WO2017028517A1 - Procédé de gestion de fichier de données en nuage, point de gestion en nuage et système - Google Patents

Procédé de gestion de fichier de données en nuage, point de gestion en nuage et système Download PDF

Info

Publication number
WO2017028517A1
WO2017028517A1 PCT/CN2016/074317 CN2016074317W WO2017028517A1 WO 2017028517 A1 WO2017028517 A1 WO 2017028517A1 CN 2016074317 W CN2016074317 W CN 2016074317W WO 2017028517 A1 WO2017028517 A1 WO 2017028517A1
Authority
WO
WIPO (PCT)
Prior art keywords
file
server
data file
hash value
protection policy
Prior art date
Application number
PCT/CN2016/074317
Other languages
English (en)
Chinese (zh)
Inventor
翟征德
申宇
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2017028517A1 publication Critical patent/WO2017028517A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method for managing data files in a cloud, a cloud management point, and a system.
  • the cloud With the development of cloud computing technology, a large number of data files containing personally identifiable data (PII) are stored in the cloud system (referred to as the cloud). For the purpose of ensuring the user's data file availability, the cloud system usually copies the user's data file to generate multiple copies of the file, and saves the generated multiple copies of the file to different servers or different storage partitions of the same server.
  • PII personally identifiable data
  • ACL Access Control List
  • ACL does not copy at the same time as the data file is copied, and multiple copies of the data file can not be protected by the same access policy of the source data file.
  • ACL does not copy at the same time as the data file is copied, and multiple copies of the data file can not be protected by the same access policy of the source data file.
  • the source data file F is initially stored on a server of the data center A and is readable only to the user U, and when the source data file F is copied to a server of the data center B, it is stored in the data center after being copied.
  • the copy file E on a server of B loses the protection of the access policy of the source data file F, and the unauthorized user V can also access the data in the copy file E, thereby causing data leakage of the source data file F.
  • the present invention provides a method for managing data files in a cloud, a cloud management point, and a system to solve the problem of data leakage in the prior art.
  • the technical solutions are as follows:
  • a first aspect of the present invention discloses a method for managing a data file in a cloud, the method comprising:
  • the first server calculates a file identifier of the current data file to be processed, and sends the file identifier to the cloud management point, so that the cloud management point searches for a file protection policy of the data file according to the file identifier;
  • the first server processes the current data file to be processed.
  • the file identifier is a file hash hash value
  • the file protection policy includes file flow range restriction information
  • the method further includes:
  • the first server acquires an execution action of the first server on the data file
  • the first server calculating the file identifier of the current data file to be processed includes: the first server calculating a file Hash of the current data file to be copied value;
  • the method further includes:
  • the second server calculates a file hash value of the copied data file
  • the cloud management point searches for a file protection policy including the file hash value of the copied data file according to the file hash value of the copied data file, and further according to the second service
  • the address information of the server updates the file location list information in the file protection policy including the file hash value of the copied data file; the file location list information includes location information stored in the data file.
  • the file identifier is a file hash value
  • the file protection policy includes file access restriction permission information
  • the method further includes:
  • the first server acquires an execution action of the first server on the data file
  • the first server calculates the file identifier of the current data file to be processed, including: the first server calculates a file Hash of the current data file to be accessed. value;
  • the address information of the file
  • the file identifier is a file hash hash value
  • the file protection policy includes file access restriction permission information
  • the method further includes:
  • the first server acquires an execution action of the first server on the data file
  • the first server calculates a file identifier of the current data file to be processed, including: the first server calculates a file hash value of the current data file to be modified. ;
  • the method when the current data file to be modified is allowed to be modified by the first server, the first server After the content of the current data file to be modified is modified, the method further includes:
  • the first server calculates a file hash value of the modified data file
  • the first server sends a file hash update message to the cloud management point, where the file hash update message includes a file hash value of the current data file to be modified and a file hash value of the modified data file, to And causing the cloud management point to associate the file hash value of the current data file to be modified and the file hash value of the modified data file to the same file protection policy according to the file hash value update message.
  • a second aspect of the present invention discloses another method for managing data files in a cloud, which is applied to a cloud management point, where the cloud management points are communicatively connected to different servers, and the cloud management points are stored with different data files.
  • File protection policy includes:
  • the cloud management point searches for a file protection policy including the file identifier according to the file identifier;
  • the cloud management point sends the file protection policy to the first server, so that the first server determines, according to the file protection policy, whether the processing action to be performed by the first server is allowed to be executed.
  • the file identifier is a file hash hash value
  • the method further includes:
  • the cloud management point searches for a file protection policy including a file hash value of the copied data file according to a file hash value of the copied data file;
  • the cloud management point updates the file location list information in the file protection policy including the file hash value of the copied data file according to the address information of the second server; the file location list information includes data file storage Location information.
  • the second possible implementation manner of the second aspect further includes:
  • the cloud management point searches for a file protection policy including a file hash value of the data file to be deleted according to the file hash value of the data file to be deleted;
  • the file identifier is a file hash hash value
  • the method further includes:
  • a file hash update message sent by the first server receives, by the cloud management point, a file hash update message sent by the first server, where the file hash update message includes a file hash value of the data file before modification and a file hash value of the modified data file;
  • cloud management point associates the file hash value of the data file before the modification with the file hash value of the modified data file to the same file protection policy according to the file hash update message.
  • the cloud management point updates the message according to the file hash value, and the data file before the modification
  • the file hash value and the file hash value of the modified data file are associated with the same file protection policy including:
  • the cloud management point searches for a file protection policy including the file hash value of the data file before the modification according to the file hash value of the data file before the modification and the file hash value of the modified data file, respectively, and includes a file protection policy of the file hash value of the modified data file;
  • a file hash value of another data file is added to the hash value field in the at least one file protection policy.
  • a third aspect of the invention discloses a server comprising:
  • a first calculating unit configured to calculate a file identifier of the current data file to be processed
  • a file identifier sending unit configured to send the file identifier to a cloud management point, so that the cloud management point searches for a file protection policy of the data file according to the file identifier;
  • a file protection policy receiving unit configured to receive the file protection policy returned by the cloud management point
  • a determining unit configured to determine, according to the file protection policy, whether the data file allows the server to perform processing
  • the processing unit is configured to process the current data file to be processed when the determining unit determines that the data file allows the server to perform processing.
  • the file identifier is a file hash hash value
  • the file protection policy includes file flow range restriction information
  • the server further includes:
  • a first execution action obtaining unit configured to acquire an execution action of the server on the data file
  • the first calculating unit is configured to: when the execution action acquired by the first execution action acquiring unit is to copy the data file to the second server, calculate a file hash value of the current data file to be copied;
  • the determining unit is configured to determine, according to the file flow range limitation information in the file protection policy, whether the current data file to be copied is allowed to be copied to the second server, where the file flow range limitation information includes Allows the scope of data file replication to flow.
  • the file identifier is a file hash value
  • the file protection policy includes file access restriction permission information
  • the server further includes:
  • a second execution action obtaining unit configured to acquire an execution action of the server on the data file
  • the first calculating unit is specifically configured to: when the execution action acquired by the second execution action acquiring unit is to allow the third server to access the data file, calculate a file hash value of the data file to be accessed currently;
  • the determining unit is configured to determine, according to the file access restriction permission information in the file protection policy, whether the current to-be-accessed data file is allowed to be accessed by the third server, where the file access restriction permission information includes Allow access to the address information of the data file.
  • the file identifier is a file hash hash value
  • the file protection policy includes file access restriction permission information
  • the server further includes:
  • a third execution action obtaining unit configured to acquire an execution action of the server on the data file
  • the first calculating unit is specifically configured to: when the execution action acquired by the third execution action acquiring unit is to modify the content of the data file, the file hash value of the data file to be modified currently;
  • the determining unit is configured to determine, according to the file access restriction permission information in the file protection policy, whether the current data file to be modified is allowed to be modified by the first server, where the file access restriction permission information includes Access to data files.
  • the method further includes:
  • a second calculating unit configured to calculate a file hash value of the modified data file
  • An update message sending unit configured to send a file hash update message to the cloud management point, where the file hash update message includes a file hash value of the current data file to be modified and a file hash value of the modified data file So that the cloud management point updates the message according to the file hash value, and associates the file hash value of the current data file to be modified with the file hash value of the modified data file to the same file protection policy.
  • a fourth aspect of the present invention discloses a cloud management point, where the cloud management point is in communication with a different server, and the cloud management point stores a file protection policy for different data files; the cloud management point includes:
  • a first receiving unit configured to receive a file identifier sent by the first server
  • a first searching unit configured to search for a file protection policy including the file identifier according to the file identifier
  • a first sending unit configured to send the file protection policy to the first server, so that The first server determines, according to the file protection policy, whether a corresponding processing action to be performed by the first server is allowed to be executed.
  • the file identifier is a file hash hash value
  • the cloud management point further includes:
  • a second receiving unit configured to receive a file location update message sent by the second server, where the file location update message includes a file hash value of the copied data file and address information of the second server;
  • a second searching unit configured to search, according to the file hash value of the copied data file, a file protection policy that includes a file hash value of the copied data file;
  • an updating unit configured to update, according to address information of the second server, file location list information in a file protection policy that includes a file hash value of the copied data file; the file location list information includes data file storage Location information.
  • the method further includes:
  • a third receiving unit configured to receive a file hash value of the data file to be deleted sent by the first server
  • a third search unit configured to search for a file protection policy including a file hash value of the data file to be deleted according to the file hash value of the data file to be deleted;
  • An information obtaining unit configured to acquire file location list information of a data file to be deleted from a file protection policy of a file hash value of the data file to be deleted;
  • a second sending unit configured to send, according to the file location list information of the data file to be deleted, a deletion message to each server in the file location list information of the data file to be deleted, so that the servers are The delete message deletes the data file to be deleted.
  • the file identifier refers to a file hash hash value
  • the cloud management point further includes:
  • a fourth receiving unit configured to receive a file hash update message sent by the first server, where the file hash update message includes a file hash value of the data file before the modification and a file hash value of the modified data file;
  • a Hash value update unit configured to update the message according to the file hash value, and the number before the modification
  • the file hash value of the file and the file hash value of the modified data file are associated with the same file protection policy.
  • the Hash value update unit includes:
  • a first search subunit configured to search, according to the file hash value of the data file before the modification, a file protection policy including a file hash value of the data file before the modification;
  • a second search subunit configured to search, according to the file hash value of the modified data file, a file protection policy including a file hash value of the modified data file;
  • a hash value adding subunit configured to add a file hash value of another data file to the first lookup subunit and/or the second lookup subunit when it finds that at least one file protection policy exists At least one file protection policy in the hash value field.
  • a fifth aspect of the invention discloses a cloud system comprising a client, a server as described above, and a cloud management point as described above.
  • the first server first calculates a file identifier of the current data file to be processed before performing corresponding processing on the current data file to be processed, and further And receiving, by the file protection policy, a file protection policy corresponding to the file identifier returned by the cloud management point, determining, according to the file protection policy, whether the current data file to be processed is allowed to perform corresponding processing, and if allowed, the first server is further configured to the current data to be processed.
  • the file is processed accordingly.
  • the invention uses the same file protection policy as the source data file in the multiple copy files generated by the source data file, so that the unauthorized users in the prior art are also protected by the file protection policy when accessing the copy file. To prevent data leakage.
  • FIG. 1 is a flowchart of a method for managing a data file in a cloud according to the present invention
  • FIG. 2 is another flow chart of a method for managing data files in the cloud according to the present invention.
  • FIG. 3 is still another flowchart of a method for managing data files in a cloud according to the present invention.
  • FIG. 4 is still another flowchart of a method for managing data files in a cloud according to the present invention.
  • FIG. 5 is still another flowchart of a method for managing data files in a cloud according to the present invention.
  • FIG. 6 is still another flowchart of a method for managing data files in a cloud according to the present invention.
  • FIG. 7 is still another flowchart of a method for managing data files in a cloud according to the present invention.
  • FIG. 8 is a schematic structural diagram of a server according to the present invention.
  • FIG. 9 is a schematic structural diagram of a cloud management point according to the present invention.
  • FIG. 10 is a schematic structural diagram of another server according to the present invention.
  • FIG. 11 is another schematic structural diagram of a cloud management point according to the present invention.
  • FIG. 12 is a schematic structural diagram of a cloud system according to the present invention.
  • the application scenario of the present invention is a cloud system, which includes a client, a server, and a cloud management point.
  • Cloud systems are also commonly referred to as clouds, or cloud data centers.
  • the data file is stored in the server, and the data file may be a source data file or a copy file.
  • the cloud management point stores a file protection policy for the source data file and the copy file.
  • the server in the present invention needs to view a file protection policy corresponding to a certain data file stored in the cloud management point, only when the file protection policy is recorded.
  • the content allows the server to perform operations on such a data file, such as copying, accessing, modifying, etc., the server can continue to perform subsequent operations.
  • the present invention firstly requires the client, the server, and the cloud management point to cooperate in advance to complete the setting of the data file, and the method includes:
  • step 001 the client sends the data file to the server.
  • step 002 the server receives the data file and saves it.
  • Step 003 the server calculates a file hash value of the data file, and the file is hashed The value and address information of the server are sent to the cloud management point.
  • step 004 the cloud management point receives and saves the file hash value and the address information of the server.
  • Step 005 The client sets a file protection policy of the data file on the cloud management point, where the file protection policy includes a file hash value and address information of the server.
  • the present invention uses a file hash value as an identification of a data file to mark different data files. If the contents of the data file are consistent, the file hash value obtained by calculating the contents of the same data file using the same hash algorithm is also the same. Therefore, the present invention can determine that the contents of the two data files are the same as long as the file hash values of the two data files are the same, that is, the two data files are determined to be derived (that is, one is a source data file, and one is a copy file). , or both are duplicate files). At the same time, multiple data files with the same hash value in the present invention will correspond to the same file protection policy on the cloud management point, and are protected by the file protection policy.
  • the file protection policy in the present invention may include file access restriction permission information, file circulation range restriction information, file location list information, and file hash value.
  • the file access restriction permission information includes address information and access rights that allow access to the data file;
  • the file flow range restriction information includes a range that allows the data file to be copied, and
  • the file location list information includes location information of the data file.
  • Hash 123A indicates that the data file has a hash value of 123A; Acess:Li, 10.11.*.* indicates that the user Li and the server whose server address range is 10.11.*.* can access the data file, where Li Read indicates that user Li reads the data file; Restrictions: Germany indicates that the data file can be streamed in servers and data centers in Germany; Locations: A indicates that the data file is stored on server A.
  • the method includes:
  • Step 101 The first server calculates a file identifier of the current data file to be processed, and sends the file identifier to the cloud management point, so that the cloud management point searches for the file according to the file identifier.
  • File protection policy for data files
  • the file identifier is specifically a file hash value.
  • the first server when the first server receives an operation instruction sent by the client, where the operation instruction includes performing a copy, access, or modify control instruction on the data file A, the first server first calculates the data file. A file identifier and send the file ID to the cloud management point. At this time, the cloud management point searches for the file protection policy a including the file identifier according to the file identifier, and returns the file protection policy a to the first server.
  • Step 102 The first server receives the file protection policy returned by the cloud management point.
  • Step 103 The first server determines, according to the file protection policy, whether the current data file to be processed allows the first server to perform processing. If so, step 104 is performed, and if not, step 105 is performed.
  • Step 104 The first server processes the current data file to be processed.
  • step 105 the first server rejects the processing.
  • step 105 may further include the step 106: the first server returns a reject message to the client, to notify the client that the first server does not allow the client to perform the operation requested by the client.
  • the first server before performing the corresponding processing on the data file to be processed, the first server first calculates the file identifier of the current data file to be processed, and then receives the returned by the cloud management point.
  • the file protection policy corresponding to the file identifier determines whether the current data file to be processed is allowed to perform corresponding processing according to the file protection policy. If allowed, the first server performs corresponding processing on the current data file to be processed.
  • the invention uses the same file protection policy as the source data file in the multiple copy files generated by the source data file, so that the unauthorized users in the prior art are also protected by the file protection policy when accessing the copy file. To prevent data leakage.
  • the method is as shown in FIG. 2, including:
  • Step 201 The first server acquires an action performed by the first server on the data file.
  • Step 202 When the performing action is to copy the data file to the second server, the first server calculates a file hash value of the current data file to be copied.
  • the first server when the client initiates the copying of the data file A to be copied on the first server 10.11.1.2 to the second server 10.11.2.2 to the first server 10.11.1.2, the first server first calculates the current to be copied.
  • the file Hash value of data file A is 123A.
  • Step 203 The first server sends the file hash value to the cloud management point.
  • the cloud management point After receiving the file hash value 123A, the cloud management point searches for the file protection policy a including the file hash value 123A, and returns the file protection policy a to the first server 10.11.1.2.
  • Step 204 The first server determines, according to the file distribution range restriction information in the file protection policy, whether the current data file to be copied is allowed to be copied to the second server. If so, step 205 is performed, and if not, step 206 is performed.
  • Step 205 The first server copies the current data file to be copied to the second server.
  • Step 206 The first server refuses to copy the current data file to be copied to the second server.
  • the file circulation range restriction information includes a range in which the data file copy is allowed to flow. Assuming that the current file circulation range restriction information is restrictions: Germany, the first server 10.11.1.2 determines whether the second server 10.11.2.2 belongs to the address range of Germany. If yes, go to step 205, the first server 10.11.1.2 copies the data file A to the second server 10.11.2.2, if not, proceeds to step 206, the first server 10.11.1.2 rejects the data file to be copied. A is copied to the second server 10.11.2.2.
  • the method may further include the step 207: the first server returns a confirmation message to the client.
  • the method may further include step 208: the first server returns to the client. A rejection message tells the client that the copy operation is not allowed.
  • the method may further include:
  • Step 209 The second server calculates a file hash value of the copied data file.
  • the second server calculates the file hash value of the data file A.
  • Step 210 The second server sends a file location update message to the cloud management point, where the file location update message includes a file hash value of the copied data file and address information of the second server, so that the The cloud management point searches for a file protection policy including the file hash value of the copied data file according to the file hash value of the copied data file, and further updates the information according to the address information of the second server.
  • File location list information in a file protection policy of a file hash value of the copied data file the file location list information includes location information stored in the data file.
  • the second server in the present invention actively calculates the file hash value of the data file A, and sends the file hash value of the data file A together with the address information of the second server to the cloud management point.
  • the address information of the second server may be the IP address information of the second server or the like.
  • the cloud management point After receiving the file hash value of the data file A and the address information of the second server, the cloud management point finds the file protection policy a including the file hash value 123A according to the file hash value 123A of the data file A, and in the file protection policy.
  • the address information of the second server is added to the Locations field of the file location list information in a.
  • the method is as shown in FIG. 3, including:
  • Step 301 The first server acquires an action performed by the first server on the data file.
  • Step 302 When the performing action is that the third server is allowed to access the data file, the first server calculates a file hash value of the data file to be accessed currently.
  • the third server actively initiates access request information to the first server, where the access request information includes the address information of the third server and the current data file to be accessed.
  • the access request information when the third server 10.17.3.4 sends the access request information to the first server 10.11.1.2, the access request information includes the address information 10.17.3.4 of the third server and the current to be accessed.
  • the first server 10.11.1.2 also calculates the file hash value of the data file B currently to be accessed. For example, the file Hash value of data file B is 234B.
  • Step 303 The first server sends the file hash value to the cloud management point.
  • the cloud management point After receiving the file hash value 234B, the cloud management point searches for the file protection policy b including the file hash value 234B, and returns the file protection policy b to the first server 10.11.1.2.
  • Step 304 The first server determines, according to the file access restriction permission information in the file protection policy, whether the current data file to be accessed is allowed to be accessed by the third server. If so, step 305 is performed, and if not, step 306 is performed.
  • step 305 the first server allows the third server to access the data file.
  • Step 306 the first server rejects the third server to access the data file.
  • the file access restriction permission information includes address information that allows access to the data file. Assuming that the current file access restriction permission information is Acess:Li, 10.11.*.*, the first server 10.11.1.2 determines whether the third server 10.17.3.4 belongs to the range of Li or 10.11.*.*. If yes, step 305 is performed, the first server 10.11.1.2 allows the third server 10.17.3.4 to access the data file B, and if not, executes step 306, the first server 10.11.1.2 rejects the third server 10.17.3.4 access data File B.
  • the third server 10.17.3.4 does not belong to the range of Li or 10.11.*.*, so the first server 10.11.1.2 rejects the third server 10.17.3.4 to access the data file B.
  • the method may further include the step 307: the first server returns a reject message to the third server. , telling the third server that the access operation is not allowed.
  • the content of a data file (which may be a source data file or a copy file) may be modified.
  • the content of the data file before the modification is the height parameter of the recorded user Jack, for example, the height is 174 cm
  • the subsequent content may involve adding the weight parameter of the user Jack, for example, the weight is 120KG.
  • the modified data file is a new data file derived from the data file before the modification
  • the modified data file should also be subjected to the same file protection policy as the data file before the modification, and will be modified before
  • the data file and the modified data file are associated with the same file protection policy. Based on this, as the first service in the present invention
  • the method is as shown in FIG. 4, including:
  • Step 401 The first server acquires an action performed by the first server on the data file.
  • Step 402 When the performing action is to modify the content of the data file, the first server calculates a file hash value of the current data file to be modified.
  • the first server when the client wants to modify a certain data file C on the first server, that is, when the first server wants to modify the content of the data file C, the first server still calculates the current waiting.
  • the file hash value of the modified data file C For example, the file Hash value of data file C is 345C.
  • Step 403 The first server sends the file hash value to the cloud management point.
  • the cloud management point After receiving the file hash value 345C, the cloud management point searches for the file protection policy c including the file hash value 345C, and returns the file protection policy c to the first server.
  • Step 404 The first server determines, according to the file access restriction permission information in the file protection policy, whether the current data file to be modified is allowed to be modified by the first server. If so, step 405 is performed, and if not, step 408 is performed.
  • Step 405 The first server modifies the content of the current data file to be modified.
  • the file access restriction permission information includes access rights of the data file, and the access rights include read, read, write, and the like. Assuming that the file access restriction permission information in the current file protection policy c is write, then the first server can modify the content of the data file C at this time. If the file access restriction in the file protection policy c allows the information to be read-only, the first server cannot modify the content of the data file C.
  • the present invention further includes:
  • Step 406 The first server calculates a file hash value of the modified data file.
  • the modified data file C is marked as the data file D, and the first server recalculates the file hash value of the data file D.
  • the file Hash value of data file D is 356D.
  • Step 407 The first server sends a file hash update message to the cloud management point, where the file hash update message includes a file hash value of the data file before the modification and a file hash value of the modified data file, to And causing the cloud management point to associate the file hash value of the data file before the modification with the file hash value of the modified data file according to the file hash update message.
  • the file hash update message includes a file hash value of the data file before the modification and a file hash value of the modified data file
  • the first server sends the file hash value 345C of the data file before the modification and the file hash value 356D of the modified data file to the cloud management point.
  • the cloud management point After receiving the file hash value 345C of the data file before the modification and the file hash value 356D of the modified data file, the cloud management point searches for the file protection policy c including the file hash value 345C, and includes the file. Hash value 356D file protection policy d.
  • the cloud management point finds the file protection policy c including the file hash value 345C
  • the file hash value 356D of the modified data file is added in the Hash field of the file protection policy c.
  • the cloud management point finds the file protection policy d including the file hash value 356D
  • the file hash value 345C of the data file before the modification is added in the Hash field of the file protection policy d.
  • the cloud management point finds the file protection policy c including the file hash value 345C and the file protection policy d including the file hash value 356D
  • the modified version is also added in the Hash field of the file protection policy c.
  • the file Hash value 356D of the data file, and the file hash value 345C of the data file before the modification are added in the Hash field of the file protection policy d.
  • the file protection policy c corresponding to the saved on the cloud management point is in the form of:
  • the modified data file D should be subject to the same file protection policy as the original data file C.
  • the first server first needs to calculate the hash value 345C of the data file C before the modification, and modify the data file C to obtain the modified data file D, and calculate the hash value 356D of the modified data file D. Further, the first server simultaneously sends the hash value 345C of the data file C before modification and the hash value 356D of the modified data file D to the cloud management point.
  • the cloud management point searches for the matching file protection policy based on the hash value 345C and the hash value 356D. slightly. When the cloud management point finds that only the file protection policy c including the hash value 345C exists, it is determined that the file protection policy c is a file protection policy for simultaneously protecting the data file C and the data file D. At this time, the cloud management point adds the hash value 356D of the data file D in the Hash field of the file protection policy c. At this time, the file protection policy c is stored in the following manner:
  • this embodiment also includes another application scenario, that is, when the data file C is copied from the first server C to the second server E, and the second server E needs to modify the copy file E, the implementation process of the copy and The implementation of the modification is the same as the previous method. If the foregoing is still taken as an example, the storage mode of the file protection policy c is:
  • the cloud management point also needs to update the location information of the data file in real time.
  • Step 408 The first server does not allow modification of the content of the current data file to be modified.
  • the method may further include the step 408: the first server returns a reject message to the client, to notify The client does not allow this modification.
  • the first server first calculates the file hash value of the current data file to be processed before performing corresponding processing on the current data file to be processed. And receiving a file protection policy corresponding to the file hash value returned by the cloud management point, determining, according to the file protection policy, whether the current to-be-processed data file is allowed to perform corresponding processing, and if allowed, the first server is still waiting for the current process.
  • the processed data files are processed accordingly.
  • the invention uses the same file protection policy as the source data file in the multiple copy files generated by the source data file, so that the unauthorized users in the prior art are also protected by the file protection policy when accessing the copy file. To prevent data leakage.
  • the present invention may also have a case where a data file corresponds to multiple file protection policies.
  • the user defines a plurality of file protection policies corresponding to a certain data file in advance on the cloud management point; or, the data file A corresponds to the file protection policy a on the cloud management point, and the data file B corresponds to the file on the cloud management point. Protection strategy b, and when the content of the data file B is modified, the content of the modified data file B happens to be the same as the content of the data file A, then the file hash value of the modified data file B should be the same as the data file.
  • a file Hash value is the same, then there are two file protection policies a and file protection policies b corresponding to the same file hash value stored on the cloud management point. Then, in the case that the above one data file corresponds to multiple file protection policies, the present invention can still be processed by the same processing method as the above embodiment.
  • the cloud management point finds multiple file protection policies including the file hash value. And sending the multiple file protection policies to the first server together.
  • the first server receives the multiple file protection policies, and then determines, according to each file protection policy, whether the current data file to be processed is allowed to be processed by the first server. If the plurality of file protection policies allow, the first server processes the current data file to be processed; and if at least one of the plurality of file protection policies does not allow the first server to perform processing, the first The server refused to process.
  • the first server when the first server wants to copy the current data file to be copied to the application scenario on the second server, if the first server receives multiple file protections returned by the cloud management point, a policy, and the file distribution range restriction information in the at least one file protection policy of the plurality of file protection policies does not allow the first server to copy the current data file to be copied to the second server, and the first server rejects the current The data file to be copied is copied to the second server.
  • the first server when the first server receives the application scenario of the access request information sent by the third server, if the first server receives multiple file protection policies returned by the cloud management point, the multiple The file access restriction in at least one of the file protection policies allows the third server to access the data file, and the first server denies the third server access to the data file.
  • the first server when the first server wants to modify the current data file to be modified, if the first server receives multiple file protection policies returned by the cloud management point, the multiple The file access restriction in the at least one file protection policy in the file protection policy allows the first server to modify the content of the data file, and the first server cannot modify the content of the current data file to be modified.
  • the present invention further provides a method for managing data files in a cloud, where the method applies a cloud management point, and the cloud management points are connected to different servers, and A file protection policy for different data files is stored on the cloud management point; the method includes, as shown in FIG. 5:
  • Step 501 The cloud management point receives the file identifier sent by the first server.
  • Step 502 The cloud management point searches for a file protection policy including the file identifier according to the file identifier.
  • the file identifier is specifically a file hash value.
  • the cloud management point stores a file protection policy for different data files, where each file protection policy includes a file hash value, and the cloud management point implements file protection including the file hash value according to the file hash value. Strategy.
  • Step 503 The cloud management point sends the file protection policy to the first server, so that the first server determines, according to the file protection policy, whether the processing action to be performed by the first server is allowed to be executed.
  • the first server when the first server wants to perform some processing operation on a certain data file, the first server sends the file identifier of the data file to the cloud management point to the file protection policy of the data file, and then the cloud management Determining, according to the file identifier, a file protection policy including the file identifier, and returning the file protection policy to the first server, so that the first server determines, according to the file protection policy, whether the processing action to be performed by the first server is allowed to be executed. .
  • a plurality of file protection policies including the same file identifier may be stored on the cloud management point.
  • the cloud management point sends the found multiple file protection policies including the file identifier to the first a server, so that the first server determines, according to the multiple file protection policies, whether the processing action to be performed by the first server is allowed to be executed.
  • the first server rejects the processing.
  • the present invention further describes that the file identifier is specifically a file hash value.
  • the method further includes:
  • Step 504 The cloud management point receives the file location update message sent by the second server.
  • the file location update message includes a file hash value of the copied data file and address information of the second server.
  • the second server sends the data file to the cloud management point.
  • a file location update message the file location update message including a file hash value of the copied data file and address information of the second server.
  • Step 505 The cloud management point searches for a file protection policy including a file hash value of the copied data file according to the file hash value of the copied data file.
  • Step 506 The cloud management point updates the file location list information in the file protection policy that includes the file hash value of the copied data file according to the address information of the second server.
  • the file location list information includes location information stored in the data file.
  • the cloud management point records the address information of the server to which the data file is copied, so as to record the location information of the same data file.
  • the present invention records the address information of all data files through the cloud management point, and can clearly know the storage location of each data file.
  • the cloud management point in the present invention may also involve an application scenario for deleting data files.
  • the cloud system when deleting the source data file and the copy file, the cloud system needs to know the storage location of the source data file and all the copy files, and since the cloud system cannot recognize the derivative relationship between the source data file and the copy file, the cloud system also The location of the different copy files of the source data file cannot be known, and it is impossible to uniformly delete all the files, which makes the data file deletion difficult.
  • the present invention since the address information of all the data files recorded in the cloud management point can be clearly Knowing the storage location of each data file, the present invention can easily find the storage location of the data file (including the source data file and the copy file) when deleting the source data file and the copy file, thereby instructing the corresponding server to delete the data file.
  • the specific method is shown in Figure 6, including:
  • Step 601 The cloud management point receives a file hash value of the data file to be deleted sent by the first server.
  • Step 602 The cloud management point searches for a file protection policy including a file hash value of the data file to be deleted according to the file hash value of the data file to be deleted.
  • Step 603 The cloud management point acquires file location list information of the data file to be deleted from the file protection policy of the file hash value of the data file to be deleted.
  • Step 604 The cloud management point sends, according to the file location list information of the data file to be deleted, a deletion message to each server in the file location list information of the data file to be deleted, so that the servers are according to the Delete message deletes the data file to be deleted.
  • the file location list information in the file protection policy is used to record all the storage location information of the data file, and the cloud management point sequentially searches all the servers storing the data file according to the file location list information, and The all servers send a delete message such that all of the servers delete the data file in accordance with the delete message.
  • the cloud management point only needs to find the file protection policy of the data file to be deleted, and searches according to the file location list information in the file protection policy.
  • Each server storing the data file to be deleted is sent to each server to complete the deletion of the data file on each server.
  • the invention realizes the function of uniformly deleting data files, and ensures the thoroughness of data deletion.
  • the cloud management point finds multiple file protection policies including the file hash value of the data file to be deleted, the cloud management point is from the data file to be deleted.
  • the file location list information of the data file to be deleted is sequentially obtained in multiple file protection policies of the file hash value, and then the file location list information in all the file protection policies obtained is collected and combined to obtain the data file to be deleted. Address information for each server.
  • FIG. 7 it also shows another flowchart of a method for managing data files in the cloud provided by the present invention, including:
  • Step 701 The cloud management point receives a file hash update message sent by the first server, where the file hash update message includes a file hash value of the data file before the modification and a file hash value of the modified data file.
  • Step 702 The cloud management point associates the file hash value of the data file before the modification with the file hash value of the modified data file to the same file protection policy according to the file hash update message.
  • the cloud management point searches for a file protection policy including the file hash value of the data file before the modification according to the file hash value of the data file before the modification and the file hash value of the modified data file, respectively.
  • a file protection policy including a file hash value of the modified data file.
  • a file hash value of another data file is added to the hash value field in the at least one file protection policy.
  • the cloud management point searches for the file protection policy a of the file hash value 123A of the data file before the modification according to the file hash value 123A of the data file before the modification, and simultaneously according to the file Hash of the modified data file.
  • the value 134B is to find whether or not the file protection policy b of the file hash value 134B of the data file before the modification is included.
  • the cloud management point finds the file protection policy a according to the file hash value 123A and does not find the file protection policy b including the hash value 134B, the cloud management point adds the hash value 134B to the hash value field in the file protection policy a. , that is, "Hash: 123A, 134B".
  • the cloud management point adds the hash value 123A to the hash in the file protection policy b.
  • the cloud management point adds the hash value 123A to the hash in the file protection policy b.
  • the cloud management point finds both the file protection policy a and the file protection policy b, the cloud management point will still add the hash value 134B to the hash value field in the file protection policy a, that is, "Hash: 123A, 134B".
  • the hash value 123A is added to the hash value field in the file protection policy b, that is, "Hash: 134B, 123A”.
  • the present invention further provides a server, as shown in FIG. 8, comprising: a first computing unit 10, a file identifier sending unit 20, and a file protection policy receiving unit 30. , the determining unit 40 and the processing unit 50. among them,
  • the first calculating unit 10 is configured to calculate a file identifier of the current data file to be processed
  • a file identifier sending unit 20 configured to send the file identifier to a cloud management point, so that the cloud management point searches for a file protection policy of the data file according to the file identifier;
  • the file protection policy receiving unit 30 is configured to receive the file protection policy returned by the cloud management point;
  • the determining unit 40 is configured to determine, according to the file protection policy, whether the data file allows the server to perform processing
  • the processing unit 50 is configured to process the current data file to be processed when the determining unit 40 determines that the data file allows the server to perform processing.
  • the file identifier is a file hash value
  • the file protection policy includes file flow range restriction information.
  • the server further includes: a first execution action obtaining unit 60. among them,
  • a first execution action obtaining unit 60 configured to acquire an execution action of the server on the data file
  • the first calculating unit 10 is specifically configured to: when the execution action acquired by the first execution action acquiring unit 60 is to copy the data file to the second server, calculate a file hash value of the current data file to be copied;
  • the determining unit 40 is configured to determine, according to the file flow range limitation information in the file protection policy, whether the current data file to be copied is allowed to be copied to the second server; wherein the file flow range limitation information Includes a range that allows data file replication to flow.
  • the file identifier refers to a file hash value
  • the file protection policy includes file access restriction permission information
  • the server further includes: a first execution action obtaining unit 70. among them,
  • the second execution action obtaining unit 70 is configured to acquire an execution action of the server on the data file.
  • the first calculating unit 10 is specifically configured to: when the execution action acquired by the second execution action acquiring unit 70 is to allow the third server to access the data file, calculate a file hash value of the data file to be accessed currently;
  • the determining unit 40 is configured to determine, according to the file access restriction permission information in the file protection policy, whether the current to-be-accessed data file is allowed to be accessed by the third server, where the file access restriction permission information is Includes address information that allows access to data files.
  • the file identifier refers to a file hash value
  • the file protection policy includes file access restriction permission information
  • the server further includes: a third execution action obtaining unit 80. among them,
  • the third execution action obtaining unit 80 is configured to acquire an execution action of the server on the data file.
  • the first calculating unit 10 is specifically configured to: when the execution action acquired by the third execution action acquiring unit 80 is to modify the content of the data file, the file hash value of the data file to be modified currently;
  • the determining unit 40 is specifically configured to: determine, according to the file access restriction permission information in the file protection policy, whether the current data file to be modified is allowed to be modified by the first server; wherein the file access restriction permission information Includes access to data files.
  • the invention further includes:
  • a second calculating unit 91 configured to calculate a file hash value of the modified data file
  • the update message sending unit 92 is configured to send a file hash update message to the cloud management point, where the file hash update message includes a file hash value of the current data file to be modified and a file hash of the modified data file.
  • the value is such that the cloud management point updates the message according to the file hash value, and associates the file hash value of the current data file to be modified with the file hash value of the modified data file to the same file protection policy.
  • the present invention further provides a cloud management point, as shown in FIG. 9, the cloud management point is communicatively connected to different servers, and the cloud management point is File protection policies for different data files are stored.
  • the cloud management point includes: a first receiving unit 100, a first searching unit 200, and a first sending unit 300. among them,
  • the first receiving unit 100 is configured to receive a file identifier sent by the first server.
  • the first searching unit 200 is configured to search for a file protection policy including the file identifier according to the file identifier.
  • the first sending unit 300 is configured to send the file protection policy to the first server, so that the first server determines, according to the file protection policy, whether a corresponding processing action to be performed by the first server is allowed. carried out.
  • the file identifier refers to a file hash value
  • the cloud management point further includes:
  • a second receiving unit 400 configured to receive a file location update message sent by the second server, where the file location update message includes a file hash value of the copied data file and address information of the second server;
  • the second searching unit 500 is configured to search, according to the file hash value of the copied data file, a file protection policy that includes a file hash value of the copied data file;
  • the updating unit 600 is configured to update the file location list information in the file protection policy including the file hash value of the copied data file according to the address information of the second server; the file location list information includes a data file Stored location information.
  • it also includes:
  • the third receiving unit 700 is configured to receive a file hash value of the data file to be deleted sent by the first server;
  • the third searching unit 800 is configured to search for a file protection policy including a file hash value of the data file to be deleted according to the file hash value of the data file to be deleted;
  • the information obtaining unit 900 is configured to obtain file location list information of the data file to be deleted from a file protection policy of the file hash value of the data file to be deleted;
  • the second sending unit 1000 is configured to send, according to the file location list information of the data file to be deleted, a deletion message to each server in the file location list information of the data file to be deleted, so that the servers are based on The delete message deletes the data file to be deleted.
  • the file identifier refers to a file hash value
  • the cloud management point further includes:
  • the fourth receiving unit 1100 is configured to receive a file hash update message sent by the first server, where the file hash update message includes a file hash value of the data file before modification and a file hash value of the modified data file;
  • the Hash value updating unit 1200 is configured to associate the file hash value of the data file before the modification and the file hash value of the modified data file to the same file protection policy according to the file hash update message.
  • the hash value update unit 1200 further includes:
  • the first search sub-unit 1201 is configured to search, according to the file hash value of the data file before the modification, a file protection policy that includes a file hash value of the data file before the modification;
  • a second search subunit 1202 configured to search, according to the file hash value of the modified data file, a file protection policy that includes a file hash value of the modified data file;
  • the Hash value adding sub-unit 1203 is configured to add a file hash value of another data file to the first lookup subunit and/or the second lookup subunit when it finds that at least one file protection policy exists The hash value field in at least one file protection policy.
  • the present invention further provides a server, which may be a host server including computing power, or a personal computer PC, or a portable computer or terminal, etc., and the specific embodiment of the present invention is not correct.
  • the specific implementation of the server is limited.
  • FIG. 10 is another schematic structural diagram of a server provided by the present invention. As shown in FIG. 10, the server 10000 includes:
  • a first processor 11100 a first communication interface 11200, a first memory 11300, and a first bus 11400.
  • the first processor 11100, the first communication interface 11200, and the first memory 11300 complete communication with each other through the first bus 11400.
  • the first processor 11100 is configured to execute the first program 11110.
  • the first program 11110 can include program code, the program code including computer operating instructions.
  • the first processor 11100 may be a central processing unit CPU, or an Application Specific Integrated Circuit (ASIC), or one or more integrated circuits configured to implement the embodiments of the present invention.
  • CPU central processing unit
  • ASIC Application Specific Integrated Circuit
  • the first memory 11300 is configured to store the first program 11110.
  • the first memory 11300 may include a high speed RAM memory and may also include a non-volatile memory such as at least one disk memory.
  • the first program 11110 may specifically include: calculating a file identifier of the current data file to be processed, and sending the file identifier to the cloud management point, so that the cloud management point searches for the file of the data file according to the file identifier. Protection strategy;
  • the current data file to be processed is processed.
  • the file identifier refers to a file hash value
  • the file protection policy includes file flow range restriction information
  • the method further includes: acquiring an execution action of the data file by the server; and when the performing action is to copy the data file to the second server, calculating a file hash value of the current data file to be copied;
  • the file circulation range restriction information includes a range of allowing the data file to be copied and transferred.
  • the file identifier refers to a file hash value
  • the file protection policy includes file access restriction permission information
  • the method further includes: acquiring an execution action of the data file by the server; and when the performing action is to allow the third server to access the data file, calculating a file hash value of the current data file to be accessed;
  • the file access restriction permission information includes address information that allows access to the data file.
  • the file identifier refers to a file hash hash value
  • the file protection policy includes file access restriction permission information
  • the method further includes: acquiring an execution action of the data file by the server; and when the performing action is to modify the content of the data file, calculating a file hash value of the current data file to be modified;
  • the method further includes: calculating a file hash value of the modified data file;
  • the file hash value update message including a file hash value of the current data file to be modified and a file hash value of the modified data file, so that the cloud management point updates the message according to the file hash value, and the file of the current data file to be modified is
  • the hash value and the file hash value of the modified data file are associated with the same file protection policy.
  • FIG. 11 is another schematic structural diagram of a cloud management point provided by the present invention. As shown in FIG. 11, the cloud management point 20000 includes:
  • a second processor (processor) 21100 a second communication interface (Communications Interface) 21200, a second memory (memory) 21300, and a second bus 21400.
  • the second processor 21100, the second communication interface 21200, and the second memory 21300 complete communication with each other through the second bus 21400.
  • the second processor 21100 is configured to execute the second program 21110.
  • the second program 21110 can include program code, the program code including computer operating instructions.
  • the second processor 21100 may be a central processing unit CPU, or an Application Specific Integrated Circuit (ASIC), or one or more integrated circuits configured to implement the embodiments of the present invention.
  • CPU central processing unit
  • ASIC Application Specific Integrated Circuit
  • the second memory 21300 is configured to store the second program 21110.
  • the second memory 21300 may include a high speed RAM memory and may also include a non-volatile memory such as at least one disk memory.
  • the second program 21110 may specifically include: receiving a file identifier sent by the first server;
  • the file identifier refers to a file hash value
  • the method further includes receiving a file location update message sent by the second server, where the file location update message includes a file hash value of the copied data file and address information of the second server;
  • Searching for a file protection policy including a file hash value of the copied data file according to the file hash value of the copied data file;
  • the file location list information includes location information stored in the data file.
  • the method further includes receiving a file hash value of the data file to be deleted sent by the first server;
  • Searching for a file protection policy including a file hash value of the data file to be deleted according to the file hash value of the data file to be deleted;
  • the file identifier refers to a file hash value
  • the method further includes receiving a file hash update message sent by the first server, where the file hash update message includes a file hash value of the data file before the modification and a file hash value of the modified data file;
  • the file hash value of the modified data file and the file hash value of the modified data file are associated with the same file protection policy.
  • a file hash value of another data file is added to the hash value field in the at least one file protection policy.
  • the present invention also provides a cloud system, as shown in FIG. 12, including a client, a server, and a cloud management point.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

La présente invention concerne un procédé de gestion d'un fichier de données en nuage, un point de gestion en nuage et un système. Le procédé comprend les étapes suivantes : un premier serveur calcule un identifiant de fichier d'un fichier de données qui est actuellement à traiter, et envoie l'identifiant de fichier à un point de gestion en nuage, afin que le point de gestion en nuage recherche une politique de protection de fichier du fichier de données d'après l'identifiant de fichier ; le premier serveur reçoit la politique de protection de fichier renvoyée par le point de gestion en nuage ; le premier serveur détermine, d'après la politique de protection de fichier, si le fichier de données permet au premier serveur d'exécuter un traitement ; et si c'est le cas, le premier serveur traite le fichier de données actuellement à traiter. Dans la présente invention, plusieurs fichiers dupliqués générés à partir d'un fichier de données source adoptent une politique de protection de fichier qui est la même que celle du fichier de données source et, par conséquent, alors qu'un utilisateur non autorisé de l'art antérieur peut accéder à un fichier dupliqué, l'accès au fichier dupliqué est également protégé par la politique de protection de fichier, ce qui prévient les fuites de données.
PCT/CN2016/074317 2015-08-18 2016-02-23 Procédé de gestion de fichier de données en nuage, point de gestion en nuage et système WO2017028517A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510507065.X 2015-08-18
CN201510507065.XA CN106469281B (zh) 2015-08-18 2015-08-18 一种云中数据文件的管理方法、云管理点和系统

Publications (1)

Publication Number Publication Date
WO2017028517A1 true WO2017028517A1 (fr) 2017-02-23

Family

ID=58051892

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/074317 WO2017028517A1 (fr) 2015-08-18 2016-02-23 Procédé de gestion de fichier de données en nuage, point de gestion en nuage et système

Country Status (2)

Country Link
CN (1) CN106469281B (fr)
WO (1) WO2017028517A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108108633B (zh) * 2017-12-20 2021-07-13 中国科学院深圳先进技术研究院 一种数据文件及其访问方法、装置及设备
CN116701304B (zh) * 2023-07-06 2023-11-03 北京应天海乐科技发展有限公司 用于自助设备的文件管理方法、装置、设备及存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102592103A (zh) * 2011-01-17 2012-07-18 中国电信股份有限公司 文件安全处理方法、设备及系统
CN103209189A (zh) * 2013-04-22 2013-07-17 哈尔滨工业大学深圳研究生院 一种基于分布式文件系统的移动云存储安全访问控制方法
CN103491532A (zh) * 2013-09-24 2014-01-01 北京大学 一种基于Android平台的协作式隐私保护方法及系统
CN103973646A (zh) * 2013-01-31 2014-08-06 中国电信股份有限公司 使用公共云存储服务的方法、客户端装置及系统

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102855419B (zh) * 2012-07-20 2015-09-09 北京亿赛通科技发展有限责任公司 智能终端的数据文件版权保护方法
CN102842002B (zh) * 2012-07-20 2016-04-20 北京亿赛通科技发展有限责任公司 智能终端的数字媒体版权保护方法
CN103793658B (zh) * 2012-10-30 2016-08-31 华耀(中国)科技有限公司 一种基于vpn的离线文件的保护系统及方法
CN104471918B (zh) * 2014-03-24 2017-11-03 华为技术有限公司 文件下载方法、装置和系统

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102592103A (zh) * 2011-01-17 2012-07-18 中国电信股份有限公司 文件安全处理方法、设备及系统
CN103973646A (zh) * 2013-01-31 2014-08-06 中国电信股份有限公司 使用公共云存储服务的方法、客户端装置及系统
CN103209189A (zh) * 2013-04-22 2013-07-17 哈尔滨工业大学深圳研究生院 一种基于分布式文件系统的移动云存储安全访问控制方法
CN103491532A (zh) * 2013-09-24 2014-01-01 北京大学 一种基于Android平台的协作式隐私保护方法及系统

Also Published As

Publication number Publication date
CN106469281A (zh) 2017-03-01
CN106469281B (zh) 2020-01-17

Similar Documents

Publication Publication Date Title
US11334562B2 (en) Blockchain based data management system and method thereof
US20170206353A1 (en) Method and system for preventing malicious alteration of data in computer system
CN108628658B (zh) 一种容器的许可证管理方法及装置
US8745095B2 (en) Systems and methods for scalable object storage
US11151261B2 (en) Blockchain system with severable data and cryptographic proof
WO2018121454A1 (fr) Procédé de gestion d'une liste de contrôle d'accès à un fichier, dispositif associé et système
JP6633059B2 (ja) ファイルの評価評定
WO2014189538A1 (fr) Protection de données pour des entreprises sur des dispositifs informatiques
US11347890B2 (en) Systems and methods for multi-region data center connectivity
WO2020038400A1 (fr) Procédé, dispositif et système de configuration de politique de contrôle d'accès et support d'informations
WO2021115231A1 (fr) Procédé d'authentification et dispositif associé
CN109302448B (zh) 一种数据处理方法及装置
US10248678B2 (en) Enabling placement control for consistent hashing-based object stores
WO2018233051A1 (fr) Procédé et dispositif de diffusion de données, et serveur et support de stockage
JP6712922B2 (ja) データ漏洩防止システム及びデータ漏洩防止方法
WO2018094962A1 (fr) Procédé, appareil et système de migration d'autorisation sur un fichier
US11086995B2 (en) Malware scanning for network-attached storage systems
US20160173611A1 (en) Techniques for prevent information disclosure via dynamic secure cloud resources
US10404702B1 (en) System and method for tenant network identity-based authentication and authorization for administrative access in a protection storage system
RU2491623C1 (ru) Система и способ проверки файлов на доверенность
WO2017028517A1 (fr) Procédé de gestion de fichier de données en nuage, point de gestion en nuage et système
US9922035B1 (en) Data retention system for a distributed file system
JP2023517531A (ja) 認可されていないファイル変更からフォルダを保護するためのシステム及び方法
WO2020063002A1 (fr) Procédé et appareil de gestion de données ainsi que serveur
JP5860259B2 (ja) 判定プログラム及び判定装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16836382

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16836382

Country of ref document: EP

Kind code of ref document: A1