CN110401689B - File management method, device and storage medium - Google Patents

File management method, device and storage medium Download PDF

Info

Publication number
CN110401689B
CN110401689B CN201811412957.1A CN201811412957A CN110401689B CN 110401689 B CN110401689 B CN 110401689B CN 201811412957 A CN201811412957 A CN 201811412957A CN 110401689 B CN110401689 B CN 110401689B
Authority
CN
China
Prior art keywords
file
key
management server
encryption
fragment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811412957.1A
Other languages
Chinese (zh)
Other versions
CN110401689A (en
Inventor
彭向阳
李斌
奚驰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201811412957.1A priority Critical patent/CN110401689B/en
Publication of CN110401689A publication Critical patent/CN110401689A/en
Application granted granted Critical
Publication of CN110401689B publication Critical patent/CN110401689B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0637Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a file management method, a device and a storage medium, wherein the method comprises the following steps: the file is encrypted in a fragmentation mode by an encryption terminal based on a key of the file; uploading the encrypted fragments of the file to a file management server; acquiring an encryption key for encrypting the key of the file; encrypting the key of the file based on the encryption key to obtain a security key; uploading the security key to a service server; the security key is used for decrypting the security key to obtain the key of the file after the decryption end obtains the security key from the service server, so as to decrypt the fragment of the file obtained from the file management server to obtain the file.

Description

File management method, device and storage medium
Technical Field
The present invention relates to data processing technologies, and in particular, to a file management method, device, and storage medium.
Background
In the related art, in order to ensure the security of a file, the file is generally encrypted and uploaded to a server for storage, however, when the file is large, the performance requirement of the terminal is high, the uploading efficiency is low, and a secret key used for encryption is generally stored in the local terminal, so that the security is low.
Disclosure of Invention
In view of this, embodiments of the present invention provide a file management method, an apparatus, and a storage medium, which can improve the security of file storage.
In a first aspect, an embodiment of the present invention provides a file management method, including:
the file is encrypted in a fragmentation mode by an encryption terminal based on a key of the file;
uploading the encrypted fragments of the file to a file management server;
acquiring an encryption key for encrypting the key of the file;
encrypting the key of the file based on the encryption key to obtain a security key;
uploading the security key to a service server;
and the security key is used for decrypting the security key to obtain the key of the file after the decryption end acquires the security key from the service server, so as to decrypt the fragment of the file acquired from the file management server to obtain the file.
In a second aspect, an embodiment of the present invention provides a file management method, including:
acquiring fragments of the encrypted file from a file management server; the fragments are encrypted based on the key of the file;
obtaining a security key from a service server; the security key is obtained by encrypting the key of the file;
acquiring a decryption key for decrypting the secure key;
and based on the decryption key, decrypting the security key to obtain a key of the file, and decrypting the acquired fragment of the file based on the key of the file to obtain the file.
In a third aspect, an embodiment of the present invention provides a file management apparatus, where the apparatus includes:
the first encryption unit is used for carrying out fragment encryption on the file based on a key of the file;
the first uploading unit is used for uploading the encrypted fragments of the file to a file management server;
an acquisition unit configured to acquire an encryption key used to encrypt a key of the file;
the second encryption unit is used for encrypting the key of the file based on the encryption key to obtain a security key;
the second uploading unit is used for uploading the security key to a service server;
and the security key is used for decrypting the security key to obtain the key of the file after the security key is obtained from the service server so as to decrypt the fragment of the file obtained from the file management server.
In a fourth aspect, an embodiment of the present invention provides a file management apparatus, where the apparatus includes:
a fragment acquisition unit configured to acquire a fragment of an encrypted file from a file management server; the fragments are encrypted based on the key of the file;
a first key acquisition unit configured to acquire a security key from a service server; the security key is obtained by encrypting the key of the file;
a second key acquisition unit configured to acquire a decryption key for decrypting the secure key;
and the decryption unit is used for decrypting the security key based on the decryption key to obtain a key of the file, and decrypting the acquired fragment of the file based on the key of the file to obtain the file.
In a fifth aspect, an embodiment of the present invention provides a file management apparatus, where the apparatus includes:
a memory for storing executable instructions;
and the processor is used for realizing the file management method provided by the embodiment of the invention when executing the executable instructions stored in the memory.
In a sixth aspect, an embodiment of the present invention provides a storage medium, which stores executable instructions, and when the executable instructions are executed, the storage medium is configured to implement the file management method provided in the embodiment of the present invention.
The application of the embodiment of the invention has the following beneficial effects:
1) in the embodiment of the invention, the file to be uploaded to the server is encrypted in a fragmentation encryption mode, the file is encrypted and fragmented, when the file is very large, the consumption of equipment performance is reduced and the processing efficiency and the user experience are improved in the fragmentation encryption mode, and meanwhile, the file is encrypted while being uploaded, so that the processing efficiency of the file is improved;
2) the file resources and the key of the file are stored in a distributed mode, and the key of the file is encrypted while the file is encrypted, so that the server cannot decrypt the file, and the security of the file resources is ensured.
Drawings
FIG. 1 is an alternative architecture diagram of a file management system according to an embodiment of the present invention;
fig. 2 is an alternative structural diagram of a terminal 400 according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating a file management method according to an embodiment of the present invention;
fig. 4 is a schematic diagram illustrating a method for encrypting a file in a fragmented manner according to an embodiment of the present invention;
fig. 5 is a schematic diagram illustrating a method for encrypting a file in a fragmented manner according to an embodiment of the present invention;
FIG. 6 is a flowchart illustrating a file management method according to an embodiment of the present invention;
FIG. 7 is a block diagram of a file management system according to an embodiment of the present invention;
FIG. 8 is a flowchart illustrating a file management method according to an embodiment of the present invention;
FIG. 9 is a flowchart illustrating a file management method according to an embodiment of the present invention;
fig. 10 is a schematic diagram of an interface for receiving a micro-mail message by a second terminal according to an embodiment of the present invention;
FIG. 11 is a block diagram of a file management apparatus 800 according to an embodiment of the present invention;
FIG. 12 is a block diagram of a file management apparatus 900 according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail below with reference to the accompanying drawings and examples. It should be understood that the examples provided herein are merely illustrative of the present invention and are not intended to limit the present invention. In addition, the following embodiments are provided as partial embodiments for implementing the present invention, not all embodiments for implementing the present invention, and the technical solutions described in the embodiments of the present invention may be implemented in any combination without conflict.
It should be noted that, in the embodiments of the present invention, the terms "comprises", "comprising" or any other variation thereof are intended to cover a non-exclusive inclusion, so that a method or apparatus including a series of elements includes not only the explicitly recited elements but also other elements not explicitly listed or inherent to the method or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other related elements in a method or apparatus including the element (e.g., steps in a method or elements in an apparatus, such as units that may be part of a circuit, part of a processor, part of a program or software, etc.).
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention.
In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is understood that "some embodiments" may be the same subset or different subsets of all possible embodiments, and may be combined with each other without conflict.
It should be noted that the terms "first", "second", and the like in the embodiments of the present invention are used for distinguishing similar objects and not for representing a specific ordering of the objects, and it should be understood that "first", "second", and the like may be interchanged with one another in a specific order or sequence, where possible, to enable the embodiments of the present invention described herein to be performed in an order other than that illustrated or described herein.
An exemplary application of the file management apparatus implementing the embodiment of the present invention is described below, and the file management apparatus provided in the embodiment of the present invention may be implemented as various types of user terminals such as a smart phone, a tablet computer, and a notebook computer. In the following, an exemplary application covering a terminal when the file management apparatus is implemented as the terminal will be described.
Referring to fig. 1, fig. 1 is an alternative architecture diagram of a file management system according to an embodiment of the present invention, in order to support an exemplary application, a terminal 400 (exemplary shows a terminal 400-1 and a terminal 400-2) is connected to a server 300 (exemplary shows a server 300-1 and a server 300-2) through a network 200, where the network 200 may be a wide area network or a local area network, or a combination of the two, and data transmission is implemented using a wireless link.
A terminal (such as the terminal 400-1) conducts fragmentation encryption on a file based on a key of the file, and uploads the encrypted fragments of the file to a file management server (such as the server 300-1); the terminal acquires an encryption key for encrypting the key of the file, encrypts the key of the file based on the encryption key to obtain a secure key, and uploads the secure key to a service server (such as the server 300-2); so that a terminal (such as the terminal 400-2) obtains the security key from the service server, and then decrypts the security key to obtain the key of the file, so as to decrypt the fragment of the file obtained from the file management server to obtain the file.
The apparatus provided by the embodiments of the present invention may be implemented as hardware or a combination of hardware and software, and various exemplary implementations of the apparatus provided by the embodiments of the present invention are described below.
Referring to fig. 2, fig. 2 is an alternative structural diagram of a terminal 400 according to an embodiment of the present invention, where the terminal 400 may be a mobile phone, a computer, a digital broadcast terminal, an information transceiver, a game console, a tablet device, a medical device, a fitness device, a personal digital assistant, etc., according to the structure of the terminal 400, the structure described herein should not be considered as a limitation, for example, some components described below may be omitted, or components not described below may be added to adapt to the specific requirements of some applications.
The terminal 400 shown in fig. 2 includes: at least one processor 410, memory 440, at least one network interface 420, and a user interface 430. The various components in the terminal 400 are coupled together by a bus system 450. It is understood that the bus system 450 is used to enable connected communication between these components. The bus system 450 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled as bus system 450 in fig. 2.
The user interface 430 may include a display, keyboard, mouse, trackball, click wheel, keys, buttons, touch pad or touch screen, etc.
Memory 440 may be either volatile memory or nonvolatile memory, and may include both volatile and nonvolatile memory. Among them, the nonvolatile Memory may be a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Programmable Read Only Memory (EPROM), a Flash Memory (Flash Memory), and the like. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Synchronous Static Random Access Memory (SSRAM). The memory 440 described in connection with the embodiments of the invention is intended to comprise these and any other suitable types of memory.
The memory 440 in embodiments of the present invention is capable of storing executable instructions 4401 to support the operation of a file management apparatus, examples of which include: the software modules in various forms such as programs, plug-ins, and scripts for operating on the file management device may include, for example, an operating system and application programs, wherein the operating system includes various system programs such as a framework layer, a core library layer, a driver layer, and the like for implementing various basic services and processing hardware-based tasks.
As an example of the file management apparatus provided by the embodiment of the present invention implemented by combining software and hardware, the file management apparatus provided by the embodiment of the present invention may be directly embodied as a combination of software modules executed by the processor 440, where the software modules may be located in a storage medium located in the memory 440, and the processor 410 reads executable instructions included in the software modules in the memory 440, and completes the file management method provided by the embodiment of the present invention in combination with necessary hardware (for example, including the processor 440 and other components connected to the bus 450).
By way of example, the Processor 410 may be an integrated circuit chip having Signal processing capabilities, such as a general purpose Processor, a Digital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the like, wherein the general purpose Processor may be a microprocessor or any conventional Processor or the like.
The file management method for implementing the embodiment of the present invention is described in conjunction with the aforementioned exemplary application and implementation of the file management apparatus for implementing the embodiment of the present invention.
Fig. 3 is a schematic flowchart of a file management method according to an embodiment of the present invention, and referring to fig. 3, the file management method according to the embodiment of the present invention includes:
step 101: and carrying out fragment encryption on the file based on the key of the file.
In an embodiment, the encryption side may encrypt the file fragments by:
the method comprises the steps of carrying out fragmentation processing on a file to obtain a plurality of fragments of the file, and encrypting each fragment according to a key of the file by adopting an Encryption mode corresponding to an Electronic Code Book (ECB) mode of an Advanced Encryption Standard (AES). Specifically, fig. 4 is a schematic diagram of a method for encrypting a file in a fragmentation manner according to an embodiment of the present invention, and referring to fig. 4, the file exists in a plaintext form before being encrypted, the file is fragmented to obtain a plurality of plaintext blocks (i.e., fragments, the size of the fragment may be set according to actual needs) as shown in fig. 4, and then the secret number of the file is usedEach plaintext block is encrypted by a key to obtain a corresponding ciphertext block (i.e., an encrypted fragment), for example, plaintext block P is encrypted by a file key (K1) to obtain a corresponding ciphertext block C, where C is EK1(P); here, the key of the file is a block cipher, which may also be referred to as a block cipher, and in practical applications, may be randomly generated.
According to the embodiment of the invention, the file to be uploaded to the server is encrypted in a fragmentation encryption manner, the file is encrypted and fragmented, when the file is very large, the consumption of the equipment performance is reduced and the processing efficiency and the user experience are improved in the fragmentation encryption manner, and meanwhile, the file is encrypted while being uploaded, and the processing efficiency of the file is improved.
In an embodiment, the fragment encryption of the file may be implemented as follows:
carrying out fragmentation processing on the file to obtain a plurality of fragments of the file with continuous numbers; taking the key of the file as the key of a first fragment of the file, and respectively calculating the key of each fragment in an iterative manner according to the key of the first fragment and the serial number sequence of the fragments; and encrypting each fragment by respectively adopting the key corresponding to each fragment.
Specifically, fig. 5 is a schematic diagram of a method for encrypting a file in a fragmentation manner according to an embodiment of the present invention, and referring to fig. 5, the file exists in a plaintext form before being encrypted, the file is fragmented to obtain plaintext block 1, plaintext block 2, plaintext block 3, and plaintext block 4 … in fig. 5 with consecutive numbers, a key of the file is used as a key (a first key) for encrypting plaintext block 1, a key (a second key) of plaintext block 2 is then calculated according to the key of plaintext block 1, a key (a third key) of plaintext block 3 is calculated according to the key of plaintext block 2, a key (a fourth key) of plaintext block 4 is calculated according to the key of plaintext block 3, and thus a key of each subsequent plaintext block is iteratively calculated, and then the plaintext block is encrypted by using the key corresponding to each plaintext block, so as to obtain a corresponding ciphertext block. So, adopt the mode that the burst encrypted to the file that needs upload the server, to the encryption fragmentation of file, reduce consumption, promotion user experience to equipment performance, because the file adopts the burst encryption, can realize uploading the limit encryption to the file, improve the treatment effeciency of file, simultaneously, because the secret key that every burst adopted when encrypting is different each other, the security of the file that improves greatly.
In practical applications, before the terminal uploads the file, the terminal may confirm to the server whether the file is already stored in the file management server, and in an embodiment, the terminal may implement the verification whether the file is stored in the file management server by:
the terminal calculates the abstract (such as SHA1) of the file by adopting a Secure Hash Algorithm (SHA, Secure Hash Algorithm), and then sends an uploading request of the file to the file index server, wherein the uploading request of the file carries the abstract of the file; the file index server stores the abstracts of the files stored in the file management server and file identifications corresponding to the abstracts, after the file index server analyzes an uploading request of the files to obtain the abstracts of the files, the file index server conducts index searching on the basis of the abstracts of the files to find whether the abstracts of the files are stored, if the abstracts of the files are indexed, the files are indicated to be uploaded, and if the abstracts of the files are not indexed, the files are indicated to be not uploaded.
Here, SHA is described as a data encryption algorithm whose idea is to receive a piece of plaintext and then convert it into a (usually smaller) piece of ciphertext in an irreversible manner, which can also be simply understood as the process of taking a string of input codes (called pre-map or message) and converting them into a short, fixed-bit output sequence, i.e., hash value (also called message digest or message authentication code).
In actual implementation, if the File index server does not index the digest of the File, an Identifier corresponding to the File is generated, and meanwhile, a resource authorization for uploading the File is requested from the File management server (that is, the terminal is requested to be allowed to execute the uploading of the File), where the Identifier of the File is used to uniquely identify the File, such as a File Identifier Descriptor (FID), so that the terminal can obtain the File from the File management server based on the Identifier of the File. In practical application, the file uploading request may also carry at least one of the following information: file size information, number of slices information, destination address, etc.
In actual implementation, if the file index server indexes the abstract of the file, the information of uploading completion is returned to the terminal.
Step 102: and uploading the encrypted fragments of the file to a file management server.
In an embodiment, the terminal may upload the encrypted file segment to the file management server by:
the terminal uploads the encrypted file fragments to a file management server in a multi-channel parallel uploading mode; and each channel uploads one fragment of the file at a time. That is to say, the terminal starts a plurality of uploading threads (for example, 3) at the same time, and each uploading thread uploads a fragment of a file at a time, so that the fragments of a plurality of files can be uploaded to the file management server at one time, and the file uploading efficiency is improved.
Step 103: an encryption key for encrypting a key of the file is obtained.
In an embodiment, the terminal may obtain an encryption key for encrypting a key of a file by:
the terminal sends a request for obtaining an encryption key to a key management server; the request carries authentication information; receiving the encryption key sent by the key management server; and the encryption key is sent after the key management server passes the user authentication based on the authentication information.
Exemplarily, the terminal sends a request for obtaining an encryption key to the key management server, where the request carries a user name and password information (i.e., authentication information, where the user name and password information may exist in the form of a ticket and a session) for user authentication, and after the key management server parses the request, the key management server performs user authentication (in an embodiment, the authentication information may also be sent to the authentication server, and an authentication process is performed by the authentication server), and after the user authentication passes, the encryption key is returned to the terminal.
In practical application, after user authentication is passed, the key management server returns an encryption password and key version information corresponding to an encryption key, and correspondingly, after receiving the key version information corresponding to the encryption key, the terminal uploads the key version information to the service server, so that after the terminal acquires the key version information from the service server, the terminal acquires the encryption key from the key management server according to the key version information.
Step 104: and encrypting the key of the file based on the encryption key to obtain a security key.
In an embodiment, the terminal may encrypt the key of the file by:
the terminal encrypts a key of the file according to the encryption key by adopting an encryption mode corresponding to an ECB mode of AES; for example, if the file key is K1 and the encryption key is K2, the security key K3 is EK2(K1)。
Step 105: and uploading the security key to a service server.
In actual implementation, the terminal uploads the key version information to the service server and also uploads the security key to the service server, so that after the terminal acquires the key version information and the security key from the service server, the terminal acquires the encryption key from the key management server according to the key version information, and decrypts the security key to obtain the key of the file. That is, the encryption key is used for encrypting the key of the file and is also used as the decryption key of the security key for decrypting the security key formed by encryption.
In the embodiment of the invention, the file resources and the key of the file are stored in a distributed manner, and the key of the file is encrypted while the file is encrypted, so that the server cannot decrypt the file, and the security of the file resources is ensured.
In practical application, when a user needs to download a file, the security key is obtained from the service server, the file is obtained from the file management server, the security key is decrypted to obtain the key of the file, and then the obtained file is decrypted by adopting the key of the file.
Fig. 6 is a schematic flowchart of a file management method according to an embodiment of the present invention, and fig. 7 is a schematic architectural diagram of a file management system according to an embodiment of the present invention, which implements uploading of a file by a terminal (that is, uploading to a server), and with reference to fig. 6 and fig. 7, the file management method according to an embodiment of the present invention includes:
step 201: the terminal computes the digest SHA1 of the file.
Here, in practical implementation, the terminal may perform digest calculation on the file by using a secure hash algorithm, so as to obtain the digest SHA1 of the file.
Step 202: and sending an uploading request of the file with the abstract to the file index server.
Here, the file index server stores the digest of the file stored in the file management server and the file identifier corresponding to the digest, and is used to generate, store, and retrieve the resource index, and request the file management server for authorization to upload the resource.
In actual implementation, after receiving an upload request of a file carrying a summary, a file index server analyzes the file to obtain the summary of the file, performs index search based on the summary of the file, returns an upload ending message to a terminal when the summary of the file is found, generates an identifier of the file when the summary of the file is not found, establishes a mapping relationship between the summary of the file and the identifier of the file, and returns the identifier of the file to the terminal.
Step 203: the file index server returns the identifier FID of the file to the terminal.
Step 204: the terminal generates a random key K1.
Here, the random key K1 generated by the terminal is a key of the file, and is used to encrypt the file.
Step 205: based on the random key K1, the file is encrypted in a slicing way and uploaded to the file management server.
Here, the terminal performs a fragmentation process on the file to obtain a plurality of fragments of the file, encrypts each fragment with a random key K1 in an encryption manner corresponding to the ECB mode of AES, and encrypts a fragment P with a random key K1 to obtain C ═ EK1(P)。
In practical implementation, the terminal adopts a multi-channel parallel uploading mode for the plurality of encrypted fragments, so that the file uploading efficiency is improved.
Step 206: the terminal transmits a request for acquiring an encryption key to the key management server.
Here, the request for obtaining the encryption key sent by the terminal carries authentication information for user authentication, such as a user name and a corresponding password, and in practical application, the authentication information exists in the form of a ticket or session.
In practical application, the key management server analyzes the request sent by the terminal to obtain authentication information, the key management server can perform user authentication based on the authentication information, or send the authentication information to an authentication server (not shown in the figure), perform user authentication through the authentication server, and after the authentication is passed, the terminal obtains authorization to obtain the encryption key, and returns the encryption key and corresponding key version information.
Step 207: the key management server returns the encryption key K2 and the corresponding key version V to the terminal.
In practical implementation, the encryption key K2 and the key version V are in a one-to-one correspondence relationship, and a corresponding encryption key can be obtained through the key version V.
Step 208: the terminal encrypts the random key K1 by using the encryption key K2 to obtain a security key K3.
Here, in actual implementation, an encryption method corresponding to the ECB mode of AES may be adopted, and the key of the file is encrypted according to the encryption key, where K3 ═ EK2(K1)。
Step 209: and uploading the identifier FID, the security key K3 and the key version V of the file to the business server.
By applying the embodiment of the invention, the file to be uploaded to the server is encrypted in a fragmentation encryption mode, the file is encrypted and fragmented, the consumption of the equipment performance is reduced, and the user experience is improved; the file resources and the key of the file are stored in a distributed mode, the key of the file is encrypted while the file is encrypted, so that the server cannot decrypt the file, and the security of the file resources is ensured.
Fig. 8 is a flowchart illustrating a file management method according to an embodiment of the present invention, and with respect to the embodiment shown in fig. 6, the scheme shown in fig. 8 implements downloading of a file by a terminal, and referring to fig. 8, the file management method according to the embodiment of the present invention includes:
step 301: the terminal acquires the identifier FID, the key version V and the security key K3 corresponding to the required file.
Here, in practical applications, if the terminal that needs to download the file is a terminal that previously uploaded the file to the server, the terminal itself may store the identifier FID, the key version V, and the security key K3 of the file, and may directly obtain the identifier FID, the key version V, and the security key K3 from the information about the file stored in the terminal itself.
If the terminal that needs to download the file is not the terminal that previously uploaded the file to the server, for example, for an application scenario of wechat, the terminal a sends the file to the terminal B, and the file message received by the terminal B carries the identifier FID, the key version V, and the security key K3 corresponding to the file, that is, the terminal B obtains the identifier FID, the key version V, and the security key K3 corresponding to the file from the service server.
Step 302: the terminal requests the decryption key K2 from the key management server based on the key version V.
In practical applications, the key management server stores the key version V and the decryption key K2 (encryption key K2) in a one-to-one correspondence, and since the encryption of the random key K1 is symmetric encryption in the embodiment of the present invention, the encryption key K2 used in encryption can also be used as a decryption key for decrypting the security key K3.
Step 303: the terminal receives the decryption key K2 returned by the key management server.
Step 304: and the terminal requests the corresponding file from the file management server according to the file identifier FID.
Step 305: the file management server returns the fragments of the encrypted file to the terminal.
In practical application, the file management server may send the fragments of the file to the terminal in a serial manner, for example, the file management server establishes a communication connection with the terminal through a network Protocol (HTTPS), and sends the fragments of the file to the terminal.
Step 306: the terminal decrypts the security key K3 by using the decryption key K2 to obtain the key K1 of the file, and decrypts the fragments of the encrypted file according to the key K1 of the file to obtain the file.
Here, in actual implementation, the terminal decrypts the fragments of the file by adopting a decryption mode corresponding to the encryption mode; for example, decrypting the ciphertext block C using the random key K1 yields a plaintext block P, where P ═ DK1(C) And integrating the plaintext blocks of the plurality of files obtained by decryption to obtain the file.
Next, a file management method according to an embodiment of the present invention is described by taking an application scenario as WeChat (e.g., enterprise WeChat) as an example. Fig. 9 is a flowchart illustrating a file management method according to an embodiment of the present invention, in which a first terminal (serving as an encryption side in this embodiment) transmits a file (such as a picture file or a video file) to a second terminal (serving as a decryption side in this embodiment), the first terminal first uploads the file to be transmitted to a server, and then the second terminal downloads a corresponding file from the server, referring to fig. 9, the file management method according to the embodiment of the present invention includes:
step 401: the first terminal sends a document message to the service server.
Here, the document message instructs the service server to send the document to the second terminal, and at the same time, the document message is used to request to upload the document to the file management server, and the document message carries the digest SHA1 corresponding to the document.
Step 402: the service server parses the document message to obtain a digest SHA1, and sends the digest SHA1 to the file index server.
Step 403: the file index server judges whether the document is stored in the file management server based on the digest SHA1, and if the document is not stored, executes step 404; if the document is stored, step 408 is performed.
Here, the specific way for the file index server to determine whether the document is stored in the file management server based on the digest SHA1 is referred to in the foregoing embodiments, and details are not described here.
Step 404: and the first terminal receives the identification of the document sent by the file index server.
In practical application, when the file index server determines that the document is not uploaded (i.e. not stored in the file management server), an identifier corresponding to the document is generated, and a mapping relationship between the identifier of the document and the digest SHA1 of the document is established.
Step 405: the first terminal adopts the random key K1 to encrypt the document in a slicing mode and uploads the document to the file management server.
Step 406: the first terminal acquires an encryption key K2 for encrypting the random key K1, and a key version V of the corresponding K2 from the key management server.
Step 407: the first terminal encrypts the key K1 by using the key K2 to obtain a security key K3, uploads the FID, the security key K3 and the key version V to the service server, and then executes step 408.
Step 408: the file index server sends the identification FID corresponding to the digest SHA1 to the service server.
In actual implementation, the service server stores the mapping relationship among the identifier FID, the security key K3 and the key version V, and can obtain the corresponding security key K3 and the key version V through the identifier FID index.
Step 409: and the service server sends the document message to the second terminal.
Here, in an actual application, the document message sent by the service server and enabling the second terminal to acquire the document carries the identifier FID, the security key K3, and the key version V corresponding to the document.
Step 410: and the second terminal analyzes the document message to obtain an identifier FID, a security key K3 and a key version V corresponding to the document.
Step 411: the second terminal requests the decryption key K2 from the key management server based on the key version V.
Step 412: and the second terminal acquires the document fragment from the file management server according to the identifier FID of the document.
Step 413: the second terminal decrypts K3 with K2 to obtain a random key K1, and decrypts the encrypted fragments of the document according to K1 to obtain the document.
Fig. 10 is a schematic diagram of an interface where a second terminal receives a wechat document message according to an embodiment of the present invention, where a first terminal sends a document message to a wechat interface of the second terminal through a service server, the first terminal first performs fragment encryption on the document and distributively stores fragments of the document and an encrypted key, a document message sent to the second terminal by the service server carries an identifier FID, a security key K3, and a key version V, and when a user clicks on the received document message, the second terminal obtains the encrypted document fragments and corresponding keys based on the FID, the security key K3, and the key version V carried in the document message, and obtains actual content of the document after fragment analysis.
Continuing to describe the file management apparatus provided in the embodiment of the present invention, the file management apparatus provided in the embodiment of the present invention may also be implemented by pure software, fig. 11 is a schematic diagram of a composition structure of the file management apparatus 800 provided in the embodiment of the present invention, and the file management apparatus can implement uploading of files, referring to fig. 11, the file management apparatus 800 provided in the embodiment of the present invention includes:
a first encryption unit 111, configured to perform fragment encryption on a file based on a key of the file;
a first uploading unit 112, configured to upload the encrypted fragments of the file to a file management server;
an acquisition unit 113 that acquires an encryption key used to encrypt a key of the file;
a second encryption unit 114, configured to encrypt the key of the file based on the encryption key to obtain a security key;
a second uploading unit 115, configured to upload the security key to a service server;
and the security key is used for decrypting the security key to obtain the key of the file after the security key is obtained from the service server so as to decrypt the fragment of the file obtained from the file management server.
In an embodiment, the first encryption unit is further configured to perform fragmentation processing on the file to obtain a plurality of fragments of the file;
and encrypting each fragment according to the key of the file by adopting an encryption mode corresponding to an ECB mode of an electronic codebook of an advanced encryption standard AES.
In an embodiment, the first encryption unit is further configured to perform fragmentation processing on the file to obtain a plurality of fragments of the file with consecutive numbers;
taking the key of the file as the key of a first fragment of the file, and respectively calculating the key of each fragment in an iterative manner according to the key of the first fragment and the serial number sequence of the fragments;
and encrypting each fragment by respectively adopting the key corresponding to each fragment.
In an embodiment, the obtaining unit is further configured to send a request for obtaining the encryption key to a key management server; the request carries authentication information;
receiving the encryption key sent by the key management server; and the encryption key is sent after the key management server passes the user authentication based on the authentication information.
In an embodiment, the obtaining unit is further configured to receive key version information corresponding to the encryption key sent by the key management server;
the second uploading unit is further configured to upload the key version information and the security key to a service server, so as to obtain the encryption key from the key management server according to the key version information after obtaining the key version information and the security key from the service server, and decrypt the security key to obtain the key of the file.
In an embodiment, the first uploading unit is further configured to upload the encrypted fragments of the file to a file management server in a multi-channel parallel uploading manner; and each channel uploads one fragment of the file at a time.
In an embodiment, the obtaining unit is further configured to calculate a digest of the file by using a secure hash algorithm SHA;
acquiring the identification of the file from a file index server based on the abstract of the file;
the second uploading unit is further configured to upload an identifier of the file to the service server, so as to obtain the file from the file management server by indexing according to the identifier of the file after obtaining the identifier of the file from the service server.
In an embodiment, the obtaining unit is further configured to send an upload request of the file to the file index server based on the digest of the file;
receiving the identifier of the file returned by the file index server;
the file identifier is generated when the file index server determines that the file management server does not store the file based on the abstract of the file.
Fig. 12 is a schematic diagram of a component structure of a file management apparatus 900 according to an embodiment of the present invention, which can implement downloading of a file, and referring to fig. 12, the file management apparatus according to the embodiment of the present invention includes:
a fragment acquiring unit 121 configured to acquire a fragment of the encrypted file from the file management server; the fragments are encrypted based on the key of the file;
a first key obtaining unit 122, configured to obtain a security key from a service server; the security key is obtained by encrypting the key of the file;
a second key acquisition unit 123 configured to acquire a decryption key for decrypting the secure key;
a decryption unit 124, configured to decrypt the secure key based on the decryption key to obtain a key of the file, and decrypt the obtained fragment of the file based on the key of the file to obtain the file.
In one embodiment, the apparatus further comprises:
an information obtaining unit, configured to obtain key information of the file, where the key information includes: the identification of the file and the key version information corresponding to the decryption key;
the file identification is used for indexing the file from the file management server;
and the key version information is used for acquiring the decryption key from a key management server according to the key version information.
In an embodiment, the information obtaining unit is further configured to receive a message of the file sent by the service server, where the message carries the key information;
and analyzing the information of the file to obtain the key information.
In an embodiment, the fragment obtaining unit is further configured to perform transmission key negotiation with the file management server based on the identifier of the file;
after the transmission key negotiation is passed, receiving the fragment of the file sent by the file management server;
the fragments are obtained by encrypting the fragments encrypted according to the key of the file again by the file management server by adopting the transmission key.
In an embodiment, the decryption unit is further configured to decrypt, based on the key of the file, the fragment of the file in a decryption manner corresponding to an ECB mode of AES, so as to obtain content information of the fragment;
and combining the content information of all the fragments included in the file to obtain the file.
An embodiment of the present invention further provides a readable storage medium, where the storage medium may include: various media that can store program codes, such as a removable Memory device, a Random Access Memory (RAM), a Read-Only Memory (ROM), a magnetic disk, and an optical disk. The readable storage medium stores executable instructions;
the executable instructions are used for realizing the file management method when being executed by a processor.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (15)

1. A method of file management, the method comprising:
the file is encrypted in a fragmentation mode by an encryption terminal based on a key of the file;
uploading the encrypted fragments of the file to a file management server;
sending a request for obtaining an encryption key to a key management server; the request carries authentication information;
receiving the encryption key and key version information corresponding to the encryption key sent by the key management server; the encryption key is sent after the key management server passes the user authentication based on the authentication information;
encrypting the key of the file based on the encryption key to obtain a security key;
uploading the key version information and the security key to a service server, so that a decryption end acquires the key version information and the security key from the service server, and then acquires the encryption key from the key management server according to the key version information;
the encryption key is used for the decryption end to decrypt the encrypted security key; and the security key is used for the decryption end to decrypt the security key to obtain the key of the file based on the encryption key so as to decrypt the fragment of the file obtained from the file management server to obtain the file.
2. The method of claim 1, wherein the file-based key sharding encrypts the file, comprising:
carrying out fragmentation processing on the file to obtain a plurality of fragments of the file;
and encrypting each fragment according to the key of the file by adopting an encryption mode corresponding to an ECB mode of an electronic codebook of an advanced encryption standard AES.
3. The method of claim 1, wherein the file-based key sharding encrypts the file, comprising:
carrying out fragmentation processing on the file to obtain a plurality of fragments of the file with continuous numbers;
taking the key of the file as the key of a first fragment of the file, and respectively calculating the key of each fragment in an iterative manner according to the key of the first fragment and the serial number sequence of the fragments;
and encrypting each fragment by respectively adopting the key corresponding to each fragment.
4. The method of claim 1, wherein uploading the encrypted fragment of the file to a file management server comprises:
uploading the encrypted fragments of the files to a file management server in a multi-channel parallel uploading mode; and each channel uploads one fragment of the file at a time.
5. The method of claim 1, wherein the method further comprises:
calculating the abstract of the file by adopting a secure hash algorithm SHA;
acquiring the identification of the file from a file index server based on the abstract of the file;
and uploading the identifier of the file to the service server, so as to obtain the identifier of the file from the service server, and then indexing the file from the file management server according to the identifier of the file to obtain the file.
6. The method of claim 5, wherein obtaining the identification of the file from a file index server based on the digest of the file comprises:
sending an uploading request of the file to the file index server based on the abstract of the file;
receiving the identifier of the file returned by the file index server;
the file identifier is generated when the file index server determines that the file management server does not store the file based on the abstract of the file.
7. A method of file management, the method comprising:
acquiring fragments of the encrypted file from a file management server; the fragments are encrypted based on the key of the file;
acquiring key version information and a security key from a service server; the security key is obtained by encrypting the key of the file;
acquiring a decryption key for decrypting the security key, wherein the decryption key is acquired from a key management server according to the key version information;
and based on the decryption key, decrypting the security key to obtain a key of the file, and decrypting the acquired fragment of the file based on the key of the file to obtain the file.
8. The method of claim 7, wherein the method further comprises:
acquiring key information of the file, wherein the key information comprises: an identification of the file;
and the file identification is used for indexing the file from the file management server.
9. The method of claim 8, wherein obtaining the slice of the encrypted file from the file management server comprises:
performing transmission key negotiation with the file management server based on the file identifier;
after the transmission key negotiation is passed, receiving the fragment of the file sent by the file management server;
the fragments are obtained by encrypting the fragments encrypted according to the key of the file again by the file management server by adopting the transmission key.
10. A file management apparatus, characterized in that the apparatus comprises:
the first encryption unit is used for carrying out fragment encryption on the file based on a key of the file;
the first uploading unit is used for uploading the encrypted fragments of the file to a file management server;
an acquisition unit configured to transmit a request for acquiring an encryption key to a key management server; the request carries authentication information; receiving the encryption key and key version information corresponding to the encryption key sent by the key management server; the encryption key is sent after the key management server passes the user authentication based on the authentication information;
the second encryption unit is used for encrypting the key of the file based on the encryption key to obtain a security key;
a second uploading unit, configured to upload the key version information and the secure key to a service server, so that a decryption side obtains the key version information and the secure key from the service server, and then obtains the encryption key from the key management server according to the key version information;
the encryption key is used for the decryption end to decrypt the encrypted security key; and the security key is used for the decryption end to decrypt the security key to obtain the key of the file based on the encryption key so as to decrypt the fragment of the file acquired from the file management server.
11. A file management apparatus, characterized in that the apparatus comprises:
a fragment acquisition unit configured to acquire a fragment of an encrypted file from a file management server; the fragments are encrypted based on the key of the file;
a first key obtaining unit, configured to obtain key version information and a security key from a service server; the security key is obtained by encrypting the key of the file;
a second key obtaining unit, configured to obtain a decryption key for decrypting the secure key, where the decryption key is obtained from a key management server according to the key version information;
and the decryption unit is used for decrypting the security key based on the decryption key to obtain a key of the file, and decrypting the acquired fragment of the file based on the key of the file to obtain the file.
12. A storage medium storing executable instructions for implementing a file management method according to any one of claims 1 to 6 when executed.
13. A storage medium storing executable instructions for implementing a file management method according to any one of claims 7 to 9 when executed.
14. An electronic device, characterized in that the electronic device comprises:
a memory for storing executable instructions;
a processor, configured to implement the file management method of any one of claims 1 to 6 when executing the executable instructions stored in the memory.
15. An electronic device, characterized in that the electronic device comprises:
a memory for storing executable instructions;
a processor, configured to implement the file management method of any one of claims 7 to 9 when executing the executable instructions stored in the memory.
CN201811412957.1A 2018-11-23 2018-11-23 File management method, device and storage medium Active CN110401689B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811412957.1A CN110401689B (en) 2018-11-23 2018-11-23 File management method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811412957.1A CN110401689B (en) 2018-11-23 2018-11-23 File management method, device and storage medium

Publications (2)

Publication Number Publication Date
CN110401689A CN110401689A (en) 2019-11-01
CN110401689B true CN110401689B (en) 2021-12-10

Family

ID=68322200

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811412957.1A Active CN110401689B (en) 2018-11-23 2018-11-23 File management method, device and storage medium

Country Status (1)

Country Link
CN (1) CN110401689B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111245597B (en) * 2020-01-17 2023-09-15 众安信息技术服务有限公司 Key management method, system and equipment
CN111698576B (en) * 2020-06-23 2022-04-01 网易有道信息技术(杭州)有限公司 Information encryption method, decryption method, server, client, and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102333236A (en) * 2011-10-27 2012-01-25 中国华录集团有限公司 Video content encryption and decryption system
CN103685557A (en) * 2013-12-26 2014-03-26 金蝶软件(中国)有限公司 Method and device for uploading and downloading file
CN104837035A (en) * 2015-04-30 2015-08-12 华为软件技术有限公司 Video playing method and terminal
CN106254324A (en) * 2016-07-26 2016-12-21 杭州文签网络技术有限公司 A kind of encryption method storing file and device
CN108429733A (en) * 2018-02-05 2018-08-21 济南浪潮高新科技投资发展有限公司 A kind of system of data processing

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4218256B2 (en) * 2002-05-02 2009-02-04 富士ゼロックス株式会社 Data transfer method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102333236A (en) * 2011-10-27 2012-01-25 中国华录集团有限公司 Video content encryption and decryption system
CN103685557A (en) * 2013-12-26 2014-03-26 金蝶软件(中国)有限公司 Method and device for uploading and downloading file
CN104837035A (en) * 2015-04-30 2015-08-12 华为软件技术有限公司 Video playing method and terminal
CN106254324A (en) * 2016-07-26 2016-12-21 杭州文签网络技术有限公司 A kind of encryption method storing file and device
CN108429733A (en) * 2018-02-05 2018-08-21 济南浪潮高新科技投资发展有限公司 A kind of system of data processing

Also Published As

Publication number Publication date
CN110401689A (en) 2019-11-01

Similar Documents

Publication Publication Date Title
US10417394B2 (en) Method and system for unified mobile content protection
US10645430B2 (en) Reducing time to first encrypted frame in a content stream
US10491665B2 (en) Distribution of portions of content
CN109150499B (en) Method and device for dynamically encrypting data, computer equipment and storage medium
WO2019015598A1 (en) Hybrid-cloud data storage method and apparatus, related device, and cloud system
KR102449816B1 (en) Apparatus for encryption and search and method thereof
CN109309650B (en) Data processing method, terminal equipment and network equipment
US20150205755A1 (en) Extensible Media Format System and Methods of Use
CN111698576B (en) Information encryption method, decryption method, server, client, and medium
EP2713295A1 (en) Cooperative broadcast communication receiver device, resource access control program and cooperative broadcast communication system
CN110401689B (en) File management method, device and storage medium
CN113014580A (en) File transmission method and device, electronic equipment and storage medium
WO2012126257A1 (en) Media data processing method and device thereof
CN112560003A (en) User authority management method and device
TW201317823A (en) Cloud secured storage system
KR20150107062A (en) Data communication apparatus using cloud service and method for data processing thereof
CN110602075A (en) File stream processing method, device and system for encryption access control
US11455103B2 (en) Cloud secured storage system utilizing multiple cloud servers with processes of file segmentation, encryption and generation of data chunks
CN111625850A (en) Access control method, device, electronic equipment and storage medium
KR102516004B1 (en) System for security key managing of video file and method for key generating thereof
JP6492785B2 (en) Information processing system, information processing method, and information processing program
CN110875820A (en) Management method and system for multimedia content protection key and key agent device
CN114826729B (en) Data processing method, page updating method and related hardware
KR101704538B1 (en) Data communication apparatus using cloud service and method for data processing thereof
JP6492786B2 (en) Information processing apparatus, information processing method, information processing program, and information processing system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant