CN102075544A - Encryption system, encryption method and decryption method for local area network shared file - Google Patents
Encryption system, encryption method and decryption method for local area network shared file Download PDFInfo
- Publication number
- CN102075544A CN102075544A CN2011100403136A CN201110040313A CN102075544A CN 102075544 A CN102075544 A CN 102075544A CN 2011100403136 A CN2011100403136 A CN 2011100403136A CN 201110040313 A CN201110040313 A CN 201110040313A CN 102075544 A CN102075544 A CN 102075544A
- Authority
- CN
- China
- Prior art keywords
- user
- file
- encryption
- key
- decryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an encryption system for a local area network shared file. The system comprises a secret key management module of a secret key to be used by reading, generating and managing an encryption file, and an encryption and decryption module for performing encryption and decryption according to a user command. The encryption system is characterized by also comprising an identity authentication module used for verifying the identity of a user and determining the authority of the user; and after the identity authentication module verifies that the identity of the user is legal, the encryption and decryption module performs encryption and decryption, and then the local area network shared file is accessed. The system limits the authority that different specified users read different files in shared resources, so that the information safety of resources in the local area network can be effectively guaranteed.
Description
Technical field
The invention belongs to the encryption technology field, be specifically related to a kind of LAN-sharing file encryption system and encipher-decipher method thereof.
Background technology
Common mode by file-sharing in the local area network (LAN) realizes sharing of resource in the prior art, this mode is in convenient for users to use, the also information security issue of the resource of Zeng Jiaing, for example the specific file of some companies only needs specific user to share, and all users in local area network (LAN) are as seen addressable during the existing file of sharing in local area network (LAN), the unsafe problems of the resource that this just increases.
PC file encryption system great majority are in application layer encryption in the existing local area network (LAN).The transparent file encryption technology is based on the file system filter Driving technique.During the user installation computer hardware, often its driving to be installed, as printer, USB flash disk driving etc.A kind of virtual driving that hardware driving is handled file in the file system filter Driving technique as a kind of equipment.When application program was operated the file of certain suffix name, the file driving can monitor the operation of program, and changes its mode of operation, thereby reached the effect of transparent encryption.It is irrelevant to drive encryption technology and application program, and it works in the system kernel layer of application layer bottom.When the application layer api function carried out read operation to the specified type file, system was automatically with file decryption; When entering write operation, automatically plaintext is encrypted.Owing to be operated in shielded system kernel layer, the speed of service is faster, and the encryption and decryption operation is more stable, and fail safe is higher.
Digital certificate is on the internet, is used for indicating and proving the digital information file of network service both sides identity.Digital certificate adopts public-key cryptosystem, promptly utilizes a pair of key that matches each other to encrypt, decipher.Each user oneself sets one and only is the private key known to me specific, is decrypted and signs with it; Set a PKI and open simultaneously, shared, be used for encrypting and certifying signature by one group of user by me.When sending a classified document, transmit leg uses recipient's PKI that data are encrypted, and the recipient then uses the private key deciphering of oneself, and information just can arrive the destination safe and punctually like this.Means by numeral guarantee that ciphering process is an irreversible process, promptly have only with private cipher key and could decipher.
Identical key is used in the encryption and decryption of DSE arithmetic, has the advantage that encryption/decryption speed is fast, key is short and decode difficulty; Its shortcoming is the distribution and the difficult management of key.Because the fail safe of symmetry algorithm depends on the secret of key and preserves, in a single day key leaks, and information just is easy to be broken.Public-key cryptosystem generally is based on intractable problem on the mathematics, and it is safe, and simultaneously, the management of key ratio is easier to, and the public key cryptography algorithm can also be used for number signature and authentication.Its shortcoming is that its key is oversize, arithmetic speed is slow more a lot of than symmetrical algorithm; It is slow that public-key cryptosystem generates the speed of a pair of public and private key, need more than a few minutes usually, thereby for the user who needs to encrypt mass data is arranged, the operating efficiency of computer is not high.
Summary of the invention
The object of the invention is to provide a kind of LAN-sharing file encryption system, and having solved in the prior art local area network (LAN) file-sharing, to cause non-full disclosure resource be safety problems such as nonpermissive user's use.
In order to solve these problems of the prior art, technical scheme provided by the invention is:
1. LAN-sharing file encryption system, the encryption and decryption module that comprises the key management module that reads, produce and manage the key that the encryption and decryption file will use, carries out the encryption and decryption operation according to user instruction, it is characterized in that described system also comprises authentication module, authentication module is verified user's identity, determines user's authority; The authentication of authenticating user identification module is legal after the encryption and decryption module carries out carrying out after encryption and decryption is operated the visit of LAN-sharing file.
Preferably, customer data base and resource database are set in the described authentication module, described customer data base internal memory contains all user names of use file encryption system and user's unique identification, the state of the filename of described all encrypt files of resource database stored, the user ID of permits access, user's authority and file-sharing visit.
Preferably, described authentication module is responsible for user's certificate is authenticated, identifying user identity, and in customer data base, search this user's user ID, in resource database, search this user's the authority and the user mode of encrypt file according to user ID.
Preferably, server is set in the described local area network (LAN) is responsible for finishing the digital certificate that the registration acquisition of all users in the whole local area network is generated by server, generate with server and carry out used privacy key of secure communication and server public key file.
Preferably, described system also comprises the application layer control module, described application layer control module is responsible for carrying out information interaction with the user, judges whether the user selects file is encrypted, cancelled encryption and licenses to other users, and is responsible for customer data base and resource database are operated.
Preferably, described encryption and decryption module comprises user's encryption and decryption control submodule, transparent file encryption submodule; Described user's encryption and decryption control submodule is responsible for monitoring management is carried out in user's encryption and decryption operation, when the user need encrypt file, be responsible for ordering key management module to generate corresponding secret key and make it store and manage, and encrypt submodule by transparent file data are encrypted the form storage of back with ciphertext key according to user's information; When the user need be decrypted file, be responsible for obtaining key from key management module according to user profile, and encrypt submodule to transparent file and send the message of deciphering and corresponding key is provided, encrypt by transparent file and again file content is presented to the user with the plaintext form after submodule is decrypted data; Transparent file encryption submodule is responsible for file content and is carried out encrypt and decrypt, makes file with the storage of ciphertext form, presents to the user with the plaintext form.
Preferably, the encrypt data of data decryption territory and include file content is set in the structure of described encrypt file, the symmetric key that the public key encryption of described data decryption territory stored relative users is crossed.
Preferably, described encryption and decryption module adopts SMS4 symmetric cryptographic algorithm and ECC elliptic curve cryptography to carry out the encryption and decryption operation, by SMS4 symmetric cryptographic algorithm encrypt file content, encrypt the symmetric key of corresponding document by the ECC elliptic curve cryptography during cryptographic operation; The private key of decryption oprerations by authenticated user decrypts the symmetric key of file by the ECC elliptic curve cryptography, obtains the content of file then by the SMS4 symmetric cryptographic algorithm.
Another object of the present invention is to provide a kind of LAN-sharing file encrypting method, it is characterized in that said method comprising the steps of:
(A1) the encrypted file system information that at first extracts the active user obtains the symmetric key of user encryption data;
(A2) symmetric key by the user encryption data uses symmetric key cipher algorithm for encryption file content, obtains the file content after the system of passing to carries out storage encryption;
(A3) symmetric key that the user generates is encrypted by public key algorithm according to user's PKI;
(A4) symmetric key that the user generates is stored and deleted to encrypted symmetric key in the mode of ciphertext.
Another purpose of the present invention is to provide a kind of LAN-sharing file decryption method, it is characterized in that said method comprising the steps of:
(B1) active user reads when sharing encrypt file, finds its private key and encryption key ciphertext according to active user's information earlier;
(B2) the cryptographic algorithm enabling decryption of encrypted key ciphertext that uses public-key of the private key by the user is obtained user's symmetric key;
(B3) symmetric key according to the user is decrypted sharing encrypt file by the symmetric key cipher algorithm;
(B4) the file data content after will deciphering is presented to the user.
Concrete, the file encryption system mainly is made up of authentication module, application layer control module, encryption and decryption module, key management module.The file encryption system preserves two tables in the mode of database, and table 1 is the user table, and table 2 is the file table.Wherein user table is a subscriber's meter, comprises two, the one, user's the user name of useful file encryption system, the 2nd, this user's user identifier.The file table is the file table, all filenames of encrypt file have been stored, this table has four list items: the one, and filename, the 2nd, have the user ID that reads the authority user, the 3rd is used for identifying this user is which authorized user or the owner of file, and the 4th record this document shared by several users simultaneously.
Authentication module is responsible for user's certificate is authenticated, identifying user identity, and search this user's user ID in the user in the database table, whether be the owner of file or whether have the authority that reads to this document if searching this user in the file table according to user ID.The application layer control module is responsible for carrying out information interaction with the user, judges whether the user selects file is encrypted, cancelled encryption and licenses to other users, and is responsible for the operation to user table in the database and file table.
User's encryption and decryption control submodule is responsible for monitoring management is carried out in user's encryption and decryption operation, when the user need encrypt file, be responsible for ordering key management module to generate corresponding secret key and make it store and manage, and encrypt submodule by transparent file data are encrypted the form storage of back with ciphertext key according to user's information; When the user need be decrypted file, be responsible for obtaining key from key management module according to user profile, and encrypt submodule to transparent file and send the message of deciphering and corresponding key is provided, encrypt by transparent file and again file content is presented to the user with the plaintext form after submodule is decrypted data.
Key management module reads, produces and manage various keys that the encryption and decryption file will use and corresponding key is distributed, stored and manages according to user's identity information.It then is that file content carries out encrypt and decrypt that transparent file is encrypted submodule, makes file with the storage of ciphertext form, presents to the user with the plaintext form.
Characteristics in view of symmetric key cipher algorithm and public key algorithm, and the threat of bringing for existing cryptographic algorithm by the development of cryptanalysis technology in recent years, the present invention comprehensively uses SMS4 symmetric key encryption algorithm and ECC public key encryption algorithm to come the safeguard file information security.In order to merge the advantage of symmetric cryptography and public key cryptography; adopted the multi-stage key management system; the encryption key that is file is a symmetric key, for file encryption key being protected and made things convenient for the exchange of key between the user, by means of public key cryptography file encryption key is encrypted again.
The present invention adopts the user to generate ECC (elliptic curve cipher) key of oneself at random, and overall system efficiency is greatly improved.Use the SMS4 symmetric cryptographic algorithm of 128 bit cipher key lengths to encrypt for mass data in the computer, the employed encryption key of SMS4 symmetric cryptographic algorithm then uses 160 bit cipher key lengths (to generally believe, the fail safe of 160 long elliptic curve ciphers is equivalent to 1024 rsa cryptosystem, and arithmetic speed is also very fast) the ECC public key encryption algorithm encrypt, this kind method has not only guaranteed the safety of data message but also has improved the speed of data encryption and deciphering, has realized data information security, the requirement of transmission fast.For authenticity, integrality and the reliability of guarantee information, the present invention is the advantage of comprehensive all kinds of Digital Signature Algorithms comprehensively, and symmetric key algorithm, public key algorithm are combined, and has avoided being used alone the deficiency of Digital Signature Algorithm.Adopt database technology that user right is carried out differentiated control simultaneously, make different user have different reading authorities.
With respect to scheme of the prior art, advantage of the present invention is:
The invention provides a kind of file encrypting method that on the basis of number identity identifying technology and file ciphering technology, ensures shared resource information security in the local area network (LAN), relate to field of cryptography, be intended to solve the insecurity of shared resource in local area network (LAN), prevent the unauthorized access and the important information leakage of unauthorized user.File encrypting method among the present invention is used for encrypting the file data that needs limiting access, mixes with public key encryption algorithm with symmetric encipherment algorithm and encrypts the file that needs protection, to reach the double dominant on enciphering rate and Cipher Strength; Authentication module is used for to user access mandate and authentication in the local area network (LAN), with restriction the different files in the shared resource is specified the right of different user read-write, thereby effectively ensures the information security of resource in the local area network (LAN).
Description of drawings
Below in conjunction with drawings and Examples the present invention is further described:
Fig. 1 is the system architecture diagram of LAN-sharing file encryption of the present invention system;
The flow chart that Fig. 2 encrypts for embodiment of the invention LAN-sharing file encryption system;
The flow chart that Fig. 3 is decrypted for embodiment of the invention LAN-sharing file encryption system;
The specific implementation flow chart that Fig. 4 encrypts for embodiment of the invention LAN-sharing file encryption system;
Fig. 5 is the shared encrypt file structure chart after embodiment of the invention LAN-sharing file encryption system encrypts.
Embodiment
Below in conjunction with specific embodiment such scheme is described further.Should be understood that these embodiment are used to the present invention is described and are not limited to limit the scope of the invention.The implementation condition that adopts among the embodiment can be done further adjustment according to the condition of concrete producer, and not marked implementation condition is generally the condition in the normal experiment.
Embodiment
As depicted in figs. 1 and 2, this LAN-sharing file encryption system, the encryption and decryption module that comprises the key management module that reads, produce and manage the key that the encryption and decryption file will use, carries out the encryption and decryption operation according to user instruction, described system also comprises authentication module, authentication module is verified user's identity, determines user's authority; The authentication of authenticating user identification module is legal after the encryption and decryption module carries out carrying out after encryption and decryption is operated the visit of LAN-sharing file.
A database is set in the authentication module, comprise subscriber's meter (user table) and file table (file table), described user table internal memory contains all user names of use file encryption system and user's unique identification, the filename of described all encrypt files of file table stored, the user ID of permits access, user's authority and the state of file-sharing visit.
Authentication module is responsible for user's certificate is authenticated, identifying user identity, and in customer data base, search this user's user ID, in the file table, search this user's the authority and the user mode of encrypt file according to user ID.Server is set in the described local area network (LAN) is responsible for finishing the digital certificate that the registration acquisition of all users in the whole local area network is generated by server, generate with server and carry out used privacy key of secure communication and server public key file.
Described system also comprises the application layer control module, described application layer control module is responsible for carrying out information interaction with the user, judge whether the user selects file is encrypted, cancelled encryption and licenses to other users, and be responsible for subscriber's meter (user table) and file table (file table) are operated.Described encryption and decryption module comprises user's encryption and decryption control submodule, transparent file encryption submodule; Described user's encryption and decryption control submodule is responsible for monitoring management is carried out in user's encryption and decryption operation, when the user need encrypt file, be responsible for ordering key management module to generate corresponding secret key and make it store and manage, and encrypt submodule by transparent file data are encrypted the form storage of back with ciphertext key according to user's information; When the user need be decrypted file, be responsible for obtaining key from key management module according to user profile, and encrypt submodule to transparent file and send the message of deciphering and corresponding key is provided, encrypt by transparent file and again file content is presented to the user with the plaintext form after submodule is decrypted data; Transparent file encryption submodule is responsible for file content and is carried out encrypt and decrypt, makes file with the storage of ciphertext form, presents to the user with the plaintext form.
The encrypt data of data decryption territory and include file content is set, the symmetric key that the public key encryption of described data decryption territory stored relative users is crossed in the structure of encrypt file.Described encryption and decryption module adopts SMS4 symmetric cryptographic algorithm and ECC elliptic curve cryptography to carry out the encryption and decryption operation, by SMS4 symmetric cryptographic algorithm encrypt file content, encrypt the symmetric key of corresponding document by the ECC elliptic curve cryptography during cryptographic operation; The private key of decryption oprerations by authenticated user decrypts the symmetric key of file by the ECC elliptic curve cryptography, obtains the content of file then by the SMS4 symmetric cryptographic algorithm.
Server is the administrative center of whole local area network, and it also has its special function and task except the repertoire with domestic consumer's machine.Mainly be responsible for finishing the registration of all users in the whole local area network, and be responsible for the user is managed.User's registration is exactly the digital certificate that obtains by the server generation.Digital certificate is the authentication unique identification of whole system.Server is responsible for generating and is carried out used privacy key of secure communication and server public key file, and the PKI file is open to all users; Private key file is the digital signature of server, and PKI and private key can regular updates.Before the normal operation of all subscriber computers, all must obtain digital certificate by server issues.User's PC is the computer that common registered user uses, can be in whole applied environment and server communication, authentication, declassified document.The common computer that is equipped with the file encryption system client through registration has just constituted a subscriber computer in the local area network (LAN).
Because the application target and the opportunity of symmetric encipherment algorithm and public key encryption algorithm are different, so their key is not produced simultaneously, and the generation method also has certain difference.Selection for the key FEK (File Encryption Key) of symmetric encipherment algorithm, take the thought of one-time pad, promptly to all corresponding its unique encryption key of each file of having encrypted, reduced the assailant like this by guessing the success rate that obtains symmetric key at random, even the part ciphertext is intercepted and captured simultaneously, also reduced by comparing the possibility that ciphertext breaks a code.When file being encrypted at every turn, all adopt the required key of the instant generation of random number generating algorithm, encrypt for different files like this and will obtain different keys.
Because encryption system judges its authority that reads to file by different user is authenticated, so encryption system associates generation and each user of public key encryption algorithm key, makes each user have its corresponding private key and PKI.When the user uses encryption system for the first time, system will distribute a unique user identifier to the user, and this identifier is produced the required parameter of public key algorithm at random as the seed of random number generating algorithm.
The key of symmetry algorithm and the key of public key algorithm are separately deposited, and have both improved fail safe, and the use that also makes key is aspect, quick more.The key FEK that symmetric encipherment algorithm adopted produces in use, generating the back encrypts it with the PKI of public key encryption algorithm, data encrypted is write file after the encryption together with the content of encrypt file, leave FEK in the head of encrypt file with the ciphertext form after encrypting, FEK deposits separately with the plaintext form no longer in addition.The assailant can not directly obtain the key of symmetric encipherment algorithm like this, though the FEK after obtaining encrypting, thus can not correctly read file content to its deciphering.And the key of different files leaves in separately the file, and that has avoided that leaving concentratedly of key cause is dangerous.
PKI exists in server user's the digital certificate, and is open to all users.PKI and private key are (keys to) that generates simultaneously, and can not solve private key from PKI on difficulty in computation.Conceptive in cryptography, private key only knows that with particular user other people do not know, can not calculate private key from PKI yet.Therefore, system will preserve a table, in order to write down each user and corresponding user identifier (promptly producing the required seed of PKI) thereof, even the assailant obtains user's identifier, can not accurately obtain user's private key.Simultaneously, the user who uses file system is issued certificate,,, determine its authority that reads, and can obtain its PKI FEK is encrypted file by user's certificate being verified the legitimacy of identifying user identity with certificate and user's PKI binding.
When user application was encrypted storage to file, the file encryption system at first extracted active user's information; The hash modular converter carries out the hash conversion to the user profile that extracts; Draw the symmetric key A of user encryption data; Passing to lower floor's file system after the symmetric cryptography module is encrypted the user file data according to key A stores.The public key encryption and decryption module is encrypted the symmetric key A that the user generates according to user's PKI B; A after encrypting is stored as C in the mode of ciphertext; Delete the initial symmetric cryptographic key A that generates of user at last.
When user program reads data, find its private key and encryption key C according to active user's information; In the public key encryption and decryption module, draw symmetrical encryption and decryption key A with private key for user deciphering C; In symmetrical encryption and decryption module, encrypt data is decrypted as decruption key with A; Data passes after the deciphering is handled to the upper strata.
Whether when the user selected file encryption, encryption system read active user's user name (being made as A), search user A in the user table to exist.If do not exist, promptly this user uses this encryption system for the first time, then is its distributing user identifier ida, and it is added the user table, and obtains the PKI keya of A from the certificate of user A.If user A exists, then directly from the certificate of A, read the public key information keya of A.
After obtaining the public key information of A, utilize the random number generating algorithm to generate the key FEK of symmetric cryptography.
With FEK file content (being made as C) is encrypted with symmetric encipherment algorithm, obtained ciphertext C '.
PKI keya with A encrypts FEK, and deletion FEK.
Content after encrypting is write file, write earlier through public key encryption algorithm encrypt after FEK ', write the file content C ' after the encryption then, Save and Close this document.
Add this document in the file table, one of user is A, and identify label is the file owner, and cryptographic operation is finished.Cancellation is opposite with ciphering process to the encryption of file, at first finds this document in the file table, and whether the checking party A-subscriber is the owner of this document, if then continue, otherwise prompting does not have operating right the refusal operation.Afterwards, reading this user's identifier in the user table, is the parameter that seed generates public key encryption algorithm at random with this identifier, reads PKI keya in the certificate of A, and private key leaves the subscriber's local disk in.When the user need decipher, then from local disk or movable equipment, obtain, this is the content that key management is responsible for; Use key ' that the FEK ' in the file is decrypted, obtain FEK.With FEK ciphertext C ' afterwards is decrypted again, obtains C.C is write file after the deciphering, Save and Close.At last, the respective items of deletion this document in the file table, this moment, this document reverted to unencrypted state.
When user A will authorize file f ile1 to user B, the file table will at first be inquired about by system, and whether checking user A is the owner of file1.If then continue; Otherwise will refuse operation, and point out this user not have the authority of Authorized operation.System arrives first the identifier ida that searches A in the user table, obtains A corresponding algorithm parameter and PKI keya, reads the FEK ' part in the file.
Whether next search user B in the user table again exists.If do not exist, then be its distributing user identifier idb, it is added the user table, and from the certificate of B, obtain its PKI keyb.If exist, then from its certificate, read the public key information keyb of B.PKI keyb with B encrypts the FEK that deciphering obtains, and obtains FEKb.Again file is rewritten afterwards, write FEK ', FEKb and C ' successively, make file content preserve the FEK that crosses with the public key encryption of A, B respectively before.
Add a record at last in the file table, file is called file1, and the user is B, and identify label is authorized to the user for first, and the sharing users number of file1 is added one.When in like manner again another user C being authorized, then between FEKb and C ', add with the FEK after the PKI keyc encryption of C, i.e. FEKc.Increase new record in the file table, sign C is n the grantee to file f ile1, and the sharing users number adds one.
In this encryption system, the used key of symmetric cryptography with the ciphertext form and the file content after encrypting leave in together in the file after the encryption.File begins to deposit most is FEK after file owner's public key encryption.When the user generated encrypt file, the random cipher generator generated a symmetric key FEK, and encryption system uses the data in the FEK encrypt file, use then in this user certificate public key encryption FEK also, leave it position of file beginning in.
Re-use the public key encryption FEK that is authorized in the user certificate afterwards and since be authorized to the user can have a plurality of, so may there be the FEK of public key encryption in a plurality of different authorized user certificates.All these are authorized in the FEK of public key encryption in the user certificate and the file owner's user certificate FEK of public key encryption and combine and obtain data decryption territory DDF (Data Decryption Field).Last encryption system is combined DDF and is obtained encrypt file as the encrypt file head with through the FEK ciphered data.
Above-mentioned example only is explanation technical conceive of the present invention and characteristics, and its purpose is to allow the people who is familiar with this technology can understand content of the present invention and enforcement according to this, can not limit protection scope of the present invention with this.All equivalent transformations that spirit is done according to the present invention or modification all should be encompassed within protection scope of the present invention.
Claims (10)
1. LAN-sharing file encryption system, the encryption and decryption module that comprises the key management module that reads, produce and manage the key that the encryption and decryption file will use, carries out the encryption and decryption operation according to user instruction, it is characterized in that described system also comprises authentication module, authentication module is verified user's identity, determines user's authority; The authentication of authenticating user identification module is legal after the encryption and decryption module carries out carrying out after encryption and decryption is operated the visit of LAN-sharing file.
2. LAN-sharing file encryption according to claim 1 system, it is characterized in that being provided with in the described authentication module customer data base and resource database, described customer data base internal memory contains all user names of use file encryption system and user's unique identification, the state of the filename of described all encrypt files of resource database stored, the user ID of permits access, user's authority and file-sharing visit.
3. LAN-sharing file encryption according to claim 2 system, it is characterized in that the responsible certificate to the user of described authentication module authenticates, identifying user identity, and in customer data base, search this user's user ID, in resource database, search this user's the authority and the user mode of encrypt file according to user ID.
4. LAN-sharing file encryption according to claim 3 system, it is characterized in that being provided with in the described local area network (LAN) server and be responsible for finishing the digital certificate that the registration acquisition of all users in the whole local area network is generated by server, generate with server and carry out used privacy key of secure communication and server public key file.
5. LAN-sharing file encryption according to claim 2 system, it is characterized in that described system also comprises the application layer control module, described application layer control module is responsible for carrying out information interaction with the user, judge whether the user selects file is encrypted, cancelled encryption and licenses to other users, and be responsible for customer data base and resource database are operated.
6. LAN-sharing file encryption according to claim 2 system is characterized in that described encryption and decryption module comprises that user's encryption and decryption control submodule, transparent file encrypt submodule; Described user's encryption and decryption control submodule is responsible for monitoring management is carried out in user's encryption and decryption operation, when the user need encrypt file, be responsible for ordering key management module to generate corresponding secret key and make it store and manage, and encrypt submodule by transparent file data are encrypted the form storage of back with ciphertext key according to user's information; When the user need be decrypted file, be responsible for obtaining key from key management module according to user profile, and encrypt submodule to transparent file and send the message of deciphering and corresponding key is provided, encrypt by transparent file and again file content is presented to the user with the plaintext form after submodule is decrypted data; Transparent file encryption submodule is responsible for file content and is carried out encrypt and decrypt, makes file with the storage of ciphertext form, presents to the user with the plaintext form.
7. LAN-sharing file encryption according to claim 2 system, it is characterized in that being provided with in the structure of described encrypt file the encrypt data of data decryption territory and include file content, the symmetric key that the public key encryption of described data decryption territory stored relative users is crossed.
8. LAN-sharing file encryption according to claim 7 system, it is characterized in that described encryption and decryption module adopts SMS4 symmetric cryptographic algorithm and ECC elliptic curve cryptography to carry out the encryption and decryption operation, by SMS4 symmetric cryptographic algorithm encrypt file content, encrypt the symmetric key of corresponding document by the ECC elliptic curve cryptography during cryptographic operation; The private key of decryption oprerations by authenticated user decrypts the symmetric key of file by the ECC elliptic curve cryptography, obtains the content of file then by the SMS4 symmetric cryptographic algorithm.
9. LAN-sharing file encrypting method is characterized in that said method comprising the steps of:
(A1) the encrypted file system information that at first extracts the active user obtains the symmetric key of user encryption data;
(A2) symmetric key by the user encryption data uses symmetric key cipher algorithm for encryption file content, obtains the file content after the system of passing to carries out storage encryption;
(A3) symmetric key that the user generates is encrypted by public key algorithm according to user's PKI;
(A4) symmetric key that the user generates is stored and deleted to encrypted symmetric key in the mode of ciphertext.
10. LAN-sharing file decryption method is characterized in that said method comprising the steps of:
(B1) active user reads when sharing encrypt file, finds its private key and encryption key ciphertext according to active user's information earlier;
(B2) the cryptographic algorithm enabling decryption of encrypted key ciphertext that uses public-key of the private key by the user is obtained user's symmetric key;
(B3) symmetric key according to the user is decrypted sharing encrypt file by the symmetric key cipher algorithm;
(B4) the file data content after will deciphering is presented to the user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100403136A CN102075544A (en) | 2011-02-18 | 2011-02-18 | Encryption system, encryption method and decryption method for local area network shared file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100403136A CN102075544A (en) | 2011-02-18 | 2011-02-18 | Encryption system, encryption method and decryption method for local area network shared file |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102075544A true CN102075544A (en) | 2011-05-25 |
Family
ID=44033887
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100403136A Pending CN102075544A (en) | 2011-02-18 | 2011-02-18 | Encryption system, encryption method and decryption method for local area network shared file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102075544A (en) |
Cited By (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103246850A (en) * | 2013-05-23 | 2013-08-14 | 福建伊时代信息科技股份有限公司 | Method and device for processing file |
| CN103546474A (en) * | 2013-10-28 | 2014-01-29 | 中国软件与技术服务股份有限公司 | Method and system for data obstruction and privilege control |
| CN103795547A (en) * | 2014-02-26 | 2014-05-14 | 北京金山网络科技有限公司 | User data encryption method and device |
| CN104486083A (en) * | 2014-12-19 | 2015-04-01 | 小米科技有限责任公司 | Supervisory video processing method and device |
| CN104618355A (en) * | 2015-01-19 | 2015-05-13 | 北京海泰方圆科技有限公司 | Safe data storage and transmission method |
| CN104750372A (en) * | 2013-12-25 | 2015-07-01 | 华为技术有限公司 | File sharing method and device |
| CN105471702A (en) * | 2014-08-25 | 2016-04-06 | 腾讯科技(深圳)有限公司 | Information sharing method and information sharing device |
| CN105656866A (en) * | 2014-12-02 | 2016-06-08 | 华为技术有限公司 | Data encryption method and system |
| CN106060084A (en) * | 2016-07-18 | 2016-10-26 | 青岛大学 | Transparent file encryption technology |
| CN106254324A (en) * | 2016-07-26 | 2016-12-21 | 杭州文签网络技术有限公司 | A kind of encryption method storing file and device |
| CN106656490A (en) * | 2016-12-26 | 2017-05-10 | 浙江神州量子网络科技有限公司 | Quantum whiteboard data storage method |
| CN107172098A (en) * | 2017-07-12 | 2017-09-15 | 郑州云海信息技术有限公司 | Right management method and device shared a kind of CIFS |
| CN107330315A (en) * | 2017-07-20 | 2017-11-07 | 深圳市夏日晨光数码有限公司 | Personal data safety terminal and its sharing method |
| CN108200025A (en) * | 2017-12-26 | 2018-06-22 | 华中科技大学同济医学院附属协和医院 | A kind of shared file management system of office automatic |
| CN108259169A (en) * | 2018-01-09 | 2018-07-06 | 北京大学深圳研究生院 | A kind of file security sharing method and system based on block chain cloud storage |
| CN108809920A (en) * | 2017-05-04 | 2018-11-13 | 慧荣科技股份有限公司 | Data center adopting encryption technology and data center operation method |
| CN108880787A (en) * | 2017-05-08 | 2018-11-23 | 腾讯科技(深圳)有限公司 | A kind of processing method and relevant device of information key |
| CN109450884A (en) * | 2018-10-26 | 2019-03-08 | 天津海泰方圆科技有限公司 | A kind of data encryption, decryption method, device, system, equipment and medium |
| CN109670325A (en) * | 2018-12-21 | 2019-04-23 | 北京思源互联科技有限公司 | A kind of devices and methods therefor of configuration file encryption and decryption |
| CN110309673A (en) * | 2019-07-04 | 2019-10-08 | 华盾技术(深圳)有限责任公司 | A kind of adaptively customized encryption cloud Database Systems and encryption method |
| CN110795745A (en) * | 2019-10-14 | 2020-02-14 | 山东药品食品职业学院 | Information storage and transmission system based on server and method thereof |
| CN111083000A (en) * | 2018-10-18 | 2020-04-28 | 中国电信股份有限公司 | Quantum key distribution method and system, and computer readable storage medium |
| CN111259431A (en) * | 2020-02-18 | 2020-06-09 | 上海迅软信息科技有限公司 | Computer software data encryption system and encryption method thereof |
| CN111597521A (en) * | 2020-05-20 | 2020-08-28 | 贵州电网有限责任公司 | Transformer substation mobile terminal data security processing method and system |
| CN111600718A (en) * | 2020-05-13 | 2020-08-28 | 广东电网有限责任公司电力科学研究院 | Digital certificate offline authentication system and method |
| CN111740986A (en) * | 2020-06-19 | 2020-10-02 | 公安部第三研究所 | System and method for realizing data sharing control based on identification cipher technology |
| CN112966284A (en) * | 2021-03-26 | 2021-06-15 | 知印信息技术(天津)有限公司 | File encryption and decryption method and system and computer readable storage medium |
| CN113038463A (en) * | 2021-03-29 | 2021-06-25 | 北京正奇盾数据安全技术有限公司 | Communication encryption authentication experimental device |
| CN113037770A (en) * | 2021-03-29 | 2021-06-25 | 武汉华工安鼎信息技术有限责任公司 | Industrial control data safety system and method based on storage virtualization |
| CN113343253A (en) * | 2021-05-28 | 2021-09-03 | 赵飞 | File management system based on encryption and authentication mechanism |
| CN113722695A (en) * | 2021-11-02 | 2021-11-30 | 佳瑛科技有限公司 | Cloud server-based financial data secure sharing method, device and system |
| CN114124515A (en) * | 2021-11-19 | 2022-03-01 | 西部安全认证中心有限责任公司 | Bidding transmission method, key management method, user verification method and corresponding device |
| CN114143100A (en) * | 2021-12-06 | 2022-03-04 | 粤港澳大湾区数字经济研究院(福田) | Authorization control method, system, intelligent terminal and computer readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1472914A (en) * | 2003-06-27 | 2004-02-04 | 武汉理工大学 | High performance and quick public pin encryption |
| JP2005209181A (en) * | 2003-12-25 | 2005-08-04 | Sorun Corp | File management system and management method |
| CN101587524A (en) * | 2009-06-23 | 2009-11-25 | 上海北大方正科技电脑系统有限公司 | Method for encrypting data memory apparatus based on virtual system |
| CN101944168A (en) * | 2009-07-09 | 2011-01-12 | 精品科技股份有限公司 | Electronic file authority control and management system |
-
2011
- 2011-02-18 CN CN2011100403136A patent/CN102075544A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1472914A (en) * | 2003-06-27 | 2004-02-04 | 武汉理工大学 | High performance and quick public pin encryption |
| JP2005209181A (en) * | 2003-12-25 | 2005-08-04 | Sorun Corp | File management system and management method |
| CN101587524A (en) * | 2009-06-23 | 2009-11-25 | 上海北大方正科技电脑系统有限公司 | Method for encrypting data memory apparatus based on virtual system |
| CN101944168A (en) * | 2009-07-09 | 2011-01-12 | 精品科技股份有限公司 | Electronic file authority control and management system |
Non-Patent Citations (1)
| Title |
|---|
| 蒋敏慧,黄宁玉,祝璐: "《可信密码模块的密钥服务兼容性研究与实现》", 《计算机科学》, vol. 37, no. 6, 30 June 2010 (2010-06-30), pages 1 * |
Cited By (45)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103246850A (en) * | 2013-05-23 | 2013-08-14 | 福建伊时代信息科技股份有限公司 | Method and device for processing file |
| CN103546474A (en) * | 2013-10-28 | 2014-01-29 | 中国软件与技术服务股份有限公司 | Method and system for data obstruction and privilege control |
| CN103546474B (en) * | 2013-10-28 | 2016-05-18 | 中国软件与技术服务股份有限公司 | A kind of data intercept the method and system with privilege control |
| CN104750372A (en) * | 2013-12-25 | 2015-07-01 | 华为技术有限公司 | File sharing method and device |
| CN103795547A (en) * | 2014-02-26 | 2014-05-14 | 北京金山网络科技有限公司 | User data encryption method and device |
| CN105471702A (en) * | 2014-08-25 | 2016-04-06 | 腾讯科技(深圳)有限公司 | Information sharing method and information sharing device |
| CN105656866A (en) * | 2014-12-02 | 2016-06-08 | 华为技术有限公司 | Data encryption method and system |
| CN105656866B (en) * | 2014-12-02 | 2019-10-22 | 华为技术有限公司 | Data ciphering method and system |
| US10193875B2 (en) | 2014-12-19 | 2019-01-29 | Xiaomi Inc. | Method and apparatus for controlling access to surveillance video |
| CN104486083A (en) * | 2014-12-19 | 2015-04-01 | 小米科技有限责任公司 | Supervisory video processing method and device |
| CN104618355A (en) * | 2015-01-19 | 2015-05-13 | 北京海泰方圆科技有限公司 | Safe data storage and transmission method |
| CN106060084A (en) * | 2016-07-18 | 2016-10-26 | 青岛大学 | Transparent file encryption technology |
| CN106254324A (en) * | 2016-07-26 | 2016-12-21 | 杭州文签网络技术有限公司 | A kind of encryption method storing file and device |
| CN106254324B (en) * | 2016-07-26 | 2019-05-17 | 杭州文签网络技术有限公司 | A kind of encryption method and device of storage file |
| CN106656490A (en) * | 2016-12-26 | 2017-05-10 | 浙江神州量子网络科技有限公司 | Quantum whiteboard data storage method |
| CN106656490B (en) * | 2016-12-26 | 2019-11-29 | 浙江神州量子网络科技有限公司 | Quantum whiteboard data storage method |
| CN108809920A (en) * | 2017-05-04 | 2018-11-13 | 慧荣科技股份有限公司 | Data center adopting encryption technology and data center operation method |
| CN108880787A (en) * | 2017-05-08 | 2018-11-23 | 腾讯科技(深圳)有限公司 | A kind of processing method and relevant device of information key |
| CN107172098A (en) * | 2017-07-12 | 2017-09-15 | 郑州云海信息技术有限公司 | Right management method and device shared a kind of CIFS |
| CN107330315A (en) * | 2017-07-20 | 2017-11-07 | 深圳市夏日晨光数码有限公司 | Personal data safety terminal and its sharing method |
| CN108200025A (en) * | 2017-12-26 | 2018-06-22 | 华中科技大学同济医学院附属协和医院 | A kind of shared file management system of office automatic |
| CN108259169A (en) * | 2018-01-09 | 2018-07-06 | 北京大学深圳研究生院 | A kind of file security sharing method and system based on block chain cloud storage |
| CN111083000A (en) * | 2018-10-18 | 2020-04-28 | 中国电信股份有限公司 | Quantum key distribution method and system, and computer readable storage medium |
| CN111083000B (en) * | 2018-10-18 | 2022-02-18 | 中国电信股份有限公司 | Quantum key distribution method and system, and computer readable storage medium |
| CN109450884A (en) * | 2018-10-26 | 2019-03-08 | 天津海泰方圆科技有限公司 | A kind of data encryption, decryption method, device, system, equipment and medium |
| CN109450884B (en) * | 2018-10-26 | 2019-10-15 | 天津海泰方圆科技有限公司 | A kind of data encryption, decryption method, device, system, equipment and medium |
| CN109670325A (en) * | 2018-12-21 | 2019-04-23 | 北京思源互联科技有限公司 | A kind of devices and methods therefor of configuration file encryption and decryption |
| CN110309673A (en) * | 2019-07-04 | 2019-10-08 | 华盾技术(深圳)有限责任公司 | A kind of adaptively customized encryption cloud Database Systems and encryption method |
| CN110795745A (en) * | 2019-10-14 | 2020-02-14 | 山东药品食品职业学院 | Information storage and transmission system based on server and method thereof |
| CN111259431A (en) * | 2020-02-18 | 2020-06-09 | 上海迅软信息科技有限公司 | Computer software data encryption system and encryption method thereof |
| CN111600718A (en) * | 2020-05-13 | 2020-08-28 | 广东电网有限责任公司电力科学研究院 | Digital certificate offline authentication system and method |
| CN111597521A (en) * | 2020-05-20 | 2020-08-28 | 贵州电网有限责任公司 | Transformer substation mobile terminal data security processing method and system |
| CN111597521B (en) * | 2020-05-20 | 2023-12-01 | 贵州电网有限责任公司 | Method and system for safely processing data of mobile terminal of transformer substation |
| CN111740986A (en) * | 2020-06-19 | 2020-10-02 | 公安部第三研究所 | System and method for realizing data sharing control based on identification cipher technology |
| CN111740986B (en) * | 2020-06-19 | 2022-07-19 | 公安部第三研究所 | System and method for realizing data sharing control based on identification cipher technology |
| CN112966284A (en) * | 2021-03-26 | 2021-06-15 | 知印信息技术(天津)有限公司 | File encryption and decryption method and system and computer readable storage medium |
| CN113037770A (en) * | 2021-03-29 | 2021-06-25 | 武汉华工安鼎信息技术有限责任公司 | Industrial control data safety system and method based on storage virtualization |
| CN113038463A (en) * | 2021-03-29 | 2021-06-25 | 北京正奇盾数据安全技术有限公司 | Communication encryption authentication experimental device |
| CN113343253A (en) * | 2021-05-28 | 2021-09-03 | 赵飞 | File management system based on encryption and authentication mechanism |
| CN113343253B (en) * | 2021-05-28 | 2024-04-16 | 湖南哥禄安科技有限公司 | File management system based on encryption and authentication mechanism |
| CN113722695A (en) * | 2021-11-02 | 2021-11-30 | 佳瑛科技有限公司 | Cloud server-based financial data secure sharing method, device and system |
| US11487892B2 (en) | 2021-11-02 | 2022-11-01 | Jiaying Technology Co., Ltd. | Financial data secure sharing method, device and system based on cloud server |
| CN114124515A (en) * | 2021-11-19 | 2022-03-01 | 西部安全认证中心有限责任公司 | Bidding transmission method, key management method, user verification method and corresponding device |
| CN114124515B (en) * | 2021-11-19 | 2024-05-28 | 西部安全认证中心有限责任公司 | Bidding transmission method, key management method, user verification method and corresponding devices |
| CN114143100A (en) * | 2021-12-06 | 2022-03-04 | 粤港澳大湾区数字经济研究院(福田) | Authorization control method, system, intelligent terminal and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102075544A (en) | Encryption system, encryption method and decryption method for local area network shared file | |
| CN112019591B (en) | Cloud data sharing method based on block chain | |
| CN106254324B (en) | A kind of encryption method and device of storage file | |
| CN104901942B (en) | A kind of distributed access control method based on encryption attribute | |
| JP5562687B2 (en) | Securing communications sent by a first user to a second user | |
| CN102170357B (en) | Combined secret key dynamic security management system | |
| CN101605137B (en) | Safe distribution file system | |
| CN110149322A (en) | A kind of block chain encryption method that irreversible dynamic failure re-examination is rebuild | |
| JP2019506103A (en) | How to manage trusted identities | |
| CN111130757A (en) | Multi-cloud CP-ABE access control method based on block chain | |
| CN103780607B (en) | The method of the data de-duplication based on different rights | |
| CN101771699A (en) | Method and system for improving SaaS application security | |
| CN102624522A (en) | Key encryption method based on file attribution | |
| CN109145612A (en) | The cloud data sharing method of anti-data tampering, user's collusion is realized based on block chain | |
| CN101834853A (en) | Method and system for sharing anonymous resource | |
| Kaaniche et al. | ID based cryptography for cloud data storage | |
| KR102298266B1 (en) | Data access control method and system using attribute-based password for secure and efficient data sharing in cloud environment | |
| CN103036684A (en) | Identity-based encryption (IBE) data encryption system and method capable of lowering damages of master key crack and disclosure | |
| Jalil et al. | A secure and efficient public auditing system of cloud storage based on BLS signature and automatic blocker protocol | |
| JP2010231404A (en) | System, method, and program for managing secret information | |
| CN113204757A (en) | Information interaction method, device and system | |
| CN113014394A (en) | Electronic data evidence storing method and system based on alliance chain | |
| CN104184736B (en) | A kind of method and system realizing secure cloud and calculate | |
| CN115913677A (en) | Block chain-based collaboration edge storage data privacy protection system and method | |
| CN111541731B (en) | Electronic file access control method based on block chain and knowledge range encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110525 |