WO2021068835A1 - Data outgoing method and device, and related apparatus - Google Patents

Data outgoing method and device, and related apparatus Download PDF

Info

Publication number
WO2021068835A1
WO2021068835A1 PCT/CN2020/119332 CN2020119332W WO2021068835A1 WO 2021068835 A1 WO2021068835 A1 WO 2021068835A1 CN 2020119332 W CN2020119332 W CN 2020119332W WO 2021068835 A1 WO2021068835 A1 WO 2021068835A1
Authority
WO
WIPO (PCT)
Prior art keywords
external
file
mail
data
level
Prior art date
Application number
PCT/CN2020/119332
Other languages
French (fr)
Chinese (zh)
Inventor
胡慧贤
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2021068835A1 publication Critical patent/WO2021068835A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/308Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information retaining data, e.g. retaining successful, unsuccessful communication attempts, internet access, or e-mail, internet telephony, intercept related information or call content

Definitions

  • the present disclosure relates to the computer field, and in particular, to a data outsourcing method, device and related equipment.
  • the inventor realizes that with the development of computer technology and Internet technology, more and more companies send some materials, files, etc. to other companies through emails and instant messaging tools. In this way, the company's confidential information is likely to be sent out by mistake. Therefore, a method is needed to detect whether the external data sent to the outside of the company can be sent to the outside, or to provide a way for other companies to view the data. In this way, the company's data can be prevented from landing on external companies, and the risk of data leakage can be reduced.
  • the embodiments of the present disclosure provide a data outsourcing technology.
  • a data outsourcing method including:
  • the external data includes external mail and external files
  • the external data is the external file
  • a viewing mode in which the external file is viewed by the target object is assigned.
  • a data outsourcing device including:
  • An obtaining unit for obtaining external data includes external mail and external files;
  • the detection unit is configured to perform security detection on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external mail from the external file;
  • a sending unit configured to send the external mail that has passed the security check to the target object when the external data is the external mail
  • the allocating unit is configured to, when the external data is the external file, allocate the viewing mode of the external file to be viewed by the target object according to the level of the target object and the level of the external file.
  • a data outsourcing device including a processor and a memory, wherein the memory is used to store computer program code, and the processor is configured to call the computer program code to execute the following method:
  • the external data includes external mail and external files
  • the external data is the external file
  • a viewing mode in which the external file is viewed by the target object is assigned.
  • the present application also provides a computer-readable storage medium, the computer-readable storage medium stores a computer program, and the computer program includes program instructions that, when executed by a processor, cause the The processor performs the following methods:
  • the external data includes: external mail and external files;
  • the external data is the external file
  • a viewing mode in which the external file is viewed by the target object is assigned.
  • the outgoing external data includes confidential data that is not allowed to be outgoing.
  • third parties can only view external files in the data outsourcing server, and external files will not be sent to the third party, ensuring information security.
  • FIG. 1 is a schematic diagram of the architecture of a data outsourcing system provided by an embodiment of the present disclosure
  • FIG. 2 is a schematic flowchart of a data outsourcing method provided by an embodiment of the present disclosure
  • Figure 3 is a schematic structural diagram of a data outsourcing device provided by an embodiment of the present disclosure.
  • Figure 4 is a schematic structural diagram of a data outsourcing device provided by an embodiment of the present disclosure.
  • the technical solution of the present application can be applied to the fields of artificial intelligence, blockchain and/or big data technology, and the control method can be used to realize the security control of external data.
  • the data involved in this application such as external data
  • the data outsourcing method of the present application can be applied to a data outsourcing device (or a data outsourcing device), and the data outsourcing device can be a node in a blockchain.
  • the technical solutions described in the embodiments of the present disclosure can be implemented by terminal devices or servers or systems with data outsourcing functions, such as mobile phones, desktop computers, laptop computers, and wearable devices, which are not limited here.
  • data outsourcing device the executor of the data outsourcing method is referred to as a data outsourcing device in the following.
  • the embodiment of the present disclosure provides a data outsourcing method, including: obtaining external data; the external data includes external mail and external files; performing security detection on the external data based on a first identifier of the external data; the first identifier Used to distinguish the external mail from the external file; when the external data is the external mail, send the external mail that has passed the security check to the target object; when the external data is the external file In the case of, according to the level of the target object and the level of the external file, a viewing mode in which the external file is viewed by the target object is assigned.
  • the embodiments of the present disclosure also provide corresponding data outsourcing devices, computer-readable storage media, and computer program products. Detailed descriptions are given below.
  • FIG. 1 is a schematic structural diagram of an example of an application system of a technical solution provided by an embodiment of the present disclosure.
  • the data outsourcing system may include one or more servers and multiple terminal devices, where:
  • the server and the terminal device can communicate via the Internet.
  • the terminal device on the user side sends an email or uploads a file to the data outsourcing server through a network or an interface.
  • the user refers to the sender of the email or the uploader of the file.
  • the mail or file obtained by the data outgoing server is subjected to security inspection, and after the inspection is passed, it is sent to the terminal device of the target object.
  • the terminal device of the target object logs in to the data outsourcing server through the Internet to view the file.
  • the target object refers to the recipient of the mail or the viewer of the file.
  • the server may include, but is not limited to, a background server, a component server, a data outgoing system server, or a security detection software server, etc.
  • the server sends emails to the terminal.
  • the terminal device can install and run a related client (Client) (such as a mailbox client, etc.).
  • Client refers to a program that corresponds to the server and provides users with local services.
  • the local service may include, but is not limited to: log-in data outgoing server interface, log-in mailbox interface, and so on.
  • the client may include: applications running locally, functions running on a web browser (also called Web App), and so on.
  • the corresponding server-side program needs to be run on the server to provide one or more functions such as the corresponding mail and file security detection processing, assigning target objects to view the file, and adding watermark to the file.
  • the terminal device in the embodiments of the present disclosure may include, but is not limited to, any electronic product based on a smart operating system, which can interact with a user through input devices such as a keyboard, a virtual keyboard, a touch panel, a touch screen, and a voice control device.
  • a smart operating system Such as smart phones, tablet computers, personal computers, etc.
  • the smart operating system includes, but is not limited to, any operating system that enriches device functions by providing various mobile applications to the mobile device, such as Android, iOS TM , Windows Phone, and so on.
  • the external data obtained by the data outgoing server can be mails or files. For example, when employees of Company A need to send emails to employees of different departments or employees of other companies, the emails will be sent to the data outgoing server first.
  • the data outsourcing server may be a web service architecture, and the files obtained by the data outsourcing server may be files uploaded by the user logging in to the data outsourcing server.
  • the external data acquired by the data outsourcing device is encrypted data.
  • the data sending device may determine that the external data is encrypted data through the encryption identifier in the external data.
  • the encrypted identifier can be in the form of data or string. There is no limitation here.
  • the external data is encrypted data that has been transparently encrypted.
  • the data outsourcing device can also obtain the decryption key of the outgoing data.
  • the data outgoing device decrypts the outgoing data based on the decryption key.
  • transparent encryption technology is a technology closely integrated with Windows, and it works at the bottom of Windows.
  • the data outgoing server can determine whether the external data is an external mail or an external file according to the first identifier of the external data.
  • the first identifier may be the format of the external data in the data outgoing server. If the first identifier is base64 encoding, it can be determined that the external data is an external mail. If the first identifier is a text in PDF format or Word format, the data outsourcing server can determine that the external data is an external file.
  • the first identifier can also be the content of external data, such as sender and recipient. If the first identifier is the sender or recipient, it can be determined that the external data is an external mail. For example, the data outgoing server may recognize that the first identification of the outgoing data is the sender.
  • the data outgoing server extracts the first identifier of the external data after receiving the external data. If the first identifier of the external data can be extracted, it determines that the external data is an external mail; if the data outgoing server cannot extract the first identifier from the external data , You can determine that the external data source is an external file. The data outgoing server decides how to perform the security check of the outgoing data according to the first identifier.
  • the data outgoing server determines that the external data is an outgoing mail according to the first identifier, and after receiving the outgoing mail, the data outgoing server performs a security check on the mail.
  • the data outgoing server can detect whether there is any sensitive content in the outgoing mail through security inspection.
  • the sensitive content can be confidential content that cannot be distributed, such as customer information (name, phone number, income, etc.), financial statements, bidding documents, and so on.
  • the sensitive content can also be a recipient who is no longer able to receive the email, and there is no limitation here.
  • the external mail After passing the security check, the external mail enters the mail outgoing queue and waits for the mail to be sent out. Emails that fail the security check will be rejected.
  • the security check is performed on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external mail from the external file, including: The first identifier determines that the external data is the external mail; then extracts the content of the external mail; the content of the external mail includes at least the mail recipient, the mail subject, the mail body, and the mail attachment; the sensitive content matching algorithm is used to Security detection is performed on the content of the external mail; the sensitive content matching algorithm includes: a regular matching algorithm, a keyword matching algorithm, and a machine learning matching algorithm.
  • the regular matching algorithm uses regular expressions to identify regular numbers or characters, such as ID cards, bank card numbers, mobile phone numbers, fixed telephones, email addresses, domain names, etc. It can also be deduplicated, case-sensitive, hits, and contains Content, excluded content and other conditions search for documents that meet the feature rules.
  • the keyword matching algorithm can set the feature rule name, rule type, deduplication, case sensitivity, number of hits, inclusion content, excluded content and other conditions by adding keyword feature rules, and then find documents that meet the feature rules through these conditions.
  • the machine learning matching algorithm extracts keywords through lexical analysis of documents, supports the analysis of a large number of original documents, and automatically generates feature rules for keywords and regular expressions.
  • the emails matching the sensitive content rule are archived according to the email confidentiality level and the degree of harm, and a list of attributes of the confidentiality level and the degree of harm is established to facilitate future tracking and statistical analysis.
  • the original mail file and the basic information and secret-related information of the mail are saved, and the mail is statistically analyzed according to different types.
  • the emails that match the rule are sent to the head of the sender's department and the superior, and the supervisor will review the mail. After the review is passed, the mail will be sent out, otherwise the mail will be intercepted.
  • Ping An employees need to send emails to cooperating customers. Due to the company's security settings such as firewalls, most of Ping An's employees cannot send emails directly, and they must communicate through emails. , Then you can send the email to the data outgoing server first, and the data outgoing server will perform security check before sending it out. This can prevent the company's information, materials, etc. from being leaked.
  • the data outsourcing server After the data outsourcing server obtains the file, it performs a security check on the file, and the security check can be used for the target object to view on the data outgoing server.
  • the performing security detection on the file includes: extracting the file content of the file; performing sensitive content rule matching on the extracted file content; archiving the file that matches the sensitive content rule Process and review the files, and save them in a file disk that allows customers (ie target objects) to view in the data outsourcing platform after passing the review.
  • the performing security detection on the external file includes: determining that the external data is the external file based on the first identifier;
  • the security detection mechanism includes at least: exemption, light audit, and strict audit; according to the security detection mechanism
  • the security check of the external file is performed. For example, if the level of the login account is advanced, the files uploaded by advanced users can be exempted; if the level of the login account is intermediate, the files uploaded by intermediate users can be lightly reviewed; if the level of the login account is beginner, for Files uploaded by junior users can be strictly reviewed.
  • the performing security detection on the external file according to the security detection mechanism includes: extracting the content of the external file based on the security detection mechanism; performing security detection on the content of the external file .
  • the file content includes: file name, file body title, and file body content.
  • the extracting the content of the external file based on the security detection mechanism includes: extracting the title of the external file and the external file when the security detection mechanism is a light audit The telephone number contained in the main text; in the case that the security detection mechanism is strictly audited, the title and main content of the file are extracted.
  • sensitive content rule matching is performed on the extracted file content, and the matching methods include: regular matching, keyword matching, and machine learning matching.
  • the security check is performed on the file, and after the security check is passed, the file is stored in a file disk that is allowed to be viewed by the client in the data outsourcing platform. Including: reviewing the file, adding a watermark to the content of the file after the review is passed, and saving it in a file disk that allows customers to view in the data outsourcing platform.
  • the added watermark can be in text form, such as the company name, or the validity period of the document, and the watermark can also be in the form of a picture, such as a company’s icon or other pictures.
  • the form and content of the watermark in this application All are not limited.
  • the watermark is added to further prevent the content of the file from being leaked and misappropriated.
  • the data outgoing server When the external mail passes the security check, the data outgoing server will send the external mail to the target object.
  • the target object can be the recipient of the external mail. If the external mail fails the security check, the data outgoing server can return the external mail to the sender, and it can also attach the details of the failed security check.
  • the data outsourcing platform determines how the target object views the file according to the target object's level and the security level of the file after the security check.
  • the target audience is the viewer of the external file.
  • the target object can only view external files on the data outsourcing server, but not download them.
  • External files are stored in the data outsourcing server.
  • the target object can enter the data outsourcing server through the link to view the external files, or log in to the data outsourcing server through a temporary account to view the external files. In this way, the leakage of commercial secrets in external documents can be reduced.
  • the external file is allocated to the external file.
  • the viewing mode for viewing by the target object includes: assigning a viewing mode for viewing the external file by the target object based on a pre-established mapping relationship between the level of the external file and the level of the target object.
  • the mapping relationship between the external file level and the target object level can be that when the level is a very important target object viewing a very important file, a temporary account can be assigned to the very important target object
  • the target object with the level of important and generally important can only view the very important file through the method of link and password, and according to the target
  • the level of the object sets the time limit for viewing files.
  • the time limit for the target object to view the file gradually becomes shorter. Ordinary, temporary cooperation is not allowed to view files with a very important rating. What needs to be explained here is that there is no limit to the level classification method of the file and the level classification method of the target object, and the number of classifications is also not limited.
  • Table 1 The mapping table of external file level and target object level
  • the link to view the file contains a password. Click on the link to enter the web page and enter the password to view the file.
  • the password can be notified to the customer by SMS, or by other means. There are no restrictions.
  • the data outsourcing platform provides a part of the viewing authority to the customer, so that the customer can view some files, but can only view it, not download it, or edit it.
  • the data outsourcing server provides an upload module, but does not provide a download module.
  • the account of the data outsourcing platform can be assigned to the customer for the customer to view the data, but the customer cannot download the data, which can avoid data leakage to a certain extent.
  • the data outgoing server determines whether the outgoing data can be outgoing according to an audit mechanism.
  • the audit mechanism can be the security level of external data.
  • the security level of external data can include level A, level B, level C, and level D (for example, level D security> level C security> level The security of B> the security of level A) and so on, wherein, the higher the level, the higher the requirement for the security of the data, and the less leakage is allowed.
  • the review mechanism may be the user level (sender) of the user.
  • the user level of the user may include: exemption level, review level, and outgoing suspension permission level.
  • the review level can at least include: simple review level, light review level, heavy review level and strict review level.
  • the transit server determines that the review mechanism for R&D personnel (User A and User B) is: stop outgoing permission level or strict review level.
  • the transit server determines that the review mechanism for user C is a heavy review level, and the review mechanism for user D is a simple review level or an exemption level.
  • the audit mechanism may be the level of the recipient.
  • recipients can include ordinary partners, heavyweight partners, and government agencies.
  • the review level of ordinary partners is light review level
  • the review level of heavyweight partners is heavy review level
  • the review level of government agencies is strict review level or the permission to stop sending out.
  • the review mechanism is a deep learning review algorithm.
  • the data outsourcing platform determines different levels of review of external data based on the previous historical situation. For example, the review level of the first external data is the right to stop the outsourcing, and the review level of the second external data is the light review level. , The third review level of external data is the heavy review level.
  • the transit server determines the similarity between the fourth external data and the first external data, the second external data, and the third external data respectively, and the similarity value among these three similarities
  • the review level corresponding to the largest external data is the fourth review level of external data.
  • external data can be obtained; the external data includes external mail and external files; the security detection is performed on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external data Mail and the external file; in the case where the external data is the external mail, the external mail that has passed the security check is sent to the target object; in the case where the external data is the external file, according to the According to the level of the target object and the level of the external file, a viewing mode for the external file to be viewed by the target object is assigned.
  • the security check external data containing confidential data can be detected, and external mail containing confidential data will be returned to the sender. Only external data that has passed the security test can be sent out. In this way, it is possible to prevent the outgoing external data from containing confidential data that is not allowed to be sent out.
  • third parties can only view important files, and important files should not be sent to third parties to ensure information security.
  • the present disclosure also correspondingly provides a data outsourcing device, which will be described in detail below with reference to the accompanying drawings:
  • Fig. 3 shows a schematic structural diagram of the data outsourcing device provided by the embodiment of the present disclosure.
  • the data outsourcing device may include: an acquisition unit 100, a detection unit 101, a sending unit 102, and a distribution unit 103, where:
  • the obtaining unit 100 obtains external data;
  • the external data includes external mail and external files;
  • the detection unit 101 is configured to perform security detection on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external mail from the external file;
  • the sending unit 102 is configured to send the external mail that has passed the security check to the target object when the external data is the external mail;
  • the allocating unit 103 is configured to, when the external data is the external file, allocate a viewing mode for the external file to be viewed by the target object according to the level of the target object and the level of the external file.
  • the detection unit 101 is further configured to:
  • Extract the content of the external mail includes at least the recipient, the subject of the mail, the body of the mail, and the attachment of the mail;
  • a sensitive content matching algorithm is used to perform security detection on the external mail content; the sensitive content matching algorithm includes: a regular matching algorithm, a keyword matching algorithm, and a machine learning matching algorithm.
  • the detection unit 101 is further configured to:
  • the login account level of the uploaded file is detected, and the security detection mechanism of the file is determined based on the login account level; the security detection mechanism includes at least: exemption from review, light review, and strict review.
  • the detection unit 101 is further configured to:
  • the detection unit 101 is configured to:
  • the security detection mechanism is a light audit, extract the title of the external document and the telephone number contained in the body of the external document;
  • the security detection mechanism is strict review, the title and body content of the file are extracted.
  • the allocating unit 103 is configured to:
  • a viewing mode for the external file to be viewed by the target object is assigned.
  • the viewing manner of the external file being viewed by the target object at least includes: a link after the external file is encrypted, and a temporary login account.
  • external data can be obtained; the external data includes external mail and external files; the security detection is performed on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external data Mail and the external file; in the case where the external data is the external mail, the external mail that has passed the security check is sent to the target object; in the case where the external data is the external file, according to the According to the level of the target object and the level of the external file, a viewing mode for the external file to be viewed by the target object is assigned.
  • the security check external data containing confidential data can be detected, and external mail containing confidential data will be returned to the sender. Only the external data that has passed the security inspection can be sent out. In this way, it is possible to prevent the outgoing external data from containing confidential data that is not allowed to be sent out.
  • third parties can only view important files, and important files should not be sent to third parties to ensure information security.
  • data outsourcing device 10 in the embodiment of the present disclosure is the data outsourcing device in the embodiment of FIG. 2
  • the specific implementation of the embodiment will not be repeated here.
  • the present disclosure also provides a corresponding data outsourcing device, which will be described in detail below with reference to the accompanying drawings:
  • Fig. 4 shows a schematic structural diagram of a data outsourcing device provided by an embodiment of the present disclosure.
  • the data outsourcing device 110 may include a processor 1101, an input unit (input device) 1102, an output unit (output device) 1103, and a memory 1104.
  • the data sending device may further include a communication unit 1105 and a bus 1106.
  • the processor 1101, an input unit 1102, an output unit 1103, a memory 1104, and a communication unit 1105 may be connected to each other through the bus 1106.
  • the memory 1104 may be a high-speed RAM memory, or a non-volatile memory (non-volatile memory), such as at least one disk memory.
  • the memory 1104 may also be at least one storage system located far away from the foregoing processor 1101.
  • the memory 1104 is used to store application program codes, which may include an operating system, a network communication module, a user interface module, and a data outbound program.
  • the communication unit 1105 is used to exchange information with external units; the processor 1101 is configured to call the program Code, perform the following steps:
  • the processor 1101 obtains external data; the external data includes external mail and external files;
  • the processor 1101 performs security detection on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external mail from the external file;
  • the processor 1101 sends the external mail that has passed the security check to the target object;
  • the processor 1101 allocates a viewing mode for the external file to be viewed by the target object according to the level of the target object and the level of the external file.
  • the processor 1101 determines that the external data is the external mail based on the first identifier; extracts the content of the external mail; the content of the external mail includes at least the mail recipient, the mail subject, the mail body, and the mail attachment;
  • the content matching algorithm performs security detection on the content of the external mail; the sensitive content matching algorithm includes: a regular matching algorithm, a keyword matching algorithm, and a machine learning matching algorithm.
  • the processor 1101 determines that the external data is the external file based on the first identifier; detects the login account level of the uploaded file, and determines the security detection mechanism of the file based on the login account level; the security detection mechanism It includes at least: exemption from review, light review, and strict review; performing security testing on the external file according to the security testing mechanism.
  • the processor 1101 extracts the content of the external file based on the security detection mechanism; performs security detection on the content of the external file.
  • the processor 1101 extracts the title of the external document and the telephone number contained in the body of the external document when the security detection mechanism is a light audit; when the security detection mechanism is a strict audit, extracts all The title and body content of the document.
  • the processor 1101 assigns a viewing mode for the external file to be viewed by the target object based on a pre-established mapping relationship between the level of the external file and the level of the target object.
  • external data can be obtained; the external data includes external mail and external files; the security detection is performed on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external data Mail and the external file; in the case where the external data is the external mail, the external mail that has passed the security check is sent to the target object; in the case where the external data is the external file, according to the According to the level of the target object and the level of the external file, a viewing mode for the external file to be viewed by the target object is assigned.
  • the security check external data containing confidential data can be detected, and external mail containing confidential data will be returned to the sender. Only external data that has passed the security test can be sent out. In this way, it is possible to prevent the outgoing external data from containing confidential data that is not allowed to be sent out.
  • third parties can only view important files, and important files should not be sent to third parties to ensure information security.
  • the data outgoing device 110 in the embodiment of the present disclosure is the data outgoing device in the embodiment of FIG. 2 described above.
  • the embodiments of the present application also provide a computer (readable) storage medium, wherein the computer storage medium can store a program.
  • the program such as a computer program, may include program instructions.
  • the program includes part or all of the steps of any one of the above method embodiments when executed.
  • the program such as a computer program, may include program instructions that, when executed by a processor, cause the processor to perform part or all of the steps of any one of the foregoing method embodiments.
  • the program when executed by the processor, the following methods can be implemented: obtain external data; the external data includes: external mail, external files; and secure the external data based on the first identifier of the external data Detection; the first identifier is used to distinguish the external mail and the external file; in the case that the external data is the external mail, the external mail that has passed the security detection is sent to the target object; in the When the external data is the external file, according to the level of the target object and the level of the external file, a viewing mode for the external file to be viewed by the target object is allocated.
  • the program or program instruction
  • other steps of the method in the foregoing embodiment may also be implemented, which will not be repeated here.
  • the storage medium involved in this application such as a computer-readable storage medium, may be non-volatile or volatile.
  • the embodiments of the present application also provide a computer program, which includes instructions, when the computer program is executed by a computer, the computer can execute part or all of the steps of any text conversion method.
  • the program can be stored in a computer readable storage medium. During execution, it may include the procedures of the above-mentioned method embodiments.
  • the storage medium may be a U disk, a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM), etc.
  • the present disclosure may be a system, method and/or computer program product.
  • the computer program product may include a computer-readable storage medium loaded with computer-readable program instructions for enabling a processor to implement various aspects of the present disclosure.
  • the computer-readable storage medium may be a tangible device that can hold and store instructions used by the instruction execution device.
  • the computer-readable storage medium may be, for example, but not limited to, an electrical storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing.
  • Non-exhaustive list of computer-readable storage media include: portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM) Or flash memory), static random access memory (SRAM), portable compact disk read-only memory (CD-ROM), digital versatile disk (DVD), memory stick, floppy disk, mechanical encoding device, such as a printer with instructions stored thereon
  • RAM random access memory
  • ROM read-only memory
  • EPROM erasable programmable read-only memory
  • flash memory flash memory
  • SRAM static random access memory
  • CD-ROM compact disk read-only memory
  • DVD digital versatile disk
  • memory stick floppy disk
  • mechanical encoding device such as a printer with instructions stored thereon
  • the computer-readable storage medium used here is not interpreted as the instantaneous signal itself, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (for example, light pulses through fiber optic cables), or through wires Transmission of electrical signals.
  • the computer-readable program instructions described herein can be downloaded from a computer-readable storage medium to various computing/processing devices, or downloaded to an external computer or external storage device via a network, such as the Internet, a local area network, a wide area network, and/or a wireless network.
  • the network may include copper transmission cables, optical fiber transmission, wireless transmission, routers, firewalls, switches, gateway computers, and/or edge servers.
  • the network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network, and forwards the computer-readable program instructions for storage in the computer-readable storage medium in each computing/processing device .
  • the computer program instructions used to perform the operations of the present disclosure may be assembly instructions, instruction set architecture (ISA) instructions, machine instructions, machine-related instructions, microcode, firmware instructions, state setting data, or in one or more programming languages.
  • Source code or object code written in any combination, the programming language includes object-oriented programming languages such as Smalltalk, C++, etc., and conventional procedural programming languages such as "C" language or similar programming languages.
  • Computer-readable program instructions can be executed entirely on the user's computer, partly on the user's computer, executed as a stand-alone software package, partly on the user's computer and partly executed on a remote computer, or entirely on the remote computer or server carried out.
  • the remote computer can be connected to the user's computer through any kind of network, including a local area network (LAN) or a wide area network (WAN), or it can be connected to an external computer (for example, using an Internet service provider to access the Internet). connection).
  • LAN local area network
  • WAN wide area network
  • an electronic circuit such as a programmable logic circuit, a field programmable gate array (FPGA), or a programmable logic array (PLA), can be customized by using the status information of the computer-readable program instructions.
  • the computer-readable program instructions are executed to realize various aspects of the present disclosure.
  • These computer-readable program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, or other programmable data processing device, thereby producing a machine that makes these instructions when executed by the processor of the computer or other programmable data processing device , A device that implements the functions/actions specified in one or more blocks in the flowcharts and/or block diagrams is produced. It is also possible to store these computer-readable program instructions in a computer-readable storage medium. These instructions make computers, programmable data processing apparatuses, and/or other devices work in a specific manner. Thus, the computer-readable medium storing the instructions includes An article of manufacture, which includes instructions for implementing various aspects of the functions/actions specified in one or more blocks in the flowcharts and/or block diagrams.
  • each block in the flowchart or block diagram may represent a module, program segment, or part of an instruction, and the module, program segment, or part of an instruction contains one or more components for realizing the specified logical function.
  • Executable instructions may also occur in a different order than the order marked in the drawings. For example, two consecutive blocks can actually be executed substantially in parallel, or they can sometimes be executed in the reverse order, depending on the functions involved.
  • each block in the block diagram and/or flowchart, and the combination of the blocks in the block diagram and/or flowchart can be implemented by a dedicated hardware-based system that performs the specified functions or actions Or it can be realized by a combination of dedicated hardware and computer instructions.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Technology Law (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed in embodiments of the present disclosure is a data outgoing method, comprising: acquiring outgoing data; the outgoing data comprises an outgoing mail and an outgoing file; performing security detection on the outgoing data on the basis of a first identifier of the outgoing data; the first identifier is used for distinguishing the outgoing mail from the outgoing file; in the case that the outgoing data is the outgoing mail, sending the outgoing mail that has passed the security detection to a target object; and in the case that the outgoing data is the outgoing file, assigning a viewing mode viewed by the target object to the outgoing file according to the level of the target object and the level of the outgoing file. In this way, data can be sent out more safely.

Description

一种数据外发方法、装置以及相关设备Method, device and related equipment for data outsourcing
本申请要求于2019年10月10日提交中国专利局、申请号为201910965731.2,发明名称为“一种数据外发方法、装置以及相关设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on October 10, 2019, the application number is 201910965731.2, and the invention title is "a method, device and related equipment for data outsourcing", the entire content of which is incorporated by reference In this application.
技术领域Technical field
本公开涉及计算机领域,尤其涉及一种数据外发方法、装置以及相关设备。The present disclosure relates to the computer field, and in particular, to a data outsourcing method, device and related equipment.
背景技术Background technique
发明人意识到,随着计算机技术和互联网技术的发展,越来越多的公司通过邮件和即时通信工具向其他公司发送一些资料、文件等等。这样,公司的机密信息很有可能会被误发出去。因此,需要一种方法来检测向公司外部发送的对外数据是否可以向对外送,或者提供其他公司查看数据的途径。这样,可以避免公司的数据落地到外部公司,降低数据泄露风险。The inventor realizes that with the development of computer technology and Internet technology, more and more companies send some materials, files, etc. to other companies through emails and instant messaging tools. In this way, the company's confidential information is likely to be sent out by mistake. Therefore, a method is needed to detect whether the external data sent to the outside of the company can be sent to the outside, or to provide a way for other companies to view the data. In this way, the company's data can be prevented from landing on external companies, and the risk of data leakage can be reduced.
发明内容Summary of the invention
本公开实施例提供一种数据外发技术。The embodiments of the present disclosure provide a data outsourcing technology.
第一方面,公开了一种数据外发方法,包括:In the first aspect, a data outsourcing method is disclosed, including:
获取对外数据;所述对外数据包括对外邮件和对外文件;Obtain external data; the external data includes external mail and external files;
基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件;Perform security detection on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external mail from the external file;
在所述对外数据为所述对外邮件的情况下,向目标对象发送通过安全检测的所述对外邮件;In a case where the external data is the external mail, sending the external mail that has passed the security check to the target object;
在所述对外数据为所述对外文件的情况下,根据所述目标对象的等级和所述对外文件的等级,分配所述对外文件被所述目标对象查看的查看方式。In the case where the external data is the external file, according to the level of the target object and the level of the external file, a viewing mode in which the external file is viewed by the target object is assigned.
第二方面,公开了一种数据外发装置,包括:In the second aspect, a data outsourcing device is disclosed, including:
获取单元,用于获取对外数据;所述对外数据包括对外邮件和对外文件;An obtaining unit for obtaining external data; the external data includes external mail and external files;
检测单元,用于基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件;The detection unit is configured to perform security detection on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external mail from the external file;
发送单元,用于在所述对外数据为所述对外邮件的情况下,向目标对象发送通过安全检测的所述对外邮件;A sending unit, configured to send the external mail that has passed the security check to the target object when the external data is the external mail;
分配单元,用于在所述对外数据为所述对外文件的情况下,根据所述目标对象的等级和所述对外文件的等级,分配所述对外文件被所述目标对象查看的查看方式。The allocating unit is configured to, when the external data is the external file, allocate the viewing mode of the external file to be viewed by the target object according to the level of the target object and the level of the external file.
第三方面,公开了一种数据外发设备,包括处理器和存储器,其中,所述存储器用于存储计算机程序代码,所述处理器被配置用于调用所述计算机程序代码,执行以下方法:In a third aspect, a data outsourcing device is disclosed, including a processor and a memory, wherein the memory is used to store computer program code, and the processor is configured to call the computer program code to execute the following method:
获取对外数据;所述对外数据包括对外邮件和对外文件;Obtain external data; the external data includes external mail and external files;
基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件;Perform security detection on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external mail from the external file;
在所述对外数据为所述对外邮件的情况下,向目标对象发送通过安全检测的所述对外邮件;In a case where the external data is the external mail, sending the external mail that has passed the security check to the target object;
在所述对外数据为所述对外文件的情况下,根据所述目标对象的等级和所述对外文件的等级,分配所述对外文件被所述目标对象查看的查看方式。In the case where the external data is the external file, according to the level of the target object and the level of the external file, a viewing mode in which the external file is viewed by the target object is assigned.
第四方面,本申请还提供了一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令当被处理器执行时使所述处理器执行以下方法:In a fourth aspect, the present application also provides a computer-readable storage medium, the computer-readable storage medium stores a computer program, and the computer program includes program instructions that, when executed by a processor, cause the The processor performs the following methods:
获取对外数据;所述对外数据包括:对外邮件、对外文件;Obtain external data; the external data includes: external mail and external files;
基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述 对外邮件和所述对外文件;Perform security detection on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external mail from the external file;
在所述对外数据为所述对外邮件的情况下,向目标对象发送通过安全检测的所述对外邮件;In a case where the external data is the external mail, sending the external mail that has passed the security check to the target object;
在所述对外数据为所述对外文件的情况下,根据所述目标对象的等级和所述对外文件的等级,分配所述对外文件被所述目标对象查看的查看方式。In the case where the external data is the external file, according to the level of the target object and the level of the external file, a viewing mode in which the external file is viewed by the target object is assigned.
在本公开实施例可以避免外发的对外数据中包含不允许外发的保密数据。并且,第三方只可以在数据外发服务器中查看对外文件,对外文件不会落地到第三方,保证了信息安全。In the embodiments of the present disclosure, it can be avoided that the outgoing external data includes confidential data that is not allowed to be outgoing. In addition, third parties can only view external files in the data outsourcing server, and external files will not be sent to the third party, ensuring information security.
附图说明Description of the drawings
为了更清楚地说明本公开实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍。In order to more clearly illustrate the technical solutions in the embodiments of the present disclosure or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art.
图1是本公开实施例提供的数据外发系统的架构示意图;FIG. 1 is a schematic diagram of the architecture of a data outsourcing system provided by an embodiment of the present disclosure;
图2是本公开实施例提供的数据外发方法的流程示意图;FIG. 2 is a schematic flowchart of a data outsourcing method provided by an embodiment of the present disclosure;
图3是本公开实施例提供的数据外发装置的结构示意图;Figure 3 is a schematic structural diagram of a data outsourcing device provided by an embodiment of the present disclosure;
图4是本公开实施例提供的数据外发设备的结构示意图。Figure 4 is a schematic structural diagram of a data outsourcing device provided by an embodiment of the present disclosure.
具体实施方式Detailed ways
下面将结合本公开实施例中的附图,对本公开实施例中的技术方案进行清楚地描述,显然,所描述的实施例仅仅是本公开一部分实施例,而不是全部的实施例。The technical solutions in the embodiments of the present disclosure will be clearly described below in conjunction with the accompanying drawings in the embodiments of the present disclosure. Obviously, the described embodiments are only a part of the embodiments of the present disclosure, rather than all of the embodiments.
还应当理解,在此本公开说明书中所使用的术语仅仅是出于描述特定实施例的目的而并不意在限制本公开。It should also be understood that the terms used in this specification of the present disclosure are only for the purpose of describing specific embodiments and are not intended to limit the present disclosure.
还应当进一步理解,在本公开说明书和所附权利要求书中使用的术语“和/或”是指相关联列出的项中的一个或多个的任何组合以及所有可能组合,并且包括这些组合。It should also be further understood that the term "and/or" used in the specification of this disclosure and the appended claims refers to any combination of one or more of the associated listed items and all possible combinations, and includes these combinations .
本申请的技术方案可应用于人工智能、区块链和/或大数据技术领域,可利用控制方法实现对对外数据的安全控制。可选的,本申请涉及的数据如对外数据等可存储于数据库中,或者可以存储于区块链中。例如,本申请的数据外发方法可应用于数据外发设备(或数据外发装置),该数据外发设备可以为区块链中的节点。The technical solution of the present application can be applied to the fields of artificial intelligence, blockchain and/or big data technology, and the control method can be used to realize the security control of external data. Optionally, the data involved in this application, such as external data, can be stored in a database, or can be stored in a blockchain. For example, the data outsourcing method of the present application can be applied to a data outsourcing device (or a data outsourcing device), and the data outsourcing device can be a node in a blockchain.
具体实现中,本公开实施例中描述的技术方案可由手机、台式电脑、膝上计算机、可穿戴设备等具备数据外发功能的终端设备或服务器或系统实现,此处不作限定。为了便于理解,下文将数据外发方法的执行主体称为数据外发装置。In specific implementation, the technical solutions described in the embodiments of the present disclosure can be implemented by terminal devices or servers or systems with data outsourcing functions, such as mobile phones, desktop computers, laptop computers, and wearable devices, which are not limited here. For ease of understanding, the executor of the data outsourcing method is referred to as a data outsourcing device in the following.
本公开实施例提供一种数据外发方法,包括:获取对外数据;所述对外数据包括对外邮件和对外文件;基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件;在所述对外数据为所述对外邮件的情况下,向目标对象发送通过安全检测的所述对外邮件;在所述对外数据为所述对外文件的情况下,根据所述目标对象的等级和所述对外文件的等级,分配所述对外文件被所述目标对象查看的查看方式。The embodiment of the present disclosure provides a data outsourcing method, including: obtaining external data; the external data includes external mail and external files; performing security detection on the external data based on a first identifier of the external data; the first identifier Used to distinguish the external mail from the external file; when the external data is the external mail, send the external mail that has passed the security check to the target object; when the external data is the external file In the case of, according to the level of the target object and the level of the external file, a viewing mode in which the external file is viewed by the target object is assigned.
本公开实施例还提供相应的数据外发装置、计算机可读存储介质和计算机程序产品。以下分别进行详细描述。The embodiments of the present disclosure also provide corresponding data outsourcing devices, computer-readable storage media, and computer program products. Detailed descriptions are given below.
首先,下面对本公开实施例适用的数据外发系统进行描述。参阅图1,图1是本公开实施例提供的技术方案的应用系统示例的架构示意图。如图1所示,数据外发系统可以包括一个或多个服务器以及多个终端设备,其中:First, the following describes the data outsourcing system to which the embodiments of the present disclosure are applicable. Referring to FIG. 1, FIG. 1 is a schematic structural diagram of an example of an application system of a technical solution provided by an embodiment of the present disclosure. As shown in Figure 1, the data outsourcing system may include one or more servers and multiple terminal devices, where:
服务器与终端设备可以通过互联网进行通信。具体地,用户侧的终端设备通过网络或者接口向数据外发服务器发送邮件或者上传文件。这里,用户指的是邮件的发送方,或者文件的上传者。数据外发服务器获取的邮件或者文件进行安全检测,检测通过后发给目标对象的终端设备。或者,目标对象的终端设备通过互联网登录数据外发服务器查看文件。 这里,目标对象指的是邮件的接收方,或者文件的查看方。The server and the terminal device can communicate via the Internet. Specifically, the terminal device on the user side sends an email or uploads a file to the data outsourcing server through a network or an interface. Here, the user refers to the sender of the email or the uploader of the file. The mail or file obtained by the data outgoing server is subjected to security inspection, and after the inspection is passed, it is sent to the terminal device of the target object. Or, the terminal device of the target object logs in to the data outsourcing server through the Internet to view the file. Here, the target object refers to the recipient of the mail or the viewer of the file.
服务器可以包括但不限于后台服务器、组件服务器、数据外发系统服务器或安全检测检测软件服务器等,服务器将邮件发送到终端。终端设备可以安装并运行有相关的客户端(Client)(例如邮箱客户端等)。客户端(Client)是指与服务器相对应并为用户提供本地服务的程序。这里,该本地服务可包括但不限于:登录数据外发服务器界面,登录邮箱界面等等。The server may include, but is not limited to, a background server, a component server, a data outgoing system server, or a security detection software server, etc. The server sends emails to the terminal. The terminal device can install and run a related client (Client) (such as a mailbox client, etc.). Client refers to a program that corresponds to the server and provides users with local services. Here, the local service may include, but is not limited to: log-in data outgoing server interface, log-in mailbox interface, and so on.
具体的,客户端可包括:本地运行的应用程序、运行于网络浏览器上的功能(又称为Web App)等。对于客户端,服务器上需要运行有相应的服务器端程序来提供相应的邮件与文件的安全检测处理、分配目标对象查看文件途径、给文件加水印等一种或多种功能。Specifically, the client may include: applications running locally, functions running on a web browser (also called Web App), and so on. For the client, the corresponding server-side program needs to be run on the server to provide one or more functions such as the corresponding mail and file security detection processing, assigning target objects to view the file, and adding watermark to the file.
本公开实施例中的终端设备可以包括但不限于任何一种基于智能操作系统的电子产品,其可与用户通过键盘、虚拟键盘、触摸板、触摸屏以及声控设备等输入设备来进行人机交互,诸如智能手机、平板电脑、个人电脑等。其中,智能操作系统包括但不限于任何通过向移动设备提供各种移动应用来丰富设备功能的操作系统,诸如安卓(Android)、iOS TM、Windows Phone等。 The terminal device in the embodiments of the present disclosure may include, but is not limited to, any electronic product based on a smart operating system, which can interact with a user through input devices such as a keyboard, a virtual keyboard, a touch panel, a touch screen, and a voice control device. Such as smart phones, tablet computers, personal computers, etc. Among them, the smart operating system includes, but is not limited to, any operating system that enriches device functions by providing various mobile applications to the mobile device, such as Android, iOS , Windows Phone, and so on.
需要说明的是,本公开实施例应用的数据外发系统的架构不限于图1所示的例子。It should be noted that the architecture of the data outsourcing system applied in the embodiment of the present disclosure is not limited to the example shown in FIG. 1.
下面结合图2对本公开实施例提供的数据外发方法进行描述。The data outsourcing method provided by the embodiment of the present disclosure will be described below with reference to FIG. 2.
S100、获取对外数据;所述对外数据包括对外邮件和对外文件。S100. Obtain external data; the external data includes external mail and external files.
数据外发服务器获取的对外数据可以是邮件,也可以是文件。例如,当A公司的员工需要向不同部门的员工,或者其他公司的员工发送邮件时,邮件会先发送到数据外发服务器。The external data obtained by the data outgoing server can be mails or files. For example, when employees of Company A need to send emails to employees of different departments or employees of other companies, the emails will be sent to the data outgoing server first.
可选地,数据外发服务器可以是网页服务架构,该数据外发服务器获取的文件可以是用户登录该数据外发服务器上传的文件。Optionally, the data outsourcing server may be a web service architecture, and the files obtained by the data outsourcing server may be files uploaded by the user logging in to the data outsourcing server.
在一种可能的实现方式中,数据外发装置获取到的对外数据为加密的数据。In a possible implementation manner, the external data acquired by the data outsourcing device is encrypted data.
在一种可能的实现方式中,数据外发装置可以通过对外数据中的加密标识判断该对外数据为加密数据。加密标识可以数据形式的,也可以是字符串形式。此处不做限定。In a possible implementation manner, the data sending device may determine that the external data is encrypted data through the encryption identifier in the external data. The encrypted identifier can be in the form of data or string. There is no limitation here.
可选地,所述对外数据为透明加密过的加密数据。数据外发装置还可以获取到该对外数据的解密密钥。数据外发装置基于解密密钥对对外数据进行解密。这里透明加密技术是与Windows紧密结合的一种技术,它工作于Windows的底层。通过监控应用程序对文件的操作,在打开文件时自动对密文进行解密,在写文件时自动将内存中的明文加密写入存储介质。从而保证存储介质上的文件始终处于加密状态。Optionally, the external data is encrypted data that has been transparently encrypted. The data outsourcing device can also obtain the decryption key of the outgoing data. The data outgoing device decrypts the outgoing data based on the decryption key. Here transparent encryption technology is a technology closely integrated with Windows, and it works at the bottom of Windows. By monitoring the operation of the application on the file, the ciphertext is automatically decrypted when the file is opened, and the plaintext in the memory is automatically encrypted and written into the storage medium when the file is written. This ensures that the files on the storage medium are always in an encrypted state.
S101、基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件。S101. Perform a security check on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external mail from the external file.
数据外发服务器根据对外数据的第一标识可以确定对外数据是对外邮件或是对外文件。第一标识可以是对外数据在数据外发服务器中的格式,若第一标识为base64编码,那么可以确定对外数据为对外邮件。若第一标识为PDF格式、Word格式的文本,那么数据外发服务器可以确定对外数据为对外文件。第一标识也可以是对外数据的内容,如发件人、收件人。若第一标识为发件人或收件人,则可以确定对外数据是对外邮件。举例来说,数据外发服务器可以识别到对外数据的第一识别是发件人。数据外发服务器接收对外数据后提取对外数据的第一标识,如可以提取到对外数据的第一标识,则确定对外数据是对外邮件;若数据外发服务器从对外数据中提取不到第一标识,则可以确定对外数据源是对外文件。数据外发服务器根据第一标识来决定如何进行对外数据的安全检测。The data outgoing server can determine whether the external data is an external mail or an external file according to the first identifier of the external data. The first identifier may be the format of the external data in the data outgoing server. If the first identifier is base64 encoding, it can be determined that the external data is an external mail. If the first identifier is a text in PDF format or Word format, the data outsourcing server can determine that the external data is an external file. The first identifier can also be the content of external data, such as sender and recipient. If the first identifier is the sender or recipient, it can be determined that the external data is an external mail. For example, the data outgoing server may recognize that the first identification of the outgoing data is the sender. The data outgoing server extracts the first identifier of the external data after receiving the external data. If the first identifier of the external data can be extracted, it determines that the external data is an external mail; if the data outgoing server cannot extract the first identifier from the external data , You can determine that the external data source is an external file. The data outgoing server decides how to perform the security check of the outgoing data according to the first identifier.
数据外发服务器根据第一标识确定对外数据是对外邮件,数据外发服务器接收到对外邮件之后,对邮件进行安全检测。数据外发服务器通过安全检测可以检测对外邮件中是否有敏感内容。该敏感内容可以是不能外发的机密内容,如客户信息(姓名、电话、收入等 等)、财务报表、竞标书等等。该敏感内容也可以是不在可以接收该邮件的接收人,此处不作限定。安全检测通过后的对外邮件进入邮件外发队列,等待对邮件进行外发。未通过安全检测的邮件则拒绝外发。The data outgoing server determines that the external data is an outgoing mail according to the first identifier, and after receiving the outgoing mail, the data outgoing server performs a security check on the mail. The data outgoing server can detect whether there is any sensitive content in the outgoing mail through security inspection. The sensitive content can be confidential content that cannot be distributed, such as customer information (name, phone number, income, etc.), financial statements, bidding documents, and so on. The sensitive content can also be a recipient who is no longer able to receive the email, and there is no limitation here. After passing the security check, the external mail enters the mail outgoing queue and waits for the mail to be sent out. Emails that fail the security check will be rejected.
在一种可能的实现方式中,所述基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件,包括:若基于所述第一标识确定所述对外数据为所述对外邮件;则提取所述对外邮件内容;所述对外邮件内容至少包括邮件收件人、邮件主题、邮件正文、邮件附件;利用敏感内容匹配算法对所述对外邮件内容进行安全检测;所述敏感内容匹配算法包括:正则匹配算法、关键字匹配算法、机器学习匹配算法。In a possible implementation manner, the security check is performed on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external mail from the external file, including: The first identifier determines that the external data is the external mail; then extracts the content of the external mail; the content of the external mail includes at least the mail recipient, the mail subject, the mail body, and the mail attachment; the sensitive content matching algorithm is used to Security detection is performed on the content of the external mail; the sensitive content matching algorithm includes: a regular matching algorithm, a keyword matching algorithm, and a machine learning matching algorithm.
正则匹配算法通过正则表达式对有规律的数字或字符进行识别,如身份证、银行卡号、手机号码、固定电话、Email地址、域名等,同样可以通过去重、区分大小写、命中次数、包含内容、排除内容等条件查找符合特征规则的文档。The regular matching algorithm uses regular expressions to identify regular numbers or characters, such as ID cards, bank card numbers, mobile phone numbers, fixed telephones, email addresses, domain names, etc. It can also be deduplicated, case-sensitive, hits, and contains Content, excluded content and other conditions search for documents that meet the feature rules.
关键字匹配算法通过添加关键字特征规则,可设置特征规则名称、规则类型、去重、区分大小写、命中次数、包含内容、排除内容等条件,然后通过这些条件查找出符合特征规则的文档。The keyword matching algorithm can set the feature rule name, rule type, deduplication, case sensitivity, number of hits, inclusion content, excluded content and other conditions by adding keyword feature rules, and then find documents that meet the feature rules through these conditions.
机器学习匹配算法通过对文档进行词法分析从而提取关键字,支持分析大量原始文档,自动生成关键字和正则表达式的特征规则。The machine learning matching algorithm extracts keywords through lexical analysis of documents, supports the analysis of a large number of original documents, and automatically generates feature rules for keywords and regular expressions.
在一种可能的实现方式中,对命中敏感内容规则匹配的邮件按照邮件涉密级别和危害程度进行存档处理,并建立涉密级别和危害程度属性列表,便于日后追踪和统计分析。In a possible implementation, the emails matching the sensitive content rule are archived according to the email confidentiality level and the degree of harm, and a list of attributes of the confidentiality level and the degree of harm is established to facilitate future tracking and statistical analysis.
在一种可能的实现方式中,邮件存档后,保存邮件原始文件及邮件基本信息和涉密信息,并对邮件按不同类型进行统计分析。In a possible implementation manner, after the mail is archived, the original mail file and the basic information and secret-related information of the mail are saved, and the mail is statistically analyzed according to different types.
在一种可能的实现方式中,对命中规则的邮件发送给发送者所在部门主管及上级主管,由主管对邮件进行审核,审核通过后邮件进行外发处理,否则邮件被拦截。In a possible implementation, the emails that match the rule are sent to the head of the sender's department and the superior, and the supervisor will review the mail. After the review is passed, the mail will be sent out, otherwise the mail will be intercepted.
在一个可实施的例子中,如平安的员工需要给合作客户发送邮件,由于公司设置例如防火墙等安全设置,平安的大多数员工是无法直接对外发送邮件的,单是又必须要通过邮件对外沟通,那么可以先将邮件发送到数据外发服务器台,由数据外发服务器进行安全检测后外发。这样可以避免公司的信息、资料等不被泄露。In an practicable example, for example, Ping An employees need to send emails to cooperating customers. Due to the company's security settings such as firewalls, most of Ping An's employees cannot send emails directly, and they must communicate through emails. , Then you can send the email to the data outgoing server first, and the data outgoing server will perform security check before sending it out. This can prevent the company's information, materials, etc. from being leaked.
数据外发服务器获取到文件后,对文件进行安全检测,安全检测通过可供目标对象在数据外发服务器上查看。After the data outsourcing server obtains the file, it performs a security check on the file, and the security check can be used for the target object to view on the data outgoing server.
在一种可能的实现方式中,所述对所述文件进行安全检测包括:提取所述文件的文件内容;对提取的所述文件内容进行敏感内容规则匹配;对命中敏感内容规则的文件进行存档处理,并对所述文件进行审核,审核通过后保存在数据外发平台中允许客户(即目标对象)查看的文件盘中。In a possible implementation manner, the performing security detection on the file includes: extracting the file content of the file; performing sensitive content rule matching on the extracted file content; archiving the file that matches the sensitive content rule Process and review the files, and save them in a file disk that allows customers (ie target objects) to view in the data outsourcing platform after passing the review.
在一种可能的实现方式中,所述对所述对外文件进行安全检测;包括:基于所述第一标识确定所述对外数据为所述对外文件;In a possible implementation manner, the performing security detection on the external file; includes: determining that the external data is the external file based on the first identifier;
检测上传所述文件的登录账号等级,基于所述登录账号等级确定所述文件的安全检测机制;所述安全检测机制至少包括:免审、轻度审核、严格审核;根据所述安全检测机制对所述对外文件进行安全检测。举例来说,若登录账号的等级为高级,对于高级用户上传的文件可以免审;若登录账号的等级为中级,对于中级用户上传的文件可以轻度审核;若登录账号的等级为初级,对于初级用户上传的文件可以严格审核。Detect the login account level for uploading the file, and determine the security detection mechanism of the file based on the login account level; the security detection mechanism includes at least: exemption, light audit, and strict audit; according to the security detection mechanism The security check of the external file is performed. For example, if the level of the login account is advanced, the files uploaded by advanced users can be exempted; if the level of the login account is intermediate, the files uploaded by intermediate users can be lightly reviewed; if the level of the login account is beginner, for Files uploaded by junior users can be strictly reviewed.
在一种可能的实现方式中,所述根据所述安全检测机制对所述对外文件进行安全检测,包括:基于所述安全检测机制提取所述对外文件内容;对所述对外文件内容进行安全检测。In a possible implementation manner, the performing security detection on the external file according to the security detection mechanism includes: extracting the content of the external file based on the security detection mechanism; performing security detection on the content of the external file .
在一种可能的实现方式中,所述文件内容包括:文件名,文件正文标题以及文件正文内容。In a possible implementation manner, the file content includes: file name, file body title, and file body content.
在一种可能的实现方式中,所述基于所述安全检测机制提取所述对外文件内容,包括:在所述安全检测机制为轻度审核的情况下,提取所述对外文件的标题以及对外文件正文中所含的电话号码;在所述安全检测机制为严格审核的情况下,提取所述文件的标题、正文内容。In a possible implementation manner, the extracting the content of the external file based on the security detection mechanism includes: extracting the title of the external file and the external file when the security detection mechanism is a light audit The telephone number contained in the main text; in the case that the security detection mechanism is strictly audited, the title and main content of the file are extracted.
在一种可能的实现方式中,对提取的文件内容进行敏感内容规则匹配,匹配方式包括:正则匹配、关键字匹配、机器学习匹配。In a possible implementation manner, sensitive content rule matching is performed on the extracted file content, and the matching methods include: regular matching, keyword matching, and machine learning matching.
在一种可能的实现方式中,所述对所述文件进行安全检测,安全检测通过后保存在数据外发平台中允许客户查看的文件盘中。包括:对对所述文件进行审核,审核通过后对所述文件内容中加上水印后保存在数据外发平台中允许客户查看的文件盘中。此处需要说明的是,所加入的水印可以是文字形式,例如公司名称,或者文件有效期限,水印也可以是图片形式,例如公司的图标,或者其他的图片,本申请对水印的形式以及内容均不作限定。加入水印是为了进一步地防止文件内容被外泄以及盗用。In a possible implementation manner, the security check is performed on the file, and after the security check is passed, the file is stored in a file disk that is allowed to be viewed by the client in the data outsourcing platform. Including: reviewing the file, adding a watermark to the content of the file after the review is passed, and saving it in a file disk that allows customers to view in the data outsourcing platform. It should be noted here that the added watermark can be in text form, such as the company name, or the validity period of the document, and the watermark can also be in the form of a picture, such as a company’s icon or other pictures. The form and content of the watermark in this application All are not limited. The watermark is added to further prevent the content of the file from being leaked and misappropriated.
S102、在所述对外数据为所述对外邮件的情况下,向目标对象发送通过安全检测的所述对外邮件。S102: If the external data is the external mail, send the external mail that has passed the security check to the target object.
当对外邮件通过安全检测,数据外发服务器将对外邮件发送给目标对象。此处,目标对象可以是对外邮件的收件人。若对外邮件未通过安全检测,数据外发服务器可以将对外邮件退回给发件人,还可以附上未通过安全检测详情。When the external mail passes the security check, the data outgoing server will send the external mail to the target object. Here, the target object can be the recipient of the external mail. If the external mail fails the security check, the data outgoing server can return the external mail to the sender, and it can also attach the details of the failed security check.
S103、在所述对外数据为所述对外文件的情况下,根据所述目标对象的等级和所述对外文件的等级,分配所述对外文件被所述目标对象查看的查看方式。S103: In a case where the external data is the external file, according to the level of the target object and the level of the external file, assign a viewing mode in which the external file is viewed by the target object.
数据外发平台根据目标对象的等级和安全检测后文件的安全等级,来决定目标对象查看文件的查看方式。目标对象即是对外文件的查看方。为了不让对外文件落地到第三方,目标对象只可以在数据外发服务器中查看对外文件,不可以下载。对外文件保存在数据外发服务器中,目标对象可以通过链接进入数据外发服务器中查看对外文件,也可以通过临时账号登录数据外发服务器查看对外文件。这样,可以减少对外文件中商业机密被泄露。The data outsourcing platform determines how the target object views the file according to the target object's level and the security level of the file after the security check. The target audience is the viewer of the external file. In order to prevent external files from landing to a third party, the target object can only view external files on the data outsourcing server, but not download them. External files are stored in the data outsourcing server. The target object can enter the data outsourcing server through the link to view the external files, or log in to the data outsourcing server through a temporary account to view the external files. In this way, the leakage of commercial secrets in external documents can be reduced.
在一种可能的实现方式中,所述所述在所述对外数据为所述对外文件的情况下,根据所述目标对象的等级和所述对外文件的等级,分配所述对外文件被所述目标对象查看的查看方式,包括:基于预先建立的所述对外文件的等级和所述目标对象的等级之间的映射关系分配对外文件被所述目标对象查看的查看方式。In a possible implementation manner, in the case that the external data is the external file, according to the level of the target object and the level of the external file, the external file is allocated to the external file. The viewing mode for viewing by the target object includes: assigning a viewing mode for viewing the external file by the target object based on a pre-established mapping relationship between the level of the external file and the level of the target object.
举例来说,假设对外文件的等级分为5类,分别为非常重要、重要、一般重要、普通、不重要,目标对象的等级也分为5类,分别为非常重要、重要、一般重要、普通、临时合作;如表1所示,对外文件等级与目标对象等级之间的映射关系可以是,当等级为非常重要的目标对象查看非常重要的文件时,可以给非常重要的目标对象分配临时账号以供该目标对象登录数据外发服务器查看文件,除了等级为非常重要的目标对象,等级为重要、一般重要的目标对象查看非常重要的文件时只能通过链接加密码的方式查看,并且根据目标对象的等级来设置可以查看文件的时间限制。从等级为重要到普通,目标对象查看查看文件的时限逐渐变短。普通、临时合作的则不允许查看等级为非常重要的文件。此处需要说明的是,对文件的等级分类方式以及目标对象的等级分类方式不做限定,以及分类出的个数也不做限定。For example, suppose that the level of external documents is divided into 5 categories, namely very important, important, generally important, ordinary, and unimportant. The target object's level is also divided into 5 categories, namely, very important, important, generally important, and ordinary. , Temporary cooperation; as shown in Table 1, the mapping relationship between the external file level and the target object level can be that when the level is a very important target object viewing a very important file, a temporary account can be assigned to the very important target object In order for the target object to log in data and send the server to view the file, except for the target object with the level of very important, the target object with the level of important and generally important can only view the very important file through the method of link and password, and according to the target The level of the object sets the time limit for viewing files. From the important level to the common level, the time limit for the target object to view the file gradually becomes shorter. Ordinary, temporary cooperation is not allowed to view files with a very important rating. What needs to be explained here is that there is no limit to the level classification method of the file and the level classification method of the target object, and the number of classifications is also not limited.
表1对外文件等级与目标对象等级映射表Table 1 The mapping table of external file level and target object level
Figure PCTCN2020119332-appb-000001
Figure PCTCN2020119332-appb-000001
Figure PCTCN2020119332-appb-000002
Figure PCTCN2020119332-appb-000002
在一种可能的实现方式中,所述查看文件的链接中包含密码,点击链接进入网页,输入密码后才能查看文件,密码可以通过短信的方式告知客户,也可以通过其他的方式告知客户,此处不做限定。In a possible implementation, the link to view the file contains a password. Click on the link to enter the web page and enter the password to view the file. The password can be notified to the customer by SMS, or by other means. There are no restrictions.
可选地,数据外发平台提供给一部分查看权限给客户,让客户能够查看一些文件资料,但是只能查看,不能下载,也无法编辑。Optionally, the data outsourcing platform provides a part of the viewing authority to the customer, so that the customer can view some files, but can only view it, not download it, or edit it.
可选地,数据外发服务器提供上传模块,不提供下载模块,这样可以分配数据外发平台的账号给客户以供客户查看资料,但是客户不能下载资料,这样可以一定程度上的避免资料泄露。Optionally, the data outsourcing server provides an upload module, but does not provide a download module. In this way, the account of the data outsourcing platform can be assigned to the customer for the customer to view the data, but the customer cannot download the data, which can avoid data leakage to a certain extent.
在一种可能的实现方式中,所述数据外发服务器根据审核机制来确定所述对外数据是否可以外发。In a possible implementation manner, the data outgoing server determines whether the outgoing data can be outgoing according to an audit mechanism.
可选的,审核机制可以为对外数据的安全级别,例如,对外数据的安全级别可以包括级别A、级别B、级别C、级别D(例如,级别D的安全性>级别C的安全性>级别B的安全性>级别A的安全性)等等,其中,级别越高表征该数据对安全性的要求更高,更不容许外泄。Optionally, the audit mechanism can be the security level of external data. For example, the security level of external data can include level A, level B, level C, and level D (for example, level D security> level C security> level The security of B> the security of level A) and so on, wherein, the higher the level, the higher the requirement for the security of the data, and the less leakage is allowed.
可选地,审核机制可以为用户的用户等级(发送方),例如,用户的用户等级可以包括:免审等级、审查等级和停外发权限等级。审查等级至少还可以包括:简单审查等级、轻度审查等级,重度审查等级和严格审查等级。Optionally, the review mechanism may be the user level (sender) of the user. For example, the user level of the user may include: exemption level, review level, and outgoing suspension permission level. The review level can at least include: simple review level, light review level, heavy review level and strict review level.
举例来说,用户A为K公司研发部的高级研发人员,用户B为K公司研发部的一般研发人员,用户C为K公司市场部的员工,用户D为K公司的前台人员。由于研发人员可以解除到公司内部机密技术或者文件,中转服务器确定针对研发人员(用户A和用户B)的审核机制为:停外发权限等级或者严格审查等级。中转服务器确定针对用户C的审核机 制为重度审查等级,确定针对用户D的审查机制为简单审查等级或者免审等级。For example, user A is a senior R&D personnel in the R&D department of K company, user B is a general R&D personnel in the R&D department of K company, user C is an employee of the marketing department of K company, and user D is a front desk personnel of K company. Since R&D personnel can release confidential technologies or files within the company, the transit server determines that the review mechanism for R&D personnel (User A and User B) is: stop outgoing permission level or strict review level. The transit server determines that the review mechanism for user C is a heavy review level, and the review mechanism for user D is a simple review level or an exemption level.
可选地,审核机制可以为接收方的等级。在实际应用中,接收方可以包括普通合作伙伴、重量级合作伙伴、政府机构。例如,普通合作伙伴的审查等级为轻度审查等级,重量级合作伙伴的审查等级为重度审查等级,政府机构的审查等级为严格审查等级或停外发权限。Optionally, the audit mechanism may be the level of the recipient. In practical applications, recipients can include ordinary partners, heavyweight partners, and government agencies. For example, the review level of ordinary partners is light review level, the review level of heavyweight partners is heavy review level, and the review level of government agencies is strict review level or the permission to stop sending out.
可选地,审核机制为深度学习审查算法。在实际应用中,数据外发平台基于前期的历史情况确定不同的对外数据的审核等级,例如,第一对外数据的审查等级为停外发权限,第二对外数据的审查等级为轻度审查等级,第三对外数据的审查等级为重度审查等级。数据外发平台在拦截得到第四对外数据时,中转服务器确定第四对外数据分别与第一对外数据、第二对外数据以及第三对外数据的相似度,在这三个相似度中相似度数值最大的对外数据对应的审查等级即为第四对外数据的审查等级。Optionally, the review mechanism is a deep learning review algorithm. In practical applications, the data outsourcing platform determines different levels of review of external data based on the previous historical situation. For example, the review level of the first external data is the right to stop the outsourcing, and the review level of the second external data is the light review level. , The third review level of external data is the heavy review level. When the data outsourcing platform intercepts and obtains the fourth external data, the transit server determines the similarity between the fourth external data and the first external data, the second external data, and the third external data respectively, and the similarity value among these three similarities The review level corresponding to the largest external data is the fourth review level of external data.
可以理解的是,只有通过安全性判定的对外数据才可以实现外发,未通过安全性判定的对外数据是不可以实现外发的。It is understandable that only the external data that has passed the security judgment can be sent out, and the external data that has not passed the security judgment can not be sent out.
在本公开实施例中,可以获取对外数据;所述对外数据包括对外邮件和对外文件;基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件;在所述对外数据为所述对外邮件的情况下,向目标对象发送通过安全检测的所述对外邮件;在所述对外数据为所述对外文件的情况下,根据所述目标对象的等级和所述对外文件的等级,分配所述对外文件被所述目标对象查看的查看方式。在安全检测的时候可以检测出包含保密数据的对外数据,包含保密数据的对外邮件会被退回给发件人。只有通过安全检测的对外数据才可以外发。这样,可以避免外发的对外数据中包含不允许外发的保密数据。并且,第三方只可以查看重要文件,重要文件不要落地到第三方,保证了信息安全。In the embodiment of the present disclosure, external data can be obtained; the external data includes external mail and external files; the security detection is performed on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external data Mail and the external file; in the case where the external data is the external mail, the external mail that has passed the security check is sent to the target object; in the case where the external data is the external file, according to the According to the level of the target object and the level of the external file, a viewing mode for the external file to be viewed by the target object is assigned. During the security check, external data containing confidential data can be detected, and external mail containing confidential data will be returned to the sender. Only external data that has passed the security test can be sent out. In this way, it is possible to prevent the outgoing external data from containing confidential data that is not allowed to be sent out. In addition, third parties can only view important files, and important files should not be sent to third parties to ensure information security.
为了便于更好地实施本公开实施例的上述方案,本公开还对应提供了一种数据外发装置,下面结合附图来进行详细说明:In order to facilitate better implementation of the above-mentioned solutions of the embodiments of the present disclosure, the present disclosure also correspondingly provides a data outsourcing device, which will be described in detail below with reference to the accompanying drawings:
如图3示出的本公开实施例提供的数据外发装置的结构示意图,数据外发装置可以包括:获取单元100、检测单元101、发送单元102和分配单元103,其中,Fig. 3 shows a schematic structural diagram of the data outsourcing device provided by the embodiment of the present disclosure. The data outsourcing device may include: an acquisition unit 100, a detection unit 101, a sending unit 102, and a distribution unit 103, where:
获取单元100,获取对外数据;所述对外数据包括对外邮件和对外文件;The obtaining unit 100 obtains external data; the external data includes external mail and external files;
检测单元101,用于基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件;The detection unit 101 is configured to perform security detection on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external mail from the external file;
发送单元102,用于在所述对外数据为所述对外邮件的情况下,向目标对象发送通过安全检测的所述对外邮件;The sending unit 102 is configured to send the external mail that has passed the security check to the target object when the external data is the external mail;
分配单元103,用于在所述对外数据为所述对外文件的情况下,根据所述目标对象的等级和所述对外文件的等级,分配所述对外文件被所述目标对象查看的查看方式。The allocating unit 103 is configured to, when the external data is the external file, allocate a viewing mode for the external file to be viewed by the target object according to the level of the target object and the level of the external file.
可选地,所述检测单元101,还用于:Optionally, the detection unit 101 is further configured to:
若基于所述第一标识确定所述对外数据为所述对外邮件;If it is determined that the external data is the external mail based on the first identifier;
则提取所述对外邮件内容;所述对外邮件内容至少包括邮件收件人、邮件主题、邮件正文、邮件附件;Extract the content of the external mail; the content of the external mail includes at least the recipient, the subject of the mail, the body of the mail, and the attachment of the mail;
利用敏感内容匹配算法对所述对外邮件内容进行安全检测;所述敏感内容匹配算法包括:正则匹配算法、关键字匹配算法、机器学习匹配算法。A sensitive content matching algorithm is used to perform security detection on the external mail content; the sensitive content matching algorithm includes: a regular matching algorithm, a keyword matching algorithm, and a machine learning matching algorithm.
可选地,所述检测单元101,还用于:Optionally, the detection unit 101 is further configured to:
若基于所述第一标识确定所述对外数据为所述对外文件;If it is determined that the external data is the external file based on the first identifier;
则检测上传所述文件的登录账号等级,基于所述登录账号等级确定所述文件的安全检测机制;所述安全检测机制至少包括:免审、轻度审核、严格审核。Then, the login account level of the uploaded file is detected, and the security detection mechanism of the file is determined based on the login account level; the security detection mechanism includes at least: exemption from review, light review, and strict review.
根据所述安全检测机制对所述对外文件进行安全检测。Perform a security check on the external file according to the security check mechanism.
可选地,所述检测单元101,还用于:Optionally, the detection unit 101 is further configured to:
基于所述安全检测机制提取所述对外文件内容;Extracting the content of the external file based on the security detection mechanism;
对所述对外文件内容进行安全检测。Perform security inspection on the content of the external file.
在一种可能的实现方式中,所述检测单元101用于:In a possible implementation manner, the detection unit 101 is configured to:
在所述安全检测机制为轻度审核的情况下,提取所述对外文件的标题以及对外文件正文中所含的电话号码;In the case that the security detection mechanism is a light audit, extract the title of the external document and the telephone number contained in the body of the external document;
在所述安全检测机制为严格审核的情况下,提取所述文件的标题、正文内容。In the case that the security detection mechanism is strict review, the title and body content of the file are extracted.
在一种可能的实现方式中,所述分配单元103用于:In a possible implementation manner, the allocating unit 103 is configured to:
基于预先建立的所述对外文件的等级和所述目标对象的等级之间的映射关系分配对外文件被所述目标对象查看的查看方式。Based on a pre-established mapping relationship between the level of the external file and the level of the target object, a viewing mode for the external file to be viewed by the target object is assigned.
在一种可能的实现方式中,所述对外文件被所述目标对象查看的查看方式至少包括:所述对外文件加密后的链接、临时登录账号。In a possible implementation manner, the viewing manner of the external file being viewed by the target object at least includes: a link after the external file is encrypted, and a temporary login account.
在本公开实施例中,可以获取对外数据;所述对外数据包括对外邮件和对外文件;基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件;在所述对外数据为所述对外邮件的情况下,向目标对象发送通过安全检测的所述对外邮件;在所述对外数据为所述对外文件的情况下,根据所述目标对象的等级和所述对外文件的等级,分配所述对外文件被所述目标对象查看的查看方式。在安全检测的时候可以检测出包含保密数据的对外数据,包含保密数据的对外邮件会被退回给发件人。只有通过安全检测的对外数据才可以外发。这样,可以避免外发的对外数据中包含不允许外发的保密数据。并且,第三方只可以查看重要文件,重要文件不要落地到第三方,保证了信息安全。In the embodiment of the present disclosure, external data can be obtained; the external data includes external mail and external files; the security detection is performed on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external data Mail and the external file; in the case where the external data is the external mail, the external mail that has passed the security check is sent to the target object; in the case where the external data is the external file, according to the According to the level of the target object and the level of the external file, a viewing mode for the external file to be viewed by the target object is assigned. During the security check, external data containing confidential data can be detected, and external mail containing confidential data will be returned to the sender. Only the external data that has passed the security inspection can be sent out. In this way, it is possible to prevent the outgoing external data from containing confidential data that is not allowed to be sent out. In addition, third parties can only view important files, and important files should not be sent to third parties to ensure information security.
需要说明的是,本公开实施例中的数据外发装置10为上述图2实施例中的数据外发装置,该数据外发装置10中各单元的功能可对应参考上述各方法实施例中图2实施例的具体实现方式,这里不再赘述。It should be noted that the data outsourcing device 10 in the embodiment of the present disclosure is the data outsourcing device in the embodiment of FIG. 2 The specific implementation of the embodiment will not be repeated here.
为了便于更好地实施本公开实施例的上述方案,本公开还对应提供了一种数据外发设备,下面结合附图来进行详细说明:In order to facilitate better implementation of the above-mentioned solutions of the embodiments of the present disclosure, the present disclosure also provides a corresponding data outsourcing device, which will be described in detail below with reference to the accompanying drawings:
如图4示出的本公开实施例提供的数据外发设备的结构示意图,数据外发设备110可以包括处理器1101、输入单元(输入设备)1102、输出单元(输出设备)1103、存储器1104。可选的,该数据外发设备还可包括通信单元1105、总线1106,处理器1101、输入单元1102、输出单元1103、存储器1104和通信单元1105可以通过总线1106相互连接。存储器1104可以是高速RAM存储器,也可以是非易失性的存储器(non-volatile memory),例如至少一个磁盘存储器。存储器1104可选的还可以是至少一个位于远离前述处理器1101的存储系统。存储器1104用于存储应用程序代码,可以包括操作系统、网络通信模块、用户接口模块以及数据外发程序,通信单元1105用于与外部单元进行信息交互;处理器1101被配置用于调用所述程序代码,执行以下步骤:Fig. 4 shows a schematic structural diagram of a data outsourcing device provided by an embodiment of the present disclosure. The data outsourcing device 110 may include a processor 1101, an input unit (input device) 1102, an output unit (output device) 1103, and a memory 1104. Optionally, the data sending device may further include a communication unit 1105 and a bus 1106. The processor 1101, an input unit 1102, an output unit 1103, a memory 1104, and a communication unit 1105 may be connected to each other through the bus 1106. The memory 1104 may be a high-speed RAM memory, or a non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory 1104 may also be at least one storage system located far away from the foregoing processor 1101. The memory 1104 is used to store application program codes, which may include an operating system, a network communication module, a user interface module, and a data outbound program. The communication unit 1105 is used to exchange information with external units; the processor 1101 is configured to call the program Code, perform the following steps:
处理器1101获取对外数据;所述对外数据包括对外邮件和对外文件;The processor 1101 obtains external data; the external data includes external mail and external files;
处理器1101基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件;The processor 1101 performs security detection on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external mail from the external file;
处理器1101在所述对外数据为所述对外邮件的情况下,向目标对象发送通过安全检测的所述对外邮件;When the external data is the external mail, the processor 1101 sends the external mail that has passed the security check to the target object;
处理器1101在所述对外数据为所述对外文件的情况下,根据所述目标对象的等级和所述对外文件的等级,分配所述对外文件被所述目标对象查看的查看方式。When the external data is the external file, the processor 1101 allocates a viewing mode for the external file to be viewed by the target object according to the level of the target object and the level of the external file.
处理器1101基于所述第一标识确定所述对外数据为所述对外邮件;提取所述对外邮件内容;所述对外邮件内容至少包括邮件收件人、邮件主题、邮件正文、邮件附件;利用敏 感内容匹配算法对所述对外邮件内容进行安全检测;所述敏感内容匹配算法包括:正则匹配算法、关键字匹配算法、机器学习匹配算法。The processor 1101 determines that the external data is the external mail based on the first identifier; extracts the content of the external mail; the content of the external mail includes at least the mail recipient, the mail subject, the mail body, and the mail attachment; The content matching algorithm performs security detection on the content of the external mail; the sensitive content matching algorithm includes: a regular matching algorithm, a keyword matching algorithm, and a machine learning matching algorithm.
处理器1101基于所述第一标识确定所述对外数据为所述对外文件;检测上传所述文件的登录账号等级,基于所述登录账号等级确定所述文件的安全检测机制;所述安全检测机制至少包括:免审、轻度审核、严格审核;根据所述安全检测机制对所述对外文件进行安全检测。The processor 1101 determines that the external data is the external file based on the first identifier; detects the login account level of the uploaded file, and determines the security detection mechanism of the file based on the login account level; the security detection mechanism It includes at least: exemption from review, light review, and strict review; performing security testing on the external file according to the security testing mechanism.
处理器1101基于所述安全检测机制提取所述对外文件内容;对所述对外文件内容进行安全检测。The processor 1101 extracts the content of the external file based on the security detection mechanism; performs security detection on the content of the external file.
处理器1101在所述安全检测机制为轻度审核的情况下,提取所述对外文件的标题以及对外文件正文中所含的电话号码;在所述安全检测机制为严格审核的情况下,提取所述文件的标题、正文内容。The processor 1101 extracts the title of the external document and the telephone number contained in the body of the external document when the security detection mechanism is a light audit; when the security detection mechanism is a strict audit, extracts all The title and body content of the document.
处理器1101基于预先建立的所述对外文件的等级和所述目标对象的等级之间的映射关系分配对外文件被所述目标对象查看的查看方式。The processor 1101 assigns a viewing mode for the external file to be viewed by the target object based on a pre-established mapping relationship between the level of the external file and the level of the target object.
在本公开实施例中,可以获取对外数据;所述对外数据包括对外邮件和对外文件;基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件;在所述对外数据为所述对外邮件的情况下,向目标对象发送通过安全检测的所述对外邮件;在所述对外数据为所述对外文件的情况下,根据所述目标对象的等级和所述对外文件的等级,分配所述对外文件被所述目标对象查看的查看方式。在安全检测的时候可以检测出包含保密数据的对外数据,包含保密数据的对外邮件会被退回给发件人。只有通过安全检测的对外数据才可以外发。这样,可以避免外发的对外数据中包含不允许外发的保密数据。并且,第三方只可以查看重要文件,重要文件不要落地到第三方,保证了信息安全。In the embodiment of the present disclosure, external data can be obtained; the external data includes external mail and external files; the security detection is performed on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external data Mail and the external file; in the case where the external data is the external mail, the external mail that has passed the security check is sent to the target object; in the case where the external data is the external file, according to the According to the level of the target object and the level of the external file, a viewing mode for the external file to be viewed by the target object is assigned. During the security check, external data containing confidential data can be detected, and external mail containing confidential data will be returned to the sender. Only external data that has passed the security test can be sent out. In this way, it is possible to prevent the outgoing external data from containing confidential data that is not allowed to be sent out. In addition, third parties can only view important files, and important files should not be sent to third parties to ensure information security.
需要说明的是,本公开实施例中的数据外发设备110为上述图2实施例中的数据外发设备,具体可对应参考上述各方法实施例中图1实施例的具体实现方式,这里不再赘述。It should be noted that the data outgoing device 110 in the embodiment of the present disclosure is the data outgoing device in the embodiment of FIG. 2 described above. For details, please refer to the specific implementation of the embodiment of FIG. 1 in the foregoing method embodiments. Go into details again.
本申请实施例还提供一种计算机(可读)存储介质,其中,该计算机存储介质可存储有程序。可选的,该程序如计算机程序可以包括程序指令。其中,该程序(或程序指令)执行时包括上述方法实施例中记载的任意一种的部分或全部步骤。可选的,该程序如计算机程序可以包括程序指令,该程序指令当被处理器执行时使处理器执行上述方法实施例中记载的任意一种的部分或全部步骤。例如,该程序(或程序指令)被处理器执行时,可实现以下方法:获取对外数据;所述对外数据包括:对外邮件、对外文件;基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件;在所述对外数据为所述对外邮件的情况下,向目标对象发送通过安全检测的所述对外邮件;在所述对外数据为所述对外文件的情况下,根据所述目标对象的等级和所述对外文件的等级,分配所述对外文件被所述目标对象查看的查看方式。可选的,该程序(或程序指令)被处理器执行时,还可实现上述实施例中方法的其他步骤,这里不再赘述。The embodiments of the present application also provide a computer (readable) storage medium, wherein the computer storage medium can store a program. Optionally, the program, such as a computer program, may include program instructions. Wherein, the program (or program instruction) includes part or all of the steps of any one of the above method embodiments when executed. Optionally, the program, such as a computer program, may include program instructions that, when executed by a processor, cause the processor to perform part or all of the steps of any one of the foregoing method embodiments. For example, when the program (or program instruction) is executed by the processor, the following methods can be implemented: obtain external data; the external data includes: external mail, external files; and secure the external data based on the first identifier of the external data Detection; the first identifier is used to distinguish the external mail and the external file; in the case that the external data is the external mail, the external mail that has passed the security detection is sent to the target object; in the When the external data is the external file, according to the level of the target object and the level of the external file, a viewing mode for the external file to be viewed by the target object is allocated. Optionally, when the program (or program instruction) is executed by the processor, other steps of the method in the foregoing embodiment may also be implemented, which will not be repeated here.
可选的,本申请涉及的存储介质如计算机可读存储介质可以是非易失性的,也可以是易失性的。Optionally, the storage medium involved in this application, such as a computer-readable storage medium, may be non-volatile or volatile.
本申请实施例还提供一种计算机程序,该计算机程序包括指令,当该计算机程序被计算机执行时,使得计算机可以执行任意一种文本转档方法的部分或全部步骤。The embodiments of the present application also provide a computer program, which includes instructions, when the computer program is executed by a computer, the computer can execute part or all of the steps of any text conversion method.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为U盘、磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。A person of ordinary skill in the art can understand that all or part of the processes in the above-mentioned embodiment methods can be implemented by instructing relevant hardware through a computer program. The program can be stored in a computer readable storage medium. During execution, it may include the procedures of the above-mentioned method embodiments. Wherein, the storage medium may be a U disk, a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM), etc.
本公开可以是系统、方法和/或计算机程序产品。计算机程序产品可以包括计算机可读存储介质,其上载有用于使处理器实现本公开的各个方面的计算机可读程序指令。The present disclosure may be a system, method and/or computer program product. The computer program product may include a computer-readable storage medium loaded with computer-readable program instructions for enabling a processor to implement various aspects of the present disclosure.
计算机可读存储介质可以是可以保持和存储由指令执行设备使用的指令的有形设备。计算机可读存储介质例如可以是――但不限于――电存储设备、磁存储设备、光存储设备、电磁存储设备、半导体存储设备或者上述的任意合适的组合。计算机可读存储介质的更具体的例子(非穷举的列表)包括:便携式计算机盘、硬盘、随机存取存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、静态随机存取存储器(SRAM)、便携式压缩盘只读存储器(CD-ROM)、数字多功能盘(DVD)、记忆棒、软盘、机械编码设备、例如其上存储有指令的打孔卡或凹槽内凸起结构、以及上述的任意合适的组合。这里所使用的计算机可读存储介质不被解释为瞬时信号本身,诸如无线电波或者其他自由传播的电磁波、通过波导或其他传输媒介传播的电磁波(例如,通过光纤电缆的光脉冲)、或者通过电线传输的电信号。The computer-readable storage medium may be a tangible device that can hold and store instructions used by the instruction execution device. The computer-readable storage medium may be, for example, but not limited to, an electrical storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. More specific examples (non-exhaustive list) of computer-readable storage media include: portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM) Or flash memory), static random access memory (SRAM), portable compact disk read-only memory (CD-ROM), digital versatile disk (DVD), memory stick, floppy disk, mechanical encoding device, such as a printer with instructions stored thereon The protruding structure in the hole card or the groove, and any suitable combination of the above. The computer-readable storage medium used here is not interpreted as the instantaneous signal itself, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (for example, light pulses through fiber optic cables), or through wires Transmission of electrical signals.
这里所描述的计算机可读程序指令可以从计算机可读存储介质下载到各个计算/处理装置,或者通过网络、例如因特网、局域网、广域网和/或无线网下载到外部计算机或外部存储设备。网络可以包括铜传输电缆、光纤传输、无线传输、路由器、防火墙、交换机、网关计算机和/或边缘服务器。每个计算/处理装置中的网络适配卡或者网络接口从网络接收计算机可读程序指令,并转发该计算机可读程序指令,以供存储在各个计算/处理装置中的计算机可读存储介质中。The computer-readable program instructions described herein can be downloaded from a computer-readable storage medium to various computing/processing devices, or downloaded to an external computer or external storage device via a network, such as the Internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, optical fiber transmission, wireless transmission, routers, firewalls, switches, gateway computers, and/or edge servers. The network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network, and forwards the computer-readable program instructions for storage in the computer-readable storage medium in each computing/processing device .
用于执行本公开操作的计算机程序指令可以是汇编指令、指令集架构(ISA)指令、机器指令、机器相关指令、微代码、固件指令、状态设置数据、或者以一种或多种编程语言的任意组合编写的源代码或目标代码,所述编程语言包括面向对象的编程语言—诸如Smalltalk、C++等,以及常规的过程式编程语言—诸如“C”语言或类似的编程语言。计算机可读程序指令可以完全地在用户计算机上执行、部分地在用户计算机上执行、作为一个独立的软件包执行、部分在用户计算机上部分在远程计算机上执行、或者完全在远程计算机或服务器上执行。在涉及远程计算机的情形中,远程计算机可以通过任意种类的网络—包括局域网(LAN)或广域网(WAN)—连接到用户计算机,或者,可以连接到外部计算机(例如利用因特网服务提供商来通过因特网连接)。在一些实施例中,通过利用计算机可读程序指令的状态信息来个性化定制电子电路,例如可编程逻辑电路、现场可编程门阵列(FPGA)或可编程逻辑阵列(PLA),该电子电路可以执行计算机可读程序指令,从而实现本公开的各个方面。The computer program instructions used to perform the operations of the present disclosure may be assembly instructions, instruction set architecture (ISA) instructions, machine instructions, machine-related instructions, microcode, firmware instructions, state setting data, or in one or more programming languages. Source code or object code written in any combination, the programming language includes object-oriented programming languages such as Smalltalk, C++, etc., and conventional procedural programming languages such as "C" language or similar programming languages. Computer-readable program instructions can be executed entirely on the user's computer, partly on the user's computer, executed as a stand-alone software package, partly on the user's computer and partly executed on a remote computer, or entirely on the remote computer or server carried out. In the case of a remote computer, the remote computer can be connected to the user's computer through any kind of network, including a local area network (LAN) or a wide area network (WAN), or it can be connected to an external computer (for example, using an Internet service provider to access the Internet). connection). In some embodiments, an electronic circuit, such as a programmable logic circuit, a field programmable gate array (FPGA), or a programmable logic array (PLA), can be customized by using the status information of the computer-readable program instructions. The computer-readable program instructions are executed to realize various aspects of the present disclosure.
这里参照根据本公开实施例的方法、装置(系统)和计算机程序产品的流程图和/或框图描述了本公开的各个方面。应当理解,流程图和/或框图的每个方框以及流程图和/或框图中各方框的组合,都可以由计算机可读程序指令实现。Various aspects of the present disclosure are described herein with reference to flowcharts and/or block diagrams of methods, apparatuses (systems) and computer program products according to embodiments of the present disclosure. It should be understood that each block of the flowcharts and/or block diagrams, and combinations of blocks in the flowcharts and/or block diagrams, can be implemented by computer-readable program instructions.
这些计算机可读程序指令可以提供给通用计算机、专用计算机或其它可编程数据处理装置的处理器,从而生产出一种机器,使得这些指令在通过计算机或其它可编程数据处理装置的处理器执行时,产生了实现流程图和/或框图中的一个或多个方框中规定的功能/动作的装置。也可以把这些计算机可读程序指令存储在计算机可读存储介质中,这些指令使得计算机、可编程数据处理装置和/或其他设备以特定方式工作,从而,存储有指令的计算机可读介质则包括一个制造品,其包括实现流程图和/或框图中的一个或多个方框中规定的功能/动作的各个方面的指令。These computer-readable program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, or other programmable data processing device, thereby producing a machine that makes these instructions when executed by the processor of the computer or other programmable data processing device , A device that implements the functions/actions specified in one or more blocks in the flowcharts and/or block diagrams is produced. It is also possible to store these computer-readable program instructions in a computer-readable storage medium. These instructions make computers, programmable data processing apparatuses, and/or other devices work in a specific manner. Thus, the computer-readable medium storing the instructions includes An article of manufacture, which includes instructions for implementing various aspects of the functions/actions specified in one or more blocks in the flowcharts and/or block diagrams.
也可以把计算机可读程序指令加载到计算机、其它可编程数据处理装置、或其它设备上,使得在计算机、其它可编程数据处理装置或其它设备上执行一系列操作步骤,以产生计算机实现的过程,从而使得在计算机、其它可编程数据处理装置、或其它设备上执行的指令实现流程图和/或框图中的一个或多个方框中规定的功能/动作。It is also possible to load computer-readable program instructions on a computer, other programmable data processing device, or other equipment, so that a series of operation steps are executed on the computer, other programmable data processing device, or other equipment to produce a computer-implemented process , So that the instructions executed on the computer, other programmable data processing apparatus, or other equipment realize the functions/actions specified in one or more blocks in the flowcharts and/or block diagrams.
附图中的流程图和框图显示了根据本公开的多个实施例的系统、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上,流程图或框图中的每个方框可以代表一个模块、程序段或指令的一部分,所述模块、程序段或指令的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。在有些作为替换的实现中,方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如,两个连续的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这依所涉及的功能而定。也要注意的是,框图和/或流程图中的每个方框、以及框图和/或流程图中的方框的组合,可以用执行规定的功能或动作的专用的基于硬件的系统来实现,或者可以用专用硬件与计算机指令的组合来实现。The flowcharts and block diagrams in the accompanying drawings show the possible implementation architecture, functions, and operations of the system, method, and computer program product according to multiple embodiments of the present disclosure. In this regard, each block in the flowchart or block diagram may represent a module, program segment, or part of an instruction, and the module, program segment, or part of an instruction contains one or more components for realizing the specified logical function. Executable instructions. In some alternative implementations, the functions marked in the block may also occur in a different order than the order marked in the drawings. For example, two consecutive blocks can actually be executed substantially in parallel, or they can sometimes be executed in the reverse order, depending on the functions involved. It should also be noted that each block in the block diagram and/or flowchart, and the combination of the blocks in the block diagram and/or flowchart, can be implemented by a dedicated hardware-based system that performs the specified functions or actions Or it can be realized by a combination of dedicated hardware and computer instructions.
以上所揭露的仅为本公开较佳实施例而已,当然不能以此来限定本公开之权利范围,因此依本公开权利要求所作的等同变化,仍属本公开所涵盖的范围。The above-disclosed are only the preferred embodiments of the present disclosure, which of course cannot be used to limit the scope of rights of the present disclosure. Therefore, equivalent changes made in accordance with the claims of the present disclosure still fall within the scope of the present disclosure.

Claims (20)

  1. 一种数据外发方法,应用于服务器,其中,包括:A data outgoing method, applied to the server, including:
    获取对外数据;所述对外数据包括:对外邮件、对外文件;Obtain external data; the external data includes: external mail and external files;
    基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件;Perform security detection on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external mail from the external file;
    在所述对外数据为所述对外邮件的情况下,向目标对象发送通过安全检测的所述对外邮件;In a case where the external data is the external mail, sending the external mail that has passed the security check to the target object;
    在所述对外数据为所述对外文件的情况下,根据所述目标对象的等级和所述对外文件的等级,分配所述对外文件被所述目标对象查看的查看方式。In the case where the external data is the external file, according to the level of the target object and the level of the external file, a viewing mode in which the external file is viewed by the target object is assigned.
  2. 根据权利要求1所述的方法,其中,所述基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件,包括:The method according to claim 1, wherein said performing security detection on said external data based on a first identification of external data; said first identification for distinguishing said external mail from said external file, comprising:
    若基于所述第一标识确定所述对外数据为所述对外邮件;If it is determined that the external data is the external mail based on the first identifier;
    则提取所述对外邮件内容;所述对外邮件内容至少包括邮件收件人、邮件主题、邮件正文、邮件附件;Extract the content of the external mail; the content of the external mail includes at least the recipient, the subject of the mail, the body of the mail, and the attachment of the mail;
    利用敏感内容匹配算法对所述对外邮件内容进行安全检测;所述敏感内容匹配算法包括:正则匹配算法、关键字匹配算法、机器学习匹配算法。A sensitive content matching algorithm is used to perform security detection on the external mail content; the sensitive content matching algorithm includes: a regular matching algorithm, a keyword matching algorithm, and a machine learning matching algorithm.
  3. 根据权利要求1所述的方法,其中,所述基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件,包括:The method according to claim 1, wherein said performing security detection on said external data based on a first identification of external data; said first identification for distinguishing said external mail from said external file, comprising:
    若基于所述第一标识确定所述对外数据为所述对外文件;If it is determined that the external data is the external file based on the first identifier;
    则检测上传所述文件的登录账号等级,基于所述登录账号等级确定所述文件的安全检测机制;所述安全检测机制至少包括:免审、轻度审核、严格审核;The login account level of the uploaded file is detected, and the security detection mechanism of the file is determined based on the login account level; the security detection mechanism includes at least: exemption from review, light review, and strict review;
    根据所述安全检测机制对所述对外文件进行安全检测。Perform a security check on the external file according to the security check mechanism.
  4. 根据权利要求3所述的方法,其中,所述根据所述安全检测机制对所述对外文件进行安全检测,包括:The method according to claim 3, wherein said performing security detection on said external file according to said security detection mechanism comprises:
    基于所述安全检测机制提取所述对外文件内容;Extracting the content of the external file based on the security detection mechanism;
    对所述对外文件内容进行安全检测。Perform security inspection on the content of the external file.
  5. 根据权利要求4所述的方法,其中,所述基于所述安全检测机制提取所述对外文件内容,包括:The method according to claim 4, wherein said extracting the content of the external file based on the security detection mechanism comprises:
    在所述安全检测机制为轻度审核的情况下,提取所述对外文件的标题以及对外文件正文中所含的电话号码;In the case that the security detection mechanism is a light audit, extract the title of the external document and the telephone number contained in the body of the external document;
    在所述安全检测机制为严格审核的情况下,提取所述文件的标题、正文内容。In the case that the security detection mechanism is strict review, the title and body content of the file are extracted.
  6. 根据权利要求1所述的方法,其中,所述在所述对外数据为所述对外文件的情况下,根据所述目标对象的等级和所述对外文件的等级,分配所述对外文件被所述目标对象查看的查看方式,包括:The method according to claim 1, wherein, in the case that the external data is the external file, the external file is allocated to the external file according to the level of the target object and the level of the external file. The viewing methods for the target audience include:
    基于预先建立的所述对外文件的等级和所述目标对象的等级之间的映射关系分配对外文件被所述目标对象查看的查看方式。Based on a pre-established mapping relationship between the level of the external file and the level of the target object, a viewing mode for the external file to be viewed by the target object is assigned.
  7. 根据权利要求6所述的方法,其中,所述对外文件被所述目标对象查看的查看方式至少包括:所述对外文件的加密链接、临时登录账号。The method according to claim 6, wherein the viewing mode of the external file being viewed by the target object at least includes: an encrypted link of the external file and a temporary login account.
  8. 一种数据外发装置,其中,包括:A data outsourcing device, which includes:
    获取单元,用于获取对外数据;所述对外数据包括:对外邮件、对外文件;The obtaining unit is used to obtain external data; the external data includes: external mail and external files;
    检测单元,用于基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件;The detection unit is configured to perform security detection on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external mail from the external file;
    发送单元,用于在所述对外数据为所述对外邮件的情况下,向目标对象发送通过安全检测的所述对外邮件;A sending unit, configured to send the external mail that has passed the security check to the target object when the external data is the external mail;
    分配单元,用于在所述对外数据为所述对外文件的情况下,根据所述目标对象的等级和所述对外文件的等级,分配所述对外文件被所述目标对象查看的查看方式。The allocating unit is configured to, when the external data is the external file, allocate the viewing mode of the external file to be viewed by the target object according to the level of the target object and the level of the external file.
  9. 一种数据外发设备,其中,包括处理器、输入设备、输出设备和存储器,所述处理器、输入设备、输出设备和存储器相互连接,其中,所述存储器用于存储应用程序代码,所述处理器被配置用于调用所述程序代码,执行以下方法:A device for sending out data, including a processor, an input device, an output device, and a memory. The processor, input device, output device, and memory are connected to each other, wherein the memory is used to store application program code, and the The processor is configured to call the program code and execute the following methods:
    获取对外数据;所述对外数据包括:对外邮件、对外文件;Obtain external data; the external data includes: external mail and external files;
    基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件;Perform security detection on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external mail from the external file;
    在所述对外数据为所述对外邮件的情况下,向目标对象发送通过安全检测的所述对外邮件;In a case where the external data is the external mail, sending the external mail that has passed the security check to the target object;
    在所述对外数据为所述对外文件的情况下,根据所述目标对象的等级和所述对外文件的等级,分配所述对外文件被所述目标对象查看的查看方式。In the case where the external data is the external file, according to the level of the target object and the level of the external file, a viewing mode in which the external file is viewed by the target object is assigned.
  10. 根据权利要求9所述的设备,其中,所述基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件时,具体执行:The device according to claim 9, wherein said first identifier based on said external data performs security detection on said external data; said first identifier is used to distinguish between said external mail and said external file. :
    若基于所述第一标识确定所述对外数据为所述对外邮件;If it is determined that the external data is the external mail based on the first identifier;
    则提取所述对外邮件内容;所述对外邮件内容至少包括邮件收件人、邮件主题、邮件正文、邮件附件;Extract the content of the external mail; the content of the external mail includes at least the recipient, the subject of the mail, the body of the mail, and the attachment of the mail;
    利用敏感内容匹配算法对所述对外邮件内容进行安全检测;所述敏感内容匹配算法包括:正则匹配算法、关键字匹配算法、机器学习匹配算法。A sensitive content matching algorithm is used to perform security detection on the external mail content; the sensitive content matching algorithm includes: a regular matching algorithm, a keyword matching algorithm, and a machine learning matching algorithm.
  11. 根据权利要求9所述的设备,其中,所述基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件时,具体执行:The device according to claim 9, wherein said first identifier based on said external data performs security detection on said external data; said first identifier is used to distinguish between said external mail and said external file. :
    若基于所述第一标识确定所述对外数据为所述对外文件;If it is determined that the external data is the external file based on the first identifier;
    则检测上传所述文件的登录账号等级,基于所述登录账号等级确定所述文件的安全检测机制;所述安全检测机制至少包括:免审、轻度审核、严格审核;The login account level of the uploaded file is detected, and the security detection mechanism of the file is determined based on the login account level; the security detection mechanism includes at least: exemption from review, light review, and strict review;
    根据所述安全检测机制对所述对外文件进行安全检测。Perform a security check on the external file according to the security check mechanism.
  12. 根据权利要求11所述的设备,其中,所述根据所述安全检测机制对所述对外文件进行安全检测时,具体执行:The device according to claim 11, wherein when the security detection of the external file is performed according to the security detection mechanism, the following is specifically executed:
    基于所述安全检测机制提取所述对外文件内容;Extracting the content of the external file based on the security detection mechanism;
    对所述对外文件内容进行安全检测。Perform security inspection on the content of the external file.
  13. 根据权利要求12所述的设备,其中,所述基于所述安全检测机制提取所述对外文件内容时,具体执行:The device according to claim 12, wherein, when extracting the content of the external file based on the security detection mechanism, specifically execute:
    在所述安全检测机制为轻度审核的情况下,提取所述对外文件的标题以及对外文件正文中所含的电话号码;In the case that the security detection mechanism is a light audit, extract the title of the external document and the telephone number contained in the body of the external document;
    在所述安全检测机制为严格审核的情况下,提取所述文件的标题、正文内容。In the case that the security detection mechanism is strict review, the title and body content of the file are extracted.
  14. 根据权利要求9所述的设备,其中,所述在所述对外数据为所述对外文件的情况下,根据所述目标对象的等级和所述对外文件的等级,分配所述对外文件被所述目标对象查看的查看方式时,具体执行:The device according to claim 9, wherein, in the case that the external data is the external file, the external file is allocated to the external file according to the level of the target object and the level of the external file. When viewing the viewing mode of the target object, the specific implementation is as follows:
    基于预先建立的所述对外文件的等级和所述目标对象的等级之间的映射关系分配对外文件被所述目标对象查看的查看方式。Based on a pre-established mapping relationship between the level of the external file and the level of the target object, a viewing mode for the external file to be viewed by the target object is assigned.
  15. 一种计算机可读存储介质,其中,所述计算机可读存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令当被处理器执行时使所述处理器执行以下方法:A computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, and the computer program includes program instructions that, when executed by a processor, cause the processor to perform the following method:
    获取对外数据;所述对外数据包括:对外邮件、对外文件;Obtain external data; the external data includes: external mail and external files;
    基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述 对外邮件和所述对外文件;Perform security detection on the external data based on the first identifier of the external data; the first identifier is used to distinguish the external mail from the external file;
    在所述对外数据为所述对外邮件的情况下,向目标对象发送通过安全检测的所述对外邮件;In a case where the external data is the external mail, sending the external mail that has passed the security check to the target object;
    在所述对外数据为所述对外文件的情况下,根据所述目标对象的等级和所述对外文件的等级,分配所述对外文件被所述目标对象查看的查看方式。In the case where the external data is the external file, according to the level of the target object and the level of the external file, a viewing mode in which the external file is viewed by the target object is assigned.
  16. 根据权利要求15所述的计算机可读存储介质,其中,所述基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件时,具体执行:The computer-readable storage medium according to claim 15, wherein the first identification of the external data is used to perform a security check on the external data; the first identification is used to distinguish the external mail from the external file When, the specific implementation:
    若基于所述第一标识确定所述对外数据为所述对外邮件;If it is determined that the external data is the external mail based on the first identifier;
    则提取所述对外邮件内容;所述对外邮件内容至少包括邮件收件人、邮件主题、邮件正文、邮件附件;Extract the content of the external mail; the content of the external mail includes at least the recipient, the subject of the mail, the body of the mail, and the attachment of the mail;
    利用敏感内容匹配算法对所述对外邮件内容进行安全检测;所述敏感内容匹配算法包括:正则匹配算法、关键字匹配算法、机器学习匹配算法。A sensitive content matching algorithm is used to perform security detection on the external mail content; the sensitive content matching algorithm includes: a regular matching algorithm, a keyword matching algorithm, and a machine learning matching algorithm.
  17. 根据权利要求15所述的计算机可读存储介质,其中,所述基于对外数据的第一标识对所述对外数据进行安全检测;所述第一标识用于区分所述对外邮件和所述对外文件时,具体执行:The computer-readable storage medium according to claim 15, wherein the first identification of the external data is used to perform a security check on the external data; the first identification is used to distinguish the external mail from the external file When, the specific implementation:
    若基于所述第一标识确定所述对外数据为所述对外文件;If it is determined that the external data is the external file based on the first identifier;
    则检测上传所述文件的登录账号等级,基于所述登录账号等级确定所述文件的安全检测机制;所述安全检测机制至少包括:免审、轻度审核、严格审核;The login account level of the uploaded file is detected, and the security detection mechanism of the file is determined based on the login account level; the security detection mechanism includes at least: exemption from review, light review, and strict review;
    根据所述安全检测机制对所述对外文件进行安全检测。Perform a security check on the external file according to the security check mechanism.
  18. 根据权利要求17所述的计算机可读存储介质,其中,所述根据所述安全检测机制对所述对外文件进行安全检测时,具体执行:18. The computer-readable storage medium according to claim 17, wherein when the security detection of the external file is performed according to the security detection mechanism, the following is specifically executed:
    基于所述安全检测机制提取所述对外文件内容;Extracting the content of the external file based on the security detection mechanism;
    对所述对外文件内容进行安全检测。Perform security inspection on the content of the external file.
  19. 根据权利要求18所述的计算机可读存储介质,其中,所述基于所述安全检测机制提取所述对外文件内容时,具体执行:18. The computer-readable storage medium according to claim 18, wherein when the content of the external file is extracted based on the security detection mechanism, the following is specifically executed:
    在所述安全检测机制为轻度审核的情况下,提取所述对外文件的标题以及对外文件正文中所含的电话号码;In the case that the security detection mechanism is a light audit, extract the title of the external document and the telephone number contained in the body of the external document;
    在所述安全检测机制为严格审核的情况下,提取所述文件的标题、正文内容。In the case that the security detection mechanism is strict review, the title and body content of the file are extracted.
  20. 根据权利要求15所述的计算机可读存储介质,其中,所述在所述对外数据为所述对外文件的情况下,根据所述目标对象的等级和所述对外文件的等级,分配所述对外文件被所述目标对象查看的查看方式时,具体执行:The computer-readable storage medium according to claim 15, wherein, in the case that the external data is the external file, the external file is allocated according to the level of the target object and the level of the external file. When the file is viewed by the target object, the specific implementation is as follows:
    基于预先建立的所述对外文件的等级和所述目标对象的等级之间的映射关系分配对外文件被所述目标对象查看的查看方式。Based on a pre-established mapping relationship between the level of the external file and the level of the target object, a viewing mode for the external file to be viewed by the target object is assigned.
PCT/CN2020/119332 2019-10-10 2020-09-30 Data outgoing method and device, and related apparatus WO2021068835A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910965731.2A CN110855611B (en) 2019-10-10 2019-10-10 Data outgoing method, device and related equipment
CN201910965731.2 2019-10-10

Publications (1)

Publication Number Publication Date
WO2021068835A1 true WO2021068835A1 (en) 2021-04-15

Family

ID=69596372

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/119332 WO2021068835A1 (en) 2019-10-10 2020-09-30 Data outgoing method and device, and related apparatus

Country Status (2)

Country Link
CN (1) CN110855611B (en)
WO (1) WO2021068835A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117077130A (en) * 2023-08-31 2023-11-17 北京火山引擎科技有限公司 File detection method, device, electronic equipment and readable medium

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110855611B (en) * 2019-10-10 2021-11-09 平安科技(深圳)有限公司 Data outgoing method, device and related equipment
CN111698242A (en) * 2020-06-09 2020-09-22 北京字节跳动网络技术有限公司 Mail forward proxy method, device, system, storage medium and electronic equipment
CN113992621A (en) * 2021-09-08 2022-01-28 厦门天锐科技股份有限公司 System and method for mail outgoing examination and approval
CN115996152B (en) * 2023-03-23 2023-06-09 北京腾达泰源科技有限公司 Security protection method, device, equipment and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090287654A1 (en) * 2008-05-19 2009-11-19 Yoshinori Sato Device for identifying electronic file based on assigned identifier
CN102118383A (en) * 2009-12-30 2011-07-06 凹凸电子(武汉)有限公司 Method for identifying email and method for identifying email servers
CN103209174A (en) * 2013-03-12 2013-07-17 华为技术有限公司 Data protection method, device and system
CN105893864A (en) * 2015-12-10 2016-08-24 乐视网信息技术(北京)股份有限公司 Data file confusion method and system, and client side
CN107888484A (en) * 2017-11-29 2018-04-06 北京明朝万达科技股份有限公司 A kind of email processing method and system
CN109450929A (en) * 2018-12-13 2019-03-08 成都亚信网络安全产业技术研究院有限公司 A kind of safety detection method and device
CN110855611A (en) * 2019-10-10 2020-02-28 平安科技(深圳)有限公司 Data outgoing method, device and related equipment

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9166941B2 (en) * 2007-04-24 2015-10-20 Microsoft Technology Licensing, Llc Synchronizing email messages between external and local email servers and/or a wireless device
CN103561091A (en) * 2013-10-31 2014-02-05 上海上讯信息技术有限公司 Document outgoing control system and method
CN104778415B (en) * 2015-02-06 2018-02-27 北京北信源软件股份有限公司 A kind of leakage-preventing system and method for data based on computer behavior
CN105512565A (en) * 2015-11-26 2016-04-20 浪潮电子信息产业股份有限公司 Method and server for preventing electronic document leakage
CN106446707A (en) * 2016-08-31 2017-02-22 北京明朝万达科技股份有限公司 Dynamic data leakage prevention system and method
CN108304695A (en) * 2018-01-30 2018-07-20 云易天成(北京)安全科技开发有限公司 Anti-data-leakage control method, the system of object oriented file outgoing
CN108600081A (en) * 2018-03-26 2018-09-28 北京明朝万达科技股份有限公司 A kind of method and device that mail outgoing achieves, Mail Gateway

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090287654A1 (en) * 2008-05-19 2009-11-19 Yoshinori Sato Device for identifying electronic file based on assigned identifier
CN102118383A (en) * 2009-12-30 2011-07-06 凹凸电子(武汉)有限公司 Method for identifying email and method for identifying email servers
CN103209174A (en) * 2013-03-12 2013-07-17 华为技术有限公司 Data protection method, device and system
CN105893864A (en) * 2015-12-10 2016-08-24 乐视网信息技术(北京)股份有限公司 Data file confusion method and system, and client side
CN107888484A (en) * 2017-11-29 2018-04-06 北京明朝万达科技股份有限公司 A kind of email processing method and system
CN109450929A (en) * 2018-12-13 2019-03-08 成都亚信网络安全产业技术研究院有限公司 A kind of safety detection method and device
CN110855611A (en) * 2019-10-10 2020-02-28 平安科技(深圳)有限公司 Data outgoing method, device and related equipment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117077130A (en) * 2023-08-31 2023-11-17 北京火山引擎科技有限公司 File detection method, device, electronic equipment and readable medium

Also Published As

Publication number Publication date
CN110855611A (en) 2020-02-28
CN110855611B (en) 2021-11-09

Similar Documents

Publication Publication Date Title
WO2021068835A1 (en) Data outgoing method and device, and related apparatus
US20210344724A1 (en) Systems and Methods for Protecting Contents and Accounts
US10404553B2 (en) Method, system and computer program product for interception, quarantine and moderation of internal communications of uncontrolled systems
US20210141933A1 (en) Safeguarding confidential information during a screen share session
US9626528B2 (en) Data leak prevention enforcement based on learned document classification
US10296751B2 (en) Automated real-time information management risk assessor
US10360402B2 (en) Intercepting sensitive data using hashed candidates
US11256825B2 (en) Systems and methods for securing data in electronic communications
CN112262388A (en) Protecting Personal Identity Information (PII) using tagging and persistence of PII
US20180255099A1 (en) Security and compliance alerts based on content, activities, and metadata in cloud
US11036800B1 (en) Systems and methods for clustering data to improve data analytics
US20140331338A1 (en) Device and method for preventing confidential data leaks
US11297024B1 (en) Chat-based systems and methods for data loss prevention
US20230153447A1 (en) Automatic generation of security labels to apply encryption
US20170093776A1 (en) Content redaction
US20180176167A1 (en) Email chain navigation
US11489818B2 (en) Dynamically redacting confidential information
US20170351855A1 (en) Identifying sensitive information in a communication based on network communications history
US11537668B2 (en) Using a machine learning system to process a corpus of documents associated with a user to determine a user-specific and/or process-specific consequence index
US11146515B2 (en) Visitor invitation management
US20230094317A1 (en) Method for concealing sensitive mail return addresses
US11151248B1 (en) Increasing zero-day malware detection throughput on files attached to emails
US11061630B1 (en) Intelligent management of data in printing operations
Murdoch et al. The sources and characteristics of electronic evidence and artificial intelligence
US9516038B2 (en) Identification of unauthorized disclosure

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20874707

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20874707

Country of ref document: EP

Kind code of ref document: A1