CN105282103A - Improvement method for secure storage - Google Patents
Improvement method for secure storage Download PDFInfo
- Publication number
- CN105282103A CN105282103A CN201410305092.4A CN201410305092A CN105282103A CN 105282103 A CN105282103 A CN 105282103A CN 201410305092 A CN201410305092 A CN 201410305092A CN 105282103 A CN105282103 A CN 105282103A
- Authority
- CN
- China
- Prior art keywords
- client
- file
- storage server
- storage
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an improvement method for secure storage, which is characterized by comprising the steps that: S1, user submit registration information at a control center, the control center generates SM2 public and private key pairs, the control center stores the client public keys and makes the client public keys in one-to-one correspondence with client information; S2, a client uploads a file to a storage server, and the storage server packages encrypted random numbers, the encrypted file and file SM3hash into a structure for storage; S3, the client reads the file in a ciphertext form from the server, a client side calls an SM2 algorithm to decrypt the received random numbers, and the client side calls the SM2 algorithm to encrypt the random numbers and then sends the encrypted random numbers to the storage server; S4, and the storage server receives the encrypted random numbers, decrypts the ciphertext that the client needs to extract by using the random numbers, and sends the ciphertext to the client. The encrypted storage method for secure storage improved by adopting the state cryptographic algorithms SM1, SM2 and SM3 solves the problem of repeated data and low storage efficiency of the server.
Description
Technical field
The present invention relates to improving one's methods of a kind of safe storage.
Background technology
The network store system of current trend is that the data centralization storage of enterprise provides good solution, and user and manufacturer also notice the data security sex chromosome mosaicism concentrated and store.In order to ensure to concentrate the data stored not divulged a secret, manufacturer stores end in data and adds encrypting module, ensures to encrypt when writing data in memory device, deciphers when reading data from memory device.Owing to using different secret key encryptions when different user stores same file, so the file of ciphertext state is certainly different, cause there is repeating data in storage server, storage efficiency is not high.
Therefore, prior art needs to be improved.
Summary of the invention
The present invention, in order to solve the deficiencies in the prior art, provides improving one's methods of a kind of safe storage, and the cryptographic storage mode using state close algorithm SM1, SM2, SM3 to improve solves this kind of potential safety hazard.
For solving the problems of the technologies described above, improving one's methods of a kind of safe storage that the embodiment of the present invention provides, adopts following technical scheme:
Improving one's methods of a kind of safe storage, is characterized in that, comprises the steps:
S1: the user in the controlling heart submits log-on message to, and control centre produces SM2 public private key pair, and private key is stored in client USBKEY, and the SM2 PKI of storage server is stored in USBKEY, and control centre stores customer public keys, and with customer information one_to_one corresponding;
S2: client's upload file is to storage server, storage server gets customer public keys according to customer information to control centre, storage server calculates the SM3HASH value of client's upload file, storage server produces random number as key, use the file that symmetry algorithm SM1 encryption client uploads, storage server uses the PKI of client, uses SM2 algorithm for encryption random number, and storage server is packaged into the file after the random number after encryption, encryption, file SM3hash structure and stores simultaneously;
S3: client reads the file of ciphertext state from server, server extracts the random number of ciphertext state according to the file that will read, send to client, client call user USBKEY, use client private key, call SM2 algorithm and decipher the random number received, client uses the PKI of storage server, calls SM2 algorithm for encryption random number and sends to storage server;
S4: storage server receives the random number after encryption, uses the private key of oneself to decrypt random number, using random nnrber decryption to go out the ciphertext that client will extract, sends to client.
, in the cryptographic storage mode settlement server using state close algorithm SM1, SM2, SM3 to improve, there is repeating data, the problem that storage efficiency is not high in improving one's methods of a kind of safe storage provided by the invention.
Accompanying drawing explanation
The step schematic diagram of improving one's methods that Fig. 1 is a kind of safe storage described in the embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing, improving one's methods of the safe storage that the embodiment of the present invention is supplied to is described in detail.
As shown in Figure 1, improving one's methods of a kind of safe storage that the embodiment of the present invention provides, is characterized in that, comprise the steps:
S1: the user in the controlling heart submits log-on message to, and control centre produces SM2 public private key pair, and private key is stored in client USBKEY, and the SM2 PKI of storage server is stored in USBKEY, and control centre stores customer public keys, and with customer information one_to_one corresponding;
S2: client's upload file is to storage server, storage server gets customer public keys according to customer information to control centre, storage server calculates the SM3HASH value of client's upload file, storage server produces random number as key, use the file that symmetry algorithm SM1 encryption client uploads, storage server uses the PKI of client, uses SM2 algorithm for encryption random number, and storage server is packaged into the file after the random number after encryption, encryption, file SM3hash structure and stores simultaneously;
S3: client reads the file of ciphertext state from server, server extracts the random number of ciphertext state according to the file that will read, send to client, client call user USBKEY, use client private key, call SM2 algorithm and decipher the random number received, client uses the PKI of storage server, calls SM2 algorithm for encryption random number and sends to storage server;
S4: storage server receives the random number after encryption, uses the private key of oneself to decrypt random number, using random nnrber decryption to go out the ciphertext that client will extract, sends to client.
Duplicate file handling process:
Storage server starts monitoring process, receives the new file that user stores, according to the SM3HASH value of file, searches the file whether having repetition, if not, then repeats the new file searching user's storage; If, then according to the user that SM3hash value finds this file to belong to, and find the PKI (n) of these users, delete the file existed, and produce new random number, use the file that SM1 algorithm for encryption has just been uploaded, use the random number (cryptographic algorithm is SM2) that the public key encryption of client public key and the firm upload file user found just has produced respectively, the random number of (n+1 part) the ciphertext state of generation, these data are stored together with the file after encryption and SM3HASH value, then recirculation.
, in the cryptographic storage mode settlement server using state close algorithm SM1, SM2, SM3 to improve, there is repeating data, the problem that storage efficiency is not high in improving one's methods of a kind of safe storage provided by the invention.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; change can be expected easily or replace, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should described be as the criterion with the protection range of claim.
Claims (1)
1. the improving one's methods an of safe storage, is characterized in that, comprise the steps:
S1: the user in the controlling heart submits log-on message to, and control centre produces SM2 public private key pair, and private key is stored in client USBKEY, and the SM2 PKI of storage server is stored in USBKEY, and control centre stores customer public keys, and with customer information one_to_one corresponding;
S2: client's upload file is to storage server, storage server gets customer public keys according to customer information to control centre, storage server calculates the SM3HASH value of client's upload file, storage server produces random number as key, use the file that symmetry algorithm SM1 encryption client uploads, storage server uses the PKI of client, uses SM2 algorithm for encryption random number, and storage server is packaged into the file after the random number after encryption, encryption, file SM3hash structure and stores simultaneously;
S3: client reads the file of ciphertext state from server, server extracts the random number of ciphertext state according to the file that will read, send to client, client call user USBKEY, use client private key, call SM2 algorithm and decipher the random number received, client uses the PKI of storage server, calls SM2 algorithm for encryption random number and sends to storage server;
S4: storage server receives the random number after encryption, uses the private key of oneself to decrypt random number, using random nnrber decryption to go out the ciphertext that client will extract, sends to client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410305092.4A CN105282103A (en) | 2014-07-01 | 2014-07-01 | Improvement method for secure storage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410305092.4A CN105282103A (en) | 2014-07-01 | 2014-07-01 | Improvement method for secure storage |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105282103A true CN105282103A (en) | 2016-01-27 |
Family
ID=55150442
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410305092.4A Pending CN105282103A (en) | 2014-07-01 | 2014-07-01 | Improvement method for secure storage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105282103A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109409109A (en) * | 2018-10-17 | 2019-03-01 | 网易(杭州)网络有限公司 | Data processing method, device, processor and server in network service |
| CN110730184A (en) * | 2019-10-22 | 2020-01-24 | 江苏先安科技有限公司 | Novel bidding encryption and decryption method based on SM2 cryptographic algorithm |
-
2014
- 2014-07-01 CN CN201410305092.4A patent/CN105282103A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109409109A (en) * | 2018-10-17 | 2019-03-01 | 网易(杭州)网络有限公司 | Data processing method, device, processor and server in network service |
| CN110730184A (en) * | 2019-10-22 | 2020-01-24 | 江苏先安科技有限公司 | Novel bidding encryption and decryption method based on SM2 cryptographic algorithm |
| CN110730184B (en) * | 2019-10-22 | 2021-11-05 | 江苏先安科技有限公司 | Novel bidding encryption and decryption method based on SM2 cryptographic algorithm |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10785019B2 (en) | Data transmission method and apparatus | |
| PH12019500938A1 (en) | Data transmission method, apparatus and system | |
| KR101493212B1 (en) | Method and system for id-based encryption and decryption | |
| US9485096B2 (en) | Encryption / decryption of data with non-persistent, non-shared passkey | |
| CN104158653B (en) | A kind of safety communicating method based on the close algorithm of business | |
| JP2013243667A5 (en) | ||
| JP2009296190A5 (en) | ||
| WO2015127789A1 (en) | Communication method, apparatus and system based on combined public key cryptosystem | |
| CA2548229A1 (en) | Enabling stateless server-based pre-shared secrets | |
| CN107453880B (en) | Cloud data secure storage method and system | |
| JP2017538353A5 (en) | ||
| RU2009117677A (en) | METHOD AND DEVICE FOR MUTUAL AUTHENTICATION | |
| US11316671B2 (en) | Accelerated encryption and decryption of files with shared secret and method therefor | |
| CN104868996A (en) | Data encryption and decryption method, device thereof, and terminal | |
| CN101789865A (en) | Dedicated server used for encryption and encryption method | |
| JP2012175156A (en) | Key management system | |
| US9130744B1 (en) | Sending an encrypted key pair and a secret shared by two devices to a trusted intermediary | |
| CN103067160A (en) | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) | |
| CN103634266B (en) | A bidirectional authentication method for a server and a terminal | |
| TW201417546A (en) | Instant messaging method and system | |
| CN111404953A (en) | Message encryption method, message decryption method, related devices and related systems | |
| RU2015120264A (en) | AGENT FOR SECURING CLOUD SERVICE AND DEVELOPMENT OF SECURITY MARKERS FOR SECURE CLOUD SERVICE | |
| CN105187418B (en) | Weak signature algorithm | |
| CN107659405B (en) | The encrypting and decrypting method of data communication between a kind of substation boss station | |
| JP2016525836A5 (en) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160127 |