CN103929434A - File sharing method based on encryption and permission system - Google Patents
File sharing method based on encryption and permission system Download PDFInfo
- Publication number
- CN103929434A CN103929434A CN201410184197.9A CN201410184197A CN103929434A CN 103929434 A CN103929434 A CN 103929434A CN 201410184197 A CN201410184197 A CN 201410184197A CN 103929434 A CN103929434 A CN 103929434A
- Authority
- CN
- China
- Prior art keywords
- file
- secret shared
- shared file
- sharing
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a file sharing method based on an encryption and permission system. The file sharing method comprises the implementation steps that (1) a server establishes user information and sets the security level of a user; (2) the user logs in and carries out authentication; (3) the user sets the security level of a secret shared file, carries out encryption through a random secret key, stores the unique authentication code, the security level and the encryption secret key of the encrypted secret shared file on the server, and sends the encrypted secret shared file to a network; (4) when the secret shared file is used, a client sends a decryption request including the unique authentication code of the secret shared file and the security level of the user, if the security level of the user is higher than or the same as the security level of the secret shared file, the client can receive a decryption secret key fed back by the server, the client decrypts the secret shared file through the decryption secret key, and opens the secret shared file, and if the security level of the user is lower than the security level of the secret shared file, rejection information is fed back. The file sharing method based on the encryption and permission system has the advantages of being high in safety, convenient to use and capable of being used for sharing of secret files inside a unit.
Description
Technical field
The invention belongs to computer information safety technique field, relate in particular to a kind of file sharing method, can be used for the safe handling of organization internal classified papers.
Technical background
Along with the continuous enhancing of the growing and IT application in enterprises of information technology, the safety issue of internal information is more and more serious, how enterprises safety and have the shared inner secret papers of system become people must thinking problem.Tradition is to be all placed in enterprises Shared Folders to sharing of secret papers, but when file is downloaded on oneself computer by employee after, the fail safe of secret papers just can not ensure.If use at once encryption software to be encrypted to the file after downloading, although can ensure its fail safe, lose again its sharing simultaneously, this file can only encrypted person oneself use, and can not share to other colleagues.So when shared file, its fail safe and sharing are difficult to meet in a unit simultaneously.
Summary of the invention
For the existing problem of above-mentioned prior art, the object of the present invention is to provide a kind of file sharing method of taking into account fail safe and sharing, to realize convenient, the safe shared secret file of internal institution.
For achieving the above object, technical scheme of the present invention, comprises the steps:
(1) set up user profile and set user's level of security at file-sharing service device;
(2) user's log file is shared client, and carries out authentication;
(3) secret shared file issuing steps:
(3.1) one of first user selection is less than or equal to the level of security of user's inherently safe level as the level of security of secret shared file;
(3.2) first file-sharing clients generate a random encryption key, and secret shared file are encrypted with this encryption key, and delete immediately former unencrypted secret shared file;
(3.3) first file-sharing clients are calculated unique authentication code of the secret shared file after encrypting by hash algorithm;
(3.4) first file-sharing clients are saved in the database of file-sharing service device the level of security of this unique authentication code, encryption key and secret shared file as secret shared file information;
(3.5) the secret shared file that first user is crossed the first file-sharing client encrypt is published on the Internet;
(4) secret shared file is used step:
(4.1) second users download the secret shared file that first user publishes from the Internet;
(4.2) second file-sharing clients are calculated unique authentication code of secret shared file by hash algorithm, and sending the decoding request of secret shared file to file-sharing service device, this decoding request comprises unique authentication code of secret shared file and the second user's level of security;
(4.3) file-sharing service device is received after the decoding request of the second file-sharing client, extracts unique authentication code of the secret shared file of issuing in request, shares corresponding secret shared file information in business server database in order to retrieving files;
(4.4) file-sharing service device compares the level of security of the secret shared file of the second user's level of security and issue, if the second user's level of security is equal to or higher than the level of security of secret shared file, file-sharing service device returns to decruption key to the second file client, otherwise returns to exclude information;
(4.5) if file-sharing service device has returned to the decruption key of the secret shared file of issuing, the secret shared file of issue is deciphered and opened to the second file-sharing client.
Further: in described step (2), to subscriber authentication, adopt password authentification, facial image checking, finger print information checking and audio-frequency information verification mode.
Further: in described step (3.2), the first file-sharing client is encrypted secret shared file with encryption key, adopt any one symmetric encipherment algorithm not being cracked to be encrypted.
Further: in described step (3.3), calculate the hash algorithm that the unique authentication code of secret shared file after encrypting adopts, adopt any one in Message-Digest Algorithm5, Secure Hash Algorithm and Hash-based Message Authentication Code.
The present invention compared with prior art tool has the following advantages:
(1) be beneficial to the maintenance of database
Existing technology of sharing is kept at file-sharing service device database by whole secret shared file and authority is set and downloads for user, and file-sharing database of the present invention is only preserved the level of security of the unique authentication code, encryption key and the secret shared file that comprise secret shared file, make the size of file-sharing service device database less, be more conducive to the maintenance of file-sharing service device database.
(2) secret shared file is safer
Existing most of technology is conventionally by limiting spreading of secret shared file, do not revealed with the content that reaches secret shared file, the present invention is directly encrypted secret shared file, even if unwarranted personnel obtain the secret shared file publishing, can not obtain the content of secret shared file, this just makes secret shared file more safe and reliable.
(3) more simple and effective control of authority mode
The present invention arranges the level of security of secret shared file and user's level of security, and both are combined, by the comparison of rank height relation between the two, realize the control of authority in file-sharing process, control of authority mode complicated in the existing file technology of sharing of comparing is more effectively simple.
Brief description of the drawings
Fig. 1 is the schematic flow sheet of the invention process example.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is described in further details.
As shown in Figure 1, workflow of the present invention is:
Step 1, sets up user profile and sets user's level of security at file-sharing service device.
User applies for the registration of, and then examines application user profile by keeper, if pass, and typing user's the information such as user name, login password, and set a level of security according to the regulation of unit to user.
Step 2, user's log file is shared client, and carries out authentication.
User inputs username and password and logins, and log-on message sends to server and verifies, then returns to the result by server, if be verified login, otherwise, refusal login.
Step 3, secret shared file issuing steps:
(3.1) one of first user selection is less than or equal to the level of security of user's inherently safe level as the level of security of secret shared file;
(3.2) first file-sharing clients generate a random encryption key, and secret shared file is encrypted with this encryption key, and delete immediately the secret shared file of former unencrypted, symmetric cryptography (being also encrypted private key) refers to that encryption and decryption are used the cryptographic algorithm of same key, in computer private network system, widely used symmetric encipherment algorithm has Advanced Encryption Standard, Data Encryption Algorithm and International Data Encryption Algorithm etc., the symmetric encipherment algorithm that this example adopts is Advanced Encryption Standard cryptographic algorithm.
(3.3) first file-sharing clients are calculated unique authentication code of the secret shared file after encrypting by hash algorithm, hash algorithm is that long arbitrarily input message string is applied and operates the existing algorithm of one that returns to fixed length Hash Value, Hash Value is used for completeness check, certification and digital signature, and conventional hash algorithm has Message-Digest Algorithm5, Secure Hash Algorithm and Hash-based Message Authentication Code.The hash algorithm that this example adopts is Message-Digest Algorithm5, and the Message-Digest Algorithm5 code calculating is as unique authentication code of secret shared file;
(3.4) first file-sharing clients are saved in the database of file-sharing service device the level of security of this unique authentication code, encryption key and secret shared file as secret shared file information;
(3.5) the secret shared file that first user is crossed the first file-sharing client encrypt is open to Internet.
Step 4, secret shared file is used step:
(4.1) second users download from Internet the secret shared file that first user publishes;
(4.2) second file-sharing clients are calculated unique authentication code of secret shared file by hash algorithm, and send the decoding request of secret shared file to file-sharing service device, this decoding request comprises unique authentication code of secret shared file and the second user's level of security, the hash algorithm that this example adopts is Message-Digest Algorithm5, and the Message-Digest Algorithm5 code calculating is as unique authentication code of secret shared file;
(4.3) file-sharing service device is received after the decoding request of the second file-sharing client, extracts unique authentication code of the secret shared file of issuing in request, and retrieving files is shared corresponding secret shared file information in business server database;
(4.4) file-sharing service device compares the level of security of the secret shared file of the second user's level of security and issue, if the second user's level of security is equal to or higher than the level of security of secret shared file, file-sharing service device returns to decruption key to the second file client, otherwise returns to exclude information;
(4.5) if file-sharing service device has returned to the decruption key of the secret shared file of issuing, the secret shared file of issue is deciphered and opened to the second file-sharing client.
More than describing is only example of the present invention; do not form any limitation of the invention; obviously for those skilled in the art; understanding after content of the present invention and principle; can be in the situation that not deviating from the principle of the invention, structure; carry out various amendments and the change of form and details, but these corrections based on inventive concept and changing still within claim protection range of the present invention.
Claims (4)
1. the file sharing method based on encryption and authority system, is characterized in that, comprising:
(1) set up user profile and set user's level of security at file-sharing service device;
(2) user's log file is shared client, and carries out authentication;
(3) secret shared file issuing steps:
(3.1) one of first user selection is less than or equal to the level of security of user's inherently safe level as the level of security of secret shared file;
(3.2) first file-sharing clients generate a random encryption key, and secret shared file are encrypted with this encryption key, and delete immediately former unencrypted secret shared file;
(3.3) first file-sharing clients are calculated unique authentication code of the secret shared file after encrypting by hash algorithm;
(3.4) first file-sharing clients are saved in the database of file-sharing service device the level of security of this unique authentication code, encryption key and secret shared file as secret shared file information;
(3.5) the secret shared file that first user is crossed the first file-sharing client encrypt is published on the Internet;
(4) secret shared file is used step:
(4.1) second users download the secret shared file that first user publishes from the Internet;
(4.2) second file-sharing clients are calculated unique authentication code of secret shared file by hash algorithm, and sending the decoding request of secret shared file to file-sharing service device, this decoding request comprises unique authentication code of secret shared file and the second user's level of security;
(4.3) file-sharing service device is received after the decoding request of the second file-sharing client, extracts unique authentication code of the secret shared file of issuing in request, shares corresponding secret shared file information in business server database in order to retrieving files;
(4.4) file-sharing service device compares the level of security of the secret shared file of the second user's level of security and issue, if the second user's level of security is equal to or higher than the level of security of secret shared file, file-sharing service device returns to decruption key to the second file client, otherwise returns to exclude information;
(4.5) if file-sharing service device has returned to the decruption key of the secret shared file of issuing, the secret shared file of issue is deciphered and opened to the second file-sharing client.
2. the file sharing method based on encryption and authority system according to claim 1, it is characterized in that: in described step (2), to subscriber authentication, adopt any one in the checking of password authentification, facial image, finger print information checking and audio-frequency information verification mode.
3. the file sharing method based on encryption and authority system according to claim 1, it is characterized in that: in described step (3.2), the first file-sharing client encryption key is encrypted secret shared file, adopt any one symmetric encipherment algorithm not being cracked to be encrypted.
4. the file sharing method based on encryption and authority system according to claim 1, it is characterized in that: in described step (3.3), calculate the hash algorithm that the unique authentication code of secret shared file after encrypting adopts, adopt any one in Message-Digest Algorithm5, Secure Hash Algorithm and Hash-based Message Authentication Code.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410184197.9A CN103929434A (en) | 2014-05-04 | 2014-05-04 | File sharing method based on encryption and permission system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410184197.9A CN103929434A (en) | 2014-05-04 | 2014-05-04 | File sharing method based on encryption and permission system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN103929434A true CN103929434A (en) | 2014-07-16 |
Family
ID=51147511
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410184197.9A Pending CN103929434A (en) | 2014-05-04 | 2014-05-04 | File sharing method based on encryption and permission system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103929434A (en) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105095693A (en) * | 2015-07-13 | 2015-11-25 | 江苏简果科技发展有限公司 | Method and system for safely sharing digital asset based on Internet |
CN105335843A (en) * | 2015-10-10 | 2016-02-17 | 北京今目标信息技术有限公司 | Cross-enterprise cooperative office method, device and system |
CN106209891A (en) * | 2016-07-26 | 2016-12-07 | 广东道易鑫物联网科技有限公司 | A kind of means of communication based on D BUS communications protocol |
CN107665311A (en) * | 2016-07-28 | 2018-02-06 | 中国电信股份有限公司 | Authentication Client, encryption data access method and system |
CN108280238A (en) * | 2018-03-02 | 2018-07-13 | 于刚 | Computer shared file emergency backup method |
CN109117303A (en) * | 2018-03-02 | 2019-01-01 | 于刚 | Computer shared file emergency backup platform |
CN109376127A (en) * | 2018-09-25 | 2019-02-22 | 淮阴师范学院 | A kind of file sharing devices |
CN109901952A (en) * | 2019-03-06 | 2019-06-18 | 山东申启信息技术有限公司 | A kind of data back up method, system and server |
CN110889131A (en) * | 2018-09-11 | 2020-03-17 | 北京金山办公软件股份有限公司 | File sharing system |
CN111444451A (en) * | 2019-01-17 | 2020-07-24 | 珠海金山办公软件有限公司 | Document acquisition method and device, electronic equipment and readable storage medium |
CN111541652A (en) * | 2020-04-02 | 2020-08-14 | 杭州电子科技大学 | System for improving security of secret information keeping and transmission |
CN113127830A (en) * | 2019-12-31 | 2021-07-16 | 深圳云天励飞技术有限公司 | Data deleting method, device and system, electronic equipment and storage medium |
CN115455916A (en) * | 2022-09-16 | 2022-12-09 | 广州市花都区人民医院 | Contract editing management method and device based on hospital business |
CN116881952A (en) * | 2023-09-07 | 2023-10-13 | 北京亿赛通科技发展有限责任公司 | Encryption and decryption method and system based on file stream |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101989984A (en) * | 2010-08-24 | 2011-03-23 | 北京易恒信认证科技有限公司 | Electronic document safe sharing system and method thereof |
CN102202062A (en) * | 2011-06-03 | 2011-09-28 | 苏州九州安华信息安全技术有限公司 | Method and apparatus for realizing access control |
CN102970299A (en) * | 2012-11-27 | 2013-03-13 | 西安电子科技大学 | File safe protection system and method thereof |
CN103731432A (en) * | 2014-01-11 | 2014-04-16 | 西安电子科技大学昆山创新研究院 | Multi-user supported searchable encryption system and method |
-
2014
- 2014-05-04 CN CN201410184197.9A patent/CN103929434A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101989984A (en) * | 2010-08-24 | 2011-03-23 | 北京易恒信认证科技有限公司 | Electronic document safe sharing system and method thereof |
CN102202062A (en) * | 2011-06-03 | 2011-09-28 | 苏州九州安华信息安全技术有限公司 | Method and apparatus for realizing access control |
CN102970299A (en) * | 2012-11-27 | 2013-03-13 | 西安电子科技大学 | File safe protection system and method thereof |
CN103731432A (en) * | 2014-01-11 | 2014-04-16 | 西安电子科技大学昆山创新研究院 | Multi-user supported searchable encryption system and method |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105095693A (en) * | 2015-07-13 | 2015-11-25 | 江苏简果科技发展有限公司 | Method and system for safely sharing digital asset based on Internet |
CN105335843A (en) * | 2015-10-10 | 2016-02-17 | 北京今目标信息技术有限公司 | Cross-enterprise cooperative office method, device and system |
CN106209891A (en) * | 2016-07-26 | 2016-12-07 | 广东道易鑫物联网科技有限公司 | A kind of means of communication based on D BUS communications protocol |
CN107665311A (en) * | 2016-07-28 | 2018-02-06 | 中国电信股份有限公司 | Authentication Client, encryption data access method and system |
CN108280238A (en) * | 2018-03-02 | 2018-07-13 | 于刚 | Computer shared file emergency backup method |
CN109117303A (en) * | 2018-03-02 | 2019-01-01 | 于刚 | Computer shared file emergency backup platform |
CN108280238B (en) * | 2018-03-02 | 2019-04-19 | 上海棉联电子商务有限公司 | Computer shared file emergency backup method |
CN110889131B (en) * | 2018-09-11 | 2022-04-05 | 北京金山办公软件股份有限公司 | File sharing system |
CN110889131A (en) * | 2018-09-11 | 2020-03-17 | 北京金山办公软件股份有限公司 | File sharing system |
CN109376127A (en) * | 2018-09-25 | 2019-02-22 | 淮阴师范学院 | A kind of file sharing devices |
CN111444451A (en) * | 2019-01-17 | 2020-07-24 | 珠海金山办公软件有限公司 | Document acquisition method and device, electronic equipment and readable storage medium |
CN111444451B (en) * | 2019-01-17 | 2024-01-30 | 珠海金山办公软件有限公司 | Document acquisition method and device, electronic equipment and readable storage medium |
CN109901952A (en) * | 2019-03-06 | 2019-06-18 | 山东申启信息技术有限公司 | A kind of data back up method, system and server |
CN109901952B (en) * | 2019-03-06 | 2021-11-26 | 山东申启信息技术有限公司 | Data backup method, system and server |
CN113127830A (en) * | 2019-12-31 | 2021-07-16 | 深圳云天励飞技术有限公司 | Data deleting method, device and system, electronic equipment and storage medium |
CN111541652A (en) * | 2020-04-02 | 2020-08-14 | 杭州电子科技大学 | System for improving security of secret information keeping and transmission |
CN115455916A (en) * | 2022-09-16 | 2022-12-09 | 广州市花都区人民医院 | Contract editing management method and device based on hospital business |
CN116881952A (en) * | 2023-09-07 | 2023-10-13 | 北京亿赛通科技发展有限责任公司 | Encryption and decryption method and system based on file stream |
CN116881952B (en) * | 2023-09-07 | 2023-11-24 | 北京亿赛通科技发展有限责任公司 | Encryption and decryption method and system based on file stream |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103929434A (en) | File sharing method based on encryption and permission system | |
CN106254324B (en) | A kind of encryption method and device of storage file | |
CN113572614B (en) | Security method and system for data transmission | |
EP3585032B1 (en) | Data security service | |
CN103973736B (en) | A kind of method and device of data sharing | |
CN103763319B (en) | Method for safely sharing mobile cloud storage light-level data | |
CN104158827B (en) | Ciphertext data sharing method, device, inquiry server and upload data client | |
US11184337B2 (en) | System and method for encryption, storage and transmission of digital information | |
CN104468615A (en) | Data sharing based file access and permission change control method | |
CN105681273A (en) | Client data deduplication method | |
CN106453612A (en) | Data storage and sharing system | |
CN105827395A (en) | Network user authentication method | |
CN104468664A (en) | Method and device for uploading files to cloud storage system, and method and device for downloading files from cloud storage system | |
CN104486087B (en) | A kind of digital signature method based on remote hardware security module | |
CN105025019A (en) | Data safety sharing method | |
CN103036924A (en) | Chaining processing method and chaining processing system | |
CN101420298B (en) | Method and system for negotiating cipher | |
CN107332666A (en) | Terminal document encryption method | |
CN106936579A (en) | Cloud storage data storage and read method based on trusted third party agency | |
CN104993931A (en) | Multi-user encrypted search method in cloud storage | |
WO2014183671A1 (en) | Safety control method for cloud storage | |
CN103731423A (en) | Safe method for repeated data deleting | |
CN112861157A (en) | Data sharing method based on decentralized identity and proxy re-encryption | |
CN104394532A (en) | Anti-brute force safe log-in method for mobile terminal | |
CN104506518A (en) | Identity authentication method for access control of MIPS (Million Instructions Per Second) platform network system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140716 |