CN103391187A - Cloud storage safety control method - Google Patents

Cloud storage safety control method Download PDF

Info

Publication number
CN103391187A
CN103391187A CN2012101409647A CN201210140964A CN103391187A CN 103391187 A CN103391187 A CN 103391187A CN 2012101409647 A CN2012101409647 A CN 2012101409647A CN 201210140964 A CN201210140964 A CN 201210140964A CN 103391187 A CN103391187 A CN 103391187A
Authority
CN
China
Prior art keywords
user
key
password
user password
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012101409647A
Other languages
Chinese (zh)
Other versions
CN103391187B (en
Inventor
金友兵
王东临
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Shusheng Information Technology Co ltd
Original Assignee
TIANJIN SHUSHENG INVESTMENT CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by TIANJIN SHUSHENG INVESTMENT CO Ltd filed Critical TIANJIN SHUSHENG INVESTMENT CO Ltd
Priority to CN201210140964.7A priority Critical patent/CN103391187B/en
Priority to PCT/CN2012/075864 priority patent/WO2013166751A1/en
Publication of CN103391187A publication Critical patent/CN103391187A/en
Application granted granted Critical
Publication of CN103391187B publication Critical patent/CN103391187B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a cloud storage safety control method which is used for ensuring safety of a cloud storage secret key. The cloud storage safety control method includes the following steps that a user password and a main secret key are used for encrypting secret keys sent to all the users respectively and two secret key ciphertexts are stored. When the users lost the password, the main secret key is used for decrypting the user secret keys and a new user password is used for encrypting the user secret keys. User secret key ciphertexts encrypted by the new user password are used for updating the user secret key ciphertexts encrypted by the original user password.

Description

A kind of method that cloud storage security is controlled
Technical field
The present invention relates to the cloud field of storage, particularly a kind of method of cloud storage security control.
Background technology
Development along with science and technology; the cloud storage has more and more become a kind of trend; various cloud memory technologies emerge in an endless stream; in order to guarantee the safety of cloud storage data; usually can utilize various encryption methods to guarantee the fail safe of data, but how guarantee that the fail safe of key becomes again a new problem of cloud storage security.
Summary of the invention
The embodiment of the present invention provides a kind of cloud storage security control method, to guarantee the fail safe of cloud storage key.
The method that a kind of cloud storage security that the embodiment of the present invention provides is controlled comprises:
Utilize user password and master key respectively the key of providing to each user to be encrypted, preserve two parts of key ciphertexts;
When user password is lost, utilize master key decrypted user key, and utilize new user password encrypting user key;
Utilize the user key ciphertext that new user password is encrypted to upgrade the user key ciphertext that original user password is encrypted.
The cloud storage security system of utilizing the embodiment of the present invention to provide, can guarantee the fail safe of user key, even the plaintext that namely management staff also can't the access user key has guaranteed the fail safe of cloud storage.
Description of drawings
Fig. 1 is the flow chart of the described a kind of cloud storage security control method of the embodiment of the present invention.
Embodiment
Below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only is used for explaining the present invention, be not intended to limit the present invention.
In the cloud storage security control method that the embodiment of the present invention provides, after user's registration, a user password can be set all.What the password file of system or password field were stored is the digest value of original user password.When the user logins, the user password of user's input is converted to digest value, then the user is inputted the password file of user password digest value and system or the user password digest value of password field storage and compare.If both are identical, illustrate that user password is correct, allow user's login.
After user's login, for the needs of cloud storage security, system is bound to as user's distributed key, such as public private key pair, in order to guarantee the fail safe of user key, the method that a kind of cloud storage security that provides in one embodiment of the invention is controlled, as shown in Figure 1, the method comprises the steps:
Step 101: utilize user password and master key respectively the key of providing to each user to be encrypted, preserve two parts of key ciphertexts;
Step 102: when user password is lost, utilize master key decrypted user key ciphertext, and utilize new user password encrypting user key;
Step 103: utilize the user key ciphertext that new user password is encrypted to upgrade the user key ciphertext that original user password is encrypted.
The technical scheme of utilizing the embodiment of the present invention to provide, when the user was not online, service provider backstage personnel also can't obtain clear text key.
When the user logins, utilize user password decruption key file, the clear text key that deciphering is obtained is placed on interim buffer area, perhaps is stored in server memory.When the user logs off, perhaps session is overtime, deletes interim key file.So both made the user online, because the key of deciphering only is stored in internal memory temporarily, service provider backstage personnel also can't obtain clear text key.
In embodiments of the present invention, the fail safe of master key is a kind of key factor of whole system fail safe.In order to guarantee the fail safe of master key, master key is placed in master secret server, except guaranteeing with physical means the safety of master secret server, not authorized user must not call master secret server.In order to prevent that unauthorized user from calling master secret server, only at session in the valid period, just the user can call, perhaps the user just can access master secret server after need to again inputting its user password.
From the above description as can be known, master secret server has two functions at least: the one,, according to the user key of a plaintext, return to a key ciphertext of through master key, encrypting; The 2nd,, according to a new user password and a key ciphertext of through master key, encrypting, return to the key ciphertext of with new user password, encrypting.
If master key leaks under extreme case, the master key of resetting, and utilize new master key to carry out re-encrypted to all users' key.
The cloud storage security system of utilizing the embodiment of the present invention to provide, can guarantee the fail safe of user key, even the plaintext that the management staff also can't the access user key has guaranteed the fail safe of cloud storage.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.

Claims (7)

1. the method that the cloud storage security is controlled, is characterized in that, comprising:
Utilize user password and master key respectively the key of providing to each user to be encrypted, preserve two parts of key ciphertexts;
When user password is lost, utilize master key decrypted user key, and utilize new user password encrypting user key;
Utilize the user key ciphertext that new user password is encrypted to upgrade the user key ciphertext that original user password is encrypted.
2. the method for claim 1, is characterized in that, described master key is arranged in master secret server.
3. method as claimed in claim 2, is characterized in that, described master secret server has the user key according to a plaintext, returns to a function through the key ciphertext of master key encryption, and/or; , according to a new user password and a key ciphertext of through master key, encrypting, return to the function of the key ciphertext of with new user password, encrypting.
4. the method for claim 1, is characterized in that, when described master key leaked, described method further comprised:
The replacement master key;
Utilize new master key to carry out re-encrypted to all users' key;
Upgrade with the user key ciphertext that new master key is encrypted the user key ciphertext that original master key is encrypted.
5. the method for claim 1, is characterized in that, further comprises:
At the password file of system or the digest value of password field storage user password;
When the user logins, the user password of user's input is converted to digest value, then the user is inputted the password file of user password digest value and system or the user password digest value of password field storage and compare;
If both are identical, illustrate that user password is correct, allow user's login.
6. described method as arbitrary in claim 1 to 5, is characterized in that, further comprises: when the user logins, utilize user password decruption key file, the clear text key that deciphering is obtained is placed on interim buffer area, perhaps is stored in server memory.
7. method as claimed in claim 6, is characterized in that, further comprises: when the user logs off, perhaps session is overtime, deletes interim key file.
CN201210140964.7A 2012-05-09 2012-05-09 A kind of method of cloud storage security control Active CN103391187B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201210140964.7A CN103391187B (en) 2012-05-09 2012-05-09 A kind of method of cloud storage security control
PCT/CN2012/075864 WO2013166751A1 (en) 2012-05-09 2012-05-22 Method for security control of cloud storage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210140964.7A CN103391187B (en) 2012-05-09 2012-05-09 A kind of method of cloud storage security control

Publications (2)

Publication Number Publication Date
CN103391187A true CN103391187A (en) 2013-11-13
CN103391187B CN103391187B (en) 2016-12-14

Family

ID=49535352

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210140964.7A Active CN103391187B (en) 2012-05-09 2012-05-09 A kind of method of cloud storage security control

Country Status (2)

Country Link
CN (1) CN103391187B (en)
WO (1) WO2013166751A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014183671A1 (en) * 2013-05-17 2014-11-20 天津书生投资有限公司 Safety control method for cloud storage
CN107426223A (en) * 2017-08-01 2017-12-01 中国工商银行股份有限公司 Cloud file encryption and decryption method, encryption and decryption device and processing system
CN114697007A (en) * 2020-12-29 2022-07-01 华为技术有限公司 Method, corresponding device and system for managing secret key

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1327662A (en) * 1999-06-02 2001-12-19 皇家菲利浦电子有限公司 Method and apparatus for secure distribution of public/private key pairs
CN102422590A (en) * 2009-05-12 2012-04-18 赛贝斯股份有限公司 Protection of encryption keys in a database

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101465727B (en) * 2008-12-17 2011-02-02 成都市华为赛门铁克科技有限公司 Method for ensuring communication safety, network appliance, device and communication system
CN102270182B (en) * 2011-07-04 2014-04-23 济南伟利迅半导体有限公司 Encrypted mobile storage equipment based on synchronous user and host machine authentication

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1327662A (en) * 1999-06-02 2001-12-19 皇家菲利浦电子有限公司 Method and apparatus for secure distribution of public/private key pairs
CN102422590A (en) * 2009-05-12 2012-04-18 赛贝斯股份有限公司 Protection of encryption keys in a database

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014183671A1 (en) * 2013-05-17 2014-11-20 天津书生投资有限公司 Safety control method for cloud storage
CN107426223A (en) * 2017-08-01 2017-12-01 中国工商银行股份有限公司 Cloud file encryption and decryption method, encryption and decryption device and processing system
CN107426223B (en) * 2017-08-01 2020-06-05 中国工商银行股份有限公司 Cloud document encryption and decryption method, cloud document encryption and decryption device and cloud document processing system
CN114697007A (en) * 2020-12-29 2022-07-01 华为技术有限公司 Method, corresponding device and system for managing secret key
WO2022143358A1 (en) * 2020-12-29 2022-07-07 华为技术有限公司 Key management method, and corresponding apparatus and system
CN114697007B (en) * 2020-12-29 2024-01-16 华为技术有限公司 Key management method, corresponding device and system

Also Published As

Publication number Publication date
CN103391187B (en) 2016-12-14
WO2013166751A1 (en) 2013-11-14

Similar Documents

Publication Publication Date Title
CN102664885B (en) Identity authentication method based on biological feature encryption and homomorphic algorithm
CN105103488B (en) By the policy Enforcement of associated data
CN103327002B (en) Based on the cloud memory access control system of attribute
CN103763319B (en) Method for safely sharing mobile cloud storage light-level data
CN103179114B (en) Data fine-grained access control method during a kind of cloud stores
CN1939028B (en) Accessing protected data on network storage from multiple devices
CN111191286A (en) HyperLegger Fabric block chain private data storage and access system and method thereof
EP3585023B1 (en) Data protection method and system
CN105122265B (en) Data safety service system
CN105100083B (en) A kind of secret protection and support user's revocation based on encryption attribute method and system
CN105191207A (en) Federated key management
CN104392405A (en) Electronic medical record safety system
CN108701094A (en) The safely storage and distribution sensitive data in application based on cloud
CN101771699A (en) Method and system for improving SaaS application security
CN110061983A (en) A kind of data processing method and system
CN106788988B (en) Voidable key polymerize encryption method under cloud environment
CN103236930A (en) Data encryption method and system
WO2017061950A1 (en) Data security system and method for operation thereof
CN103686716A (en) Android access control system for enhancing confidentiality and integrality
KR101648364B1 (en) Method for improving encryption/decryption speed by complexly applying for symmetric key encryption and asymmetric key double encryption
CN105072134A (en) Cloud disk system file secure transmission method based on three-level key
CN107040520A (en) A kind of cloud computing data-sharing systems and method
KR101220166B1 (en) Data access privilege managing method
CN108882030A (en) A kind of monitor video classification encryption and decryption method and system based on time-domain information
CN103577769A (en) File content safety management method and management system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
ASS Succession or assignment of patent right

Owner name: TIANJIN SHUSHENG CLOUD TECHNOLOGY CO., LTD.

Free format text: FORMER OWNER: TIANJIN SHUSHENG INVESTMENT CO., LTD.

Effective date: 20150108

C41 Transfer of patent application or patent right or utility model
COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 300308 HEBEI, TIANJIN TO: 300300 DONGLI, TIANJIN

TA01 Transfer of patent application right

Effective date of registration: 20150108

Address after: 300300 645DD18, air support center, 1 air way, Tianjin Airport Economic Zone

Applicant after: TIANJIN SURDOC Corp.

Address before: 300308, two floor, building 9, airport business park, 80 Ring Road North, Tianjin Airport Economic Zone

Applicant before: Tianjin Shusheng Investment Co.,Ltd.

C14 Grant of patent or utility model
GR01 Patent grant
PP01 Preservation of patent right
PP01 Preservation of patent right

Effective date of registration: 20190523

Granted publication date: 20161214

PD01 Discharge of preservation of patent

Date of cancellation: 20210523

Granted publication date: 20161214

PD01 Discharge of preservation of patent
CP03 Change of name, title or address

Address after: Room 645dd18, aviation industry support center No.1, Baohang Road, Tianjin Binhai New Area Airport Economic Zone, 300308

Patentee after: Tianjin Zhongcheng Star Technology Co.,Ltd.

Address before: Room 645dd18, aviation industry support center, Baohang Route 1, 300300 Tianjin Airport Economic Zone

Patentee before: TIANJIN SURDOC Corp.

CP03 Change of name, title or address
TR01 Transfer of patent right

Effective date of registration: 20210715

Address after: 100089 No. 4060, podium, 4th floor, 69 Zizhuyuan Road, Haidian District, Beijing

Patentee after: Beijing Shusheng cloud Technology Co.,Ltd.

Address before: Room 645dd18, aviation industry support center No.1, Baohang Road, Tianjin Binhai New Area Airport Economic Zone, 300308

Patentee before: Tianjin Zhongcheng Star Technology Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230506

Address after: 1101-13, 11th floor, building 1, courtyard 1, Shangdi 10th Street, Haidian District, Beijing 100085

Patentee after: Beijing Shusheng Information Technology Co.,Ltd.

Address before: 100089 No. 4060, podium, 4th floor, 69 Zizhuyuan Road, Haidian District, Beijing

Patentee before: Beijing Shusheng cloud Technology Co.,Ltd.