CN104168277A

CN104168277A - File security maintaining method and device

Info

Publication number: CN104168277A
Application number: CN201410401887.5A
Authority: CN
Inventors: 王楠; 郭涛; 余军
Original assignee: Xiaomi Inc
Current assignee: Beijing Xiaomi Technology Co Ltd; Xiaomi Inc
Priority date: 2014-08-15
Filing date: 2014-08-15
Publication date: 2014-11-26

Abstract

The invention discloses a file security maintaining method and device and belongs to the technical field of information security. The method comprises the first step of obtaining a private file to be secured, the second step of uploading the private file to a server, wherein the server is used for receiving the private file and storing the private file as the private file located in the server, and the third step of deleting the private file at the local end after the private file is uploaded successfully. The device comprises an obtaining module, an uploading module and a deleting module. According to the method and device, the private file to be secured is obtained and uploaded to the server, and the private file at the local end is deleted after the private file is uploaded successfully; the problem that in the related technology, the security is low because a file is secured by setting file attributes is solved; the effect of improving the security of the file is achieved.

Description

Document secrecy method and device

Technical field

The disclosure relates to field of information security technology, particularly a kind of document secrecy method and device.

Background technology

Along with popularizing of intelligent terminal, user can use intelligent terminal browser document anywhere or anytime, these files generally include the file that relates to user's private information, such as secret photo, secret note, secret mail etc., user does not wish that these files are stolen by others or check, therefore, necessary these files are maintained secrecy.

In correlation technique, the file attribute that user can carry out secret file by needs on intelligent terminal is conventionally set to hide, and is non-existent to make this article part In the view of others, thereby realizes maintaining secrecy to file.

Summary of the invention

By file attribute is set, file is carried out to the secret lower problem of mode fail safe in order to solve in correlation technique, disclosure embodiment provides a kind of document secrecy method and device.Described technical scheme is as follows:

According to the first aspect of disclosure embodiment, a kind of document secrecy method is provided, described method comprises:

Obtain and treat secret secret file;

Upload described secret file to server, described server is for receiving described secret file and described secret file being stored as to the secret file that is positioned at described server;

After uploading successfully, delete the described secret file that is positioned at local terminal.

In an embodiment, describedly upload described secret file to server, comprising:

To described server upload the file data of described secret file, for representing that described file data is secret mark and the corresponding user ID of described secret file of secret file.

In an embodiment, described method also comprises:

Detect and whether be provided with the access authentication mechanism corresponding with described secret file, described access authentication mechanism for carrying out authentication in the time that access is positioned at the described secret file of described server;

If be not yet provided with described access authentication mechanism, prompting arranges described access authentication mechanism;

According to the signalization receiving, described access authentication mechanism is set.

In an embodiment, described method also comprises:

Before uploading, use with the traffic encryption key of described server commitment described secret file is encrypted, described server, for after the described secret file receiving after encryption, uses the Propagation solution decryption key of agreement to be decrypted described secret file.

According to the second aspect of disclosure embodiment, a kind of document secrecy method is provided, described method comprises:

Carry out authentication by access authentication mechanism and server, described access authentication mechanism for carrying out authentication in the time that access is positioned at the secret file of described server;

In the time that described authentication is passed through, download described secret file from described server;

Described secret file encryption is stored in local terminal.

In an embodiment, described described secret file encryption is stored in local terminal, comprises:

For described secret file allocation local terminal encryption key, the local terminal encryption key that different secret files are corresponding different;

Use described local terminal encryption key after described secret file encryption, to be stored in local terminal.

In an embodiment, described method also comprises:

Receive the opening signal corresponding to described secret file;

By after described secret file decryption, carry out opening operation.

In an embodiment, describedly carry out authentication by access authentication mechanism and server, comprising:

In the time that described secret file is photo, show photograph album user interface;

In the time receiving the pulldown signal that acts on described photograph album user interface top, described photograph album user interface is switched to secret photograph album access checking interface;

According to the signal receiving at described secret photograph album access checking interface, carry out authentication with described server.

In an embodiment, described method also comprises:

In the time that the described secret file downloading to is the secret file after described server is encrypted by the traffic encryption key of agreement, by described secret file being decrypted with the Propagation solution decryption key of described server commitment.

According to the third aspect of disclosure embodiment, a kind of file security device is provided, described device comprises:

Acquisition module, is configured to obtain and treats secret secret file;

Upper transmission module, is configured to upload described secret file to server, and described server is for receiving described secret file and described secret file being stored as to the secret file that is positioned at described server;

Removing module, is configured to after uploading successfully, deletes the described secret file that is positioned at local terminal.

In an embodiment,

Described upper transmission module, be configured to described server upload the file data of described secret file, for representing that described file data is secret mark and the corresponding user ID of described secret file of secret file.

In an embodiment, described device also comprises:

Detection module, is configured to detect whether be provided with the access authentication mechanism corresponding with described secret file, and described access authentication mechanism for carrying out authentication in the time that access is positioned at the described secret file of described server;

Reminding module, is not yet provided with described access authentication mechanism if be configured to, prompting arranges described access authentication mechanism;

Module is set, is configured to, according to the signalization receiving, described access authentication mechanism is set.

In an embodiment, described device also comprises:

Agreement module, be configured to before uploading, use with the traffic encryption key of described server commitment described secret file is encrypted, described server, for after the described secret file receiving after encryption, uses the Propagation solution decryption key of agreement to be decrypted described secret file.

According to the fourth aspect of disclosure embodiment, a kind of file security device is provided, described device comprises:

Authentication module, is configured to carry out authentication by access authentication mechanism and server, and described access authentication mechanism for carrying out authentication in the time that access is positioned at the secret file of described server;

Download module, is configured to, in the time that described authentication is passed through, download described secret file from described server;

Memory module, is configured to described secret file encryption to be stored in local terminal.

In an embodiment, described memory module, comprising:

Distribution sub module, is configured to described secret file allocation local terminal encryption key, the local terminal encryption key that different secret files are corresponding different;

Sub module stored, is configured to use described local terminal encryption key after described secret file encryption, to be stored in local terminal.

In an embodiment, described device also comprises:

Receiver module, is configured to receive the opening signal corresponding to described secret file;

Open module, be configured to after described secret file decryption, carry out opening operation.

In an embodiment, described authentication module, comprising:

Display sub-module, is configured in the time that described secret file is photo, shows photograph album user interface;

Switching submodule, is configured in the time receiving the pulldown signal that acts on described photograph album user interface top, and described photograph album user interface is switched to secret photograph album access checking interface;

Checking submodule, is configured to, according to the signal receiving at described secret photograph album access checking interface, carry out authentication with described server.

In an embodiment, described device also comprises:

Deciphering module, is configured in the time that the described secret file downloading to is the secret file after described server is encrypted by the traffic encryption key of agreement, by described secret file being decrypted with the Propagation solution decryption key of described server commitment.

According to the 5th aspect of disclosure embodiment, a kind of file security device is provided, described device comprises:

Processor;

Be used for the memory of the executable instruction of storing described processor;

Wherein, described processor is configured to:

Obtain and treat secret secret file;

According to the 6th aspect of disclosure embodiment, a kind of file security device is provided, described device comprises:

Processor;

Wherein, described processor is configured to:

Described secret file encryption is stored in local terminal.

The technical scheme that disclosure embodiment provides can comprise following beneficial effect:

Treat secret secret file by obtaining, upload this secret file to server, this server, for receiving this secret file and this secret file being stored as to the secret file that is positioned at server, after uploading successfully, is deleted this secret file that is positioned at local terminal; Solve in correlation technique, by file attribute is set, file has been carried out to the secret lower problem of mode fail safe; Reach the not effect with plaintext form storage secret file, raising file security at local terminal.

Should be understood that, it is only exemplary and explanatory that above general description and details are hereinafter described, and can not limit the disclosure.

Brief description of the drawings

Accompanying drawing is herein merged in specification and forms the part of this specification, shows and meets embodiment of the present disclosure, and be used from and explain principle of the present disclosure with specification one.

Fig. 1 is the structural representation of the related a kind of implementation environment of the document secrecy method that provides of each embodiment of the disclosure;

Fig. 2 is according to the method flow diagram of a kind of document secrecy method shown in an exemplary embodiment;

Fig. 3 is according to the method flow diagram of a kind of document secrecy method shown in another exemplary embodiment;

Fig. 4 is the basis method flow diagram of a kind of document secrecy method shown in an exemplary embodiment again;

Fig. 5 is according to the method flow diagram of a kind of document secrecy method shown in another exemplary embodiment;

Fig. 6 A is according to the method flow diagram of going back a kind of document secrecy method shown in an exemplary embodiment;

Fig. 6 B is the schematic diagram that the first terminal prompting shown in Fig. 6 A illustrated embodiment arranges access authentication mechanism;

Fig. 6 C is the photograph album user interface of the second terminal demonstration shown in Fig. 6 A illustrated embodiment and accesses according to the operation of this photograph album user interface being entered to secret photograph album the schematic diagram of verifying interface;

Fig. 7 is according to the block diagram of a kind of file security device shown in an exemplary embodiment;

Fig. 8 is according to the block diagram of a kind of file security device shown in another exemplary embodiment;

Fig. 9 is the basis block diagram of a kind of file security device shown in an exemplary embodiment again;

Figure 10 is according to the block diagram of a kind of file security device shown in another exemplary embodiment;

Figure 11 is according to a kind of block diagram for file security device shown in an exemplary embodiment;

Figure 12 is according to a kind of block diagram for file security device shown in an exemplary embodiment.

By above-mentioned accompanying drawing, the embodiment that the disclosure is clear and definite has been shown, will there is hereinafter more detailed description.These accompanying drawings and text description are not the scope in order to limit disclosure design by any mode, but by reference to specific embodiment for those skilled in the art illustrate concept of the present disclosure.

Embodiment

Here will at length describe exemplary embodiment, its sample table shows in the accompanying drawings.When description below relates to accompanying drawing, unless separately there is expression, the same numbers in different accompanying drawings represents same or analogous key element.Execution mode described in following exemplary embodiment does not represent all execution modes consistent with the disclosure.On the contrary, they are only and the example of apparatus and method as consistent in some aspects that described in detail in appended claims, of the present disclosure.

Please refer to Fig. 1, it shows the structural representation of the related a kind of implementation environment of document secrecy method that each embodiment of the disclosure provides.This implementation environment comprises first terminal 120, the second terminal 140 and server 160.Wherein, first terminal 120 is connected with server 160 respectively with the second terminal 140.

First terminal 120, can be to there is secret file acquisition, store and upload to server 160 electronic equipment of the function of the secret file getting, this electronic equipment can be smart mobile phone, panel computer, intelligent television, digital camera, MP3 (Moving Picture Experts Group Audio Layer IV, dynamic image expert compression standard audio frequency aspect 3) player, MP4 (Moving Picture Experts Group Audio Layer IV, dynamic image expert compression standard audio frequency aspect 4) player, pocket computer on knee, desktop computer etc.

Can be by cable network or the wireless network (not shown in figure 1) that is connected between first terminal 120 and the second terminal 140, or first terminal 120 can also not be connected with the second terminal 140.

The second terminal 140 can be to have from server 160 download secret file and it is stored, open, the electronic equipment of the functions such as demonstration, this electronic equipment can be smart mobile phone, panel computer, intelligent television, digital camera, MP3 (Moving Picture Experts Group Audio Layer IV, dynamic image expert compression standard audio frequency aspect 3) player, MP4 (Moving Picture Experts Group Audio Layer IV, dynamic image expert compression standard audio frequency aspect 4) player, pocket computer on knee, desktop computer etc.

Between the second terminal 140 and server 160, can be connected by cable network or wireless network.

Server 160, can be a station server, or the server cluster being made up of some station servers, or a cloud computing service center.This server 160 is can receive and store the secret file that first terminal 120 uploads and it is stored, and the server of the secret file that first terminal 120 uploads is provided to the second terminal 140.

Server 160 also and between first terminal 120 is connected by cable network or wireless network.

Wherein, the first terminal 120 in above-mentioned implementation environment and the second terminal 140 can be the electronic equipments of same type, can be also dissimilar electronic equipments, can also be same electronic equipments.

Please refer to Fig. 2, it shows the method flow diagram of a kind of document secrecy method shown in an exemplary embodiment.The present embodiment is applied to shown in Fig. 1 and is illustrated in the first terminal 120 in implementation environment with this document secrecy method.Referring to Fig. 2, the method flow process comprises:

In step 201, obtain and treat secret secret file.

In step 202, upload this secret file to server, this server is for receiving this secret file and this secret file being stored as to the secret file that is positioned at server.

In step 203, after uploading successfully, delete this secret file that is positioned at local terminal.

In sum, the document secrecy method that disclosure embodiment provides, treat secret secret file by obtaining, upload this secret file to server, this server is for receiving this secret file and this secret file being stored as to the secret file that is positioned at server, after uploading successfully, delete this secret file that is positioned at local terminal; Solve in correlation technique, by file attribute is set, file has been carried out to the secret lower problem of mode fail safe; Reach the not effect with plaintext form storage secret file, raising file security at local terminal.

Please refer to Fig. 3, it shows the method flow diagram of a kind of document secrecy method shown in another exemplary embodiment.The present embodiment is applied to shown in Fig. 1 and is illustrated in the first terminal 120 in implementation environment with this document secrecy method.Referring to Fig. 3, the method flow process comprises:

In step 301, carry out authentication by access authentication mechanism and server, this access authentication mechanism for carrying out authentication in the time that access is positioned at the secret file of server.

In step 302, in the time that authentication is passed through, download this secret file from server.

In step 303, this secret file encryption is stored in local terminal.

In sum, the document secrecy method that disclosure embodiment provides, carry out authentication by access authentication mechanism and server, in the time that authentication is passed through, download this secret file and this secret file encryption is stored in local terminal from server, having solved in correlation technique, by file attribute is set, file has been carried out to the secret lower problem of mode fail safe; Reach the not effect with plaintext form storage secret file, raising file security at local terminal.

Please refer to Fig. 4, it shows the method flow diagram of a kind of document secrecy method shown in an exemplary embodiment again.The present embodiment is applied in the implementation environment that the first terminal 120 in implementation environment shown in Fig. 1 and server 160 form and is illustrated with this document secrecy method.Referring to Fig. 4, the method flow process comprises:

In step 401, obtain and treat secret secret file.

In disclosure embodiment, when user need to carry out when secret secret file, user can trigger first terminal by corresponding operational order and obtain this and treat secret secret file.

Wherein, first terminal obtains in the time of secret secret file and can comprise following two kinds of modes:

First kind of way, first terminal obtains from the file of local terminal storage treats secret secret file.

First terminal can first obtain multiple files according to user's operational order, the plurality of file is presented on first terminal screen, and then first terminal according to user to one of them or the selection instruction of several files in the plurality of file, selected this selection instruction file is defined as treating secret secret file.

Such as, suppose that the file that first terminal gets according to user's operational order is file A, file B and tri-files of file C, in the time that first terminal detects user to the selection instruction of file A, first terminal is defined as treating secret secret file by this file A.

The second way, the newly-built secret file that comprises security information of first terminal.

When user need to carry out when secret private information, user can trigger by corresponding operational order that first terminal is newly-built comprises the secret file for the treatment of secret private information, and then first terminal is defined as treating secret secret file by this secret file.

Such as, first terminal according to user's operational order by the newly-built secret file D that comprises private information, first terminal is defined as treating secret secret file by this secret file D.

In step 402, detect and whether be provided with the access authentication mechanism corresponding with this secret file, this access authentication mechanism for carrying out authentication in the time that access is positioned at this secret file of server.

In the time that first terminal gets until secret secret file, first terminal detects whether be provided with the access authentication mechanism corresponding with this secret file.

Wherein, this access authentication mechanism is for the authentication in the time that access is positioned at this secret file of server.Also, when user wants access while being positioned at this secret file of server, first carry out authentication by this access authentication mechanism with regard to needs, and then just can access this secret file that is positioned at server, otherwise this secret file that just cannot access services device.

Wherein, this access authentication mechanism includes but not limited to: password authentification mechanism, pattern authentication mechanism, fingerprint authentication mechanism, recognition of face authentication mechanism, dynamic electron password authentication mechanism, speech verification mechanism etc.

Wherein, be provided with the access authentication mechanism corresponding with this secret file if first terminal detects, carry out following step 405, be not yet provided with the access authentication mechanism corresponding with this secret file if first terminal detects, carry out following step 403 to 404.

In step 403, if be not yet provided with this access authentication mechanism, prompting arranges this access authentication mechanism.

In above-mentioned steps 402, if detecting, first terminal is not yet provided with access authentication mechanism, first terminal prompting user arranges access authentication mechanism.

Such as, first terminal prompting user arranges access authentication password.

Alternatively, first terminal is in the time that prompting user arranges access authentication mechanism, can access authentication mechanism be set by written form or voice message user, such as, first terminal shows that " access authentication password please be set " point out user on by first terminal screen, for another example, first terminal " please arrange and access authentication password " by sound bite user is pointed out.

It should be noted that, the prompting form of above first terminal in the time that user is reminded is only exemplary, and not in order to limit the disclosure, the prompting form of other that relate in actual applications also should be in protection range of the present disclosure.

In step 404, according to the signalization receiving, this access authentication mechanism is set.

In the time that user receives the information of first terminal, user triggers first terminal by corresponding operation access authentication mechanism is set.

In the time that first terminal receives the signalization that user's operation triggers, first terminal receives this signalization, and according to this signalization, corresponding access authentication mechanism is set.

Such as, first terminal arranges access authentication password according to the configuration information receiving.

In step 405, upload this secret file to server, this server is for receiving this secret file and this secret file being stored as to the secret file that is positioned at server.

When first terminal in step 402 detects while being provided with the access authentication mechanism corresponding with this secret file; Or, in step 402, first terminal detects and is not yet provided with the access authentication mechanism corresponding with this secret file, but when step 403 is provided with the access authentication mechanism corresponding with this secret file to first terminal in 404, first terminal is uploaded this secret file to server.

Wherein, this server is used for receiving the secret file that first terminal is uploaded, and it is stored.

First terminal is in the time uploading this secret file to server, the information of uploading includes but not limited to: the file data of this secret file, for representing that this file data is secret mark and the corresponding user ID of this secret file of secret file.

In the time that server receives the secret file that first terminal uploads, server, according to secret mark and the user ID corresponding to this secret file of this secret file, is stored this secret file.

Such as, suppose that user ID is user account smwenjian1@xx.com, the secret of secret file A is designated ID-Asm, server, in the time receiving the secret file A uploading of first terminal, is stored in this secret file A in the memory space that user account smwenjian1@xx.com is corresponding according to the secret mark ID-Asm of this secret file A so.

It should be noted that, in disclosure embodiment, for ensureing the transmission security of secret file, first terminal is before uploading secret file to server, can use with the traffic encryption key of this server commitment this secret file is encrypted, when server receives after the secret file that first terminal uploads, server can use with the Propagation solution decryption key of first terminal agreement this secret file is decrypted, and then the secret file after deciphering is stored.Certainly, server is in the time receiving the secret file that first terminal uploads, also can it be decrypted and directly it be stored, but the secret file that now user just cannot browser server, therefore, server is decrypted storage to it and can facilitates user to being positioned at the browsing of this secret file of server in the time receiving secret file.

Also it should be noted that, first terminal is in the time uploading secret file to server, and first terminal system is searched the secret file identical with this secret file automatically, and this secret file is uploaded onto the server.

Alternatively, first terminal can be according to the characteristic information of file, searches and the file for the treatment of that secret secret file is identical, and this file is uploaded onto the server.

In step 406, after uploading successfully, delete this secret file that is positioned at local terminal.

First terminal is after uploading successfully to secret file, and first terminal is deleted the secret file that is positioned at local terminal.

Such as, first terminal is deleted the secret file A that is positioned at local terminal.

It should be noted that, in disclosure embodiment, first terminal is after deletion is positioned at the secret file of local terminal, there is not this secret file in local terminal, in the time that user need to check this secret file, can download this secret file and it is checked from server, first terminal, download this secret file from server before, need carry out authentication with server.

In step 407, carry out authentication by access authentication mechanism and server, this access authentication mechanism for carrying out authentication in the time that access is positioned at the secret file of server.

In the time that first terminal need to be checked the secret file of the end of uploading onto the server, first terminal carries out authentication by access authentication mechanism and server.

With step 402 in 404 in like manner, the access authentication mechanism here also includes but not limited to: password authentification mechanism, pattern authentication mechanism, fingerprint authentication mechanism, recognition of face authentication mechanism, dynamic electron password authentication mechanism, speech verification mechanism etc.

But it should be noted that, access authentication mechanism in this step 407 is corresponding with step 402 to the access authentication mechanism in 404,, if the access authentication mechanism that first terminal detects in step 402 is password authentification mechanism, or, step 403 to 404 in the access authentication mechanism of first terminal setting be password authentification, in this step 407 first terminal be also by password authentification mechanism and server carry out authentication; If the access authentication mechanism that first terminal detects in step 402 is pattern authentication mechanism, or, step 403 to 404 in the access authentication mechanism of first terminal setting be pattern checking, in this step 407 first terminal be also by pattern authentication mechanism and server carry out authentication.

In step 408, in the time that this authentication is passed through, download this secret file from this server.

In the time that the authentication of first terminal and server is passed through, first terminal is downloaded corresponding secret file from server.

Such as, first terminal is downloaded secret file A from server.

Alternatively, first terminal, in the time downloading secret file from server, can and be downloaded this secret file with the corresponding user ID of this secret file according to the secret mark of secret file.

Such as, first terminal, according to the secret mark ID-Asm of secret file A, is downloaded this secret file under user account smwenjian1@xx.com corresponding to the corresponding user ID smwenjian1@of this secret file A xx.com.

Alternatively, first terminal is after server has sent download request, server can use the secret file that will download first terminal with the traffic encryption key of first terminal agreement to be encrypted, and then the secret file after encrypting is sent to first terminal, to ensure this fail safe of secret file in downloading process.

In step 409, this secret file encryption is stored in local terminal.

In the time that first terminal downloads to secret file, first terminal is stored in this secret file encryption in local terminal.

Such as, first terminal is encrypted secret file A to be stored in local terminal.

Wherein, first terminal, in the time this secret file being carried out to local terminal encryption storage, comprises following two steps:

Step 1, first terminal is this secret file allocation local terminal encryption key, the local terminal encryption key that different secret files are corresponding different.

In disclosure embodiment, in order to ensure the fail safe of each secret file, first terminal can be encryption key of each secret file allocation, and then uses this encryption key to store this secret file.

Wherein, the encryption key difference of different secret files.Such as, first terminal is that secret file A distributes encryption key A000, first terminal is that secret file B distributes encryption key B000 etc.

Step 2, is used this local terminal encryption key after this secret file encryption, to be stored in local terminal.

First terminal is after the local cipher key that has been each secret file allocation, and first terminal uses this encryption key to carry out this locality storage to this secret file.

Such as, first terminal uses encryption key A000 to carry out local cipher storage to secret file A; For another example, first terminal uses encryption key B000 to carry out local cipher storage to secret file B.

In step 410, receive the opening signal corresponding to this secret file.

After first terminal uses local cipher key to store secret file, in the time that user wants to check certain secret file, user can trigger the opening signal corresponding to this secret file by corresponding operation.

Such as, user, by double-clicking secret file A, triggers the opening signal corresponding to this secret file A.

In the time that user has carried out opening operation and triggered the opening signal corresponding to secret file, first terminal receives this signal.

Such as, first terminal receives the opening signal corresponding to secret file A.

In step 411, by after this secret file decryption, carry out opening operation.

When first terminal receives the opening signal corresponding to secret file, and when this secret file is the secret file by being encrypted with the traffic encryption key of server commitment, first terminal uses with the Propagation solution decryption key of server commitment this secret file is decrypted, and then carries out corresponding opening operation.

In sum, the document secrecy method that disclosure embodiment provides, treat secret secret file by obtaining, upload this secret file to server, this server is for receiving this secret file and this secret file being stored as to the secret file that is positioned at server, after uploading successfully, deletion is positioned at this secret file of local terminal and carries out authentication by access authentication mechanism and server, in the time that authentication is passed through, download this secret file and this secret file encryption is stored in local terminal from server, solve in correlation technique, by file attribute is set, file has been carried out to the secret lower problem of mode fail safe, reach the not effect with plaintext form storage secret file, raising file security at local terminal.

The document secrecy method that disclosure embodiment provides, by uploading the file data of secret file to server, for representing that file data is secret mark and the corresponding user ID of secret file of secret file, store to make server treat secret secret file according to the secret mark of secret file and the corresponding user ID of secret file, ensured fail safe and the cleaning of the data of server stores.

The document secrecy method that disclosure embodiment provides, by detecting and whether be provided with the access authentication mechanism corresponding with this secret file before uploading secret file to server, to make in the time being provided with the security access mechanism corresponding with this secret file, upload this secret file and in the time not being provided with the security access mechanism corresponding with this secret file, pointing out and this security access mechanism is set and uploads secret file according to the security access mechanism after arranging to server to server; Ensure the fail safe of secret file.

The document secrecy method that disclosure embodiment provides, by before uploading secret file, use with the encryption key of server commitment secret file is encrypted, so that server Propagation solution decryption key according to a preconcerted arrangement in the time receiving this secret file is decrypted this secret file; Ensure the fail safe of secret file in transmitting procedure.

The document secrecy method that disclosure embodiment provides, by the secret file allocation local cipher key for downloading to, local terminal encryption key corresponding to different secret files, to after the secret file encryption downloading to, be stored in local terminal according to this encryption key, further improved the fail safe of secret file.

The document secrecy method that disclosure embodiment provides, by when the opening signal receiving corresponding to secret file, this secret file is decrypted, carry out corresponding opening operation, fail safe while having improved secret File Open, has ensured to open the accuracy of secret file.

The document secrecy method that disclosure embodiment provides, when secret file by after to be server at this secret file downloading to be encrypted by the traffic encryption key of agreement, by this secret file being decrypted with the Propagation solution decryption key of this server commitment; Ensure the fail safe of secret file in transmitting procedure.

Above embodiment illustrated in fig. 4 be with first terminal after server is uploaded secret file, first terminal is downloaded secret file and it is opened for to example describes from server, the document secrecy method that disclosure embodiment provides, first terminal is after carrying out synchronously (after secret file is uploaded onto the server) to secret file, the second terminal also can be checked this secret file after by Authority Verification.Such as, suppose that first terminal is mobile phone, the second terminal is panel computer, and mobile phone is after uploading onto the server secret file, and user can, by get authority on panel computer after, check secret file on panel computer.Specifically:

Please refer to Fig. 5, it shows the method flow diagram of a kind of document secrecy method shown in another exemplary embodiment.The present embodiment is applied to shown in Fig. 1 and is illustrated in the implementation environment in implementation environment with this document secrecy method.Referring to Fig. 5, the method flow process comprises:

In step 501, first terminal obtains treats secret secret file.

In step 502, first terminal detects whether be provided with the access authentication mechanism corresponding with this secret file, and this access authentication mechanism for carrying out authentication in the time that access is positioned at the described secret file of server.

In step 503, if be not yet provided with access authentication mechanism, first terminal prompting arranges access authentication mechanism.

In step 504, first terminal arranges access authentication mechanism according to the signalization receiving.

In step 505, first terminal is uploaded this secret file to server, and this server is for receiving this secret file and this secret file being stored as to the secret file that is positioned at server.

In step 506, after uploading successfully, first terminal is deleted this secret file that is positioned at local terminal.

Above step 501 is identical or similar to step 406 with the step 401 in embodiment illustrated in fig. 4 to step 506, and the present embodiment does not repeat them here.

In step 507, the second terminal is carried out authentication by access authentication mechanism and server, and this access authentication mechanism for carrying out authentication in the time that access is positioned at the secret file of server.

In step 508, in the time that this authentication is passed through, the second terminal is downloaded this secret file from this server.

In step 509, the second terminal is stored in this secret file encryption in local terminal.

In step 510, the second terminal receives the opening signal corresponding to this secret file.

In step 511, the second terminal, by after this secret file decryption, is carried out opening operation.

Above step 507 is identical or similar to step 411 with the step 407 in embodiment illustrated in fig. 4 to step 511, and the present embodiment does not repeat them here.

But it should be noted that, from embodiment illustrated in fig. 4 different, in the present embodiment, this step 507 to the executive agent of step 511 is the second terminal.

In sum, the document secrecy method that disclosure embodiment provides, first terminal is treated secret secret file by obtaining, upload this secret file to server, this server is for receiving this secret file and this secret file being stored as to the secret file that is positioned at server, after uploading successfully, delete this secret file that is positioned at local terminal; Solve in correlation technique, by file attribute is set, file has been carried out to the secret lower problem of mode fail safe; Reach the not effect with plaintext form storage secret file, raising file security at local terminal.

The document secrecy method that disclosure embodiment provides, first terminal by detecting and whether be provided with the access authentication mechanism corresponding with this secret file before uploading secret file to server, to make in the time being provided with the security access mechanism corresponding with this secret file, upload this secret file and in the time not being provided with the security access mechanism corresponding with this secret file, pointing out and this security access mechanism is set and uploads secret file according to the security access mechanism after arranging to server to server; Ensure the fail safe of secret file.

The document secrecy method that disclosure embodiment provides, first terminal is by before uploading secret file, use with the encryption key of server commitment secret file is encrypted, so that server Propagation solution decryption key according to a preconcerted arrangement in the time receiving this secret file is decrypted this secret file; Ensure the fail safe of secret file in transmitting procedure.

The document secrecy method that disclosure embodiment provides, the second terminal is carried out authentication by access authentication mechanism and server, in the time that authentication is passed through, download this secret file and this secret file encryption is stored in local terminal from server, having solved in correlation technique, by file attribute is set, file has been carried out to the secret lower problem of mode fail safe; Reach the effect that improves file security.

The document secrecy method that disclosure embodiment provides, the second terminal is by the secret file allocation local cipher key for downloading to, local terminal encryption key corresponding to different secret files, to after the secret file encryption downloading to, be stored in local terminal according to this encryption key, further improved the fail safe of secret file.

The document secrecy method that disclosure embodiment provides, the second terminal, by when the opening signal receiving corresponding to secret file, is decrypted this secret file, carries out corresponding opening operation, fail safe while having improved secret File Open, has ensured to open the accuracy of secret file.

The document secrecy method that disclosure embodiment provides, when the secret file of the second terminal by after to be server at this secret file downloading to be encrypted by the traffic encryption key of agreement, by this secret file being decrypted with the Propagation solution decryption key of this server commitment; Ensure the fail safe of secret file in transmitting procedure.

Above Fig. 4 and embodiment illustrated in fig. 5 be to treat that secret information is that secret file is that example describes, wherein, this secret file can be secret note, secret mail, secret photo etc., is illustrated below taking this secret file as secret photo as example.Specifically:

Please refer to Fig. 6 A, it shows the also method flow diagram of a kind of document secrecy method shown in an exemplary embodiment.The present embodiment is applied to shown in Fig. 1 in the implementation environment in implementation environment with this document secrecy method, and is illustrated as secret photo as example taking this secret file.Referring to Fig. 6 A, the method flow process comprises:

In step 601, first terminal obtains treats secret secret photo.

In disclosure embodiment, when user need to carry out when secret secret photo, user can trigger first terminal by corresponding operational order and obtain this and treat secret secret photo.

Wherein, first terminal obtains in the time of secret secret photo and can comprise following two kinds of modes:

First kind of way, first terminal obtains from the photo of local terminal storage treats secret secret photo.

First terminal can be opened local terminal picture library according to user's operational order, multiple pictures in picture library is presented on first terminal screen, and then first terminal according to user the selection instruction to the wherein one or several sheets photo in this multiple pictures, selected this selection instruction photo is defined as treating secret secret photo.

Such as, supposing has picture A, photo B and tri-photos of photo C in first terminal picture library, and in the time that first terminal detects the selection instruction of user's comparison film A, first terminal is defined as treating secret secret photo by this picture A.

The second way, first terminal is taken and is treated secret secret photo according to user's operational order.

Such as, first terminal is taken secret picture B shows according to user's operational order, and first terminal is defined as treating secret secret photo by this secret picture B shows.

In step 602, first terminal detects whether be provided with the access authentication mechanism corresponding with this secret photo, and this access authentication mechanism for carrying out authentication in the time that access is positioned at the secret photo of server.

In the time that first terminal gets until secret secret photo, first terminal detects whether be provided with the access authentication mechanism corresponding with this secret photo.

Wherein, this access authentication mechanism is for the authentication in the time that access is positioned at this secret photo of server.Also, when user wants access while being positioned at this secret photo of server, first carry out authentication by this access authentication mechanism with regard to needs, and then just can access this secret photo that is positioned at server, otherwise this secret photo that just cannot access services device.

Wherein, be provided with the access authentication mechanism corresponding with this secret photo if first terminal detects, carry out following step 605, be not yet provided with the access authentication mechanism corresponding with this secret photo if first terminal detects, carry out following step 603 to 604.

In step 603, if be not yet provided with access authentication mechanism, first terminal prompting arranges access authentication mechanism.

In above-mentioned steps 602, if detecting, first terminal is not yet provided with access authentication mechanism, first terminal prompting user arranges access authentication mechanism.

Such as, first terminal prompting user arranges access authentication password.

Below in conjunction with accompanying drawing taking this access authentication mechanism as password authentification mechanism and the form prompting user of first terminal by word access authentication mechanism be set describe as example.

Please refer to Fig. 6 B, its first terminal prompting showing in Fig. 6 A illustrated embodiment arranges the schematic diagram of accessing authentication mechanism.Can find out referring to Fig. 6 B (A) with (B), in the time that first terminal receives user to the click commands of secret photograph album 1, first terminal shows the prompting of " access authentication password please be set ", and shows interface is set accordingly.

In step 604, first terminal arranges access authentication mechanism according to the signalization receiving.

Please continue to refer to Fig. 6 B, user can carry out corresponding operating according to the demonstration of the display interface of Fig. 6 B, to trigger first terminal, access authentication password is set.After user has inputted and once accesses authentication password, user can click the Next button and proceed to access the setting of authentication password, also can reset access authentication password by clicking the Back button.Fig. 6 B clicks the Next button taking first terminal user and describes as example, in the time that user has clicked the Next button, first terminal is for the accuracy of the password that ensures user and input, can prompting user re-enter password, in the time that user inputs the access authentication password identical with the password of inputting for the first time again, complete the setting of access authentication password by clicking " determining " button, first terminal reminding user access authentication password arranges successfully.Referring to (C) in Fig. 6 B and (D).

In step 605, first terminal is uploaded this secret photo to server, and this server is for receiving this secret photo and being the secret photo that is positioned at server by this secret photo storage.

When first terminal in step 602 detects while being provided with the access authentication mechanism corresponding with this secret photo; Or, in step 602, first terminal detects and is not yet provided with the access authentication mechanism corresponding with this secret photo, but when step 603 is provided with the access authentication mechanism corresponding with this secret photo to first terminal in 604, first terminal is uploaded this secret photo to server.

Wherein, this server is used for receiving the secret photo that first terminal is uploaded, and it is stored.

First terminal is in the time uploading this secret photo to server, the information of uploading includes but not limited to: the picture data of this secret photo, for representing that this picture data is secret mark and the corresponding user ID of this secret photo of secret photo.

In the time that server receives the secret photo that first terminal uploads, server, according to secret mark and the user ID corresponding to this secret photo of this secret photo, is stored this secret photo.

Such as, suppose that user ID is user account smxiangce1@xx.com, the secret of secret picture A is designated ID-Asm, server, in the time receiving the secret picture A of uploading of first terminal, is stored in this secret picture A in the memory space that user account smxiangce1@xx.com is corresponding according to the secret mark ID-Asm of this secret picture A so.

It should be noted that, in disclosure embodiment, for ensureing the transmission security of secret photo, first terminal is before uploading secret photo to server, can use with the traffic encryption key of this server commitment this secret photo is encrypted, when server receives after the secret photo that first terminal uploads, server can use with the Propagation solution decryption key of first terminal agreement this secret photo is decrypted, and then the secret photo after deciphering is stored.Certainly, server is in the time receiving the secret photo that first terminal uploads, also can it be decrypted and directly it be stored, but the secret photo that now user just cannot browser server, therefore, server is decrypted storage to it and can facilitates user to being positioned at the browsing of this secret photo of server in the time receiving secret photo.

Also it should be noted that, first terminal is in the time uploading secret photo to server, and first terminal system is searched the secret photo identical with this secret photo automatically, and by this secret photo upload to server.

Alternatively, first terminal can be according to the characteristic information of photo, search and the photo for the treatment of that secret secret photo is identical, and by this photo upload to server.

In step 606, after uploading successfully, first terminal is deleted this secret photo that is positioned at local terminal.

First terminal is to after secret photo upload success, and first terminal is deleted the secret photo that is positioned at local terminal.

Such as, first terminal is deleted the secret picture A that is positioned at local terminal.

It should be noted that, in disclosure embodiment, first terminal is after deletion is positioned at the secret photo of local terminal, there is not this secret photo in local terminal, in the time that user need to check this secret photo, can download this secret photo and it is checked from server, first terminal, download this secret photo from server before, need carry out authentication with server.

In step 607, the second terminal is carried out authentication by access authentication mechanism and server, and this access authentication mechanism for carrying out authentication in the time that access is positioned at the secret photo of server.

In the time that the second terminal need to be checked the secret photo of the end of uploading onto the server, the second terminal is carried out authentication by access authentication mechanism and server.

With step 602 in 604 in like manner, the access authentication mechanism here also includes but not limited to: password authentification mechanism, pattern authentication mechanism, fingerprint authentication mechanism, recognition of face authentication mechanism, dynamic electron password authentication mechanism, speech verification mechanism etc.

But it should be noted that, access authentication mechanism in this step 607 is corresponding with step 602 to the access authentication mechanism in 604,, if the access authentication mechanism that first terminal detects in step 602 is password authentification mechanism, or, step 603 to 604 in the access authentication mechanism of first terminal setting be password authentification, in this step 607 the second terminal be also by password authentification mechanism and server carry out authentication; If the access authentication mechanism that first terminal detects in step 602 is pattern authentication mechanism, or, step 603 to 604 in the access authentication mechanism of first terminal setting be pattern checking, in this step 607 the second terminal be also by pattern authentication mechanism and server carry out authentication.

In the present embodiment, the second terminal, in the time carrying out authentication by access authentication mechanism and server, can comprise following three steps:

Step 1, in the time that secret file is photo, the second terminal shows photograph album user interface.

Please refer to Fig. 6 C, it shows the schematic diagram of a kind of photograph album user interface that in disclosure embodiment, the second terminal shows, can find out that (A) in this Fig. 6 C comprises four photograph albums, is respectively: the travel in system photograph album, 2013 capital of a countrys, team's activity are climbed Fragrance Hill and certainly taken pictures.

Step 2, in the time receiving the pulldown signal that acts on this photograph album user interface top, this photograph album user interface is switched to secret photograph album access checking interface by the second terminal.

In the time that user wants to enter secret photograph album from active user's photograph album interface, user can be by down sliding screen to trigger pulldown signal, in the time that user triggers this pulldown signal, this photograph album user interface is switched to secret photograph album access checking interface by the second terminal, as shown in Fig. 6 C (B).Can find out the printed words that also comprise " forgetting Password " at this secret photograph album access checking interface, in the time that user forgets Password, can click this and " forget Password " and reset secret photograph album password, its implementation procedure can be with reference to figure 6C (C) and (D).

Step 3, the second terminal, according to the signal receiving at this secret photograph album access checking interface, is carried out authentication with server.

In the time of validation signal that the second terminal receives at this secret photograph album access checking interface, the second terminal is carried out authentication according to the signal and the server that receive.

Such as, the second terminal is carried out authentication according to access authentication password and the server of user's input.

In step 608, in the time that this authentication is passed through, the second terminal is downloaded this secret photo from this server.

In the time that the authentication of the second terminal and server is passed through, the second terminal is downloaded corresponding secret photo from server.

Such as, the second terminal is downloaded secret picture A from server.

Alternatively, the second terminal, in the time downloading secret photo from server, can and be downloaded this secret photo with the corresponding user ID of this secret photo according to the secret mark of secret photo.

Such as, the second terminal, according to the secret mark ID-Asm of secret picture A, is downloaded this secret photo under user account smxiangce1@xx.com corresponding to the corresponding user ID smxiangce1@of this secret picture A xx.com.

Alternatively, the second terminal is after server has sent download request, server can use the secret photo that will download the second terminal with the traffic encryption key of the second terminal agreement to be encrypted, and then the secret photo after encrypting is sent to the second terminal, to ensure this fail safe of secret photo in downloading process.

In step 609, the second terminal is encrypted this secret photo to be stored in local terminal.

When the second terminal downloads is during to secret photo, the second terminal is encrypted this secret photo to be stored in local terminal.

Such as, the second terminal is encrypted secret picture A to be stored in local terminal.

Wherein, the second terminal, in the time this secret photo being carried out to local terminal encryption storage, comprises following two steps:

Step 1, the second terminal is that this secret photo distributes local terminal encryption key, the local terminal encryption key that different secret photos are corresponding different.

In disclosure embodiment, in order to ensure the fail safe of each secret photo, the second terminal can be that each secret photo distributes an encryption key, and then uses this encryption key to store this secret photo.

Wherein, the encryption key difference of different secret photos.Such as, the second terminal is that secret picture A is distributed encryption key A000, the second terminal is that secret photo B distributes encryption key B000 etc.

Step 2, is used this local terminal encryption key after this secret photo encryption, to be stored in local terminal.

The second terminal is being distributed after local cipher key for each secret photo, and the second terminal is used this encryption key to carry out this locality storage to this secret photo.

Such as, the second terminal is used encryption key A000 to carry out local cipher storage to secret picture A; For another example, the second terminal is used encryption key B000 to carry out local cipher storage to secret photo B.

In step 610, the second terminal receives the opening signal corresponding to this secret photo.

After the second terminal is used local cipher key to store secret photo, in the time that user wants to check certain secret photo, user can trigger the opening signal corresponding to this secret photo by corresponding operation.

Such as, user, by double-clicking secret picture A, triggers the opening signal corresponding to this secret picture A.

In the time that user has carried out opening operation and triggered the opening signal corresponding to secret photo, the second terminal receives this signal.

Such as, the second terminal receives the opening signal corresponding to secret picture A.

In step 611, the second terminal, by after this secret photo deciphering, is carried out opening operation.

When the second terminal receives the opening signal corresponding to secret photo, and when this secret photo is the secret photo by being encrypted with the traffic encryption key of server commitment, the second terminal is used with the Propagation solution decryption key of server commitment this secret photo is decrypted, and then carries out corresponding opening operation.

In sum, the document secrecy method that disclosure embodiment provides, first terminal is treated secret secret photo by obtaining, upload this secret photo to server, this server is for receiving this secret photo and being the secret photo that is positioned at server by this secret photo storage, after uploading successfully, delete this secret photo that is positioned at local terminal; Solve in correlation technique, by file attribute is set, file has been carried out to the secret lower problem of mode fail safe; Reach the not effect with plaintext form storage secret file, raising file security at local terminal.

The document secrecy method that disclosure embodiment provides, first terminal by detecting and whether be provided with the access authentication mechanism corresponding with this secret photo before uploading secret photo to server, to make in the time being provided with the security access mechanism corresponding with this secret photo, upload this secret photo and in the time not being provided with the security access mechanism corresponding with this secret photo, pointing out and this security access mechanism is set and uploads secret photo according to the security access mechanism after arranging to server to server; Ensure the fail safe of secret photo secret photo.

The document secrecy method that disclosure embodiment provides, first terminal is by before uploading secret photo, use with the encryption key of server commitment secret photo is encrypted, so that server Propagation solution decryption key according to a preconcerted arrangement in the time receiving this secret photo is decrypted this secret photo; Ensure the fail safe of secret photo in transmitting procedure.

The document secrecy method that disclosure embodiment provides, the second terminal is carried out authentication by access authentication mechanism and server, in the time that authentication is passed through, download this secret photo and this secret photo is encrypted and is stored in local terminal from server, having solved in correlation technique, by file attribute is set, file has been carried out to the secret lower problem of mode fail safe; Reach the effect that improves file security.

The document secrecy method that disclosure embodiment provides, the second terminal is distributed local cipher key by the secret photo for downloading to, local terminal encryption key corresponding to different secret photos, after the secret photo downloading to being encrypted according to this encryption key, be stored in local terminal, further improved the fail safe of secret photo.

The document secrecy method that disclosure embodiment provides, the second terminal, by when the opening signal receiving corresponding to secret photo, is decrypted this secret photo, carries out corresponding opening operation, improve fail safe when secret photo is opened, ensured to open the accuracy of secret photo.

The document secrecy method that disclosure embodiment provides, the pulldown signal that acts on photograph album user interface by basis will be worked as forward direction photograph album user interface and switch to secret photograph album access checking interface; Improve the fail safe of secret photograph album.

The document secrecy method that disclosure embodiment provides, when the secret photo of the second terminal by after to be server at this secret photo downloading to be encrypted by the traffic encryption key of agreement, by this secret photo being decrypted with the Propagation solution decryption key of this server commitment; Ensure the fail safe of secret photo in transmitting procedure.

Following is disclosure device embodiment, can be for carrying out disclosure embodiment of the method.For the details not disclosing in disclosure device embodiment, please refer to disclosure embodiment of the method.

Please refer to Fig. 7, it shows the block diagram of a kind of file security device shown in an exemplary embodiment.This file privacy device can be realized and be become shown in Fig. 1 the some or all of of first terminal 120 in implementation environment by software, hardware or both combinations.This file privacy device can comprise: acquisition module 710, upper transmission module 720 and removing module 730.

Acquisition module 710, is configured to obtain and treats secret secret file.

Upper transmission module 720, is configured to upload to server the secret file that acquisition module 710 gets, and this server is for receiving the secret file that transmission module 720 uploads and this secret file being stored as to the secret file that is positioned at server.

Removing module 730, is configured to after upper transmission module 720 is uploaded successfully by secret file, deletes this secret file that is positioned at local terminal.

In sum, the file security device that disclosure embodiment provides, treat secret secret file by obtaining, upload this secret file to server, this server is for receiving this secret file and this secret file being stored as to the secret file that is positioned at server, after uploading successfully, delete this secret file that is positioned at local terminal; Solve in correlation technique, by file attribute is set, file has been carried out to the secret lower problem of mode fail safe; Reach the not effect with plaintext form storage secret file, raising file security at local terminal.

Please refer to Fig. 8, it shows the block diagram of a kind of file security device shown in another exemplary embodiment.This file privacy device can be realized and be become shown in Fig. 1 the some or all of of first terminal 120 in implementation environment by software, hardware or both combinations.This file privacy device can comprise: authentication module 810, download module 820 and memory module 830.

Authentication module 810, is configured to carry out authentication by access authentication mechanism and server, and this access authentication mechanism for carrying out authentication in the time that access is positioned at the secret file of server.

Download module 820, is configured to, in the time that the authentication of authentication module 810 is passed through, download this secret file from server.

Memory module 830, the secret file encryption that is configured to download module 820 to download is stored in local terminal.

In sum, the file security device that disclosure embodiment provides, carry out authentication by access authentication mechanism and server, in the time that authentication is passed through, download this secret file and this secret file encryption is stored in local terminal from server, having solved in correlation technique, by file attribute is set, file has been carried out to the secret lower problem of mode fail safe; Reach the not effect with plaintext form storage secret file, raising file security at local terminal.

Please refer to Fig. 9, it shows the block diagram of a kind of file security device shown in an exemplary embodiment again.This file privacy device can be realized and be become shown in Fig. 1 the some or all of of first terminal 120 in implementation environment by software, hardware or both combinations.This file privacy device can comprise: acquisition module 910, upper transmission module 920 and removing module 930.

Acquisition module 910, is configured to obtain and treats secret secret file.

Upper transmission module 920, is configured to upload to server the secret file that acquisition module 910 gets, and this server is for receiving the secret file that transmission module 920 uploads and this secret file being stored as to the secret file that is positioned at server.

Removing module 930, is configured to after upper transmission module 920 is uploaded successfully by secret file, deletes this secret file that is positioned at local terminal.

In an embodiment, transmission module 920 on this, be configured to server upload the file data of the secret file that acquisition module 910 gets, for representing that this file data is secret mark and the corresponding user ID of this secret file of secret file.

In an embodiment, this device also comprises:

Detection module 940, is configured to detect whether be provided with the access authentication mechanism corresponding with this secret file, and this access authentication mechanism for carrying out authentication in the time that access is positioned at this secret file of server;

Reminding module 950, is configured to detect while being not yet provided with this access authentication mechanism at detection module 940, prompting arranges this access authentication mechanism;

Module 960 is set, is configured to, according to the signalization receiving, this access authentication mechanism is set.

In an embodiment, this device also comprises:

Agreement module 970, be configured to before upper transmission module 920 is uploaded, use secret file acquisition module 910 being got with the traffic encryption key of this server commitment to be encrypted, this server, for after this secret file receiving after encryption, uses the Propagation solution decryption key of agreement to be decrypted this secret file.

The file security device that disclosure embodiment provides, by detecting and whether be provided with the access authentication mechanism corresponding with this secret file before uploading secret file to server, to make in the time being provided with the security access mechanism corresponding with this secret file, upload this secret file and in the time not being provided with the security access mechanism corresponding with this secret file, pointing out and this security access mechanism is set and uploads secret file according to the security access mechanism after arranging to server to server; Ensure the fail safe of secret file.

The file security device that disclosure embodiment provides, by before uploading secret file, use with the encryption key of server commitment secret file is encrypted, so that server Propagation solution decryption key according to a preconcerted arrangement in the time receiving this secret file is decrypted this secret file; Ensure the fail safe of secret file in transmitting procedure.

Please refer to Figure 10, it shows the block diagram of a kind of file security device shown in another exemplary embodiment.This file privacy device can be realized and be become shown in Fig. 1 the some or all of of first terminal 120 in implementation environment by software, hardware or both combinations.This file privacy device can comprise: authentication module 1010, download module 1020 and memory module 1030.

Authentication module 1010, is configured to carry out authentication by access authentication mechanism and server, and this access authentication mechanism for carrying out authentication in the time that access is positioned at the secret file of server.

Download module 1020, is configured to, in the time that the authentication of authentication module 1010 is passed through, download this secret file from this server.

Memory module 1030, the secret file encryption that is configured to download module 1020 to download is stored in local terminal.

In an embodiment, this memory module 1030, comprising:

Distribution sub module 1031, is configured to the secret file allocation local terminal encryption key that download module 1020 is downloaded, the local terminal encryption key that different secret files are corresponding different;

Sub module stored 1032, is stored in local terminal after the secret file encryption that is configured to use local terminal encryption key that distribution sub module 1031 is distributed that download module 1020 is downloaded.

In an embodiment, this device also comprises:

Receiver module 1040, is configured to receive the opening signal of the secret file downloaded corresponding to download module 1020;

Open module 1050, after the secret file decryption that is configured to download module 1020 to download, carry out opening operation.

In an embodiment, this authentication module 1010, comprising:

Display sub-module 1011, is configured in the time that this secret file is photo, shows photograph album user interface;

Switching submodule 1012, is configured in the time receiving the pulldown signal that acts on the photograph album user interface top that display sub-module 1011 shows, the photograph album user interface that display sub-module 1011 is shown switches to secret photograph album access checking interface;

Checking submodule 1013, is configured to verify according to the secret photograph album access being switched in switching submodule 1012 signal that interface receives, and carries out authentication with this server.

In an embodiment, this device also comprises:

Deciphering module 1060, is configured in the time that this secret file downloading to is the secret file after this server is encrypted by the traffic encryption key of agreement, by this secret file being decrypted with the Propagation solution decryption key of this server commitment.

The file security device that disclosure embodiment provides, by the secret file allocation local cipher key for downloading to, local terminal encryption key corresponding to different secret files, to after the secret file encryption downloading to, be stored in local terminal according to this encryption key, further improved the fail safe of secret file.

The file security device that disclosure embodiment provides, by when the opening signal receiving corresponding to secret file, this secret file is decrypted, carry out corresponding opening operation, fail safe while having improved secret File Open, has ensured to open the accuracy of secret file.

The file security device that disclosure embodiment provides, by the time that this secret file is photo, will works as forward direction photograph album user interface according to the pulldown signal that acts on photograph album user interface and switch to secret photograph album access checking interface; Improve the fail safe of secret photograph album.

The file security device that disclosure embodiment provides, when secret file by after to be server at this secret file downloading to be encrypted by the traffic encryption key of agreement, by this secret file being decrypted with the Propagation solution decryption key of this server commitment; Ensure the fail safe of secret file in transmitting procedure.

About the device in above-described embodiment, wherein the concrete mode of modules executable operations have been described in detail in the embodiment about the method, will not elaborate explanation herein.

Figure 11 is according to the block diagram of a kind of device 1100 for file security shown in an exemplary embodiment.For example, device 1100 can be mobile phone, computer, digital broadcast terminal, information receiving and transmitting equipment, game console, flat-panel devices, Medical Devices, body-building equipment, personal digital assistant etc.

With reference to Figure 11, device 1100 can comprise following one or more assembly: processing components 1102, memory 1104, power supply module 1106, multimedia groupware 1108, audio-frequency assembly 1110, I/O (I/O) interface 1112, sensor cluster 1114, and communications component 1116.

The integrated operation of processing components 1102 common control device 1100, such as with demonstration, call, data communication, the operation that camera operation and record operation are associated.Processing components 1102 can comprise that one or more processors 1120 carry out instruction, to complete all or part of step of above-mentioned method.In addition, processing components 1102 can comprise one or more modules, is convenient to mutual between processing components 1102 and other assemblies.For example, processing components 1102 can comprise multi-media module, to facilitate mutual between multimedia groupware 1108 and processing components 1102.

Memory 1104 is configured to store various types of data to be supported in the operation of device 1100.The example of these data comprises for any application program of operation on device 1100 or the instruction of method, contact data, telephone book data, message, picture, video etc.Memory 1104 can be realized by the volatibility of any type or non-volatile memory device or their combination, as static RAM (SRAM), Electrically Erasable Read Only Memory (EEPROM), Erasable Programmable Read Only Memory EPROM (EPROM), programmable read only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, disk or CD.

Power supply module 1106 provides electric power for installing 1100 various assemblies.Power supply module 1106 can comprise power-supply management system, one or more power supplys, and other and the assembly that generates, manages and distribute electric power to be associated for device 1100.

Multimedia groupware 1108 is included in the screen that an output interface is provided between device 1100 and user.In certain embodiments, screen can comprise liquid crystal display (LCD) and touch panel (TP).If screen comprises touch panel, screen may be implemented as touch-screen, to receive the input signal from user.Touch panel comprises that one or more touch sensors are with the gesture on sensing touch, slip and touch panel.Touch sensor is the border of sensing touch or sliding action not only, but also detection duration and the pressure relevant to touch or slide.In certain embodiments, multimedia groupware 1108 comprises a front-facing camera and/or post-positioned pick-up head.When device 1100 is in operator scheme, during as screening-mode or video mode, front-facing camera and/or post-positioned pick-up head can receive outside multi-medium data.Each front-facing camera and post-positioned pick-up head can be fixing optical lens systems or have focal length and optical zoom ability.

Audio-frequency assembly 1110 is configured to output and/or input audio signal.For example, audio-frequency assembly 1110 comprises a microphone (MIC), and when device 1100 is in operator scheme, during as call model, logging mode and speech recognition mode, microphone is configured to receive external audio signal.The audio signal receiving can be further stored in memory 1104 or be sent via communications component 1116.In certain embodiments, audio-frequency assembly 1110 also comprises a loud speaker, for output audio signal.

I/O interface 1112 is for providing interface between processing components 1102 and peripheral interface module, and above-mentioned peripheral interface module can be keyboard, some striking wheel, button etc.These buttons can include but not limited to: home button, volume button, start button and locking press button.

Sensor cluster 1114 comprises one or more transducers, is used to device 1100 that the state estimation of various aspects is provided.For example, sensor cluster 1114 can detect the opening/closing state of device 1100, the relative positioning of assembly, for example assembly is display and the keypad of device 1100, the position of all right checkout gear 1100 of sensor cluster 1114 or 1100 assemblies of device changes, user is with device 1100 existence that contact or do not have the variations in temperature of device 1100 orientation or acceleration/deceleration and device 1100.Sensor cluster 1114 can comprise proximity transducer, be configured to without any physical contact time detect near the existence of object.Sensor cluster 1114 can also comprise optical sensor, as CMOS or ccd image sensor, for using in imaging applications.In certain embodiments, this sensor cluster 1114 can also comprise acceleration transducer, gyro sensor, Magnetic Sensor, pressure sensor or temperature sensor.

Communications component 1116 is configured to be convenient to the communication of wired or wireless mode between device 1100 and other equipment.Device 1100 wireless networks that can access based on communication standard, as WiFi, 2G or 3G, or their combination.In one exemplary embodiment, communications component 1116 receives broadcast singal or the broadcast related information from external broadcasting management system via broadcast channel.In one exemplary embodiment, communications component 1116 also comprises near-field communication (NFC) module, to promote junction service.For example, can be based on radio-frequency (RF) identification (RFID) technology in NFC module, Infrared Data Association (IrDA) technology, ultra broadband (UWB) technology, bluetooth (BT) technology and other technologies realize.

In the exemplary embodiment, device 1100 can be realized by one or more application specific integrated circuits (ASIC), digital signal processor (DSP), digital signal processing appts (DSPD), programmable logic device (PLD), field programmable gate array (FPGA), controller, microcontroller, microprocessor or other electronic components, for carrying out said method.

In the exemplary embodiment, also provide a kind of non-provisional computer-readable recording medium that comprises instruction, for example, comprised the memory 1104 of instruction, above-mentioned instruction can have been carried out said method by the processor 1120 of device 1100.For example, non-provisional computer-readable recording medium can be ROM, random access memory (RAM), CD-ROM, tape, floppy disk and optical data storage equipment etc.

A kind of non-provisional computer-readable recording medium, in the time that the instruction in storage medium is carried out by the processor that installs 1100, makes device 1100 can carry out above-mentioned document secrecy method.

Figure 12 is according to the block diagram of a kind of device 1200 for file security shown in an exemplary embodiment.For example, device 1200 may be provided in a server.With reference to Figure 12, device 1200 comprises processing components 1222, and it further comprises one or more processors, and by the memory resource of memory 1232 representatives, for example, for storing the instruction that can be carried out by processing unit 1222, application program.In memory 1232, the application program of storage can comprise one or more each module corresponding to one group of instruction.In addition, processing components 1222 is configured to carry out instruction, to carry out above-mentioned document secrecy method.

Device 1200 can also comprise that a power supply module 1226 is configured to the power management of final controlling element 1200, and a wired or wireless network interface 1250 is configured to device 1200 to be connected to network, and input and output (I/O) interface 1258.Device 1200 operating systems that can operate based on being stored in memory 1232, for example Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM or similar.

Those skilled in the art, considering specification and putting into practice after invention disclosed herein, will easily expect other embodiment of the present disclosure.The application is intended to contain any modification of the present disclosure, purposes or adaptations, and these modification, purposes or adaptations are followed general principle of the present disclosure and comprised undocumented common practise or the conventional techniques means in the art of the disclosure.Specification and embodiment are only regarded as exemplary, and true scope of the present disclosure and spirit are pointed out by claim below.

Should be understood that, the disclosure is not limited to precision architecture described above and illustrated in the accompanying drawings, and can carry out various amendments and change not departing from its scope.The scope of the present disclosure is only limited by appended claim.

Claims

1. a document secrecy method, is characterized in that, described method comprises:

Obtain and treat secret secret file;

2. method according to claim 1, is characterized in that, describedly uploads described secret file to server, comprising:

3. method according to claim 1, is characterized in that, described method also comprises:

4. according to the arbitrary described method of claims 1 to 3, it is characterized in that, described method also comprises:

5. a document secrecy method, is characterized in that, described method comprises:

Described secret file encryption is stored in local terminal.

6. method according to claim 5, is characterized in that, described described secret file encryption is stored in local terminal, comprising:

7. method according to claim 5, is characterized in that, described method also comprises:

Receive the opening signal corresponding to described secret file;

By after described secret file decryption, carry out opening operation.

8. according to the arbitrary described method of claim 5 to 7, it is characterized in that, describedly carry out authentication by access authentication mechanism and server, comprising:

9. according to the arbitrary described method of claim 5 to 7, it is characterized in that, described method also comprises:

10. a file security device, is characterized in that, described device comprises:

Acquisition module, is configured to obtain and treats secret secret file;

11. devices according to claim 10, is characterized in that,

12. devices according to claim 10, is characterized in that, described device also comprises:

13. according to claim 10 to 12 arbitrary described devices, it is characterized in that, described device also comprises:

14. 1 kinds of file security devices, is characterized in that, described device comprises:

15. devices according to claim 14, is characterized in that, described memory module, comprising:

16. devices according to claim 14, is characterized in that, described device also comprises:

17. according to claim 14 to 16 arbitrary described devices, it is characterized in that, described authentication module, comprising:

18. according to claim 14 to 16 arbitrary described devices, it is characterized in that, described device also comprises:

19. 1 kinds of file security devices, is characterized in that, comprising:

Processor;

Wherein, described processor is configured to:

Obtain and treat secret secret file;

20. 1 kinds of file security devices, is characterized in that, comprising:

Processor;

Wherein, described processor is configured to:

Described secret file encryption is stored in local terminal.