务器在接收到终端的隐私文件验证请求时,接收所述终端输入的隐私口令,并对所述终端输入的隐私口令进行加密处理;所述服务器将加密后的隐私口令与服务器保存的已加密的隐私口令进行匹配;如果匹配到与相同的已加密的隐私口令,所述服务器则确定所述终端的隐私口令验证通过。在服务器保存的隐私口令经过了不可逆的加密处理时,所述隐私口令不可被解密,提高了隐私口令的安全性。Preferably, if the privacy password saved by the server is subjected to irreversible encryption processing, the user may perform privacy password verification on the terminal: the server receives the terminal's privacy file verification request, and receives the terminal. Entering a privacy password and encrypting the privacy password entered by the terminal; the server matching the encrypted privacy password with the encrypted private password saved by the server; if matching the same encrypted private password The server determines that the terminal's privacy password verification is passed. When the privacy password saved by the server is subjected to irreversible encryption processing, the privacy password cannot be decrypted, and the security of the privacy password is improved.
优选地,所述服务器在接收到终端的隐私文件验证请求时,可以对所述请求进行合法性验证,以确定所述请求是否合法,在所述请求的合法性验证通过时,再执行所述请求对应的操作。方法与上述第一实施例中所述服务器对接收到的会话请求进行合法性验证的过程相同,在此不再赘述。Preferably, when receiving the privacy file verification request of the terminal, the server may perform legality verification on the request to determine whether the request is legal, and when the legality verification of the request passes, perform the Request the corresponding operation. The method is the same as the process of verifying the validity of the received session request by the server in the first embodiment, and details are not described herein again.
所述获取模块10,还设置为在所述终端的隐私口令验证通过时,获取所述终端输入的隐私口令对应的隐私目录。The obtaining module 10 is further configured to acquire a privacy directory corresponding to the privacy password input by the terminal when the password verification of the terminal is passed.
所述服务器在所述终端的隐私口令验证通过时,所述服务器通过查询服务器保存的隐私口令与隐私目录的对应关系,获取所述终端输入的隐私口令对应的隐私目录。或者,也可以在所述终端进行隐私口令验证过程中,将所述终端输入的隐私口令与服务器保存的隐私口令进行匹配,由于创建隐私文件时,服务器端的隐私口令是保存在对应的隐私文件中的,因此,在服务器匹配到相同的隐私口令时,根据所述隐私口令的保存路径确定所述隐私口令对应的隐私文件及隐私目录。When the server passes the password verification of the terminal, the server obtains a privacy directory corresponding to the privacy password input by the terminal by querying the correspondence between the privacy password and the privacy directory saved by the server. Alternatively, during the process of performing the privacy password verification by the terminal, the privacy password input by the terminal may be matched with the privacy password saved by the server. When the privacy file is created, the privacy password of the server is saved in the corresponding privacy file. Therefore, when the server matches the same privacy password, the privacy file and the privacy directory corresponding to the privacy password are determined according to the save path of the privacy password.
所述存储模块50,设置为将所获取的隐私目录作为所述终端的IP地址对应的隐私目录,并将所述终端的IP地址及所述终端的IP地址对应的隐私目录保存至服务器。The storage module 50 is configured to use the acquired privacy directory as a privacy directory corresponding to the IP address of the terminal, and save the IP address of the terminal and the privacy directory corresponding to the IP address of the terminal to the server.
所述服务器将所获取的隐私目录作为所述终端的IP地址对应的隐私目 录,并将所述终端的IP地址及所述终端的IP地址对应的隐私目录保存在所述服务器。将通过隐私口令验证的终端IP地址及该隐私口令对应的隐私目录保存在服务器,可以在终端访问隐私文件时,对终端的IP地址进行验证,并将终端IP地址对应的经过隐私口令验证的隐私文件显示给所述终端,以供所述终端进行查看访问。The server uses the acquired privacy directory as a privacy target corresponding to the IP address of the terminal Recording, and storing the IP address of the terminal and the privacy directory corresponding to the IP address of the terminal in the server. The terminal IP address verified by the privacy password and the privacy directory corresponding to the privacy password are stored in the server, and the IP address of the terminal can be verified when the terminal accesses the privacy file, and the privacy password verified by the terminal IP address is verified. A file is displayed to the terminal for viewing access by the terminal.
所述服务器在接收到所述终端的隐私文件关闭请求时,对所述终端进行隐私口令验证;在所述终端的隐私口令验证通过时,所述服务器删除所述配置文件内的所述终端输入的隐私口令对应的隐私目录。通过删除服务器配置文件内的隐私目录,使得所述终端下次访问隐私文件时,无法查看到所述隐私目录,进而无法通过所述隐私目录访问所述隐私文件,如果想要再次访问所述隐私文件,则需再次进行隐私口令验证,在所述隐私口令验证通过之后,才能再次访问所述隐私文件。The server performs a privacy password verification on the terminal when receiving the privacy file close request of the terminal; when the password verification of the terminal passes, the server deletes the terminal input in the configuration file The privacy password corresponds to the privacy directory. By deleting the privacy directory in the server configuration file, the terminal cannot view the privacy directory when accessing the privacy file next time, and thus cannot access the privacy file through the privacy directory, if the user wants to access the privacy again. For the file, the privacy password verification is performed again, and the privacy file can be accessed again after the private password verification is passed.
本实施例通过对终端进行隐私口令验证,将隐私口令验证通过的终端的IP地址及该隐私口令对应的隐私目录保存在服务器,根据服务器保存的IP地址及对应的隐私目录对终端的IP地址进行验证,并将IP地址与隐私目录及隐私文件对应起来,使得只有通过隐私口令验证的终端IP地址能够查看该终端IP地址对应的隐私目录,并通过该隐私目录访问对应的隐私文件,与服务器保存的IP地址不同的终端无法查看该隐私目录并访问该隐私文件,且终端无法查看访问与该终端IP地址不对应的隐私目录及隐私文件,大大提高了网络文件系统中隐私文件的隐密性,提高了隐私文件的安全性。In this embodiment, by performing privacy password verification on the terminal, the IP address of the terminal through which the privacy password is verified and the privacy directory corresponding to the privacy password are stored in the server, and the IP address of the terminal is performed according to the IP address saved by the server and the corresponding privacy directory. Verification, and the IP address is associated with the privacy directory and the privacy file, so that only the terminal IP address verified by the privacy password can view the privacy directory corresponding to the terminal IP address, and access the corresponding privacy file through the privacy directory, and save with the server. The terminal with different IP addresses cannot view the privacy directory and access the privacy file, and the terminal cannot view the privacy directory and the privacy file that do not correspond to the IP address of the terminal, thereby greatly improving the privacy of the privacy file in the network file system. Improve the security of private files.
参照图9,图9为本发明网络文件访问控制装置的第三实施例的功能模块示意图。基于上述网络文件访问控制装置的第二实施例,所述网络文件访问控制装置还包括创建模块60;Referring to FIG. 9, FIG. 9 is a schematic diagram of functional modules of a third embodiment of a network file access control apparatus according to the present invention. Based on the second embodiment of the network file access control device, the network file access control device further includes a creation module 60;
所述创建模块60,设置为在接收到所述终端的隐私文件验证请求,对所述终端进行隐私口令验证之前,在接收到所述终端的隐私文件创建请求时,创建隐私目录及对应的隐私文件。The creating module 60 is configured to: before receiving the privacy file verification request of the terminal, before performing the privacy password verification on the terminal, create a privacy directory and corresponding privacy when receiving the privacy file creation request of the terminal file.
所述服务器在接收到终端的隐私文件创建请求时,在预设目录下创建隐私目录,并在所述预设目录下创建与所述隐私目录同名的隐私文件。所述隐私文件内包括有用户的隐私数据。 When receiving the privacy file creation request of the terminal, the server creates a privacy directory in a preset directory, and creates a privacy file with the same name as the privacy directory under the preset directory. The privacy file includes the user's privacy data.
优选地,所述服务器在接收到终端的隐私文件创建请求时,可以对所述请求进行合法性验证,以确定所述请求是否合法,在所述请求的合法性验证通过时,再执行所述请求对应的操作。方法与上述第一实施例中所述服务器对接收到的会话请求进行合法性验证的过程相同,在此不再赘述。Preferably, when receiving the privacy file creation request of the terminal, the server may perform legality verification on the request to determine whether the request is legal, and when the legality verification of the request passes, perform the Request the corresponding operation. The method is the same as the process of verifying the validity of the received session request by the server in the first embodiment, and details are not described herein again.
所述获取模块10,还设置为接收所述终端输入的隐私口令。The obtaining module 10 is further configured to receive a privacy password input by the terminal.
所述存储模块50,还设置为将所接收到的隐私口令作为所创建的隐私目录对应的隐私口令并保存在所创建的隐私文件中。The storage module 50 is further configured to store the received privacy password as a privacy password corresponding to the created privacy directory and save the created privacy file.
所述服务器接收所述终端输入的隐私口令;所述服务器将所接收到的隐私口令作为所创建的隐私目录对应的隐私口令并保存在所创建的隐私文件中。优选地,可以通过所述终端提供隐私口令输入界面,供用户基于所述输入界面输入隐私口令,在侦测到用户基于所述输入界面触发的输入完毕指令时,将输入的隐私口令发送给服务器。优选地,可以将所述隐私口令进行加密后保存在对应的隐私文件中,所述加密处理优选为不可逆的加密处理,以提高隐私口令的安全性。The server receives the privacy password input by the terminal; the server uses the received privacy password as a privacy password corresponding to the created privacy directory and saves the created privacy file. Preferably, the terminal may provide a privacy password input interface for the user to input a privacy password based on the input interface, and send the input privacy password to the server when detecting the input completion command triggered by the user based on the input interface. . Preferably, the privacy password may be encrypted and saved in a corresponding privacy file, and the encryption process is preferably an irreversible encryption process to improve the security of the privacy password.
本实施例在服务器创建隐私文件时,将隐私文件对应的隐私口令保存在所述隐私文件中,以供服务器根据保存的隐私口令及对应的隐私目录对终端进行隐私口令验证,并将隐私口令验证通过的终端的IP地址及该隐私口令对应的隐私目录保存在服务器,根据服务器保存的IP地址及对应的隐私目录对终端的IP地址进行验证,并将IP地址与隐私目录及隐私文件对应起来,使得只有与服务器保存的IP地址相同的终端能够查看该终端IP地址对应的隐私目录,并通过该隐私目录访问对应的隐私文件,与服务器保存的IP地址不同的终端无法查看该隐私目录并访问该隐私文件,且终端无法查看访问与该终端IP地址不对应的隐私目录及隐私文件,大大提高了网络文件系统中隐私文件的隐密性,提高了隐私文件的安全性。In this embodiment, when the server creates the privacy file, the privacy password corresponding to the privacy file is saved in the privacy file, so that the server performs the privacy password verification on the terminal according to the saved privacy password and the corresponding privacy directory, and the privacy password is verified. The IP address of the passed terminal and the privacy directory corresponding to the privacy password are stored in the server, and the IP address of the terminal is verified according to the IP address saved by the server and the corresponding privacy directory, and the IP address is associated with the privacy directory and the privacy file. The terminal that is the same as the IP address saved by the server can view the privacy directory corresponding to the IP address of the terminal, and access the corresponding privacy file through the privacy directory. The terminal different from the IP address saved by the server cannot view the privacy directory and access the private directory. The privacy file and the terminal cannot view the privacy directory and the privacy file that do not correspond to the IP address of the terminal, which greatly improves the privacy of the privacy file in the network file system and improves the security of the privacy file.
参照图10,图10为本发明网络文件访问控制装置的第四实施例的功能模块示意图。基于上述网络文件访问控制装置的第三实施例,所述网络文件访问控制装置还包括删除模块70;Referring to FIG. 10, FIG. 10 is a schematic diagram of functional modules of a fourth embodiment of a network file access control apparatus according to the present invention. The network file access control device further includes a deletion module 70, based on the third embodiment of the network file access control device;
所述获取模块10,还设置为如果所述终端的IP地址与所述服务器保存的IP地址相同,在将所述终端的IP地址对应的隐私目录发送至所述终端之前, 在接收到终端的隐私文件删除请求时,接收所述终端输入的隐私口令。The obtaining module 10 is further configured to: if the IP address of the terminal is the same as the IP address saved by the server, before sending the privacy directory corresponding to the IP address of the terminal to the terminal, Upon receiving the privacy file deletion request of the terminal, the privacy password input by the terminal is received.
所述比对模块20,还设置为将所述终端输入的隐私口令与所述服务器保存的隐私口令进行匹配。The comparison module 20 is further configured to match the privacy password input by the terminal with the privacy password saved by the server.
所述删除模块70,设置为如果所述终端输入的隐私口令与所述服务器保存的隐私口令相同,则删除所述服务器保存的隐私口令对应的隐私目录及隐私文件。The deleting module 70 is configured to delete the privacy directory and the privacy file corresponding to the privacy password saved by the server if the privacy password input by the terminal is the same as the privacy password saved by the server.
所述服务器在接收到终端的隐私文件删除请求时,接收所述终端输入的隐私口令;所述服务器将所述终端输入的隐私口令与所述服务器保存的隐私口令进行匹配;如果所述终端输入的隐私口令与所述服务器保存的隐私口令相同,所述服务器则删除所述服务器保存的隐私口令对应的隐私目录及隐私文件。Receiving, by the server, a privacy password input by the terminal when receiving the privacy file deletion request of the terminal; the server matching the privacy password input by the terminal with the privacy password saved by the server; if the terminal inputs The privacy password is the same as the privacy password saved by the server, and the server deletes the privacy directory and the privacy file corresponding to the privacy password saved by the server.
优选地,所述服务器在接收到终端的隐私文件删除请求时,可以对所述请求进行合法性验证,以确定所述请求是否合法,在所述请求的合法性验证通过时,再执行所述请求对应的操作。方法与上述第一实施例中所述服务器对接收到的会话请求进行合法性验证的过程相同,在此不再赘述。Preferably, when receiving the privacy file deletion request of the terminal, the server may perform legality verification on the request to determine whether the request is legal, and when the legality verification of the request passes, perform the Request the corresponding operation. The method is the same as the process of verifying the validity of the received session request by the server in the first embodiment, and details are not described herein again.
本实施例通过对终端的IP地址进行验证,并将IP地址与隐私目录及隐私文件对应起来,使得只有与服务器保存的IP地址相同的终端能够查看该终端IP地址对应的隐私目录,并通过该隐私目录访问对应的隐私文件,与服务器保存的IP地址不同的终端无法查看该隐私目录并访问该隐私文件,且终端无法查看访问与该终端IP地址不对应的隐私目录及隐私文件,大大提高了网络文件系统中隐私文件的隐密性,提高了隐私文件的安全性。In this embodiment, the IP address of the terminal is verified, and the IP address is associated with the privacy directory and the privacy file, so that only the terminal with the same IP address saved by the server can view the privacy directory corresponding to the terminal IP address, and pass the The privacy directory accesses the corresponding privacy file, and the terminal different from the IP address saved by the server cannot view the privacy directory and access the privacy file, and the terminal cannot view the privacy directory and the privacy file that do not correspond to the terminal IP address, which greatly improves the access. The privacy of private files in the network file system improves the security of private files.
需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。It is to be understood that the term "comprises", "comprising", or any other variants thereof, is intended to encompass a non-exclusive inclusion, such that a process, method, article, or device comprising a series of elements includes those elements. It also includes other elements that are not explicitly listed, or elements that are inherent to such a process, method, article, or device. An element that is defined by the phrase "comprising a ..." does not exclude the presence of additional equivalent elements in the process, method, item, or device that comprises the element.
上述本发明实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the embodiments of the present invention are merely for the description, and do not represent the advantages and disadvantages of the embodiments.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述 实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对相关技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本发明各个实施例所述的方法。Those skilled in the art can clearly understand the above by the description of the above embodiments. The embodiment method can be implemented by means of software plus a necessary general hardware platform, of course, also through hardware, but in many cases the former is a better implementation. Based on such understanding, the technical solution of the present invention in essence or the contribution to the related art can be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, CD-ROM). The instructions include a number of instructions for causing a terminal device (which may be a cell phone, computer, server, air conditioner, or network device, etc.) to perform the methods described in various embodiments of the present invention.
本领域普通技术人员可以理解上述实施例的全部或部分步骤可以使用计算机程序流程来实现,所述计算机程序可以存储于一计算机可读存储介质中,所述计算机程序在相应的硬件平台上(如系统、设备、装置、器件等)执行,在执行时,包括方法实施例的步骤之一或其组合。One of ordinary skill in the art will appreciate that all or a portion of the steps of the above-described embodiments can be implemented using a computer program flow, which can be stored in a computer readable storage medium, such as on a corresponding hardware platform (eg, The system, device, device, device, etc. are executed, and when executed, include one or a combination of the steps of the method embodiments.
可选地,上述实施例的全部或部分步骤也可以使用集成电路来实现,这些步骤可以被分别制作成一个个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。Alternatively, all or part of the steps of the above embodiments may also be implemented by using an integrated circuit. These steps may be separately fabricated into individual integrated circuit modules, or multiple modules or steps may be fabricated into a single integrated circuit module. achieve.
上述实施例中的装置/功能模块/功能单元可以采用通用的计算装置来实现,它们可以集中在单个的计算装置上,也可以分布在多个计算装置所组成的网络上。The devices/function modules/functional units in the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
上述实施例中的装置/功能模块/功能单元以软件功能模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。上述提到的计算机可读取存储介质可以是只读存储器,磁盘或光盘等。When the device/function module/functional unit in the above embodiment is implemented in the form of a software function module and sold or used as a stand-alone product, it can be stored in a computer readable storage medium. The above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
工业实用性Industrial applicability
本发明实施例的方案,通过对终端的IP地址进行验证,并将IP地址与隐私目录及隐私文件对应起来,使得只有与服务器保存的IP地址相同的终端能够查看该终端IP地址对应的隐私目录,以及与该隐私目录访问对应的隐私文件,与服务器保存的IP地址不同的终端无法查看该隐私目录并访问该隐私文件,且终端无法查看访问与该终端IP地址不对应的隐私目录及隐私文件,大大提高了网络文件系统中隐私文件的隐密性,提高了隐私文件的安全性。 In the solution of the embodiment of the present invention, the IP address of the terminal is verified, and the IP address is associated with the privacy directory and the privacy file, so that only the terminal with the same IP address saved by the server can view the privacy directory corresponding to the IP address of the terminal. And the privacy file corresponding to the privacy directory access, the terminal different from the IP address saved by the server cannot view the privacy directory and access the privacy file, and the terminal cannot view the privacy directory and the privacy file that do not correspond to the terminal IP address. , greatly improving the privacy of the privacy file in the network file system and improving the security of the privacy file.

Claims (11)

  1. 一种网络文件访问控制方法,所述网络文件访问控制方法包括:A network file access control method, the network file access control method includes:
    在接收到终端的隐私文件访问请求时,获取所述终端的IP地址;Obtaining an IP address of the terminal when receiving a privacy file access request of the terminal;
    将所述终端的IP地址与服务器保存的IP地址进行比对;Comparing the IP address of the terminal with the IP address saved by the server;
    如果所述终端的IP地址与所述服务器保存的IP地址相同,则将所述终端的IP地址对应的隐私目录发送至所述终端。If the IP address of the terminal is the same as the IP address saved by the server, the privacy directory corresponding to the IP address of the terminal is sent to the terminal.
  2. 如权利要求1所述的网络文件访问控制方法,其中,所述方法还包括:The network file access control method according to claim 1, wherein the method further comprises:
    在获取所述终端的IP地址之前,在接收到所述终端的隐私文件验证请求时,对所述终端进行隐私口令验证;Before obtaining the IP address of the terminal, when receiving the privacy file verification request of the terminal, performing privacy password verification on the terminal;
    在所述终端的隐私口令验证通过时,获取所述终端输入的隐私口令对应的隐私目录;Obtaining a privacy directory corresponding to the privacy password input by the terminal when the password verification of the terminal is passed;
    将所获取的隐私目录作为所述终端的IP地址对应的隐私目录,并将所述终端的IP地址及所述终端的IP地址对应的隐私目录保存至服务器。The obtained privacy directory is used as a privacy directory corresponding to the IP address of the terminal, and the IP address corresponding to the terminal and the privacy directory corresponding to the IP address of the terminal are saved to the server.
  3. 如权利要求2所述的网络文件访问控制方法,其中,所述在接收到所述终端的隐私文件验证请求时,对所述终端进行隐私口令验证包括:The network file access control method according to claim 2, wherein the performing the privacy password verification on the terminal when receiving the privacy file verification request of the terminal comprises:
    在接收到所述终端的隐私文件验证请求时,接收所述终端输入的隐私口令;Receiving a privacy password input by the terminal when receiving the privacy file verification request of the terminal;
    将所述终端输入的隐私口令与所述服务器保存的隐私口令进行匹配;Matching the privacy password entered by the terminal with the privacy password saved by the server;
    如果所述终端输入的隐私口令与所述服务器保存的隐私口令相同,则确定所述终端的隐私口令验证通过。If the privacy password entered by the terminal is the same as the privacy password saved by the server, it is determined that the terminal's private password verification is passed.
  4. 如权利要求2所述的网络文件访问控制方法,所述方法还包括:The network file access control method of claim 2, the method further comprising:
    在接收到所述终端的隐私文件验证请求,对所述终端进行隐私口令验证之前,在接收到所述终端的隐私文件创建请求时,创建隐私目录及对应的隐私文件;Before receiving the privacy file verification request of the terminal, before performing the privacy password verification on the terminal, when receiving the privacy file creation request of the terminal, creating a privacy directory and a corresponding privacy file;
    接收所述终端输入的隐私口令;Receiving a privacy password input by the terminal;
    将所接收到的隐私口令作为所创建的隐私目录对应的隐私口令并保存在所创建的隐私文件中。The received privacy password is used as the privacy password corresponding to the created privacy directory and saved in the created privacy file.
  5. 如权利要求1至4任一项所述的网络文件访问控制方法,所述方法还包括:The network file access control method according to any one of claims 1 to 4, further comprising:
    如果所述终端的IP地址与所述服务器保存的IP地址相同,在将所述终 端的IP地址对应的隐私目录发送至所述终端之前,在接收到终端的隐私文件删除请求时,接收所述终端输入的隐私口令;If the IP address of the terminal is the same as the IP address saved by the server, Before receiving the privacy file deletion request of the terminal, the privacy directory corresponding to the IP address of the terminal is received by the terminal, and receiving the privacy password input by the terminal;
    将所述终端输入的隐私口令与所述服务器保存的隐私口令进行匹配;Matching the privacy password entered by the terminal with the privacy password saved by the server;
    如果所述终端输入的隐私口令与所述服务器保存的隐私口令相同,则删除所述服务器保存的隐私口令对应的隐私目录及隐私文件。If the privacy password input by the terminal is the same as the privacy password saved by the server, the privacy directory and the privacy file corresponding to the privacy password saved by the server are deleted.
  6. 一种网络文件访问控制装置,所述网络文件访问控制装置包括:A network file access control device, the network file access control device comprising:
    获取模块,设置为在接收到终端的隐私文件访问请求时,获取所述终端的IP地址;Obtaining a module, configured to acquire an IP address of the terminal when receiving a privacy file access request of the terminal;
    比对模块,设置为将所述终端的IP地址与服务器保存的IP地址进行比对;The comparison module is configured to compare the IP address of the terminal with an IP address saved by the server;
    发送模块,设置为如果所述终端的IP地址与所述服务器保存的IP地址相同,则将所述终端的IP地址对应的隐私目录发送至所述终端。The sending module is configured to send the privacy directory corresponding to the IP address of the terminal to the terminal if the IP address of the terminal is the same as the IP address saved by the server.
  7. 如权利要求1所述的网络文件访问控制装置,其中,所述网络文件访问控制装置还包括验证模块及存储模块;The network file access control device according to claim 1, wherein the network file access control device further comprises a verification module and a storage module;
    所述验证模块,设置为在获取所述终端的IP地址之前,在接收到所述终端的隐私文件验证请求时,对所述终端进行隐私口令验证;The verification module is configured to perform a privacy password verification on the terminal when receiving the privacy file verification request of the terminal before acquiring the IP address of the terminal;
    所述获取模块,还设置为在所述终端的隐私口令验证通过时,获取所述终端输入的隐私口令对应的隐私目录;The obtaining module is further configured to: when the password verification of the terminal passes, obtain a privacy directory corresponding to the privacy password input by the terminal;
    所述存储模块,设置为将所获取的隐私目录作为所述终端的IP地址对应的隐私目录,并将所述终端的IP地址及所述终端的IP地址对应的隐私目录保存至服务器。The storage module is configured to use the acquired privacy directory as a privacy directory corresponding to the IP address of the terminal, and save the IP address of the terminal and the privacy directory corresponding to the IP address of the terminal to the server.
  8. 如权利要求7所述的网络文件访问控制装置,其中,所述验证模块包括接收单元、匹配单元及确定单元;The network file access control device according to claim 7, wherein the verification module comprises a receiving unit, a matching unit, and a determining unit;
    所述接收单元,设置为在接收到所述终端的隐私文件验证请求时,接收所述终端输入的隐私口令;The receiving unit is configured to receive a privacy password input by the terminal when receiving the privacy file verification request of the terminal;
    所述匹配单元,设置为将所述终端输入的隐私口令与所述服务器保存的隐私口令进行匹配;The matching unit is configured to match a privacy password input by the terminal with a privacy password saved by the server;
    所述确定单元,设置为如果所述终端输入的隐私口令与所述服务器保存的隐私口令相同,则确定所述终端的隐私口令验证通过。The determining unit is configured to determine that the privacy password verification of the terminal passes if the privacy password input by the terminal is the same as the privacy password saved by the server.
  9. 如权利要求7所述的网络文件访问控制装置,所述网络文件访问控制 装置还包括创建模块;The network file access control device according to claim 7, wherein said network file access control The device also includes a creation module;
    所述创建模块,设置为在接收到所述终端的隐私文件验证请求,对所述终端进行隐私口令验证之前,在接收到所述终端的隐私文件创建请求时,创建隐私目录及对应的隐私文件;The creating module is configured to: before receiving the privacy file verification request of the terminal, before performing the privacy password verification on the terminal, create a privacy directory and a corresponding privacy file when receiving the privacy file creation request of the terminal ;
    所述获取模块,还设置为接收所述终端输入的隐私口令;The obtaining module is further configured to receive a privacy password input by the terminal;
    所述存储模块,还设置为将所接收到的隐私口令作为所创建的隐私目录对应的隐私口令并保存在所创建的隐私文件中。The storage module is further configured to use the received privacy password as a privacy password corresponding to the created privacy directory and save the created privacy file.
  10. 如权利要求6至9任一项所述的网络文件访问控制装置,所述网络文件访问控制装置还包括删除模块;The network file access control device according to any one of claims 6 to 9, wherein the network file access control device further comprises a deletion module;
    所述获取模块,还设置为如果所述终端的IP地址与所述服务器保存的IP地址相同,在将所述终端的IP地址对应的隐私目录发送至所述终端之前,在接收到终端的隐私文件删除请求时,接收所述终端输入的隐私口令;The obtaining module is further configured to: if the IP address of the terminal is the same as the IP address saved by the server, before receiving the privacy directory corresponding to the IP address of the terminal to the terminal, receiving the privacy of the terminal Receiving a privacy password entered by the terminal when the file is deleted;
    所述比对模块,还设置为将所述终端输入的隐私口令与所述服务器保存的隐私口令进行匹配;The comparison module is further configured to match a privacy password input by the terminal with a privacy password saved by the server;
    所述删除模块,设置为如果所述终端输入的隐私口令与所述服务器保存的隐私口令相同,则删除所述服务器保存的隐私口令对应的隐私目录及隐私文件。The deleting module is configured to delete the privacy directory and the privacy file corresponding to the privacy password saved by the server if the password entered by the terminal is the same as the privacy password saved by the server.
  11. 一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被处理器执行时实现权利要求1至5任一项所述的网络文件访问控制方法。 A computer readable storage medium storing computer executable instructions that, when executed by a processor, implement the network file access control method of any one of claims 1 to 5.
PCT/CN2016/079924 2015-06-29 2016-04-21 Network file access control method and device WO2017000638A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510368942.X 2015-06-29
CN201510368942.XA CN106331010A (en) 2015-06-29 2015-06-29 Network file access control method and device

Publications (1)

Publication Number Publication Date
WO2017000638A1 true WO2017000638A1 (en) 2017-01-05

Family

ID=57607653

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/079924 WO2017000638A1 (en) 2015-06-29 2016-04-21 Network file access control method and device

Country Status (2)

Country Link
CN (1) CN106331010A (en)
WO (1) WO2017000638A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107800695A (en) * 2017-10-17 2018-03-13 郑州云海信息技术有限公司 File access method, device based on Samba agreements, system
CN108985080A (en) * 2018-06-25 2018-12-11 安徽师范大学 A kind of office docuemts encryption system and its encryption method
CN109299617A (en) * 2018-09-19 2019-02-01 中国农业银行股份有限公司贵州省分行 A kind of file encryption and decryption system
CN109861982A (en) * 2018-12-29 2019-06-07 北京奇安信科技有限公司 A kind of implementation method and device of authentication
CN111404901A (en) * 2020-03-06 2020-07-10 浙江大华技术股份有限公司 Information verification method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436934A (en) * 2008-10-20 2009-05-20 福建星网锐捷网络有限公司 Method, system and equipment for controlling user upper wire
CN102547443A (en) * 2012-01-16 2012-07-04 广州视源电子科技公司 Resource sharing and interaction realizing method of multi-terminal system
CN104380654A (en) * 2012-04-20 2015-02-25 约纳森·布雷克 System and method for controlling privacy settings of user interface with internet applications
US20150135253A1 (en) * 2013-11-08 2015-05-14 U.S. Bancorp, National Association Source request monitoring

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4876734B2 (en) * 2006-06-22 2012-02-15 富士ゼロックス株式会社 Document use management system and method, document management server and program thereof
CN104168277A (en) * 2014-08-15 2014-11-26 小米科技有限责任公司 File security maintaining method and device
CN104573536A (en) * 2015-01-28 2015-04-29 深圳市中兴移动通信有限公司 File protection method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436934A (en) * 2008-10-20 2009-05-20 福建星网锐捷网络有限公司 Method, system and equipment for controlling user upper wire
CN102547443A (en) * 2012-01-16 2012-07-04 广州视源电子科技公司 Resource sharing and interaction realizing method of multi-terminal system
CN104380654A (en) * 2012-04-20 2015-02-25 约纳森·布雷克 System and method for controlling privacy settings of user interface with internet applications
US20150135253A1 (en) * 2013-11-08 2015-05-14 U.S. Bancorp, National Association Source request monitoring

Also Published As

Publication number Publication date
CN106331010A (en) 2017-01-11

Similar Documents

Publication Publication Date Title
US10091127B2 (en) Enrolling a mobile device with an enterprise mobile device management environment
US9660988B2 (en) Identifying protected media files
US10263978B1 (en) Multifactor authentication for programmatic interfaces
US9842201B2 (en) Privacy preserving electronic document signature service
US9961053B2 (en) Detecting compromised credentials
US8914632B1 (en) Use of access control lists in the automated management of encryption keys
WO2017000638A1 (en) Network file access control method and device
US8489889B1 (en) Method and apparatus for restricting access to encrypted data
US10083311B2 (en) Cryptographic key
US10084789B2 (en) Peer to peer enterprise file sharing
US10127317B2 (en) Private cloud API
WO2017143879A1 (en) File permission management method and device
TWI725709B (en) Data storage method, device and equipment
US9906364B2 (en) Secure password management systems, methods and apparatuses
US8972732B2 (en) Offline data access using trusted hardware
WO2015096597A1 (en) Method and device for browsing document by multiple devices
US9509509B2 (en) Random identifier generation for offline database
US20140136807A1 (en) Method and system for secure access to data files copied onto a second storage device from a first storage device
TW201335777A (en) Distributed data storing and accessing system and method
JP5399268B2 (en) Access to documents with encrypted control
US9430625B1 (en) Method and system for voice match based data access authorization
WO2014153982A1 (en) Methods and systems for broadcasting pictures
US9363274B2 (en) Methods and systems for broadcasting pictures
US9319410B1 (en) Electronic shared-document repository
KR102005534B1 (en) Smart device based remote access control and multi factor authentication system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16817002

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16817002

Country of ref document: EP

Kind code of ref document: A1