CN119378018A - A file export control method and device for desktop cloud - Google Patents

Abstract

The present application discloses a file export control method and device for a desktop cloud, which relates to the field of computers. The method comprises: in response to an upload request for a first file, encrypting the first file to obtain a second file; segmenting the second file to obtain a plurality of third files and a random storage directory corresponding to each of the third files; storing the third files respectively in corresponding storage locations in a storage server corresponding to the desktop cloud according to their respective corresponding random storage directories; wherein the third files are used to be exported from the storage server to a local electronic device in response to an export request for the first file.

Description

File export control method and device for desktop cloud

Technical Field

The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for controlling file export of a desktop cloud.

Background

At present, in the process of exporting a file of a desktop cloud, the situation that file data is intercepted exists, so that the security of the file is lower.

Therefore, a technical solution for improving file security in the desktop cloud file export process is needed.

Disclosure of Invention

In view of the above problems, the application provides a method and a device for controlling file export of a desktop cloud, so as to achieve the purpose of improving file security. The specific scheme is as follows:

The first aspect of the application provides a method for controlling file export of a desktop cloud, which comprises the following steps:

Encrypting a first file in response to an uploading request for the first file to obtain a second file;

dividing the second file to obtain a plurality of third files and random storage catalogues corresponding to the third files;

respectively storing the third files to corresponding storage positions in a storage server corresponding to the desktop cloud according to the random storage catalogues corresponding to the third files;

Wherein the third file is for export from the storage server to a local electronic device in response to an export request for the first file.

In one possible implementation, the splitting processing is performed on the second file to obtain a plurality of third files and a random storage directory corresponding to each third file, where the splitting processing includes:

dividing the second file according to the generated random number to obtain a plurality of third files, wherein the number of the third files is consistent with the random number;

Generating a corresponding random character string for each third file respectively;

and creating a random storage catalog for the corresponding third file according to the random character string, wherein the random character string is used as the file name of the third file in the random storage catalog.

In one possible implementation, the method further comprises:

Recording file attributes corresponding to the first file into a database;

The file attribute at least comprises the random storage catalogue of each third file corresponding to the first file and a export code corresponding to the first file, wherein the export code is used for uniquely characterizing the first file.

In one possible implementation, before encrypting the first file to obtain the second file, the method further includes:

Obtaining a file type corresponding to the first file;

Obtaining an approval rule corresponding to the first file according to the file type;

according to the approval rule, an approval request is sent to an approval device to obtain an approval result fed back by the approval device according to the approval rule;

And generating a export code for the first file under the condition that the approval result characterization allows the first file to be uploaded, wherein the export code is used for uniquely characterizing the first file.

In one possible implementation, the file types include any one of a source code type, a document type, and an installation package type;

Wherein, the approval rules corresponding to different file types are different.

In one possible implementation, before obtaining the file type corresponding to the first file, the method further includes:

Calculating a current check code corresponding to the first file;

comparing the current check code with the check code carried in the uploading request to obtain a comparison result;

If the comparison result indicates that the current check code is consistent with the check code carried in the uploading request, executing the step of obtaining the file type corresponding to the first file;

And if the comparison result indicates that the current check code is inconsistent with the check code carried in the uploading request, sending prompt information to uploading equipment corresponding to the uploading request, wherein the prompt information is used for prompting to re-upload the first file.

The second aspect of the application provides a method for controlling file export of a desktop cloud, which comprises the following steps:

the method comprises the steps of responding to a export request aiming at a first file, obtaining a random storage directory corresponding to each third file corresponding to the first file, wherein the number of the third files is multiple, and the third files are obtained by encrypting and dividing the first file;

reading each third file from a storage server corresponding to the desktop cloud according to the random storage directory;

merging the third files to obtain a second file;

And transmitting the second file to local electronic equipment, wherein the electronic equipment is used for decrypting the second file so as to obtain the first file.

In one possible implementation, obtaining a random storage directory corresponding to each third file corresponding to the first file includes:

and according to the export code in the export request, inquiring a random storage directory corresponding to the export code in a database to obtain a random storage directory corresponding to each third file corresponding to the first file.

A third aspect of the present application provides a file export control apparatus for a desktop cloud, the apparatus including:

a file encrypting unit, configured to encrypt a first file in response to an upload request for the first file, so as to obtain a second file;

The file dividing unit is used for dividing the second files to obtain a plurality of third files and random storage catalogues corresponding to the third files;

The file storage unit is used for respectively storing the third files to corresponding storage positions in a storage server corresponding to the desktop cloud according to the random storage catalogues corresponding to the third files;

Wherein the third file is for export from the storage server to a local electronic device in response to an export request for the first file.

A fourth aspect of the present application provides a file export control apparatus for a desktop cloud, the apparatus including:

The system comprises a catalog obtaining unit, a storage processing unit and a storage processing unit, wherein the catalog obtaining unit is used for responding to a export request for a first file and obtaining a random storage catalog corresponding to each third file corresponding to the first file;

The file reading unit is used for reading each third file from a storage server corresponding to the desktop cloud according to the random storage directory;

The file merging unit is used for merging the third files to obtain second files;

And the file transmission unit is used for transmitting the second file to local electronic equipment, and the electronic equipment is used for decrypting the second file so as to obtain the first file.

A fifth aspect of the present application provides a computer program product comprising computer readable instructions which, when run on an electronic device, cause the electronic device to implement the above-mentioned first aspect, second aspect or a file export control method of a desktop cloud of any implementation of the first or second aspect.

A sixth aspect of the application provides an electronic device comprising at least one processor and a memory coupled to the processor, wherein:

the memory is used for storing a computer program;

The processor is configured to execute the computer program, so that the electronic device can implement the first aspect, the second aspect, or a method for controlling file export of a desktop cloud in any implementation manner of the first aspect or the second aspect.

A fifth aspect of the present application provides a computer storage medium carrying one or more computer programs, which when executed by an electronic device, enable the electronic device to implement the method for controlling file export of a desktop cloud according to the first aspect, the second aspect, or any implementation manner of the first aspect or the second aspect.

By means of the technical scheme, in the file export control method and device for the desktop cloud, the uploading request of the file is responded, the file to be uploaded can be encrypted and segmented, so that the segmented files are respectively stored in corresponding storage positions in the storage server according to the corresponding random storage catalogue, the files can be exported to local electronic equipment from the storage server in response to the export request, the files are encrypted and segmented, and even if the files are intercepted illegally, the original files cannot be restored, and therefore file security is improved.

Drawings

The above and other features, advantages, and aspects of embodiments of the present disclosure will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. The same or similar reference numbers will be used throughout the drawings to refer to the same or like elements. It should be understood that the figures are schematic and that elements and components are not necessarily drawn to scale.

Fig. 1 is a schematic flow chart of a method for controlling file export of a desktop cloud according to an embodiment of the present application;

FIG. 2 is a diagram of a desktop cloud and a local electronic device according to an embodiment of the present application;

FIG. 3 is a partial flowchart of a method for controlling file export of a desktop cloud according to an embodiment of the present application;

fig. 4 is another flowchart of a method for controlling file export of a desktop cloud according to an embodiment of the present application;

FIG. 5 is a flowchart of a method for controlling file export of a desktop cloud according to an embodiment of the present application;

Fig. 6 is a flowchart of another implementation method for controlling file export of a desktop cloud according to an embodiment of the present application.

Fig. 7 is a schematic structural diagram of a device for controlling file export of a desktop cloud according to an embodiment of the present application;

Fig. 8, fig. 9, and fig. 10 are respectively another schematic structural diagrams of a file export control device of a desktop cloud according to an embodiment of the present application;

fig. 11 is a schematic structural diagram of another device for controlling file export of a desktop cloud according to an embodiment of the present application;

fig. 12 is a schematic structural diagram of an electronic device according to an embodiment of the present application;

FIG. 13 is a deployment architecture diagram of a file export system implemented in an embodiment of the present application;

FIG. 14 is a flow chart of a method for implementing file upload in an embodiment of the present application;

FIG. 15 is a schematic flow chart of implementing file uploading in an embodiment of the application;

FIG. 16 is a schematic diagram of identifying pdf document types in an embodiment of the present application;

FIG. 17 is an exemplary diagram of identifying the source code type of the C language in an embodiment of the application;

fig. 18 is a schematic flow chart of implementing file export in an embodiment of the present application.

Detailed Description

Embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application. The terminology used in the description of the embodiments of the application herein is for the purpose of describing particular embodiments of the application only and is not intended to be limiting of the application.

Embodiments of the present application are described below with reference to the accompanying drawings. As one of ordinary skill in the art can know, with the development of technology and the appearance of new scenes, the technical scheme provided by the embodiment of the application is also applicable to similar technical problems.

The terms first, second and the like in the description and in the claims and in the above-described figures, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the terms so used are interchangeable under appropriate circumstances and are merely illustrative of the manner in which embodiments of the application have been described in connection with the description of the objects having the same attributes. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of elements is not necessarily limited to those elements, but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.

Referring to fig. 1, a flowchart of a method for controlling file export of a desktop cloud according to an embodiment of the present application may be applied to a management server deployed on the desktop cloud, where the management server is configured to manage uploading and exporting of a file, so that an uploaded file may be exported to a local electronic device, as shown in fig. 2. The technical scheme in the embodiment is mainly used for improving the security of file uploading and exporting.

Specifically, the method in this embodiment may include the following steps:

Step 101, in response to an uploading request for the first file, encrypting the first file to obtain a second file.

The uploading request can be generated by a user accessing the export service page on the management server through the browser and performing corresponding operation. For example, the user fills in the uploading application form on the export service page, where the uploading application form includes a file to be uploaded, such as a code file, an image file, etc., and may further include a check code corresponding to the file to be uploaded, such as a check code based on the Message Digest Algorithm MD5 (Message-Digest Algorithm 5), and in response to the user operating on the export service page, an uploading request may be generated, where the uploading request includes a file to be uploaded, that is, a first file, and may further include a check code corresponding to the first file.

Specifically, in this embodiment, the encryption key may be used to encrypt the first file based on a corresponding encryption algorithm, such as the advanced encryption standard AES (Advanced Encryption Standard) algorithm, so as to obtain the second file, and at the same time, the encryption key may be stored in the database in an encryption manner.

Further, in this embodiment, after the second file is obtained, the first file may be deleted, so as to avoid leakage of the first file and ensure file security.

And 102, carrying out segmentation processing on the second files to obtain a plurality of third files and random storage catalogues corresponding to the third files.

In this embodiment, the second files may be divided according to a specific number, and corresponding random access directories may be generated for the divided third files respectively.

And 103, respectively storing the third files to corresponding storage positions in a storage server corresponding to the desktop cloud according to the random storage catalogues corresponding to the third files.

Wherein the third file is for export from the storage server to the local electronic device in response to an export request for the first file. Specifically, in this embodiment, in response to a export request for a first file, a random storage directory corresponding to each third file corresponding to the first file is obtained first, then, according to the random storage directory, each third file is read from a storage server corresponding to a desktop cloud, then, the third files are combined, and then, the obtained second file is transmitted to a local electronic device, and the local electronic device can decrypt the second file to obtain the first file.

By means of the technical scheme, in the file export control method of the desktop cloud, the uploading request of the file is responded, the file to be uploaded can be encrypted and segmented, the segmented files are respectively stored in the corresponding storage positions in the storage server according to the corresponding random storage catalogue, the files can be exported to the local electronic equipment from the storage server in response to the export request, the files are encrypted and segmented, and therefore the original files cannot be restored even if the files are illegally intercepted, and file security is improved.

In one implementation manner, in this embodiment, a file attribute corresponding to the first file may also be recorded in the database.

The file attribute of the first file at least comprises a random storage directory of each third file corresponding to the first file and a export code corresponding to the first file, wherein the export code is used for uniquely characterizing the first file.

It should be noted that, the export code corresponding to the first file may be generated before the first file is encrypted.

Specifically, in this embodiment, the export code may be generated according to the name of the uploading requester corresponding to the first file, the time of uploading application, the file name of the first file, and so on. For example, in this embodiment, the name of the uploading requester, the time of the uploading application, and the file name of the first file are used as input parameters, and the bottom interface provided by the operating system of the management server is called to access the random number source, and the generated random number is used as the export code. The derived code is recorded to a database.

Based on this, an export code may be carried in the export request for the first file, where the export code characterizes that the first file needs to be exported. Based on the above, according to the export code in the export request, the random storage directory corresponding to each third file corresponding to the first file can be queried in the database, and then each third file can be read according to the random storage directories, and then the third files are combined to obtain the second file, and then transmitted to the local electronic device, the electronic device can query the encryption key corresponding to the first file in the database, and based on the encryption key, the electronic device can decrypt the second file according to the decryption key corresponding to the queried encryption key to obtain the first file.

In one implementation manner, the splitting processing of the second file in step 102 to obtain a plurality of third files and a random storage directory corresponding to each third file may be implemented in the following manner, as in fig. 3:

step 301, dividing the second file according to the generated random number to obtain a plurality of third files.

Wherein the number of third files corresponds to the random number.

For example, in this embodiment, a random number N of 3 to 9 bits may be generated by a random algorithm, and then the second file is divided according to the random number N, so as to obtain N third files.

Specifically, in this embodiment, the file division size may be determined according to the file size of the second file and the random number N, for example, the file size of the second file is divided by the random number N to obtain the file division size, and then, a plurality of third files with corresponding sizes are divided in the second file according to the file division size.

Step 302, generating a corresponding random character string for each third file.

The number of the random character strings is consistent with that of the third files, and the random character strings are in one-to-one correspondence with the third files.

For example, in this embodiment, an open source cryptographic tool package, such as opensl, may be invoked to generate N8-bit random strings, such as string1, string2, stringN, each corresponding to a third file.

Step 303, creating a random storage catalog for the corresponding third file according to the random character string.

Wherein, the random character string is used as the file name of the third file in the random storage catalog.

Specifically, in this embodiment, a corresponding random storage directory, such as/opt/data/string 1,/opt/data/string 2,/opt/data/stringN, may be created according to random character strings, where each random storage directory corresponds to a third file, and the random storage directory includes a random character string, and the random character string is used as a file name of the corresponding third file, that is, the third file does not use the original file name of the first file any more, so that it is avoided to intercept the file according to the file name, and file security is improved.

In one implementation, before encrypting the first file to obtain the second file in step 101, the method in this embodiment may further include the following processes, as shown in fig. 4:

Step 104, obtaining the file type corresponding to the first file.

The file type may include any one of a source code type, a document type, and an installation package type. In this embodiment, after the decompression processing is performed on the first file, the first file is scanned to obtain a file type of the first file, and then the file type of the first file is recorded in the database.

And 105, obtaining an approval rule corresponding to the first file according to the file type.

Wherein, the approval rules corresponding to different file types are different. Each file type corresponds to a respective set of approval rules. For example, the source code type corresponds to approval rules of the source code, the document type corresponds to approval rules of the document, and the installation package type corresponds to approval rules of the installation package.

And 106, sending an approval request to the approval device according to the approval rule to obtain an approval result fed back by the approval device according to the approval rule.

Specifically, in this embodiment, an approval rule is added to an approval request, the approval request is sent to an approval device, the approval device is an electronic device used by an approver, the approval device provides the approval rule to the approver after receiving the approval request, the approver refers to the approval rule to perform approval processing on the approval request and set an approval result, and the approval device feeds back the approval result to the management server in this embodiment. Therefore, in this embodiment, by providing the approval rules to the approval device, the accuracy and efficiency of approval of the document by the approver are improved.

Wherein the approval result may characterize whether the first file is allowed to be uploaded.

Step 107, judging whether the approval result represents that the first file is allowed to be uploaded or not, executing step 108 when the approval result represents that the first file is allowed to be uploaded, and outputting prompt information to prompt an uploading requester to re-upload the file when the approval result represents that the first file is not allowed to be uploaded.

Step 108, generating a export code for the first file, wherein the export code is used for uniquely characterizing the first file, and then executing step 101.

Specifically, in step 108, the export code may be generated according to the name of the uploading requester corresponding to the first file, the time of uploading application, the file name of the first file, and so on.

For example, in this embodiment, the name of the uploading requester, the time of the uploading application, and the file name of the first file are used as input parameters, the bottom layer interface provided by the operating system of the management server is called to access the random number source, the generated random number is used as the export code, and then the export code is recorded in the database.

In one implementation, before the file type corresponding to the first file is obtained in step 104, the present embodiment may further include the following steps, as shown in fig. 5:

and 109, calculating the current check code corresponding to the first file.

Specifically, in this embodiment, the check code calculation may be performed on the first file according to MD5 to obtain the current check code.

And 110, comparing the current check code with the check code carried in the uploading request to obtain a comparison result.

Step 111, judging whether the comparison result represents that the current check code is consistent with the check code carried in the uploading request, if so, executing step 104, and if not, executing step 112.

If the comparison result indicates that the current check code is consistent with the check code carried in the uploading request, it indicates that the uploading of the first file is not wrong, and step 104 is executed to obtain the file type corresponding to the first file.

Step 112, sending a prompt message to the uploading device corresponding to the uploading request, where the prompt message is used to prompt the first file to be uploaded again.

It should be noted that if the comparison result indicates that the current check code is consistent with the check code carried in the uploading request, the current check code or the check code carried in the uploading request may be recorded in the database. Based on this, the database may include the name of the uploading requester corresponding to the first file, the unit or department to which the uploading requester belongs, the uploading application time, the file name of the first file, the check code corresponding to the first file, the export code of the first file, the file type of the first file, the encryption key and decryption key corresponding to the first file, the random storage directory of each third file corresponding to the first file, and so on.

Referring to fig. 6, a flowchart of an implementation of a method for controlling file export of a desktop cloud according to an embodiment of the present application may be applied to a management server deployed on the desktop cloud, where the management server is configured to manage uploading and exporting of a file, so that the uploaded file can be exported to a local electronic device, as shown in fig. 2. The technical scheme in the embodiment is mainly used for improving the security of file uploading and exporting.

Specifically, the method in this embodiment may include the following steps:

step 601, obtaining a random storage directory corresponding to each third file corresponding to the first file in response to the export request for the first file.

The plurality of third files are obtained by encrypting and dividing the first file, and the method for obtaining the third file may refer to the foregoing embodiments, which are not described in detail herein.

Specifically, in step 601, according to the export code in the export request, the random storage directory corresponding to the export code may be queried in the database, so as to obtain the random storage directory corresponding to each third file corresponding to the first file, for example, opt/data/string1,/opt/data/string 2,/opt/data/stringN.

Step 602, reading each third file from a storage server corresponding to the desktop cloud according to the random storage directory.

The storage server is a server allocated to a unit or department to which the uploading request person belongs, and is used for providing storage service for all persons under the unit or department.

Step 603, merging the third files to obtain a second file.

In this embodiment, each third file may be combined according to an association relationship between random strings representing file names of the third files, such as an association relationship between 1 to N between string1, string2, and stringN, where the random strings are included in a random storage directory corresponding to each third file, so as to obtain the second file.

Step 604, transmitting the second file to a local electronic device, where the electronic device is configured to decrypt the second file to obtain the first file.

Specifically, the electronic device may query the database for an encryption key corresponding to the derived code in the derived request, and then decrypt the second file using the queried encryption key to obtain the first file, i.e. the original file.

By means of the technical scheme, in the file export control method of the desktop cloud, the file to be uploaded can be encrypted and segmented in response to the file uploading request, so that the segmented files are respectively stored in corresponding storage positions in the storage server according to corresponding random storage catalogues. Thus, the files can be exported from the storage server to the local electronic device in response to the export request, and when a user needs to export the files to the local electronic device, each file can be read according to the random storage directory and then merged, and then transmitted to the local electronic device for decryption. Therefore, even if intercepted in the export process, the original file is not restored, and the security is improved.

The method for controlling file export of the desktop cloud provided by the embodiment of the application is introduced above, and a device for executing the method for controlling file export of the desktop cloud is introduced below.

Referring to fig. 7, a schematic structural diagram of a device for controlling file export of a desktop cloud according to an embodiment of the present application may be deployed on a management server deployed on the desktop cloud, where the management server is configured to manage uploading and exporting of files, so that the uploaded files can be exported to a local electronic device, as shown in fig. 2. The technical scheme in the embodiment is mainly used for improving the security of file uploading and exporting.

Specifically, the apparatus in this embodiment may include the following units:

A file encrypting unit 701, configured to encrypt a first file in response to an upload request for the first file, so as to obtain a second file;

A file dividing unit 702, configured to perform a dividing process on the second file, so as to obtain a plurality of third files and a random storage directory corresponding to each third file;

a file storage unit 703, configured to store the third files in corresponding storage positions in the storage servers corresponding to the desktop cloud according to the random storage directories corresponding to the third files;

Wherein the third file is for export from the storage server to a local electronic device in response to an export request for the first file.

By means of the technical scheme, in the file export control device of the desktop cloud, the uploading request of the file is responded, the file to be uploaded can be encrypted and segmented, the segmented files are respectively stored in the corresponding storage positions in the storage server according to the corresponding random storage catalogue, the files can be exported to the local electronic equipment from the storage server in response to the export request, the files are encrypted and segmented, and therefore the original files cannot be restored even if the files are illegally intercepted, and the file security is improved.

In one implementation manner, the file splitting unit 702 is specifically configured to split the second file according to the generated random number to obtain a plurality of third files, where the number of the third files is consistent with that of the random number, generate a corresponding random string for each third file, and create a random storage directory for the corresponding third file according to the random strings, where the random string is used as a file name of the third file in the random storage directory.

In one implementation, the apparatus in this embodiment may further include the following units, as shown in fig. 8:

an information recording unit 704, configured to record a file attribute corresponding to the first file into a database;

The file attribute at least comprises the random storage catalogue of each third file corresponding to the first file and a export code corresponding to the first file, wherein the export code is used for uniquely characterizing the first file.

In one implementation, the apparatus in this embodiment may further include the following units, as shown in fig. 9:

The approval processing unit 705 is configured to encrypt the first file in the file encryption unit 701 to obtain a file type corresponding to the first file before the second file is obtained, obtain an approval rule corresponding to the first file according to the file type, send an approval request to an approval device according to the approval rule to obtain an approval result fed back by the approval device according to the approval rule, and generate an export code for the first file when the approval result characterizes that the first file is allowed to be uploaded, where the export code is used for uniquely characterizing the first file.

The file types comprise any one of source code types, document types and installation package types, and approval rules corresponding to different file types are different.

In one implementation, the apparatus in this embodiment may further include the following units, as shown in fig. 10:

The file checking unit 706 is configured to calculate a current check code corresponding to the first file before the approval processing unit 705 obtains a file type corresponding to the first file, compare the current check code with a check code carried in the upload request to obtain a comparison result, if the comparison result indicates that the current check code is consistent with the check code carried in the upload request, execute the step of obtaining the file type corresponding to the first file, and if the comparison result indicates that the current check code is inconsistent with the check code carried in the upload request, send a prompt message to an upload device corresponding to the upload request, where the prompt message is used to prompt to re-upload the first file.

It should be noted that, the specific implementation manner of each unit in this embodiment may refer to the corresponding content in the foregoing, which is not described in detail herein.

Referring to fig. 11, a schematic structural diagram of a device for controlling file export of a desktop cloud according to an embodiment of the present application may be deployed on a management server deployed on the desktop cloud, where the management server is configured to manage uploading and exporting of a file, so that an uploaded file may be exported to a local electronic device, as shown in fig. 2. The technical scheme in the embodiment is mainly used for improving the security of file uploading and exporting.

Specifically, the apparatus in this embodiment may include the following units:

A directory obtaining unit 1101, configured to obtain, in response to a export request for a first file, a random storage directory corresponding to each third file corresponding to the first file, where the number of third files is multiple, and the third files are obtained by encrypting and splitting the first file;

The file reading unit 1102 is configured to read each third file from a storage server corresponding to the desktop cloud according to the random storage directory;

a file merging unit 1103, configured to merge the third files to obtain second files;

a file transmission unit 1104, configured to transmit the second file to a local electronic device, where the electronic device is configured to decrypt the second file to obtain the first file.

By means of the technical scheme, in the file export control device of the desktop cloud, the file to be uploaded can be encrypted and segmented in response to the file uploading request, so that the segmented files are respectively stored in corresponding storage positions in the storage server according to corresponding random storage catalogues. Thus, the files can be exported from the storage server to the local electronic device in response to the export request, and when a user needs to export the files to the local electronic device, each file can be read according to the random storage directory and then merged, and then transmitted to the local electronic device for decryption. Therefore, even if intercepted in the export process, the original file is not restored, and the security is improved.

In one implementation, the directory obtaining unit 1101 is specifically configured to query, according to the export code in the export request, a random storage directory corresponding to the export code in a database to obtain a random storage directory corresponding to each third file corresponding to the first file.

The embodiment of the present application further provides an electronic device, that is, the foregoing management server, as shown in fig. 12, including at least one processor 1201 and a memory 1202 connected to the processor 1201, where:

the memory is used for storing a computer program;

the processor is configured to execute the computer program, so that the electronic device can implement the method for controlling file export of the desktop cloud according to any of the embodiments.

The embodiment of the application also provides a computer program product, which comprises computer readable instructions, and when the computer readable instructions run on the electronic equipment, the electronic equipment is enabled to realize any of the file export control methods of the desktop cloud.

The embodiment of the application also provides a computer readable storage medium, which carries one or more computer programs, and when the one or more computer programs are executed by the electronic equipment, the electronic equipment can realize any of the desktop cloud file export control methods provided by the embodiment of the application.

The technical scheme of the application is illustrated as follows:

In a desktop cloud system, all data is stored on a cloud server, while no data is stored on the user's local device (i.e., the local electronic device in the foregoing). When a user needs to export data, an application must be made to a system administrator requesting access to the export data. After auditing and confirming the request of the user, the administrator opens corresponding export rights for the user, so that the user can operate and export the required data by himself.

In view of the above, the method mainly solves the problem of safety and controllability of the desktop cloud data export process, and ensures that the data safety is not leaked from the export process and the file storage process.

First, the present application aims to provide an innovative method for introducing an additional approval link in the data export process. The aim of the link is to further strengthen the security of the data and ensure that the data can be effectively prevented from being revealed and abused in the data export process. An approval link is added in the data export process so as to ensure that only authorized personnel can conduct data export operation.

In addition, in order to further improve the security in the data export process, the application adopts a random slicing technology to process the exported data (i.e. files). By dividing the data into a plurality of random fragments, it is difficult for an attacker to obtain complete data information even if the data is intercepted during transmission. The slicing technology can effectively improve the safety of data and prevent the data from being illegally acquired in the transmission process.

In addition, the application adopts a random path preservation mode for further enhancing the security of the data. This means that the derived data will be saved on a plurality of randomly generated paths instead of a fixed path. In this way, even if an attacker can acquire part of the data, it is difficult to track the complete data path, thereby further improving the security of the data.

Finally, the application encrypts the exported data in order to ensure the security of the data in the export process. By adopting advanced encryption algorithms, an attacker cannot interpret the data content even if the data is intercepted during transmission. The encryption mode can effectively prevent data from being illegally acquired and interpreted in the transmission process, so that the safety of the data is ensured.

In summary, the application provides a comprehensive method, which comprehensively enhances the security in the data export process by adding an approval link, adopting a random slicing technology, storing a random path and encrypting. By means of the measures, data leakage and abuse can be effectively prevented, and safety and integrity of data in the export process are ensured.

The file export system realized by the application consists of export services (ExportService) for users to conduct export applications, file servers (i.e. storage servers) of departments 1 to M, and export clients (exportClient) of files, wherein the file servers are determined according to the number of departments, and the deployment architecture is shown in figure 13.

A specific business process is shown in fig. 14. In this flow, the uploading user first submits the uploading application through the exporting client. The export service then scans the received uploaded file (i.e., the first file) to identify the file type. And carrying out approval decision by an approval leader according to approval rules corresponding to the file types. If the approval passes, the export service performs security processing on the uploaded file, such as encryption and segmentation, and the like, and stores the processed file in the corresponding file storage server. And finally, exporting the processed file (namely, the third file) through the export client.

The approval leaders consist of leaders of all levels of departments, and the hierarchy can be specified according to an organization structure. For example, the approval level may be 2 levels, a first level approver is the current lead-out applicant's superior lead, a second level approver is the superior lead, and so on, and an approver can only view data under own organization, and data between different departments cannot be viewed. The file servers for exporting data storage are independently deployed among departments and isolated from each other.

The specific file uploading process flow is shown in fig. 15, as follows:

In step 1501, the user accesses the export page through the browser and fills out the application form, which includes exporting file content (e.g., code file, mirror image ISO file), uploading the file a to be exported (i.e., the first file, the file a being compressed) and the MD5 value of the file.

In this embodiment, the files to be exported are packaged together into one file.

Step 1502, the export service (ExportService) performs MD5 verification on the uploaded file after receiving the upload application, so as to confirm whether the MD5 value of the file uploaded by the user is consistent with the MD5 value filled by the user. If not, notifying the user of resubmission. Meanwhile, in this embodiment, the name, the uploading application time, the file name, the MD5 value and the department name of the exporter may be recorded in the database. Wherein the department and exporter where the user is located have been set at system initialization.

In step 1503, the export service scans the decompressed file in detail, and examines the file type with emphasis, and records the file type identified after the file decompression operation, specifically, stores the file type in the database.

The file types mainly comprise an installation package type (such as rpm, deb, ISO types), a document type (such as doc, txt, pdf types) and a source code type (such as C language codes and java codes). In this embodiment, three approval rule sets, that is, an approval rule set of the installation package, an approval rule set of the source code, and an approval rule of the document type are defined according to the document type.

Specifically, in this embodiment, after the attribute of the object, that is, the file type is obtained, it is matched with the approval rule set. For example, the object type, i.e., the file type, may be acquired by a file command in this embodiment, as shown by the pdf document type in fig. 16, as shown by the source code type of the C language in fig. 17.

Step 1504, encrypting the file A by adopting an AES algorithm to generate an encrypted file B, thoroughly deleting the source file A after encryption, storing an encryption key in a database, and storing the key in an encryption mode.

Step 1505, generating 3-9 bit random number N by random algorithm, then dividing file B by dd command (i.e. tool provided by Linux system) to generate files B1, B2-BN, etc., after dividing, deleting original file B thoroughly.

The specific flow is as follows:

(1) Calling a module random of a random algorithm to generate a random number N;

(2) Calculating the size S of the segmented files, and calculating the size s1=S/N of each file;

(3) The file B is split, for example, by dd if=o of=o1bs=s1count=1, i.e., by the size of s 1. And storing N, O-ON in a database.

Step 1506, generating N8-bit strings by calling openssl (open source cryptographic tool kit), and creating N random storage directories using the strings, for storing corresponding segmented files, such as random1/B1, random2/B2 to randomN/BN, respectively.

The specific flow is as follows:

(1) Generating random N character strings (openssl rand-base 64 32) string1 and stringN by calling an openssl library;

(2) N directories, i.e.,/opt/data/string 1,/opt/data/stringN, are created using these strings for storing the corresponding files.

Wherein the complete storage path is/opt/data/string 1/O1,/opt/data/string 2/O2,/opt/data/stringN/ON.

And 1507, respectively transmitting the N files to a file storage server of a department where the user is located, and recording related information of random1/B1, random2/B2 to randomN/BN in a database.

Specifically, N folders are respectively transmitted to a file storage server of a department where a user is located, and the path information (i.e., a random storage directory) is sequentially updated to a database by recording/opt/data/string 1/O1,/opt/data/string 2/O2,/opt/data/stringN/ON in the database.

Step 1508, newly creating an approval node, and notifying a first-level approver (a superior leader) to approve, wherein the approval content comprises a file name, an export instruction and a scanning result. The first level approver will make decisions based on the derived application description and the auto-scan results filled in by the user.

After the approval of the first-level approver is passed, the approval flow is transferred to a second-level approver (higher first-level leader), and the second-level approver makes a decision according to the approval result and the application content of the first-level approver.

In step 1509, after the second level inspector passes the approval, the flow goes to the exporter node, and the corresponding export manager is notified, and in this embodiment, a 16-bit export code is generated (EScode).

The export code is based on the user login name (i.e. the user name of the uploading user), the application time and the export file name as input parameters, calls the bottom interface provided by the operating system, accesses the random number source to generate the random number, and updates the random number to the database, so that the export code is prevented from being predicted.

In step 1510, each process node informs the applicant, i.e. derives the user, by mail, that the mail content will contain the information of the decryption key (i.e. the decryption key matched with the encryption key) and the approval result.

The export process is as shown in fig. 18:

step 1801, the operator logs in to the specified virtual machine allocated by the desktop cloud by the export user, starts the export tool, namely the export client (ExportClient), and inputs the specified export code (EScode).

Step 1802, after receiving the request of ExportClient, the export service (ExportService) returns information about the export request to the client according to EScode, where the information mainly includes field information such as applicant's name, the number of divided files, and a file storage location, that is, a random storage directory.

Step 1803, the export client exports slice files such as service requests B1, B2 to BN according to the returned information (the random storage directory of the file, the number of file partitions).

And 1804, after the export service finishes downloading the slice files to the export client, the export client performs merging operation on the slice files such as B1, B2, BN and the like to form a new file B. And the slice file is thoroughly deleted from the virtual machine where the export client is located.

Step 1805, exporting the new file B from the virtual machine to a terminal, namely a local electronic device;

Step 1806, the terminal decrypts the file B according to the decryption key in the mail to obtain the file a.

The technical scheme of the application has the following advantages:

(1) According to the method, the user derived data are finely managed and controlled, meanwhile, the files are automatically scanned, effective decision judgment basis, namely approval rules are provided for derived approval personnel, for example, the user applies for deriving a document, meanwhile, the source code files are included, and the derived content is rapidly found to be inconsistent through automatic scanning;

(2) In the export process, the application encrypts and randomly divides the file and stores the file on a path which is randomly distributed, thereby ensuring that the data is difficult to be stolen even if the system is attacked.

(3) The application designs an approval mechanism, and when a user applies for export data, the user needs to be approved, and an approver can make a decision according to the detailed report and the risk assessment result provided by the application. In addition, each operation in the approval process is recorded to form a complete audit log so as to track afterwards and attribute responsibility;

(4) In order to cope with internal threats, the application designs a data isolation strategy. According to the role and the authority of the user, the exporter can be limited to only export the data of the department responsible for the exporter, so that the unauthorized operation of the internal personnel is effectively prevented.

It should be further noted that the above-described apparatus embodiments are merely illustrative, and that the units described as separate units may or may not be physically separate, and that units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. In addition, in the drawings of the embodiment of the device provided by the application, the connection relation between the modules represents that the modules have communication connection, and can be specifically implemented as one or more communication buses or signal lines.

From the above description of the embodiments, it will be apparent to those skilled in the art that the present application may be implemented by means of software plus necessary general purpose hardware, or of course by means of special purpose hardware including application specific integrated circuits, special purpose CPUs, special purpose memories, special purpose components, etc. Generally, functions performed by computer programs can be easily implemented by corresponding hardware, and specific hardware structures for implementing the same functions can be varied, such as analog circuits, digital circuits, or dedicated circuits. But a software program implementation is a preferred embodiment for many more of the cases of the present application. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a readable storage medium, such as a floppy disk, a usb disk, a removable hard disk, a ROM, a RAM, a magnetic disk or an optical disk of a computer, etc., comprising several instructions for causing a computer device (which may be a personal computer, a training device, a network device, etc.) to perform the method according to the embodiments of the present application.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product.

The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present application, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, training device, or data center to another website, computer, training device, or data center via a wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be stored by a computer or a data storage device such as a training device, a data center, or the like that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk (Solid STATE DISK, SSD)), etc.

Claims (10)

1. The file export control method of the desktop cloud is characterized by comprising the following steps of:

Encrypting a first file in response to an uploading request for the first file to obtain a second file;

dividing the second file to obtain a plurality of third files and random storage catalogues corresponding to the third files;

respectively storing the third files to corresponding storage positions in a storage server corresponding to the desktop cloud according to the random storage catalogues corresponding to the third files;

Wherein the third file is for export from the storage server to a local electronic device in response to an export request for the first file.

2. The method of claim 1, wherein the splitting the second file to obtain a plurality of third files and a random access directory corresponding to each third file comprises:

dividing the second file according to the generated random number to obtain a plurality of third files, wherein the number of the third files is consistent with the random number;

Generating a corresponding random character string for each third file respectively;

and creating a random storage catalog for the corresponding third file according to the random character string, wherein the random character string is used as the file name of the third file in the random storage catalog.

3. The method according to claim 1, wherein the method further comprises:

Recording file attributes corresponding to the first file into a database;

The file attribute at least comprises the random storage catalogue of each third file corresponding to the first file and a export code corresponding to the first file, wherein the export code is used for uniquely characterizing the first file.

4. The method of claim 1, wherein prior to encrypting the first file to obtain a second file, the method further comprises:

Obtaining a file type corresponding to the first file;

Obtaining an approval rule corresponding to the first file according to the file type;

according to the approval rule, an approval request is sent to an approval device to obtain an approval result fed back by the approval device according to the approval rule;

And generating a export code for the first file under the condition that the approval result characterization allows the first file to be uploaded, wherein the export code is used for uniquely characterizing the first file.

5. The method of claim 4, wherein the file type comprises any one of a source code type, a document type, and an installation package type;

Wherein, the approval rules corresponding to different file types are different.

6. The method of claim 4, wherein prior to obtaining the file type corresponding to the first file, the method further comprises:

Calculating a current check code corresponding to the first file;

comparing the current check code with the check code carried in the uploading request to obtain a comparison result;

if the comparison result indicates that the current check code is consistent with the check code carried in the uploading request, executing the file type corresponding to the obtained first file;

And if the comparison result indicates that the current check code is inconsistent with the check code carried in the uploading request, sending prompt information to uploading equipment corresponding to the uploading request, wherein the prompt information is used for prompting to re-upload the first file.

7. The file export control method of the desktop cloud is characterized by comprising the following steps of:

the method comprises the steps of responding to a export request aiming at a first file, obtaining a random storage directory corresponding to each third file corresponding to the first file, wherein the number of the third files is multiple, and the third files are obtained by encrypting and dividing the first file;

reading each third file from a storage server corresponding to the desktop cloud according to the random storage directory;

merging the third files to obtain a second file;

And transmitting the second file to local electronic equipment, wherein the electronic equipment is used for decrypting the second file so as to obtain the first file.

8. The method of claim 7, wherein obtaining a random access directory for each third file corresponding to the first file comprises:

and according to the export code in the export request, inquiring a random storage directory corresponding to the export code in a database to obtain a random storage directory corresponding to each third file corresponding to the first file.

9. A file export control device for a desktop cloud, the device comprising:

a file encrypting unit, configured to encrypt a first file in response to an upload request for the first file, so as to obtain a second file;

The file dividing unit is used for dividing the second files to obtain a plurality of third files and random storage catalogues corresponding to the third files;

The file storage unit is used for respectively storing the third files to corresponding storage positions in a storage server corresponding to the desktop cloud according to the random storage catalogues corresponding to the third files;

Wherein the third file is for export from the storage server to a local electronic device in response to an export request for the first file.

10. A file export control device for a desktop cloud, the device comprising:

The system comprises a catalog obtaining unit, a storage processing unit and a storage processing unit, wherein the catalog obtaining unit is used for responding to a export request for a first file and obtaining a random storage catalog corresponding to each third file corresponding to the first file;

The file reading unit is used for reading each third file from a storage server corresponding to the desktop cloud according to the random storage directory;

The file merging unit is used for merging the third files to obtain second files;

And the file transmission unit is used for transmitting the second file to local electronic equipment, and the electronic equipment is used for decrypting the second file so as to obtain the first file.