CN112751829A - Method for implementing safe file processing system - Google Patents
Method for implementing safe file processing system Download PDFInfo
- Publication number
- CN112751829A CN112751829A CN202011479876.0A CN202011479876A CN112751829A CN 112751829 A CN112751829 A CN 112751829A CN 202011479876 A CN202011479876 A CN 202011479876A CN 112751829 A CN112751829 A CN 112751829A
- Authority
- CN
- China
- Prior art keywords
- file
- client
- request
- user account
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000012545 processing Methods 0.000 title claims abstract description 31
- 238000012795 verification Methods 0.000 claims description 24
- 238000012986 modification Methods 0.000 claims description 4
- 230000004048 modification Effects 0.000 claims description 4
- 238000012217 deletion Methods 0.000 claims description 3
- 230000037430 deletion Effects 0.000 claims description 3
- 238000004806 packaging method and process Methods 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Abstract
A method of implementing a secure file processing system, comprising: the server receives a file calling request sent by the client, judges whether the file calling request comes from an untrusted client process, and sends a user account login command to the client if the file calling request does not come from the untrusted client process; the server side verifies the login information of the user account, if the login information passes, an encryption and decryption mode is configured for the file requested to be called, an encrypted file and a decryption key are generated, and the encrypted file and the decryption key are sent to the client side; the server receives a file sending request sent by a client, judges whether the file sending request comes from an untrusted client process, and sends a user account login command to the client if the file sending request does not come from the untrusted client process; and the server side verifies the user account login information, judges whether the file requested to be sent is encrypted according to the specification if the user account login information passes the specification, and receives and decrypts the file if the user account login information passes the specification. The invention carries out standardized management on the file processing flow and the encryption and decryption modes, provides individualized encryption and decryption modes aiming at different files and can effectively improve the safety of file processing.
Description
Technical Field
The invention belongs to the field of information security, and particularly relates to a method for realizing a secure file processing system.
Background
With the development of information technology, information security is more and more emphasized, and especially, the requirements for user data security guarantee of each financial enterprise are more and more strict. User data is the key for identifying user risks and processing post-loan transactions of each financial institution, so that the current financial business puts higher requirements on the storage and transmission of the user data, and the problems to be solved are how to make a standardized file processing flow and how to safely store and transmit the business data.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a method for realizing a safe file processing system.
In order to achieve the purpose, the invention adopts the following technical scheme:
a method for implementing a secure file processing system, comprising:
the server receives a file calling request sent by the client, judges whether the file calling request comes from an untrusted client process, refuses the request if the file calling request comes from the untrusted client process, and sends a user account login command to the client if the file calling request does not come from the untrusted client process; the server side verifies the login information of the user account, if the user account does not pass the verification or does not log in after overtime, the server side refuses the request, and if the user account passes the verification, the server side configures an encryption and decryption mode for the file called by the request, generates an encrypted file and a decryption key and sends the encrypted file and the decryption key to the client side;
the server receives a file sending request sent by a client, judges whether the file sending request comes from an untrusted client process, refuses the request if the file sending request comes from the untrusted client process, and sends a user account login command to the client if the file sending request does not come from the untrusted client process; the server side verifies the login information of the user account, if the user account does not pass the verification or does not log in after overtime, the request is rejected, if the user account passes the verification, whether the file sent by the request is encrypted according to the specification or not is judged, if yes, the file is received and decrypted, and if not, the request is rejected.
In order to optimize the technical scheme, the specific measures adopted further comprise:
furthermore, in the process of configuring the encryption and decryption modes for the file requested to be called, the security level of the file requested to be called by the client is judged at first, and the encryption and decryption modes are automatically configured according to the security level.
Furthermore, an encryption and decryption template library is arranged in the file processing system, and corresponding encryption modes and decryption keys are configured in the encryption and decryption template library according to different file security levels and are stored as a template table.
Further, after the server side judges the security level of the file requested to be called by the client side, the server side calls a template table in the encryption and decryption template library, finds out a corresponding encryption mode and a corresponding decryption key through a matching algorithm, encrypts the file through the encryption mode, and packages and sends the encrypted file and the decryption key to the client side.
Further, the encryption and decryption template library is configured with a custom interface, the client sends a custom request to the server, the server judges whether the client is from an untrusted client process, if so, the request is rejected, and if not, a user account login command is sent to the client; the server side verifies the login information of the user account, if the user account does not pass the verification or does not log in after overtime, the request is rejected, and if the user account passes the verification, the client side is connected to a custom interface to perform custom operation on the template table stored in the encryption and decryption template library.
Further, the self-defining operation comprises modification, deletion and new creation, and a specific operation format is defined when the self-defining operation is executed.
Further, in the process of judging whether the file requested to be sent is encrypted according to the specification, firstly, the security level of the file requested to be sent by the client is judged, a template table in an encryption and decryption template library is called, a corresponding encryption mode and a corresponding decryption key are found through a matching algorithm, whether the file is matched with the encryption mode of the client is judged, if the file is not matched with the encryption mode of the client, the request is rejected, and if the file is matched with the encryption mode of the client, the file is decrypted by using the corresponding decryption key.
Further, the encryption and decryption template library is provided with an inquiry interface, a client sends an inquiry request to a server before encrypting a file requested to be sent, the server judges whether the file is from an untrusted client process, if so, the request is rejected, and if not, a user account login command is sent to the client; the server side verifies the login information of the user account, if the user account does not pass the verification or does not log in after overtime, the request is rejected, if the user account passes the verification, the client side is connected to the query interface, and the encryption mode corresponding to the file needing to be encrypted is queried according to the template form.
Further, a client process blacklist is set in the file processing system, and untrusted client processes are recorded.
Further, after receiving the request of the client, the server invokes a client process blacklist to determine whether the request is from an untrusted client process recorded in the client process blacklist.
The invention has the beneficial effects that: the invention carries out standardized management on the file processing flow and the encryption and decryption modes, provides individualized encryption and decryption modes aiming at different files and can effectively improve the safety of file processing.
Drawings
Fig. 1 is a file processing flow diagram of a client sending a file call request.
Fig. 2 is a file processing flowchart in which a client sends a file transmission request.
FIG. 3 is a schematic block diagram of a file processing system.
Detailed Description
The present invention will now be described in further detail with reference to the accompanying drawings.
As shown in fig. 1, the server receives a file call request sent by the client, determines whether the file call request is from an untrusted client process, rejects the request if the file call request is from an untrusted client process, and sends a user account login command to the client if the file call request is not from the untrusted client process. The server side verifies the login information of the user account, if the user account does not pass the verification or does not log in after overtime, the request is rejected, if the user account passes the verification, the security level of the file requested to be called by the client side is judged firstly, an encryption and decryption mode is automatically configured according to the security level, an encrypted file and a decryption key are generated, and the encrypted file and the decryption key are sent to the client side.
Referring to fig. 3, an encryption/decryption template library is provided in the file processing system, and corresponding encryption modes and decryption keys are configured in the encryption/decryption template library according to different file security levels and stored as a template table. And after the server judges the security level of the file requested to be called by the client, calling a template table in an encryption and decryption template library, finding a corresponding encryption mode and a corresponding decryption key through a matching algorithm, encrypting the file through the encryption mode, and packaging and sending the encrypted file and the decryption key to the client.
The encryption and decryption template library is configured with a custom interface, the client sends a custom request to the server, the server judges whether the client is from an untrusted client process, if so, the request is rejected, and if not, a user account login command is sent to the client; the server side verifies the login information of the user account, if the user account does not pass the verification or does not log in after overtime, the request is rejected, and if the user account passes the verification, the client side is connected to a custom interface to perform custom operation on the template table stored in the encryption and decryption template library. The custom operation comprises modification, deletion and new creation, and a specific operation format is limited when the custom operation is executed. The system adopts a personalized encryption and decryption mode, can be freely combined according to different scenes, and can also customize the encryption and decryption mode.
As shown in fig. 2, the server receives a file sending request sent by a client, and determines whether the file sending request comes from an untrusted client process, if so, the server rejects the request, and if not, sends a user account login command to the client; the server side verifies the login information of the user account, if the user account does not pass the verification or does not log in after time out, the request is rejected, if the user account passes the verification, the security level of the file sent by the client side request is judged firstly, a template table in an encryption and decryption template library is called, a corresponding encryption mode and a corresponding decryption key are found through a matching algorithm, whether the encryption mode is matched with that of the client side or not is judged, if the encryption mode is not matched with that of the client side, the request is rejected, and if the encryption mode is matched with that.
The encryption and decryption template base is provided with an inquiry interface, a client sends an inquiry request to a server before encrypting a file requested to be sent, the server judges whether the file is from an untrusted client process, if so, the request is rejected, and if not, a user account login command is sent to the client; the server side verifies the login information of the user account, if the user account does not pass the verification or does not log in after overtime, the request is rejected, if the user account passes the verification, the client side is connected to the query interface, and the encryption mode corresponding to the file needing to be encrypted is queried according to the template form.
And a client process blacklist is also arranged in the file processing system, records the client processes which are not trusted, and blocks unsafe information from the beginning. And after receiving the request of the client, the server calls the client process blacklist and judges whether the request comes from the untrusted client process recorded in the client process blacklist.
The above is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above-mentioned embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may be made by those skilled in the art without departing from the principle of the invention.
Claims (10)
1. A method for implementing a secure file processing system, comprising:
the server receives a file calling request sent by the client, judges whether the file calling request comes from an untrusted client process, refuses the request if the file calling request comes from the untrusted client process, and sends a user account login command to the client if the file calling request does not come from the untrusted client process; the server side verifies the login information of the user account, if the user account does not pass the verification or does not log in after overtime, the server side refuses the request, and if the user account passes the verification, the server side configures an encryption and decryption mode for the file called by the request, generates an encrypted file and a decryption key and sends the encrypted file and the decryption key to the client side;
the server receives a file sending request sent by a client, judges whether the file sending request comes from an untrusted client process, refuses the request if the file sending request comes from the untrusted client process, and sends a user account login command to the client if the file sending request does not come from the untrusted client process; the server side verifies the login information of the user account, if the user account does not pass the verification or does not log in after overtime, the request is rejected, if the user account passes the verification, whether the file sent by the request is encrypted according to the specification or not is judged, if yes, the file is received and decrypted, and if not, the request is rejected.
2. A method of implementing a secure file processing system as claimed in claim 1, wherein: in the process of configuring the encryption and decryption modes for the file requested to be called, firstly, the security level of the file requested to be called by the client is judged, and the encryption and decryption modes are automatically configured according to the security level.
3. A method of implementing a secure file processing system as claimed in claim 2, wherein: the file processing system is provided with an encryption and decryption template library, and the encryption and decryption template library is configured with corresponding encryption modes and decryption keys according to different file security levels and stored as a template table.
4. A method of implementing a secure file processing system as claimed in claim 3, wherein: and after the server judges the security level of the file requested to be called by the client, calling a template table in an encryption and decryption template library, finding a corresponding encryption mode and a corresponding decryption key through a matching algorithm, encrypting the file through the encryption mode, and packaging and sending the encrypted file and the decryption key to the client.
5. A method of implementing a secure file processing system as claimed in claim 3, wherein: the encryption and decryption template library is configured with a custom interface, the client sends a custom request to the server, the server judges whether the client is from an untrusted client process, if so, the request is rejected, and if not, a user account login command is sent to the client; the server side verifies the login information of the user account, if the user account does not pass the verification or does not log in after overtime, the request is rejected, and if the user account passes the verification, the client side is connected to a custom interface to perform custom operation on the template table stored in the encryption and decryption template library.
6. A method of implementing a secure file processing system as claimed in claim 5, wherein: the self-defining operation comprises modification, deletion and new creation, and a specific operation format is limited when the self-defining operation is executed.
7. A method of implementing a secure file processing system as claimed in claim 3, wherein: in the process of judging whether the file requested to be sent is encrypted according to the regulations, firstly, the security level of the file requested to be sent by the client is judged, a template table in an encryption and decryption template library is called, a corresponding encryption mode and a corresponding decryption key are found through a matching algorithm, whether the file is matched with the encryption mode of the client is judged, if the file is not matched with the encryption mode of the client, the request is rejected, and if the file is matched with the encryption mode of the client, the file is decrypted by using the corresponding decryption key.
8. A method of implementing a secure file processing system as claimed in claim 3, wherein: the encryption and decryption template library is provided with a query interface, a client sends a query request to a server before encrypting a file requested to be sent, the server judges whether the file is from an untrusted client process, if so, the request is rejected, and if not, a user account login command is sent to the client; the server side verifies the login information of the user account, if the user account does not pass the verification or does not log in after overtime, the request is rejected, if the user account passes the verification, the client side is connected to the query interface, and the encryption mode corresponding to the file needing to be encrypted is queried according to the template form.
9. A method of implementing a secure file processing system as claimed in claim 1, wherein: and a client process blacklist is arranged in the file processing system, and untrusted client processes are recorded.
10. A method of implementing a secure file processing system as claimed in claim 9, wherein: and after receiving the request of the client, the server calls a client process blacklist and judges whether the request comes from an untrusted client process recorded in the client process blacklist.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011479876.0A CN112751829A (en) | 2020-12-16 | 2020-12-16 | Method for implementing safe file processing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011479876.0A CN112751829A (en) | 2020-12-16 | 2020-12-16 | Method for implementing safe file processing system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112751829A true CN112751829A (en) | 2021-05-04 |
Family
ID=75647883
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011479876.0A Pending CN112751829A (en) | 2020-12-16 | 2020-12-16 | Method for implementing safe file processing system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112751829A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103688485A (en) * | 2011-05-18 | 2014-03-26 | 西里克斯系统公司 | Systems and methods for secure handling of data |
| CN104615924A (en) * | 2015-03-04 | 2015-05-13 | 陈佩珊 | System and method for storing account numbers and passwords for account numbers |
| CN106685919A (en) * | 2016-11-19 | 2017-05-17 | 徐州医科大学 | Secure cloud storage method with passive dynamic key distribution mechanism |
| CN106936771A (en) * | 2015-12-29 | 2017-07-07 | 航天信息股份有限公司 | A kind of secure cloud storage method and system based on graded encryption |
-
2020
- 2020-12-16 CN CN202011479876.0A patent/CN112751829A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103688485A (en) * | 2011-05-18 | 2014-03-26 | 西里克斯系统公司 | Systems and methods for secure handling of data |
| CN104615924A (en) * | 2015-03-04 | 2015-05-13 | 陈佩珊 | System and method for storing account numbers and passwords for account numbers |
| CN106936771A (en) * | 2015-12-29 | 2017-07-07 | 航天信息股份有限公司 | A kind of secure cloud storage method and system based on graded encryption |
| CN106685919A (en) * | 2016-11-19 | 2017-05-17 | 徐州医科大学 | Secure cloud storage method with passive dynamic key distribution mechanism |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105354507B (en) | A kind of data safety time slot scrambling under cloud environment | |
| US9860751B2 (en) | Secure short message service (SMS) communications | |
| US20200028699A1 (en) | Digital certificate management | |
| US10103891B2 (en) | Method of generating a deniable encrypted communications via password entry | |
| US9912486B1 (en) | Countersigned certificates | |
| US8806200B2 (en) | Method and system for securing electronic data | |
| US20070118735A1 (en) | Systems and methods for trusted information exchange | |
| CN102984115B (en) | A kind of network security method and client-server | |
| WO2019109097A1 (en) | Identity verification document request handling utilizing a user certificate system and user identity document repository | |
| CN107426223B (en) | Cloud document encryption and decryption method, cloud document encryption and decryption device and cloud document processing system | |
| CN103067160A (en) | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) | |
| CN107231368A (en) | The method for lifting the software interface security that Internet is opened | |
| CN110995657A (en) | Data access method, server and system based on data label | |
| CN111464561B (en) | Data ferry management system | |
| CN103095704A (en) | Trusted medium online validation method and device | |
| CN106682521B (en) | File transparent encryption and decryption system and method based on driver layer | |
| WO2011018048A1 (en) | Method, apparatus and system for privilege information management | |
| CN106911744A (en) | The management method and managing device of a kind of image file | |
| CN108399341B (en) | Windows dual file management and control system based on mobile terminal | |
| CN112751829A (en) | Method for implementing safe file processing system | |
| CN105591928B (en) | Method of controlling security for cloud platform network | |
| CN100550735C (en) | The method of multifunction intelligent key equipment and security control thereof | |
| CN102694796A (en) | Method, device and server for encrypted file management | |
| CN116346423A (en) | Client data multiple encryption system and method in intelligent Internet of things energy system | |
| CN115021927B (en) | Administrator identity management and control method and system for cryptographic machine cluster |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: No.88, Huaihai Road, Qinhuai District, Nanjing City, Jiangsu Province, 210000 Applicant after: Nanyin Faba Consumer Finance Co.,Ltd. Address before: No.88, Huaihai Road, Qinhuai District, Nanjing City, Jiangsu Province, 210000 Applicant before: SUNING CONSUMER FINANCE Co.,Ltd. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210504 |