Search

CN-122020698-A - File management and control method, system, cloud end and storage medium based on data leakage prevention service

CN122020698ACN 122020698 ACN122020698 ACN 122020698ACN-122020698-A

Abstract

The invention relates to the technical field of data monitoring, and discloses a file management and control method, a system, a cloud and a storage medium based on data leakage-proof service, wherein the method comprises the following steps: the method comprises the steps of calling all access record contents to be displayed on an application end through an interface of inquiring access records, carrying out access record management and illegal access records on a cloud end, giving out a warning at the first time when a file is accessed illegally, positioning specific information of equipment, account numbers and environments which are likely to be leaked when the file is leaked, and optimizing an anti-leakage service file for monitoring texts. The invention realizes the new access record by modifying the file header information, thereby improving the efficiency of full-flow management and control of the file and positioning the operating environment information of the file.

Inventors

  • WANG YIZHUO

Assignees

  • 深圳开鸿数字产业发展有限公司

Dates

Publication Date
20260512
Application Date
20251210

Claims (10)

  1. 1. The file management and control method based on the data leakage prevention service is characterized by comprising the following steps of: Acquiring configuration information of a target file, acquiring a plurality of file encryption keys according to the configuration information, generating corresponding encryption credentials according to the plurality of public key encryption keys, and packaging all the encryption credentials and all the file encryption keys to obtain an anti-leakage service file; Receiving an access request of a query user, verifying the authority of the query user according to the access request, decrypting the anti-leakage service file according to the account information of the query user if the verification is passed, and generating an access record file; Carrying out real-time scanning on the constructed Bluetooth scanning information document, and if the access process of the inquiring user is not recorded in the Bluetooth scanning information document, adding the access record file into the Bluetooth scanning information document; And determining a plurality of abnormal accounts according to the Bluetooth scanning information document, positioning an access process of each abnormal account to the target file, and optimizing the anti-leakage service file.
  2. 2. The method for managing and controlling files based on the data leakage prevention service according to claim 1, wherein the obtaining configuration information of the target file, obtaining a plurality of file encryption keys according to the configuration information, generating corresponding encryption credentials according to a plurality of public key encryption keys, and packaging all the encryption credentials and all the file encryption keys to obtain the leakage prevention service file, specifically comprises: acquiring configuration information of a target file, judging the access type of the target file according to the configuration information, and adding a plurality of file encryption keys for the configuration information according to the access type; generating a corresponding number of public key encryption keys according to the number of the file encryption keys, and generating corresponding encryption credentials according to each public key encryption key; And packing each encryption credential and each file encryption key according to the access type to obtain corresponding anti-leakage service subfiles, and integrating each anti-leakage service subfile to obtain the anti-leakage service file of the target file.
  3. 3. The method for file management based on a data leakage prevention service according to claim 2, wherein said access request comprises one or more of a create file request, an edit file request, a query file request, or a copy file request; The method comprises the steps of receiving an access request of a query user, verifying the authority of the query user according to the access request, decrypting the anti-leakage service file according to the account information of the query user if the authority passes the verification, and generating an access record file, wherein the method specifically comprises the following steps: Receiving the file creating request, the file editing request, the file inquiring request or the file copying request of an inquiring user, acquiring the authority level of the inquiring user, and performing level verification on the authority level; if the verification result of the level verification is passed, receiving account information of the inquiring user, and decrypting the encrypted credentials of a plurality of anti-leakage service subfiles according to a plurality of decryption keys in the account information; if the encryption credential of a certain anti-leakage service sub-file is successfully decrypted, adding access record information of current access in the corresponding anti-leakage service sub-file; and generating an access record file according to all the updated anti-leakage service subfiles.
  4. 4. The method for managing and controlling files based on the data leakage prevention service according to claim 3, wherein the leakage prevention service subfiles comprise header information, public key certificates, authorization information, file contents and history access records; the public key certificate includes an access type and randomly generated key data.
  5. 5. The method for managing files based on the data leakage prevention service according to claim 4, wherein decrypting the encrypted credentials of the plurality of leakage prevention service subfiles according to the plurality of decryption keys in the account information specifically comprises: reading header information of a plurality of anti-leakage service subfiles, checking each header information, and acquiring data segment information of each anti-leakage service subfile; obtaining the authority level corresponding to each anti-leakage service sub-file through the access type of each anti-leakage service sub-file, and adding each authority level and each corresponding data segment information into an encrypted file entity; And recreating a corresponding file link in a user space file system according to each encrypted file entity, and decrypting the file link through each decryption key.
  6. 6. The method for managing and controlling files based on the data leakage prevention service according to claim 3, wherein the access record information comprises an access request, an operation time, a current file level, a query user, account information, a current device identification, bluetooth scanning information of a current environment, wi-Fi information of the current environment and a current coordinate; the real-time scanning is performed on the constructed bluetooth scanning information document, and if the access process of the inquiring user is not recorded in the bluetooth scanning information document, the access record file is added into the bluetooth scanning information document, which specifically comprises the following steps: carrying out real-time scanning on the constructed Bluetooth scanning information document, and judging whether the Bluetooth scanning information document stores a current access record or not; If the Bluetooth scanning information of the current environment is not queried, judging that the Bluetooth scanning information document does not store the current access record, and adding the access record file of the current access record into the Bluetooth scanning information document.
  7. 7. The method for managing and controlling files based on the data leakage prevention service according to claim 1, wherein determining a plurality of abnormal accounts according to the bluetooth scan information document, locating an access process of each abnormal account to the target file, and optimizing the leakage prevention service file, comprises: Acquiring all access processes according to the Bluetooth scanning information document, and judging the inquiring user as an abnormal account if the permission level of the inquiring user is not matched with the anti-leakage service subfile corresponding to a certain access process; extracting abnormal anti-leakage service subfiles corresponding to all abnormal access processes, and positioning operation environment information of the abnormal access processes according to all the abnormal anti-leakage service subfiles; Updating the encryption credentials of each abnormal anti-leakage service sub-file to obtain a corresponding optimized anti-leakage service sub-file, and integrating the optimized anti-leakage service sub-file into a current anti-leakage service file.
  8. 8. A data leakage prevention service-based file management and control system, wherein the data leakage prevention service-based file management and control system is applied to the data leakage prevention service-based file management and control method as set forth in any one of claims 1 to 7, and the data leakage prevention service-based file management and control system includes: the file construction module is used for acquiring configuration information of the target file, acquiring a plurality of file encryption keys according to the configuration information, generating corresponding encryption credentials according to the plurality of public key encryption keys, and packaging all the encryption credentials and all the file encryption keys to obtain an anti-leakage service file; The access recording module is used for receiving an access request of a query user, verifying the authority of the query user according to the access request, decrypting the anti-leakage service file according to the account information of the query user if the authority passes the verification, and generating an access recording file; The Bluetooth scanning module is used for scanning the constructed Bluetooth scanning information document in real time, and if the access process of the inquiring user is not recorded in the Bluetooth scanning information document, the access record file is added into the Bluetooth scanning information document; and the optimizing module is used for determining a plurality of abnormal accounts according to the Bluetooth scanning information document, positioning the access process of each abnormal account to the target file, and optimizing the anti-leakage service file.
  9. 9. The cloud terminal is characterized by comprising a memory, a processor and a file control program which is stored on the memory and can run on the processor and is based on data leakage prevention service, wherein the file control program based on the data leakage prevention service realizes the steps of the file control method based on the data leakage prevention service according to any one of claims 1-7 when the file control program based on the data leakage prevention service is executed by the processor.
  10. 10. A computer-readable storage medium, wherein the computer-readable storage medium stores a data-leakage-service-based file management program, which when executed by a processor, implements the steps of the data-leakage-service-based file management method according to any one of claims 1 to 7.

Description

File management and control method, system, cloud end and storage medium based on data leakage prevention service Technical Field The present invention relates to the field of data monitoring technologies, and in particular, to a file management and control method, system, cloud end and computer readable storage medium based on a data leakage prevention service. Background The data anti-leakage service (Data Loss Prevention, abbreviated as DLP) is a data anti-leakage solution provided by a system, a data owner can perform authority configuration on a confidential file based on account authentication, the confidential file is allowed to have read-only, editing and owner authorities, then the confidential file can be stored through ciphertext, authentication and authorization can be performed on equipment supporting a DLP mechanism through end cloud coordination, and the capability of accessing and modifying the data is obtained. However, in the existing file management method based on the DLP mechanism, the service is interrupted, for example, strict monitoring may misjudge normal operation (such as personnel sending working files through private mailboxes), so that the service flow is blocked, and part of enterprises are forced to only start a monitoring mode due to high misinformation rate, so that the protection effect is weakened. Accordingly, the prior art is still in need of improvement and development. Disclosure of Invention The invention mainly aims to provide a file management and control method, a system, a cloud end and a computer readable storage medium based on data leakage prevention service, and aims to solve the problem that in the prior art, the monitoring file circulation process possibly has a situation that a business process is blocked, so that the overall process management and control efficiency of files is low. In order to achieve the above object, the present invention provides a file management and control method based on a data leakage prevention service, the file management and control method based on the data leakage prevention service includes the following steps: Acquiring configuration information of a target file, acquiring a plurality of file encryption keys according to the configuration information, generating corresponding encryption credentials according to the plurality of public key encryption keys, and packaging all the encryption credentials and all the file encryption keys to obtain an anti-leakage service file; Receiving an access request of a query user, verifying the authority of the query user according to the access request, decrypting the anti-leakage service file according to the account information of the query user if the verification is passed, and generating an access record file; Carrying out real-time scanning on the constructed Bluetooth scanning information document, and if the access process of the inquiring user is not recorded in the Bluetooth scanning information document, adding the access record file into the Bluetooth scanning information document; And determining a plurality of abnormal accounts according to the Bluetooth scanning information document, positioning an access process of each abnormal account to the target file, and optimizing the anti-leakage service file. Optionally, the method for managing and controlling files based on the data anti-leakage service includes the steps of obtaining configuration information of a target file, obtaining a plurality of file encryption keys according to the configuration information, generating corresponding encryption credentials according to the plurality of public key encryption keys, and packaging all the encryption credentials and all the file encryption keys to obtain an anti-leakage service file, wherein the method specifically includes: acquiring configuration information of a target file, judging the access type of the target file according to the configuration information, and adding a plurality of file encryption keys for the configuration information according to the access type; generating a corresponding number of public key encryption keys according to the number of the file encryption keys, and generating corresponding encryption credentials according to each public key encryption key; And packing each encryption credential and each file encryption key according to the access type to obtain corresponding anti-leakage service subfiles, and integrating each anti-leakage service subfile to obtain the anti-leakage service file of the target file. Optionally, the file management method based on the data leakage prevention service, wherein the access request comprises one or more of creating a file request, editing a file request, querying a file request or copying a file request; The method comprises the steps of receiving an access request of a query user, verifying the authority of the query user according to the access request, decrypting the anti-leakage service file according to th