CN105471856B - The retrieval of file and shared system and method are encrypted for large data center platform - Google Patents

The retrieval of file and shared system and method are encrypted for large data center platform Download PDF

Info

Publication number
CN105471856B
CN105471856B CN201510800054.0A CN201510800054A CN105471856B CN 105471856 B CN105471856 B CN 105471856B CN 201510800054 A CN201510800054 A CN 201510800054A CN 105471856 B CN105471856 B CN 105471856B
Authority
CN
China
Prior art keywords
file
module
data center
center platform
large data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510800054.0A
Other languages
Chinese (zh)
Other versions
CN105471856A (en
Inventor
陈天莹
李霄
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Electronic Technology Cyber Security Co Ltd
Original Assignee
China Electronic Technology Cyber Security Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Electronic Technology Cyber Security Co Ltd filed Critical China Electronic Technology Cyber Security Co Ltd
Priority to CN201510800054.0A priority Critical patent/CN105471856B/en
Publication of CN105471856A publication Critical patent/CN105471856A/en
Application granted granted Critical
Publication of CN105471856B publication Critical patent/CN105471856B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Abstract

A kind of retrieval for large data center platform encryption file and shared system,Include that the user file progress user data acquisition of transmission request is initiated to large data center platform to user and ensures the data acquisition module of user data confidentiality and integrity,Primary treatment is carried out to build the data preprocessing module for being adapted index and index being encrypted for the user data in the data collecting module collected to user file,The data memory module for being encrypted and storing and index is stored to carrying out the user file after data processing by the data preprocessing module,Realize the shared and Switching Module that the file after encrypting is used to encrypt search and realizes that safety is shared between different user file and exchanges,The key management module that key for being encrypted to the encrypted key of user file and to index is managed.The invention also discloses a kind of the retrieval of file and shared method are encrypted for large data center platform.

Description

The retrieval of file and shared system and method are encrypted for large data center platform
Technical field
It is specifically a kind of to be used for large data center the present invention relates to the interleaving techniques field of computer technology and information security The encryption document retrieval of platform and shared method and system.
Background technology
Big data is to push the grand strategy resource of economy and society development.In order to break interdepartmental barrier, carry Tall and big data sharing utilization rate, government push the informatizations such as E-Government, smart city, information Huimin energetically.Big data Basis of the central platform as informatizations such as government driving smart city, information Huimins is by each department's data centralization Big data platform is collected and stored, the shared and Exchange Service that departments at different levels provide data is unified for.Large data center platform The place most intensive, Data share-and-exchange is most frequent is stored as data resource, the careless omission of any security protection, which can all give, to be used Bring irreparable damage in family.
For government, structure large data center mainly with the sharing of data, be exchanged for main target, but government Data contain a large amount of individual privacies (identity information, social security, finance etc.) information of citizen, also contain it is many with national security, Develop the sensitive data that is closely related, these data are centrally stored on large data center platform, and the leakage of any data is all Meeting is personal or even country threatens, therefore data safety protection is the most important thing.
In order to ensure data safety, the method that can generally use data encryption to be combined with security protection system, specific side Method includes two parts:
(1) user stores the data encryption of oneself to cloud platform or large data center platform, and data is prevented to be stolen.
(2) available data center is to refer to OSI information security systems frame and national information safety guarantee body with cloud platform System, from organizational framework (setting of mechanism and personnel), management system (management system and technical standard are formulated) and technical system (object Reason safety, Host Security, network security etc.) three aspects protect the safety of data center.Technical system is as security protection Emphasis, mainly outside threat is defendd using modes such as fire wall, Intrusion Detection Technique and intrusion prevention systems, using standby Part and disaster-tolerant recovery protect the safety of data.
With internet and its increasingly in-depth of application, the value of data is growing day by day, and system running environment is also increasingly Complexity, existing method have ensured the safety of data to a certain extent, but there is problems:
(1) security protection at cloud platform and available data center is weakened based on traditional information security system at present Status of the data protection in safety, does not protect data comprehensively;
(2) in cloud platform, user can only examine the data of oneself by the data encryption storage to cloud of oneself Rope can not inquire the data of other users.Using Data share-and-exchange as in the large data center platform of target, there are no have The encryption File Search Technique of effect, seriously hinders the shared of data and exchanges;
(3) large data center platform is the Rendezvous Point of data, and the privacy and sensitivity of a large amount of different users are contained in data Information just issues data without desensitization process, can cause the privacy leakage of user.
Therefore, large data center platform need it is a kind of it is safe and effective encryption document retrieval, Data share-and-exchange side Method can not only carry out sensitive data effective protection, but also share and exchange convenient for it.
Invention content
To solve the above-mentioned problems, the present invention provides a kind of retrieval for large data center platform encryption file and shared System and corresponding method, realize large data center platform in encryption file safe retrieval and different user between Data safety is shared.
A kind of retrieval for large data center platform encryption file and shared system, it is described flat for large data center Platform encryption file retrieval and shared system include to user to large data center platform initiate transmission request user file into Row user data acquires and ensures the data acquisition module of user data confidentiality and integrity, adopted for the data acquisition module Collect the user data in user file and carries out primary treatment to build the data for being adapted index and index being encrypted Preprocessing module, to by the data preprocessing module carry out data processing after user file be encrypted and store with And to indexing the data memory module stored, realizing and will be used for encryption search by the file after encryption and in different use Realize that safety is shared between the file of family and exchange it is shared with Switching Module, to being used for the encrypted key of user file and right Index the key management module that the key being encrypted is managed;The data acquisition module include to user into big data Heart platform initiate transmission request file uploaded by data collector file uploading module, to the file upload mould The file content formulation that block acquisition uploads examines rule and carries out the Content Advisor module of Safety Examination to it, for by described interior Hold and examines that module examines that qualified file directly establishes secure transmission tunnel in the data collector and large data center platform Path setup module, will examine qualified upper transmitting file by secure transmission tunnel and be sent to the file of large data center platform Receiving module;The data preprocessing module includes the file for reading the data acquisition module and uploading to large data center platform The content read module of content of text, the file content that is read to the content read module carried using feature extraction algorithm It takes the characteristic extracting module of the text feature of file, established extremely for it according to the text feature that the characteristic extracting module is extracted The index construct module of few two-stage index, to the suitable Encryption Algorithm of index selection of the index construct module construction at different levels Index the index encrypting module being encrypted;The data memory module includes will be in encrypted index storage to big data The index memory module of heart platform index database, to be transferred to large data center platform user file select Encryption Algorithm to its into The encrypted file encryption module of row will pass through the encrypted user file storage of the file encryption module to large data center platform File storage module in specific store system;The shared and Switching Module, which includes relative users, needs the retrieval for encrypting file It seeks and provides the document retrieval module of corresponding retrieval result, user is shared to what the shared demand for encrypting file was applied Application module, the shared auditing module that the shared demand application of user is audited, to the users to share demand by audit The corresponding file for needing the encryption file to desensitize that desensitization process is decrypted desensitization module needs to pass through the users to share of audit It asks the corresponding encryption file that need not be desensitized to establish secure transmission tunnel and sends the safety biography that user meets its shared demand to Defeated module provides the download link safe download module that protection guarantee is downloaded safely for the user file after decrypting;Institute It includes being generated, store, distribute control and being destroyed the index key of management to indexing encrypted key to state key management module Management module and the file key management mould that control and destruction management are generated, stored, distributed to the key for encrypting file Block.
A method of it is described flat for large data center for the large data center platform encryption retrieval of file and shared Platform encrypts the retrieval of file and shared method uses and encrypts the retrieval of file and shared system for large data center platform It realizes the retrieval of encryption file and shared, includes data input processing flow and user oriented towards large data center platform Data output processing flow.
Wherein, the data input processing flow includes the following steps:
Es1, user initiate file upload request to large data center platform, enter step Es2;
Es2, the large data center platform utilize the retrieval for large data center platform encryption file and share System in file uploading module control data collector on transmitting file Es3;
Es3, pass through the Content Advisor in the retrieval and shared system for encrypting file for large data center platform Module asks the file content uploaded to carry out Safety Examination user, judges whether its content is safe;If file is dangerous, enter Step Es4;If file security, it is directly entered step Es5;
Es4, file upload failure, terminate data input;
Es5, judge whether file needs to encrypt, if need not encrypt, enter step Es6;If desired it encrypts, enters Step Es7;
Es6, it is stored by the file in the retrieval and shared system for encrypting file for large data center platform Module stores file into large data center platform-specific storage system;
Es7, pass through the Path Setup in the retrieval and shared system for encrypting file for large data center platform Module is that encrypted file is needed to establish secure transmission tunnel between data collector and large data center platform, is entered step Es8;
Es8, pass through the file reception in the retrieval and shared system for encrypting file for large data center platform File is sent to large data center platform by secure transmission tunnel and is encrypted by module, enters step Es9;
Es9, large data center platform receive file, enter step Es10;
Es10, it is read by the content in the retrieval and shared system for encrypting file for large data center platform Module reads the file content uploaded, is carried out at the same time step Es11 and step Es13;
Es11, suitable Encryption Algorithm is selected according to file content and is encrypted simultaneously from described for large data center platform Key management module in the retrieval of file and shared system obtains file encryption key, enters step Es12;
Es12, added for large data center platform by described with selected Encryption Algorithm and the file encryption key of acquisition File is encrypted in file encryption module in the retrieval of ciphertext part and shared system, enters step Es6;
Es13, the feature extraction algorithm being adapted according to the file content feature selecting feature selecting read, into step Rapid Es14;
The selected characteristics algorithm of Es14, basis, by the retrieval for large data center platform encryption file and altogether Characteristic extracting module extraction in the system enjoyed carries out feature extraction to file, enters step Es15;
Es15, based on the file characteristic extracted, pass through it is described for large data center platform encrypt file inspection Index construct module in rope and shared system is that file builds at least secondary index, enters step Es16;
Es16, it is encrypted simultaneously from described for large data center platform for the suitable Encryption Algorithm of the good index selection of component Key management module in the retrieval of file and shared system obtains index encryption key, enters step Es17;
Es17, text is encrypted for large data center platform by described according to the Encryption Algorithm and index encryption key selected The index built is encrypted in index encrypting module in the retrieval of part and shared system, enters step Es18;
Es18, it is stored by the index in the retrieval and shared system for encrypting file for large data center platform The encrypted index of module storage i.e. will be in the storage to large data center platform index database of encrypted index.
The data output journey includes the following steps:
Os1, user initiate encryption file query requests to large data center platform, enter step Os2;
In the retrieval and shared system of Os2, large data center platform by encrypting file for large data center platform Document retrieval module encrypted indexes are positioned, enter step Os3;
Os3, it is obtained from the key management module in the retrieval and shared system for encrypting file for large data center platform Index secret key decryption index is taken, Os4 is entered step;
Index after Os4, retrieval decryption, positioning meet the file of inquiry request, return to query result and are looked into file is initiated The user for asking request, enters step Os5;
Os5, user judge whether shared file according to the retrieval result of return, if not needing shared file, enter step Os6;If desired shared file enters step Os7;
Os6, poll-final;
Os7, user initiate sharing request to large data center platform, ask to share the query result returned in step Os4 Corresponding file, enters step Os8;
In the retrieval and shared system of Os8, large data center platform by encrypting file for large data center platform Shared auditing module come audit whether allow shared file to initiate request user entered step if not allowing to share Os9;If allowing to share, Os10 is entered step;
The file that Os9, large data center platform do not allow shared user's request shared, shares failure;
The file that Os10, large data center platform allow shared user's request shared, adds from for large data center platform Key management module in the retrieval of ciphertext part and shared system obtains file key to allowing shared file to be decrypted, Enter step Os11;
Os11, judge whether file needs to desensitize, if need not desensitize, be directly entered step Os13;If desired it desensitizes, into Enter step Os12;
File desensitization module in Os12, retrieval and shared system by encrypting file for large data center platform Desensitization process is carried out to file, enters step Os13;
Path setup module in Os13, retrieval and shared system by encrypting file for large data center platform File for user to be shared to establishes escape way, enters step Os14;
Os14, shared file will be allowed to be supplied to user by the escape way established in step Os13.
The present invention ensures the safety in data sharing and exchange process from data safety angle;Meanwhile the present invention adopts With structure multi-level encryption indexed mode, realizes the retrieval to encrypting file in big data platform, improve the effect of encryption document retrieval Rate and accuracy;Realize simultaneously between different user data shared application with file is total to by way of audit It enjoys, and is desensitized to file by the way of data desensitization, prevent privacy leakage.
Description of the drawings
Fig. 1 is retrieval and the signal of shared system structure composed that file is encrypted for large data center platform of the present invention Figure;
Fig. 2 is the retrieval for being used for large data center platform encryption file of the present invention and shared method data input stream journey Schematic diagram;
Fig. 3 is retrieval and the shared method data output flow that file is encrypted for large data center platform of the present invention Schematic diagram.
Specific implementation mode
It is specific below in conjunction with the accompanying drawings to introduce the present invention in order to explain in detail the present invention.
As shown in Figure 1, a kind of retrieval for large data center platform encryption file of the present invention and shared system, institute It includes initiating to pass to large data center platform to user to state and encrypt the retrieval of file and shared system for large data center platform It send the user file of request to carry out user data acquisition and ensures the data acquisition module of user data confidentiality and integrity, is User data in the data collecting module collected to user file carries out primary treatment and is adapted index and right to build Index the data preprocessing module being encrypted, to carrying out user's text after data processing by the data preprocessing module Part is encrypted and stores and is used for the file after encrypting to indexing the data memory module stored, realizing Encryption searches for and realizes that safety is shared and what is exchanged shares with Switching Module, to being used for user's text between different user file The key management module that the encrypted key of part and the key that index is encrypted are managed;The data acquisition module packet It includes and initiates user the file upload mould that the file of transmission request is uploaded by data collector to large data center platform Block formulates examination rule and carries out the content of Safety Examination to it and examines to the file content that file uploading module acquisition uploads It looks into module, be straight in the data collector and large data center platform by the qualified file of Content Advisor module examination It connects and establishes the path setup module of secure transmission tunnel, will examine that qualified upper transmitting file is sent to greatly by secure transmission tunnel The file reception module of data center's platform;The data preprocessing module includes reading the data acquisition module to upload to greatly The content read module of the content of text of the file of data center's platform, the file content that the content read module is read It is extracted using the characteristic extracting module of the text feature of feature extraction algorithm extraction document, according to the characteristic extracting module Text feature for its foundation at least the index construct module of two-stage index, the index selection of the index construct module construction is closed Suitable Encryption Algorithm indexes the index encrypting module being encrypted at different levels;The data memory module includes will be encrypted Index memory module of the index storage to large data center platform index database, the user file to being transferred to large data center platform Selection Encryption Algorithm it is encrypted file encryption module, will be deposited by the encrypted user file of the file encryption module Store up the file storage module in large data center platform-specific storage system;The shared and Switching Module includes relative users To encrypt file Search Requirement and provide corresponding retrieval result document retrieval module, for user to encryption file share Shared application module that demand is applied, the shared auditing module that the shared demand application of user is audited, to passing through Need the encryption file to desensitize that the file desensitization module of desensitization process is decrypted, is logical corresponding to the users to share demand of audit Cross audit the corresponding encryption file that need not be desensitized of users to share demand establish secure transmission tunnel send to user satisfaction The safe transmission module of its shared demand provides download link protection guarantee safety download to pass through the user file after decrypting Safe download module;The key management module includes being generated, being stored to indexing encrypted key, distributing control and pin It ruins the index key management module of management and the key for encrypting file is generated, is stored, distribute control and destroy management File key management module.The index construct module is built according to the text feature that the characteristic extracting module is extracted for it Every level-one index is encrypted in vertical three level list, the index encrypting module, can be text in the case of security needs More stages index is established, for the index encryption per level-one.It is encrypted that the file storage module will pass through the file encryption module In user file storage to the HDFS systems of large data center platform.
A method of it is described flat for large data center for the large data center platform encryption retrieval of file and shared Platform encrypts the retrieval of file and shared method uses and encrypts the retrieval of file and shared system for large data center platform It realizes the retrieval of encryption file and shared, includes data input processing flow and user oriented towards large data center platform Data output processing flow.
Wherein, as shown in Fig. 2, retrieval for large data center platform encryption file and the shared method of the present invention Data input processing flow includes the following steps:
Es1, user initiate file upload request to large data center platform, enter step Es2;
Es2, the large data center platform utilize the retrieval for large data center platform encryption file and share System in file uploading module control data collector on transmitting file Es3;
Es3, pass through the Content Advisor in the retrieval and shared system for encrypting file for large data center platform Module asks the file content uploaded to carry out Safety Examination user, judges whether its content is safe;If file is dangerous, enter Step Es4;If file security, it is directly entered step Es5;
Es4, file upload failure, terminate data input;
Es5, judge whether file needs to encrypt, if need not encrypt, enter step Es6;If desired it encrypts, enters Step Es7;
Es6, it is stored by the file in the retrieval and shared system for encrypting file for large data center platform Module stores file into large data center platform-specific storage system;
Es7, pass through the Path Setup in the retrieval and shared system for encrypting file for large data center platform Module is that encrypted file is needed to establish secure transmission tunnel between data collector and large data center platform, is entered step Es8;
Es8, pass through the file reception in the retrieval and shared system for encrypting file for large data center platform File is sent to large data center platform by secure transmission tunnel and is encrypted by module, enters step Es9;
Es9, large data center platform receive file, enter step Es10;
Es10, it is read by the content in the retrieval and shared system for encrypting file for large data center platform Module reads the file content uploaded, is carried out at the same time step Es11 and step Es13;
Es11, suitable Encryption Algorithm is selected according to file content and is encrypted simultaneously from described for large data center platform Key management module in the retrieval of file and shared system obtains file encryption key, enters step Es12;
Es12, added for large data center platform by described with selected Encryption Algorithm and the file encryption key of acquisition File is encrypted in file encryption module in the retrieval of ciphertext part and shared system, enters step Es6;
Es13, the feature extraction algorithm being adapted according to the file content feature selecting feature selecting read, into step Rapid Es14;
The selected characteristics algorithm of Es14, basis, by the retrieval for large data center platform encryption file and altogether Characteristic extracting module extraction in the system enjoyed carries out feature extraction to file, enters step Es15;
Es15, based on the file characteristic extracted, pass through it is described for large data center platform encrypt file inspection Index construct module in rope and shared system is that file builds at least secondary index, enters step Es16;
Es16, it is encrypted simultaneously from described for large data center platform for the suitable Encryption Algorithm of the good index selection of component Key management module in the retrieval of file and shared system obtains index encryption key, enters step Es17;
Es17, text is encrypted for large data center platform by described according to the Encryption Algorithm and index encryption key selected The every level-one index built is encrypted in index encrypting module in the retrieval of part and shared system, enters step Es18;
Es18, it is stored by the index in the retrieval and shared system for encrypting file for large data center platform The encrypted index of module storage i.e. will be in the storage to large data center platform index database of encrypted index.
As shown in figure 3, the retrieval for being used for large data center platform encryption file and shared method of the invention is described Data output processing flow includes the following steps:
Os1, user initiate encryption file query requests to large data center platform, enter step Os2;
In the retrieval and shared system of Os2, large data center platform by encrypting file for large data center platform Document retrieval module encrypted indexes are positioned, enter step Os3;
Os3, it is obtained from the key management module in the retrieval and shared system for encrypting file for large data center platform Index secret key decryption index is taken, Os4 is entered step;
Index after Os4, retrieval decryption, positioning meet the file of inquiry request, return to query result and are looked into file is initiated The user for asking request, enters step Os5;
Os5, user judge whether shared file according to the retrieval result of return, if not needing shared file, enter step Os6;If desired shared file enters step Os7;
Os6, poll-final;
Os7, user initiate sharing request to large data center platform, ask to share the query result returned in step Os4 Corresponding file, enters step Os8;
In the retrieval and shared system of Os8, large data center platform by encrypting file for large data center platform Shared auditing module come audit whether allow shared file to initiate request user entered step if not allowing to share Os9;If allowing to share, Os10 is entered step;
The file that Os9, large data center platform do not allow shared user's request shared, shares failure;
The file that Os10, large data center platform allow shared user's request shared, adds from for large data center platform Key management module in the retrieval of ciphertext part and shared system obtains file key to allowing shared file to be decrypted, Enter step Os11;
Os11, judge whether file needs to desensitize, if need not desensitize, be directly entered step Os13;If desired it desensitizes, into Enter step Os12;
File desensitization module in Os12, retrieval and shared system by encrypting file for large data center platform Desensitization process is carried out to file, enters step Os13;
Path setup module in Os13, retrieval and shared system by encrypting file for large data center platform File for user to be shared to establishes escape way, enters step Os14;
Os14, shared file will be allowed to be supplied to user by the escape way established in step Os13.
Wherein, when obtaining encryption key, from the retrieval and shared system for encrypting file for large data center platform Key management module in index key management module obtain corresponding index encryption key and decruption key;From the key File key management module in management module obtains corresponding file encryption key and decruption key.By being used in big data Heart platform encrypts the file in the retrieval and shared system of file and desensitizes module to allowing shared file to be decrypted and adjusting The file to be desensitized to needs with desensitization engine carries out desensitization process.When establishing index for file, with the file characteristic extracted Based on, it is by the index construct module in the retrieval and shared system for encrypting file for large data center platform File builds three level list, and in the case of security needs, more stages index can be established for text, is added for the index per level-one It is close.
In retrieving, initially enter index database carries out classification lookup;After inquiring relative index block, it will index Block calls in memory, is decrypted;It is continued to search in being indexed to its subordinate by the index decrypted, after finding relative index block, It is called in memory, is decrypted, and adopted and continue to inquire in a like fashion, the position until finding file;Inquire text After part exists, it can check the relevant information of file, if it is non-encrypted file, can directly download and share file full content; If it is encryption file, then it can not check file full content, need to apply sharing, by the way that file download could be obtained after audit Permission.Specifically, if file is encryption file, and when needing to obtain, shared application of presenting a paper, into auditing flow; Into after auditing flow, for file configuration desensitization strategy, audit is submitted;Multistage examination & approval are carried out to the application after primary audit;It examines It criticizes and passes through, user can get the file after desensitization;Examination & approval do not pass through, and user can not obtain file.
The present invention ensures the safety in data sharing and exchange process from data safety angle;Meanwhile the present invention adopts With structure multi-level encryption indexed mode, realizes the retrieval to encrypting file in big data platform, improve the effect of encryption document retrieval Rate and accuracy;Realize simultaneously between different user data shared application with file is total to by way of audit It enjoys, and is desensitized to file by the way of data desensitization, prevent privacy leakage.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto, Any one skilled in the art in the technical scope of present disclosure, according to the technique and scheme of the present invention and its Inventive concept is subject to equivalent substitution or change, should be covered by the protection scope of the present invention.

Claims (7)

1. a kind of retrieval for large data center platform encryption file and shared system, which is characterized in that described for big The retrieval of data center's platform encryption file and shared system include initiating transmission request to large data center platform to user User file carries out user data acquisition and ensures the data acquisition module of user data confidentiality and integrity, is the data Acquisition module collects the user data in user file and carries out primary treatment to build adaptable index and be carried out to index Encrypted data preprocessing module adds to carrying out the user file after data processing by the data preprocessing module Close and storage and the data memory module stored to index are realized and search for the file after encrypting for encrypting And realize that safety is shared between different user file and exchange it is shared with Switching Module, it is encrypted to user file to being used for The key management module that key and the key that index is encrypted are managed;
The data acquisition module includes initiating the file that transmission is asked to large data center platform to user to acquire by data File uploading module that device is uploaded formulates the file content that file uploading module acquisition uploads and examines rule and right It carries out the Content Advisor module of Safety Examination, is adopted in the data for the file by Content Advisor module examination qualification Storage and large data center platform directly establish the path setup module of secure transmission tunnel, will examine that qualified upper transmitting file leads to Cross the file reception module that secure transmission tunnel is sent to large data center platform;
The data preprocessing module includes reading the text for the file that the data acquisition module uploads to large data center platform The content read module of this content extracts text to the file content that the content read module is read using feature extraction algorithm The characteristic extracting module of the text feature of part establishes at least two according to the text feature that the characteristic extracting module is extracted for it The index construct module of grade index, to the suitable Encryption Algorithm of index selection of the index construct module construction to indexes at different levels The index encrypting module being encrypted;
The data memory module includes storing the index of encrypted index storage to large data center platform index database Module, to be transferred to large data center platform user file select Encryption Algorithm it is encrypted file encryption module, It will be by the encrypted user file storage of the file encryption module to the file in large data center platform-specific storage system Memory module;
It is described shared with Switching Module to include relative users to the Search Requirement of encryption file and the text of corresponding retrieval result is provided Part retrieval module, for user to encrypt file shared demand applied shared application module, to the shared need of user Seek shared auditing module that application audited, to needing the encryption file to desensitize corresponding to the users to share demand by audit The file desensitization module of desensitization process is decrypted, for by the corresponding encryption that need not be desensitized of the users to share demand of audit File, which establishes secure transmission tunnel and sends user to, meets the safe transmission module of its shared demand, for the use after decrypting Family file provides download link protection and ensures the safe download module downloaded safely;
The key management module includes being generated, store, distribute control and being destroyed the rope of management to indexing encrypted key Draw key management module and the file key of management is generated, stores, distributes control and destroyed to the key for encrypting file Management module;
The text feature that the index construct module is extracted according to the characteristic extracting module establishes three level list for it, described Every level-one index is encrypted in index encrypting module;The index construct module according to demand for security be text establish three-level with Upper index is simultaneously encrypted for the index per level-one.
2. a kind of retrieval for large data center platform encryption file and shared method, which is characterized in that described for big The retrieval of data center platform encryption file and shared method use for large data center platform encryption file retrieval and Shared system realizes the retrieval of encryption file and shared, includes the data input processing flow towards large data center platform And user oriented data output processing flow;
The data input processing flow includes the following steps:
Es1, user initiate file upload request to large data center platform, enter step Es2;
Es2, the large data center platform utilize the retrieval for large data center platform encryption file and shared are Transmitting file Es3 on file uploading module control data collector in system;
Es3, pass through the Content Advisor module in the retrieval and shared system for encrypting file for large data center platform It asks the file content uploaded to carry out Safety Examination user, judges whether its content is safe;If file is dangerous, enter step Es4;If file security, it is directly entered step Es5;
Es4, file upload failure, terminate data input;
Es5, judge whether file needs to encrypt, if need not encrypt, enter step Es6;If desired it encrypts, enters step Es7;
Es6, pass through the file storage module in the retrieval and shared system for encrypting file for large data center platform It will be in file storage to large data center platform-specific storage system;
Es7, pass through the path setup module in the retrieval and shared system for encrypting file for large data center platform To need encrypted file to establish secure transmission tunnel between data collector and large data center platform, Es8 is entered step;
Es8, pass through the file reception module in the retrieval and shared system for encrypting file for large data center platform File is sent to large data center platform by secure transmission tunnel to be encrypted, enters step Es9;
Es9, large data center platform receive file, enter step Es10;
Es10, pass through the content read module in the retrieval and shared system for encrypting file for large data center platform The file content uploaded is read, step Es11 and step Es13 are carried out at the same time;
Es11, suitable Encryption Algorithm is selected according to file content and encrypts file for large data center platform from described simultaneously Retrieval and shared system in key management module obtain file encryption key, enter step Es12;
Es12, text is encrypted for large data center platform by described with selected Encryption Algorithm and the file encryption key of acquisition File is encrypted in file encryption module in the retrieval of part and shared system, enters step Es6;
Es13, the feature extraction algorithm being adapted according to the file content feature selecting feature selecting read, enter step Es14;
Es14, according to selected characteristics algorithm, encrypt the retrieval of file and shared for large data center platform by described Characteristic extracting module extraction in system carries out feature extraction to file, enters step Es15;
Es15, based on the file characteristic extracted, by it is described for large data center platform encrypt file retrieval and Index construct module in shared system is that file builds at least secondary index, enters step Es16;
Es16, from described file is encrypted for large data center platform simultaneously for the suitable Encryption Algorithm of the good index selection of component Retrieval and shared system in key management module obtain index encryption key, enter step Es17;
Es17, file is encrypted for large data center platform by described according to selected Encryption Algorithm and index encryption key The every level-one index built is encrypted in index encrypting module in retrieval and shared system, enters step Es18;
Es18, pass through the index memory module in the retrieval and shared system for encrypting file for large data center platform Storing encrypted index i.e. will be in the storage to large data center platform index database of encrypted index;
The data output journey includes the following steps:
Os1, user initiate encryption file query requests to large data center platform, enter step Os2;
Text in the retrieval and shared system of Os2, large data center platform by encrypting file for large data center platform Part retrieval module positions encrypted indexes, enters step Os3;
Os3, rope is obtained from the key management module in the retrieval and shared system for encrypting file for large data center platform Draw secret key decryption index, enters step Os4;
Index after Os4, retrieval decryption, positioning meet the file of inquiry request, return to query result and are asked to file polling is initiated The user asked, enters step Os5;
Os5, user judge whether shared file according to the retrieval result of return, if not needing shared file, enter step Os6; If desired shared file enters step Os7;
Os6, poll-final;
Os7, user initiate sharing request to large data center platform, ask the query result institute returned in shared step Os4 right The file answered, enters step Os8;
Os8, large data center platform pass through being total in encrypting the retrieval and shared system of file for large data center platform Whether enjoy auditing module allows shared file to enter step Os9 if not allowing to share to the user for initiating request to audit;If Allow to share, enters step Os10;
The file that Os9, large data center platform do not allow shared user's request shared, shares failure;
The file that Os10, large data center platform allow shared user's request shared, text is encrypted from for large data center platform Key management module in the retrieval of part and shared system obtains file key to allowing shared file to be decrypted, and enters Step Os11;
Os11, judge whether file needs to desensitize, if need not desensitize, be directly entered step Os13;If desired it desensitizes, into step Rapid Os12;
File in Os12, retrieval and shared system by encrypting file for large data center platform desensitizes module to text Part carries out desensitization process, enters step Os13;
Os13, by for large data center platform encrypt file retrieval and shared system in path setup module be want The file for sharing to user establishes escape way, enters step Os14;
Os14, shared file will be allowed to be supplied to user by the escape way established in step Os13.
3. the retrieval according to claim 2 for large data center platform encryption file and shared method, feature It is, it is close from the index in the key management module in the retrieval and shared system for encrypting file for large data center platform Key management module obtains corresponding index encryption key and decruption key.
4. the retrieval according to claim 2 for large data center platform encryption file and shared method, feature It is, it is close from the file in the key management module in the retrieval and shared system for encrypting file for large data center platform Key management module obtains corresponding file encryption key and decruption key.
5. according to the retrieval of file is encrypted for large data center platform described in claim 2 and shared method, feature exist In the file in retrieval and shared system by encrypting file for large data center platform desensitizes module to allowing to share File be decrypted.
6. the retrieval according to claim 2 for large data center platform encryption file and shared method, feature It is, in the step Os12, the file in retrieval and shared system by encrypting file for large data center platform The module that desensitizes calls desensitization engine to carry out desensitization process to file.
7. the retrieval according to claim 2 for large data center platform encryption file and shared method, feature It is, in the step Es15 based on the file characteristic extracted, by described for large data center platform encryption text Index construct module in the retrieval of part and shared system is that file builds three level list.
CN201510800054.0A 2015-11-19 2015-11-19 The retrieval of file and shared system and method are encrypted for large data center platform Active CN105471856B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510800054.0A CN105471856B (en) 2015-11-19 2015-11-19 The retrieval of file and shared system and method are encrypted for large data center platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510800054.0A CN105471856B (en) 2015-11-19 2015-11-19 The retrieval of file and shared system and method are encrypted for large data center platform

Publications (2)

Publication Number Publication Date
CN105471856A CN105471856A (en) 2016-04-06
CN105471856B true CN105471856B (en) 2018-08-03

Family

ID=55609127

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510800054.0A Active CN105471856B (en) 2015-11-19 2015-11-19 The retrieval of file and shared system and method are encrypted for large data center platform

Country Status (1)

Country Link
CN (1) CN105471856B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107370767A (en) * 2017-09-11 2017-11-21 安徽省未来博学信息技术有限公司 A kind of internet share system
CN108156040A (en) * 2018-01-30 2018-06-12 北京交通大学 A kind of central control node in distribution cloud storage system
CN110659469B (en) * 2019-09-12 2022-07-15 路光贤 Medical information management statistical system and equipment based on cloud platform
CN110737918B (en) * 2019-10-15 2023-08-08 重庆远见信息产业集团股份有限公司 External data sharing management platform
CN111460480B (en) * 2020-03-31 2022-03-18 中国电子科技集团公司第三十研究所 Secure ciphertext file sharing method in ciphertext search system
CN111709780A (en) * 2020-06-11 2020-09-25 上海海洋大学 Shared economic information safety management system and method
CN112486974A (en) * 2020-12-10 2021-03-12 四川瀚库智数科技有限公司 College big data sharing system and method
CN112860627A (en) * 2021-02-06 2021-05-28 北京华文信通科技有限公司 Electronic file monitoring, collecting, sharing and utilizing system
CN112948386B (en) * 2021-03-04 2023-09-22 电信科学技术第五研究所有限公司 Simple indexing and encrypting disk-dropping mechanism for ETL abnormal data
CN114793169A (en) * 2022-03-21 2022-07-26 中国信息通信研究院 Full-flow data encryption protection method for big data platform
CN114979281B (en) * 2022-07-11 2022-11-08 成都信息工程大学 Data interaction method applied to industrial internet cloud service platform

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5752060A (en) * 1990-05-30 1998-05-12 Fujitsu Limited File access scheme in distributed data processing system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5752060A (en) * 1990-05-30 1998-05-12 Fujitsu Limited File access scheme in distributed data processing system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
云环境下的敏感数据保护技术研究;刘明辉等;《电信科学》;20141130;第2-8页 *

Also Published As

Publication number Publication date
CN105471856A (en) 2016-04-06

Similar Documents

Publication Publication Date Title
CN105471856B (en) The retrieval of file and shared system and method are encrypted for large data center platform
CN106529327B9 (en) Data access system and method for encrypted database in hybrid cloud environment
CN102687133B (en) Containerless data for trustworthy computing and data services
CN102656589B (en) By the trust verified for data that wrapper is synthesized
CN107508812A (en) A kind of industry control network date storage method, call method and system
CN108881195A (en) Data safety sharing method and device based on cloud environment
CN104995632B (en) Secret protection Database Systems
CN108062485A (en) A kind of fuzzy keyword searching method of multi-service oriented device multi-user
CN104065680A (en) Information processing method and apparatus, information retrieval method and apparatus, user terminal and server
CN111274599A (en) Data sharing method based on block chain and related device
CN112685790B (en) Block chain data security and privacy protection method
CN106131225A (en) The security system accessed for medical treatment case information
CA2403488A1 (en) Automatic identity protection system with remote third party monitoring
CN110581839A (en) Content protection method and device
CN108021677A (en) The control method of cloud computing distributed search engine
CN106356066A (en) Speech recognition system based on cloud computing
CN115577370A (en) Safe storage method supporting intelligent unmanned cluster data access mode protection
CN109740378A (en) A kind of safety of anti-keyword privacy leakage is to index construction and its search method
Fan et al. Research on privacy protection in IoT system based on blockchain
Luo et al. Accountable data sharing scheme based on blockchain and SGX
US20210203487A1 (en) Method for storing database security audit records
CN106131224A (en) A kind of data transmission system
Hsiao et al. An implementation of efficient hierarchical access control method for VR/AR platform
Chen et al. Research on Internet of Things information security based on blockchain
Upadhyay et al. Vulnerabilities of data storage security in big data

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant