File transmission method, device and equipment and computer readable storage medium
By determining the sensitivity level based on user identity and file attributes, and adopting an adaptive transfer method, the problem of low file transfer security is solved, and a higher level of security for file transfer is achieved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- LIAONING MOBILE COMM
- Filing Date
- 2021-04-16
- Publication Date
- 2026-07-03
AI Technical Summary
The existing file transfer methods are simplistic and do not assess the security risks of each file transfer, resulting in low file transfer security.
Based on user identity information and target file attribute information, the sensitivity level of file transmission is determined, and the corresponding transmission method is matched, including plaintext transmission, encrypted transmission, de-identification processing, and vault approval, to control the file transmission process.
Differentiated transmission methods improve file transfer security, adapt to file transfer needs of different sensitivity levels, and enhance file transfer security.
Smart Images

Figure CN115221545B_ABST
Abstract
Description
Technical Field
[0001] This application belongs to the field of communication technology, and in particular relates to a file transfer method, apparatus, device and computer-readable storage medium. Background Technology
[0002] File transfer can generally be understood as transferring a file or a part of it from one computer system to another. It is mainly carried out through file transfer network protocols (such as FTP or SFTP protocols) for file transfer (such as uploading or downloading).
[0003] The inventors of this application have discovered that the existing file transfer methods are too simplistic, failing to assess the security risks of each file transfer and lacking finer-grained classification of file transfer methods. For example, important files and ordinary files are transferred using the same method, resulting in a technical problem of low file transfer security. Summary of the Invention
[0004] This application provides a file transfer method, apparatus, device, and computer-readable storage medium, which can solve the technical problems of single file transfer method and low file transfer security in the prior art.
[0005] In a first aspect, embodiments of this application provide a file transfer method, the method comprising:
[0006] Receive a file transfer request from a first user. The file transfer request includes at least the first user's first user identity information and the first attribute information of the target file. The target file is the file that the first user requests to transfer.
[0007] The first sensitivity level of file transfer is determined based on the first user identity information and the first attribute information;
[0008] Based on the first sensitivity level, match the first transmission method corresponding to the first sensitivity level;
[0009] The transmission of the target file is controlled according to the first transmission method.
[0010] Secondly, embodiments of this application provide a file transfer device, the device comprising:
[0011] The receiving module is used to receive the file transfer request information of the first user. The file transfer request information includes at least the first user's first user identity information and the first attribute information of the target file. The target file is the file that the first user requests to transfer.
[0012] The determination module is used to determine the first sensitivity level of file transfer based on the first user identity information and the first attribute information;
[0013] The matching module is used to match the first transmission mode corresponding to the first sensitivity level.
[0014] The transmission module is used to control the transmission of the target file according to the first transmission method.
[0015] Thirdly, embodiments of this application provide an electronic device, which includes: a processor, a memory, and a computer program stored in the memory and executable on the processor. When the computer program is executed by the processor, it implements the steps of the file transfer method provided in the first aspect.
[0016] Fourthly, embodiments of this application provide a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, it implements the steps of the file transfer method provided in the first aspect.
[0017] The file transfer method, apparatus, device, and computer-readable storage medium of this application embodiment receive file transfer request information from a first user. The file transfer request information includes at least the first user's first user identity information and the first attribute information of a target file, where the target file is the file requested for transfer by the first user. Based on the first user identity information and the first attribute information, a first sensitivity level for file transfer is determined. Based on the first sensitivity level, a first transmission method corresponding to the first sensitivity level is matched. Based on the first transmission method, the transfer of the target file is controlled. This application embodiment assesses the security risks of file transfer based on user identity information and the attribute information of the target file to be transferred, determining the sensitivity level of file transfer. Then, based on the determined sensitivity level, a transmission method corresponding to that sensitivity level is adopted to control file transfer. By increasing the number of file transfer methods and adopting different transmission methods according to different sensitivity levels, the security of file transfer is effectively improved. Attached Figure Description
[0018] To more clearly illustrate the technical solutions of the embodiments of this application, the accompanying drawings used in the embodiments of this application will be briefly introduced below. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0019] Figure 1 A schematic flowchart illustrating a file transfer method provided in an embodiment of this application;
[0020] Figure 2 for Figure 1 A flowchart illustrating step S102 in the file transfer method shown;
[0021] Figure 3 A schematic flowchart illustrating another file transfer method provided in an embodiment of this application;
[0022] Figure 4 This is a schematic diagram of the structure of a file transfer device provided in an embodiment of this application;
[0023] Figure 5 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this application. Detailed Implementation
[0024] The features and exemplary embodiments of various aspects of this application will be described in detail below. To make the objectives, technical solutions, and advantages of this application clearer, the application will be further described in detail below with reference to the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described herein are only intended to explain this application and not to limit it. For those skilled in the art, this application can be implemented without some of these specific details. The following description of the embodiments is merely to provide a better understanding of this application by illustrating examples.
[0025] It should be noted that, in this document, relational terms such as "first" and "second" are used merely to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising..." does not exclude the presence of additional identical elements in the process, method, article, or apparatus that includes said element.
[0026] It should be understood that the term "and / or" used in this article is merely a description of the relationship between related objects, indicating that three relationships can exist. For example, A and / or B can represent: A existing alone, A and B existing simultaneously, and B existing alone. Additionally, the character " / " in this article generally indicates that the preceding and following related objects have an "or" relationship.
[0027] Before describing the technical solutions provided in the embodiments of this application, in order to facilitate understanding of the embodiments of this application, this application first specifically explains the problems existing in the related technologies:
[0028] In related technologies, file transfer generally includes the following processes:
[0029] 1) When transferring files, users submit a file transfer request to the file server by entering authentication information such as username and password;
[0030] 2) After receiving the user authentication information, the file server verifies the validity of the user password. If it is invalid, it rejects the subsequent file transfer request; if it is valid, it returns the user's file transfer interaction interface.
[0031] 3) Users can complete file transfers based on their folder permissions on the server, including file upload, download, and deletion.
[0032] The inventors of this application have discovered that the related technology has at least the following technical problems:
[0033] 1. It only performs simple authentication on the user's identity, without differentiating user levels, and cannot perform targeted control based on different user identity levels;
[0034] 2. The file server only performs simple access control on files and cannot provide differentiated services for different access needs and different access levels;
[0035] 3. The file transfer method is relatively simple. For users' file transfer needs, there are only two states: pass and reject. It is not possible to display specific forms of secure data for specific needs and roles.
[0036] In short, the existing file transfer methods are too simplistic, failing to assess the security risks of each file transfer and lacking finer-grained classification of file transfer methods. For example, important files and ordinary files are transferred using the same method, resulting in low file transfer security.
[0037] In view of the inventors’ above-mentioned research findings, the embodiments of this application provide a file transfer method, apparatus, device and computer-readable storage medium, which can solve the technical problems of single file transfer mode and low file transfer security in the prior art.
[0038] The technical concept of this application embodiment is as follows: First, based on the user's identity information and the attribute information of the target file to be transmitted, the security risk of file transmission is assessed to determine the sensitivity level of file transmission; then, based on the determined sensitivity level, the transmission method corresponding to the sensitivity level is adopted to control file transmission. While increasing the number of file transmission methods, different transmission methods are adopted according to different sensitivity levels, which effectively improves the security of file transmission.
[0039] The file transfer method provided in the embodiments of this application will be described below.
[0040] Figure 1 This is a schematic flowchart illustrating a file transfer method according to an embodiment of this application. Figure 1 As shown, the method may include the following steps:
[0041] S101. Receive file transfer request information from the first user; wherein, the file transfer request information includes at least the first user's first user identity information and the first attribute information of the target file, and the target file is the file requested to be transferred by the first user.
[0042] S102. Determine the first sensitivity level of file transfer based on the first user identity information and the first attribute information;
[0043] S103. Match the first transmission mode corresponding to the first sensitivity level according to the first sensitivity level;
[0044] S104. Control the transmission of the target file according to the first transmission method.
[0045] The specific implementation methods of the above steps will be described in detail below.
[0046] The file transfer method of this application embodiment receives file transfer request information from a first user. The file transfer request information includes at least the first user's first user identity information and the first attribute information of a target file, where the target file is the file requested for transfer by the first user. Based on the first user identity information and the first attribute information, a first sensitivity level for file transfer is determined. Based on the first sensitivity level, a first transmission method corresponding to the first sensitivity level is matched. Based on the first transmission method, the transfer of the target file is controlled. This application embodiment assesses the security risks of file transfer based on user identity information and the attribute information of the target file to be transferred, determining the sensitivity level of file transfer. Then, based on the determined sensitivity level, a transmission method corresponding to that sensitivity level is adopted to control file transfer. By increasing the number of file transfer methods and adopting different transmission methods according to different sensitivity levels, the security of file transfer is effectively improved.
[0047] The specific implementation methods for each of the above steps are described below.
[0048] First, let's introduce S101, which receives the file transfer request information from the first user.
[0049] In this application embodiment, the first user can be any one user or any number of users; this application does not limit this. In practical applications, the first user can send file transfer request information to a second electronic device through a first electronic device. For example, specifically, a client installed on the first electronic device can send file transfer request information to the second electronic device. Exemplarily, the first electronic device can be a terminal device, and the second electronic device can be a network-side device, which can further include a server.
[0050] In this embodiment, the file transfer request information may include the first user's identity information and the first attribute information of the target file. For example, the first user's identity information may include the first user's name, identification number, account number, or any information that can distinguish the user's identity. The first attribute information may include the target file's filename, encoding, or any information that can distinguish the file's identity.
[0051] The above describes the specific implementation of S101. The following describes the specific implementation of S102.
[0052] S102. Determine the first sensitivity level of file transfer based on the first user identity information and the first attribute information.
[0053] like Figure 2 As shown, in some embodiments, S102 may specifically include steps S1021, S1022 and S1023.
[0054] S1021. Determine the first user level corresponding to the first user identity information based on the first user identity information and the preset correspondence between user identity information and user level.
[0055] Specifically, prior to S1021, multiple user levels can be pre-set. For example, three user levels can be set: User Level 1, User Level 2, and User Level 3. User Level 1 might correspond to a user with a sensitive identity, User Level 2 to a regular user, and User Level 3 to an important user. It should be noted that the user level division can be flexibly set according to actual circumstances, and this application is not limited to this.
[0056] For each registered and legitimate user, a pre-defined mapping between user identity information and user level can be established. For example, user A's identity information corresponds to user level 1, user B's identity information corresponds to user level 2, and user C's identity information corresponds to user level 3.
[0057] In S1021, the first user level corresponding to the first user identity information is determined based on the first user identity information and the preset correspondence between user identity information and user level. For example, the first user level is user level 1.
[0058] S1022. Determine the first file level corresponding to the first attribute information based on the first attribute information and the preset correspondence between file attribute information and file level.
[0059] Similar to user levels, multiple file levels can be preset. For example, three file levels can be set: file level 1, file level 2, and file level 3. File level 1 corresponds to ordinary files, file level 2 to sensitive files, and file level 3 to important files. It should be noted that the file level division can be flexibly set according to actual circumstances, and this application is not limited to this.
[0060] Similarly, the correspondence between file attribute information and file level can be preset. For example, file A's attribute information corresponds to file level 1, file B's attribute information corresponds to file level 2, and file C's attribute information corresponds to file level 3.
[0061] In S1021, the first file level corresponding to the first attribute information can be determined based on the first attribute information and the preset correspondence between file attribute information and file level. For example, the first file level is file level 1.
[0062] S1023. Determine the first sensitivity level of file transfer based on the first user level and the first file level.
[0063] In some embodiments, each user level corresponds to a different value, such as user level 1 corresponding to value 1, user level 2 corresponding to value 2, and user level 3 corresponding to value 3. Similarly, each file level also corresponds to a different value, such as file level 1 corresponding to value 1, file level 2 corresponding to value 2, and file level 3 corresponding to value 3.
[0064] In S1023, the first sensitivity level of file transfer can be determined based on the value corresponding to the first user level and the value corresponding to the first file level. The first sensitivity level can be a numerical value used to characterize the security risk of file transfer.
[0065] Considering the different security risks of file transfers within an intranet and over an extranet (with the risk being higher over an extranet), and to further enhance file transfer security by differentiating security risks more finely, in some embodiments, S102 may specifically include:
[0066] The first sensitivity level of file transfer is determined based on the first user identity information, the first attribute information, and the first network address.
[0067] In this embodiment of the application, the first network address can be understood as the network address (IP address) that sends the target file transmission request information.
[0068] Specifically, firstly, the first network address category corresponding to the first network address can be determined based on the correspondence between the first network address and a preset network address and network address category. For example, the network address category can include intranet and extranet (Internet). The first network address category is determined based on the correspondence between the first network address and the preset network address and network address category. For example, the first network address category is intranet. Then, the first sensitivity level of file transfer is determined based on the first user level corresponding to the first user identity information, the first file level corresponding to the first attribute information, and the first network address category.
[0069] In some embodiments, each network address class may correspond to a different value, such as 0 for intranet and 1 for extranet.
[0070] In some embodiments, multiple sub-transmission methods are pre-configured, such as plaintext transmission, encrypted transmission, de-identification processing, and vault approval. Vault approval can be understood as requiring approval from an approver before transmitting the target file to the first user. Only after approval can the target file be transmitted to the first user; otherwise, transmission of the target file to the first user is refused.
[0071] The first sensitivity level of file transfer is determined based on the first user level, the first file level, and the first network address category, which may specifically include:
[0072] The first sensitivity level is determined based on the preset conditions for each sub-transmission mode, the preset coefficients for each sub-transmission mode, the first value corresponding to the first user level, the second value corresponding to the first file level, and the third value corresponding to the first network address category.
[0073] The conditions for each sub-transmission mode to be valid include that the target value is within a preset range, such as x ≥ 0. The target value may include at least one of the following: the value corresponding to the user level, the value corresponding to the file level, and the value corresponding to the network address category. For example, the condition for one sub-transmission mode to be valid is A = 1 || F ≥ 2, and the condition for another sub-transmission mode to be valid is F ≥ 2 && (UF) ≤ 0. U represents the value corresponding to the user level; F represents the value corresponding to the file level; A represents the value corresponding to the network address category; || represents OR, and && represents AND.
[0074] The expression for determining the first sensitivity level is as follows:
[0075] S = 8 A=1||F≥2 +4 A=0&&F=1 +2 F≥2&&(U-F)≤0 +1 (U-F)≤0 (1)
[0076] Where S represents the sensitivity level; 8, 4, 2, and 1 represent the coefficients corresponding to each sub-transmission method, all of which are numerical values; A = 1 || F ≥ 2 represents the condition for the first sub-transmission method; A = 0 && F = 1 represents the condition for the second sub-transmission method; F ≥ 2 && (UF) ≤ 0 represents the condition for the third sub-transmission method; (UF) ≤ 0 represents the condition for the fourth sub-transmission method; U represents the numerical value corresponding to the user level; F represents the numerical value corresponding to the file level; A represents the numerical value corresponding to the network address category; || represents OR, and && represents AND.
[0077] In the above examples, 8, 4, 2, and 1 are all powers of 2. For instance, when all four sub-transmission modes are true, A = 1 || F ≥ 2 is true, and the value is 1; A = 0 && F = 1 is true, and the value is 1; F ≥ 2 && (UF) ≤ 0 is true, and the value is 1; (UF) ≤ 0 is true, and the value is 1. In this case, S = 8 × 1 + 4 × 1 + 2 × 1 + 1 × 1 = 15, corresponding to the binary value 1111. Conversely, when none of the four sub-transmission modes are true, S = 8 × 0 + 4 × 0 + 2 × 0 + 1 × 0 = 0, corresponding to the binary value 0000. That is, the sensitivity level S is an integer ranging from 0 to 15, and is a function related to the values of variables U, A, and F. When the sensitivity level S is a binary value, each sub-transmission mode corresponds to one data bit in the binary value. For each sub-transmission mode, when the corresponding data bit is 1, it means that the condition for the sub-transmission mode is met, that is, the sub-transmission mode should be used when transferring files; when the corresponding data bit is 0, it means that the condition for the sub-transmission mode is not met, that is, the sub-transmission mode should not be used when transferring files.
[0078] Accordingly, S103, based on the first sensitivity level, match the first transmission mode corresponding to the first sensitivity level, which may specifically include:
[0079] The first transmission mode is determined based on the binary value of the first sensitivity level and the corresponding data bits of each sub-transmission mode in the binary value.
[0080] Specifically, the sub-transmission method corresponding to the data bit with a value of 1 in the binary value of the first sensitivity level is taken as the first transmission method. For example, from left to right, i.e., from the most significant bit to the least significant bit, the first sub-transmission method corresponds to the first data bit in the binary value, the second sub-transmission method corresponds to the second data bit, the third sub-transmission method corresponds to the third data bit, and the fourth sub-transmission method corresponds to the fourth data bit. For instance, if the binary value of the first sensitivity level is 1011, then the first transmission method may include the first, third, and fourth sub-transmission methods.
[0081] The expression for the above process is as follows: e = S << 1, p = S << 2, d = S << 3, g = S << 4.
[0082] e, p, d, and g represent the 1st, 2nd, 3rd, and 4th sub-transmission modes, respectively. "<<" indicates a bitwise left shift operation, resulting in the overflow value at the nth bit. For example, S<<1 represents the value of the first data bit in the binary representation from left to right.
[0083] When e=1, the first sub-transmission mode is executed; when p=1, the second sub-transmission mode is executed; when d=1, the third sub-transmission mode is executed; and when g=1, the fourth sub-transmission mode is executed. It should be noted that multiple sub-transmission modes can be executed simultaneously, such as executing the first and third sub-transmission modes simultaneously, and this application is not limited to this.
[0084] S104. Control the transmission of the target file according to the first transmission method.
[0085] In step S104, the target file is processed according to the determined first transmission method, and the transmission of the processed target file is controlled. Specifically, based on the sub-transmission methods included in the first transmission method, 0 to 4 transmission methods can be selected from plaintext transmission, encrypted transmission, de-identification processing, and treasury approval to control the transmission of the target file. It should be noted that when 0 transmission methods are selected, the transmission of the target file is rejected, which may specifically include rejecting the first user from downloading or uploading the target file. Furthermore, in any case, at most one of plaintext transmission and encrypted transmission can be true; that is, when the target file is transmitted to the first user, either plaintext transmission or encrypted transmission is used.
[0086] To further ensure the security of file transmission, in some embodiments, when the first transmission method includes encrypted transmission, the encrypted target file can be sent to the first user via a first path, and the decryption key can be sent to the first user via a second path. For example, the encrypted target file can be sent to the first user via a network, and the decryption key used to decrypt the target file can be sent to the first user via SMS or other communication tools. This ensures that even if an unauthorized user obtains the encrypted target file, they cannot decrypt it because they cannot obtain the decryption key, thus improving the security of file transmission.
[0087] To facilitate understanding, the following will be combined with... Figure 3 and one Specific application examples illustrate the file transfer method of this application.
[0088] like Figure 3 As shown, in S1, the first user sends a file transfer request to the file server through the client. The first user's first user identity information, the first attribute information of the target file, and the first network address of the target file transfer request information contained in the file transfer request are respectively sent to the corresponding identification devices.
[0089] In step S2, the user identification device determines the first user level corresponding to the first user identity information based on the first user identity information and the preset correspondence between user identity information and user levels, and assigns a value corresponding to the first user level. The user levels may include, for example, user level 1, user level 2, and user level 3. User level 1 may correspond to a sensitive user, user level 2 to a regular user, and user level 3 to an important user. User level 1 may correspond to the value 1, user level 2 to the value 2, and user level 3 to the value 3.
[0090] In step S3, the URL recognition device determines the first network address category corresponding to the first network address based on the correspondence between the first network address and a preset network address and network address category, and assigns a value corresponding to the first network address category. The network address category can include intranet and extranet (Internet). For example, intranet corresponds to a value of 0, and extranet corresponds to a value of 1.
[0091] In step S4, the file recognition device determines the first file level corresponding to the first attribute information based on the first attribute information and the preset correspondence between file attribute information and file levels, and assigns a value corresponding to the first file level. The file level may include file level 1, file level 2, and file level 3. File level 1, for example, corresponds to ordinary files; file level 2, for example, corresponds to sensitive files; and file level 3, for example, corresponds to important files.
[0092] In S5, the sensitivity level of file transfer is calculated based on the values assigned in S2 to S4, namely, the first value corresponding to the first user level, the second value corresponding to the first file level, and the third value corresponding to the first network address category.
[0093] In S6, the result of the sensitivity level is input to the transmission mechanism controller, which matches the first transmission mode corresponding to the first sensitivity level.
[0094] In S7, the transmission mechanism controller processes the target file according to the first transmission method and controls the transmission of the processed target file, such as sending the processed target file from the file server to the client.
[0095] In one example, the first user is a regular user who accesses an important file F1 via the intranet. Therefore, the values assigned in S2 to S4 above are: U = 2, A = 0, F = 3. Here, U represents the value corresponding to the user level; F represents the value corresponding to the file level; and A represents the value corresponding to the network address category.
[0096] Since the file level F = 3, which satisfies F ≥ 2, the condition A = 1 || F ≥ 2 is true, so the value 8 is valid. The condition A = 0 && F = 1 is not valid, so the value 4 is not valid and is set to 0. Since U = 2 and F = 3, which satisfies (UF) ≤ 0, the condition F ≥ 2 && (UF) ≤ 0 is valid, so the value 2 is valid. The condition (UF) ≤ 0 is valid, so the value 1 is valid.
[0097] Therefore, the above expression (1) is:
[0098] S = 8 A=1||F≥2 +4 A=0&&F=1 +2 F≥2&&(U-F)≤0 +1 (U-F)≤0 =8+0+2+1=11
[0099] That is, S = 11, which corresponds to the binary value 1011.
[0100] e=S<<1=1, p=S<<2=0, d=S<<3=1, g=S<<4=1.
[0101] Therefore, the file transfer methods adopted by ordinary users to access important files on F1 via the intranet are: the first sub-transfer method, the third sub-transfer method, and the fourth sub-transfer method. For example, the specific file transfer methods adopted by ordinary users to access important files on F1 via the intranet can be: encrypted transmission, requiring de-identification processing, and the access process requiring vault approval.
[0102] Based on the file transfer method provided in the above embodiments, this application also provides specific implementations of the file transfer device. Please refer to the following embodiments.
[0103] like Figure 4 As shown, the file transfer device 400 provided in this application embodiment includes:
[0104] The receiving module 401 is used to receive file transfer request information from the first user. The file transfer request information includes at least the first user's first user identity information and the first attribute information of the target file. The target file is the file that the first user requests to transfer.
[0105] The determination module 402 is used to determine the first sensitivity level of the file transfer based on the first user identity information and the first attribute information;
[0106] Matching module 403 is used to match a first transmission mode corresponding to the first sensitivity level according to the first sensitivity level;
[0107] The transmission module 404 is used to control the transmission of the target file according to the first transmission method.
[0108] The file transfer device of this application embodiment includes a receiving module for receiving file transfer request information from a first user. The file transfer request information includes at least the first user's first user identity information and the first attribute information of a target file, where the target file is the file requested for transfer by the first user. A determining module is used to determine a first sensitivity level for file transfer based on the first user identity information and the first attribute information. A matching module is used to match a first transmission method corresponding to the first sensitivity level. A transmission module is used to control the transmission of the target file according to the first transmission method. This application embodiment assesses the security risks of file transfer based on user identity information and the attribute information of the target file to be transferred, determining the sensitivity level of file transfer. Then, based on the determined sensitivity level, it controls file transfer using a transmission method corresponding to that sensitivity level. By increasing the number of file transfer methods and adopting different transmission methods according to different sensitivity levels, the security of file transfer is effectively improved.
[0109] In some embodiments, the determining module 402 is specifically used for:
[0110] Based on the first user identity information and the preset correspondence between user identity information and user level, the first user level corresponding to the first user identity information is determined;
[0111] Based on the first attribute information and the pre-defined correspondence between file attribute information and file level, the first file level corresponding to the first attribute information is determined; based on the first user level and the first file level, the first sensitivity level of file transfer is determined.
[0112] In some embodiments, the file transfer request information further includes a first network address, which includes the network address that sent the target file transfer request information. The determining module 402 is specifically configured to: determine a first sensitivity level for the file transfer based on the first user identity information, the first attribute information, and the first network address.
[0113] In some embodiments, the determining module 402 is specifically configured to: determine the first network address category corresponding to the first network address based on the first network address and the preset correspondence between the network address and the network address category; and determine the first sensitivity level of file transfer based on the first user level, the first file level and the first network address category.
[0114] In some embodiments, the first transmission method includes at least one of a plurality of preset sub-transmission methods. The determining module 402 is specifically configured to: determine a first sensitivity level based on the establishment conditions corresponding to each preset sub-transmission method, the coefficient corresponding to each preset sub-transmission method, the first value corresponding to the first user level, the second value corresponding to the first file level, and the third value corresponding to the first network address category; the establishment conditions include that the target value is within a preset value range, and the target value includes at least one of the following: the value corresponding to the user level, the value corresponding to the file level, and the value corresponding to the network address category.
[0115] In some embodiments, the determining module 402 is specifically used to determine a first sensitivity level according to the following formula:
[0116] S = 8 A=1||F≥2 +4 A=0&&F=1 +2 F≥2&&(U-F)≤0 +1 (U-F)≤0
[0117] Where S represents the sensitivity level; 8, 4, 2, and 1 represent the coefficients corresponding to each sub-transmission method; A = 1 || F ≥ 2 represents the condition for the first sub-transmission method to be valid; A = 0 && F = 1 represents the condition for the second sub-transmission method to be valid; F ≥ 2 && (UF) ≤ 0 represents the condition for the third sub-transmission method to be valid; (UF) ≤ 0 represents the condition for the fourth sub-transmission method to be valid; U represents the value corresponding to the user level; F represents the value corresponding to the file level; A represents the value corresponding to the network address class; || represents OR, and && represents AND.
[0118] In some embodiments, the first sensitivity level is a binary value, and each sub-transmission mode corresponds to one data bit in the binary value. The matching module 403 is specifically used to determine the first transmission mode based on the binary value of the first sensitivity level and the data bit corresponding to each sub-transmission mode in the binary value.
[0119] In some embodiments, the transmission module 404 is specifically used to: when the first transmission method includes encrypted transmission, send the encrypted target file to the first user through the first path; and send the decryption key to the first user through the second path.
[0120] Figure 4 Each module / unit in the illustrated device has the ability to implement Figures 1 to 3 The functions of each step in the process and their corresponding technical effects are described in detail here for the sake of brevity.
[0121] Based on the file transfer method provided in the above embodiments, this application also provides specific implementation methods for electronic devices. Please refer to the following embodiments.
[0122] Figure 5 A schematic diagram of the hardware structure of the electronic device provided in an embodiment of this application is shown.
[0123] The electronic device may include a processor 501 and a memory 502 storing computer program instructions.
[0124] Specifically, the processor 501 may include a central processing unit (CPU), an application specific integrated circuit (ASIC), or one or more integrated circuits that can be configured to implement the embodiments of this application.
[0125] Memory 502 may include mass storage for data or instructions. For example, and not limitingly, memory 502 may include a hard disk drive (HDD), floppy disk drive, flash memory, optical disk, magneto-optical disk, magnetic tape, or Universal Serial Bus (USB) drive, or a combination of two or more of these. In one example, memory 502 may include removable or non-removable (or fixed) media, or memory 502 may be non-volatile solid-state memory. Memory 502 may be internal or external to the integrated gateway disaster recovery device.
[0126] In one example, memory 502 may be read-only memory (ROM). In one example, the ROM may be a mask-programmed ROM, a programmable ROM (PROM), an erasable PROM (EPROM), an electrically erasable PROM (EEPROM), an electrically rewritable ROM (EAROM), or flash memory, or a combination of two or more of these.
[0127] Memory 502 may include read-only memory (ROM), random access memory (RAM), disk storage media device, optical storage media device, flash memory device, electrical, optical, or other physical / tangible memory storage device. Therefore, typically, memory includes one or more tangible (non-transitory) computer-readable storage media (e.g., memory devices) encoded with software including computer-executable instructions, and when the software is executed (e.g., by one or more processors), it is operable to perform the operations described with reference to the method according to one aspect of this application.
[0128] The processor 501 reads and executes computer program instructions stored in the memory 502 to achieve... Figure 1 The method / steps S101 to S104 in the illustrated embodiment achieve the following: Figure 1 The technical effects achieved by executing the methods / steps shown in the examples are not elaborated here for the sake of brevity.
[0129] In one example, the electronic device may also include a communication interface 503 and a bus 510. Wherein, as... Figure 5 As shown, the processor 501, memory 502, and communication interface 503 are connected through bus 510 and complete communication with each other.
[0130] The communication interface 503 is mainly used to realize communication between various modules, devices, units and / or equipment in the embodiments of this application.
[0131] Bus 510 includes hardware, software, or both, that couples components of an electronic device together. For example, and not limitingly, the bus may include an Accelerated Graphics Port (AGP) or other graphics bus, an Extended Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hyper Transport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an Infinite Bandwidth Interconnect, a Low Pin Count (LPC) bus, a memory bus, a Microchannel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a Video Electronics Standards Association Local (VLB) bus, or other suitable buses, or combinations of two or more of these. Where appropriate, bus 510 may include one or more buses. Although specific buses are described and illustrated in embodiments of this application, this application contemplates any suitable bus or interconnect.
[0132] Furthermore, in conjunction with the file transfer methods in the above embodiments, this application embodiment can provide a computer-readable storage medium for implementation. This computer-readable storage medium stores computer program instructions; when these computer program instructions are executed by a processor, they implement any of the file transfer methods in the above embodiments. Examples of computer-readable storage media include non-transitory computer-readable storage media, such as electronic circuits, semiconductor memory devices, ROM, random access memory, flash memory, erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, and hard disks.
[0133] It should be clarified that this application is not limited to the specific configurations and processes described above and shown in the figures. For the sake of brevity, detailed descriptions of known methods are omitted here. In the above embodiments, several specific steps are described and shown as examples. However, the method process of this application is not limited to the specific steps described and shown. Those skilled in the art can make various changes, modifications, and additions, or change the order of steps, after understanding the spirit of this application.
[0134] The functional blocks shown in the above-described block diagram can be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, they can be, for example, electronic circuits, application-specific integrated circuits (ASICs), appropriate firmware, plug-ins, function cards, etc. When implemented in software, the elements of this application are programs or code segments used to perform the required tasks. Programs or code segments can be stored on a machine-readable medium or transmitted over a transmission medium or communication link via data signals carried on a carrier wave. "Machine-readable medium" can include any medium capable of storing or transmitting information. Examples of machine-readable media include electronic circuits, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, radio frequency (RF) links, etc. Code segments can be downloaded via computer networks such as the Internet, intranets, etc.
[0135] It should also be noted that the exemplary embodiments mentioned in this application describe methods or systems based on a series of steps or apparatus. However, this application is not limited to the order of the above steps; that is, the steps can be performed in the order mentioned in the embodiments, or in a different order, or several steps can be performed simultaneously.
[0136] The aspects of this application have been described above with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of this application. It should be understood that each block in the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, or other programmable data processing apparatus to produce a machine such that these instructions, executable via the processor of the computer or other programmable data processing apparatus, enable the implementation of the functions / actions specified in one or more blocks of the flowchart illustrations and / or block diagrams. Such a processor can be, but is not limited to, a general-purpose processor, a special-purpose processor, a special application processor, or a field-programmable logic circuit. It is also understood that each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts, can also be implemented by dedicated hardware performing the specified functions or actions, or can be implemented by a combination of dedicated hardware and computer instructions.
[0137] The above description is merely a specific implementation of this application. Those skilled in the art will clearly understand that, for the sake of convenience and brevity, the specific working processes of the systems, modules, and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be repeated here. It should be understood that the protection scope of this application is not limited thereto. Any person skilled in the art can easily conceive of various equivalent modifications or substitutions within the technical scope disclosed in this application, and these modifications or substitutions should all be covered within the protection scope of this application.
Claims
1. A file transfer method characterized by, include: The system receives a file transfer request from a first user. The file transfer request includes at least the first user's first user identity information and the first attribute information of the target file. The target file is the file that the first user requests to transfer. The file transfer request also includes a first network address, which includes the network address that sent the target file transfer request. A first sensitivity level for file transfer is determined based on a first user level, a first file level, and a first network address category. The first user level is determined by the first user identity information and a preset correspondence between user identity information and user levels. The first file level is determined by the first attribute information and a preset correspondence between file attribute information and file levels. The first network address category is determined by the first network address and a preset correspondence between network address and network address categories. The first sensitivity level is determined according to the following formula: S= + + + Wherein, S represents the sensitive level; 8, 4, 2 and 1 respectively represent the coefficients corresponding to each sub-transmission mode; represents the establishment condition corresponding to the first sub-transmission mode; represents the establishment condition corresponding to the second sub-transmission mode; represents the establishment condition corresponding to the third sub-transmission mode; represents the establishment condition corresponding to the fourth sub-transmission mode; U represents the value corresponding to the user level; F represents the value corresponding to the file level; A represents the value corresponding to the network address category; represents or, represents and; the first sensitive level is a binary value, and each sub-transmission mode corresponds to one data bit in the binary value. A first transmission mode is determined based on the binary value of the first sensitivity level and the data bit corresponding to each of the sub-transmission modes in the binary value; wherein, the first transmission mode consists of all the sub-transmission modes corresponding to the data bits that are 1 in the binary value of the first sensitivity level; The transmission of the target file is controlled according to the first transmission method, which specifically includes one or more of the following: plaintext transmission, encrypted transmission, de-identification processing, and vault approval.
2. The method according to claim 1, characterized in that, When the first transmission method includes encrypted transmission, controlling the transmission of the target file according to the first transmission method specifically includes: The encrypted target file is sent to the first user via the first path; The decryption key is sent to the first user via the second path.
3. A file transfer device, characterized in that, The device includes: The receiving module is configured to receive file transfer request information from a first user. The file transfer request information includes at least the first user's first user identity information and the first attribute information of the target file, wherein the target file is the file requested for transfer by the first user. The file transfer request information also includes a first network address, wherein the first network address includes the network address that sent the target file transfer request information. The determination module is used to determine a first sensitivity level of file transfer based on a first user level, a first file level, and a first network address category. The first user level is determined based on the first user identity information and a preset correspondence between user identity information and user levels. The first file level is determined based on the first attribute information and a preset correspondence between file attribute information and file levels. The first network address category is determined based on the first network address and a preset correspondence between network address and network address categories. The first sensitivity level is determined according to the following formula: S= + + + Where S represents the sensitivity level; 8, 4, 2 and 1 represent the coefficients corresponding to each sub-transmission mode, respectively; This indicates the condition for the first sub-transmission mode to be valid; This indicates the conditions for the second sub-transmission mode to be valid; This indicates the conditions for the success of the third sub-transmission mode; This indicates the condition for the fourth sub-transmission mode to be valid; U represents the value corresponding to the user level; F represents the value corresponding to the file level; A represents the value corresponding to the network address class. Indicates or, This indicates that the first sensitivity level is a binary value, and each of the sub-transmission methods corresponds to one data bit in the binary value. The matching module is used to determine a first transmission mode based on the binary value of the first sensitivity level and the data bit corresponding to each of the sub-transmission modes in the binary value; wherein, the first transmission mode consists of all the sub-transmission modes corresponding to the data bits that are 1 in the binary value of the first sensitivity level; The transmission module is used to control the transmission of the target file according to the first transmission method, wherein the first transmission method is one or more of the following: plaintext transmission, encrypted transmission, de-identification processing, and vault approval.
4. An electronic device, characterized in that, The electronic device includes: a processor, a memory, and a computer program stored in the memory and executable on the processor, wherein the computer program, when executed by the processor, implements the steps of the file transfer method as described in any one of claims 1 to 2.
5. A computer-readable storage medium, characterized in that, A computer program is stored on the computer-readable storage medium, which, when executed by a processor, implements the steps of the file transfer method as described in any one of claims 1 to 2.