CN105025041A - File upload method, file upload apparatus and system - Google Patents

File upload method, file upload apparatus and system Download PDF

Info

Publication number
CN105025041A
CN105025041A CN201510527949.1A CN201510527949A CN105025041A CN 105025041 A CN105025041 A CN 105025041A CN 201510527949 A CN201510527949 A CN 201510527949A CN 105025041 A CN105025041 A CN 105025041A
Authority
CN
China
Prior art keywords
key
user side
files passe
service end
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510527949.1A
Other languages
Chinese (zh)
Other versions
CN105025041B (en
Inventor
李玉北
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN201510527949.1A priority Critical patent/CN105025041B/en
Publication of CN105025041A publication Critical patent/CN105025041A/en
Application granted granted Critical
Publication of CN105025041B publication Critical patent/CN105025041B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application discloses a file upload method, a file upload apparatus and a system. In one embodiment, the file upload method concretely comprises the steps of generating a file upload request according to a received request operation for a user to upload a file to a cloud storage server through a user side, and generating an authentication secret key for the file upload request according to a preset secret key algorithm and a session secret key for a client server through the client server or the user side; sending the file upload request and the authentication secret key to the cloud storage server by the user side through a jump page provided by the cloud storage server so that the cloud storage server can generate a verification secret key for the file upload request according to the preset secret key algorithm and the session secret key of the cloud storage server so as to verify the authentication secret key; and uploading the file to the cloud storage server in response to a case that the cloud storage server successfully verifies the verification secret key. The file upload method can reduce the transfer process that the client uploads the file to the cloud storage server through the user server so that the effectiveness for uploading files is improved.

Description

The methods, devices and systems of files passe
Technical field
The application relates to field of computer technology, is specifically related to communication technical field, particularly relates to a kind of methods, devices and systems of files passe.
Background technology
Cloud Server is the important component part of cloud computing service, is the service platform that can provide integrated service ability towards all kinds of Internet user.Cloud storage typically refers to a kind of storage scheme resource (such as document etc.) being realized data storage and Operational Visit by Cloud Server.Cloud storage service system often comprises cloud stores service end, client service (as Website server) and user side (as browser).In existing cloud storage service system, usually by client service to cloud stores service end application cloud stores service, and develop the user side that can use applied for cloud stores service according to the Software tool kit (Software Development Kit, SDK) that cloud stores service end provides.
But, existing cloud storage system in use, the mutual transfer often needing client service of user side and cloud stores service end, this not only needs client service to pay a large amount of development costs in early development work, and the transfer of resource causes taking of a large amount of Internet resources, thus the validity causing cloud storage system to use reduces.
Summary of the invention
The object of the application is the methods, devices and systems of the files passe proposing a kind of improvement, solves the technical problem that above background technology part is mentioned.
First aspect, this application provides a kind of method of the files passe for user side, described method comprises: according to the solicit operation of the user's upload file received to cloud storage server, spanned file upload request; Obtaining according to the session key of the key algorithm preset and client service is the authenticate key that described files passe request generates; The jump page provided by cloud stores service end sends described files passe request and described authenticate key to described cloud stores service end, is verified by following steps for described cloud stores service end to described authenticate key: the session key according to described default key algorithm and described cloud stores service end is that described files passe request generates authentication secret; Described authentication secret and described authenticate key are mated, if matched, then determines to be proved to be successful described authenticate key; In response to described cloud stores service end, described authenticate key is proved to be successful, by files passe to described cloud stores service end.
Second aspect, this application provides a kind of authenticate key generation method for client service, described method comprises: receive the authentication request that user side sends, described authentication request comprises the identity information of described user side and the certificate parameter of institute's upload file; Based on described identity information, authentication is carried out to user side; In response to authentication success, session key according to preset-key algorithm and described client service carries out to described certificate parameter the authenticate key that signature generates described user side, and the jump page provided by cloud stores service end for user side is sent to described cloud stores service end; Wherein, described authentication request is sent to described client service according to files passe request by user side.
The third aspect, this application provides a kind of file uploading method for cloud stores service end, described method comprises: the files passe request and the authenticate key that receive the jump page transmission that user side is provided by cloud stores service end, wherein, described authenticate key is that described files passe request generates according to the session key of the key algorithm preset and client service; Session key according to described default key algorithm and described cloud stores service end is that described files passe request generates authentication secret; Described authentication secret and described authenticate key are mated, if matched, then determines to be proved to be successful described authenticate key; In response to being proved to be successful, receive the file that described user side is uploaded.
Fourth aspect, this application provides the file uploading method for cloud storage system, described cloud storage system comprises cloud stores service end, client service and user side, described method comprises: described user side is according to the solicit operation of the user's upload file received to cloud storage server, spanned file upload request, and send authentication request according to described files passe request to described client service; Described client service is that described files passe request generates authenticate key according to the session key of the key algorithm preset and client service, and sends to described user side; Described user side receives described authenticate key from described client service, and sends described files passe request and described authenticate key by the jump page that cloud stores service end provides to described cloud stores service end; Described cloud stores service termination receives files passe request and the authenticate key of user side transmission, session key according to described default key algorithm and described cloud stores service end is that described files passe request generates authentication secret, and is verified described authenticate key by described authentication secret; Be proved to be successful described authenticate key in response to described cloud stores service end, described cloud stores service termination receives the file that described user side is uploaded.
5th aspect, this application provides the file uploading method for cloud storage system, described cloud storage system comprises cloud stores service end, client service and user side, described method comprises: described user side according to the solicit operation of the user's upload file received to cloud storage server, spanned file upload request; Described user side is that described files passe request generates authenticate key according to the session key of the key algorithm preset obtained from described client service in advance and described client service; Described files passe request and described authenticate key are sent to described cloud stores service end by the jump page that described user side is provided by cloud stores service end; Described cloud stores service termination receives files passe request and the authenticate key of user side transmission, session key according to described default key algorithm and described cloud stores service end is that described files passe request generates authentication secret, and is verified described authenticate key by described authentication secret; Be proved to be successful described authenticate key in response to described cloud stores service end, described cloud stores service termination receives the file that described user side is uploaded.
6th aspect, this application provides a kind of device for user side, and described device comprises: upload request generation module, is configured for according to the solicit operation of the user's upload file received to cloud storage server, spanned file upload request; Authentication key acquisition module, being configured for the session key obtained according to the key algorithm preset and described client service is the authenticate key that described files passe request generates; Upload request sending module, the jump page that being configured for is provided by cloud stores service end sends described files passe request and described authenticate key to described cloud stores service end, is verified by following steps for described cloud stores service end to described authenticate key: the session key according to described default key algorithm and described cloud stores service end is that described files passe request generates authentication secret; Described authentication secret and described authenticate key are mated, if matched, then determines to be proved to be successful described authenticate key; Files passe module, is configured for and is proved to be successful described authenticate key in response to described cloud stores service end, by files passe to described cloud stores service end.
7th aspect, this application provides the files passe device for cloud stores service end, described device comprises: receiver module, be configured for the files passe request and authenticate key that receive the jump page transmission that described user side is provided by cloud stores service end, wherein, described authenticate key is that described files passe request generates according to the session key of the key algorithm preset and described client service; Generation module, being configured for according to the session key of described default key algorithm and described cloud stores service end is that described files passe request generates authentication secret; Authentication module, is configured for and described authentication secret and described authenticate key is mated, if matched, then determines to be proved to be successful described authenticate key; Receiver module, is configured in response to being proved to be successful, and receives the file that described user side is uploaded.
Eighth aspect, this application provides the authenticate key generating apparatus for client service, described device comprises: receiver module, and be configured for the authentication request receiving described user side and send, described authentication request comprises the identity information of described user side and the certificate parameter of upload file; Authentication module, is configured for and carries out authentication based on described identity information to user side; Generation module, be configured in response to authentication success, session key according to described preset-key algorithm and described client service carries out to described certificate parameter the authenticate key that signature generates described user side, and the jump page provided by cloud stores service end for user side is sent to described cloud stores service end; Wherein, described authentication request is sent to described client service according to files passe request by user side.
9th aspect, this application provides a kind of cloud storage system, described cloud storage system comprises user side, client service and cloud stores service end, wherein, described user side, be configured for according to the solicit operation of the user's upload file received to cloud storage server, spanned file upload request, and send authentication request according to described files passe request to described client service; Described client service, being configured for according to the session key of the key algorithm preset and client service is that described files passe request generates authenticate key, and sends to described user side; Described user side, is also configured for and receives described authenticate key from described client service, and sends described files passe request and described authenticate key by the jump page that cloud stores service end provides to described cloud stores service end; Described cloud stores service end, be configured for the files passe request and authenticate key that receive user side transmission, session key according to described default key algorithm and described cloud stores service end is that described files passe request generates authentication secret, and is verified described authenticate key by described authentication secret; Described user side, is also configured for and is proved to be successful described authenticate key in response to described cloud stores service end, and described cloud stores service termination receives the file that described user side is uploaded.
Tenth aspect, this application provides a kind of cloud storage system, described cloud storage system comprises cloud stores service end, client service and user side, wherein, described user side, be configured for according to the solicit operation of the user's upload file received to cloud storage server, spanned file upload request, and be that described files passe request generates authenticate key according to the session key of the key algorithm preset obtained from described client service in advance and described client service, described files passe request and described authenticate key are sent to described cloud stores service end by the jump page provided by cloud stores service end, described cloud stores service end, be configured for the files passe request and authenticate key that receive user side transmission, session key according to described default key algorithm and described cloud stores service end is that described files passe request generates authentication secret, and is verified described authenticate key by described authentication secret, described user side, is also configured for and is proved to be successful described authenticate key in response to described cloud stores service end, and described cloud stores service termination receives the file that described user side is uploaded.
The methods, devices and systems of the files passe that the application provides, by user side according to the solicit operation of the user's upload file received to cloud storage server, then spanned file upload request is that files passe request generates authenticate key by client service or user side according to the session key of the key algorithm preset and client service; Then the jump page that user side is provided by cloud stores service end sends files passe request and authenticate key to cloud stores service end, is that files passe request generation authentication secret is verified authenticate key for cloud stores service end according to the session key of the key algorithm preset and cloud stores service end; In response to cloud stores service end, authenticate key is proved to be successful, by files passe to cloud stores service end.The methods, devices and systems of this files passe can reduce the transfer process by client service when user side carries out upload file to cloud stores service end, improve the validity of files passe.
Accompanying drawing explanation
By reading the detailed description to non-limiting example done with reference to the following drawings, the other features, objects and advantages of the application will become more obvious:
Fig. 1 shows the exemplary system architecture can applying the embodiment of the present application;
Fig. 2 is the flow chart of an embodiment of the method for the files passe for user side according to the application;
Fig. 3 is the flow chart of an embodiment of the authenticate key generation method for client service according to the application;
Fig. 4 is the flow chart of an embodiment of the method for the files passe for cloud stores service end according to the application;
Fig. 5 is the sequential flow chart of an embodiment of the method for the files passe for cloud storage system according to the application;
Fig. 6 is the sequential flow chart of another embodiment of the method for the files passe for cloud storage system according to the application;
Fig. 7 is the structural representation of an embodiment of the files passe device for user side according to the application;
Fig. 8 is the structural representation of an embodiment of the authenticate key generating apparatus for client service according to the application;
Fig. 9 is the structural representation of an embodiment of the files passe device for cloud stores service end according to the application;
Figure 10 is according to the structural representation of the cloud storage system of the application embodiment.
Embodiment
Below in conjunction with drawings and Examples, the application is described in further detail.Be understandable that, specific embodiment described herein is only for explaining related invention, but not the restriction to this invention.It also should be noted that, for convenience of description, in accompanying drawing, illustrate only the part relevant to Invention.
It should be noted that, when not conflicting, the embodiment in the application and the feature in embodiment can combine mutually.Below with reference to the accompanying drawings and describe the application in detail in conjunction with the embodiments.
Fig. 1 shows the exemplary system architecture 100 can applying the embodiment of the present application.
As shown in Figure 1, system architecture 100 can comprise terminal equipment 101,102, network 103, client server 104 (being such as the background server etc. that cloud stores application or webpage cloud storage platform and provides support), cloud storage server 105 (such as Cloud Server).Network 103 in order to terminal equipment 101,102, the medium of communication link is provided between client server 104 and cloud storage server 105.Network 103 can comprise various connection type, such as wired, wireless communication link or fiber optic cables etc.Above-mentioned wireless communication link can include but not limited to 3G/4G communication link, WiFi communication link, bluetooth communications link, WiMAX communication link, Zigbee communication link, UWB (ultra wideband) communication link and other wireless communication links developed known or future now.
Terminal equipment 101,102 is undertaken alternately, to receive or to send message etc. by network 103 and client server 104, cloud storage server 105.Terminal equipment 101,102 can install various webpage or application, and such as browser application, cloud store application, the application of webpage cloud storage platform, social platform, map class application, searching class application etc.Client server 104 can be webpage for terminal equipment 101,102 is installed or the background server that provides support of application.Cloud storage server 105 can be for terminal equipment 101,102 or client server 104 provide the Cloud Server etc. of cloud stores service.
Terminal equipment 101,102 can be various electronic equipment, includes but not limited to PC, smart mobile phone, intelligent watch, panel computer, personal digital assistant etc.
Alternatively, the client server 104 in system architecture 100 and also can be undertaken alternately by network 103 between cloud storage server 105, such as client server 104 can be applied for cloud storage server 105 by network 103 or register cloud stores service.
Client server 104 and cloud storage server 105 can be to provide the server of various service.The process such as server can store the data received, analysis, and result is fed back to terminal equipment.
It should be noted that, the file uploading method that the embodiment of the present application provides and system can perform user side by terminal equipment 101,102, perform client service, and perform cloud stores service end by cloud storage server 105 by client server 104.For example, an application scenarios of this exemplary architecture 100 can be: browser application such as installed by terminal equipment 101,102, user can open various cloud by this browser application and store webpage corresponding to application, as the webpage of certain cloud dish application, client server 104 can be for this cloud stores the background server applied and provide support; Client server 104 has cloud stores service to cloud storage server 105 application, and license to account A, the B use of being registered by this forum, after account A, B log in this website by the browser application on terminal equipment 101,102, can by after the certification of client server 104 directly upload file to cloud storage server 105.
Should be appreciated that the number of the terminal equipment in Fig. 1, network and server is only schematic.According to realizing needs, the terminal equipment of arbitrary number, network and server can be had.
Please refer to Fig. 2, it illustrates the flow process 200 of an embodiment of the file uploading method for user side of the application.As shown in Figure 2, this is used for the method for the files passe of user side, can comprise the following steps:
Step 201, according to the solicit operation of the user's upload file received to cloud storage server, spanned file upload request.
In the present embodiment, user side (such as can comprise browser application or cloud and store application etc.) can when receiving user's upload file to the solicit operation of cloud storage server, according to this operation spanned file upload request.User side by detecting user to the scheduled operation of predetermined control, such as, to the single-click operation realizing the control of logic interfacing being associated with files passe, can determine that user has carried out files passe solicit operation.
The files passe request that user side generates according to this operation can comprise various transformation parameter, such as include but not limited to following one or more: host-host protocol is (as HTTP, HyperTextTransfer Protocol, HTML (Hypertext Markup Language)), transmission means is (as POST mode, may be used for request server receiving package containing entity information in the request), file path (path, the path of file as uploaded), request header field (headers, Host header field as HTTP), etc.This file upload request can also comprise the identity information of user side, and can be such as user side to the login account for logging in webpage that client service supports or application etc. of client service application, the application limit this.
Step 202, obtaining according to the session key of the key algorithm preset and client service is the authenticate key that above-mentioned files passe request generates.
In the present embodiment, user side can then according to above-mentioned files passe acquisition request authenticate key, this authenticate key can be that above-mentioned files passe request generates according to the key algorithm preset and the session key of client service, such as, the session key of default key algorithm and client service can be used to sign to file transfer requests and generate authenticate key.User side can obtain authenticate key by client service, and also can generate authenticate key according to the session key of the key algorithm preset obtained from client service in advance and client service, the application does not limit this.
Wherein, the key algorithm preset can be the known algorithm for digital signature, such as SHA (The Secure Hash Algorithm, SHA), MD5 algorithm (Message-Digest Algorithm 5), RSA public key encryption algorithm, DES (DataEncryption Standard, data encryption standard) algorithm etc., do not repeat them here.The session key of client service can be that client service carries out the signature key of certification use to cloud stores service end, such as Access Key ID (is abbreviated as AK, be equivalent to a user ID) and Secret Key (be abbreviated as SK, be equivalent to the user cipher corresponding with AK).
In some optional implementations of the present embodiment, user side can obtain authenticate key by client service.Now, the key algorithm preset and the session key of client service are held by client service, and user side can according to the authentication request of above-mentioned files passe request generation to client service.Here, authentication request can be files passe request itself, also can be the request statement comprising in files passe request required certificate parameter of signing.Wherein, it is one or more as certificate parameter that this authentication request can comprise in above-mentioned host-host protocol, transmission means, file path, request header field, and user side to client service application for logging in the login account of webpage that client service supports or application as identity information (this identity information can be such as obtain from the cookie of browser) etc.
Whether client service identity-based information can carry out certification to the identity of this authentication request, such as, judge whether this login account is legal account, carry out logging in, whether authority with files passe etc.In practice, client service can be legal account (such as this login account is a period of time of account in the account data storehouse that stores in advance of client service is legal account) at this login account, and log in, and when there is the authority of files passe, determine the authentication success to user side.When the authentication is successful, client service can carry out to above-mentioned certificate parameter the authenticate key that signature generates user side according to the session key (as AK and SK) of preset-key algorithm and client service further.The form of authenticate key can be such as:
Key identification/user ID/entry-into-force time/valid expiration date/header field list/signature;
Wherein, the mark that key identification can start as key string, user ID can be aforesaid AK; Entry-into-force time can represent the signature entry-into-force time, and can be such as the current time generating signature, form can be year-month-dayThour:minute:secondZ, as 2015-04-27T08:23:49Z; Valid expiration date can be signature valid expiration date, the effective time of above-mentioned authenticate key namely calculated from the time specified by the entry-into-force time, such as 1800 seconds; Header field list can be the list of the HTTP request header field related in signature algorithm, separates the character string of formation, as " host between the name of header field with branch; Range; X-bce-date "; 256 bits that signature can be represented by 64 hexadecimal numbers, obtained above-mentioned certificate parameter signature by SK.
After success generates authenticate key, the authenticate key of generation can be returned to user side by client service.When certification unsuccessful (such as account does not log in), client service can be refused sign to certificate parameter and generate authenticate key.
In some optional implementations of the present embodiment, the session key (as AK and SK) of the key algorithm preset and client service can be kept at user side by client service in advance, such as, be encapsulated in the files passe interface of user side.Now, user side directly by calling files passe interface, can perform the key algorithm preset to session key for files passe interface, for files passe request generates authenticate key.Wherein, the generative process of authenticate key, in above-detailed, does not repeat them here.Alternatively, files passe interface is encapsulated in and is embedded in the high in the clouds SDK of user side, is sent in the high in the clouds SDK of user side by the session key of default key algorithm and client service when client service is connected with user side.
Step 203, the jump page provided by cloud stores service end sends above-mentioned files passe request and above-mentioned authenticate key to cloud stores service end.
In the present embodiment, after user side obtains authenticate key, the jump page that can be provided by cloud stores service end, sends to cloud stores service end by generated files passe request together with authenticate key, verifies according to files passe request for cloud stores service end to authenticate key.
In the present embodiment, above-mentioned files passe request can comprise the file that will upload, and also can not comprise the file that will upload, the application does not limit this.If above-mentioned files passe request comprises the file that will upload, files passe request comprises being generated by files passe interface uploads files passe logic that function calls (order such as performed files passe function and call relation) to the associated documents of cloud stores service end.If above-mentioned files passe request does not comprise the file that will upload, then after cloud stores service end is proved to be successful authenticate key, user side sends files passe logic to cloud stores service end again.
It will be appreciated by those skilled in the art that, in cloud storage system, the domain name (can resolve the IP address obtaining cloud storage server access network) at cloud stores service end place is different from the domain name (can resolve the IP address obtaining client server access network) at client service place, and user side cannot send files passe request to cloud stores service end under the domain name of client service.Therefore, user side needs the jump page (can be such as relay page) provided by cloud stores service end to carry out alternately with cloud stores service end.In some implementations, the SDK that this jump page can be provided by cloud storage server end is embedded in the page that client service provides, when client service is Website server, the relevant interface that the files passe solicit operation in the page that this website provides all needs this jump page to call client service or cloud stores service end performs.A realization example of this jump page can be such as: HTML (HyperText Markup Language, the HTML) page of the calling logic of the interface that include file is uploaded; This html page is such as viewed device to resolve but the transparent page do not shown, and under this page operates in the domain name of cloud stores service end.
In some optional implementations of the present embodiment, the files passe logic that user side generates can comprise: the files passe interface provided by jump page obtains the byte number of the file uploaded; Judge whether above-mentioned byte number is greater than default byte-threshold (such as 5 Mbytes); If be greater than, multiple fragment is divided into be uploaded to cloud stores service end according to the segmentation rule preset uploaded file.Wherein, for multiple fragments that the same file uploaded is divided into, like-identified can be carried, to receive the voucher of file as files passe and cloud storage server.The byte-threshold wherein preset can be preset by client service.Alternatively, above step can be realized by the distinct interface calling cloud stores service end of jump page.
Cloud stores service end can be resolved files passe request, and the key algorithm preset that then basis is consistent with generating authenticate key and the session key of cloud stores service end are that files passe request generates authentication secret.Wherein, the session key of cloud stores service end can be the client service provided support for user side carries out certification use signature key (such as AK and SK) to cloud stores service end.The generative process of authentication secret is consistent with the process generating authenticate key in step 202, does not repeat them here.It will be appreciated by those skilled in the art that, when the certificate parameter in files passe request and client service or user side generate certificate parameter that authenticate key signs consistent time, cloud stores service end is signed to the certificate parameter in files passe request according to the same key algorithm preset and same session key, and authentication secret and the authenticate key of generation are consistent.Therefore, authentication secret and authenticate key can be mated by cloud stores service end, if matched, then determine to be proved to be successful authenticate key.
As an example, the form of the authenticate key generated for client service or user side for " key identification/user ID/entry-into-force time/valid expiration date/header field list/signature " be described.First, cloud stores service end detects key identification, this character string is resolved as authenticate key, obtains user ID (AK), thus can obtain the SK corresponding with AK; Then, whether cloud stores service end can be verified the signature of authenticate key before the deadline according to entry-into-force time and valid expiration date, such as, can calculate the time difference of current time and entry-into-force time, judges whether this time difference is less than valid expiration date, if be less than, then determine signature before the deadline; Then, if determine signature before the deadline, cloud stores service end can carry out signature according to the key algorithm preset and the session key of cloud stores service end to the certificate parameter comprised in files passe request and be verified key; Then, authentication secret compared with the signature in authenticate key, if both are completely the same, is then determined that authentication secret and authenticate key match by cloud stores service end, otherwise, determine that authentication secret and authenticate key do not match.
In this step, for the authenticate key that user side or client service generate, if send to the parameter of cloud stores service end to occur mistake (as SK mistake), or certificate parameter not quite identical (as scarce one item missing), then authenticate key and authentication secret can not match, thus cause the checking of cloud stores service end to authenticate key unsuccessful.
Step 204, is proved to be successful above-mentioned authenticate key in response to cloud stores service end, by files passe to cloud stores service end.
In the present embodiment, in response to cloud stores service end, above-mentioned authenticate key is proved to be successful, by files passe to cloud stores service end.In the present embodiment, if above-mentioned files passe request comprises the file that will upload, cloud stores service end is after being proved to be successful authenticate key, allow according in files passe logic to the execution sequence of files passe function and call relation, the correlation function transferring UN stores service end completes files passe.If do not comprise the file that will upload in above-mentioned files passe request, cloud stores service end is after being proved to be successful authenticate key, the result that this is proved to be successful user side be can be returned to, files passe logic and file content sent to cloud stores service end for user side again according to this result.
In some optional implementations of the present embodiment, when user side success is after the upload file of cloud stores service end, cloud stores service end can to uploaded file allocation URL(uniform resource locator) (Uniform Resoure Locator, URL), using the access identities as this file.Alternatively, this URL can be sent to user side by cloud stores service end.This URL can also be sent to client service by user side, preserves for client service.
The file uploading method for user side of the present embodiment, by obtaining the authenticate key that the session key of the default key algorithm of basis and client service is above-mentioned files passe request generation, and the jump page that cloud stores service end provides, files passe request and authenticate key is sent to cloud stores service end, directly to the upload file of cloud stores service end after cloud stores service end is to authenticate key authentication success, avoid in files passe process by resource occupying that client service transfer causes, thus improve the efficiency of files passe, further, the validity that cloud storage system uses can be improved.
Please refer to Fig. 3, it illustrates the flow process 300 of an embodiment of the authenticate key generation method for client service of the application.As shown in Figure 3, this is used for the authenticate key generation method of client service, can comprise the following steps:
Step 301, receive the authentication request that user side sends, this authentication request comprises the identity information of user side and the certificate parameter of institute's upload file.
In the present embodiment, client service receives the authentication request that user side sends, and this authentication request can be generated to the solicit operation of cloud storage server according to the user's upload file received by user side.This authentication request can comprise the identity information of user side using the voucher identified user side as client service.This identity information such as can comprise user side and serve the user ID registered in advance in client service application.Alternatively, this identity information can be obtained by the data (data in such as browser Cookie) of user side this locality.
Step 302, carries out authentication based on above-mentioned identity information to user side.
In the present embodiment, client service can using the identity information comprised in authentication request as the voucher identified user side, first authentication carried out to user side, such as, judges whether this login account is legal account, whether carry out logging in, whether authority with files passe etc.For example, first the user ID provided and the data in the identity information database of reserved user can mate by client service, the identity information that the identity information carried in authentication request with user side if match in identity information database is consistent, then determine that the identity information user ID comprised in authentication request is legal account.Client service then can judge that the service page whether this user ID is provided by client service or third party's page log in.If this user ID logs in, client service then can judge whether this user ID has the authority of files passe, if having, then thinks that user side have passed authentication.
Step 303, in response to authentication success, the session key according to preset-key algorithm and client service carries out to above-mentioned certificate parameter the authenticate key that signature generates user side.
In the present embodiment, in response to authentication success, client service can carry out to above-mentioned certificate parameter the authenticate key that signature generates user side according to the session key of preset-key algorithm and client service, and the jump page provided by cloud stores service end for user side is sent to described cloud stores service end.
The key algorithm preset can be the known algorithm for digital signature, and such as SHA, MD5 algorithm, RSA public key encryption algorithm, DES algorithm etc., do not repeat them here.The session key of client service can be that client service carries out the signature key of certification use to cloud stores service end, such as AK and SK.In some implementations, SK is signature key, and first client service can carry out signature according to the key algorithm preset and SK to the authorization information comprised in authentication request and obtain the signature that signs, and then generates authenticate key based on AK and signature.
Authenticate key generative process in this step is consistent with the generative process of authenticate key in step 202, does not repeat them here.
The authenticate key generation method for client service that the above embodiments of the present application provide, after authentication is carried out to user side, the certificate parameter comprised in the authentication request sent user side by the session key of the key algorithm preset and client service carries out signature generation authenticate key, thus provide the voucher of access cloud stores service end for user side, without the need to client service transfer file, alleviate the resource occupying of client service.
Please refer to Fig. 4, it illustrates the flow process 400 of an embodiment of the file uploading method for cloud stores service end of the application.As shown in Figure 4, this is used for the file uploading method of cloud stores service end, can comprise the following steps:
Step 401, receives files passe request and the authenticate key of the jump page transmission that user side is provided by cloud stores service end.
In the present embodiment, cloud stores service end can receive files passe request and the authenticate key of the jump page transmission that user side is provided by cloud stores service end, wherein, files passe request can be generated to the solicit operation of cloud storage server according to the user's upload file received by user side, it can comprise various transformation parameter, such as certificate parameter.Authenticate key can be user side or client service is that above-mentioned files passe request generates according to the session key of the key algorithm preset and client service.In the present embodiment, above-mentioned files passe request can comprise the file that will upload, and also can not comprise the file that will upload, the application does not limit this.
Here, the domain name at cloud stores service end place is different from the domain name at client service place, and user side cannot send files passe request to cloud stores service end under the domain name of client service.Therefore, user side needs the jump page (can be such as relay page, under operating in the domain name at cloud stores service end place) provided by cloud stores service end to carry out alternately with cloud stores service end.
Step 402, the session key according to the key algorithm preset and cloud stores service end is that above-mentioned files passe request generates authentication secret.
In the present embodiment, cloud stores service termination and can be generated authentication secret for above-mentioned files passe request, and authentication secret can be signed to the certificate parameter in files passe request according to the session key of the key algorithm preset consistent with generating authenticate key and cloud stores service end and generate.
Step 403, mates above-mentioned authentication secret and above-mentioned authenticate key, if matched, then determines to be proved to be successful above-mentioned authenticate key.
In the present embodiment, first cloud stores service can be verified the identity of authenticate key and valid expiration date, after being verified, whether identically contrast the signature that in the signature and authentication key that session key that cloud stores service end supports according to cloud stores service carries out the certificate parameter in files passe request, user side or client service carry out the certificate parameter in files passe request according to the session key that client service is held again, if comparing result is identical, then determine to be proved to be successful above-mentioned authenticate key.
Step 404, in response to being proved to be successful, receives the file that user side is uploaded.
In the present embodiment, after cloud stores service end is proved to be successful authenticate key, the result can be fed back to user side, the corresponding document being called cloud stores service end by user side uploads function by files passe, and the fileinfo that also can directly carry in the files passe request of cloud stores service end transmission according to user side receives file.
In some optional implementations of the present embodiment, receive the file that user side uploads in step 404 and also comprise following process: detect whether the file uploaded from user side is the file being divided into multiple fragment; If so, each fragment with like-identified is synthesized according to the composition rule preset the file uploaded.This like-identified can be located in each fragment of multiple fragments that same file is divided into by user side, to receive the voucher of file as files passe and cloud storage server.
The file uploading method for cloud stores service end of the present embodiment, the session key of the key algorithm that the basis sent by obtaining user side is preset and client service is the authenticate key that above-mentioned files passe request generates, certification is carried out to authenticate key, the file that user side is uploaded is received after authentication success, avoid the resource occupying that user side is caused by client service transfer in cloud stores service end upload file process, thus improve the efficiency of files passe, the validity that cloud storage system uses can be improved.
Please refer to Fig. 5, Fig. 5 is the sequential flow process 500 of an embodiment of the method for the files passe for cloud storage system according to the application.Wherein, cloud storage system comprises user side 501, client service 502 and cloud stores service end 503.In the method flow 500 of the files passe of the cloud storage system shown in Fig. 5, comprise the following steps:
Step 5001, user side according to the solicit operation of the user's upload file received to cloud storage server, spanned file upload request, and send authentication request to client service according to files passe request.
In the present embodiment, user side can detect the scheduled operation of user to predetermined control, to determine whether to receive the solicit operation of user's upload file to cloud storage server.If receive the solicit operation of user's upload file to cloud storage server, user side can to this solicit operation spanned file upload request (can be such as HTTP request).User side further can also according to the authentication request of above-mentioned files passe request generation to client service.Here, authentication request can be files passe request itself, also can be the request statement comprising in files passe request required certificate parameter of signing.Wherein, it is one or more as certificate parameter that this authentication request can comprise in above-mentioned host-host protocol, transmission means, file path, request header field, and user side to client service application for logging in the login account of webpage that client service supports or application as identity information etc.
Step 5002, client service is that files passe request generates authenticate key according to the session key of the key algorithm preset and client service, and sends to user side.
In the present embodiment, client service is resolved the authentication request receiving user side transmission, afterwards, can be that files passe request generates authenticate key according to the session key of the key algorithm preset and client service.Client service identity-based information can carry out certification to the identity of this authentication request, when the authentication is successful, client service can carry out to above-mentioned certificate parameter the authenticate key that signature generates user side according to the session key of preset-key algorithm and client service further.Wherein, the session key of client service can be that client service carries out the signature key of certification use to cloud stores service end, such as AK and SK.Then, authenticate key is sent to user side by client service.
Step 5003, user side receives authenticate key from client service, and sends files passe request and authenticate key by the jump page that cloud stores service end provides to cloud stores service end.
In the present embodiment, after user side obtains authenticate key, the jump page that can be provided by cloud stores service end, sends to cloud stores service end by generated files passe request together with authenticate key, verifies according to files passe request for cloud stores service end to authenticate key.In some implementations, cloud stores service end running environment can be resolved but the html page do not shown realizes by viewed device by under the domain name that operates in cloud stores service end.Alternatively, this html page can be embedded into client service by client service in advance by SDK and is supplied in the page of user side.
Wherein, above-mentioned files passe request can comprise the file that will upload, and also can not comprise the file that will upload, the application does not limit this.Wherein, if above-mentioned files passe request comprises the file that will upload, files passe request comprises being generated by files passe interface uploads to the associated documents of cloud stores service end the files passe logic that function calls.
Step 5004, cloud stores service termination receives files passe request and the authenticate key of user side transmission, session key according to the key algorithm preset and cloud stores service end is that files passe request generates authentication secret, and is verified authenticate key by authentication secret.
In the present embodiment, cloud stores service termination receives files passe request and the authenticate key of user side transmission, verifies authenticate key.First cloud stores service can be verified the identity of authenticate key and valid expiration date, after being verified, whether identically contrast the signature that in the signature and authentication key that session key that cloud stores service end supports according to cloud stores service carries out the certificate parameter in files passe request, user side or client service carry out the certificate parameter in files passe request according to the session key that client service is held again, if comparing result is identical, then determine to be proved to be successful above-mentioned authenticate key.Wherein, the session key that cloud stores service supports can be that client service is to the session key (such as AK and SK) being kept at cloud stores service end during cloud stores service end application stores service in advance.
Step 5006, is proved to be successful authenticate key in response to cloud stores service end, and cloud stores service termination receives the file that described user side is uploaded.
In the present embodiment, if above-mentioned files passe request comprises the file that will upload, then cloud stores service end is after being proved to be successful authenticate key, directly calls associated documents according to files passe logic and uploads the file data carried in the request of function reception files passe
In some optional implementations of the present embodiment, if files passe request does not comprise the file that will upload, step 5005 can also be comprised, after cloud stores service end is proved to be successful authenticate key, user side can upload function by files passe to cloud stores service end by the associated documents calling cloud stores service end.The associated documents that user side calls cloud stores service end upload the files passe Interface realization in the jump page that function can be provided by cloud stores service end.
In the file uploading method of the present embodiment, client service provides upload file to arrive the mandate of cloud stores service end by authenticate key to user side, cloud stores service end determines whether to receive the file that user side is uploaded after verifying authenticate key, thus to avoid in files passe process by the resource occupying that client service transfer causes, improve the efficiency of files passe.
Please refer to Fig. 6, Fig. 6 is the sequential flow process 600 of another embodiment of the method for the files passe for cloud storage system according to the application.Wherein, cloud storage system comprises user side 601, client service 602 and cloud stores service end 603.In the method flow 600 of the files passe of the cloud storage system shown in Fig. 6, comprise the following steps:
Step 6001, user side according to the solicit operation of the user's upload file received to cloud storage server, spanned file upload request.
In the present embodiment, user side can detect the scheduled operation of user to predetermined control, to determine whether to receive the solicit operation of user's upload file to cloud storage server.If receive the solicit operation of user's upload file to cloud storage server, user side can to this solicit operation spanned file upload request (can be such as HTTP request).It is one or more as certificate parameter that files passe request can comprise in above-mentioned host-host protocol, transmission means, file path, request header field.
Step 6002, user side is that files passe request generates authenticate key according to the session key of the key algorithm preset obtained from client service in advance and client service.
In the present embodiment, user side can be that files passe request generates authenticate key according to the session key of the key algorithm preset obtained from client service in advance and client service.Wherein, the session key of client service can be that client service carries out the signature key of certification use to cloud stores service end, such as AK and SK.In some implementations, user side can obtain the session key of key algorithm and the client service preset in advance from client service according to step 6000.User side can carry out signature generation authenticate key according to the session key of preset-key algorithm and client service to above-mentioned certificate parameter.
Step 6003, files passe request and authenticate key are sent to cloud stores service end by the jump page that user side is provided by cloud stores service end.
In the present embodiment, the jump page that user side is provided by cloud stores service end, sends to cloud stores service end by generated files passe request together with authenticate key, verifies according to files passe request for cloud stores service end to authenticate key.In some implementations, cloud stores service end running environment can be resolved but the html page do not shown realizes by viewed device by under the domain name that operates in cloud stores service end.Alternatively, this html page can be embedded into client service by client service in advance by SDK and is supplied in the page of user side.
Wherein, above-mentioned files passe request can comprise the file that will upload, and also can not comprise the file that will upload, the application does not limit this.Wherein, if above-mentioned files passe request comprises the file that will upload, files passe request comprises being generated by files passe interface uploads to the associated documents of cloud stores service end the files passe logic that function calls.
Step 6004, cloud stores service termination receives files passe request and the authenticate key of user side transmission, session key according to the key algorithm preset and cloud stores service end is that files passe request generates authentication secret, and is verified authenticate key by authentication secret.
In the present embodiment, cloud stores service termination receives files passe request and the authenticate key of user side transmission, verifies authenticate key.First cloud stores service can be verified the identity of authenticate key and valid expiration date, after being verified, whether identically contrast the signature that in the signature and authentication key that session key that cloud stores service end supports according to cloud stores service carries out the certificate parameter in files passe request, user side or client service carry out the certificate parameter in files passe request according to the session key that client service is held again, if comparing result is identical, then determine to be proved to be successful above-mentioned authenticate key.Wherein, the session key that cloud stores service supports can be that client service is to the session key (such as AK and SK) being kept at cloud stores service end during cloud stores service end application stores service in advance.
Step 6006, is proved to be successful authenticate key in response to cloud stores service end, and cloud stores service termination receives the file that described user side is uploaded.
In the present embodiment, if above-mentioned files passe request comprises the file that will upload, after then cloud stores service end is proved to be successful authenticate key, directly calls associated documents according to files passe logic and upload the file data carried in the request of function reception files passe.
In some optional implementations of the present embodiment, if files passe request does not comprise the file that will upload, step 6005 can also be comprised, after cloud stores service end is proved to be successful authenticate key, user side can upload function by files passe to cloud stores service end by the associated documents calling cloud stores service end.The associated documents that user side calls cloud stores service end upload the files passe Interface realization in the jump page that function can be provided by cloud stores service end.
In the file uploading method of the present embodiment, client service provides default key algorithm and the session key of client service to user side, authenticate key is generated according to files passe request for user side, and undertaken alternately by authenticate key and cloud stores service end, cloud stores service end determines whether the files passe that can receive user side after verifying authenticate key, thus to avoid in files passe process by the resource occupying that client service transfer causes, improve the efficiency of files passe.
With further reference to Fig. 7, it illustrates the file creating apparatus 700 for user side according to the application's embodiment.As shown in Figure 7, the file creating apparatus 700 for user side comprises upload request generation module 701, authentication key acquisition module 702, upload request sending module 703 and files passe module 704.Wherein, upload request generation module 701 can be configured for according to the solicit operation of the user's upload file received to cloud storage server, spanned file upload request; It is the authenticate key that files passe request generates that authentication key acquisition module 702 can be configured for the session key obtained according to the key algorithm preset and client service; The jump page that upload request sending module 703 can be configured for be provided by cloud stores service end sends files passe request and authenticate key to cloud stores service end, verifies authenticate key for cloud stores service end; Files passe module 704 can be configured for and be proved to be successful authenticate key in response to cloud stores service end, by files passe to cloud stores service end.In the present embodiment, cloud stores service end is verified authenticate key by following steps: the session key according to the key algorithm preset and cloud stores service end is that files passe request generates authentication secret; Authentication secret and authenticate key are mated, if matched, then determines to be proved to be successful authenticate key.In some implementations, upload request sending module 703 and files passe module 704 also can be an entirety, and now, the files passe request sent to cloud stores service end at upload request sending module 703 comprises the file that will upload.
In some optional implementations of the present embodiment, authentication key acquisition module 702 comprises: authentication request transmitting element (not shown), be configured for and send authentication request according to files passe request to client service, wherein, authentication request comprises the identity information of user side and the certificate parameter of upload file, obtains authenticate key for client service by following steps: identity-based information carries out authentication to user side; In response to authentication success, the session key according to preset-key algorithm and client service carries out signature generation authenticate key to certificate parameter; Authenticate key receiving element (not shown), is configured for and receives authenticate key from client service.
In other optional implementations of the present embodiment, authentication key acquisition module 702 comprises: authenticate key generation unit (not shown), the files passe interface provided according to files passe request call jump page is provided, to perform described default key algorithm by files passe interface to session key, for files passe request generates authenticate key, wherein, the key algorithm preset and session key obtain from client service in advance; Authenticate key acquiring unit (not shown), is configured for and obtains described authenticate key.
In some optional implementations of the present embodiment, files passe module 704 comprises: acquiring unit (not shown), be configured for and be proved to be successful authenticate key in response to cloud stores service end, the files passe interface provided by jump page obtains the byte number of the file uploaded; Judging unit (not shown), is configured for and judges whether above-mentioned byte number is greater than default byte-threshold; Cutting unit (not shown), if be configured for judging unit to judge that above-mentioned byte number is greater than default byte-threshold, is divided into multiple fragment to be uploaded to cloud stores service end according to the segmentation rule preset uploaded file.
All modules for recording in the file creating apparatus 700 of user side are corresponding with each step in the method described with reference to figure 2.Thus, the operation that describes for the document generating method for user side described in conjunction with Figure 2 and feature are suitable for file creating apparatus 700 for user side and the module that wherein comprises equally above, do not repeat them here.
With further reference to Fig. 8, it illustrates the authenticate key generating apparatus 800 for client service according to the application's embodiment.As shown in Figure 8, the authenticate key generating apparatus 800 for client service comprises receiver module 801, authentication module 802 and generation module 803.Wherein, receiver module 801 can be configured for the authentication request receiving user side and send, and authentication request comprises the identity information of user side and the certificate parameter of upload file; Authentication module 802 can be configured for and carry out authentication based on above-mentioned identity information to user side; Generation module 803 can be configured in response to authentication success, session key according to preset-key algorithm and client service carries out to certificate parameter the authenticate key that signature generates user side, and the jump page provided by cloud stores service end for user side is sent to described cloud stores service end; Wherein, described authentication request is sent to described client service according to files passe request by user side.
All modules for recording in the authenticate key generating apparatus 800 of client service are corresponding with each step in the method described with reference to figure 3.Thus, the operation that describes for the authenticate key generation method for client service described in conjunction with Figure 3 and feature are suitable for authenticate key generating apparatus 800 for client service and the module that wherein comprises equally above, do not repeat them here.
With further reference to Fig. 9, it illustrates the files passe device 900 for cloud stores service end according to the application's embodiment.As shown in Figure 9, the files passe device 900 for cloud stores service end comprises request receiving module 901, generation module 902, authentication module 903 and file receive module 904.Wherein, request receiving module 901 can be configured for the files passe request and authenticate key that receive the jump page transmission that user side is provided by cloud stores service end, wherein, authenticate key is that files passe request generates according to the session key of the key algorithm preset and client service; It is that files passe request generates authentication secret that generation module 902 can be configured for according to the session key of the key algorithm preset and cloud stores service end; Authentication module 903 can be configured for and authentication secret and authenticate key be mated, if matched, then determines to be proved to be successful authenticate key; File receive module 904 can be configured in response to being proved to be successful, and receives the file that user side is uploaded.
In some optional implementations of the present embodiment, file receive module 904 also comprises: detecting unit (not shown), is configured in response to being proved to be successful, and detects whether the file uploaded from user side is the file being divided into multiple fragment; Synthesis unit (not shown), if being configured for the file uploaded from user side is the file being divided into multiple fragment, synthesizes according to the composition rule preset the file uploaded by each fragment with like-identified.
All modules for recording in the files passe device 900 of cloud stores service end are corresponding with each step in the method described with reference to figure 4.Thus, the operation that describes for files passe device 900 method for cloud stores service end described in conjunction with Figure 4 and feature are suitable for files passe device 900 for cloud stores service end and the module that wherein comprises equally above, do not repeat them here.
Please further refer to Figure 10, it illustrates the cloud storage system 1000 according to the application's embodiment.Wherein, user side 1010, client service 1020 and cloud stores service end 1030 can be comprised for cloud storage system 1000.
It will be understood by those skilled in the art that the cloud storage system 1000 shown in Figure 10 can be corresponding with the method for the files passe of the cloud storage system shown in Fig. 5, also can be corresponding with the method for the files passe of the cloud storage system shown in Fig. 6.Correspondingly, the user side 1010 in cloud storage system 1000, client service 1020 and cloud stores service end 1030 can be to have different implementations.Such as, when user side 1010 comprises the file creating apparatus 700 for user side as shown in Figure 7, if the authentication key acquisition module 702 for the file creating apparatus 700 of user side comprises authenticate key generation unit and authenticate key acquiring unit, then the file creating apparatus 700 for user side can generate authenticate key.Now, client service 1020 does not need to comprise receiver module, authentication module and generation module generation authenticate key.Alternatively, now, client service 1020 can comprise initialization module, in advance the session key of default key algorithm and client service being sent to the files passe device for user side.
It will be appreciated by those skilled in the art that, the above-mentioned files passe device 700 for user side, the authenticate key generating apparatus 800 for client service, for the files passe device 900 of cloud stores service end and Figure 10, it illustrates and also comprise some other known features according to the cloud storage system 1000 of the application's embodiment, such as processor, memory etc., in order to unnecessarily fuzzy embodiment of the present disclosure, these known structures are not shown in Fig. 10.
Module involved in the embodiment of the present application can be realized by the mode of software, also can be realized by the mode of hardware.Described module also can be arranged within a processor, such as, can be described as: a kind of processor comprises receiver module, authentication module and generation module.Wherein, the title of these modules does not form the restriction to this module itself under certain conditions, and such as, receiver module can also be described to " being configured for the module receiving the authentication request that user side sends ".
As another aspect, present invention also provides a kind of computer-readable recording medium, this computer-readable recording medium can be the computer-readable recording medium comprised in device described in above-described embodiment; Also can be individualism, be unkitted the computer-readable recording medium allocated in terminal.Described computer-readable recording medium stores more than one or one program, and described program is used for performance description in the method for the files passe of the application by one or more than one processor.
More than describe and be only the preferred embodiment of the application and the explanation to institute's application technology principle.Those skilled in the art are to be understood that, invention scope involved in the application, be not limited to the technical scheme of the particular combination of above-mentioned technical characteristic, also should be encompassed in when not departing from described inventive concept, other technical scheme of being carried out combination in any by above-mentioned technical characteristic or its equivalent feature and being formed simultaneously.The technical characteristic that such as, disclosed in above-mentioned feature and the application (but being not limited to) has similar functions is replaced mutually and the technical scheme formed.

Claims (18)

1., for a file uploading method for user side, described method comprises:
According to the solicit operation of the upload file received to cloud storage server, spanned file upload request;
Obtaining according to the session key of the key algorithm preset and client service is the authenticate key that described files passe request generates;
The jump page provided by cloud stores service end sends described files passe request and described authenticate key to described cloud stores service end, is verified by following steps for described cloud stores service end to described authenticate key: the session key according to described default key algorithm and described cloud stores service end is that described files passe request generates authentication secret; Described authentication secret and described authenticate key are mated, if matched, then determines to be proved to be successful described authenticate key;
In response to described cloud stores service end, described authenticate key is proved to be successful, by files passe to described cloud stores service end.
2. method according to claim 1, is characterized in that, the described session key obtaining the default key algorithm of basis and described client service is that the authenticate key that described files passe request generates comprises:
Authentication request is sent to described client service according to described files passe request, wherein, described authentication request comprises the identity information of described user side and the certificate parameter of upload file, obtains described authenticate key for described client service by following steps: carry out authentication based on described identity information to user side; In response to authentication success, the session key according to described preset-key algorithm and described client service carries out to described certificate parameter the authenticate key that signature generates described user side;
Described authenticate key is received from described client service.
3. method according to claim 1, is characterized in that, the described session key obtaining the default key algorithm of basis and described client service is that the authenticate key that described files passe request generates comprises:
The files passe interface that jump page provides according to described files passe request call, to perform described default key algorithm by described files passe interface to described session key, generate described authenticate key, wherein, described default key algorithm and described session key obtain from described client service in advance;
Obtain described authenticate key.
4. method according to claim 1, is characterized in that, is describedly proved to be successful described authenticate key in response to described cloud stores service end, is comprised by files passe to described cloud stores service end:
Be proved to be successful described authenticate key in response to described cloud stores service end, the files passe interface provided by described jump page obtains the byte number of the file uploaded;
Judge whether described byte number is greater than default byte-threshold;
If be greater than, multiple fragment is divided into be uploaded to described cloud stores service end according to the segmentation rule preset uploaded file.
5. one kind for the authenticate key generation method of client service, and it is characterized in that, described method comprises:
Receive the authentication request that user side sends, described authentication request comprises the identity information of described user side and the certificate parameter of institute's upload file;
Based on described identity information, authentication is carried out to user side;
In response to authentication success, session key according to preset-key algorithm and described client service carries out to described certificate parameter the authenticate key that signature generates described user side, and the jump page provided by cloud stores service end for user side is sent to described cloud stores service end;
Wherein, described authentication request is sent to described client service according to files passe request by user side.
6. for a file uploading method for cloud stores service end, it is characterized in that, described method comprises:
Receive files passe request and the authenticate key of the jump page transmission that user side is provided by cloud stores service end, wherein, described authenticate key is that described files passe request generates according to the session key of the key algorithm preset and client service;
Session key according to described default key algorithm and described cloud stores service end is that described files passe request generates authentication secret;
Described authentication secret and described authenticate key are mated, if matched, then determines to be proved to be successful described authenticate key;
In response to being proved to be successful, receive the file that described user side is uploaded.
7. method according to claim 6, is characterized in that, described in response to being proved to be successful, and receives the file that described user side uploads and comprises:
In response to being proved to be successful, detect whether the file uploaded from described user side is the file being divided into multiple fragment;
If so, each fragment with like-identified is synthesized according to the composition rule preset the file uploaded.
8., for a file uploading method for cloud storage system, described cloud storage system comprises cloud stores service end, client service and user side, it is characterized in that, described method comprises:
Described user side according to the solicit operation of the user's upload file received to cloud storage server, spanned file upload request, and send authentication request to described client service according to described files passe request;
Described client service is that described files passe request generates authenticate key according to the session key of the key algorithm preset and client service, and sends to described user side;
Described user side receives described authenticate key from described client service, and sends described files passe request and described authenticate key by the jump page that cloud stores service end provides to described cloud stores service end;
Described cloud stores service termination receives files passe request and the authenticate key of user side transmission, session key according to described default key algorithm and described cloud stores service end is that described files passe request generates authentication secret, and is verified described authenticate key by described authentication secret;
Be proved to be successful described authenticate key in response to described cloud stores service end, described cloud stores service termination receives the file that described user side is uploaded.
9., for a file uploading method for cloud storage system, described cloud storage system comprises cloud stores service end, client service and user side, it is characterized in that, described method comprises:
Described user side according to the solicit operation of the user's upload file received to cloud storage server, spanned file upload request;
Described user side is that described files passe request generates authenticate key according to the session key of the key algorithm preset obtained from described client service in advance and described client service;
Described files passe request and described authenticate key are sent to described cloud stores service end by the jump page that described user side is provided by cloud stores service end;
Described cloud stores service termination receives files passe request and the authenticate key of user side transmission, session key according to described default key algorithm and described cloud stores service end is that described files passe request generates authentication secret, and is verified described authenticate key by described authentication secret;
Be proved to be successful described authenticate key in response to described cloud stores service end, described cloud stores service termination receives the file that described user side is uploaded.
10. for a files passe device for user side, it is characterized in that, described device comprises:
Upload request generation module, is configured for according to the solicit operation of the user's upload file received to cloud storage server, spanned file upload request;
Authentication key acquisition module, being configured for the session key obtained according to the key algorithm preset and described client service is the authenticate key that described files passe request generates;
Upload request sending module, the jump page that being configured for is provided by cloud stores service end sends described files passe request and described authenticate key to described cloud stores service end, is verified by following steps for described cloud stores service end to described authenticate key: the session key according to described default key algorithm and described cloud stores service end is that described files passe request generates authentication secret; Described authentication secret and described authenticate key are mated, if matched, then determines to be proved to be successful described authenticate key;
Files passe module, is configured for and is proved to be successful described authenticate key in response to described cloud stores service end, by files passe to described cloud stores service end.
11. devices according to claim 10, is characterized in that, described authentication key acquisition module comprises:
Authentication request transmitting element, be configured for and send authentication request according to described files passe request to described client service, wherein, described authentication request comprises the identity information of described user side and the certificate parameter of upload file, obtains described authenticate key for described client service by following steps: carry out authentication based on described identity information to user side; In response to authentication success, the session key according to described preset-key algorithm and described client service carries out to described certificate parameter the authenticate key that signature generates described user side;
Authenticate key receiving element, is configured for and receives described authenticate key from described client service.
12. devices according to claim 10, is characterized in that, described authentication key acquisition module comprises:
Authenticate key generation unit, be configured for the files passe interface that jump page provides according to described files passe request call, to perform described default key algorithm by described files passe interface to described session key, generate authenticate key, wherein, described default key algorithm and described session key obtain from described client service in advance;
Authenticate key acquiring unit, is configured for and obtains described authenticate key.
13. methods according to claim 10, is characterized in that, described files passe module comprises:
Acquiring unit, be configured for and be proved to be successful described authenticate key in response to described cloud stores service end, the files passe interface provided by described jump page obtains the byte number of the file uploaded;
Judging unit, is configured for and judges whether described byte number is greater than default byte-threshold;
Cutting unit, if be configured for described judging unit to judge that described byte number is greater than default byte-threshold, is divided into multiple fragment to be uploaded to described cloud stores service end according to the segmentation rule preset uploaded file.
14. 1 kinds, for the authenticate key generating apparatus of client service, is characterized in that, described device comprises:
Receiver module, be configured for the authentication request receiving described user side and send, described authentication request comprises the identity information of described user side and the certificate parameter of upload file;
Authentication module, is configured for and carries out authentication based on described identity information to user side;
Generation module, be configured in response to authentication success, session key according to described preset-key algorithm and described client service carries out to described certificate parameter the authenticate key that signature generates described user side, and the jump page provided by cloud stores service end for user side is sent to described cloud stores service end;
Wherein, described authentication request is sent to described client service according to files passe request by user side.
15. 1 kinds, for the files passe device of cloud stores service end, is characterized in that, described device comprises:
Request receiving module, be configured for the files passe request and authenticate key that receive the jump page transmission that described user side is provided by cloud stores service end, wherein, described authenticate key is that described files passe request generates according to the session key of the key algorithm preset and described client service;
Generation module, being configured for according to the session key of described default key algorithm and described cloud stores service end is that described files passe request generates authentication secret;
Authentication module, is configured for and described authentication secret and described authenticate key is mated, if matched, then determines to be proved to be successful described authenticate key;
File receive module, is configured in response to being proved to be successful, and receives the file that described user side is uploaded.
16. devices according to claim 15, is characterized in that, described file receive module comprises:
Detecting unit, is configured in response to being proved to be successful, and detects whether the file uploaded from described user side is the file being divided into multiple fragment;
Synthesis unit, if being configured for the file uploaded from described user side is the file being divided into multiple fragment, synthesizes according to the composition rule preset the file uploaded by each fragment with like-identified.
17. 1 kinds of cloud storage systems, described cloud storage system comprises user side, client service and cloud stores service end, it is characterized in that:
Described user side, is configured for according to the solicit operation of the user's upload file received to cloud storage server, spanned file upload request, and sends authentication request according to described files passe request to described client service;
Described client service, being configured for according to the session key of the key algorithm preset and client service is that described files passe request generates authenticate key, and sends to described user side;
Described user side, is also configured for and receives described authenticate key from described client service, and sends described files passe request and described authenticate key by the jump page that cloud stores service end provides to described cloud stores service end;
Described cloud stores service end, be configured for the files passe request and authenticate key that receive user side transmission, session key according to described default key algorithm and described cloud stores service end is that described files passe request generates authentication secret, and is verified described authenticate key by described authentication secret;
Described user side, is also configured for and is proved to be successful described authenticate key in response to described cloud stores service end, and described cloud stores service termination receives the file that described user side is uploaded.
18. 1 kinds of cloud storage systems, described cloud storage system comprises cloud stores service end, client service and user side, it is characterized in that:
Described user side, be configured for according to the solicit operation of the user's upload file received to cloud storage server, spanned file upload request, and be that described files passe request generates authenticate key according to the session key of the key algorithm preset obtained from described client service in advance and described client service, described files passe request and described authenticate key are sent to described cloud stores service end by the jump page provided by cloud stores service end;
Described cloud stores service end, be configured for the files passe request and authenticate key that receive user side transmission, session key according to described default key algorithm and described cloud stores service end is that described files passe request generates authentication secret, and is verified described authenticate key by described authentication secret;
Described user side, is also configured for and is proved to be successful described authenticate key in response to described cloud stores service end, and described cloud stores service termination receives the file that described user side is uploaded.
CN201510527949.1A 2015-08-25 2015-08-25 The methods, devices and systems that file uploads Active CN105025041B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510527949.1A CN105025041B (en) 2015-08-25 2015-08-25 The methods, devices and systems that file uploads

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510527949.1A CN105025041B (en) 2015-08-25 2015-08-25 The methods, devices and systems that file uploads

Publications (2)

Publication Number Publication Date
CN105025041A true CN105025041A (en) 2015-11-04
CN105025041B CN105025041B (en) 2019-03-12

Family

ID=54414745

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510527949.1A Active CN105025041B (en) 2015-08-25 2015-08-25 The methods, devices and systems that file uploads

Country Status (1)

Country Link
CN (1) CN105025041B (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105657007A (en) * 2015-12-29 2016-06-08 深圳市鼎芯无限科技有限公司 Storage method and device for target information
CN106302453A (en) * 2016-08-15 2017-01-04 北京奇虎科技有限公司 The processing method of data, Apparatus and system
WO2017071512A1 (en) * 2015-10-29 2017-05-04 阿里巴巴集团控股有限公司 Cloud storage and cloud download methods for multimedia data and related devices
CN106815495A (en) * 2017-02-21 2017-06-09 郑州云海信息技术有限公司 A kind of data processing method and device in cloud environment
CN106878293A (en) * 2017-01-23 2017-06-20 深圳市中博科创信息技术有限公司 Date storage method and device based on cloud storage platform
CN106936579A (en) * 2015-12-30 2017-07-07 航天信息股份有限公司 Cloud storage data storage and read method based on trusted third party agency
CN109639819A (en) * 2018-12-28 2019-04-16 腾讯科技(深圳)有限公司 Document transmission method, client, server and system
CN109948362A (en) * 2019-03-08 2019-06-28 阿里巴巴集团控股有限公司 Data access processing method and system
CN110099048A (en) * 2019-04-19 2019-08-06 中共中央办公厅电子科技学院(北京电子科技学院) A kind of cloud storage method and apparatus
CN110225510A (en) * 2019-06-11 2019-09-10 三星电子(中国)研发中心 Method and apparatus for burning embedded SIM card
CN110311880A (en) * 2018-03-20 2019-10-08 中移(苏州)软件技术有限公司 Method for uploading, the apparatus and system of file
CN112242976A (en) * 2019-07-17 2021-01-19 华为技术有限公司 Identity authentication method and device
CN112637354A (en) * 2020-12-28 2021-04-09 同方威视科技江苏有限公司 Data transmission management method, system and equipment based on cloud storage
CN113132426A (en) * 2019-12-30 2021-07-16 同方威视科技江苏有限公司 Cloud platform file management system and method based on user permission
CN114567447A (en) * 2022-04-26 2022-05-31 佳瑛科技有限公司 Data sharing management method and device based on cloud server
CN115834567A (en) * 2022-11-08 2023-03-21 四川启睿克科技有限公司 Picture uploading method and system for vue assembly
CN116506224A (en) * 2023-06-27 2023-07-28 中航金网(北京)电子商务有限公司 File uploading method and device, computer equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457509A (en) * 2010-11-02 2012-05-16 中兴通讯股份有限公司 Safe access method, device and system of cloud computing resource
CN103139163A (en) * 2011-11-29 2013-06-05 阿里巴巴集团控股有限公司 Data access method, server and terminal
CN103326856A (en) * 2013-05-20 2013-09-25 西北工业大学 Cloud storage data responsibility confirmation structure and method based on two-way digital signature
CN103731395A (en) * 2012-10-10 2014-04-16 中兴通讯股份有限公司 Processing method and system for files
WO2014180416A1 (en) * 2013-09-18 2014-11-13 中兴通讯股份有限公司 Method for file upload to cloud storage system, download method and device
KR20150062198A (en) * 2013-11-28 2015-06-08 한국과학기술정보연구원 System and method for job execution in conjunction with cloud storage

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457509A (en) * 2010-11-02 2012-05-16 中兴通讯股份有限公司 Safe access method, device and system of cloud computing resource
CN103139163A (en) * 2011-11-29 2013-06-05 阿里巴巴集团控股有限公司 Data access method, server and terminal
CN103731395A (en) * 2012-10-10 2014-04-16 中兴通讯股份有限公司 Processing method and system for files
CN103326856A (en) * 2013-05-20 2013-09-25 西北工业大学 Cloud storage data responsibility confirmation structure and method based on two-way digital signature
WO2014180416A1 (en) * 2013-09-18 2014-11-13 中兴通讯股份有限公司 Method for file upload to cloud storage system, download method and device
KR20150062198A (en) * 2013-11-28 2015-06-08 한국과학기술정보연구원 System and method for job execution in conjunction with cloud storage

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017071512A1 (en) * 2015-10-29 2017-05-04 阿里巴巴集团控股有限公司 Cloud storage and cloud download methods for multimedia data and related devices
CN105657007A (en) * 2015-12-29 2016-06-08 深圳市鼎芯无限科技有限公司 Storage method and device for target information
CN106936579A (en) * 2015-12-30 2017-07-07 航天信息股份有限公司 Cloud storage data storage and read method based on trusted third party agency
CN106302453A (en) * 2016-08-15 2017-01-04 北京奇虎科技有限公司 The processing method of data, Apparatus and system
CN106878293A (en) * 2017-01-23 2017-06-20 深圳市中博科创信息技术有限公司 Date storage method and device based on cloud storage platform
CN106815495A (en) * 2017-02-21 2017-06-09 郑州云海信息技术有限公司 A kind of data processing method and device in cloud environment
CN110311880A (en) * 2018-03-20 2019-10-08 中移(苏州)软件技术有限公司 Method for uploading, the apparatus and system of file
CN110311880B (en) * 2018-03-20 2021-08-06 中移(苏州)软件技术有限公司 File uploading method, device and system
CN109639819A (en) * 2018-12-28 2019-04-16 腾讯科技(深圳)有限公司 Document transmission method, client, server and system
CN109948362B (en) * 2019-03-08 2022-11-22 创新先进技术有限公司 Data access processing method and system
CN109948362A (en) * 2019-03-08 2019-06-28 阿里巴巴集团控股有限公司 Data access processing method and system
CN110099048A (en) * 2019-04-19 2019-08-06 中共中央办公厅电子科技学院(北京电子科技学院) A kind of cloud storage method and apparatus
CN110225510A (en) * 2019-06-11 2019-09-10 三星电子(中国)研发中心 Method and apparatus for burning embedded SIM card
CN112242976A (en) * 2019-07-17 2021-01-19 华为技术有限公司 Identity authentication method and device
CN113132426A (en) * 2019-12-30 2021-07-16 同方威视科技江苏有限公司 Cloud platform file management system and method based on user permission
CN112637354A (en) * 2020-12-28 2021-04-09 同方威视科技江苏有限公司 Data transmission management method, system and equipment based on cloud storage
CN114567447A (en) * 2022-04-26 2022-05-31 佳瑛科技有限公司 Data sharing management method and device based on cloud server
CN114567447B (en) * 2022-04-26 2022-07-19 佳瑛科技有限公司 Data sharing management method and device based on cloud server
CN115834567A (en) * 2022-11-08 2023-03-21 四川启睿克科技有限公司 Picture uploading method and system for vue assembly
CN115834567B (en) * 2022-11-08 2024-05-31 四川启睿克科技有限公司 Picture uploading method and system for vue assembly
CN116506224A (en) * 2023-06-27 2023-07-28 中航金网(北京)电子商务有限公司 File uploading method and device, computer equipment and storage medium
CN116506224B (en) * 2023-06-27 2023-10-03 中航金网(北京)电子商务有限公司 File uploading method and device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN105025041B (en) 2019-03-12

Similar Documents

Publication Publication Date Title
CN105025041A (en) File upload method, file upload apparatus and system
CN112019493B (en) Identity authentication method, identity authentication device, computer equipment and medium
CN101478396B (en) Uni-directional cross-domain identity verification based on low correlation of private cipher key and application thereof
CN107046544B (en) Method and device for identifying illegal access request to website
CN106209726B (en) Mobile application single sign-on method and device
CN102682009A (en) Method and system for logging in webpage
KR101744747B1 (en) Mobile terminal, terminal and method for authentication using security cookie
CN107016074B (en) Webpage loading method and device
CN104378376A (en) SOA-based single-point login method, authentication server and browser
CN103347092A (en) Method and device for recognizing cacheable file
CN108322416B (en) Security authentication implementation method, device and system
CN105191208B (en) Method for activating the application program on user apparatus
CN103561040A (en) File downloading method and system
CN111062023B (en) Method and device for realizing single sign-on of multi-application system
CN103685139A (en) Authentication and authorization processing method and device
CN106559405B (en) Portal authentication method and equipment
CN105991518B (en) Network access verifying method and device
CN106549909B (en) Authorization verification method and device
CN103024740A (en) Method and system for accessing internet by mobile terminal
CN105191293A (en) Advertising download verification
CN104836812A (en) Portal authentication method, device and system
CN107835160A (en) Third party's user authen method based on Quick Response Code
CN111177735A (en) Identity authentication method, device, system and equipment and storage medium
CN108259457A (en) A kind of WEB authentication methods and device
CN115022047B (en) Account login method and device based on multi-cloud gateway, computer equipment and medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant