CN103973440A - File cloud security management method and system based on CPK - Google Patents
File cloud security management method and system based on CPK Download PDFInfo
- Publication number
- CN103973440A CN103973440A CN201410200967.4A CN201410200967A CN103973440A CN 103973440 A CN103973440 A CN 103973440A CN 201410200967 A CN201410200967 A CN 201410200967A CN 103973440 A CN103973440 A CN 103973440A
- Authority
- CN
- China
- Prior art keywords
- file
- pki
- cpk
- security management
- cloud security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a file cloud security management method and system based on a CPK. The method comprises the steps that a file to be stored is encrypted according to pre-configured session keys, and file ciphertext is generated; the session keys are respectively encrypted according to a pre-configured public key of a current user and a public key of a target user assigned by the current user, and a digital envelope set is generated; the digital envelope set and the file ciphertext are bound, a ciphertext file capable of being shared is formed, and the ciphertext file is stored in a cloud server. According to the method and system, a CPK combined public key system is adopted as the basis, the key transmitting technology of the CPK is utilized, the local file of the current user is encrypted, the file capable of being decrypted only by the current user and the target user assigned by the current user is generated, the file is stored in the cloud server, and therefore cloud security storage and sharing of the file are achieved, and automatic controllability of cloud security storage and sharing is built.
Description
Technical field
The present invention relates to network security technology field, specifically, relate to a kind of file cloud security management method and system based on CPK (Combined Public Key, Conbined public or double key).
Background technology
Along with the level of informatization improves day by day, file storage and the shared every field that is widely used in, particularly the storage demand of sensitive document or intra-company's vital document is also increasing, especially all the more so as the novel memory mechanism-cloud storage in file storage, wherein, cloud storage is in the conceptive extension of cloud computing and a development new concept out, refer to and pass through cluster application, the function such as network technology or distributed file system, the memory device of a large amount of various application in network is gathered to collaborative work by application system, the common system that data storage and Operational Visit function are externally provided.
At present, prior art, for above-mentioned situation, has proposed two kinds of safety approachs, a kind of scheme be to file adopt symmetric cryptography, another kind of be employing traditional public key system (PKI) file is encrypted.
Wherein, the advantage of the first scheme is that cost is low, realizes simply, and still, this scheme also exists many weak points, and for example, the key of all files only has one, in the time that a file is cracked, can have influence on the fail safe of alternative document; Meanwhile, user is for convenient memory key, and often setting is too simple, thereby has caused the possibility of being guessed very large, in addition, in the time that user forgets key, also can cause file to recover.
First scheme is to have integrated symmetric cryptography and public key system advantage separately, aspect fail safe, be greatly improved, for example, file encryption can be realized one-time pad, in the time that a file is cracked, can't have influence on the fail safe of alternative document, simultaneously because key is to adopt random number, thereby not need to remember, in addition, owing to having adopted the Digital Envelope Technology of public key system, only have user's ability declassified document of appointment, thereby security intensity is obviously improved.But this scheme also exists many weak points, for example, owing to having adopted PKI system, depend on third-party CA system thereby make to encrypt, need to there be the hardware devices such as USB Key based on safety chip to support, cost is higher; In the time making digital envelope, need to obtain PKI, and the PKI of PKI system generally needs the support of online certificate repository simultaneously.In addition, non-user's oneself certificate is difficult to obtain, so still do not realize the sharing of cryptograph files, only can realize the secure cloud storage of user's oneself file.
As can be seen here, safety approach of the prior art, or can not realize cloud storage and share with cloud, or only can realize cloud storage, share and can not realize cloud, and for this problem of the prior art, also not yet propose at present effective solution.
Summary of the invention
For the problem in above-mentioned correlation technique, the present invention proposes a kind of file cloud security management method and system based on CPK, wherein, because CPK is the public-key cryptosystem based on mark, PKI is with identifying with PKI matrix by calculating, thereby can realize the key delivery protocol based on mark, this file cloud security Managed Solution of the present invention and system just the feature based on this key delivery protocol propose, it can generate and store the file that only has active user and could decipher with the targeted customer that active user specifies, thereby the cloud security storage that has realized file with share.
Technical scheme of the present invention is achieved in that
According to an aspect of the present invention, provide a kind of file cloud security management method based on CPK.
Should the file cloud security management method based on CPK comprise:
According to pre-configured session key, the file that will store is encrypted to spanned file ciphertext;
The targeted customer's who specifies according to pre-configured active user's PKI and with this active user PKI, is encrypted respectively generating digital envelope collection to session key;
Digital envelope collection and file cipher text are bound, the cryptograph files that formation can be shared, and this cryptograph files is stored to Cloud Server.
In addition should the file cloud security management method based on CPK also comprise: before the file that will store is encrypted, this file is carried out to digital signature, to ensure integrality and the authenticity of this file.
In such scheme, the random data that session key generates according to pre-configured random number generator generates.
And in such scheme, active user's PKI and targeted customer's PKI generate by the PKI matrix computations of CPK by pre-configured user ID and targeted customer's identification sets.
According to a further aspect in the invention, provide a kind of file cloud security management system based on CPK.
Should the file cloud security management system based on CPK comprise:
The first encrypting module, for according to pre-configured session key, is encrypted spanned file ciphertext to the file that will store;
The second encrypting module, for the targeted customer's that specifies according to pre-configured active user's PKI and with this active user PKI, is encrypted respectively generating digital envelope collection to session key;
Memory management module, for digital envelope collection and file cipher text are bound, the cryptograph files that formation can be shared, and this cryptograph files is stored to Cloud Server.
In addition, should the file cloud security management system based on CPK also comprise: digital signature module, for before the file that will store is encrypted, this file is carried out to digital signature, to ensure integrality and the authenticity of this file.
In such scheme, the random data that session key generates according to pre-configured random number generator generates.
And in such scheme, active user's PKI and targeted customer's PKI generate by the PKI matrix computations of CPK by pre-configured user ID and targeted customer's identification sets.
The present invention by taking CPK Conbined public or double key system as basis, utilize the key Transfer Technology of CPK, the file of active user this locality is encrypted, the file that generation only has active user and could decipher with the targeted customer that active user specifies, and this file is stored in to Cloud Server, thereby the cloud security storage that has realized file with share, effectively prevented the problems such as user file loss, file are divulged a secret, file diffusion, built cloud security storage and the autonomous controllability of sharing.
In addition, the present invention also utilizes CPK digital signature technology flexibly, file to storage carries out digital signature, thereby has ensured security of user files storage, integrality and non-reliability when transmitting, sharing, and then the cloud storage and the safety guarantee of sharing of file are further provided.
Brief description of the drawings
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is according to the schematic flow sheet of the file cloud security management method based on CPK of the embodiment of the present invention;
Fig. 2 is according to the structural representation of the file cloud security management system based on CPK of the embodiment of the present invention;
Fig. 3 is according to the file cloud security management method based on CPK of the embodiment of the present invention corresponding client and structural representation of Cloud Server when the practical application;
Fig. 4 is the sequential flow chart when the practical application according to the file cloud security management method based on CPK of the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiment.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art obtain, belongs to the scope of protection of the invention.
According to embodiments of the invention, provide a kind of file cloud security management method based on CPK.
As shown in Figure 1, comprise according to the file cloud security management method based on CPK of the embodiment of the present invention:
Step S101, according to pre-configured session key, is encrypted spanned file ciphertext to the file that will store;
Step S103, the targeted customer's who specifies according to pre-configured active user's PKI and with this active user PKI, is encrypted respectively generating digital envelope collection to session key;
Step S105, binds digital envelope collection and file cipher text, the cryptograph files that formation can be shared, and this cryptograph files is stored to Cloud Server.
In addition should the file cloud security management method based on CPK also comprise: before the file that will store is encrypted, this file is carried out to digital signature, to ensure integrality and the authenticity of this file.
Certainly,, in the time of practical application, the digital signature of this file is optional, can select according to specific needs signature or not sign.
In such scheme, the random data that session key generates according to pre-configured random number generator generates.
And in such scheme, active user's PKI and targeted customer's PKI generate by the PKI matrix computations of CPK by pre-configured user ID and targeted customer's identification sets.
According to embodiments of the invention, also provide a kind of file cloud security management system based on CPK.
As shown in Figure 2, comprise according to the file cloud security management system based on CPK of the embodiment of the present invention:
The first encrypting module 21, for according to pre-configured session key, is encrypted spanned file ciphertext to the file that will store;
The second encrypting module 22, for the targeted customer's that specifies according to pre-configured active user's PKI and with this active user PKI, is encrypted respectively generating digital envelope collection to session key;
Memory management module 23, for digital envelope collection and file cipher text are bound, the cryptograph files that formation can be shared, and this cryptograph files is stored to Cloud Server.
In addition, should the file cloud security management system based on CPK also comprise: digital signature module (not shown), for before the file that will store is encrypted, carries out digital signature to this file, to ensure integrality and the authenticity of this file.
Same, in the time of practical application, this digital signature module is also optional, can start or not start according to real needs.
In such scheme, the random data that session key generates according to pre-configured random number generator generates.
And in such scheme, active user's PKI and targeted customer's PKI generate by the PKI matrix computations of CPK by pre-configured user ID and targeted customer's identification sets.
Understand technique scheme of the present invention for convenient, below by instantiation, technique scheme of the present invention is elaborated.Wherein, due in actual applications, aforesaid operations is generally realized on the entity such as client and Cloud Server, therefore, will technique scheme be described from the angle of the entity such as client and Cloud Server below.
Fig. 3 is the structural representation of client corresponding to technique scheme of the present invention and Cloud Server; As can be seen from Figure 3,, for client, it has document management module, signature verification module, Password Management module, uploads download module, shares administration module and basic management module.Wherein, document management module is for managing the user file that active client is corresponding; Signature verification module is for when the file encryption, and e-file is expressly carried out to CPK digital signature, and while deciphering after user downloads, certifying digital signature, with integrality and the non-reliability of safeguard file; Password Management module is the management for session key; Upload download module is for the file after encrypting being uploaded to Cloud Server, also the file of the storage in Cloud Server can being downloaded to local client simultaneously; Sharing administration module is according to the PKI by the side of sharing (being targeted customer) of active user's PKI and active user's appointment, session key to be encrypted, generating digital envelope collection, and carry out digital envelope collection with encrypt after file bind, the cryptograph files that formation can be shared; The infrastructure service that basic management module provides active client manages.
And for Cloud Server, it also has document management module, uploads download module, shares administration module and basic management module, wherein, document management module, upload download module, the function of sharing the respective modules in administration module and basic management module and client is close, just do not set forth one by one at this.
Should be noted that, from Fig. 3, it can also be seen that, no matter be client, or Cloud Server, all there is the access modules of discriminating, this discriminating access modules is the fail safe that further improves user in order to realize in actual application, and itself and CPK key devices are used in conjunction with the identity that can realize user and differentiate, to guarantee the fail safe of user identity.
Fig. 4 is the sequential flow chart of technique scheme of the present invention, as can be seen from Figure 4, in the time of practical application, user can log in client by CPK key devices, carry out user's discriminating, and under network normal condition, Cloud Server also can be differentiated client automatically, and after differentiating, user can manage file in client, and file is carried out encrypted signature and shared, and then file is uploaded in Cloud Server, impel Cloud Server to carry out cloud storage to file, Cloud Server is after carrying out cloud storage to file simultaneously, can send message to being shared subscription client according to the sharing information of file, shared user and can in corresponding client, be downloaded the file of being shared on Cloud Server, by file is carried out to signature verification and deciphering, finally obtain concrete file.
As seen from the above, the present invention is taking CPK Conbined public or double key system as basis, utilize its digital signature and key Transfer Technology flexibly, by by subscriber's local file signature, encrypt, share, upload, notify, download, the sequence of operations such as deciphering, built one from client to cloud again to the complete close state storage of client links, transmission, and use digital signature verification technology, ensured security of user files storage, transmit and shared.Thereby make the present invention there is strong confidentiality and efficientibility, also make the present invention can support large-scale application simultaneously, and support off-line to download and deciphering, effectively prevent the problems such as user file loss, file are divulged a secret, file diffusion, built autonomous controlled cloud security storage and the sharing mechanism of a kind of e-file.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any amendment of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (8)
1. the file cloud security management method based on Conbined public or double key CPK, is characterized in that, comprising:
According to pre-configured session key, the file that will store is encrypted to spanned file ciphertext;
The targeted customer's who specifies according to pre-configured active user's PKI and with this active user PKI, is encrypted respectively generating digital envelope collection to described session key;
Described digital envelope collection and described file cipher text are bound, the cryptograph files that formation can be shared, and this cryptograph files is stored to Cloud Server.
2. file cloud security management method according to claim 1, is characterized in that, further comprises:
Before the file that will store is encrypted, this file is carried out to digital signature, to ensure integrality and the authenticity of this file.
3. file cloud security management method according to claim 1, is characterized in that, the random data that described session key generates according to pre-configured random number generator generates.
4. file cloud security management method according to claim 1, it is characterized in that, described active user's PKI and described targeted customer's PKI generate by the PKI matrix computations of described CPK by pre-configured user ID and targeted customer's identification sets.
5. the file cloud security management system based on Conbined public or double key CPK, is characterized in that, comprising:
The first encrypting module, for according to pre-configured session key, is encrypted spanned file ciphertext to the file that will store;
The second encrypting module, for the targeted customer's that specifies according to pre-configured active user's PKI and with this active user PKI, is encrypted respectively generating digital envelope collection to described session key;
Memory management module, for described digital envelope collection and described file cipher text are bound, the cryptograph files that formation can be shared, and this cryptograph files is stored to Cloud Server.
6. file cloud security management system according to claim 5, is characterized in that, further comprises:
Digital signature module, for before the file that will store is encrypted, carries out digital signature to this file, to ensure integrality and the authenticity of this file.
7. file cloud security management system according to claim 5, is characterized in that, the random data that described session key generates according to pre-configured random number generator generates.
8. file cloud security management system according to claim 5, it is characterized in that, described active user's PKI and described targeted customer's PKI generate by the PKI matrix computations of described CPK by pre-configured user ID and targeted customer's identification sets.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410200967.4A CN103973440A (en) | 2014-05-13 | 2014-05-13 | File cloud security management method and system based on CPK |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410200967.4A CN103973440A (en) | 2014-05-13 | 2014-05-13 | File cloud security management method and system based on CPK |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103973440A true CN103973440A (en) | 2014-08-06 |
Family
ID=51242516
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410200967.4A Pending CN103973440A (en) | 2014-05-13 | 2014-05-13 | File cloud security management method and system based on CPK |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103973440A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104811311A (en) * | 2015-04-09 | 2015-07-29 | 深圳市中润四方信息技术有限公司 | Electronic invoice safety delivery method and system |
| CN106453384A (en) * | 2016-11-09 | 2017-02-22 | 鹤荣育 | Security cloud disk system and security encryption method thereof |
| CN106533674A (en) * | 2016-12-16 | 2017-03-22 | 北京瑞卓喜投科技发展有限公司 | Method, apparatus and system for sharing encrypted data |
| CN106716914A (en) * | 2014-09-17 | 2017-05-24 | 微软技术许可有限责任公司 | Secure key management for roaming protected content |
| CN106789008A (en) * | 2016-12-16 | 2017-05-31 | 北京瑞卓喜投科技发展有限公司 | Method, the apparatus and system being decrypted to sharable encryption data |
| CN107154848A (en) * | 2017-03-10 | 2017-09-12 | 深圳市盾盘科技有限公司 | A kind of data encryption based on CPK certifications and storage method and device |
| CN108111546A (en) * | 2018-03-02 | 2018-06-01 | 瓦戈科技(上海)有限公司 | A kind of document transmission method and system |
| CN108390867A (en) * | 2018-02-06 | 2018-08-10 | 杭州政信金服互联网科技有限公司 | Card file enciphering method and decryption method are deposited in the administration of justice |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101989984A (en) * | 2010-08-24 | 2011-03-23 | 北京易恒信认证科技有限公司 | Electronic document safe sharing system and method thereof |
| CN102638568A (en) * | 2012-03-02 | 2012-08-15 | 深圳市朗科科技股份有限公司 | Cloud storage system and data management method thereof |
| US20120272063A1 (en) * | 2005-09-28 | 2012-10-25 | Patrick Carson Meehan | Method and system for digital rights management of documents |
| CN102984252A (en) * | 2012-11-26 | 2013-03-20 | 中国科学院信息工程研究所 | Cloud resource access control method based on dynamic cross-domain security token |
| CN103124215A (en) * | 2013-01-25 | 2013-05-29 | 匡创公司 | Self-certifying method with time marks |
| CN103733633A (en) * | 2011-05-12 | 2014-04-16 | 索林科集团 | Video analytics system |
-
2014
- 2014-05-13 CN CN201410200967.4A patent/CN103973440A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120272063A1 (en) * | 2005-09-28 | 2012-10-25 | Patrick Carson Meehan | Method and system for digital rights management of documents |
| CN101989984A (en) * | 2010-08-24 | 2011-03-23 | 北京易恒信认证科技有限公司 | Electronic document safe sharing system and method thereof |
| CN103733633A (en) * | 2011-05-12 | 2014-04-16 | 索林科集团 | Video analytics system |
| CN102638568A (en) * | 2012-03-02 | 2012-08-15 | 深圳市朗科科技股份有限公司 | Cloud storage system and data management method thereof |
| CN102984252A (en) * | 2012-11-26 | 2013-03-20 | 中国科学院信息工程研究所 | Cloud resource access control method based on dynamic cross-domain security token |
| CN103124215A (en) * | 2013-01-25 | 2013-05-29 | 匡创公司 | Self-certifying method with time marks |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106716914A (en) * | 2014-09-17 | 2017-05-24 | 微软技术许可有限责任公司 | Secure key management for roaming protected content |
| CN106716914B (en) * | 2014-09-17 | 2021-05-25 | 微软技术许可有限责任公司 | Secure key management for roaming protected content |
| CN104811311B (en) * | 2015-04-09 | 2018-09-11 | 深圳市中润四方信息技术有限公司 | A kind of method and system that electronic invoice transmits safely |
| CN104811311A (en) * | 2015-04-09 | 2015-07-29 | 深圳市中润四方信息技术有限公司 | Electronic invoice safety delivery method and system |
| CN106453384A (en) * | 2016-11-09 | 2017-02-22 | 鹤荣育 | Security cloud disk system and security encryption method thereof |
| CN106453384B (en) * | 2016-11-09 | 2023-05-16 | 鹤荣育 | Secure cloud disk system and secure encryption method thereof |
| CN106533674B (en) * | 2016-12-16 | 2019-07-16 | 北京瑞卓喜投科技发展有限公司 | The sharing method of encryption data, apparatus and system |
| CN106789008B (en) * | 2016-12-16 | 2020-02-28 | 北京瑞卓喜投科技发展有限公司 | Method, device and system for decrypting sharable encrypted data |
| CN106789008A (en) * | 2016-12-16 | 2017-05-31 | 北京瑞卓喜投科技发展有限公司 | Method, the apparatus and system being decrypted to sharable encryption data |
| CN106533674A (en) * | 2016-12-16 | 2017-03-22 | 北京瑞卓喜投科技发展有限公司 | Method, apparatus and system for sharing encrypted data |
| CN107154848A (en) * | 2017-03-10 | 2017-09-12 | 深圳市盾盘科技有限公司 | A kind of data encryption based on CPK certifications and storage method and device |
| CN108390867A (en) * | 2018-02-06 | 2018-08-10 | 杭州政信金服互联网科技有限公司 | Card file enciphering method and decryption method are deposited in the administration of justice |
| CN108390867B (en) * | 2018-02-06 | 2020-08-25 | 江西政兴科技有限公司 | Judicial evidence storage document encryption method |
| CN108111546A (en) * | 2018-03-02 | 2018-06-01 | 瓦戈科技(上海)有限公司 | A kind of document transmission method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2020259635A1 (en) | Method and apparatus for sharing blockchain data | |
| CN103973440A (en) | File cloud security management method and system based on CPK | |
| CN102624522B (en) | A kind of key encryption method based on file attribute | |
| CN106453612B (en) | A kind of storage of data and shared system | |
| CN101605137B (en) | Safe distribution file system | |
| TW201914254A (en) | Method, apparatus and system for data encryption and decryption | |
| KR20230157929A (en) | Transfer cryptocurrency from a remote access restricted wallet | |
| CN100576792C (en) | The method that file encryption is shared | |
| CN109729041B (en) | Method and device for issuing and acquiring encrypted content | |
| CN113556363B (en) | Data sharing method and system based on decentralized and distributed proxy re-encryption | |
| CN104917741B (en) | A kind of plain text document public network secure transmission system based on USBKEY | |
| US8806206B2 (en) | Cooperation method and system of hardware secure units, and application device | |
| CN105245328A (en) | User and file key generation and management method based on third party | |
| Swathy et al. | Providing advanced security mechanism for scalable data sharing in cloud storage | |
| CN102291418A (en) | Method for realizing cloud computing security architecture | |
| US20100241852A1 (en) | Methods for Producing Products with Certificates and Keys | |
| CN106254342A (en) | The secure cloud storage method of file encryption is supported under Android platform | |
| CN106411504B (en) | Data encryption system, method and device | |
| CN104253694A (en) | Encrypting method for network data transmission | |
| CN103427998A (en) | Internet data distribution oriented identity authentication and data encryption method | |
| CN106302411A (en) | The secure cloud storage method and system of support file encryption based on windows platform | |
| CN112532580B (en) | Data transmission method and system based on block chain and proxy re-encryption | |
| CN103580868A (en) | Secure transmission method of electronic official document secure transmission system | |
| CN111262852B (en) | Business card signing and issuing method and system based on block chain | |
| CN104158880A (en) | User-end cloud data sharing solution |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140806 |
|
| WD01 | Invention patent application deemed withdrawn after publication |