CN117729024A - Method, server and system for processing internet and internet files - Google Patents
Method, server and system for processing internet and internet files Download PDFInfo
- Publication number
- CN117729024A CN117729024A CN202311740586.0A CN202311740586A CN117729024A CN 117729024 A CN117729024 A CN 117729024A CN 202311740586 A CN202311740586 A CN 202311740586A CN 117729024 A CN117729024 A CN 117729024A
- Authority
- CN
- China
- Prior art keywords
- file
- server
- processed
- detection result
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012545 processing Methods 0.000 title claims abstract description 121
- 238000000034 method Methods 0.000 title claims abstract description 73
- 238000001514 detection method Methods 0.000 claims abstract description 201
- 241000700605 Viruses Species 0.000 claims abstract description 34
- 238000003672 processing method Methods 0.000 claims abstract description 8
- 238000012795 verification Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 14
- 238000004891 communication Methods 0.000 description 8
- 230000003993 interaction Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 238000004590 computer program Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000012216 screening Methods 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Abstract
The embodiment of the application relates to the technical field of file processing, and discloses an internal and external network file processing method, a server and an internal and external network file processing system, wherein the method comprises the following steps: receiving a file to be processed, generating a file identifier according to the file to be processed, encrypting the file to be processed according to a secret key, storing the encrypted file to be processed in a second server arranged in an internal network, sending a file processing request to a third server arranged in the internal network, enabling the third server to acquire the encrypted file to be processed from the second server, decrypting the encrypted file to be processed, detecting the encrypted file to be processed, receiving a detection message sent by the third server, and processing the file to be processed according to a first detection result carried by the detection message. By means of the method, the file to be processed is detected through the third server, damage to the internal network caused by illegal files is prevented, and risks of viruses, hacking software attacks and the like are reduced.
Description
Technical Field
The embodiment of the application relates to the technical field of file processing, in particular to an internal and external network file processing method, a server and an internal and external network file processing system.
Background
In the practical application scenario, the internal network generally prohibits direct intercommunication with the external network due to the security regulations of the internal file and the problem that the security of the external file cannot be guaranteed. When file processing is required between the internal network and the external network, the file to be processed is often detected by a manual detection method, and the file to be processed is processed according to the detection result.
The method for processing the files on the internal and external networks cannot completely ensure the safety of the files to be processed, and cannot ensure the processing speed and the stability when the number of the files to be processed is too large.
Disclosure of Invention
In view of the above problems, embodiments of the present application provide a method, a server, and a system for processing internet and intranet files, which are used for solving the above problems in the prior art.
According to a first aspect of an embodiment of the present application, there is provided a method for processing an intranet file, applied to a first server, where the first server is disposed in an external network, the method includes:
receiving a file to be processed;
generating a corresponding file identifier according to the file to be processed;
encrypting the file to be processed according to a pre-generated secret key, and storing the encrypted file to be processed to a second server, wherein the second server is arranged in an internal network;
Sending a file processing request to a third server, wherein the file processing request comprises the file identifier, the encrypted storage address information of the to-be-processed file and a secret key, so that the third server obtains the encrypted to-be-processed file from the second server according to the encrypted storage address information of the to-be-processed file and the file identifier, decrypts the encrypted to-be-processed file, and then detects the encrypted to-be-processed file, and the third server is arranged in an internal network;
receiving a detection message sent by the third server, wherein the detection message carries the file identifier and a first detection result;
and processing the file to be processed according to the first detection result.
In an optional manner, the first detection result is a virus killing result, and the processing the file to be processed according to the first detection result specifically includes:
if the first detection result is not passed, deleting the file to be processed in the second server according to the file identifier;
if the first detection result is passed, detecting the content of the file to be processed to obtain a second detection result, and processing the file to be processed according to the second detection result.
In an optional manner, the processing the file to be processed according to the second detection result specifically includes:
if the second detection result is not passed, deleting the file to be processed in the second server according to the file identifier;
and if the second detection result is passed, acquiring the file grade of the file to be processed.
According to a second aspect of embodiments of the present application, there is provided an intranet and extranet file processing method applied to a third server, where the third server is disposed in an intranet, the method including:
receiving a file processing request sent by a first server, wherein the file processing request comprises a file identifier, encrypted storage address information of a file to be processed and a secret key, the first server is arranged on an external network, and the file identifier and the secret key are generated by the first server;
acquiring an encrypted file to be processed from a second server according to the storage address information of the encrypted file to be processed and the file identifier, wherein the encrypted file to be processed is encrypted by the first server according to the key generated in advance, the encrypted file to be processed is stored in the second server, and the second server is arranged in an internal network;
Decrypting the encrypted file to be processed according to the secret key to obtain the file to be processed;
detecting the file to be processed to obtain a first detection result;
and sending a detection message to the first server, wherein the detection message carries the file identifier and the first detection result, so that the first server processes the file to be processed according to the first detection result.
According to a third aspect of embodiments of the present application, there is provided a server provided to an external network, the server including:
the receiving unit is used for receiving the file to be processed;
the processing unit is used for generating a corresponding file identifier according to the file to be processed, encrypting the file to be processed according to a pre-generated key, and storing the encrypted file to be processed to a second server, wherein the second server is arranged in an internal network;
a sending unit, configured to send a file processing request to a third server, where the file processing request includes the file identifier, encrypted storage address information of the to-be-processed file, and a key, so that the third server obtains the encrypted to-be-processed file from the second server according to the encrypted storage address information of the to-be-processed file and the file identifier, decrypts the encrypted to-be-processed file, and then detects the encrypted to-be-processed file, where the third server is set in an internal network;
The receiving unit is further configured to receive a detection message sent by the third server, where the detection message carries the file identifier and the first detection result;
the processing unit is further configured to process the file to be processed according to the first detection result.
In an alternative mode, the first detection result is a virus killing result;
the processing unit is further configured to detect content of the file to be processed when the first detection result is passing, so as to obtain a second detection result;
when the second detection result is passing, acquiring the file grade of the file to be processed;
and deleting the file to be processed in the second server according to the file identifier when the first detection result is not passed or the second detection result is not passed.
According to a fourth aspect of embodiments of the present application, there is provided a server disposed in an internal network, the server including:
the receiving unit is used for receiving a file processing request sent by a first server, wherein the file processing request comprises a file identifier, storage address information of an encrypted file to be processed and a key, and the file identifier and the key are generated by the first server;
The processing unit is used for acquiring the encrypted file to be processed from a second server according to the storage address information of the encrypted file to be processed and the file identifier, the encrypted file to be processed is encrypted by the first server according to the key generated in advance, the encrypted file to be processed is stored in the second server, and the second server is arranged in an internal network and decrypts the encrypted file to be processed according to the key to obtain the file to be processed;
the processing unit is further used for detecting the file to be processed to obtain a first detection result;
and the sending unit is used for sending a detection message to the first server, wherein the detection message carries the file identifier and the first detection result, so that the first server processes the file to be processed according to the first detection result.
According to a fifth aspect of embodiments of the present application, there is provided an intranet and extranet document processing system, the system comprising: the system comprises a first server, a second server and a third server;
the first server is arranged on an external network, and the second server and the third server are respectively arranged on an internal network;
The first server is used for receiving a file to be processed and generating a corresponding file identifier according to the file to be processed; encrypting the file to be processed according to a pre-generated secret key, and storing the encrypted file to be processed to the second server; sending a file processing request to the third server, wherein the file processing request comprises the file identifier, the encrypted storage address information of the file to be processed and a secret key;
the third server is configured to receive the file processing request sent by the first server, obtain the encrypted file to be processed from the second server according to the encrypted storage address information of the file to be processed and the file identifier, and decrypt the encrypted file to be processed according to the key to obtain the file to be processed; detecting the file to be processed to obtain a first detection result, and sending a detection message to the first server, wherein the detection message carries the file identifier and the first detection result;
the first server is further configured to receive a detection message sent by the third server, and process the file to be processed according to the first detection result.
In an alternative mode, the first detection result is a virus killing result;
the first server is further configured to detect content of the file to be processed when the first detection result is passing, so as to obtain a second detection result;
when the second detection result is that the file passes, acquiring the file grade of the file to be processed;
and deleting the file to be processed in the second server according to the file identifier when the first detection result is not passed or the second detection result is not passed.
In an optional manner, the first server is further configured to obtain user login information, check the login information, and if the check is passed, detect the content of the file to be processed according to the user login information.
According to the method and the device for detecting the files to be processed through the third server, the damage of illegal files to the internal network is prevented, and risks of viruses, hacking software attacks and the like are reduced. The first server generates and stores the secret key, and the first completely stored encrypted file to be processed is used, so that the user can be prevented from bypassing the first server and directly downloading the file from the second server, and the safety of the file and the internal network environment is ensured. The third server detects the file to be processed, so that the safety of the file to be processed is guaranteed, and the third server detects the file to be processed more quickly. The second server and the third server are arranged in the internal network, so that the safety and the reliability of the detection process of the files to be processed are ensured.
The foregoing description is only an overview of the technical solutions of the embodiments of the present application, and may be implemented according to the content of the specification, so that the technical means of the embodiments of the present application can be more clearly understood, and the following detailed description of the present application will be presented in order to make the foregoing and other objects, features and advantages of the embodiments of the present application more understandable.
Drawings
The drawings are only for purposes of illustrating embodiments and are not to be construed as limiting the application. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
fig. 1 is a schematic diagram of an applicable scenario of an intranet and extranet file processing method according to an embodiment of the present application;
FIG. 2 shows a flowchart of a method for processing an intranet file according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating a method for processing an intranet file according to another embodiment of the present application;
fig. 4 shows a schematic structural diagram of a server according to an embodiment of the present application;
fig. 5 shows a schematic structural diagram of another server according to an embodiment of the present application;
FIG. 6 illustrates a system block diagram of an intranet and extranet file processing system provided by an embodiment of the present application;
FIG. 7 is a schematic diagram illustrating an interaction flow of an intranet and extranet file processing system according to an embodiment of the present disclosure;
FIG. 8 is a schematic diagram illustrating the structure of an intranet and extranet file processing system according to an embodiment of the present disclosure;
fig. 9 shows a schematic structural diagram of a server device provided in an embodiment of the present application.
Detailed Description
Exemplary embodiments of the present application will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present application are shown in the drawings, it should be understood that the present application may be embodied in various forms and should not be limited to the embodiments set forth herein.
In an actual application scenario, in order to ensure the security and stability of the internal network, it is often required to detect a file to be processed that is uploaded into the internal network. When the current internal network and the external network transfer files, the files are approved through paper application documents, and then information is transferred by means of storage devices such as optical discs and U discs. The inventor of the application notes that in order to improve efficiency, software can be used for file detection and transmission, files to be processed are scanned and uploaded through an online scanning method, and auditors manually detect the files to be processed uploaded into the software through logging in the software, so that the files are transmitted between an internal network and an external network.
The inventor of the application also notes that the above methods only adopt a manual detection method to detect the files to be processed, however, the manual detection method only can detect explicit security problems such as contents of the files to be processed, and can not detect whether the files to be processed carry viruses or not. In addition, when the number of files to be processed is too large, the manual detection method cannot process the files to be processed in time, so that the processing speed and stability of file processing cannot be guaranteed. In addition, when software is used for file detection and transmission, online scanning is needed to be carried out on the files to be processed, and the files to be processed have the risk of outward transmission during online scanning, so that the security of confidential files cannot be completely ensured.
In order to solve the above problems, the present inventors have conducted intensive studies and devised a method, a server and a system for processing an intranet and extranet file, which receive a file to be processed through a first server provided in an external network, encrypt the file to be processed, store the encrypted file to be processed in a second server provided in an internal network, and send a file processing request to a third server provided in the internal network, so that the third server obtains the encrypted file to be processed from the second server, and decrypt the encrypted file to be processed and then detect the encrypted file to be processed. The third server detects the file to be processed, so that the hidden safety problem of the file to be processed can be detected, and the third server has high processing speed and high stability. In addition, the second server and the third server are both arranged in the internal network, so that the safety of the detection process is further ensured.
Fig. 1 shows an applicable scenario schematic diagram of an intranet and extranet file processing method according to an embodiment of the present application.
The first server is disposed on an external network, and may be any type of electronic device, such as a server or a server cluster of a platform, hereinafter referred to as a first server, where the first server is used for processing a file to be processed. The second server is disposed in the internal network, and may be any type of electronic device, such as a server or a server cluster of a platform, and hereinafter collectively referred to as a second server, where the second server is used to store a file to be processed, and the second server can only upload or download the file, and cannot directly open or modify the file. The third server is configured and internal network, and may be any type of electronic device, such as a server or a server cluster of a platform, hereinafter collectively referred to as a third server, and the third server is configured to detect a file to be processed, so as to ensure security of the file to be processed.
An internal network refers to an internal local area network, that is, a set of computers interconnected by multiple computers within a certain area (or range). The internal network has a closed, i.e. computers located inside the local area network can communicate with each other and not with external network connections. In general, information entering the internal network from the external network needs to be identified and screened, so that the security of the internal network is ensured. In this embodiment of the present application, the first server disposed in the external network may communicate with other devices disposed in the external network, or may communicate with the second server and the third server disposed in the internal network. The second server and the third server provided in the internal network can communicate with each other, but do not communicate with other devices provided in the external network except the first server.
Fig. 2 shows a flowchart of a method for processing an intranet file according to an embodiment of the present application, where the method is performed by a first server, and the first server is disposed in an external network. The first server may be a server comprising one or more processors, which may be central processing units, CPUs, or ASICs (Application Specific Integrated Circuit, application specific integrated circuits), or one or more integrated circuits configured to implement embodiments of the present invention, without limitation. The one or more processors included by the server may be the same type of processor, such as one or more CPUs; but may be different types of processors such as, without limitation, one or more CPUs and one or more ASICs. According to a first aspect of an embodiment of the present application, as shown in fig. 2, the method comprises the steps of:
step 101: and receiving the file to be processed.
The file to be processed is a new file received by the first server, and may be various types of files, such as a text file type, a picture file format type, a video file format type, and the like. The file to be processed may be an internal file uploaded to the first server from an internal network, or an external file uploaded to the first server from an external network.
Step 102: and generating a corresponding file identifier according to the file to be processed.
After the file to be processed is uploaded to the first server, the first server generates a corresponding file identifier according to the file to be processed, wherein the file identifier has uniqueness and corresponds to the file to be processed one by one, and the first server can process the corresponding file to be processed according to the file identifier.
Step 103: encrypting the file to be processed according to the pre-generated secret key, and storing the encrypted file to be processed to a second server, wherein the second server is arranged in the internal network.
The key is generated and stored by the first server, the first server encrypts the file to be processed according to the key, and then stores the encrypted file to be processed to the second server, wherein the key can be an SSE-C key (the key is a server-side encryption key, and the key and the encrypted file are respectively stored in different servers). The first server generates a separate key for each file to be processed, which can be used for encryption and decryption, e.g., encryption of the file to be processed by the key, and decryption of the file to be processed by the key.
The second server may be a server comprising one or more processors, which may be a central processing unit, CPU, or ASIC, or one or more integrated circuits configured to implement embodiments of the present invention, without limitation. The one or more processors included by the server may be the same type of processor, such as one or more CPUs; but may be different types of processors such as, without limitation, one or more CPUs and one or more ASICs.
The second server is arranged in the internal network and is only used for storing files to be processed, the second server can be an object storage server, any file to be processed stored in the second server can not be directly opened or modified in the second server, and only the file can be uploaded or downloaded. In addition, the second server does not interact with other devices arranged on the external network except the first server, and the first server is required to upload or download the file or the decrypted file is required to be uploaded to or downloaded from the second server because the file needs to be encrypted and decrypted by using a key when the file is uploaded or downloaded and the key is generated and stored by the first server.
The files to be processed are encrypted according to the secret key, and the encrypted files to be processed are stored in the second server, so that the safety of the files to be processed is higher, even if the second server is invaded, the files with harm are uploaded to the second server or the files to be processed are downloaded and acquired, any file to be processed in the second server cannot be modified by the files with harm, and the safety of the files to be processed stored in the second server is guaranteed; even if the file to be processed is downloaded and acquired, the file to be processed is still encrypted, so that the leakage of the file to be processed is avoided, and the safety of the file to be processed is improved.
Step 104: and sending a file processing request to a third server, wherein the file processing request comprises a file identifier, storage address information of the encrypted file to be processed and a secret key, so that the third server obtains the encrypted file to be processed from a second server according to the storage address information of the encrypted file to be processed and the file identifier, decrypts the encrypted file to be processed, and then detects the encrypted file to be processed, and the third server is arranged in an internal network.
The third server is arranged in the internal network and used for detecting the files to be processed and only interacting with the first server and the second server. The third server may be a server comprising one or more processors, which may be a central processing unit, CPU, or ASIC, or one or more integrated circuits configured to implement embodiments of the present invention, without limitation. The one or more processors included by the server may be the same type of processor, such as one or more CPUs; but may be different types of processors such as, without limitation, one or more CPUs and one or more ASICs.
The first server and the third server realize interaction in an asynchronous communication mode of a message queue, namely when the first server sends a file processing request to the third server, the file processing request does not reach the third server immediately, but is stored in a container, and after a certain condition is met, the file processing request is sent to the third server by the container, and the container is the message queue. The file processing request may be a RabbitMQ message, where the RabbitMQ message adopts an AMQP (Advanced Message Queuing Protocol, advanced message queue protocol), where the AMQP is a network protocol for transmitting asynchronous messages between processes, and message interaction based on the protocol is not limited by conditions such as products and development languages, and the protocol is a binary protocol capable of providing asynchronous, safe and efficient message interaction.
The third server detects the file to be processed, so that the safety of the file to be processed is guaranteed, and the third server detects the file to be processed more quickly. The interaction between the first server and the third server is realized by adopting an asynchronous communication mode of the message queue, and when the concurrency of the file processing request is large, the third server can efficiently and orderly detect the file to be processed, so that the high efficiency and stability of the file processing process to be processed are ensured.
Step 105: and receiving a detection message sent by the third server, wherein the detection message carries the file identifier and the first detection result.
The first server determines the file to be processed according to the file identifier, and carries out different processing on the file to be processed according to the first detection result.
Step 106: and processing the file to be processed according to the first detection result.
Through the steps, the file processing process between the internal network and the external network is realized, the file to be processed is detected through the third server, the damage to the internal network caused by illegal files after being transmitted into the internal network is prevented, and the risks of hidden safety problems such as viruses, hacking software attacks and the like are reduced. The first server generates and stores the secret key, and the second server stores the encrypted file to be processed, so that the user is prevented from bypassing the first server and directly downloading the file from the second server, and the safety of the file and the internal network environment is ensured. The third server detects the file to be processed, so that the safety of the file to be processed is guaranteed, and the third server detects the file to be processed more quickly. Through the adoption of the AMQP, the information interaction between the first server and the third server is realized, and the high efficiency and the stability of the processing process of the file to be processed are ensured. The second server and the third server are arranged in the internal network, so that the safety and the reliability of the detection process of the files to be processed are ensured.
In order to prevent the file uploaded by the external network from containing the virus program such as Trojan horse, in some embodiments, the first detection result is a virus killing result, and step 106 specifically includes:
step a01: if the first detection result is not passed, deleting the file to be processed in the second server according to the file identifier.
The third server may be a Windows server, and the third server detects the file to be processed by calling a Windows Defender on the third server to obtain a first detection result. Windows Defender, also known as Microsoft Defender, is an antivirus program that can run on a Windows server and can scan files, programs, etc. on the Windows server to resist against threats such as viruses. The first detection result is a virus checking and killing result obtained by the third server through the Windows Defender in scanning detection of the files to be processed, if the first detection result is not passed, the first detection result indicates that the files to be processed have threats such as viruses, discarding the files to be processed is needed, namely deleting the files to be processed in the second server according to the file identifier. The third server is only used for detecting the files to be processed, and the files to be processed are deleted from the third server immediately after the detection is completed.
Step a02: if the first detection result is passed, detecting the content of the file to be processed to obtain a second detection result, and processing the file to be processed according to the second detection result.
The third server only performs virus killing detection on the file to be processed, and does not detect the content of the file to be processed, so that if the first detection result is passed, the file to be processed also needs to be detected.
In the above embodiment, by deleting the file to be processed, which does not pass through the first detection result, and performing content detection on the file to be processed, which passes through the first detection result, the file to be processed is not only subjected to virus checking and killing detection, but also subjected to content detection, so that the security of the file to be processed is greatly improved, and meanwhile, the file to be processed is subjected to preliminary screening through virus checking and killing detection, so that the workload of content detection is reduced, and the file processing speed is greatly improved. By firstly carrying out virus checking and killing detection and then carrying out content detection, the influence on the internal network caused by opening the files to be processed carrying the harm of viruses and the like is avoided, and the safety of other files to be processed in the internal network is further ensured. The third server is used for calling the offline Windows Defender to perform virus killing detection on the files to be processed, so that the files to be processed are prevented from affecting the internal and external networks in the process from uploading to virus killing detection, and meanwhile, the files to be processed are prevented from leaking in the detection process.
In some embodiments, step a02 specifically further comprises:
step b01: and if the second detection result is not passed, deleting the file to be processed in the second server according to the file identifier.
If the content detection result of the file to be processed is not passed, discarding the file to be processed, namely deleting the file to be processed from the second server.
Step b02: and if the second detection result is passed, acquiring the file grade of the file to be processed.
If the content detection result of the to-be-processed file is passing, the file grade of the to-be-processed file is obtained, the file grade is the rating of the file confidentiality grade, the higher the confidentiality grade of the to-be-processed file is, the higher the file grade is, the more complex and strict the downloading flow of the to-be-processed file with higher grade is according to the downloading flow matched with the file grade of the to-be-processed file, for example, the to-be-processed file with lower file grade can be directly downloaded, the to-be-processed file with higher file grade can be downloaded through approval, and the to-be-processed file with higher file grade can be downloaded through more-level approval.
According to the embodiment, the files to be processed are classified by acquiring the file grades, so that when the files to be processed are downloaded, different downloading flows are matched, and the more complex and strict downloading flows are used for the files to be processed with higher file grades, so that the security of the files to be processed with higher security grades is ensured, and the files to be processed with higher security grades are prevented from being leaked.
Fig. 3 is a flowchart of a method for processing an intranet file according to another embodiment of the present application, where the method is executed by a third server. The third server is disposed in the internal network and may be a server including one or more processors, which may be a central processing unit CPU, or an ASIC, or one or more integrated circuits configured to implement embodiments of the present invention, without limitation. The one or more processors included by the server may be the same type of processor, such as one or more CPUs; but may be different types of processors such as, without limitation, one or more CPUs and one or more ASICs. According to a second aspect of embodiments of the present application, as shown in fig. 3, the method comprises the steps of:
step 201: and receiving a file processing request sent by a first server, wherein the file processing request comprises a file identifier, encrypted storage address information of a file to be processed and a key, the first server is arranged in an external network, and the file identifier and the key are generated by the first server.
Step 202: and acquiring the encrypted file to be processed from the second server according to the storage address information and the file identifier of the encrypted file to be processed, encrypting the encrypted file to be processed by the first server according to a key generated in advance, and storing the encrypted file to be processed to the second server, wherein the second server is arranged in the internal network.
Step 203: and decrypting the encrypted file to be processed according to the secret key to obtain the file to be processed.
Step 204: and detecting the file to be processed to obtain a first detection result.
Step 205: and sending a detection message to the first server, wherein the detection message carries the file identifier and the first detection result, so that the first server processes the file to be processed according to the first detection result.
Through the steps, the file processing process between the internal network and the external network is realized, the file to be processed is detected through the third server, the damage to the internal network caused by illegal files after being transmitted into the internal network is prevented, and the risks of hidden safety problems such as viruses, hacking software attacks and the like are reduced. The first server generates and stores the secret key, and the second server stores the encrypted file to be processed, so that the user is prevented from bypassing the first server and directly downloading the file from the second server, and the safety of the file and the internal network environment is ensured. The third server detects the file to be processed, so that the safety of the file to be processed is guaranteed, and the third server detects the file to be processed more quickly. The second server and the third server are arranged in the internal network, so that the safety and the reliability of the detection process of the files to be processed are ensured.
According to a third aspect of the embodiments of the present application, based on the method for processing an intranet file provided by the foregoing embodiments, the embodiments of the present invention further provide a server, where the server has a function of implementing the first server in the foregoing method embodiments, and the function may be implemented by hardware, or may be implemented by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above. The modules may be hardware and/or software. The specific implementation of the server may be referred to the related description of the above method, and the repetition is not repeated. Specifically, as shown in fig. 4, fig. 4 shows a schematic structural diagram of a server provided in an embodiment of the present application, where the server may include:
a receiving unit 501, configured to receive a file to be processed;
the processing unit 502 is configured to generate a corresponding file identifier according to a file to be processed, encrypt the file to be processed according to a key generated in advance, and store the encrypted file to be processed to a second server, where the second server is disposed in the internal network;
a sending unit 503, configured to send a file processing request to a third server, where the file processing request includes a file identifier, storage address information of an encrypted to-be-processed file, and a key, so that the third server obtains the encrypted to-be-processed file from the second server according to the storage address information of the encrypted to-be-processed file and the file identifier, decrypts the encrypted to-be-processed file, and then detects the encrypted to-be-processed file, where the third server is set in the internal network;
The receiving unit 501 is further configured to receive a detection message sent by the third server, where the detection message carries a file identifier and a first detection result;
the processing unit 502 is further configured to process the file to be processed according to the first detection result.
Optionally, the first detection result is a virus killing result, and the processing unit 502 is further configured to detect content of the file to be processed when the first detection result is passing, so as to obtain a second detection result; when the second detection result is that the file passes, acquiring the file grade of the file to be processed; and deleting the file to be processed in the second server according to the file identifier when the first detection result is not passed or the second detection result is not passed.
According to the embodiment, the file to be processed is detected through the third server, so that the damage to the internal network caused by the illegal file after being transmitted into the internal network is prevented, and the risks of hidden safety problems such as viruses and hacking software attacks are reduced. The first server generates and stores the secret key, and the second server stores the encrypted file to be processed, so that the user is prevented from bypassing the first server and directly downloading the file from the second server, and the safety of the file and the internal network environment is ensured. The third server detects the file to be processed, so that the safety of the file to be processed is guaranteed, and the third server detects the file to be processed more quickly. The second server and the third server are arranged in the internal network, so that the safety and the reliability of the detection process of the files to be processed are ensured.
According to a fourth aspect of the embodiments of the present application, based on the method for processing an intranet file provided by the foregoing embodiments, the embodiments of the present invention further provide another server, where the server has a function of implementing the third server in the foregoing method embodiments, and the function may be implemented by hardware, or may be implemented by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above. The modules may be hardware and/or software. The specific implementation of the server may be referred to the related description of the above method, and the repetition is not repeated. Specifically, as shown in fig. 5, fig. 5 shows a schematic structural diagram of another server provided in an embodiment of the present application, where the server may include:
a receiving unit 701, configured to receive a file processing request sent by a first server, where the file processing request includes a file identifier, storage address information of an encrypted file to be processed, and a key, and the file identifier and the key are generated by the first server;
the processing unit 702 is configured to obtain an encrypted to-be-processed file from the second server according to the storage address information and the file identifier of the encrypted to-be-processed file, encrypt the encrypted to-be-processed file by the first server according to a key generated in advance, and store the encrypted to-be-processed file to the second server, where the second server is disposed in the internal network; decrypting the encrypted file to be processed according to the secret key to obtain the file to be processed;
The processing unit 702 is further configured to detect a file to be processed, so as to obtain a first detection result;
a sending unit 703, configured to send a detection message to the first server, where the detection message carries the file identifier and the first detection result, so that the first server processes the file to be processed according to the first detection result.
According to the embodiment, the file to be processed is detected through the third server, so that the damage to the internal network caused by the illegal file after being transmitted into the internal network is prevented, and the risks of hidden safety problems such as viruses and hacking software attacks are reduced. The first server generates and stores the secret key, and the second server stores the encrypted file to be processed, so that the user is prevented from bypassing the first server and directly downloading the file from the second server, and the safety of the file and the internal network environment is ensured. The third server detects the file to be processed, so that the safety of the file to be processed is guaranteed, and the third server detects the file to be processed more quickly. The second server and the third server are arranged in the internal network, so that the safety and the reliability of the detection process of the files to be processed are ensured.
Fig. 6 is a system block diagram of an intranet and extranet file processing system according to an embodiment of the present application, fig. 7 is a schematic diagram of an interaction flow of the intranet and extranet file processing system according to an embodiment of the present application, and according to a fifth aspect of an embodiment of the present application, an intranet and extranet file processing system is provided, as shown in fig. 6 and fig. 7, and includes a first server 100, a second server 200, and a third server 300.
The first server 100 is installed in an external network, and the second server 200 and the third server 300 are installed in an internal network, respectively.
The first server 100 is configured to receive a file to be processed, and generate a corresponding file identifier according to the file to be processed; encrypting the file to be processed according to the pre-generated key, and storing the encrypted file to be processed to the second server 200; a file processing request including a file identifier, storage address information of the encrypted file to be processed, and a key is transmitted to the third server 300.
The third server 300 is configured to receive a file processing request sent by the first server 100, obtain an encrypted file to be processed from the second server 200 according to the storage address information and the file identifier of the encrypted file to be processed, and decrypt the encrypted file to be processed according to the key to obtain the file to be processed; detecting the file to be processed to obtain a first detection result, and sending a detection message to the first server 100, wherein the detection message carries the file identifier and the first detection result.
The first server 100 is further configured to receive the detection message sent by the third server 300, and process the file to be processed according to the first detection result.
According to the embodiment, the file to be processed is detected through the third server, so that the damage to the internal network caused by the illegal file after being transmitted into the internal network is prevented, and the risks of hidden safety problems such as viruses and hacking software attacks are reduced. The first server generates and stores the secret key, and the second server stores the encrypted file to be processed, so that the user is prevented from bypassing the first server and directly downloading the file from the second server, and the safety of the file and the internal network environment is ensured. The third server detects the file to be processed, so that the safety of the file to be processed is guaranteed, and the third server detects the file to be processed more quickly. The second server and the third server are arranged in the internal network, so that the safety and the reliability of the detection process of the files to be processed are ensured.
In some embodiments, the first detection result is a virus killing result, and the first server 100 is further configured to detect the content of the file to be processed when the first detection result is a passing result, so as to obtain a second detection result; when the second detection result is that the file passes, acquiring the file grade of the file to be processed; and deleting the files to be processed in the second server 200 according to the file identifier when the first detection result is not passed or the second detection result is not passed.
In the above embodiment, by deleting the file to be processed, which does not pass through the first detection result, and performing content detection on the file to be processed, which passes through the first detection result, the file to be processed is not only subjected to virus checking and killing detection, but also subjected to content detection, so that the security of the file to be processed is greatly improved, and meanwhile, the file to be processed is subjected to preliminary screening through virus checking and killing detection, so that the workload of content detection is reduced, and the file processing speed is greatly improved. By firstly carrying out virus checking and killing detection and then carrying out content detection, the influence on the internal network caused by opening the files to be processed carrying the harm of viruses and the like is avoided, and the safety of other files to be processed in the internal network is further ensured.
Referring to the following description of a specific application example of the embodiment of the present application, as shown in fig. 7 and fig. 8, fig. 8 shows a schematic structural diagram of an intranet file processing system provided in the embodiment of the present application, where a file server is the first server, an object is stored as the second server, an automatic detection server is the third server, and an intranet file processing method includes:
the file server receives a file to be processed uploaded by a common user, performs SSE-C encryption on the file to be processed, stores the file to be processed in an object storage, and sends a file processing request to the rubbitmq after the file is successfully uploaded. After acquiring a file processing request from the rubbidmq, the automatic detection server automatically downloads a file to be processed from the object storage, decrypts the file to be processed according to the SSE-C key, invokes the local Windows Defender to detect the file to be processed, and issues a detection message containing a detection result to the rubbidmq after detection is completed. And the file server processes the file to be processed after obtaining the detection result from the rubbitmq.
The automatic detection server calls the local Windows Defender to detect the file to be processed as virus killing detection. The file to be processed which is detected through virus killing also needs to be subjected to content detection, and an auditor often carries out content detection on the file to be processed after logging in a file server, and confirms the file grade according to the content information of the file to be processed. In some embodiments, the first server 100 is further configured to obtain user login information, check the login information, and if the check is passed, detect the content of the file to be processed according to the user login information.
The user login information comprises user basic information and login credentials, which may be generated by the Identity Server 4 service for user authentication, i.e. for verifying whether the user has rights to access the first Server, and for determining what level of user rights should be provided to the user. The first Server comprises a user authentication module, when a user logs in the first Server, if the user logs in the first Server for the first time, user registration is needed, the first Server sends a user credential acquisition request to an inside Identity Server 4 service, and simultaneously sends a user verification request to the user authentication module, the user authentication module compares and verifies acquired user basic information with user basic information stored in an LDAP (Lightweight Directory Access Protocol ) service inside the first Server, and sends a verification result to the Identity Server 4 service, if the verification result is passed, the Identity Server 4 service generates a user credential, returns the user credential to the user authentication module, and then the user authentication module synchronizes the user credential to the LDAP credential, and returns the user credential to the first Server, so that the user logs in the first Server through the user basic information and the user credential; if the user does not log in the first server for the first time, the user can log in directly, the first server sends a user login request to a user authentication module, the user authentication module checks the received user login information with the corresponding user login information stored in the LDAP service, and if the user login information passes the check, the login is successful. Different login credentials corresponding to different users can provide different user rights for different users according to the login credentials in the user login information, and the content in the file to be processed can be detected according to the login credentials in the user login information.
According to the embodiment, the user authentication is realized through the Identity Server 4 service and the LDAP service in the first Server, the domain account in the enterprise is opened, the direct login operation of the enterprise and the account is realized, an additional account system is not needed, the cost is saved, and the efficiency is improved.
Fig. 9 shows a schematic structural diagram of a server device provided in an embodiment of the present application, and the specific embodiment of the present application is not limited to a specific implementation of the server device.
As shown in fig. 9, the server device may include: a processor 402, a communication interface (Communications Interface) 404, a memory 406, and a communication bus 408.
Wherein: processor 402, communication interface 404, and memory 406 communicate with each other via communication bus 408. A communication interface 404 for communicating with network elements of other devices, such as clients or other servers. The processor 402 is configured to execute the program 410, and may specifically perform the relevant steps in the above-described embodiment of the method for processing an intranet file.
In particular, program 410 may include program code including computer-executable instructions.
The processor 402 may be a central processing unit, CPU, or an application specific integrated circuit, ASIC, or one or more integrated circuits configured to implement embodiments of the present application. The one or more processors comprised by the server device may be the same type of processor, such as one or more CPUs; but may also be different types of processors such as one or more CPUs and one or more ASICs.
Memory 406 for storing programs 410. Memory 406 may comprise high-speed RAM memory or may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
Program 410 may be specifically invoked by processor 402 to cause a first server to:
receiving a file to be processed;
generating a corresponding file identifier according to the file to be processed;
encrypting the file to be processed according to the pre-generated secret key, and storing the encrypted file to be processed to a second server, wherein the second server is arranged in an internal network;
sending a file processing request to a third server, wherein the file processing request comprises a file identifier, storage address information of an encrypted file to be processed and a secret key, so that the third server obtains the encrypted file to be processed from a second server according to the storage address information of the encrypted file to be processed and the file identifier, decrypts the encrypted file to be processed, and then detects the encrypted file to be processed, and the third server is arranged in an internal network;
receiving a detection message sent by a third server, wherein the detection message carries a file identifier and a first detection result;
and processing the file to be processed according to the first detection result.
In an alternative, the program 410 is invoked by the processor 402 to cause the third server to:
receiving a file processing request sent by a first server, wherein the file processing request comprises a file identifier, encrypted storage address information of a file to be processed and a key, the first server is arranged in an external network, and the file identifier and the key are generated by the first server;
acquiring an encrypted file to be processed from a second server according to the storage address information and the file identifier of the encrypted file to be processed, encrypting the encrypted file to be processed by a first server according to a key generated in advance, and storing the encrypted file to be processed to the second server, wherein the second server is arranged in an internal network;
decrypting the encrypted file to be processed according to the secret key to obtain the file to be processed;
detecting a file to be processed to obtain a first detection result;
and sending a detection message to the first server, wherein the detection message carries the file identifier and the first detection result, so that the first server processes the file to be processed according to the first detection result.
The embodiment of the application also provides a computer readable storage medium, wherein at least one executable instruction is stored in the storage medium, and the executable instruction executes the operation of the method for processing the internet file in any embodiment when running.
The embodiment of the application provides a computer program, which can be called by a processor to enable a server device to execute the method for processing the internet file in any of the method embodiments.
Embodiments of the present application provide a computer program product comprising a computer program stored on a computer readable storage medium, the computer program comprising program instructions which, when run on a computer, cause the computer to perform the method of processing internet and intranet files in any of the method embodiments described above.
The algorithms or displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general-purpose systems may also be used with the teachings herein. The required structure for a construction of such a system is apparent from the description above. In addition, embodiments of the present application are not directed to any particular programming language. It will be appreciated that a variety of programming languages may be used to implement the teachings of the present application as described herein, and the above description of specific languages is provided for disclosure of preferred embodiments of the present application.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the present application may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the above description of exemplary embodiments of the application, various features of embodiments of the application are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the application and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be construed as reflecting the intention that: i.e., the claimed application requires more features than are expressly recited in each claim.
Those skilled in the art will appreciate that the modules in the apparatus of the embodiments may be adaptively changed and disposed in one or more apparatuses different from the embodiments. The modules or units or components of the embodiments may be combined into one module or unit or component, and they may be divided into a plurality of sub-modules or sub-units or sub-components. Any combination of all features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or units of any method or apparatus so disclosed, may be used in combination, except insofar as at least some of such features and/or processes or units are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
It should be noted that the above-mentioned embodiments illustrate rather than limit the application, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The application may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order. These words may be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specifically stated.
Claims (10)
1. An intranet and extranet file processing method, which is applied to a first server, wherein the first server is arranged in an external network, and the method comprises the following steps:
Receiving a file to be processed;
generating a corresponding file identifier according to the file to be processed;
encrypting the file to be processed according to a pre-generated secret key, and storing the encrypted file to be processed to a second server, wherein the second server is arranged in an internal network;
sending a file processing request to a third server, wherein the file processing request comprises the file identifier, the encrypted storage address information of the to-be-processed file and a secret key, so that the third server obtains the encrypted to-be-processed file from the second server according to the encrypted storage address information of the to-be-processed file and the file identifier, decrypts the encrypted to-be-processed file, and then detects the encrypted to-be-processed file, and the third server is arranged in an internal network;
receiving a detection message sent by the third server, wherein the detection message carries the file identifier and a first detection result;
and processing the file to be processed according to the first detection result.
2. The method of claim 1, wherein the first detection result is a virus killing result, and the processing the file to be processed according to the first detection result specifically includes:
If the first detection result is not passed, deleting the file to be processed in the second server according to the file identifier;
if the first detection result is passed, detecting the content of the file to be processed to obtain a second detection result, and processing the file to be processed according to the second detection result.
3. The method according to claim 2, wherein the processing the file to be processed according to the second detection result specifically includes:
if the second detection result is not passed, deleting the file to be processed in the second server according to the file identifier;
and if the second detection result is passed, acquiring the file grade of the file to be processed.
4. An intranet and extranet file processing method, which is applied to a third server, wherein the third server is arranged in an intranet, and the method comprises the following steps:
receiving a file processing request sent by a first server, wherein the file processing request comprises a file identifier, encrypted storage address information of a file to be processed and a secret key, the first server is arranged on an external network, and the file identifier and the secret key are generated by the first server;
Acquiring an encrypted file to be processed from a second server according to the storage address information of the encrypted file to be processed and the file identifier, wherein the encrypted file to be processed is encrypted by the first server according to the key generated in advance, the encrypted file to be processed is stored in the second server, and the second server is arranged in an internal network;
decrypting the encrypted file to be processed according to the secret key to obtain the file to be processed;
detecting the file to be processed to obtain a first detection result;
and sending a detection message to the first server, wherein the detection message carries the file identifier and the first detection result, so that the first server processes the file to be processed according to the first detection result.
5. A server, disposed on an external network, comprising:
the receiving unit is used for receiving the file to be processed;
the processing unit is used for generating a corresponding file identifier according to the file to be processed, encrypting the file to be processed according to a pre-generated key, and storing the encrypted file to be processed to a second server, wherein the second server is arranged in an internal network;
A sending unit, configured to send a file processing request to a third server, where the file processing request includes the file identifier, encrypted storage address information of the to-be-processed file, and a key, so that the third server obtains the encrypted to-be-processed file from the second server according to the encrypted storage address information of the to-be-processed file and the file identifier, decrypts the encrypted to-be-processed file, and then detects the encrypted to-be-processed file, where the third server is set in an internal network;
the receiving unit is further configured to receive a detection message sent by the third server, where the detection message carries the file identifier and the first detection result;
the processing unit is further configured to process the file to be processed according to the first detection result.
6. The server of claim 5, wherein the first detection result is a virus killing result;
the processing unit is further configured to detect content of the file to be processed when the first detection result is passing, so as to obtain a second detection result;
when the second detection result is passing, acquiring the file grade of the file to be processed;
And deleting the file to be processed in the second server according to the file identifier when the first detection result is not passed or the second detection result is not passed.
7. A server, disposed in an internal network, comprising:
the receiving unit is used for receiving a file processing request sent by a first server, wherein the file processing request comprises a file identifier, storage address information of an encrypted file to be processed and a key, and the file identifier and the key are generated by the first server;
the processing unit is used for acquiring the encrypted file to be processed from a second server according to the storage address information of the encrypted file to be processed and the file identifier, the encrypted file to be processed is encrypted by the first server according to the key generated in advance, the encrypted file to be processed is stored in the second server, and the second server is arranged in an internal network and decrypts the encrypted file to be processed according to the key to obtain the file to be processed;
the processing unit is further used for detecting the file to be processed to obtain a first detection result;
And the sending unit is used for sending a detection message to the first server, wherein the detection message carries the file identifier and the first detection result, so that the first server processes the file to be processed according to the first detection result.
8. An intranet and extranet document processing system, the system comprising: the system comprises a first server, a second server and a third server;
the first server is arranged on an external network, and the second server and the third server are respectively arranged on an internal network;
the first server is used for receiving a file to be processed and generating a corresponding file identifier according to the file to be processed; encrypting the file to be processed according to a pre-generated secret key, and storing the encrypted file to be processed to the second server; sending a file processing request to the third server, wherein the file processing request comprises the file identifier, the encrypted storage address information of the file to be processed and a secret key;
the third server is configured to receive the file processing request sent by the first server, obtain the encrypted file to be processed from the second server according to the encrypted storage address information of the file to be processed and the file identifier, and decrypt the encrypted file to be processed according to the key to obtain the file to be processed; detecting the file to be processed to obtain a first detection result, and sending a detection message to the first server, wherein the detection message carries the file identifier and the first detection result;
The first server is further configured to receive a detection message sent by the third server, and process the file to be processed according to the first detection result.
9. The intranet and extranet file processing system of claim 8 wherein the first detection result is a virus killing result;
the first server is further configured to detect content of the file to be processed when the first detection result is passing, so as to obtain a second detection result;
when the second detection result is that the file passes, acquiring the file grade of the file to be processed;
and deleting the file to be processed in the second server according to the file identifier when the first detection result is not passed or the second detection result is not passed.
10. The internet and intranet file processing system according to claim 8 or 9, wherein the first server is further configured to obtain user login information, verify the login information, and if the verification is passed, detect the content of the file to be processed according to the user login information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311740586.0A CN117729024A (en) | 2023-12-14 | 2023-12-14 | Method, server and system for processing internet and internet files |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311740586.0A CN117729024A (en) | 2023-12-14 | 2023-12-14 | Method, server and system for processing internet and internet files |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117729024A true CN117729024A (en) | 2024-03-19 |
Family
ID=90204804
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311740586.0A Pending CN117729024A (en) | 2023-12-14 | 2023-12-14 | Method, server and system for processing internet and internet files |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117729024A (en) |
-
2023
- 2023-12-14 CN CN202311740586.0A patent/CN117729024A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10452853B2 (en) | Disarming malware in digitally signed content | |
| US8875285B2 (en) | Executable code validation in a web browser | |
| Sun et al. | The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems | |
| US7627896B2 (en) | Security system providing methodology for cooperative enforcement of security policies during SSL sessions | |
| US10607016B2 (en) | Decrypting files for data leakage protection in an enterprise network | |
| US8832857B2 (en) | Unsecured asset detection via correlated authentication anomalies | |
| US20140215610A1 (en) | Encrypted network traffic interception and inspection | |
| EP1914658A2 (en) | Identity controlled data center | |
| US20150082424A1 (en) | Active Web Content Whitelisting | |
| US11822660B2 (en) | Disarming malware in protected content | |
| US10834131B2 (en) | Proactive transport layer security identity verification | |
| US20020129239A1 (en) | System for secure communication between domains | |
| O'Neill et al. | {TrustBase}: An architecture to repair and strengthen certificate-based authentication | |
| US8656462B2 (en) | HTTP authentication and authorization management | |
| CN105516066A (en) | Method and device for identifying existence of intermediary | |
| US20210182382A1 (en) | Secure and reliable content disarm and reconstruction | |
| US20220070223A1 (en) | Security platform with external inline processing of assembled selected traffic | |
| US20230342461A1 (en) | Malware detection for documents using knowledge distillation assisted learning | |
| US20230344867A1 (en) | Detecting phishing pdfs with an image-based deep learning approach | |
| Hutchinson et al. | Forensic analysis of spy applications in android devices | |
| CN117729024A (en) | Method, server and system for processing internet and internet files | |
| Lakshmi | Beginning Security with Microsoft Technologies | |
| US20230342460A1 (en) | Malware detection for documents with deep mutual learning | |
| US20230306114A1 (en) | Method and system for automatically generating malware signature | |
| US20230082289A1 (en) | Automated fuzzy hash based signature collecting system for malware detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |