CN105471856B - The retrieval of file and shared system and method are encrypted for large data center platform - Google Patents
The retrieval of file and shared system and method are encrypted for large data center platform Download PDFInfo
- Publication number
- CN105471856B CN105471856B CN201510800054.0A CN201510800054A CN105471856B CN 105471856 B CN105471856 B CN 105471856B CN 201510800054 A CN201510800054 A CN 201510800054A CN 105471856 B CN105471856 B CN 105471856B
- Authority
- CN
- China
- Prior art keywords
- file
- module
- data center
- center platform
- large data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Abstract
A kind of retrieval for large data center platform encryption file and shared system,Include that the user file progress user data acquisition of transmission request is initiated to large data center platform to user and ensures the data acquisition module of user data confidentiality and integrity,Primary treatment is carried out to build the data preprocessing module for being adapted index and index being encrypted for the user data in the data collecting module collected to user file,The data memory module for being encrypted and storing and index is stored to carrying out the user file after data processing by the data preprocessing module,Realize the shared and Switching Module that the file after encrypting is used to encrypt search and realizes that safety is shared between different user file and exchanges,The key management module that key for being encrypted to the encrypted key of user file and to index is managed.The invention also discloses a kind of the retrieval of file and shared method are encrypted for large data center platform.
Description
Technical field
It is specifically a kind of to be used for large data center the present invention relates to the interleaving techniques field of computer technology and information security
The encryption document retrieval of platform and shared method and system.
Background technology
Big data is to push the grand strategy resource of economy and society development.In order to break interdepartmental barrier, carry
Tall and big data sharing utilization rate, government push the informatizations such as E-Government, smart city, information Huimin energetically.Big data
Basis of the central platform as informatizations such as government driving smart city, information Huimins is by each department's data centralization
Big data platform is collected and stored, the shared and Exchange Service that departments at different levels provide data is unified for.Large data center platform
The place most intensive, Data share-and-exchange is most frequent is stored as data resource, the careless omission of any security protection, which can all give, to be used
Bring irreparable damage in family.
For government, structure large data center mainly with the sharing of data, be exchanged for main target, but government
Data contain a large amount of individual privacies (identity information, social security, finance etc.) information of citizen, also contain it is many with national security,
Develop the sensitive data that is closely related, these data are centrally stored on large data center platform, and the leakage of any data is all
Meeting is personal or even country threatens, therefore data safety protection is the most important thing.
In order to ensure data safety, the method that can generally use data encryption to be combined with security protection system, specific side
Method includes two parts:
(1) user stores the data encryption of oneself to cloud platform or large data center platform, and data is prevented to be stolen.
(2) available data center is to refer to OSI information security systems frame and national information safety guarantee body with cloud platform
System, from organizational framework (setting of mechanism and personnel), management system (management system and technical standard are formulated) and technical system (object
Reason safety, Host Security, network security etc.) three aspects protect the safety of data center.Technical system is as security protection
Emphasis, mainly outside threat is defendd using modes such as fire wall, Intrusion Detection Technique and intrusion prevention systems, using standby
Part and disaster-tolerant recovery protect the safety of data.
With internet and its increasingly in-depth of application, the value of data is growing day by day, and system running environment is also increasingly
Complexity, existing method have ensured the safety of data to a certain extent, but there is problems:
(1) security protection at cloud platform and available data center is weakened based on traditional information security system at present
Status of the data protection in safety, does not protect data comprehensively;
(2) in cloud platform, user can only examine the data of oneself by the data encryption storage to cloud of oneself
Rope can not inquire the data of other users.Using Data share-and-exchange as in the large data center platform of target, there are no have
The encryption File Search Technique of effect, seriously hinders the shared of data and exchanges;
(3) large data center platform is the Rendezvous Point of data, and the privacy and sensitivity of a large amount of different users are contained in data
Information just issues data without desensitization process, can cause the privacy leakage of user.
Therefore, large data center platform need it is a kind of it is safe and effective encryption document retrieval, Data share-and-exchange side
Method can not only carry out sensitive data effective protection, but also share and exchange convenient for it.
Invention content
To solve the above-mentioned problems, the present invention provides a kind of retrieval for large data center platform encryption file and shared
System and corresponding method, realize large data center platform in encryption file safe retrieval and different user between
Data safety is shared.
A kind of retrieval for large data center platform encryption file and shared system, it is described flat for large data center
Platform encryption file retrieval and shared system include to user to large data center platform initiate transmission request user file into
Row user data acquires and ensures the data acquisition module of user data confidentiality and integrity, adopted for the data acquisition module
Collect the user data in user file and carries out primary treatment to build the data for being adapted index and index being encrypted
Preprocessing module, to by the data preprocessing module carry out data processing after user file be encrypted and store with
And to indexing the data memory module stored, realizing and will be used for encryption search by the file after encryption and in different use
Realize that safety is shared between the file of family and exchange it is shared with Switching Module, to being used for the encrypted key of user file and right
Index the key management module that the key being encrypted is managed;The data acquisition module include to user into big data
Heart platform initiate transmission request file uploaded by data collector file uploading module, to the file upload mould
The file content formulation that block acquisition uploads examines rule and carries out the Content Advisor module of Safety Examination to it, for by described interior
Hold and examines that module examines that qualified file directly establishes secure transmission tunnel in the data collector and large data center platform
Path setup module, will examine qualified upper transmitting file by secure transmission tunnel and be sent to the file of large data center platform
Receiving module;The data preprocessing module includes the file for reading the data acquisition module and uploading to large data center platform
The content read module of content of text, the file content that is read to the content read module carried using feature extraction algorithm
It takes the characteristic extracting module of the text feature of file, established extremely for it according to the text feature that the characteristic extracting module is extracted
The index construct module of few two-stage index, to the suitable Encryption Algorithm of index selection of the index construct module construction at different levels
Index the index encrypting module being encrypted;The data memory module includes will be in encrypted index storage to big data
The index memory module of heart platform index database, to be transferred to large data center platform user file select Encryption Algorithm to its into
The encrypted file encryption module of row will pass through the encrypted user file storage of the file encryption module to large data center platform
File storage module in specific store system;The shared and Switching Module, which includes relative users, needs the retrieval for encrypting file
It seeks and provides the document retrieval module of corresponding retrieval result, user is shared to what the shared demand for encrypting file was applied
Application module, the shared auditing module that the shared demand application of user is audited, to the users to share demand by audit
The corresponding file for needing the encryption file to desensitize that desensitization process is decrypted desensitization module needs to pass through the users to share of audit
It asks the corresponding encryption file that need not be desensitized to establish secure transmission tunnel and sends the safety biography that user meets its shared demand to
Defeated module provides the download link safe download module that protection guarantee is downloaded safely for the user file after decrypting;Institute
It includes being generated, store, distribute control and being destroyed the index key of management to indexing encrypted key to state key management module
Management module and the file key management mould that control and destruction management are generated, stored, distributed to the key for encrypting file
Block.
A method of it is described flat for large data center for the large data center platform encryption retrieval of file and shared
Platform encrypts the retrieval of file and shared method uses and encrypts the retrieval of file and shared system for large data center platform
It realizes the retrieval of encryption file and shared, includes data input processing flow and user oriented towards large data center platform
Data output processing flow.
Wherein, the data input processing flow includes the following steps:
Es1, user initiate file upload request to large data center platform, enter step Es2;
Es2, the large data center platform utilize the retrieval for large data center platform encryption file and share
System in file uploading module control data collector on transmitting file Es3;
Es3, pass through the Content Advisor in the retrieval and shared system for encrypting file for large data center platform
Module asks the file content uploaded to carry out Safety Examination user, judges whether its content is safe;If file is dangerous, enter
Step Es4;If file security, it is directly entered step Es5;
Es4, file upload failure, terminate data input;
Es5, judge whether file needs to encrypt, if need not encrypt, enter step Es6;If desired it encrypts, enters
Step Es7;
Es6, it is stored by the file in the retrieval and shared system for encrypting file for large data center platform
Module stores file into large data center platform-specific storage system;
Es7, pass through the Path Setup in the retrieval and shared system for encrypting file for large data center platform
Module is that encrypted file is needed to establish secure transmission tunnel between data collector and large data center platform, is entered step
Es8;
Es8, pass through the file reception in the retrieval and shared system for encrypting file for large data center platform
File is sent to large data center platform by secure transmission tunnel and is encrypted by module, enters step Es9;
Es9, large data center platform receive file, enter step Es10;
Es10, it is read by the content in the retrieval and shared system for encrypting file for large data center platform
Module reads the file content uploaded, is carried out at the same time step Es11 and step Es13;
Es11, suitable Encryption Algorithm is selected according to file content and is encrypted simultaneously from described for large data center platform
Key management module in the retrieval of file and shared system obtains file encryption key, enters step Es12;
Es12, added for large data center platform by described with selected Encryption Algorithm and the file encryption key of acquisition
File is encrypted in file encryption module in the retrieval of ciphertext part and shared system, enters step Es6;
Es13, the feature extraction algorithm being adapted according to the file content feature selecting feature selecting read, into step
Rapid Es14;
The selected characteristics algorithm of Es14, basis, by the retrieval for large data center platform encryption file and altogether
Characteristic extracting module extraction in the system enjoyed carries out feature extraction to file, enters step Es15;
Es15, based on the file characteristic extracted, pass through it is described for large data center platform encrypt file inspection
Index construct module in rope and shared system is that file builds at least secondary index, enters step Es16;
Es16, it is encrypted simultaneously from described for large data center platform for the suitable Encryption Algorithm of the good index selection of component
Key management module in the retrieval of file and shared system obtains index encryption key, enters step Es17;
Es17, text is encrypted for large data center platform by described according to the Encryption Algorithm and index encryption key selected
The index built is encrypted in index encrypting module in the retrieval of part and shared system, enters step Es18;
Es18, it is stored by the index in the retrieval and shared system for encrypting file for large data center platform
The encrypted index of module storage i.e. will be in the storage to large data center platform index database of encrypted index.
The data output journey includes the following steps:
Os1, user initiate encryption file query requests to large data center platform, enter step Os2;
In the retrieval and shared system of Os2, large data center platform by encrypting file for large data center platform
Document retrieval module encrypted indexes are positioned, enter step Os3;
Os3, it is obtained from the key management module in the retrieval and shared system for encrypting file for large data center platform
Index secret key decryption index is taken, Os4 is entered step;
Index after Os4, retrieval decryption, positioning meet the file of inquiry request, return to query result and are looked into file is initiated
The user for asking request, enters step Os5;
Os5, user judge whether shared file according to the retrieval result of return, if not needing shared file, enter step
Os6;If desired shared file enters step Os7;
Os6, poll-final;
Os7, user initiate sharing request to large data center platform, ask to share the query result returned in step Os4
Corresponding file, enters step Os8;
In the retrieval and shared system of Os8, large data center platform by encrypting file for large data center platform
Shared auditing module come audit whether allow shared file to initiate request user entered step if not allowing to share
Os9;If allowing to share, Os10 is entered step;
The file that Os9, large data center platform do not allow shared user's request shared, shares failure;
The file that Os10, large data center platform allow shared user's request shared, adds from for large data center platform
Key management module in the retrieval of ciphertext part and shared system obtains file key to allowing shared file to be decrypted,
Enter step Os11;
Os11, judge whether file needs to desensitize, if need not desensitize, be directly entered step Os13;If desired it desensitizes, into
Enter step Os12;
File desensitization module in Os12, retrieval and shared system by encrypting file for large data center platform
Desensitization process is carried out to file, enters step Os13;
Path setup module in Os13, retrieval and shared system by encrypting file for large data center platform
File for user to be shared to establishes escape way, enters step Os14;
Os14, shared file will be allowed to be supplied to user by the escape way established in step Os13.
The present invention ensures the safety in data sharing and exchange process from data safety angle;Meanwhile the present invention adopts
With structure multi-level encryption indexed mode, realizes the retrieval to encrypting file in big data platform, improve the effect of encryption document retrieval
Rate and accuracy;Realize simultaneously between different user data shared application with file is total to by way of audit
It enjoys, and is desensitized to file by the way of data desensitization, prevent privacy leakage.
Description of the drawings
Fig. 1 is retrieval and the signal of shared system structure composed that file is encrypted for large data center platform of the present invention
Figure;
Fig. 2 is the retrieval for being used for large data center platform encryption file of the present invention and shared method data input stream journey
Schematic diagram;
Fig. 3 is retrieval and the shared method data output flow that file is encrypted for large data center platform of the present invention
Schematic diagram.
Specific implementation mode
It is specific below in conjunction with the accompanying drawings to introduce the present invention in order to explain in detail the present invention.
As shown in Figure 1, a kind of retrieval for large data center platform encryption file of the present invention and shared system, institute
It includes initiating to pass to large data center platform to user to state and encrypt the retrieval of file and shared system for large data center platform
It send the user file of request to carry out user data acquisition and ensures the data acquisition module of user data confidentiality and integrity, is
User data in the data collecting module collected to user file carries out primary treatment and is adapted index and right to build
Index the data preprocessing module being encrypted, to carrying out user's text after data processing by the data preprocessing module
Part is encrypted and stores and is used for the file after encrypting to indexing the data memory module stored, realizing
Encryption searches for and realizes that safety is shared and what is exchanged shares with Switching Module, to being used for user's text between different user file
The key management module that the encrypted key of part and the key that index is encrypted are managed;The data acquisition module packet
It includes and initiates user the file upload mould that the file of transmission request is uploaded by data collector to large data center platform
Block formulates examination rule and carries out the content of Safety Examination to it and examines to the file content that file uploading module acquisition uploads
It looks into module, be straight in the data collector and large data center platform by the qualified file of Content Advisor module examination
It connects and establishes the path setup module of secure transmission tunnel, will examine that qualified upper transmitting file is sent to greatly by secure transmission tunnel
The file reception module of data center's platform;The data preprocessing module includes reading the data acquisition module to upload to greatly
The content read module of the content of text of the file of data center's platform, the file content that the content read module is read
It is extracted using the characteristic extracting module of the text feature of feature extraction algorithm extraction document, according to the characteristic extracting module
Text feature for its foundation at least the index construct module of two-stage index, the index selection of the index construct module construction is closed
Suitable Encryption Algorithm indexes the index encrypting module being encrypted at different levels;The data memory module includes will be encrypted
Index memory module of the index storage to large data center platform index database, the user file to being transferred to large data center platform
Selection Encryption Algorithm it is encrypted file encryption module, will be deposited by the encrypted user file of the file encryption module
Store up the file storage module in large data center platform-specific storage system;The shared and Switching Module includes relative users
To encrypt file Search Requirement and provide corresponding retrieval result document retrieval module, for user to encryption file share
Shared application module that demand is applied, the shared auditing module that the shared demand application of user is audited, to passing through
Need the encryption file to desensitize that the file desensitization module of desensitization process is decrypted, is logical corresponding to the users to share demand of audit
Cross audit the corresponding encryption file that need not be desensitized of users to share demand establish secure transmission tunnel send to user satisfaction
The safe transmission module of its shared demand provides download link protection guarantee safety download to pass through the user file after decrypting
Safe download module;The key management module includes being generated, being stored to indexing encrypted key, distributing control and pin
It ruins the index key management module of management and the key for encrypting file is generated, is stored, distribute control and destroy management
File key management module.The index construct module is built according to the text feature that the characteristic extracting module is extracted for it
Every level-one index is encrypted in vertical three level list, the index encrypting module, can be text in the case of security needs
More stages index is established, for the index encryption per level-one.It is encrypted that the file storage module will pass through the file encryption module
In user file storage to the HDFS systems of large data center platform.
A method of it is described flat for large data center for the large data center platform encryption retrieval of file and shared
Platform encrypts the retrieval of file and shared method uses and encrypts the retrieval of file and shared system for large data center platform
It realizes the retrieval of encryption file and shared, includes data input processing flow and user oriented towards large data center platform
Data output processing flow.
Wherein, as shown in Fig. 2, retrieval for large data center platform encryption file and the shared method of the present invention
Data input processing flow includes the following steps:
Es1, user initiate file upload request to large data center platform, enter step Es2;
Es2, the large data center platform utilize the retrieval for large data center platform encryption file and share
System in file uploading module control data collector on transmitting file Es3;
Es3, pass through the Content Advisor in the retrieval and shared system for encrypting file for large data center platform
Module asks the file content uploaded to carry out Safety Examination user, judges whether its content is safe;If file is dangerous, enter
Step Es4;If file security, it is directly entered step Es5;
Es4, file upload failure, terminate data input;
Es5, judge whether file needs to encrypt, if need not encrypt, enter step Es6;If desired it encrypts, enters
Step Es7;
Es6, it is stored by the file in the retrieval and shared system for encrypting file for large data center platform
Module stores file into large data center platform-specific storage system;
Es7, pass through the Path Setup in the retrieval and shared system for encrypting file for large data center platform
Module is that encrypted file is needed to establish secure transmission tunnel between data collector and large data center platform, is entered step
Es8;
Es8, pass through the file reception in the retrieval and shared system for encrypting file for large data center platform
File is sent to large data center platform by secure transmission tunnel and is encrypted by module, enters step Es9;
Es9, large data center platform receive file, enter step Es10;
Es10, it is read by the content in the retrieval and shared system for encrypting file for large data center platform
Module reads the file content uploaded, is carried out at the same time step Es11 and step Es13;
Es11, suitable Encryption Algorithm is selected according to file content and is encrypted simultaneously from described for large data center platform
Key management module in the retrieval of file and shared system obtains file encryption key, enters step Es12;
Es12, added for large data center platform by described with selected Encryption Algorithm and the file encryption key of acquisition
File is encrypted in file encryption module in the retrieval of ciphertext part and shared system, enters step Es6;
Es13, the feature extraction algorithm being adapted according to the file content feature selecting feature selecting read, into step
Rapid Es14;
The selected characteristics algorithm of Es14, basis, by the retrieval for large data center platform encryption file and altogether
Characteristic extracting module extraction in the system enjoyed carries out feature extraction to file, enters step Es15;
Es15, based on the file characteristic extracted, pass through it is described for large data center platform encrypt file inspection
Index construct module in rope and shared system is that file builds at least secondary index, enters step Es16;
Es16, it is encrypted simultaneously from described for large data center platform for the suitable Encryption Algorithm of the good index selection of component
Key management module in the retrieval of file and shared system obtains index encryption key, enters step Es17;
Es17, text is encrypted for large data center platform by described according to the Encryption Algorithm and index encryption key selected
The every level-one index built is encrypted in index encrypting module in the retrieval of part and shared system, enters step
Es18;
Es18, it is stored by the index in the retrieval and shared system for encrypting file for large data center platform
The encrypted index of module storage i.e. will be in the storage to large data center platform index database of encrypted index.
As shown in figure 3, the retrieval for being used for large data center platform encryption file and shared method of the invention is described
Data output processing flow includes the following steps:
Os1, user initiate encryption file query requests to large data center platform, enter step Os2;
In the retrieval and shared system of Os2, large data center platform by encrypting file for large data center platform
Document retrieval module encrypted indexes are positioned, enter step Os3;
Os3, it is obtained from the key management module in the retrieval and shared system for encrypting file for large data center platform
Index secret key decryption index is taken, Os4 is entered step;
Index after Os4, retrieval decryption, positioning meet the file of inquiry request, return to query result and are looked into file is initiated
The user for asking request, enters step Os5;
Os5, user judge whether shared file according to the retrieval result of return, if not needing shared file, enter step
Os6;If desired shared file enters step Os7;
Os6, poll-final;
Os7, user initiate sharing request to large data center platform, ask to share the query result returned in step Os4
Corresponding file, enters step Os8;
In the retrieval and shared system of Os8, large data center platform by encrypting file for large data center platform
Shared auditing module come audit whether allow shared file to initiate request user entered step if not allowing to share
Os9;If allowing to share, Os10 is entered step;
The file that Os9, large data center platform do not allow shared user's request shared, shares failure;
The file that Os10, large data center platform allow shared user's request shared, adds from for large data center platform
Key management module in the retrieval of ciphertext part and shared system obtains file key to allowing shared file to be decrypted,
Enter step Os11;
Os11, judge whether file needs to desensitize, if need not desensitize, be directly entered step Os13;If desired it desensitizes, into
Enter step Os12;
File desensitization module in Os12, retrieval and shared system by encrypting file for large data center platform
Desensitization process is carried out to file, enters step Os13;
Path setup module in Os13, retrieval and shared system by encrypting file for large data center platform
File for user to be shared to establishes escape way, enters step Os14;
Os14, shared file will be allowed to be supplied to user by the escape way established in step Os13.
Wherein, when obtaining encryption key, from the retrieval and shared system for encrypting file for large data center platform
Key management module in index key management module obtain corresponding index encryption key and decruption key;From the key
File key management module in management module obtains corresponding file encryption key and decruption key.By being used in big data
Heart platform encrypts the file in the retrieval and shared system of file and desensitizes module to allowing shared file to be decrypted and adjusting
The file to be desensitized to needs with desensitization engine carries out desensitization process.When establishing index for file, with the file characteristic extracted
Based on, it is by the index construct module in the retrieval and shared system for encrypting file for large data center platform
File builds three level list, and in the case of security needs, more stages index can be established for text, is added for the index per level-one
It is close.
In retrieving, initially enter index database carries out classification lookup;After inquiring relative index block, it will index
Block calls in memory, is decrypted;It is continued to search in being indexed to its subordinate by the index decrypted, after finding relative index block,
It is called in memory, is decrypted, and adopted and continue to inquire in a like fashion, the position until finding file;Inquire text
After part exists, it can check the relevant information of file, if it is non-encrypted file, can directly download and share file full content;
If it is encryption file, then it can not check file full content, need to apply sharing, by the way that file download could be obtained after audit
Permission.Specifically, if file is encryption file, and when needing to obtain, shared application of presenting a paper, into auditing flow;
Into after auditing flow, for file configuration desensitization strategy, audit is submitted;Multistage examination & approval are carried out to the application after primary audit;It examines
It criticizes and passes through, user can get the file after desensitization;Examination & approval do not pass through, and user can not obtain file.
The present invention ensures the safety in data sharing and exchange process from data safety angle;Meanwhile the present invention adopts
With structure multi-level encryption indexed mode, realizes the retrieval to encrypting file in big data platform, improve the effect of encryption document retrieval
Rate and accuracy;Realize simultaneously between different user data shared application with file is total to by way of audit
It enjoys, and is desensitized to file by the way of data desensitization, prevent privacy leakage.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto,
Any one skilled in the art in the technical scope of present disclosure, according to the technique and scheme of the present invention and its
Inventive concept is subject to equivalent substitution or change, should be covered by the protection scope of the present invention.
Claims (7)
1. a kind of retrieval for large data center platform encryption file and shared system, which is characterized in that described for big
The retrieval of data center's platform encryption file and shared system include initiating transmission request to large data center platform to user
User file carries out user data acquisition and ensures the data acquisition module of user data confidentiality and integrity, is the data
Acquisition module collects the user data in user file and carries out primary treatment to build adaptable index and be carried out to index
Encrypted data preprocessing module adds to carrying out the user file after data processing by the data preprocessing module
Close and storage and the data memory module stored to index are realized and search for the file after encrypting for encrypting
And realize that safety is shared between different user file and exchange it is shared with Switching Module, it is encrypted to user file to being used for
The key management module that key and the key that index is encrypted are managed;
The data acquisition module includes initiating the file that transmission is asked to large data center platform to user to acquire by data
File uploading module that device is uploaded formulates the file content that file uploading module acquisition uploads and examines rule and right
It carries out the Content Advisor module of Safety Examination, is adopted in the data for the file by Content Advisor module examination qualification
Storage and large data center platform directly establish the path setup module of secure transmission tunnel, will examine that qualified upper transmitting file leads to
Cross the file reception module that secure transmission tunnel is sent to large data center platform;
The data preprocessing module includes reading the text for the file that the data acquisition module uploads to large data center platform
The content read module of this content extracts text to the file content that the content read module is read using feature extraction algorithm
The characteristic extracting module of the text feature of part establishes at least two according to the text feature that the characteristic extracting module is extracted for it
The index construct module of grade index, to the suitable Encryption Algorithm of index selection of the index construct module construction to indexes at different levels
The index encrypting module being encrypted;
The data memory module includes storing the index of encrypted index storage to large data center platform index database
Module, to be transferred to large data center platform user file select Encryption Algorithm it is encrypted file encryption module,
It will be by the encrypted user file storage of the file encryption module to the file in large data center platform-specific storage system
Memory module;
It is described shared with Switching Module to include relative users to the Search Requirement of encryption file and the text of corresponding retrieval result is provided
Part retrieval module, for user to encrypt file shared demand applied shared application module, to the shared need of user
Seek shared auditing module that application audited, to needing the encryption file to desensitize corresponding to the users to share demand by audit
The file desensitization module of desensitization process is decrypted, for by the corresponding encryption that need not be desensitized of the users to share demand of audit
File, which establishes secure transmission tunnel and sends user to, meets the safe transmission module of its shared demand, for the use after decrypting
Family file provides download link protection and ensures the safe download module downloaded safely;
The key management module includes being generated, store, distribute control and being destroyed the rope of management to indexing encrypted key
Draw key management module and the file key of management is generated, stores, distributes control and destroyed to the key for encrypting file
Management module;
The text feature that the index construct module is extracted according to the characteristic extracting module establishes three level list for it, described
Every level-one index is encrypted in index encrypting module;The index construct module according to demand for security be text establish three-level with
Upper index is simultaneously encrypted for the index per level-one.
2. a kind of retrieval for large data center platform encryption file and shared method, which is characterized in that described for big
The retrieval of data center platform encryption file and shared method use for large data center platform encryption file retrieval and
Shared system realizes the retrieval of encryption file and shared, includes the data input processing flow towards large data center platform
And user oriented data output processing flow;
The data input processing flow includes the following steps:
Es1, user initiate file upload request to large data center platform, enter step Es2;
Es2, the large data center platform utilize the retrieval for large data center platform encryption file and shared are
Transmitting file Es3 on file uploading module control data collector in system;
Es3, pass through the Content Advisor module in the retrieval and shared system for encrypting file for large data center platform
It asks the file content uploaded to carry out Safety Examination user, judges whether its content is safe;If file is dangerous, enter step
Es4;If file security, it is directly entered step Es5;
Es4, file upload failure, terminate data input;
Es5, judge whether file needs to encrypt, if need not encrypt, enter step Es6;If desired it encrypts, enters step
Es7;
Es6, pass through the file storage module in the retrieval and shared system for encrypting file for large data center platform
It will be in file storage to large data center platform-specific storage system;
Es7, pass through the path setup module in the retrieval and shared system for encrypting file for large data center platform
To need encrypted file to establish secure transmission tunnel between data collector and large data center platform, Es8 is entered step;
Es8, pass through the file reception module in the retrieval and shared system for encrypting file for large data center platform
File is sent to large data center platform by secure transmission tunnel to be encrypted, enters step Es9;
Es9, large data center platform receive file, enter step Es10;
Es10, pass through the content read module in the retrieval and shared system for encrypting file for large data center platform
The file content uploaded is read, step Es11 and step Es13 are carried out at the same time;
Es11, suitable Encryption Algorithm is selected according to file content and encrypts file for large data center platform from described simultaneously
Retrieval and shared system in key management module obtain file encryption key, enter step Es12;
Es12, text is encrypted for large data center platform by described with selected Encryption Algorithm and the file encryption key of acquisition
File is encrypted in file encryption module in the retrieval of part and shared system, enters step Es6;
Es13, the feature extraction algorithm being adapted according to the file content feature selecting feature selecting read, enter step
Es14;
Es14, according to selected characteristics algorithm, encrypt the retrieval of file and shared for large data center platform by described
Characteristic extracting module extraction in system carries out feature extraction to file, enters step Es15;
Es15, based on the file characteristic extracted, by it is described for large data center platform encrypt file retrieval and
Index construct module in shared system is that file builds at least secondary index, enters step Es16;
Es16, from described file is encrypted for large data center platform simultaneously for the suitable Encryption Algorithm of the good index selection of component
Retrieval and shared system in key management module obtain index encryption key, enter step Es17;
Es17, file is encrypted for large data center platform by described according to selected Encryption Algorithm and index encryption key
The every level-one index built is encrypted in index encrypting module in retrieval and shared system, enters step Es18;
Es18, pass through the index memory module in the retrieval and shared system for encrypting file for large data center platform
Storing encrypted index i.e. will be in the storage to large data center platform index database of encrypted index;
The data output journey includes the following steps:
Os1, user initiate encryption file query requests to large data center platform, enter step Os2;
Text in the retrieval and shared system of Os2, large data center platform by encrypting file for large data center platform
Part retrieval module positions encrypted indexes, enters step Os3;
Os3, rope is obtained from the key management module in the retrieval and shared system for encrypting file for large data center platform
Draw secret key decryption index, enters step Os4;
Index after Os4, retrieval decryption, positioning meet the file of inquiry request, return to query result and are asked to file polling is initiated
The user asked, enters step Os5;
Os5, user judge whether shared file according to the retrieval result of return, if not needing shared file, enter step Os6;
If desired shared file enters step Os7;
Os6, poll-final;
Os7, user initiate sharing request to large data center platform, ask the query result institute returned in shared step Os4 right
The file answered, enters step Os8;
Os8, large data center platform pass through being total in encrypting the retrieval and shared system of file for large data center platform
Whether enjoy auditing module allows shared file to enter step Os9 if not allowing to share to the user for initiating request to audit;If
Allow to share, enters step Os10;
The file that Os9, large data center platform do not allow shared user's request shared, shares failure;
The file that Os10, large data center platform allow shared user's request shared, text is encrypted from for large data center platform
Key management module in the retrieval of part and shared system obtains file key to allowing shared file to be decrypted, and enters
Step Os11;
Os11, judge whether file needs to desensitize, if need not desensitize, be directly entered step Os13;If desired it desensitizes, into step
Rapid Os12;
File in Os12, retrieval and shared system by encrypting file for large data center platform desensitizes module to text
Part carries out desensitization process, enters step Os13;
Os13, by for large data center platform encrypt file retrieval and shared system in path setup module be want
The file for sharing to user establishes escape way, enters step Os14;
Os14, shared file will be allowed to be supplied to user by the escape way established in step Os13.
3. the retrieval according to claim 2 for large data center platform encryption file and shared method, feature
It is, it is close from the index in the key management module in the retrieval and shared system for encrypting file for large data center platform
Key management module obtains corresponding index encryption key and decruption key.
4. the retrieval according to claim 2 for large data center platform encryption file and shared method, feature
It is, it is close from the file in the key management module in the retrieval and shared system for encrypting file for large data center platform
Key management module obtains corresponding file encryption key and decruption key.
5. according to the retrieval of file is encrypted for large data center platform described in claim 2 and shared method, feature exist
In the file in retrieval and shared system by encrypting file for large data center platform desensitizes module to allowing to share
File be decrypted.
6. the retrieval according to claim 2 for large data center platform encryption file and shared method, feature
It is, in the step Os12, the file in retrieval and shared system by encrypting file for large data center platform
The module that desensitizes calls desensitization engine to carry out desensitization process to file.
7. the retrieval according to claim 2 for large data center platform encryption file and shared method, feature
It is, in the step Es15 based on the file characteristic extracted, by described for large data center platform encryption text
Index construct module in the retrieval of part and shared system is that file builds three level list.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510800054.0A CN105471856B (en) | 2015-11-19 | 2015-11-19 | The retrieval of file and shared system and method are encrypted for large data center platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510800054.0A CN105471856B (en) | 2015-11-19 | 2015-11-19 | The retrieval of file and shared system and method are encrypted for large data center platform |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105471856A CN105471856A (en) | 2016-04-06 |
CN105471856B true CN105471856B (en) | 2018-08-03 |
Family
ID=55609127
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510800054.0A Active CN105471856B (en) | 2015-11-19 | 2015-11-19 | The retrieval of file and shared system and method are encrypted for large data center platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105471856B (en) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107370767A (en) * | 2017-09-11 | 2017-11-21 | 安徽省未来博学信息技术有限公司 | A kind of internet share system |
CN108156040A (en) * | 2018-01-30 | 2018-06-12 | 北京交通大学 | A kind of central control node in distribution cloud storage system |
CN110659469B (en) * | 2019-09-12 | 2022-07-15 | 路光贤 | Medical information management statistical system and equipment based on cloud platform |
CN110737918B (en) * | 2019-10-15 | 2023-08-08 | 重庆远见信息产业集团股份有限公司 | External data sharing management platform |
CN111460480B (en) * | 2020-03-31 | 2022-03-18 | 中国电子科技集团公司第三十研究所 | Secure ciphertext file sharing method in ciphertext search system |
CN111709780A (en) * | 2020-06-11 | 2020-09-25 | 上海海洋大学 | Shared economic information safety management system and method |
CN112486974A (en) * | 2020-12-10 | 2021-03-12 | 四川瀚库智数科技有限公司 | College big data sharing system and method |
CN112860627A (en) * | 2021-02-06 | 2021-05-28 | 北京华文信通科技有限公司 | Electronic file monitoring, collecting, sharing and utilizing system |
CN112948386B (en) * | 2021-03-04 | 2023-09-22 | 电信科学技术第五研究所有限公司 | Simple indexing and encrypting disk-dropping mechanism for ETL abnormal data |
CN114793169A (en) * | 2022-03-21 | 2022-07-26 | 中国信息通信研究院 | Full-flow data encryption protection method for big data platform |
CN114979281B (en) * | 2022-07-11 | 2022-11-08 | 成都信息工程大学 | Data interaction method applied to industrial internet cloud service platform |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5752060A (en) * | 1990-05-30 | 1998-05-12 | Fujitsu Limited | File access scheme in distributed data processing system |
-
2015
- 2015-11-19 CN CN201510800054.0A patent/CN105471856B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5752060A (en) * | 1990-05-30 | 1998-05-12 | Fujitsu Limited | File access scheme in distributed data processing system |
Non-Patent Citations (1)
Title |
---|
云环境下的敏感数据保护技术研究;刘明辉等;《电信科学》;20141130;第2-8页 * |
Also Published As
Publication number | Publication date |
---|---|
CN105471856A (en) | 2016-04-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105471856B (en) | The retrieval of file and shared system and method are encrypted for large data center platform | |
CN106529327B9 (en) | Data access system and method for encrypted database in hybrid cloud environment | |
CN102687133B (en) | Containerless data for trustworthy computing and data services | |
CN102656589B (en) | By the trust verified for data that wrapper is synthesized | |
CN107508812A (en) | A kind of industry control network date storage method, call method and system | |
CN108881195A (en) | Data safety sharing method and device based on cloud environment | |
CN104995632B (en) | Secret protection Database Systems | |
CN108062485A (en) | A kind of fuzzy keyword searching method of multi-service oriented device multi-user | |
CN104065680A (en) | Information processing method and apparatus, information retrieval method and apparatus, user terminal and server | |
CN111274599A (en) | Data sharing method based on block chain and related device | |
CN112685790B (en) | Block chain data security and privacy protection method | |
CN106131225A (en) | The security system accessed for medical treatment case information | |
CA2403488A1 (en) | Automatic identity protection system with remote third party monitoring | |
CN110581839A (en) | Content protection method and device | |
CN108021677A (en) | The control method of cloud computing distributed search engine | |
CN106356066A (en) | Speech recognition system based on cloud computing | |
CN115577370A (en) | Safe storage method supporting intelligent unmanned cluster data access mode protection | |
CN109740378A (en) | A kind of safety of anti-keyword privacy leakage is to index construction and its search method | |
Fan et al. | Research on privacy protection in IoT system based on blockchain | |
Luo et al. | Accountable data sharing scheme based on blockchain and SGX | |
US20210203487A1 (en) | Method for storing database security audit records | |
CN106131224A (en) | A kind of data transmission system | |
Hsiao et al. | An implementation of efficient hierarchical access control method for VR/AR platform | |
Chen et al. | Research on Internet of Things information security based on blockchain | |
Upadhyay et al. | Vulnerabilities of data storage security in big data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |