CN103701611A - Method for accessing and uploading data in data storage system - Google Patents

Method for accessing and uploading data in data storage system Download PDF

Info

Publication number
CN103701611A
CN103701611A CN201310743709.6A CN201310743709A CN103701611A CN 103701611 A CN103701611 A CN 103701611A CN 201310743709 A CN201310743709 A CN 201310743709A CN 103701611 A CN103701611 A CN 103701611A
Authority
CN
China
Prior art keywords
file
key equipment
cipher key
intelligent cipher
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201310743709.6A
Other languages
Chinese (zh)
Other versions
CN103701611B (en
Inventor
李东声
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tendyron Technology Co Ltd
Original Assignee
Tendyron Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tendyron Technology Co Ltd filed Critical Tendyron Technology Co Ltd
Priority to CN201310743709.6A priority Critical patent/CN103701611B/en
Publication of CN103701611A publication Critical patent/CN103701611A/en
Application granted granted Critical
Publication of CN103701611B publication Critical patent/CN103701611B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides a method for accessing and uploading data in a data storage system. The method of accessing data comprises the following steps: a client side initiates an access request message for access to a file; an authentication server determines the security level of the file according to feature information of the file in the access request message after receiving the access request message; if the security level of the file requires to carry out a smart key equipment certification process, the authentication server informs the client side of utilizing smart key equipment to carry out the smart key equipment certification process; after receiving information for the smart key equipment authentication, the client side carries out the smart key equipment authentication process; if the authentication server approves the smart key equipment authentication, the authentication server sends a notification message to a storage server; the storage server allows the client side to access to the file; the client side acquires the file, and decrypts the data of the file by utilizing a decryption key in the smart key equipment, so as to obtain the decrypted data.

Description

The method of access, uploading data in data-storage system
Technical field
The present invention relates to field of information processing, relate in particular to a kind of method of access, uploading data in data-storage system.
Background technology
Cloud storage is in cloud computing (cloud computing) conceptive extension and derivative development new ideas out, is for realizing the technology of strange land file access and sharing files.Cloud storage is normally put into data in exterior storage pond, rather than is put into local data center or special-purpose remote site.Use cloud stores service that data are placed in cloud, the expense of reducing investment outlay, simplifies complicated setting and management role, is also convenient to from more local visit data.
Cloud storage has become a kind of trend of following storage development.There is every day hundreds of millions of users in own cloud memory space, to upload or access various files, but the development along with cloud memory technology, all kinds of search, the application that application technology and cloud storage combine, increasing user is at any time by the own photo with mobile phone or dull and stereotyped shooting, video or individual daily record are stored and are uploaded to fast in net dish by cloud, thereby can be quickly by WEB or the pc client data that access is uploaded even immediately in strange land in the future, but the data that user uploads are expressly preserved in the service end of cloud storage, the classified papers or the user's privacy that in these files, are no lack of user, once individual cloud memory space is cracked, can cause the leakage of sensitive information, in addition, from O&M cost, on server, All Files is all realized to the management difficulty of encrypted private key too high.Therefore, how the data in safety management data-storage system are technical problems urgently to be resolved hurrily.
Summary of the invention
A kind of method that the invention provides access, uploading data in data-storage system, main purpose is data in safety management data-storage system.
A method for access file in data-storage system, comprising: client is initiated the access request message of access file, and wherein said access request message comprises the characteristic information of accessed file; Certificate server, after receiving described access request message, according to the characteristic information of the file in described access request message, is determined the level of security of described file; If the level of security of described file need to be carried out intelligent cipher key equipment identifying procedure, described certificate server notifies described client to utilize intelligent cipher key equipment to carry out intelligent cipher key equipment authentication; Described client, after receiving the information of carrying out intelligent cipher key equipment authentication, utilizes intelligent cipher key equipment and described certificate server to carry out alternately, carries out intelligent cipher key equipment identifying procedure; If the authentication of described certificate server checking intelligent cipher key equipment is passed through, described certificate server sends a notification message to described storage server, and described notification message is for notifying described storage server to allow the access of described user to described file; Described storage server receives described notification message, and described storage server allows file described in described client-access, and the data of wherein said file are the data after the encryption keys of utilizing in described intelligent cipher key equipment; Described client is obtained described file, and utilizes the decruption key in described intelligent cipher key equipment to be decrypted the data of described file, obtains data decryption; If the level of security of described file does not need to carry out intelligent cipher key equipment identifying procedure, described certificate server sends the request of obtaining of access code to described client; Described in described client, obtain request, and to described certificate server, send access code according to the described request of obtaining; Described certificate server receives described access code, and described access code is verified, if verifying described access code passes through, described certificate server sends a notification message to described storage server, and described notification message is for notifying described storage server to allow the access of described client to described file; Described storage server receives described notification message, and it is read-only or the described file that can revise that described storage server allows client access authority information; From described storage server, to read described access authority information be read-only to described client or the described file that can revise.
In addition, described client utilizes described intelligent cipher key equipment and described certificate server to carry out alternately, carry out intelligent cipher key equipment identifying procedure, comprise: described certificate server is that described access request message generates corresponding authorization information, and utilize PKI corresponding to the private key for identification verification function in described intelligent cipher key equipment to be encrypted described authorization information, obtain the first encrypted result, and send described the first encrypted result to described client; The first encrypted result described in described client, and described the first encrypted result is sent to described intelligent cipher key equipment; Described intelligent cipher key equipment, after receiving described the first encrypted result, utilizes the private key for identification verification function in described intelligent cipher key equipment to be decrypted described the first encrypted result, obtains the first decryption information; After obtaining the first decryption information, described intelligent cipher key equipment utilizes the PKI of described server to be encrypted described the first decryption information, obtains the second encrypted result, and sends described the second encrypted result to described client; The second encrypted result described in described client, and send described the second encrypted result to described certificate server; Described certificate server receives described the second encrypted result, and utilizes the private key of described certificate server to be decrypted described the second encrypted result, obtains the second decryption information; Described certificate server compares described the second decryption information and described authorization information, if described the second decryption information is identical with described authorization information, the authentication of described certificate server checking intelligent cipher key equipment is passed through.
In addition, described authorization information is the sequence being comprised of character and/or numeral.
In addition, describedly in client, after to read described authority information be read-only described file, comprising: described client is to certificate server sending permission information modify request messages; Described certificate server, after receiving described authority information modify request messages, notifies described client to utilize intelligent cipher key equipment to carry out intelligent cipher key equipment authentication; Described client, after receiving the information of carrying out intelligent cipher key equipment authentication, utilizes described intelligent cipher key equipment and described certificate server to carry out alternately, carries out intelligent cipher key equipment identifying procedure; If the authentication of described certificate server checking intelligent cipher key equipment is passed through, described certificate server is according to described authority information modify request messages, and the authority information that notice storage server is revised described file is for revising; Described storage server, after the authority information that receives the described file of modification is the information that can revise, is revised the authority information of described file for revising.
In addition, described client is after receiving the information of carrying out intelligent cipher key equipment authentication, utilize described intelligent cipher key equipment and described certificate server to carry out alternately, before carrying out intelligent cipher key equipment identifying procedure, also comprise: described client sends access code to described certificate server; Described authentication service net receives described access code, and described access code is verified; Wherein, described certificate server the authentication of described access code and intelligent cipher key equipment all by time, to described storage server, send a notification message.
A method for uploading data in data-storage system, comprising: client sends upload request message; Certificate server receives described upload request information, and sends inquiry request message to client, and described inquiry request message is in order to inquire about the level of security of described file; Described client is also exported described inquiry request message, receives the query response message of the level of security information that comprises described file; If described query response message indicates the level of security of described file for carrying out intelligent cipher key equipment authentication, described client utilizes the encryption key for file encryption in described intelligent cipher key equipment to be encrypted described file, then the file after encrypting and the level of security information of described file are sent to described certificate server; File after described certificate server reception is encrypted and the level of security information of described file, according to described level of security information set up described file with for carrying out the corresponding relation of the information of intelligent cipher key equipment authentication, and, the file after encrypting is sent to described storage server; Described storage server receives the file after described encryption and preserves; If described query response message indicates the level of security of described file not need to carry out intelligent cipher key equipment authentication, described client is exported the authority Query Information of described file, receive the authority response message of described file, and the authority response message of the level of security information of described file, described file and described file is sent to described certificate server; Described certificate server receives the level of security information of described file, described file and the authority response message of described file, preserve the level of security information of described file, and, the authority response message of described file and described file is sent to described storage server; Described storage server receives described file and described authority response message, if described authority response message is for revising, directly preserve described file, if described authority response message is read-only, described file is set is read-only at the authority information of described storage server to described storage server, and after setting completes, preserves described file.
Embodiment of the method provided by the invention, realizes the client of access is authenticated by increase the mode of certificate server in service end, makes not have no right file reading through the client of authentication, has guaranteed the fail safe of data; In addition, in order to reduce O&M cost, by data be divided into by access code, realize readablely revise, by access code realize read-only, by intelligent cipher key equipment, realize readable revisable three kinds of operational access modes, make file management more flexible, for level of security demand is low better simply safety management mode is set, balanced safety management pressure, reaches the object of rationally utilizing safety management cost.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain other accompanying drawings according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of the embodiment of the method for access file in data-storage system provided by the invention;
Fig. 2 is the schematic flow sheet of the embodiment of the method for upload file in data-storage system provided by the invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on embodiments of the invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to protection scope of the present invention.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
Fig. 1 is the schematic flow sheet of the embodiment of the method for access file in data-storage system provided by the invention.Embodiment of the method shown in Fig. 1, comprising:
Step 101, client are initiated the access request message of access file, and wherein said access request message comprises the characteristic information of accessed file;
Wherein, client can be PC, panel computer or mobile terminal, the characteristic information of the file wherein accessed is in order to unique identification this document in data-storage system, and this characteristic information can be the title, path of this document or the data of this document be carried out to numerical value that digest calculations or verification calculate etc.;
Step 102, certificate server, after receiving described access request message, according to the characteristic information of the file in described access request message, are determined the level of security of described file;
Wherein, in the service end of data-storage system, a certificate server is set, is specifically designed to the authentication to visitor.When server detects user and needs the file in visit data storage system, certificate server will send authentication request to client.Wherein authentication can realize by access code or intelligent cipher key equipment, and visitor relies on the grasp situation of access code and intelligent cipher key equipment is obtained to corresponding access rights in client, thereby the file in corresponding level of security is read to processing;
Wherein, certificate server is according to the characteristic information of file, can unique definite this document, and inquire about the level of security of this document, the level of security of wherein said file can comprise common, important and secret; Wherein:
Common grade: expressly show, without secret file that can be shared
Severity level: expressly show, can read for other people, but the file that can not be modified;
Secret rank: need ciphertext to show, as sensitive informations such as password accounts;
Wherein, file processing mode in uploading to data-storage system corresponding to above-mentioned three kinds of ranks is as follows:
Common grade: directly expressly upload;
Severity level: expressly uploading, is read-only but requirement arranges the operational attribute of this document;
Secret rank: after utilizing PKI built-in in intelligent cipher key equipment to be encrypted file, the ciphertext after encrypting is uploaded;
Wherein, when confidential other file of client-access, client need to be carried out intelligent cipher key equipment identifying procedure, specifically referring to step 103 to step 107; During the file of and severity level common at client-access, client does not need to carry out intelligent cipher key equipment identifying procedure, specifically referring to step 108 to step 113;
Wherein, client executing intelligent cipher key equipment identifying procedure is as follows to obtain the flow process of file:
If the level of security of the described file of step 103 need to be carried out intelligent cipher key equipment identifying procedure, described certificate server notifies described client to utilize intelligent cipher key equipment to carry out intelligent cipher key equipment authentication;
Wherein, such as certificate server notice client, connect intelligent cipher key equipment etc.
Step 104, described client, after receiving the information of carrying out intelligent cipher key equipment authentication, utilize intelligent cipher key equipment and described certificate server to carry out alternately, carry out intelligent cipher key equipment identifying procedure;
If the authentication of the described certificate server checking of step 105 intelligent cipher key equipment is passed through, described certificate server sends a notification message to described storage server, and described notification message is for notifying described storage server to allow the access of described user to described file;
Wherein, intelligent cipher key equipment authentication by time, realized the authentication to visitor, described file is uploaded to whether the intelligent cipher key equipment that used intelligent cipher key equipment and client used is same intelligent cipher key equipment;
Step 106, described storage server receive described notification message, and described storage server allows file described in described client-access, and the data of wherein said file are the data after the encryption keys of utilizing in described intelligent cipher key equipment;
Wherein, described storage server, after receiving this notification message, determines that described client can read this document, allows this client downloads this document;
Step 107, described client are obtained described file, and utilize the decruption key in described intelligent cipher key equipment to be decrypted the data of described file, obtain data decryption;
Because the data of this document are utilized the PKI of this intelligent cipher key equipment and are encrypted, therefore, client can utilize described intelligent cipher key equipment to be decrypted the data after encrypting, and obtains the plaintext of file.
It should be noted that, in the embodiment of the present invention, client utilizes intelligent cipher key equipment to complete authentication, wherein this intelligent cipher key equipment is outside autonomous device, what therefore in this intelligent cipher key equipment, the public and private key of storage was cracked or was modified may reduce, and has improved the mutual fail safe of equipment room; In addition, adopt intelligent cipher key equipment to realize the authentication of data, make other people except donor cannot obtain the sensitive information utilizing after intelligent cipher key equipment encryption, avoid information leakage, guaranteed the fail safe that data are stored.
Wherein, by carrying out access code identifying procedure, to obtain the flow process of file as follows:
If the level of security of the described file of step 108 does not need to carry out intelligent cipher key equipment identifying procedure, described certificate server sends the request of obtaining of access code to described client;
Wherein, certificate server determines that the rank of this document is common or severity level, and certificate server obtains access code from client;
Described in step 109, described client, obtain request, and to described certificate server, send access code according to the described request of obtaining;
For example, access code can be exported information by client, requires user to input to obtain; Certainly be also not limited to this;
Step 110, described certificate server receive described access code, and described access code is verified;
Wherein, certificate server compares the benchmark password of the access code receiving and local record, if access code is identical with benchmark password, determines that access code is verified; If access code is different from benchmark password, determine access code authentication failed, flow process finishes;
If step 111 is verified described access code, pass through, described certificate server sends a notification message to described storage server, and described notification message is for notifying described storage server to allow the access of described client to described file;
Step 112, described storage server receive described notification message, and it is read-only or the described file that can revise that described storage server allows described client access authority information;
Wherein, because the data of the file of common or severity level are expressly to upload, therefore, at storage server, allow described in described client-access after file, described client can directly be carried out read operation, without decryption oprerations; Just, after reading, for the file of common grade and severity level, the former can modify, and the latter can not modify;
To read described access authority information be read-only or the described file that can revise from described storage server for step 113, described client.
It should be noted that, in step 103 when obtaining data by intelligent cipher key equipment authentication mode in step 107, client can be from storage server download file, and in client, utilize the content of intelligent cipher key equipment accessed document, and step 108 is to obtain data by access code authentication mode to step 113, client does not download file, but consults online on storage server.
Embodiment of the method provided by the invention, realizes the client of access is authenticated by increase the mode of certificate server in service end, makes not have no right file reading through the client of authentication, has guaranteed the fail safe of data; In addition, in order to reduce O&M cost, by data be divided into by access code, realize readablely revise, by access code realize read-only, by intelligent cipher key equipment, realize readable revisable three kinds of operational access modes, make file management more flexible, for level of security demand is low better simply safety management mode is set, balanced safety management pressure, reaches the reasonable object of utilizing safety management cost.
Below embodiment of the method provided by the invention is described further:
It should be noted that, in intelligent cipher key equipment, the key of encryption key and decruption key pair can be identical with the public private key pair for authentication, also can be two groups of different keys pair, wherein for the key of encryption and decryption functions to generating according to a certain random algorithm, to reduce cryptographic algorithm complexity, reduce the intractability of encryption and decryption; In addition, by random generation encryption and decryption key pair, the fail safe that improves cryptographic algorithm by randomness, realizes under the premise that security is guaranteed, reduces encryption and decryption intractability.
Wherein, described client utilizes described intelligent cipher key equipment and described certificate server to carry out alternately, carries out intelligent cipher key equipment identifying procedure, comprising:
Described certificate server is that described access request message generates corresponding authorization information, and utilize PKI corresponding to the private key for identification verification function in described intelligent cipher key equipment to be encrypted described authorization information, obtain the first encrypted result, and send described the first encrypted result to described client;
The first encrypted result described in described client, and described the first encrypted result is sent to described intelligent cipher key equipment;
Described intelligent cipher key equipment, after receiving described the first encrypted result, utilizes the private key for identification verification function in described intelligent cipher key equipment to be decrypted described the first encrypted result, obtains the first decryption information; After obtaining the first decryption information, described intelligent cipher key equipment utilizes the PKI of described server to be encrypted described the first decryption information, obtains the second encrypted result, and sends described the second encrypted result to described client;
The second encrypted result described in described client, and send described the second encrypted result to described certificate server;
Described certificate server receives described the second encrypted result, and utilizes the private key of described certificate server to be decrypted described the second encrypted result, obtains the second decryption information;
Described certificate server compares described the second decryption information and described authorization information, if described the second decryption information is identical with described authorization information, the authentication of described certificate server checking intelligent cipher key equipment is passed through.
In above-mentioned intelligent cipher key equipment verification process, certificate server and intelligent cipher key equipment are all protected the data that send by key, have reduced the possibility of data modification, have guaranteed the fail safe of transfer of data.
Wherein, described authorization information is the sequence being comprised of character and/or numeral, and wherein this sequence can be that randomness produces, and the data that produce due to randomness have randomness, can reduce the possibility cracking; Certainly, this sequence can also be to generate according to certain sequence generation strategy, if assailant is difficult to crack this sequence when not knowing this sequence generation strategy, therefore also can reduce the possibility cracking.
Wherein, describedly in client, after to read described authority information be read-only described file, comprising:
Described client is to certificate server sending permission information modify request messages;
Described certificate server, after receiving described authority information modify request messages, notifies described client to utilize intelligent cipher key equipment to carry out intelligent cipher key equipment authentication;
Described client, after receiving the information of carrying out intelligent cipher key equipment authentication, utilizes described intelligent cipher key equipment and described certificate server to carry out alternately, carries out intelligent cipher key equipment identifying procedure;
If the authentication of described certificate server checking intelligent cipher key equipment is passed through, described certificate server is according to described authority information modify request messages, and the authority information that notice storage server is revised described file is for revising;
Described storage server, after the authority information that receives the described file of modification is the information that can revise, is revised the authority information of described file for revising.
The intelligent cipher key equipment identifying procedure using when wherein the flow process of intelligent cipher key equipment authentication can adopt client to obtain secret rank data is identical, repeats no more herein.
In above-mentioned flow process, the authority that client can be read-only file to authority information by intelligent cipher key equipment is modified, by intelligent cipher key equipment, carry out authentication, if authentication success, determine the authority information that client can revised file, thereby realize the safety management to authority information, and facilitate client to modify to the authority information of the file of having uploaded, meet the regulatory requirement of client to the file of having uploaded.
Wherein, when client access authority information is read-only file, certificate server is controlled described storage server and is made read-only the adopted implementation of this document, specific as follows:
Before storage server sends described file to described client, described certificate server carries out digest calculations to the data of described file, and wherein digest calculations result is the first numerical value;
After described client finishes described visit data, the data of the described file after described certificate server adopts identical digest algorithm to described client-access are carried out digest calculations, and wherein digest calculations result is second value;
Described certificate server compares described second value and described the first numerical value, obtains comparative result;
If it is different from described the first numerical value that described comparative result is second value, to notify described storage server be the data that data that the first numerical value is corresponding save as described file by digest calculations result to described certificate server.
The digest algorithm corresponding to data of the file after the present invention accesses by computing client end judges whether the data of file change has occurred, and then determine whether to preserve the data before this client-access, the operational attribute of realizing file of take is read-only object, realize simple and convenient, without the data of file itself are made to any change, with in prior art, for file is provided for restriction, revises the key of authority and compare, without for read-only file is set, corresponding key being all set, conveniently the heap file of storing in data-storage system is managed, save management cost.
Wherein, described client, after receiving the information of carrying out intelligent cipher key equipment authentication, utilizes described intelligent cipher key equipment and described certificate server to carry out alternately, before carrying out intelligent cipher key equipment identifying procedure, also comprises:
Described client sends access code to described certificate server;
Described authentication service net receives described access code, and described access code is verified;
Wherein, described certificate server the authentication of described access code and intelligent cipher key equipment all by time, to described storage server, send a notification message.
When conducting interviews for confidential other file, before carrying out intelligent cipher key equipment authentication, first access code is authenticated, if access code authentification failure, without carrying out intelligent cipher key equipment identifying procedure, only after access code authentication success, then carry out intelligent cipher key equipment identifying procedure; During for other file of addressing machine level of confidentiality, there are two security authentication mechanisms, the authentication mechanism that certification level is low is access code authentication, the authentication mechanism that certification level is high is intelligent cipher key equipment authentication, under the prerequisite of only passing through at lower security authentication mechanism, carry out again high authentication mechanism, thereby control the execution number of times that certificate server is carried out high authentication mechanism effective and reasonablely.
Fig. 2 is the schematic flow sheet of the embodiment of the method for uploading data in data-storage system provided by the invention.Embodiment of the method shown in Fig. 2, comprising:
Step 201, client send upload request message;
Step 202, certificate server receive described upload request information, and send inquiry request message to client, and described inquiry request message is in order to inquire about the level of security of described file;
Step 203, described client are also exported described inquiry request message, and receive the query response message of the level of security information that comprises described file;
Wherein, if the level of security of file need to be carried out intelligent cipher key equipment authentication, uploading data can perform step 204~step 206, if the level of security of file does not need to carry out intelligent cipher key equipment authentication, uploading data can perform step 207~step 209; Wherein:
Uploading level of security, be to need the file of intelligent cipher key equipment authentication to adopt following flow process, comprise:
If the described query response message of step 204 indicates the level of security of described file for carrying out intelligent cipher key equipment authentication, described client utilizes the encryption key in described intelligent cipher key equipment to be encrypted described file, then the file after encrypting and the level of security information of described file are sent to described certificate server;
File after step 205, the reception of described certificate server are encrypted and the level of security information of described file, according to described level of security information set up described file with for carrying out the corresponding relation of the information of intelligent cipher key equipment authentication, and, the file after encrypting is sent to described storage server;
Wherein, described set up described file with for carrying out the corresponding relation of the information of intelligent cipher key equipment authentication, comprising:
Obtain the PKI for authentication that described file is encrypted to used intelligent cipher key equipment, set up the corresponding relation of described file and the described PKI for authentication.
Step 206, described storage server receive the file after described encryption and preserve;
Uploading level of security for not needing the file of intelligent cipher key equipment authentication to adopt following flow process, comprising:
If the described query response message of step 207 indicates the level of security of described file not need to carry out intelligent cipher key equipment authentication, described client is exported the authority Query Information of described file, receive the authority response message of described file, and the authority response message of the level of security information of described file, described file and described file is sent to described certificate server;
Wherein, whether authority response message can have corresponding summary operation result to represent by file, specifically, if client to the request message of computing that file is made a summary, represents that authority response message is read-only; If client does not receive the make a summary request message of computing of file, represent that authority response message is for revising;
Certainly, it is a certain sign that authority response message can also be set, and distinguishes the rank of the content of expressly uploading with two different identifications;
Step 208, described certificate server receive the level of security information of described file, described file and the authority response message of described file, preserve the level of security information of described file, and, the authority response message of described file and described file is sent to described storage server;
Step 209, described storage server receive described file and described authority response message, if described authority response message is for revising, directly preserve described file, if described authority response message is read-only, described file is set is read-only at the authority information of described storage server to described storage server, and after setting completes, preserves described file.
As seen from the above, according to the significance level of data, carry out classification, and graded encryption uploads, the file that only part is related to important sensitive information is encrypted, and protected data targetedly guarantees the safety of data, avoids privacy to reveal.
Wherein, data-storage system can be cloud storage system, and certificate server and storage server can be integrated on an equipment, also can be used as specific installation and exists.
In flow chart or any process of otherwise describing at this or method describe and can be understood to, represent to comprise that one or more is for realizing module, fragment or the part of code of executable instruction of the step of specific logical function or process, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by contrary order, carry out function, this should be understood by embodiments of the invention person of ordinary skill in the field.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, a plurality of steps or method can realize with being stored in memory and by software or the firmware of suitable instruction execution system execution.For example, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: have for data-signal being realized to the discrete logic of the logic gates of logic function, the application-specific integrated circuit (ASIC) with suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is to come the hardware that instruction is relevant to complete by program, described program can be stored in a kind of computer-readable recording medium, this program, when carrying out, comprises step of embodiment of the method one or a combination set of.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, can be also that the independent physics of unit exists, and also can be integrated in a module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.If described integrated module usings that the form of software function module realizes and during as production marketing independently or use, also can be stored in a computer read/write memory medium.
The above-mentioned storage medium of mentioning can be read-only memory, disk or CD etc.
In the description of this specification, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or example in conjunction with specific features, structure, material or the feature of this embodiment or example description.In this manual, the schematic statement of above-mentioned term is not necessarily referred to identical embodiment or example.And the specific features of description, structure, material or feature can be with suitable mode combinations in any one or more embodiment or example.
Although illustrated and described embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change above-described embodiment within the scope of the invention in the situation that not departing from principle of the present invention and aim, modification, replacement and modification.Scope of the present invention is by claims and be equal to and limit.

Claims (6)

1. a method for access file in data-storage system, is characterized in that, comprising:
Client is initiated the access request message of access file, and wherein said access request message comprises the characteristic information of accessed file;
Certificate server, after receiving described access request message, according to the characteristic information of the file in described access request message, is determined the level of security of described file;
If the level of security of described file need to be carried out intelligent cipher key equipment identifying procedure, described certificate server notifies described client to utilize intelligent cipher key equipment to carry out intelligent cipher key equipment authentication; Described client, after receiving the information of carrying out intelligent cipher key equipment authentication, utilizes intelligent cipher key equipment and described certificate server to carry out alternately, carries out intelligent cipher key equipment identifying procedure; If the authentication of described certificate server checking intelligent cipher key equipment is passed through, described certificate server sends a notification message to described storage server, and described notification message is for notifying described storage server to allow the access of described user to described file; Described storage server receives described notification message, and described storage server allows file described in described client-access, and the data of wherein said file are the data after the encryption keys of utilizing in described intelligent cipher key equipment; Described client is obtained described file, and utilizes the decruption key in described intelligent cipher key equipment to be decrypted the data of described file, obtains data decryption;
If the level of security of described file does not need to carry out intelligent cipher key equipment identifying procedure, described certificate server sends the request of obtaining of access code to described client; Described in described client, obtain request, and to described certificate server, send access code according to the described request of obtaining; Described certificate server receives described access code, and described access code is verified, if verifying described access code passes through, described certificate server sends a notification message to described storage server, and described notification message is for notifying described storage server to allow the access of described client to described file; Described storage server receives described notification message, and it is read-only or the described file that can revise that described storage server allows client access authority information; From described storage server, to read described access authority information be read-only to described client or the described file that can revise.
2. method according to claim 1, is characterized in that, described client utilizes described intelligent cipher key equipment and described certificate server to carry out alternately, carries out intelligent cipher key equipment identifying procedure, comprising:
Described certificate server is that described access request message generates corresponding authorization information, and utilize PKI corresponding to the private key for identification verification function in described intelligent cipher key equipment to be encrypted described authorization information, obtain the first encrypted result, and send described the first encrypted result to described client;
The first encrypted result described in described client, and described the first encrypted result is sent to described intelligent cipher key equipment;
Described intelligent cipher key equipment, after receiving described the first encrypted result, utilizes the private key for identification verification function in described intelligent cipher key equipment to be decrypted described the first encrypted result, obtains the first decryption information; After obtaining the first decryption information, described intelligent cipher key equipment utilizes the PKI of described server to be encrypted described the first decryption information, obtains the second encrypted result, and sends described the second encrypted result to described client;
The second encrypted result described in described client, and send described the second encrypted result to described certificate server;
Described certificate server receives described the second encrypted result, and utilizes the private key of described certificate server to be decrypted described the second encrypted result, obtains the second decryption information;
Described certificate server compares described the second decryption information and described authorization information, if described the second decryption information is identical with described authorization information, the authentication of described certificate server checking intelligent cipher key equipment is passed through.
3. method according to claim 2, is characterized in that, described authorization information is the sequence being comprised of character and/or numeral.
4. method according to claim 1, is characterized in that, describedly in client, after to read described authority information be read-only described file, comprising:
Described client is to certificate server sending permission information modify request messages;
Described certificate server, after receiving described authority information modify request messages, notifies described client to utilize intelligent cipher key equipment to carry out intelligent cipher key equipment authentication;
Described client, after receiving the information of carrying out intelligent cipher key equipment authentication, utilizes described intelligent cipher key equipment and described certificate server to carry out alternately, carries out intelligent cipher key equipment identifying procedure;
If the authentication of described certificate server checking intelligent cipher key equipment is passed through, described certificate server is according to described authority information modify request messages, and the authority information that notice storage server is revised described file is for revising;
Described storage server, after the authority information that receives the described file of modification is the information that can revise, is revised the authority information of described file for revising.
5. method according to claim 1, it is characterized in that, described client, after receiving the information of carrying out intelligent cipher key equipment authentication, utilizes described intelligent cipher key equipment and described certificate server to carry out alternately, before carrying out intelligent cipher key equipment identifying procedure, also comprise:
Described client sends access code to described certificate server;
Described authentication service net receives described access code, and described access code is verified;
Wherein, described certificate server the authentication of described access code and intelligent cipher key equipment all by time, to described storage server, send a notification message.
6. a method for uploading data in data-storage system, is characterized in that, comprising:
Client sends upload request message;
Certificate server receives described upload request information, and sends inquiry request message to client, and described inquiry request message is in order to inquire about the level of security of described file;
Described client is also exported described inquiry request message, receives the query response message of the level of security information that comprises described file;
If described query response message indicates the level of security of described file for carrying out intelligent cipher key equipment authentication, described client utilizes the encryption key for file encryption in described intelligent cipher key equipment to be encrypted described file, then the file after encrypting and the level of security information of described file are sent to described certificate server; File after described certificate server reception is encrypted and the level of security information of described file, according to described level of security information set up described file with for carrying out the corresponding relation of the information of intelligent cipher key equipment authentication, and, the file after encrypting is sent to described storage server; Described storage server receives the file after described encryption and preserves;
If described query response message indicates the level of security of described file not need to carry out intelligent cipher key equipment authentication, described client is exported the authority Query Information of described file, receive the authority response message of described file, and the authority response message of the level of security information of described file, described file and described file is sent to described certificate server; Described certificate server receives the level of security information of described file, described file and the authority response message of described file, preserve the level of security information of described file, and, the authority response message of described file and described file is sent to described storage server; Described storage server receives described file and described authority response message, if described authority response message is for revising, directly preserve described file, if described authority response message is read-only, described file is set is read-only at the authority information of described storage server to described storage server, and after setting completes, preserves described file.
CN201310743709.6A 2013-12-30 2013-12-30 Method for accessing and uploading data in data storage system Active CN103701611B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310743709.6A CN103701611B (en) 2013-12-30 2013-12-30 Method for accessing and uploading data in data storage system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310743709.6A CN103701611B (en) 2013-12-30 2013-12-30 Method for accessing and uploading data in data storage system

Publications (2)

Publication Number Publication Date
CN103701611A true CN103701611A (en) 2014-04-02
CN103701611B CN103701611B (en) 2017-01-18

Family

ID=50363016

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310743709.6A Active CN103701611B (en) 2013-12-30 2013-12-30 Method for accessing and uploading data in data storage system

Country Status (1)

Country Link
CN (1) CN103701611B (en)

Cited By (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103905208A (en) * 2014-04-24 2014-07-02 快车科技有限公司 Interactive method using asymmetric security mechanisms
CN104219058A (en) * 2014-09-28 2014-12-17 小米科技有限责任公司 Identity authentication and authorization method and device
CN105227613A (en) * 2014-06-30 2016-01-06 北京金山安全软件有限公司 File uploading method and device
CN105701407A (en) * 2016-01-08 2016-06-22 腾讯科技(深圳)有限公司 Security level determining method and device
CN106230776A (en) * 2016-07-15 2016-12-14 南京睦泽信息科技有限公司 The safety protecting method of cloud computing data and device
CN106453273A (en) * 2016-09-22 2017-02-22 西安莫贝克半导体科技有限公司 Cloud technology based information security management system and method
CN107004094A (en) * 2014-12-09 2017-08-01 佳能株式会社 Information processor, the control method of information processor, information processing system and computer program
CN107665311A (en) * 2016-07-28 2018-02-06 中国电信股份有限公司 Authentication Client, encryption data access method and system
WO2018145605A1 (en) * 2017-02-07 2018-08-16 腾讯科技(深圳)有限公司 Authentication method and server, and access control device
CN108737335A (en) * 2017-04-14 2018-11-02 广州小兵过河信息科技有限公司 The method of meeting document process based on private clound
CN109033139A (en) * 2018-06-06 2018-12-18 中国平安人寿保险股份有限公司 Client information inquiry method, device, computer equipment and storage medium
CN109347826A (en) * 2018-10-22 2019-02-15 上海七牛信息技术有限公司 A kind of verification method and system
CN109934002A (en) * 2019-03-13 2019-06-25 淮北师范大学 A kind of multipath identity identifying method of OA office system
CN109995774A (en) * 2019-03-22 2019-07-09 泰康保险集团股份有限公司 Cipher key authentication method, system, equipment and storage medium based on part decryption
CN110140325A (en) * 2017-01-06 2019-08-16 微软技术许可有限责任公司 Talk in member's change via key pair and carries out Partial encryption
CN111079163A (en) * 2019-12-16 2020-04-28 国网山东省电力公司威海市文登区供电公司 Encryption and decryption information system
CN111079170A (en) * 2019-11-04 2020-04-28 湖南源科创新科技有限公司 Control method and control device of solid state disk
CN111259431A (en) * 2020-02-18 2020-06-09 上海迅软信息科技有限公司 Computer software data encryption system and encryption method thereof
CN111382420A (en) * 2018-12-29 2020-07-07 金联汇通信息技术有限公司 Data transaction method, device, system, electronic equipment and readable storage medium
CN111868726A (en) * 2018-03-05 2020-10-30 三星电子株式会社 Electronic device and digital key supply method for electronic device
CN112154623A (en) * 2018-05-24 2020-12-29 德州仪器公司 Secure message routing
CN112307449A (en) * 2020-11-10 2021-02-02 上海市数字证书认证中心有限公司 Permission hierarchical management method and device, electronic equipment and readable storage medium
CN112311879A (en) * 2020-10-30 2021-02-02 平安信托有限责任公司 Method and device for limiting network disk uploading, computer equipment and storage medium
CN112699570A (en) * 2021-01-14 2021-04-23 广州穗能通能源科技有限责任公司 Power grid engineering modeling method and device, computer equipment and storage medium
CN113177220A (en) * 2021-05-27 2021-07-27 深圳市数存科技有限公司 Service safety system capable of carrying out remote data protection
CN113553573A (en) * 2021-07-09 2021-10-26 深圳市高德信通信股份有限公司 Data security verification method
CN113672973A (en) * 2021-07-20 2021-11-19 深圳大学 Database system of embedded equipment based on RISC-V architecture of trusted execution environment
CN113905036A (en) * 2021-02-10 2022-01-07 京东科技控股股份有限公司 File transmission method and device, electronic equipment and storage medium
CN114048504A (en) * 2021-11-15 2022-02-15 北京鲸鲮信息系统技术有限公司 File processing method and device, electronic equipment and storage medium
CN114172741A (en) * 2021-12-22 2022-03-11 卓品智能科技无锡有限公司 Method, system and storage medium for preventing vehicle-mounted controller from being stolen
CN114208113A (en) * 2019-07-09 2022-03-18 泰雷兹数字安全法国股份有限公司 Method, first device, first server, second server and system for accessing private key
CN114244583A (en) * 2021-11-30 2022-03-25 珠海大横琴科技发展有限公司 Data processing method and device based on mobile client
CN114417393A (en) * 2021-12-08 2022-04-29 马上消费金融股份有限公司 File encryption method, system, electronic equipment and computer readable storage medium
CN114979272A (en) * 2022-06-17 2022-08-30 贵州东彩供应链科技有限公司 File storage system based on ecological animal husbandry platform
CN116094811A (en) * 2023-01-15 2023-05-09 西安热工研究院有限公司 Secret information anti-photographing alarm method, system, equipment and readable storage medium
CN117195270A (en) * 2023-09-25 2023-12-08 江苏达科数智技术有限公司 Data sharing method and sharing platform

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1959693A (en) * 2006-11-29 2007-05-09 北京飞天诚信科技有限公司 Method of realizing intelligence cryptographic key set of fingerprint for multiple users to use
CN101340437A (en) * 2008-08-19 2009-01-07 北京飞天诚信科技有限公司 Time source regulating method and system
CN101340289A (en) * 2008-08-19 2009-01-07 北京飞天诚信科技有限公司 Replay attack preventing method and method thereof
CN102510338A (en) * 2011-12-31 2012-06-20 中国工商银行股份有限公司 System, device and method for security certificate for multi-organization interconnection system
US20120159590A1 (en) * 2010-12-15 2012-06-21 At&T Intellectual Property I, L.P. Methods, systems, and computer program products for authenticating an identity of a user by generating a confidence indicator of the identity of the user based on a combination of multiple authentication techniques
CN102655508A (en) * 2012-04-19 2012-09-05 华中科技大学 Method for protecting privacy data of users in cloud environment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1959693A (en) * 2006-11-29 2007-05-09 北京飞天诚信科技有限公司 Method of realizing intelligence cryptographic key set of fingerprint for multiple users to use
CN101340437A (en) * 2008-08-19 2009-01-07 北京飞天诚信科技有限公司 Time source regulating method and system
CN101340289A (en) * 2008-08-19 2009-01-07 北京飞天诚信科技有限公司 Replay attack preventing method and method thereof
US20120159590A1 (en) * 2010-12-15 2012-06-21 At&T Intellectual Property I, L.P. Methods, systems, and computer program products for authenticating an identity of a user by generating a confidence indicator of the identity of the user based on a combination of multiple authentication techniques
CN102510338A (en) * 2011-12-31 2012-06-20 中国工商银行股份有限公司 System, device and method for security certificate for multi-organization interconnection system
CN102655508A (en) * 2012-04-19 2012-09-05 华中科技大学 Method for protecting privacy data of users in cloud environment

Cited By (51)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015161563A1 (en) * 2014-04-24 2015-10-29 快车科技有限公司 Interaction method using asymmetric security mechanisms
CN103905208A (en) * 2014-04-24 2014-07-02 快车科技有限公司 Interactive method using asymmetric security mechanisms
CN105227613A (en) * 2014-06-30 2016-01-06 北京金山安全软件有限公司 File uploading method and device
CN104219058A (en) * 2014-09-28 2014-12-17 小米科技有限责任公司 Identity authentication and authorization method and device
CN107004094A (en) * 2014-12-09 2017-08-01 佳能株式会社 Information processor, the control method of information processor, information processing system and computer program
CN107004094B (en) * 2014-12-09 2021-01-15 佳能株式会社 Information processing apparatus, control method for information processing apparatus, information processing system, and computer program
CN105701407B (en) * 2016-01-08 2018-04-10 腾讯科技(深圳)有限公司 Level of security determines method and device
CN105701407A (en) * 2016-01-08 2016-06-22 腾讯科技(深圳)有限公司 Security level determining method and device
CN106230776A (en) * 2016-07-15 2016-12-14 南京睦泽信息科技有限公司 The safety protecting method of cloud computing data and device
CN107665311A (en) * 2016-07-28 2018-02-06 中国电信股份有限公司 Authentication Client, encryption data access method and system
CN106453273A (en) * 2016-09-22 2017-02-22 西安莫贝克半导体科技有限公司 Cloud technology based information security management system and method
CN106453273B (en) * 2016-09-22 2019-09-13 西安莫贝克半导体科技有限公司 A kind of information insurance management system and method based on cloud
CN110140325A (en) * 2017-01-06 2019-08-16 微软技术许可有限责任公司 Talk in member's change via key pair and carries out Partial encryption
WO2018145605A1 (en) * 2017-02-07 2018-08-16 腾讯科技(深圳)有限公司 Authentication method and server, and access control device
CN108737335A (en) * 2017-04-14 2018-11-02 广州小兵过河信息科技有限公司 The method of meeting document process based on private clound
CN111868726B (en) * 2018-03-05 2024-05-17 三星电子株式会社 Electronic device and digital key supply method for electronic device
CN111868726A (en) * 2018-03-05 2020-10-30 三星电子株式会社 Electronic device and digital key supply method for electronic device
US11972030B2 (en) 2018-05-24 2024-04-30 Texas Instruments Incorporated Secure message routing
CN112154623B (en) * 2018-05-24 2023-11-28 德州仪器公司 Secure message routing
CN112154623A (en) * 2018-05-24 2020-12-29 德州仪器公司 Secure message routing
CN109033139A (en) * 2018-06-06 2018-12-18 中国平安人寿保险股份有限公司 Client information inquiry method, device, computer equipment and storage medium
CN109347826B (en) * 2018-10-22 2021-06-22 上海七牛信息技术有限公司 Verification method and system
CN109347826A (en) * 2018-10-22 2019-02-15 上海七牛信息技术有限公司 A kind of verification method and system
CN111382420A (en) * 2018-12-29 2020-07-07 金联汇通信息技术有限公司 Data transaction method, device, system, electronic equipment and readable storage medium
CN109934002A (en) * 2019-03-13 2019-06-25 淮北师范大学 A kind of multipath identity identifying method of OA office system
CN109995774A (en) * 2019-03-22 2019-07-09 泰康保险集团股份有限公司 Cipher key authentication method, system, equipment and storage medium based on part decryption
CN114208113A (en) * 2019-07-09 2022-03-18 泰雷兹数字安全法国股份有限公司 Method, first device, first server, second server and system for accessing private key
CN111079170B (en) * 2019-11-04 2021-11-23 湖南源科创新科技有限公司 Control method and control device of solid state disk
CN111079170A (en) * 2019-11-04 2020-04-28 湖南源科创新科技有限公司 Control method and control device of solid state disk
CN111079163A (en) * 2019-12-16 2020-04-28 国网山东省电力公司威海市文登区供电公司 Encryption and decryption information system
CN111259431A (en) * 2020-02-18 2020-06-09 上海迅软信息科技有限公司 Computer software data encryption system and encryption method thereof
CN112311879A (en) * 2020-10-30 2021-02-02 平安信托有限责任公司 Method and device for limiting network disk uploading, computer equipment and storage medium
CN112307449A (en) * 2020-11-10 2021-02-02 上海市数字证书认证中心有限公司 Permission hierarchical management method and device, electronic equipment and readable storage medium
CN112307449B (en) * 2020-11-10 2022-12-27 上海市数字证书认证中心有限公司 Authority hierarchical management method, device, electronic equipment and readable storage medium
CN112699570A (en) * 2021-01-14 2021-04-23 广州穗能通能源科技有限责任公司 Power grid engineering modeling method and device, computer equipment and storage medium
CN113905036A (en) * 2021-02-10 2022-01-07 京东科技控股股份有限公司 File transmission method and device, electronic equipment and storage medium
CN113177220B (en) * 2021-05-27 2021-12-17 深圳市数存科技有限公司 Service safety system capable of carrying out remote data protection
CN113177220A (en) * 2021-05-27 2021-07-27 深圳市数存科技有限公司 Service safety system capable of carrying out remote data protection
CN113553573A (en) * 2021-07-09 2021-10-26 深圳市高德信通信股份有限公司 Data security verification method
CN113553573B (en) * 2021-07-09 2024-02-06 深圳市高德信通信股份有限公司 Data security verification method
CN113672973A (en) * 2021-07-20 2021-11-19 深圳大学 Database system of embedded equipment based on RISC-V architecture of trusted execution environment
CN113672973B (en) * 2021-07-20 2024-04-16 深圳大学 Database system of embedded device based on RISC-V architecture of trusted execution environment
CN114048504A (en) * 2021-11-15 2022-02-15 北京鲸鲮信息系统技术有限公司 File processing method and device, electronic equipment and storage medium
CN114244583A (en) * 2021-11-30 2022-03-25 珠海大横琴科技发展有限公司 Data processing method and device based on mobile client
CN114417393B (en) * 2021-12-08 2023-04-07 马上消费金融股份有限公司 File encryption method, system, electronic equipment and computer readable storage medium
CN114417393A (en) * 2021-12-08 2022-04-29 马上消费金融股份有限公司 File encryption method, system, electronic equipment and computer readable storage medium
CN114172741A (en) * 2021-12-22 2022-03-11 卓品智能科技无锡有限公司 Method, system and storage medium for preventing vehicle-mounted controller from being stolen
CN114979272A (en) * 2022-06-17 2022-08-30 贵州东彩供应链科技有限公司 File storage system based on ecological animal husbandry platform
CN116094811A (en) * 2023-01-15 2023-05-09 西安热工研究院有限公司 Secret information anti-photographing alarm method, system, equipment and readable storage medium
CN117195270A (en) * 2023-09-25 2023-12-08 江苏达科数智技术有限公司 Data sharing method and sharing platform
CN117195270B (en) * 2023-09-25 2024-02-02 江苏达科数智技术有限公司 Data sharing method and sharing platform

Also Published As

Publication number Publication date
CN103701611B (en) 2017-01-18

Similar Documents

Publication Publication Date Title
CN103701611A (en) Method for accessing and uploading data in data storage system
JP6609010B2 (en) Multiple permission data security and access
CN110417750B (en) Block chain technology-based file reading and storing method, terminal device and storage medium
CA2899014C (en) Policy enforcement with associated data
CN110535833B (en) Data sharing control method based on block chain
CN103763355A (en) Cloud data uploading and access control method
CN103310169B (en) A kind of method protecting SD card data and protection system
US20200082110A1 (en) Automatic key rotation
CN202795383U (en) Device and system for protecting data
KR20140099325A (en) System and method for key management for issuer security domain using global platform specifications
CN103502994A (en) Method for handling privacy data
CN102638568A (en) Cloud storage system and data management method thereof
JP2015504222A (en) Data protection method and system
CN103745164B (en) A kind of file safety storage method based on environmental and system
CN101827101A (en) Information asset protection method based on credible isolated operating environment
CN110445840B (en) File storage and reading method based on block chain technology
CN111274599A (en) Data sharing method based on block chain and related device
WO2020123926A1 (en) Decentralized computing systems and methods for performing actions using stored private data
CN106533693B (en) Access method and device of railway vehicle monitoring and overhauling system
US20160191249A1 (en) Peer to peer enterprise file sharing
US20160191503A1 (en) Peer to peer enterprise file sharing
CN103973715A (en) Cloud computing security system and method
CN103020542B (en) Store the technology of the secret information being used for global data center
CN111914270A (en) Programmable authentication service method and system based on block chain technology
Dahshan Data security in cloud storage services

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant