TWI637282B - System and method of controlling and limiting number of files access - Google Patents

Abstract

A system for limiting the number of files processed includes: a management terminal including a first processor, a file control unit and a database, the file control unit and the database are respectively coupled to the first processor; and at least one user Terminal, including a second processor, a storage unit and a file processing unit, the storage unit and the file processing unit are respectively coupled to the second processor; wherein the file control unit is used to restrict at least one client from copying files , Number of deleted files, or moved files.

Description

System and method for controlling and limiting file access quantity

The present invention relates to a file access control technology, and more particularly, to a system and method for controlling and limiting file operation records and file access numbers, in which a management terminal can perform file access numbers on a specific client Control and restrictions.

With the development of computer technology, modern people use computers as an important tool whether they are at work, study or other applications. Therefore, in modern life, whether it is homes, schools, government agencies, military, commercial organizations or other various units, a large number of electronic files are being generated every day. Many of them contain important confidential documents, including military secrets, trade secrets, test information, and more. In addition, due to the development of the Internet, the development of various wired / wireless networks and the application of storage devices, the confidentiality of these electronic files has become quite difficult. Because the operating system of modern computers can accommodate multiple groups of user accounts, or sharing by web servers, it is necessary to distinguish between various documents with different levels of confidentiality when multiple users share at the same time.

In addition, traditional electronic archives have multiple methods of confidentiality. The most common is to use software programs to set users based on the creator of the file or use groups to grant specific permissions when storing electronic files. When the electronic file is opened, it is determined whether the user or the use group has given permission to process the file according to the user name and password. Unauthorized users or user groups will not be able to process electronic files to prevent leakage of confidential electronic files.

The above electronic file storage process is to first select whether to set the use permission when the electronic file is stored. If not, then archive directly; if so, first set up users or use groups, and then set usage rights to complete the electronic file archiving process. Furthermore, the electronic file opening process is a software program that first determines whether the opener is the file producer when opening the electronic file. If it is, then directly open and execute the operation; if not, determine whether it is a recognized user or use group; if so, open the electronic file and perform the operation according to the permissions granted; if not, refuse to open.

Readers should be able to understand that the encryption of electronic files Several related details. For example, the types of files to be encrypted, the encryption method or encryption rules used, the allowed users and their permission settings, the encryption level of the files, the actions that trigger automatic encryption of the files, etc. Today, encrypted files will have different settings and practices based on different usage occasions and situations. For example, in some cases, the scope of control over the authority of confidential documents is not limited to relevant personnel within the enterprise, but may also need to be circulated and published outside the enterprise. For example, when a company wants to publicize its newly launched, undisclosed product, project, circuit layout, or institutional design to customers, it is inevitable that its confidential files or documents must be opened and published on the client device. It may be handed over to a client for promotion or presentation by business personnel. At this time, the company's management information system (Management Information System: MIS) must encrypt the confidential file and open the business personnel to access the confidential file. In addition, certain confidential files are important to the company's important information, such as the company's research and development results, business secrets, financial status, or customer information. Once such information is leaked, it will cause irreparable damage to the company. Therefore, a strict encryption control mechanism must be adopted for such files. However, for the encryption of electronic files, the industry currently lacks a system structure that can classify various file encryption items, including encryption and decryption methods and methods, and permission settings, to facilitate the operation of applications by managers and users.

As mentioned earlier, the conventional techniques are all about protecting files by encrypting them with a password set by the user. However, there are no further restrictions on the control of the number of files and the protection of the files themselves. Therefore, the effects of file protection and control of the number of files cannot be effectively achieved.

In view of the shortcomings of the above-mentioned conventional technologies, the present invention provides a new method for controlling and limiting the number of file accesses to overcome the above shortcomings.

The present invention provides a system for limiting the number of files processed, including: a management terminal including a first processor, a file control unit, and a database; the file control unit and the database are respectively coupled to the first processor; and At least one client includes a second processor, a storage unit, and a file processing unit. The storage unit and the file processing unit are respectively coupled to the second processor. The file control unit is used to limit at least one user. Number of files copied, deleted or moved.

According to an aspect of the present invention, the management terminal further includes a first network coupling interface coupled to the first processor.

According to an aspect of the present invention, the at least one client further includes a second network coupling interface coupled to the second processor, wherein the first network coupling interface communicates with the second network through a network. Road coupling interface.

According to another aspect of the present invention, the at least one client further includes a web browser for browsing files.

According to another aspect of the present invention, the database is used to store account data of at least one client and data of a plurality of files.

According to another aspect of the present invention, the file control unit is configured to set or edit account data and a plurality of file quantity data stored in a database.

According to an aspect of the present invention, the file control unit is configured to monitor a user log of at least one client to obtain the number of files copied, deleted, or moved by the at least one client.

According to an aspect of the present invention, the number of copied files, deleted files, or moved files of the at least one client can be obtained through processing by the file processing unit.

According to one aspect of the present invention, when the number of files copied, deleted, or moved by one of the at least one client reaches or exceeds a predetermined value or threshold set by the file control unit, the system prohibits or warns the Copy, delete, or move files from at least one of the clients.

These advantages and other advantages will make the reader understand the present invention clearly from the description of the following preferred embodiments and the scope of patent application.

10‧‧‧Management System

100‧‧‧Management (server)

110‧‧‧processing unit

120‧‧‧File control unit (module)

125‧‧‧Internet

130‧‧‧Database

132‧‧‧Account Information

134‧‧‧File number data

136‧‧‧File ID

140‧‧‧ network coupling interface

200‧‧‧Client (user device)

210‧‧‧processing unit

220‧‧‧Storage unit

222‧‧‧Archives

224‧‧‧File ID

230‧‧‧File processing unit (module)

240‧‧‧ network coupling interface

250‧‧‧ web browser

The detailed description of the present invention and the schematic diagrams of the embodiments described below should make the present invention more fully understood; however, it should be understood that this is only used as a reference for understanding the application of the present invention, rather than limiting the present invention to a specific implementation. Example.

The first figure shows a schematic diagram of a file access quantity management system according to an embodiment of the present invention; the second figure shows a database in a server database of the file access quantity management system according to an embodiment of the present invention Schematic diagram of the correspondence between account information, file number, and file identification code.

The present invention will be described in detail herein with regard to specific embodiments of the invention and their perspectives. Such descriptions are intended to explain the structure or flow of steps of the present invention, and are intended to be illustrative and not to limit the scope of patent application of the present invention. Therefore, in addition to the specific embodiments and preferred embodiments in the description, the present invention also It can be widely implemented in other different embodiments.

The first figure shows a schematic diagram of a system for managing, controlling, and restricting the number of file accesses according to an embodiment of the present invention. The invention discloses a management system for file use and access to manage the number of files accessed by users. Referring to the first figure, in a preferred embodiment of the present invention, the file access quantity management system 10 of the present invention includes at least one client (user-end device) 200, such as a personal computer, a notebook computer, and a personal digital assistant. (PDA), management terminal (server) 100, and network 125. The network 125 includes, but is not limited to, a wired network, such as various types of networks such as a local area network (LAN), the Internet, a virtual private network (VPN), or a wireless network. Such as a wireless local area network (WLAN). The above-mentioned wired network input / output interface may be a universal serial bus (USB) or IEEE 1394. The above wireless LAN modules include Bluetooth-compatible modules, Wi-Fi-compatible modules, or 802.11x-compatible modules, where x can be a, b, g, or n . In another example, the wireless LAN module may be compatible with the specifications of Worldwide Interoperability for Microwave Access (WiMAX).

In one embodiment of the present invention, the client (user-end device) 200 includes a processing unit (processor) 210, a storage unit 220, a file processing unit (module) 230, and a network coupling interface 240. The storage unit 220, the file processing unit 230, and the network coupling interface 240 are respectively coupled to the processing unit 210. The client 200 further includes a web browser 250. The storage unit 220 is configured to store a plurality of files 222. In one embodiment, the storage unit 220 may be used to store a plurality of File IDs 224. For example, each file 222 is accompanied by a unique file identification number 224. The storage unit 220 may include a memory. The memory includes a read-only memory (ROM), a random access memory (RAM), and / or a nonvolatile flash memory (nonvolatile FLASH memory). ). The file processing unit 230 is used for processing each file. The processing of files described here includes, but is not limited to, reading, writing, copying, deleting, or moving files .. etc. In one embodiment of the present invention, the file processing unit 230 may be implemented by software. The network coupling interface 140 may be coupled to the network 125. The network coupling interface 240 may also be coupled to the network 125. Through the network 125, the network coupling interface 240 can communicate with the network coupling interface 140.

The network coupling interface 140 includes a wired network coupling interface or a wireless network coupling interface. The network coupling interface 240 also includes a wired network coupling interface or a wireless network coupling interface. The present invention will allow users to select an appropriate wireless module for processing files, such as performing file access. For example For example, if a user wants to perform file access via WiFi or WiMax, the method includes coupling to the Internet or an access point, and then activating the file processing unit 230 for file access. Browser 250 to browse files. The web browser 250 is, for example, a network neighborhood. Open Network Neighborhood 250 in the client 200. You can see other clients 200 and / or servers 100 on the local network in the window. Universal Plug and Play (UPnP) is installed on the local area network. All file identifiers in other clients 200 and / or server 100 will appear in Network Neighborhood 250. In the network neighborhood 250 of the client 200, the user can use the file processing unit 230 to determine the file identifiers displayed in the network neighborhood 250 in other clients 200 and / or the server 100: Save (retrieve) an access file, copy a file, delete a file, move a file, create a file or rename a file, or Set the file.

In an embodiment of the present invention, as shown in the first figure, the management terminal (server) 100 includes a processing unit (processor) 110, a file control unit (module) 120, a database 130, and a network coupling interface. 140. The file control unit 120, the database 130, and the network coupling interface 140 are respectively coupled to the processing unit 110. The management terminal (server) 100 is coupled to the network 125 through the network coupling interface 140 to further couple to the client 200 through the network coupling interface 240. The database 130 is used to store a plurality of user account data 132, a plurality of corresponding file number data 134, and a plurality of file identification codes 136. The database 130 can be used as an electronic filing cabinet to store electronic files. Users can perform operations such as adding, retrieving, copying, updating, and deleting the data in these electronic files. In addition, the database 130 refers to a data set that is stored together in a certain manner, can be shared by multiple clients 200, has the least redundancy, and is independent of the applications.

The file control unit 120 of the management terminal (server) 100 is used to set or edit the account data 132, file quantity data 134, and file identification code 136 stored in the database 130. For example, the file control unit 115 can be used to edit (e.g., delete, change or add) the account data 132, file number data 134, and file identification data 136 stored in the database 130, or it can be used to set and edit those accounts Schedule of data 132, file quantity data 134, and file identification code 136. The file quantity data 134 is, for example, for recording or counting the number of files accessed, copied, deleted, or moved by each account data 132. The network coupling interface 240 is used for coupling to the network 125. The network coupling interface 240 includes a wired network coupling interface or a wireless network coupling interface.

As shown in the second figure, in one embodiment, the file control unit 120 can be used to repair Modify or edit the number of files accessed, copied, deleted, or moved by each account data 132, for example, by modifying or editing parameters. In addition, the file control unit 120 can also limit the maximum number of files accessed, copied, deleted, or moved by each account data 132. For one embodiment, the file control unit 120 of the management terminal (server) 100 is used to monitor the user log of the user terminal 200 of each account to obtain the number of files copied, deleted or moved. The user log contains file number data 134 and a file identification code 136.

The user log analysis mainly analyzes the log files generated by the computer to understand the operation status of the information system. Log files are usually recorded inside the computer in a specific format, so they are also called computer logs. They are of various types and different uses, such as: copy log files, delete log files ), Move log files, request log files, manager log files, access log files, error log files, reference logs Referral log files, agent log files, etc. Log analysis is a tool for system personnel to monitor the use of information systems, and log files can provide information about users, such as: time of use, type of data used, browsing mode, etc.

In another embodiment, the number of files copied, deleted or moved is obtained directly from the file processing unit 230 of the client 200 of each account. Here, the number of file processing refers to the number of single executions of the action or the total number of multiple executions of the action.

In the example of copying files in the account data 132, file 1, file 2, file 3 ... file N, file M in the second figure represent files copied by the client 200 of the account 1 and the client 200 of the account 2 . In the file manager or other folders, the client 200 of the account 1 copies file 1, file 2, file 3 ... file N, and stores it in the storage unit 220 (for example, in the disk path D: ). Among the limitation and protection mechanism of the number of file copies, for example, it is limited and protected by the file control unit 120 of the first figure. For example, when the number of files N copied by the client 200 of the account 1 reaches or exceeds a predetermined value or threshold value set by the file control unit 120, the system prohibits the files of the client 200 of the account 1 Copy action so that it can no longer copy files. In another example, when the number of files N copied by the client 200 of the account 1 reaches a predetermined value set by the file control unit 120, the system first issues a warning signal to warn the files copied by the client 200 of the account 1 There are too many. In another example, when the number of files N copied by the client 200 of the account 1 reaches a predetermined value set by the file control unit 120, the system first issues a prohibition or alarm. The notification signal informs the client 200 of the account 1 that the file cannot be copied again; and the client 200 of the account 1 applies to the system to allow it to copy a certain number of files. The client 200 of the account 2 has copied the file 1, the file 2, the file 3 ... the file M, and the mechanism for copying the files is the same as that of the client 200 of the account 1, and detailed descriptions thereof are omitted.

In addition, in the example in which the account data 132 executes the mobile file, the file 1, file 2, file 3 ... file N, file M in the second figure indicates that the client 200 of the account 1 and the client 200 of the account 2 are moved. File. In the file manager or other folders, the client 200 of the account 1 moves file 1, file 2, file 3 ... file N, and the moved files are stored in the storage unit 220 (for example, stored in Disk path D :). Among the limitation and protection mechanisms of the number of file movements, for example, the file control unit 120 in the first figure is used to limit and protect. For example, when the number of files N moved by the client 200 of the account 1 reaches or exceeds a predetermined value or threshold value set by the file control unit 120, the system prohibits the files of the client 200 of the account 1 Move action so that it can no longer move files. In another example, when the number of files N moved by the client 200 of the account 1 reaches a predetermined value set by the file control unit 120, the system first issues a warning signal to warn the number of files moved by the client 200 of account 1 Too much. In another example, when the number of files N moved by the client 200 of the account 1 reaches a predetermined value set by the file control unit 120, the system first issues a prohibition or warning signal to inform the client 200 of the account 1 It is no longer possible to move files; while the client 200 with account number 1 applies to the system, it may be allowed to move a certain number of files. The client 200 of the account 2 moves the file 1, the file 2, the file 3 ... the file M. The mechanism of moving the file is the same as that of the client 200 of the account 1, and detailed descriptions thereof are omitted.

Furthermore, in the example of deleting files in the account data 132, file 1, file 2, file 3 ... file N, file M in the second figure represent the client 200 of account 1 and the client 200 of account 2. Deleted files. In the file manager or other folders, the client 200 of the account 1 deletes file 1, file 2, file 3 ... file N. Among the limitation and protection mechanisms for the number of deleted files, for example, the file control unit 120 in the first figure is used to limit and protect. For example, when the number of files N deleted by the client 200 of the account 1 reaches or exceeds a predetermined value or threshold value set by the file control unit 120, the system prohibits the files of the client 200 of the account 1 Delete action so that it can no longer delete files. In another example, when the number of files N deleted by the client 200 of the account 1 reaches a predetermined value set by the file control unit 120, the system first issues a warning signal to warn the number of files deleted by the client 200 of account Too much. In another example, When the number of files N deleted by the client 200 of the account 1 reaches a predetermined value set by the file control unit 120, the system first issues a prohibition or warning signal to inform the client 200 of the account 1 that the files cannot be deleted again; The client 200 of 1 applies to the system, and then it can allow it to delete a certain number of files. The client 200 of the account 2 deletes the file 1, the file 2, the file 3 ... the file M, and the mechanism for deleting files is the same as that of the client 200 of the account 1, and detailed descriptions thereof are omitted.

Therefore, through the protection process and system of file processing in this case, users can restrict access to a file or electronic file, copy, delete or move on a specific host. In addition, the control mechanism of files can be strengthened to increase the protection of files and the flexibility of file processing.

In the system and method for managing, controlling, and limiting the number of file accesses of the present invention, a specific type or part thereof can be included in the physical media as a code type, such as: a floppy disk, an optical disk, or a hard disk. Or any other machine-readable (eg, computer-readable) storage medium; wherein when the code is loaded and executed by a machine, such as a computer, this machine becomes a device for implementing the present invention. The method and device of the present invention can also be transmitted in code form through some transmission media, such as: wire or cable, optical fiber, or any transmission type, wherein when the code is received, loaded, and executed by a machine, such as a computer At this time, the machine becomes a device for implementing the present invention. When implemented on a general-purpose processor, the code in combination with the processor provides a unique device that operates similarly to application-specific logic circuits.

In addition to the descriptions here, different improvements that can be achieved by the examples and implementations described in the present invention should be covered in the scope of the present invention. Therefore, the above description is a preferred embodiment of the present invention. Those skilled in the art should understand that it is used to explain the present invention and not to limit the scope of the patent rights claimed by the present invention. The scope of its patent protection shall depend on the scope of the attached patent application and its equivalent fields. Anyone skilled in this field can make changes or modifications without departing from the spirit or scope of this patent, which belong to the equivalent changes or designs made in the spirit disclosed by the present invention, and should be included in the scope of patent application described below. Inside.

Claims (10)

A system for limiting the number of files processed includes: a management terminal including a first processor, a file control unit, and a database, the file control unit and the database are respectively coupled to the first processor; and at least A client includes a second processor, a storage unit, and a file processing unit. The storage unit and the file processing unit are respectively coupled to the second processor. The file control unit is used to limit the at least The number of files copied, deleted, or moved by a client. When the number of files copied, deleted, or moved by a client reaches a predetermined value, the client can apply to the system for permission to copy, delete, or a certain number of files. . The system for limiting file processing quantity according to claim 1, wherein the management end further includes a first network coupling interface coupled to the first processor. The system for limiting file processing quantity according to claim 2, wherein the at least one client further includes a second network coupling interface coupled to the second processor, wherein the first network coupling interface passes through a network To communicate with the second network coupling interface. The system for limiting the number of files processed as described in claim 1, wherein the at least one client further includes a web browser for browsing files. The system for limiting the number of files processed as described in claim 1, wherein the database is used to store account data of the at least one client and a plurality of file data. The system for limiting the number of files processed as described in claim 5, wherein the file control unit is used to set or edit the account data and the plurality of file data stored in the database. The system for limiting the number of files processed according to claim 1, wherein the file control unit is configured to monitor a user log of the at least one client to obtain the number of files copied, deleted, or moved by the at least one client . The system for limiting the number of files processed as described in claim 1, wherein the number of files copied, deleted or moved by the at least one client can be obtained through processing by the file processing unit. The system for limiting the number of files processed as described in claim 1, wherein when the number of files copied, deleted, or moved by one of the at least one client reaches or exceeds a predetermined value or threshold set by the file control unit Value, the system prohibits one of the at least one client from copying a file, deleting a file, or moving a file. The system for limiting the number of files processed as described in claim 1, wherein when the number of files copied, deleted, or moved by one of the at least one client reaches or exceeds a predetermined value or threshold set by the file control unit Value, the system warns one of the at least one client to copy files, delete files, or move files.