CN103532958A - Method for encrypting website resources - Google Patents
Method for encrypting website resources Download PDFInfo
- Publication number
- CN103532958A CN103532958A CN201310492735.6A CN201310492735A CN103532958A CN 103532958 A CN103532958 A CN 103532958A CN 201310492735 A CN201310492735 A CN 201310492735A CN 103532958 A CN103532958 A CN 103532958A
- Authority
- CN
- China
- Prior art keywords
- resource
- algorithm
- file
- folder
- encrypting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method for encrypting website resources. The method comprises the following steps: S1, performing format conversion for two times on resource files: uniformly converting into PDF formats, and then converting into SWF files; S2, converting and encrypting the folder name of a resource folder with an encryption algorithm, saving the encrypted resource folder; S3, deleting an unencrypted resource folder, and uploading the encrypted resource folder from a current server to a resource server by calling Web service; S4, verifying the identity of a logged user; S5, providing a folder decryption key for a verified user; S6, remotely decrypting the folder by using the decryption key, resolving the real address of the resource folder; S7, downloading the resource files. According to the method, the original paths of encrypted files are hidden to prevent the website resources from being downloaded maliciously, so that the files are prevented from being accessed illegally, and the safety of website resources is ensured.
Description
Technical field
The present invention relates to network security technology field, specifically a kind of method that site resource is encrypted.
Background technology
Carry out on the internet the commercial exchanges such as file transfer and Email and have many unsafe factors, particularly for some major companies and some classified papers in transmission over networks, this insecurity is that the Internet existence foundation---ICP/IP protocol is intrinsic, comprises some services based on TCP/IP.In order to guarantee safety, must be encrypted file.
The effect being encrypted on network is exactly to prevent that useful or privatization information is blocked and steals on network.A simple example is exactly the transmission of password, and computer cryptography is very important, and many security protection systems are based on password, and the leakage of password means the total collapse of its security system in some sense.While logining by network, the password of keying in is transferred to server with form expressly, and eavesdropping on network is one and is very easy to thing, so very possible hacker can steal user's password, if user is Root user or Administrator user, that consequence will be very serious.
Summary of the invention
For above-mentioned deficiency, the invention provides a kind of method that site resource is encrypted, it transforms by the path of depositing to file, not only can prevent that file is by unauthorized access, and guarantees the fail safe of site resource.
The present invention solves the technical scheme that its technical problem takes: a kind of method that site resource is encrypted, it is characterized in that, and comprise the following steps:
S1, carries out secondary format conversion to resource file, and first according to file type, unification converts PDF to, and then converts the PDF file after conversion to SWF file;
S2, carries out Folder Name by resource file folder by cryptographic algorithm and transforms encryption, and preserves the resource file folder after encrypting;
S3, deletes the resource file folder before encrypting, and the resource file folder after encrypting is uploaded to Resource Server by called Web service from current server;
S4, carries out authentication to login user;
S5, provides file decryption key to authentication of users;
S6, utilizes decryption key to carry out Remote Folder deciphering, parses real resource files folder address;
S7, carries out resource file download.
Preferably, in said method, described resource file comprises word file, Excel file and pdf document.
Further, in said method, described cryptographic algorithm comprises symmetric encipherment algorithm or rivest, shamir, adelman.
Preferably, in said method, described symmetric encipherment algorithm comprises DES algorithm, 3DES algorithm, TDEA algorithm, Blowfish algorithm, RC5 algorithm or IDEA algorithm.
Preferably, in said method, described rivest, shamir, adelman comprises RSA Algorithm, Elgamal algorithm, knapsack algorithm, Rabin algorithm, D-H algorithm or ECC algorithm.
The invention has the beneficial effects as follows: first the present invention carries out format conversion by site resource file, the unified SWF formatted file that is converted to, then by the path of depositing of resource file folder is transformed, make the resource file folder path after encrypting become a lot of mess codes without any practical significance, and be deployed on the specific resource server in local area network (LAN), even if having decoded the storage address of file, hacker also haves no right file to conduct interviews, so not only prevented that file is by unauthorized access, and guaranteed the fail safe of site resource.
Accompanying drawing explanation
Fig. 1 is method flow diagram of the present invention.
Embodiment
As shown in Figure 1, a kind of method that site resource is encrypted of the present invention, it comprises the following steps:
S1, carries out secondary format conversion to resource files such as word file, Excel file and pdf documents, and first according to file type, unification converts PDF to, and then converts the PDF file after conversion to SWF file.
S2, carries out Folder Name by resource file folder by symmetric encipherment algorithm or rivest, shamir, adelman and transforms encryption, and preserves the resource file folder after encrypting.
S3, deletes the resource file folder before encrypting, and the resource file folder after encrypting is uploaded to Resource Server by called Web service from current server.
S4, carries out download permission authentication to login user.
S5, provides file decryption key to authentication of users.
S6, utilizes decryption key to carry out Remote Folder deciphering, parses real resource files folder address.
S7, carries out resource file download.
In said method, described symmetric encipherment algorithm comprises DES algorithm, 3DES algorithm, TDEA algorithm, Blowfish algorithm, RC5 algorithm or IDEA algorithm; Described rivest, shamir, adelman comprises RSA Algorithm, Elgamal algorithm, knapsack algorithm, Rabin algorithm, D-H algorithm or ECC algorithm.
The present invention adopts the original path of depositing the concealed encrypted file of mode that path transforms of resource file folder is prevented to site resource is by malicious downloading, compares other existing resource file encryption modes, and it has the following advantages:
1) cipher mode of the present invention is a set of cipher mode of combining closely with operating system, its some important steps run on operating system bottom, but not the network system of external disclosure, because operating system itself has a series of control of authority scheme to file access authority, thereby the file on guarantee storage medium is all the time in the encryption stage.
2), for internal network, almost without any need for processing, just can access the file after encryption.
3), for external network, file path is all the unordered mess code after encrypting, and only has authenticated user just can be decrypted operation.
4) cipher mode is flexible, only need to configure several parameters and just can upload from file, and path is encrypted to transform and waited place to rewrite encryption rule.
5) carry out remote deployment and far call, even if outer network server is not had the user name password of file download permission cannot find true download path by attack yet, because unified plan is on remote file service device, even if find true download path also without download permission.
The above is the preferred embodiment of the present invention, for those skilled in the art, under the premise without departing from the principles of the invention, can also make some improvements and modifications, and these improvements and modifications are also regarded as protection scope of the present invention.
Claims (5)
1. method site resource being encrypted, is characterized in that, comprises the following steps:
S1, carries out secondary format conversion to resource file, and first according to file type, unification converts PDF to, and then converts the PDF file after conversion to SWF file;
S2, carries out Folder Name by resource file folder by cryptographic algorithm and transforms encryption, and preserves the resource file folder after encrypting;
S3, deletes the resource file folder before encrypting, and the resource file folder after encrypting is uploaded to Resource Server by called Web service from current server;
S4, carries out authentication to login user;
S5, provides file decryption key to authentication of users;
S6, utilizes decryption key to carry out Remote Folder deciphering, parses real resource files folder address;
S7, carries out resource file download.
2. a kind of method that site resource is encrypted according to claim 1, is characterized in that, described resource file comprises word file, Excel file and pdf document.
3. a kind of method that site resource is encrypted according to claim 1, is characterized in that, described cryptographic algorithm comprises symmetric encipherment algorithm or rivest, shamir, adelman.
4. a kind of method that site resource is encrypted according to claim 3, is characterized in that, described symmetric encipherment algorithm comprises DES algorithm, 3DES algorithm, TDEA algorithm, Blowfish algorithm, RC5 algorithm or IDEA algorithm.
5. a kind of method that site resource is encrypted according to claim 3, is characterized in that, described rivest, shamir, adelman comprises RSA Algorithm, Elgamal algorithm, knapsack algorithm, Rabin algorithm, D-H algorithm or ECC algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310492735.6A CN103532958A (en) | 2013-10-21 | 2013-10-21 | Method for encrypting website resources |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310492735.6A CN103532958A (en) | 2013-10-21 | 2013-10-21 | Method for encrypting website resources |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103532958A true CN103532958A (en) | 2014-01-22 |
Family
ID=49934637
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310492735.6A Pending CN103532958A (en) | 2013-10-21 | 2013-10-21 | Method for encrypting website resources |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103532958A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107633178A (en) * | 2017-09-29 | 2018-01-26 | 厦门天锐科技股份有限公司 | A kind of file protecting system and method based on Android device |
| US10193875B2 (en) | 2014-12-19 | 2019-01-29 | Xiaomi Inc. | Method and apparatus for controlling access to surveillance video |
| CN112861177A (en) * | 2021-02-05 | 2021-05-28 | 深圳市辰星瑞腾科技有限公司 | Computer defense system based on Internet of things |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101017525A (en) * | 2007-03-05 | 2007-08-15 | 北京邮电大学 | Divulging secrets prevention system of USB storage device date based on certificate and transparent encryption technology |
| CN101127879A (en) * | 2007-10-10 | 2008-02-20 | 张福泉 | Stream media VoD system for intelligent access data |
| CN101662484A (en) * | 2008-08-28 | 2010-03-03 | 中国科学院声学研究所 | Method for uploading file of RFC1867 specification based HTTP protocol |
| CN101833625A (en) * | 2010-05-11 | 2010-09-15 | 上海众烁信息科技有限公司 | File and folder safety protection method based on dynamic password and system thereof |
| CN102215214A (en) * | 2010-07-29 | 2011-10-12 | 上海华御信息技术有限公司 | Selective-transparent-encryption/decryption-based file protection method and system |
| CN102685148A (en) * | 2012-05-31 | 2012-09-19 | 清华大学 | Method for realizing secure network backup system under cloud storage environment |
| CN102867153A (en) * | 2012-08-30 | 2013-01-09 | 腾讯科技(深圳)有限公司 | Methods and devices for encrypting and decrypting video file and mobile terminal |
| CN102932463A (en) * | 2012-11-07 | 2013-02-13 | 曙光信息产业股份有限公司 | Method and system for uploading data |
| CN103312592A (en) * | 2013-06-03 | 2013-09-18 | 济南政和科技有限公司 | Method for sending information to instant messaging client end in batches on webpage |
-
2013
- 2013-10-21 CN CN201310492735.6A patent/CN103532958A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101017525A (en) * | 2007-03-05 | 2007-08-15 | 北京邮电大学 | Divulging secrets prevention system of USB storage device date based on certificate and transparent encryption technology |
| CN101127879A (en) * | 2007-10-10 | 2008-02-20 | 张福泉 | Stream media VoD system for intelligent access data |
| CN101662484A (en) * | 2008-08-28 | 2010-03-03 | 中国科学院声学研究所 | Method for uploading file of RFC1867 specification based HTTP protocol |
| CN101833625A (en) * | 2010-05-11 | 2010-09-15 | 上海众烁信息科技有限公司 | File and folder safety protection method based on dynamic password and system thereof |
| CN102215214A (en) * | 2010-07-29 | 2011-10-12 | 上海华御信息技术有限公司 | Selective-transparent-encryption/decryption-based file protection method and system |
| CN102685148A (en) * | 2012-05-31 | 2012-09-19 | 清华大学 | Method for realizing secure network backup system under cloud storage environment |
| CN102867153A (en) * | 2012-08-30 | 2013-01-09 | 腾讯科技(深圳)有限公司 | Methods and devices for encrypting and decrypting video file and mobile terminal |
| CN102932463A (en) * | 2012-11-07 | 2013-02-13 | 曙光信息产业股份有限公司 | Method and system for uploading data |
| CN103312592A (en) * | 2013-06-03 | 2013-09-18 | 济南政和科技有限公司 | Method for sending information to instant messaging client end in batches on webpage |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10193875B2 (en) | 2014-12-19 | 2019-01-29 | Xiaomi Inc. | Method and apparatus for controlling access to surveillance video |
| CN107633178A (en) * | 2017-09-29 | 2018-01-26 | 厦门天锐科技股份有限公司 | A kind of file protecting system and method based on Android device |
| CN107633178B (en) * | 2017-09-29 | 2020-12-04 | 厦门天锐科技股份有限公司 | File protection system and method based on Android device |
| CN112861177A (en) * | 2021-02-05 | 2021-05-28 | 深圳市辰星瑞腾科技有限公司 | Computer defense system based on Internet of things |
| CN112861177B (en) * | 2021-02-05 | 2021-11-19 | 深圳市辰星瑞腾科技有限公司 | Computer defense system based on Internet of things |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3090520B1 (en) | System and method for securing machine-to-machine communications | |
| US10341094B2 (en) | Multiple encrypting method and system for encrypting a file and/or a protocol | |
| EP2830282B1 (en) | Storage method, system and apparatus | |
| Pradeep et al. | An efficient framework for sharing a file in a secure manner using asymmetric key distribution management in cloud environment | |
| EP3035641A1 (en) | Method for file upload to cloud storage system, download method and device | |
| CN103248479A (en) | Cloud storage safety system, data protection method and data sharing method | |
| JP2016508643A (en) | Data security service | |
| CN101605137A (en) | Safe distribution file system | |
| Zhang et al. | Towards secure data distribution systems in mobile cloud computing | |
| Obert et al. | Recommendations for trust and encryption in DER interoperability standards | |
| CN105072107A (en) | System and method for enhancing data transmission and storage security | |
| JP2016508699A (en) | Data security service | |
| CN103929434A (en) | File sharing method based on encryption and permission system | |
| SE539602C2 (en) | Generating a symmetric encryption key | |
| CN104065485A (en) | Power grid dispatching mobile platform safety guaranteeing and controlling method | |
| Henze et al. | A trust point-based security architecture for sensor data in the cloud | |
| CN103731423A (en) | Safe method for repeated data deleting | |
| Bapat et al. | Smart-lock security re-engineered using cryptography and steganography | |
| Mirtalebi et al. | Enhancing security of Web service against WSDL threats | |
| CN103532958A (en) | Method for encrypting website resources | |
| CN106230840A (en) | A kind of command identifying method of high security | |
| Hussien et al. | Scheme for ensuring data security on cloud data storage in a semi-trusted third party auditor | |
| Patil et al. | A Secure and Efficient Identity based Proxy Signcryption Scheme for Smart Grid Network. | |
| Itani et al. | Energy-efficient platform-as-a-service security provisioning in the cloud | |
| Al-Attab et al. | Hybrid data encryption technique for data security in cloud computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140122 |