File processing method and apparatus, electronic device, and storage medium
By temporarily storing files in a second storage area before uploading and controlling the display of information, the information security issue during file upload is resolved, achieving fast and secure file storage.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- GUANGZHOU KINGSOFT MOBILE TECH
- Filing Date
- 2022-08-15
- Publication Date
- 2026-07-14
AI Technical Summary
When files are uploaded to cloud storage, there are information security issues, especially the risk of viruses and leakage of sensitive information.
Before uploading a file, it is temporarily stored in the second storage area to check whether it contains preset information. Based on the detection result, a decision is made on whether to transfer the file to the first storage area, and the display of file information is controlled through display policies and permissions.
It improves file storage security, reduces the leakage of viruses and sensitive information, and ensures the speed and security of file uploads.
Smart Images

Figure CN115481413B_ABST
Abstract
Description
Technical Field
[0001] This disclosure relates to, but is not limited to, the field of information technology, and in particular to a document processing method, apparatus, electronic device, and storage medium. Background Technology
[0002] With the development of information technology, electronic devices generate a large number of files in users' work, study, and daily life. These files are sometimes transferred from one electronic device to another.
[0003] Due to the dramatic increase in file data volume, cloud technology has emerged. A large number of files generated by terminal devices during users' work, study, and daily life will be uploaded and stored in the cloud under certain conditions.
[0004] However, in related technologies, files uploaded to the cloud are prone to information security issues. Summary of the Invention
[0005] This disclosure provides a document processing method, apparatus, electronic device, and storage medium.
[0006] A first aspect of this disclosure provides a file processing method, executed by an electronic device, the method comprising:
[0007] Receive the target file requested to be stored in the first storage area;
[0008] The received target file is temporarily stored in the second storage area;
[0009] The detection result is obtained by checking whether the target file temporarily stored in the second storage area contains preset information.
[0010] Based on the detection results, determine whether to transfer the target file temporarily stored in the second storage area to the first storage area.
[0011] Based on the above scheme, the method further includes:
[0012] If the detection result indicates that the target file contains the preset information, a decision is made on whether to display the file information of the target file according to the display strategy. The file information is used to indicate and / or obtain at least a portion of the target file temporarily stored in the second storage area.
[0013] Based on the above scheme, the step of determining whether to display the file information of the target file according to the display strategy when the detection result shows that the target file contains the preset information includes:
[0014] If the detection result indicates that the target file contains the preset information and the display strategy is the first strategy, then the file information of the target file is determined to be hidden.
[0015] or,
[0016] When the detection result indicates that the target file contains the preset information and the display strategy is the second strategy, it is determined that the file information of the target file will be displayed on the preset page logged in with the first type of account, and the file information of the target file will be hidden on the preset page logged in with the second type of account.
[0017] or,
[0018] When the detection result indicates that the target file contains the preset information and the display strategy is the third strategy, the target file is processed to obtain the processed target file, and the file information of the processed target file is displayed.
[0019] Based on the above scheme, determining whether to transfer the target file temporarily stored in the second storage area to the first storage area based on the detection result includes:
[0020] If the detection result indicates that the target file contains the first type of information, it is determined that the target file will not be transferred to the first storage area;
[0021] or,
[0022] If the detection result indicates that the target file contains the second type of information, the target file is reviewed, and a decision is made based on the review result of the target file to determine whether to transfer the target file to the first storage area.
[0023] Based on the above scheme, the step of determining not to transfer the target file to the first storage area when the detection result shows that the target file contains the first type of information includes:
[0024] If the detection result indicates that the target file contains a preset level of security information, it is determined not to transfer the target file to the first storage area.
[0025] And / or,
[0026] If the detection result indicates that the target file contains threat information, it is determined not to transfer the target file to the first storage area, wherein the threat information includes: viruses and / or entry information connected to the threat information.
[0027] Based on the above scheme, determining whether to transfer the target file to the first storage area according to the review result of the target file includes at least one of the following:
[0028] If the review result is approved, it is determined that the target file temporarily stored in the second storage area will be transferred to the first storage area;
[0029] If the audit result is unsuccessful, it is determined that the target file temporarily stored in the second storage area will not be transferred to the first storage area.
[0030] Based on the above scheme, the method further includes:
[0031] Configure permission information for the target files stored in the first storage area;
[0032] File operations are performed on the target file stored in the first storage area based on the permission information.
[0033] Based on the above scheme, the method further includes:
[0034] Set a hit policy for the target file stored in the first storage area;
[0035] File operations are performed on the target file according to the hit strategy.
[0036] Based on the above scheme, performing file operations on the target file according to the hit strategy includes at least one of the following:
[0037] The target file is encrypted according to the hit strategy;
[0038] The target file is de-identified according to the hit strategy;
[0039] Pre-defined operations on the target file are disabled.
[0040] A second aspect of this disclosure provides a document processing apparatus, the apparatus comprising:
[0041] The receiving module is used to receive target files that are requested to be stored in the first storage area;
[0042] A temporary storage module is used to temporarily store the received target file in a second storage area;
[0043] The detection module is used to detect whether the target file temporarily stored in the second storage area contains preset information and obtain the detection result;
[0044] The determination module is used to determine, based on the detection results, whether to transfer the target file temporarily stored in the second storage area to the first storage area.
[0045] A third aspect of this disclosure provides an electronic device, comprising:
[0046] processor;
[0047] Memory used to store processor-executable instructions;
[0048] The processor is configured to implement the file processing method provided by any one of the technical solutions in the first aspect when running the executable instructions.
[0049] A fourth aspect of this disclosure provides a computer-readable storage medium storing an executable program, wherein the executable program, when executed by a processor, implements a file processing method provided by any of the aforementioned aspects.
[0050] The technical solutions provided by the embodiments of this disclosure may include the following beneficial effects:
[0051] The target file is not directly uploaded to the first storage area, but is temporarily stored in the second storage area. While the target file is stored in the second storage area, it is checked for pre-defined information. Based on the detection result, it is determined whether to upload the target file to the first storage area. On one hand, receiving and storing the target file in the second storage area enables fast upload for the user; on the other hand, determining whether to upload to the first storage area based on the detection result improves file storage security compared to storing the target file in the first storage area, which could lead to the leakage of pre-defined information within the target file, or the malfunction of the first storage area containing a large number of files due to the presence of viruses and / or Trojans.
[0052] It should be understood that the above general description and the following detailed description are exemplary and explanatory only, and are not intended to limit this disclosure. Attached Figure Description
[0053] The accompanying drawings, which are incorporated in and form a part of this specification, illustrate embodiments consistent with this disclosure and, together with the description, serve to explain the principles of this disclosure.
[0054] Figure 1 This is a flowchart illustrating a file processing method according to an exemplary embodiment.
[0055] Figure 2A This is a schematic diagram of a file upload interface according to an exemplary embodiment.
[0056] Figure 2B This is a schematic diagram of a file upload interface according to an exemplary embodiment.
[0057] Figure 3This is a schematic diagram illustrating a file upload according to an exemplary embodiment.
[0058] Figure 4A This is a schematic diagram illustrating the display of file information according to an exemplary embodiment.
[0059] Figure 4B This is a schematic diagram illustrating the display of file information and first prompt information according to an exemplary embodiment.
[0060] Figure 4C This is a schematic diagram illustrating the display of file information and second prompt information according to an exemplary embodiment.
[0061] Figure 5 This is a flowchart illustrating a file processing method according to an exemplary embodiment.
[0062] Figure 6 This is a flowchart illustrating a file processing method according to an exemplary embodiment.
[0063] Figure 7 This is a schematic diagram of the structure of a file processing apparatus according to an exemplary embodiment.
[0064] Figure 8 This is a schematic diagram of the structure of an electronic device according to an exemplary embodiment. Detailed Implementation
[0065] Exemplary embodiments will now be described in detail, examples of which are illustrated in the accompanying drawings. When the following description relates to the drawings, unless otherwise indicated, the same numerals in different drawings denote the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatuses and methods consistent with some aspects of the invention as detailed in the appended claims.
[0066] Regarding the apparatus in the above embodiments, the specific manner in which each module performs its operation has been described in detail in the embodiments related to the method, and will not be elaborated upon here.
[0067] like Figure 1 As shown, this disclosure provides a file processing method executed by an electronic device, the method comprising:
[0068] S1110: Receive a request to store the target file in the first storage area;
[0069] S1120: The received target file is temporarily stored in the second storage area;
[0070] S1130: Detect whether the target file temporarily stored in the second storage area contains preset information, and obtain the detection result;
[0071] S1140: Based on the detection results, determine whether to transfer the target file temporarily stored in the second storage area to the first storage area.
[0072] The electronic device may be a cloud device, for example, a storage device in a transport device or a cloud management device and / or gateway device.
[0073] In this embodiment of the disclosure, the electronic device executing the file processing method provided in this embodiment of the disclosure is not a device that generates the target file.
[0074] The target file can be any type of file, for example, a plain text file and / or a multimedia file.
[0075] The target file can also be divided into plain text office files and non-office files.
[0076] The multimedia files may include: images, videos and / or audio files, or files that include images, videos and / or audio files.
[0077] The first storage area is the target storage area of the target file, which is the area where the storage location indicated by the storage request of the target file is located.
[0078] The second storage area is a temporary storage area for the target file. This temporary storage area can also be called a cache area; both the temporary storage area and the cache area refer to the second storage area.
[0079] Figure 2A and Figure 2B A user interface (UI) is provided for uploading two types of target files. This UI can be displayed on the source device where the target file is uploaded to the second storage area.
[0080] The first storage region and the second storage region are different storage regions. For example, the second storage region may be a cache region of the first storage region, in which case one first storage region has one second storage region. Alternatively, the second storage region may be a cache region of the storage cluster where the first storage region resides, in which case multiple first storage regions within the storage cluster can share one second storage region.
[0081] In some embodiments, if a second storage area corresponds to a first storage area, the capacity of the second storage area may be smaller than the capacity of the first storage area. The second storage area may delete the corresponding file after it has been transferred to the first storage area; or, after determining that the uploading device will not modify a file containing preset information, the target file temporarily stored in the second storage area may be deleted.
[0082] In some embodiments, the first storage area where the target file is to be stored (i.e., the target storage) may be a file sharing area; within this area, each user can allow any authorized account to search and / or view files in the first storage area, or allow a predetermined type of legitimate account to search and / or view files in the first storage area.
[0083] For example, the target file is intercepted on the path from the target file to the first storage area.
[0084] The intercepted target files are temporarily stored (i.e. cached) in the second storage area.
[0085] For example, when the gateway devices of the first and second storage areas receive the target file, they temporarily modify the destination address of the target file to the storage address of the second storage area, so that the target file is first uploaded to the second storage area. Additionally, the gateway devices also record the original storage address of the target file; after detecting that the target file can be uploaded to the first storage area, they upload the target file to the corresponding storage location in the first storage area according to its original storage address.
[0086] The target files cached in the second storage area are subjected to virus detection, sensitive word detection, and other detections related to file security and information sensitivity.
[0087] The viruses can be categorized as: worm viruses, Trojan viruses, backdoor viruses, and other viruses. The "other viruses" refers to any virus other than worm viruses, Trojan viruses, backdoor viruses, etc.
[0088] In some embodiments, the process of temporarily storing the target file in the second storage area is transparent to the user, who assumes that the file has been uploaded to the first storage area.
[0089] For example, in order to improve the detection rate, it is assumed that the target file is uploaded to the second storage space in a streaming manner. After the target file is uploaded, a detection is performed to determine whether it contains preset information. Alternatively, while the first document is being uploaded, a detection is performed on the uploaded portion of the target file to determine whether it contains preset information.
[0090] The file processing method provided in this disclosure can be used for the management of various cloud documents. For example, enterprises, schools, government agencies, or non-profit organizations can build a cloud platform for file processing. This cloud platform can be a private cloud platform or a relatively secure sub-platform built on a public cloud provided by a cloud service provider. When staff or other users log in to the cloud platform using their accounts and upload files stored on their private devices to the cloud platform, they can use the file processing method provided by any of the technical solutions in this disclosure.
[0091] When building or configuring a cloud platform, various configuration information for processing target files can be configured, enabling file processing. This configuration information may include, but is not limited to, the display strategies, permission information, and / or preset information mentioned in the following embodiments.
[0092] like Figure 3 As shown, the first storage area receives the target file uploaded by the terminal over the network; after detecting that the target file can be uploaded to the second storage area, the target file temporarily stored in the second storage area is then transferred to the first storage area. The network here includes the Internet and / or a local area network.
[0093] The preset information can be any information that cannot be directly stored in the first storage area, and / or any information that cannot be directly disclosed.
[0094] For example, the preset information may include: viruses and / or various sensitive information.
[0095] In S1130, the target file itself is detected to determine whether the target file contains the preset information.
[0096] For example, security firewalls can be used to detect viruses, and regular expressions can be used to detect whether sensitive words are included.
[0097] After completing the above tests, you will receive the test results.
[0098] Based on the detection results, it is then determined whether to store the target file temporarily stored in the second storage area in the first storage area. Target files that do not conform to the upload to the first storage area will be blocked in the second storage area, reducing the number of files containing viruses, Trojans, and sensitive information stored in the first storage area. This at least ensures the security of the files stored in the first storage area and also reduces the leakage of sensitive information.
[0099] In some embodiments, the method further includes:
[0100] If it is determined that the target file will not be uploaded to the first storage area, delete the target file temporarily stored in the second storage area.
[0101] Furthermore, the method also includes:
[0102] If it is determined that the target file will not be uploaded to the first storage area, output the first prompt message;
[0103] Detect user actions applied to the first prompt message;
[0104] When the user operation instructs to delete the target file or refuses to modify the target file, the target file temporarily stored in the second storage area is deleted.
[0105] Figure 4B After the electronic device sends the first prompt information to the upload device of the target file (i.e., the source device of the target file), the first prompt information is displayed on the upload device.
[0106] It is worth noting that: Figure 4B This is merely an example, and specific implementations are not limited to the example above. In some embodiments, such as Figure 5 As shown, the method further includes:
[0107] S1150: When the detection result indicates that the target file contains the preset information, determine whether to display the file information of the target file according to the display strategy, wherein the file information is used at least to indicate and / or obtain at least a portion of the target file temporarily stored in the second storage area.
[0108] The file information includes, but is not limited to, at least one of the following:
[0109] File icon;
[0110] file name;
[0111] File link.
[0112] In summary, the displayed file information may indicate that the target file is temporarily stored in the second storage area, and / or the displayed file information may be used to open the target file in the second storage area.
[0113] The file information can be displayed on the user interface (UI). If the file information is displayed on the UI, the target file in the second storage area can be opened after a user operation on the file information is detected.
[0114] Figure 4A This is a schematic diagram illustrating the display of a file icon. It's worth noting that: Figure 4A This is just one example; the actual implementation is not limited to the example above.
[0115] The file information can be used to obtain all or part of the target file. One implementation is that the target file includes a small amount of preset information with very low sensitivity; in this case, the file information can be used to obtain the entire target file. Another implementation is that the target file includes a small amount of preset information with very low or moderate sensitivity; in this case, the file information can be used to obtain a target file where the preset information is hidden. Methods for hiding the preset information include, but are not limited to, encrypting the preset information and / or deleting the preset information.
[0116] During the process of temporarily storing the target file in the second storage area, if the target file is found to contain preset information, the file information of the target file is determined according to the display strategy. In this way, the direct and unfiltered display of the file information of the target file can be reduced, thereby reducing information leakage and security problems caused by the target file containing preset information being made public, downloaded or forwarded.
[0117] In some embodiments, the method further includes: during the process of uploading the target file to the second storage area, once preset information is detected, stopping the display of file information of the target file and outputting a second prompt message.
[0118] The second prompt message is provided to the account that uploaded the target file. In this way, the user of the account that uploaded the target file can know whether the target file is being uploaded or whether there may be an anomaly based on the second prompt message.
[0119] Figure 4C After the electronic device sends the second prompt information to the upload device of the target file (i.e., the source device of the target file), the first prompt information is displayed on the upload device.
[0120] It is worth noting that: Figure 4C This is just one example; the actual implementation is not limited to the example above.
[0121] For example, the information content of the second prompt message may be at least one of the following:
[0122] The message indicates that a file is being uploaded.
[0123] The system is checking the file.
[0124] Of course, the above is just one example of the second prompt message, and the specific implementation is not limited to the example above.
[0125] The display of the second prompt can improve the user experience.
[0126] In some embodiments, when the detection result indicates that the target file contains the preset information, determining whether to display the file information of the target file according to a display strategy includes:
[0127] If the detection result indicates that the target file contains the preset information and the display strategy is the first strategy, then the file information of the target file is determined to be hidden.
[0128] or,
[0129] If the detection result indicates that the target file contains the preset information and the display strategy is the second strategy, it is determined that the file information of the target file will be displayed on the preset page logged in with the first type of account, and the file information of the target file will be hidden on the preset page logged in with the second type of account.
[0130] or,
[0131] If the detection result indicates that the target file contains the preset information and the display strategy is the third strategy, the target file is processed to obtain a processed target file, and the file information of the processed target file is displayed.
[0132] The display strategy is used to control the display of file information of the temporarily stored target file.
[0133] In one embodiment, if the target file contains the preset information, and the display strategy is the first strategy, the file information of the target file will be hidden. If the file information of the target file is hidden, the file information of the target file will not be displayed on the UI, and the user will not be able to obtain the target file containing the preset information through the UI, thereby ensuring the information security of the target file itself and the security of the propagation of the target file.
[0134] In other words, when the display strategy is set to the first strategy, the target file is hidden, which means that the target file is invisible to all accounts.
[0135] When the first strategy is displayed, the file information is hidden, which prevents hackers from obtaining the target file through the second storage area that is not normally accessible. For example, the file's attributes could be set to be detected or visible, thus making the target file public. Therefore, this method of directly hiding the file information of the target file further enhances the security of the target file.
[0136] In another embodiment, if the target file contains the preset information and the display strategy is the second strategy, the file information of the target file will be displayed on the UI of some accounts, which is equivalent to the target file containing the preset information being visible to some users. These "some accounts" refer to the first type of account.
[0137] The first category of accounts includes, but is not limited to, at least one of the following:
[0138] The account used to upload the target file;
[0139] Other accounts belonging to the same organization as the account that uploaded the target file, such as companies, social groups, or schools;
[0140] The target file is uploaded by an account at the same level as and / or an account at the next higher level.
[0141] The audit account for the target file;
[0142] The parent account of the auditing account for the target file.
[0143] Of course, the above is just an example of the first type of account. In specific embodiments, the first type of account can be any pre-set account, not limited to the uploader account and / or the reviewer account, etc.
[0144] The second type of account may include any account other than the first type of account.
[0145] For example, if the first type of account includes the account that uploaded the target file, the second type of account can be any account other than the account that uploaded the target file.
[0146] That is, when the target file contains preset information, the file information of the target file can be made available to some accounts, so that some accounts can download and process the target file.
[0147] In some embodiments, when the detection result indicates that the target file contains the preset information and the display strategy is the third strategy, the target file is processed to obtain a processed target file; wherein, the processed target file at least hides the preset information contained in the target file;
[0148] Displays the file information of the processed target file.
[0149] For example, processing the target file to obtain the processed target file may include at least one of the following:
[0150] The target file is encrypted to obtain the processed target file, wherein the processed target file is the encrypted target file;
[0151] The target file is de-identified to obtain the processed target file, wherein the processed target file has sensitive information removed or sensitive information replaced with specific information, etc., compared to the original target file. This specific information may be information that can be stored in the first storage area and the second storage area; for example, the specific information may not contain sensitive information.
[0152] When encrypting the target file, the entire target file can be encrypted, or preset information within the target file can be encrypted. At least by encrypting the preset information, the preset information is hidden after the target file is obtained based on the file information; what is obtained based on the file information is the processed target file, thereby reducing the leakage of sensitive information.
[0153] If the display strategy is set to the third strategy, the displayed file information is visible to all accounts. In this case, the file information obtained is the processed target file. The processed target file has had its default information deleted, hidden, or encrypted.
[0154] For example, in some cases, the target file does contain a small number of minor sensitive words. On the one hand, to facilitate user viewing, and on the other hand, to avoid the leakage of sensitive words and other information, a third strategy can be adopted to provide viewing permissions for the target file to all accounts. However, the target file that is viewed has hidden sensitive information and other preset information.
[0155] For example, a third strategy can be used for high-popularity target files. Identifying high-popularity target files may include:
[0156] Obtain the file attributes of the target file and the access records of the target file before it was uploaded to the second storage area to determine the popularity value of the target file;
[0157] When the popularity value is greater than the preset popularity value, the target file is determined to be a high popularity file.
[0158] In some embodiments, determining whether to transfer the target file temporarily stored in the second storage area to the first storage area based on the detection result includes:
[0159] If the detection result indicates that the target file contains the first type of information, it is determined that the target file will not be transferred to the first storage area;
[0160] or,
[0161] If the detection result indicates that the target file contains the second type of information, and the review result of the target file is used to determine whether to transfer the target file to the first storage area.
[0162] The first type of information may be classified information at a preset level or privacy information at a preset level. In order to reduce the problems caused by information leakage, it is determined not to transfer the target file to the first storage area.
[0163] If the target file to be blocked is directly transferred to the first storage area, at least the security issues such as information leakage after the target file containing preset information is uploaded to the second storage area can be reduced.
[0164] If the target file is determined not to be moved to the first storage area, the parent file already stored in the second storage area can be deleted, thereby reducing security issues such as information leakage of the target file in the second storage area.
[0165] For example, both the second type of information and the first type of information are the preset information, but the security level of the second type of information may be lower than that of the first type of information; and / or, the information sensitivity of the second type of information is lower than that of the sensitive information of the first type of information.
[0166] If the target file contains the second type of information, then the review of the target file can be initiated.
[0167] The review of the target file may include at least one of the following:
[0168] Initiate the first type of review of the target file;
[0169] Initiate the second type of review of the target document.
[0170] The first type of review of the target document may include:
[0171] Send a review notification to the review account. The review notification may include: obtaining information about the target file, such as the storage address and / or storage link of the target file.
[0172] If the current user logs in with an audit account, the target file containing the preset information can be opened.
[0173] Receive the review results on the review interface.
[0174] The second type of review of the target document may include:
[0175] Extract the second type of information from the target file;
[0176] The second type of information is input into the machine learning model to obtain the review result output by the machine learning model.
[0177] The machine learning model can be various deep learning models and / or empirical models. For example, the empirical model may include reinforcement learning models, etc. By using a machine learning model to review the target file, automatic file review can be achieved, improving review efficiency and reducing review delays.
[0178] In some embodiments, when determining to initiate an audit of the target file, the second type of information contained in the target file can be input into a pre-audit model to obtain a pre-audit model and output a pre-audit result; based on the preset result, it can be determined to initiate either a first type of audit or a second type of audit of the target file.
[0179] For example, the size of the pre-screening model is smaller than the size of the machine learning model performing the second type of screening.
[0180] The probability value output by the pre-screening model can be used as a preset model estimate to indicate that the machine learning model's review results for the second type of information all reach a preset accuracy. If the probability value output by the pre-screening model is higher than or equal to the probability threshold, the second type of review of the target file can be initiated.
[0181] After initiating the audit of the target file, the audit results will be obtained.
[0182] The review results can be divided into at least two categories: one is that the review is passed, and the other is that the review is not passed.
[0183] If the review result is "approved", the target file can be uploaded to the first storage area; otherwise, it can be determined that the target file will not be uploaded to the first storage area.
[0184] That is, determining whether to transfer the target file to the first storage area based on the review result of the target file includes at least one of the following:
[0185] If the review result is approved, it is determined that the target file temporarily stored in the second storage area will be transferred to the first storage area;
[0186] If the audit result is unsuccessful, it is determined that the target file temporarily stored in the second storage area will not be transferred to the first storage area.
[0187] In some embodiments, the time period during which the first file is temporarily stored in the second storage area may include a detection time period and a review time period. The detection time period is the time period for detecting whether the first file contains the preset information. The review time period may be the time period for reviewing the first file after it has been detected that the first file contains the preset information.
[0188] In one embodiment, during both the detection period and the review period, the display of file information of the first file can be controlled based on whether the first file contains the preset information.
[0189] In another embodiment, the control over whether to display the file information of the first file differs between the detection period and the review period. For example, during the review period, the file information of the first file can be displayed to any account or to a specific account.
[0190] In one embodiment, the method further includes: during the review period of the first file, responding to an open operation on the target file sent by the review account, and prohibiting responding to open operations on the target file sent by accounts other than the review account.
[0191] In some embodiments, determining not to transfer the target file to the first storage area when the detection result indicates that the target file contains the first type of information includes:
[0192] If the detection result indicates that the target file contains a preset level of security information, it is determined not to transfer the target file to the first storage area.
[0193] And / or,
[0194] If the detection result indicates that the target file contains threat information, it is determined not to transfer the target file to the first storage area, wherein the threat information includes: viruses and / or entry information connected to the threat information.
[0195] For example, the preset levels include: national secret level and / or provincial secret level, etc.
[0196] The threat information may include Trojans, viruses, and / or entry information connected to the threat source, all of which can cause the first document and other files stored in the same area as the first document to malfunction.
[0197] The entry information may include: hyperlinks and / or Uniform Resource Locators (URLs).
[0198] In some embodiments, the method further includes:
[0199] Configure permission information for the target files stored in the first storage area;
[0200] File operations are performed on the target file stored in the first storage area based on the permission information.
[0201] For example, the target file stored in the first storage area may include at least one of the following:
[0202] The target file that does not contain the preset information was detected for the first time;
[0203] A target file containing the preset information but which has passed the review was detected.
[0204] A target file containing preset information was detected, but which no longer contains the preset information after a file modification operation.
[0205] After the target file is uploaded to the first storage area, permission information will be configured for the first file.
[0206] The permission information can be used for account-level file operation control of the target file, and / or the permission information can also be used for group-level file operation control of the target file.
[0207] The account-level file operation control of the target file may include:
[0208] Determine the permission information for each user account;
[0209] Based on the permission information of the corresponding account, respond to the file operations of the corresponding account on the target file.
[0210] The file operation control at the target file group granularity may include:
[0211] Determine the group to which the corresponding account belongs;
[0212] If the permission information of the group to which the account belongs is available, the corresponding account will be responded to for file operations on the target file.
[0213] The file operations may include, but are not limited to, at least one of the following:
[0214] Document reading;
[0215] File modification;
[0216] File download;
[0217] File forwarding;
[0218] File decryption;
[0219] File decryption;
[0220] File sharing;
[0221] File copy;
[0222] Document reprint;
[0223] File deletion.
[0224] Of course, the above are just examples of file operations, and the specific implementation is not limited to the examples above.
[0225] For example, the group could be a group of enterprises divided according to the line number attribute of the corresponding account.
[0226] For example, the group may also be a group specifically configured for the target file. A group specifically configured for the target file may include: the uploader of the target file, the reviewer of the uploaded file, and / or the supervisor of the file upload.
[0227] In some embodiments, configuring permission information for the target file stored in the first storage area includes:
[0228] If the review result is a first-class approved result, first permission information is set for the target file stored in the first storage area;
[0229] or,
[0230] If the review result is a second type of approval result, set second permission information for the target file stored in the first storage area;
[0231] Wherein, the file operation permission range indicated by the first permission information is greater than the file operation permission range indicated by the second permission information; and / or, the permission account range specified by the first permission information is greater than the permission account range specified by the second permission information.
[0232] The first type of approval result is different from the second type of approval result.
[0233] For example, the confidentiality of the second type of information contained in the target file with the first type of audit result is lower than the confidentiality of the second type of information in the target file with the second type of audit result.
[0234] The file operation permission range indicated by the first permission information is greater than the file operation permission range indicated by the second permission information. This can be understood as: the number of file operation permissions indicated by the first permission information is greater than the number of file operation permissions indicated by the second permission information. For example, at least one file operation permission in the first permission information is not included in the file operation permission range indicated by the second permission information.
[0235] For example, since the confidentiality of the second type of information contained in the first type of approval result is lower, it can be opened to more user accounts. Therefore, the range of authorized accounts specified by the first permission information is greater than the range of authorized accounts specified by the second permission information.
[0236] In some embodiments, the method further includes:
[0237] Set a hit policy for the target file stored in the first storage area;
[0238] File operations are performed on the target file according to the hit strategy.
[0239] Setting a hit policy for the target file stored in the first storage area may include:
[0240] Set a hit policy for all target files stored in the first storage area;
[0241] And / or,
[0242] A hit policy is set for target files stored in the first storage area that contain the second type of information. Under this scheme, it is not necessary to set a hit policy for target files that exist in the first storage area but do not contain the second type of information. That is, no hit policy is configured for target files that have been audited and whose audit result is passed.
[0243] If the target file is detected to contain the second type of information, the target file will be controlled according to the target file's hit policy to ensure the information security of the target file.
[0244] In some embodiments, performing file operations on the target file according to the hit policy includes at least one of the following:
[0245] The target file is encrypted according to the hit strategy;
[0246] The target file is de-identified according to the hit strategy;
[0247] Pre-defined operations on the target file are disabled.
[0248] For example, the predetermined operation may include, but is not limited to, at least one of the following: downloading, copying, transferring, decrypting, authorizing file operation permissions, sharing, and forwarding.
[0249] If the target file contains the second type of information, after the target file is stored in the first storage area, file operations will be further controlled according to the hit policy to ensure the information security of the target file.
[0250] If a target file is configured with a hit policy after an audit is initiated and the audit result is "approved", then the target file for which the audit has been initiated can be further controlled according to the hit policy.
[0251] For example, a first hit strategy is configured for a target file whose audit result is a first type of audit pass result; and / or a second hit strategy is configured for a target file whose audit result is a second type of audit pass result.
[0252] After configuring the hit strategy, the method further includes: processing the target file according to the hit strategy.
[0253] For example, processing the target file according to the first hit strategy includes, but is not limited to, at least one of the following:
[0254] The second type of information contained in the target file is encrypted;
[0255] The security files are de-identified.
[0256] Downloading, copying, moving, decrypting, authorizing, and sharing the file are prohibited.
[0257] Furthermore, by way of example, processing the target file according to the second hit strategy includes, but is not limited to, at least one of the following:
[0258] Grant the uploader of the target file read, edit, and storage permissions. After the target file is modified by the uploader, a re-detection is performed to determine whether it should continue to be stored in the first storage area. If the modified target file does not have preset information, the permission information and hit policy can be reconfigured for the modified target file.
[0259] like Figure 6 As shown, this disclosure provides a file processing method, which may include:
[0260] S1210: Receive target file;
[0261] S1220: Temporarily store the target file in the second storage file;
[0262] S1230: Scan the target file to see if it contains preset information;
[0263] S1240: If the target file does not contain preset information, store the target file in the first storage area;
[0264] S1250: If the target file contains preset information, temporarily hide the display of the target file's file information;
[0265] S1260: Determine whether to initiate the review process;
[0266] S1270: If it is determined that the audit process should be initiated, determine whether to store the target file in the first storage area based on the audit results;
[0267] S1280: After approval, the target file is uploaded to the first storage area, and permission information and / or hit policy are configured;
[0268] S1290: Output a prompt message, which may include the aforementioned first prompt message and / or second prompt message;
[0269] S1300: Determine not to upload the target file to the first storage area, and delete the target file already stored in the second storage area.
[0270] like Figure 7 As shown, this disclosure provides a document processing apparatus, the apparatus comprising:
[0271] The receiving module 110 is used to receive a target file that is requested to be stored in the first storage area;
[0272] The temporary storage module 120 is used to temporarily store the received target file in a second storage area;
[0273] The detection module 130 is used to detect whether the target file temporarily stored in the second storage area contains preset information and obtain the detection result;
[0274] The determination module 140 is used to determine, based on the detection result, whether to transfer the target file temporarily stored in the second storage area to the first storage area.
[0275] The file processing apparatus may include electronic devices. These electronic devices may be cloud devices.
[0276] In some embodiments, the receiving module 110, the temporary storage module 120, the detection module 130, and the determining module 140 may be program modules; after the program module is executed by the processor, it can perform the above operations.
[0277] In other embodiments, the receiving module 110, the temporary storage module 120, the detection module 130, and the determination module 140 may be hardware-software combined modules; the hardware-software combination includes, but is not limited to, programmable arrays; the programmable arrays include, but are not limited to, field-programmable arrays and / or complex programmable arrays.
[0278] In some embodiments, the receiving module 110, the temporary storage module 120, the detection module 130, and the determining module 140 may be pure hardware modules; the pure hardware modules include, but are not limited to, application-specific integrated circuits.
[0279] In some embodiments, the apparatus further includes:
[0280] The display module is configured to determine whether to display the file information of the target file according to a display strategy when the detection result indicates that the target file contains the preset information, wherein the file information is at least used to indicate and / or obtain a portion of the target file temporarily stored in the second storage area.
[0281] In some embodiments, the display module is specifically configured to: determine to hide the file information of the target file when the detection result indicates that the target file contains the preset information and the display strategy is a first strategy; or, determine to display the file information of the target file on a preset page logged in with a first type of account and hide the file information of the target file on a preset page logged in with a second type of account when the detection result indicates that the target file contains the preset information and the display strategy is a second strategy.
[0282] Alternatively, if the detection result indicates that the target file contains the preset information and the display strategy is the third strategy, the target file is processed to obtain a processed target file, and the file information of the processed target file is displayed.
[0283] In some embodiments, the determining module 140 is specifically configured to: determine not to transfer the target file to the first storage area if the detection result indicates that the target file contains a first type of information; or, review the target file when the detection result indicates that the target file contains a second type of information, and determine whether to transfer the target file to the first storage area based on the review result of the target file.
[0284] In some embodiments, the determining module 140 is specifically configured to determine not to transfer the target file to the first storage area when the detection result indicates that the target file includes a preset level of security information; and / or, when the detection result indicates that the target file contains threat information, determine not to transfer the target file to the first storage area, wherein the threat information includes: viruses and / or entry information connected to the threat information.
[0285] In some embodiments, the determining module 140 is specifically configured to perform at least one of the following:
[0286] If the review result is approved, it is determined that the target file temporarily stored in the second storage area will be transferred to the first storage area;
[0287] If the audit result is unsuccessful, it is determined that the target file temporarily stored in the second storage area will not be transferred to the first storage area.
[0288] In some embodiments, the apparatus further includes:
[0289] The first configuration module is used to configure permission information for target files stored in the first storage area;
[0290] The first execution module is configured to perform file operations on the target file stored in the first storage area based on the permission information.
[0291] In some embodiments, the module is a configuration module, specifically configured to set first permission information for the target file stored in the first storage area when the review result is a first type of approval result; or, when the review result is a second type of approval result, to set second permission information for the target file stored in the first storage area.
[0292] Wherein, the file operation permission range indicated by the first permission information is greater than the file operation permission range indicated by the second permission information; and / or, the permission account range specified by the first permission information is greater than the permission account range specified by the second permission information.
[0293] In some embodiments, the apparatus further includes:
[0294] The second configuration module is used to set a hit strategy for the target file stored in the first storage area;
[0295] The second execution module is used to perform file operations on the target file according to the hit strategy.
[0296] In some embodiments, the second execution module is specifically configured to perform at least one of the following:
[0297] The target file is encrypted according to the hit strategy;
[0298] The target file is de-identified according to the hit strategy;
[0299] Pre-defined operations on the target file are disabled.
[0300] In some embodiments, the predetermined operation includes, but is not limited to, at least one of the following: downloading, copying, transferring, decrypting, granting file operation permissions, sharing, and forwarding.
[0301] This disclosure provides a file processing method, which may include:
[0302] When a file is uploaded to the cloud, the new file content is temporarily stored in the upload cache space provided by the cloud. This cache space is the aforementioned second storage area.
[0303] The user readability of files in this cache space is controlled by the management device (e.g., a background device) according to display policies. After a file is temporarily stored there, the scanning service will identify its content.
[0304] After the identification process is complete and no sensitive words are confirmed, the file will be moved from the upload cache space and stored in the original upload target directory of the cloud file. The storage space of this target directory is a first storage space, different from the cache space. This first and second storage spaces can be different cloud spaces.
[0305] There are several display strategies; two are provided below:
[0306] One type is when the file is uploaded to the scanning service area;
[0307] Another possibility is that the file is not visible when uploaded to the scanning service area.
[0308] When the option to make the file invisible is selected, the uploaded file will be invisible to all accounts in the region. The file will only be released after the scanning service has finished running and there are no abnormalities. The file will then be displayed normally on the cloud file system.
[0309] Typical use cases: This configuration option can be selected for applications requiring national cryptographic standards or virus scanning.
[0310] When visibility is selected, the cached space for uploaded files will then be visible to all accounts, and the file hit strategy can be set.
[0311] Typical use case: This configuration option can be selected when a file contains sensitive words and needs to be encrypted or have those words removed.
[0312] Document scanning can be performed as follows:
[0313] If a file is detected as containing sensitive words related to Chinese cryptography, it will be directly blocked and will not be uploaded to the target directory.
[0314] If a file is detected to contain a virus, it will be directly blocked and will not be uploaded to the target directory.
[0315] If a document contains sensitive words, it will be reviewed according to the sensitive word review process.
[0316] Files without detected sensitive words will be displayed directly in the cloud file upload location:
[0317] Enterprise documents: Visible only to the uploaded account, and can be accessed by the corresponding account.
[0318] Enterprise documents can be viewed only by members of the enterprise team; other accounts need to join the team or be authorized to access them.
[0319] Document review can be conducted as follows:
[0320] When a file contains sensitive words, it will first be encrypted, then a notification will be sent to the review account and the file uploader.
[0321] When the reviewing account receives the message: the system will grant the reviewing account permission to read the file.
[0322] File visibility: Other accounts can see the file, but cannot open it.
[0323] Files that are not visible: Only the reviewing account can see them; the uploader and other accounts still cannot see or open them.
[0324] The account can be approved or rejected based on the information provided in this review.
[0325] Approved:
[0326] The file is displayed in the list of cloud files, and all accounts can see the file. The file can be managed according to the "hit policy".
[0327] The system grants the file uploader read, edit, and store permissions. The uploader can view the file on the cloud file platform and delete any keywords found in the file. After deletion, the file will be scanned again. If no sensitive words are found, the file will be displayed normally on the cloud file platform, and all accounts can open and operate it normally.
[0328] The review failed: Delete the file completely from the cloud file system.
[0329] Hitting strategies may include: encrypting files that have hit the keywords, de-identifying filenames, prohibiting downloads, prohibiting copying, prohibiting movement, prohibiting decryption, prohibiting authorization, and prohibiting sharing.
[0330] Embodiments of this disclosure also provide an electronic device, including:
[0331] processor;
[0332] Memory used to store processor-executable instructions;
[0333] The processor is configured to implement the file processing method described in any embodiment of this disclosure when running the executable instructions.
[0334] The electronic device may be, but is not limited to, a cloud device.
[0335] The memory may include various types of storage media, which are non-temporary computer storage media that can continue to store information after the communication device loses power.
[0336] The processor can be connected to the memory via a bus or similar means to read executable programs stored in the memory, for example, to implement... Figure 1 , Figure 5 and Figure 6 At least one of the methods shown.
[0337] Embodiments of this disclosure also provide a computer-readable storage medium storing an executable program, wherein the executable program, when executed by a processor, implements the file processing method described in any embodiment of this disclosure. For example, implementing... Figure 1 , Figure 5 and Figure 6 At least one of the methods shown.
[0338] Regarding the apparatus in the above embodiments, the specific manner in which each module performs its operation has been described in detail in the embodiments related to the method, and will not be elaborated upon here.
[0339] This disclosure provides an electronic device, including: a processor; and a memory for storing processor-executable instructions; wherein the processor is configured to, when executing the executable instructions, implement a file processing method provided by any of the foregoing technical solutions, for example, ... Figure 1 , Figure 5 and / or Figure 6 The file processing method shown.
[0340] like Figure 8 As shown, one embodiment of this disclosure illustrates the structure of an electronic device. For example, the electronic device 900 can be provided as a network-side device. (Refer to...) Figure 8 Electronic device 900 includes a processing component 922, which further includes one or more processors, and memory resources represented by memory 932 for storing instructions executable by the processing component 922, such as application programs. The application programs stored in memory 932 may include one or more modules, each corresponding to a set of instructions. Furthermore, the processing component 922 is configured to execute a program to perform any of the methods described above applied to the access device, for example, as shown in Figures 4 to 5. Figure 7 Any of the methods shown.
[0341] Electronic device 900 may also include a power supply component 926 configured to perform power management of electronic device 900, a wired or wireless network interface 950 configured to connect electronic device 900 to a network, and an input / output (I / O) interface 958. Electronic device 900 may operate on an operating system stored in memory 932, such as Windows Server™, Mac OS X™, Unix™, Linux™, FreeBSD™, or similar.
[0342] In an exemplary embodiment, this disclosure provides a computer-readable storage medium storing an executable program, wherein the executable program, when executed by a processor, implements the file processing method provided by any of the foregoing technical solutions.
[0343] Specifically, the computer-readable storage medium may be a non-transitory computer-readable storage medium.
[0344] For example, a memory 932 including an executable program may be used to execute the above instructions by a processing component 922 of an electronic device 900 to perform the above method.
[0345] The non-transitory computer-readable storage medium may be ROM, random access memory (RAM), CD-ROM, magnetic tape, floppy disk, and optical data storage device, etc.
[0346] Other embodiments of the invention will readily occur to those skilled in the art upon consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention that follow the general principles of the invention and include common knowledge or customary techniques in the art not disclosed herein. The specification and examples are to be considered exemplary only, and the true scope and spirit of the invention are indicated by the following claims.
[0347] It should be understood that the present invention is not limited to the precise structure described above and shown in the accompanying drawings, and various modifications and changes can be made without departing from its scope. The scope of the invention is limited only by the appended claims.
Claims
1. A file processing method, characterized in that, Performed by an electronic device, the method includes: Receive a request to store the target file in the first storage area; the first storage area is the target storage area. The received target file is temporarily stored in a second storage area; the second storage area is a temporary storage area. The detection result is obtained by checking whether the target file temporarily stored in the second storage area contains preset information. If the detection result indicates that the target file contains the preset information, determine whether to display the file information of the target file according to the display strategy. Based on the detection results, determine whether to transfer the target file temporarily stored in the second storage area to the first storage area; Wherein, if the detection result indicates that the target file contains the preset information, determining whether to display the file information of the target file according to the display strategy includes: If the detection result indicates that the target file contains the preset information and the display strategy is the second strategy, it is determined that the file information of the target file will be displayed on the preset page logged in with the first type of account, and the file information of the target file will be hidden on the preset page logged in with the second type of account. or, If the detection result indicates that the target file contains the preset information and the display strategy is the third strategy, the target file is processed to obtain a processed target file, and the file information of the processed target file is displayed.
2. The method according to claim 1, characterized in that, The file information is used to indicate and / or obtain at least a portion of the target file temporarily stored in the second storage area.
3. The method according to claim 1, characterized in that, When the detection result indicates that the target file contains the preset information, determining whether to display the file information of the target file according to the display strategy includes: If the detection results indicate that the target file contains the preset information and the display strategy is the first strategy, then the file information of the target file is determined to be hidden.
4. The method according to claim 1, characterized in that, The step of determining whether to transfer the target file temporarily stored in the second storage area to the first storage area based on the detection result includes: If the detection result indicates that the target file contains the first type of information, it is determined that the target file will not be transferred to the first storage area; or, If the detection result indicates that the target file contains the second type of information, a decision is made based on the review result of the target file to determine whether to transfer the target file to the first storage area.
5. The method according to claim 4, characterized in that, The step of determining not to transfer the target file to the first storage area when the detection result indicates that the target file contains the first type of information includes: If the detection result indicates that the target file contains a preset level of security information, it is determined not to transfer the target file to the first storage area. And / or, If the detection result indicates that the target file contains threat information, it is determined not to transfer the target file to the first storage area, wherein the threat information includes: viruses and / or entry information connected to the threat information.
6. The method according to claim 4, characterized in that, The step of determining whether to transfer the target file to the first storage area based on the review result of the target file includes at least one of the following: If the review result is approved, it is determined that the target file temporarily stored in the second storage area will be transferred to the first storage area; If the audit result is unsuccessful, it is determined that the target file temporarily stored in the second storage area will not be transferred to the first storage area.
7. The method according to claim 6, characterized in that, The method further includes: Configure permission information for the target file stored in the first storage area; File operations are performed on the target file stored in the first storage area based on the permission information.
8. The method according to claim 6, characterized in that, The method further includes: Set a hit policy for the target file stored in the first storage area; File operations are performed on the target file according to the hit strategy.
9. The method according to claim 8, characterized in that, The file operation performed on the target file according to the hit strategy includes at least one of the following: The target file is encrypted according to the hit strategy; The target file is de-identified according to the hit strategy; Pre-defined operations on the target file are disabled.
10. A document processing device, characterized in that, The device includes: The receiving module is used to receive a target file requested to be stored in a first storage area; the first storage area is the target storage area. A temporary storage module is used to temporarily store the received target file in a second storage area; the second storage area is a temporary storage area. The detection module is used to detect whether the target file temporarily stored in the second storage area contains preset information and obtain the detection result; The display module is used to determine whether to display the file information of the target file according to a display strategy when the detection result shows that the target file contains the preset information. The determining module is used to determine, based on the detection result, whether to transfer the target file temporarily stored in the second storage area to the first storage area; The display module is further configured to, when the detection result indicates that the target file contains the preset information and the display strategy is the second strategy, determine to display the file information of the target file on a preset page logged in with a first type of account and hide the file information of the target file on a preset page logged in with a second type of account; or, when the detection result indicates that the target file contains the preset information and the display strategy is the third strategy, process the target file to obtain a processed target file and display the file information of the processed target file.
11. An electronic device, characterized in that, include: processor; Memory used to store processor-executable instructions; The processor is configured to implement the file processing method according to any one of claims 1-9 when running the executable instructions.
12. A computer-readable storage medium, characterized in that, The readable storage medium stores an executable program, wherein the executable program, when executed by a processor, implements the file processing method according to any one of claims 1-9.