CN108989305A - A kind of data-sharing systems, method and device - Google Patents
A kind of data-sharing systems, method and device Download PDFInfo
- Publication number
- CN108989305A CN108989305A CN201810752112.0A CN201810752112A CN108989305A CN 108989305 A CN108989305 A CN 108989305A CN 201810752112 A CN201810752112 A CN 201810752112A CN 108989305 A CN108989305 A CN 108989305A
- Authority
- CN
- China
- Prior art keywords
- user
- module
- user terminal
- data
- terminal module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Abstract
The present invention provides a kind of data-sharing systems, method and device, wherein includes: management module, cloud memory module and at least one user terminal module in the system.Management module can extract the user property of at least one user terminal module and user key is respectively configured for it;The first user terminal module at least one user terminal is sent to the storage of cloud memory module after can encrypting according to its user property authorized determined to user data;Second user terminal module at least one user terminal module is decrypted according to user key to after the user data that memory module acquisition in cloud has encrypted.In this way, the risk of data leakage of information caused by cloud service data outsourcing can be effectively reduced, and then has ensured the information security of cloud service user.
Description
Technical field
The present invention relates to field of information security technology, in particular to a kind of data-sharing systems, method and device.
Background technique
With the arrival of information age, user data can be more preferable by cloud service with a kind of explosive growth
Management and processing mass data.
Many users are due to being locally stored that resource is limited or data managing capacity is limited etc., by the storage of user data
And administration authority is supplied to cloud service provider, however, inevitably resulting from new peace using this data Outsourcing Model
Full problem: since cloud service provider usually adheres to different trust domain separately from user, therefore cloud service provider and non-fully credible,
It is likely to occur the phenomenon that cloud service provider utilizes the administration authority authorized, steals or leak the related data of user, thus
Huge loss is caused to user.
It can be seen that in the prior art the data Outsourcing Model under cloud service scene be stolen there is user data and
The security risk of leakage.
Summary of the invention
In view of this, the purpose of the present invention is to provide data safety sharing method, system and device, to reduce cloud computing
The risk of data theft caused by middle data outsourcing, leakage of information.
In a first aspect, the embodiment of the present application provides a kind of data-sharing systems, wherein the system includes management module, cloud
Hold memory module and at least one user terminal module.
Management module, for extracting the user property of at least one user terminal module, and according to the user property of extraction,
User key is respectively configured at least one user terminal module and is handed down at least one user terminal module;
The first user terminal module at least one user terminal module, for determining the user property authorized, and
Cloud memory module is sent to after encrypting according to the user property authorized to user data;
Second user terminal module at least one user terminal module, for obtaining encryption from the memory module of cloud
User data afterwards, and be decrypted using user key, wherein the user property of second user terminal module has authorized
User property.
Second aspect, the embodiment of the present application also provides a kind of data sharing methods, and wherein this method can be by management mould
Block executes, this method comprises:
Extract the user property of user terminal module;
According to the user property of extraction, user key is configured for user terminal module and is handed down to user terminal module,
In, user key is used for the user data that obtains from the memory module of cloud of decrypted user terminal module, according to user data
The user property of user terminal module carries out encrypted user data.
In conjunction with second aspect, the embodiment of the present application provides the first possible embodiment of second aspect, wherein institute
State method further include:
Generate public keys and common parameter;
According to the user property of extraction, user key is configured for user terminal module and is handed down to user terminal module, is had
Body includes:
According to the user property of extraction and the public keys generated, user key is configured for user terminal module, and will
The common parameter and user key of generation are handed down to user terminal module, and common parameter is for encrypting user terminal module hair
Give the user data of cloud memory module.
The third aspect, the embodiment of the present application also provides a kind of data sharing method, this method can be by the first user end
End module executes, this method comprises:
The user key that management module is sent is received, user key is use of the management module according to the first user terminal module
Family attribute configuration, user key is for decrypting the first number of users that the first user terminal module is obtained from the memory module of cloud
According to the first user data is to send after second user terminal module is encrypted according to the user property of the first user terminal module
To cloud memory module;
It determines the user property authorized, and is sent out after being encrypted according to the user property authorized to second user data
Give cloud memory module.
In conjunction with the third aspect, the embodiment of the present application provides the first possible embodiment of the third aspect, wherein institute
State method further include:
Receive and store the common parameter of management module transmission;
It determines the user property authorized, specifically includes:
Obtain the user property for being stored with the third user terminal module of common parameter;
Select user property from the user property of third user terminal module, and using the user property selected as having awarded
The user property of power.
In conjunction with the first possible embodiment of the third aspect, the embodiment of the present application provides second of the third aspect
Possible embodiment, wherein according to the user property and received common parameter authorized, to second user data into
Row encryption, specifically includes:
According to the user property and received common parameter authorized, second user data are encrypted.
In conjunction with fourth aspect, the embodiment of the present application also provides a kind of data sharing devices, wherein and it include: extraction module,
For extracting the user property of user terminal module;Processing module is user terminal module for the user property according to extraction
Configure user key;Sending module, for the user key of configuration to be handed down to user terminal module, wherein user key is used
In the user data that decrypted user terminal module is obtained from the memory module of cloud, user data is according to user terminal module
User property carries out encrypted user data.
In conjunction with fourth aspect, the embodiment of the present application provides the first possible embodiment of fourth aspect, wherein institute
State device further include:
Generation module, for generating public keys and common parameter;
The processing module, is specifically used for: being that user is whole according to the user property of extraction and the public keys generated
End module configures user key;
The sending module, is specifically used for: the common parameter of generation and user key are handed down to user terminal mould
Block, common parameter is for encrypting the user data that user terminal module is sent to cloud memory module.
In conjunction with the 5th aspect, the embodiment of the present application also provides a kind of data sharing devices, wherein and it include: receiving module,
For receiving the user key of management module transmission, user key is that management module belongs to according to the user of the first user terminal module
Property configuration, user key for decrypting the first user data that the first user terminal module is obtained from the memory module of cloud,
First user data is to be sent to after second user terminal module is encrypted according to the user property of the first user terminal module
Cloud memory module;Processing module, for determining the user property authorized, and according to the user property authorized to second
User data is encrypted;Sending module, for encrypted second user data to be sent to cloud memory module.
In conjunction with the 5th aspect, the embodiment of the present application provides the first possible embodiment of the 5th aspect, wherein institute
It states receiving module to be also used to: receiving and storing the common parameter that the management module is sent;
The processing module is specifically used for when determining the user property authorized: acquisition is stored with the common parameter
Third user terminal module user property, select user property from the user property of the third user terminal module,
And using the user property selected as the user property authorized.
In conjunction with the first possible embodiment in the 5th aspect, the embodiment of the present application also provides the second of the 5th aspect
Kind possible embodiment, wherein the processing module, according to the user property authorized to second user data into
When row encryption, it is specifically used for: according to the user property authorized and the received common parameter, to described second
User data is encrypted.
In conjunction with the 6th aspect, the embodiment of the present application also provides a kind of electronic equipment, which includes: processor, storage
Device and bus, memory are stored with the executable machine readable instructions of processor, when electronic equipment operation, processor and storage
By bus communication between device, above-mentioned second aspect is executed when machine readable instructions are executed by processor and second aspect arbitrarily may be used
The step of data sharing method described in the embodiment of energy.
In conjunction with the 7th aspect, the embodiment of the present application also provides a kind of electronic equipment, which includes: processor, storage
Device and bus, memory are stored with the executable machine readable instructions of processor, when electronic equipment operation, processor and storage
By bus communication between device, the above-mentioned third aspect is executed when machine readable instructions are executed by processor and the third aspect arbitrarily may be used
The step of data sharing method described in the embodiment of energy.
In conjunction with eighth aspect, the embodiment of the present application also provides a kind of computer readable storage mediums, this is computer-readable
It is stored with computer program on storage medium, executes when which is run by processor such as above-mentioned second aspect and the
Any possible embodiment of two aspects, and/or, described in the third aspect and the arbitrarily possible embodiment of the third aspect
The step of data sharing method.
The embodiment of the present application provides a kind of data-sharing systems, method and device, wherein management module can extract to
The user property of a few user terminal module, and then be at least one user terminal module difference according to the user property of extraction
Configuration user key is simultaneously handed down at least one user terminal module respectively.When first at least one user terminal module is used
When family terminal module is to cloud memory module upload user data, the first user terminal module can determine the use authorized first
Family attribute, and memory module storage in cloud is sent to after encrypting according to the user property authorized to user data.When extremely
It, can when second user terminal module in a few user terminal module obtains the user data encrypted from cloud memory module
To be decrypted according to the user data that has encrypted of the user key to acquisition, wherein the user of second user terminal module belongs to
Property for the user property authorized.
In this way, user terminal module either upload the data to before the memory module of cloud or deposits from cloud
Storage module can be carried out attribute operation after obtaining data to complete the encryption or decryption to user data, pass through this attribute
Calculation mechanism can effectively reduce the risk of data Data Theft caused by cloud service data outsourcing or leakage of information, to cloud
Service data provides safely technical support, and then has ensured the information privacy of cloud service user, helps to build more
The cloud environment of safety.
Other feature and advantage of the embodiment of the present application will illustrate in the following description, alternatively, Partial Feature and excellent
Point can deduce from specification or unambiguously determine, or the above-mentioned technology by implementing the embodiment of the present application can obtain
Know.
To enable the above objects, features, and advantages of the application to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate
Appended attached drawing, is described in detail below.
Detailed description of the invention
Technical solution in ord to more clearly illustrate embodiments of the present application, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 shows a kind of configuration diagram of data-sharing systems provided by the embodiment of the present application;
Fig. 2 shows a kind of flow diagrams of data sharing method provided by the embodiment of the present application;
Fig. 3 shows a kind of configuration diagram of data sharing device 300 provided by the embodiment of the present application;
Fig. 4 shows a kind of configuration diagram of data sharing device 400 provided by the embodiment of the present application;
Fig. 5 shows the structural schematic diagram of a kind of electronic equipment 500 provided by the embodiment of the present application;
Fig. 6 shows the structural schematic diagram of a kind of electronic equipment 600 provided by the embodiment of the present application.
Specific embodiment
To keep the purposes, technical schemes and advantages of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application
Middle attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only
It is a part of the embodiment of the present invention, instead of all the embodiments.The application being usually described and illustrated herein in the accompanying drawings is real
The component for applying example can be arranged and be designed with a variety of different configurations.Therefore, of the invention to what is provided in the accompanying drawings below
The detailed description of embodiment is not intended to limit the range of claimed invention, but is merely representative of selected reality of the invention
Apply example.Based on the embodiment of the present invention, those skilled in the art institute obtained without making creative work
There are other embodiments, shall fall within the protection scope of the present invention.
With the arrival of big data era, user data is managed using cloud service becomes a kind of critically important mode, and
And it can use cloud service between user to realize data sharing.The number under cloud service scene is solved in the embodiment of the present application
According to Data Theft existing for Outsourcing Model or leakage of information problem, a kind of data-sharing systems, method and device are proposed.
Firstly, it is shown in Figure 1, for a kind of framework signal of possible data-sharing systems provided by the embodiments of the present application
Figure, which includes: management module, cloud memory module and at least one user terminal module.Wherein, it manages
Module is the safe and reliable third party independently of cloud environment, it can be with the foundation and maintenance of auxiliary data shared system;User
Terminal module can be deployed in user local, and concrete form can be the form of software or hardware, and user terminal module both can be with
It can also be obtained from cloud memory module to cloud memory module upload user data so that other user terminals module is shared
The shared user data of other user terminals module.In the application, increased newly in user terminal module to cloud memory module
Encryption function when upload user data and the decryption function after obtaining user data from cloud memory module, to guarantee number
According to shared safety;Cloud memory module can dispose beyond the clouds, and concrete form can be mounted in the software or hard in cloud
Part is also possible to meet the storage service of interface requirement in cloud computing, and cloud memory module can be other for data-sharing systems
Part provides unified reading data, write-in, update and the interface of deletion.
In the following, data-sharing systems as shown in connection with fig. 1, provide specific embodiment to data provided by the embodiments of the present application
Sharing method is described in detail.
Embodiment one
It is shown in Figure 2, it is the flow diagram of data sharing method provided by the embodiments of the present application, including following step
It is rapid:
S201, management module extract the user property of at least one user terminal module.
In this step, when the extracted user property of management module is that user terminal module is initiated to register to management module
The user property submitted.User terminal module initiates registration process, such as can be user terminal module according to management module
The attribute information issued submits user property, and then management module audits the user property of submission.User property can
With the characteristic information of the user for characterizing user terminal module, such as when the user of user terminal module is in company
When employee, the attribute information of management module publication for example can be in the attribute informations such as name, gender, department, area, position
It is one or more.For the user user A of user terminal modules A, the user property submitted is for example are as follows: " name: uses
Family A;Gender: male;Department: market department;Area: Beijing;Position: manager " etc..
It is close that user is respectively configured at least one user terminal module according to the user property of extraction in S202, management module
Key is simultaneously handed down at least one user terminal module.
Wherein, each user terminal module has unique user key, and the user property of user terminal module is different,
Correspondingly, the user key that has of user terminal module also different from.
When it is implemented, management module can also generate public keys and common parameter before executing S202.Example
Such as, user terminal module can generate a security parameter at random, and security parameter is input to preset algorithm such as Setup () and is calculated
In method, common parameter and public keys can be exported later.The public keys and the common parameter can be by least
One user terminal module shares.Management module is when being respectively configured user key at least one user terminal module, also
It can be according to the user property of each user terminal module and the public keys of generation come respectively each user terminal mould
Block configures user key.For example, management module executes user key computational algorithm such as Keygen () algorithm according to user property,
The algorithm inputs public keys and user property, exports user key.Also, the user key of configuration is being handed down to user's end
When end module, the common parameter of generation can also be sent to user terminal module together.Further, user terminal module connects
After receiving user key and common parameter for itself configuration, the user key of itself and common parameter can be stored in
It is local.
Above step can be completed in data-sharing systems initialization procedure.In addition, in initialization procedure, cloud storage
Module can also be respectively completed two-way authentication with the management module and user terminal module of system.Cloud memory module and pipe
The mutual authentication process managed between module can be with are as follows: cloud memory module and management module are respectively to certification authority
(certification authority, CA) applies for digital certificate, wherein CA is to construct on Public Key Infrastructure basis
On generation and determine digital certificate third party's trust authority.Further, pass through digital certificate, both sides' mutual authentication body
Part, complete certification after, cloud memory module can response management module instruction requirement.Cloud memory module and user terminal mould
Mutual authentication process between block can be with are as follows: user terminal module and cloud memory module are led to respectively to CA application digital certificate
Digital certificate is crossed, both sides' mutual authentication identity, after completing certification, cloud memory module can respond the instruction of user terminal module
It is required that.
Wherein, at least one user terminal module both can be to cloud memory module upload user data, can also be from cloud
Memory module is held to obtain user data.User terminal module in upload user data and obtains user in the embodiment of the present application
Encryption and decryption mechanisms based on user property can be used during data, to guarantee cloud storage as far as possible
The safety of user data.
In the following, for ease of description, using the first user terminal module as a side of upload user data, by second terminal mould
Block describes to data sharing process in detail as the side for obtaining user data.
S203, the first user terminal module determine the user property that has authorized, and according to the user property authorized to
User data is sent to cloud memory module after being encrypted.
In the embodiment of the present application, the first user terminal module is to before the memory module upload user data of cloud, first
It can determine which user terminal module has permission to access and obtain the user data of upload, specifically, can determine to have awarded
The user property of power, then, the user terminal module for having the user property authorized can have permission to access and obtain
These user data.Here, suppose that second user terminal module is the user terminal mould for having the user property authorized
Block.
Specifically, determining that the mode of the user property authorized can have:
Mode one, the first user terminal module receive the user property set from management module, and from user property
User property is chosen in set, constitutes the user property authorized.
Wherein, management module can all user terminal modules extract from system user property, by what is extracted
All user properties are handed down to the first user terminal module as a user property collection merging.Such as system management module generates
User property set in include the attribute informations such as name, height, weight, gender, age, native place, the first user terminal module
After receiving user property set, gender (male) can be selected, age (30), native place (Beijing) are that the user authorized belongs to
Property.
Mode two, the first user terminal module can select user property from the user property of itself, be set as having awarded
The user property of power.In which two, it can not have to obtain user property set from management module, directly according to the use of itself
Family attribute determines the user property authorized.If such as the user of the first user terminal module is user A, the use of user A
Family attribute includes gender (male), age (30), native place (Beijing), then user A can choose the age (30), native place (Beijing) is made
For the user property authorized, in this way, having the age (30), the user of user property of native place (Beijing) can have permission and check
User A shared user data.
Mode three, the first user terminal module common parameter that management module issues based on the received, are stored with other
User property is exchanged between the user terminal module of the common parameter, and selects user property from the user property of exchange,
It is set as the user property authorized.
For example, the user property of user A includes gender (male), year if the user of the first user terminal module is user A
The user in age (30), native place (Beijing), second user terminal module is user B, and the user property of user B includes gender
(female), age (23), native place (Tianjin), the first user terminal and second user terminal have all received and stored management module and have issued
Same common parameter, then can exchange user property between the first user terminal and second user terminal, user A can be with
Choose the user property of gender (female), age (23), native place (Tianjin) as authorized user.
In the embodiment of the present application, the first user terminal module can also be according to common parameter and what is determined authorized
User property encrypts user data.Specifically, encryption attribute algorithm can be quoted, and such as: according to authorized user's
User property constitutes ciphertext index, executes Encryption Algorithm Enc (), inputs common parameter, ciphertext index and needs use to be sharing
User data, available encrypted user data.Wherein, encryption attribute algorithm can be understood as being added in the algorithm to user
The description of attribute, using with door or door and comprising functions such as doors imitates the access control under distributed environment as constraint condition
Rate can be substantially better than traditional Encryption Algorithm based on unique identity.
S204, second user terminal module obtain user data from cloud memory module, and utilize the user key of itself
The user data of acquisition is decrypted.
Wherein, the user data that second user terminal module is obtained from cloud memory module, on as the first line module
Reach cloud memory module it is encrypted after user data.Here, suppose that the user property of second user terminal module is the
The user property that one user terminal module has authorized, so, second user terminal module can use to be belonged to according to the user of itself
Property and the user key that is configured to decrypt the user data of acquisition.
In the case where the user data of acquisition is encrypted using common parameter and user key, then, it is decrypted
Journey for example can be with are as follows: execute decipherment algorithm Dec (), input the user key of second user terminal module, common parameter and from
The user data that cloud memory module obtains, is decrypted the user data of acquisition, the user data after being decrypted.
Thus the data sharing process of achievable encryption and decryption mechanisms based on user property, user terminal module
It can use encryption attribute function before to cloud memory module upload user data to encrypt user data, user terminal
Module also can use attribute decryption function after obtaining user data from cloud memory module and carry out to encrypted user data
Decryption, by the above-mentioned means, before either sending data to cloud memory module or after cloud memory module acquisition data
It can be carried out attribute operation, to ensure the safety of shared user data, reduce the risk of user data leakage.
In addition, further relating to the relevant operation of the maintenance to data-sharing systems in specific implementation.For example, management module can
To control increase or the destruction operation of user property.Management module is extracting the user property of all user terminals, and generates
After user property set, if desired increase or cancel a certain user property, management module can first modify local user and belong to
Property set, such as increase a certain user property or a certain user property of revocation, then controlling cloud memory module will be with increase
Or the relevant user data of user property of revocation carries out adaptation, is updated later based on modified user property public
Parameter and user key, and it is indicated to user terminal module.
Embodiment two
By taking Enterprise Staff is using cloud service finishing service process as an example, the scheme provided above-described embodiment one is illustrated
Illustrate, in order to understand data sharing method provided by the embodiments of the present application.
Firstly, data-sharing systems are during initialization, management module can run Setup () function, and input is random
The security parameter of generation produces common parameter and public keys, and the user property by extracting user terminal module, building
User property set, for example, user property set A={ name, department, area, role }.Where it is assumed that from user terminal mould
The user property extracted in block 1 is { name (1), department (market department), regional (Beijing), role (sales assistant) }, manages mould
Root tuber executes user key and calculates function Keygen () according to the user property of user terminal module 1, using user property and
Public keys generates user key, and common parameter and user key are imported user terminal module 1.Remaining user terminal module
Also it is referred to above-mentioned process and completes initialization procedure.
Further, if the user of user terminal module 1 wishes shared user data m, then can determine first
The user property authorized, such as the user property authorized indicate with the set of As={ a1, a2 ... am }, according to having awarded
The user property of power constructs ciphertext index Y.
User terminal module 1 executes Encryption Algorithm such as Enc (), the user data m which inputs common parameter, to be shared
And ciphertext index Y, encrypted data M is exported, encrypted data M is then uploaded to cloud memory module, is completed altogether
Enjoy data publication.
Further, it is assumed that the user terminal module for having the user property authorized is user terminal module 2, then using
Family terminal module 2 can read the encrypted data M for being shared with oneself with cloud memory module, execute decipherment algorithm Dec (),
The algorithm inputs user key, common parameter and the encrypted data M of user terminal module 2, so that decryption obtains user
The user data m that terminal module 1 is issued.Assuming that also from cloud, memory module reads encrypted data to user terminal module 3
M, still, the user property that user terminal module 3 has are not the user properties authorized, then 3 benefit of user terminal module
When decrypting encrypted data M with the user key of itself, decryption failure, therefore can not correctly get user terminal module 1
The user data m of publication, to achieve the purpose that protect user data.
If needing to increase user property to the data-sharing systems, such as gender, then management module is first in the system maintenance stage
User property set A is first updated, updated user property collection is combined into A { name, department, area, role, gender }, then manages
Reason module public keys is recalculated according to updated user property set and control cloud memory module cancel it is impacted
User data, while user terminal module being notified to update common parameter and user key.When to delete a certain user property,
Mode is similar, and the operation that can increase user property in user property set A is changed to delete in user property set
A certain user property.
By this operation, user terminal module either upload the data to before the memory module of cloud or deposits from cloud
Storage module can be carried out attribute operation to complete the encryption or decryption to user data, to increase number after obtaining data
According to the information security in cloud service data sub-contract management.During system maintenance, user can be according to required building
Different attribute sets can make data receiver object more clear in data transmission procedure, and transmission process is more convenient, transmission
More rapidly.
Embodiment three
The embodiment of the present application provides a kind of data sharing device, referring to shown in Fig. 3, for what is provided in the embodiment of the present application
The configuration diagram of data sharing device 300, the device 300 include extraction module 301, processing module 302, sending module 303.
Specifically, extraction module 301, for extracting the user property of user terminal module;
Processing module 302 configures user key for the user property according to extraction for the user terminal module;
Sending module 303, for the user key of configuration to be handed down to the user terminal module, wherein the user
Key is for decrypting the user data that the user terminal module is obtained from the memory module of cloud, according to the user data
The user property of the user terminal module carries out encrypted user data.
In a kind of possible embodiment, which can also include generation module 304, public close for generating
Key and common parameter;
Processing module 302 is configured according to the user property of extraction and the public keys generated for user terminal module
User key;
The sending module 303, is specifically used for: the common parameter of generation and user key are handed down to user terminal
Module, common parameter is for encrypting the user data that user terminal module is sent to cloud memory module.
By above-mentioned data sharing device 300, data information caused by cloud service data outsourcing can be effectively reduced
The risk of leakage, and then ensured the information security of cloud service user.
Example IV
The embodiment of the present application provides a kind of data sharing device, referring to shown in Fig. 4, for what is provided in the embodiment of the present application
The configuration diagram of data sharing device 400, the device 400 include receiving module 401, processing module 402, sending module 403.
Specifically, receiving module 401 is used to receive the user key of management module transmission, user key is management module root
It is configured according to the user property of the first user terminal module, user key is stored for decrypting the first user terminal module from cloud
The first user data obtained in module, the first user data are second user terminal module according to the first user terminal module
User property is sent to cloud memory module after being encrypted;
Processing module 402, for determining the user property authorized, and according to the user property authorized to second user
Data are encrypted;
Sending module 403, for encrypted second user data to be sent to cloud memory module.
In a kind of possible embodiment, receiving module 401 is also used to: receiving and storing what the management module was sent
Common parameter;
Processing module 402 is specifically used for when determining the user property authorized: obtaining and is stored with the of common parameter
The user property of three user terminal modules selects user property from the user property of third user terminal module, and will selection
User property as the user property authorized.
In a kind of possible embodiment, processing module 402 is used according to the user property authorized second
When user data is encrypted, it is specifically used for: right according to the user property authorized and the received common parameter
The second user data are encrypted.
By above-mentioned data sharing device 400, data data caused by cloud service data outsourcing can be effectively reduced
The risk of theft or leakage of information.
Embodiment five
As shown in figure 5, for the structural schematic diagram of a kind of electronic equipment 500 provided by the embodiment of the present application five, comprising: place
Manage device 501, memory 502 and bus 503;
The memory 502 is stored with the executable machine readable instructions of the processor 501 (for example, including in Fig. 3
Extraction module 301, processing module 302, sending module 303 is corresponding executes instruction), when electronic equipment 500 is run, the place
It is communicated between reason device 501 and the memory 502 by bus 503, the machine readable instructions are executed by the processor 501
Shi Zhihang is handled as follows:
Extract the user property of user terminal module;
According to the user property of extraction, user key is configured for the user terminal module and is handed down to the user terminal
Module, wherein the user key is used to decrypt the user data that the user terminal module is obtained from the memory module of cloud,
The user data is to carry out encrypted user data according to the user property of the user terminal module.
Further, following processing can also be performed in the processor 501: generating public keys and common parameter;
The processor 501 is executing the user property according to extraction, configures user key for the user terminal module
And when being handed down to the user terminal module, it can specifically include:
According to the user property of extraction and the public keys generated, user is configured for the user terminal module
Key, and the common parameter of generation and the user key are handed down to the user terminal module, the public ginseng
The user data that number is sent to the cloud memory module for encrypting the user terminal module.
Embodiment six
As shown in fig. 6, for the structural schematic diagram of a kind of electronic equipment 600 provided by the embodiment of the present application five, comprising: place
Manage device 601, memory 602 and bus 603;
Memory 602 is stored with the executable machine readable instructions of processor 601 (for example, including the receiving module in Fig. 4
401, processing module 402, sending module 403 is corresponding executes instruction), when electronic equipment 600 is run, processor 601 with deposit
It is communicated between reservoir 602 by bus 603, following processing is executed when the machine readable instructions are executed by processor 601:
The user key that management module is sent is received, the user key is the management module according to the first user terminal
The user property configuration of module, the user key is for decrypting the first user terminal module from the memory module of cloud
The first user data obtained, first user data are second user terminal module according to the first user terminal module
User property encrypted after be sent to the cloud memory module;
It determines the user property authorized, and second user data is encrypted according to the user property authorized
After be sent to the cloud memory module.
Further, following processing can also be performed in the processor 601: receiving and storing what the management module was sent
Common parameter;
It determines the user property authorized, specifically includes:
Obtain the user property for being stored with the third user terminal module of the common parameter;
Select user property from the user property of the third user terminal module, and using the user property selected as
The user property authorized.
Further, following processing can also be performed in the processor 601: according to the user property pair authorized
When second user data are encrypted, it is specifically used for: according to the user property authorized and the received public ginseng
Number, encrypts the second user data.
Embodiment seven
The embodiment of the present application also provides a kind of computer readable storage medium, is stored on the computer readable storage medium
Computer program, the computer program execute any of the above-described data sharing method as described in the examples when being run by processor
Step.
Specifically, which can be general storage medium, such as mobile disk, hard disk, on the storage medium
Computer program when being run, the step of being able to carry out above-mentioned data sharing method, to solve current data in cloud service
The problem of Data Theft or information leakage that data outsourcing may cause, and then ensured the information privacy of cloud service user
Property.
The embodiment of the present application also provides a kind of computer program product of data sharing method, including stores program code
Computer readable storage medium, the instruction that program code includes can be used for executing the method in previous methods embodiment, specifically
It realizes and can be found in embodiment of the method, details are not described herein.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description
It with the specific work process of device, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
If function is realized in the form of SFU software functional unit and when sold or used as an independent product, can store
In a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially in other words to existing
Having the part for the part or the technical solution that technology contributes can be embodied in the form of software products, the computer
Software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be personal meter
Calculation machine, server or network equipment etc.) execute each embodiment method of the application all or part of the steps.And it is above-mentioned
Storage medium includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory
The various media that can store program code such as (RAM, Random Access Memory), magnetic or disk.
More than, the only specific embodiment of the application, but the protection scope of the application is not limited thereto, and it is any to be familiar with
Those skilled in the art within the technical scope of the present application, can easily think of the change or the replacement, and should all cover
Within the protection scope of the application.Therefore, the protection scope of the application should be subject to the protection scope in claims.
Claims (10)
1. a kind of data-sharing systems characterized by comprising management module, cloud memory module and at least one user
Terminal module;
The management module, for extracting the user property of at least one user terminal module, and according to the user of extraction
Attribute is respectively configured user key at least one described user terminal module and is handed down at least one described user terminal mould
Block;
The first user terminal module at least one described user terminal module, for determining the user property authorized, and
The cloud memory module is sent to after encrypting according to the user property authorized to user data;
Second user terminal module at least one described user terminal module, for being obtained from the cloud memory module
The encrypted user data, and be decrypted using the user key, wherein the use of the second user terminal module
Family attribute is the user property authorized.
2. a kind of data sharing method characterized by comprising
Extract the user property of user terminal module;
According to the user property of extraction, user key is configured for the user terminal module and is handed down to the user terminal mould
Block, wherein the user key is for decrypting the user data that the user terminal module is obtained from the memory module of cloud, institute
Stating user data is to carry out encrypted user data according to the user property of the user terminal module.
3. according to the method described in claim 2, it is characterized in that, the method also includes:
Generate public keys and common parameter;
The user property according to extraction configures user key for the user terminal module and is handed down to the user terminal
Module specifically includes:
According to the user property of extraction and the public keys generated, user key is configured for the user terminal module,
And the common parameter of generation and the user key are handed down to the user terminal module, the common parameter is used
The user data of the cloud memory module is sent in the encryption user terminal module.
4. a kind of data sharing method characterized by comprising
The user key that management module is sent is received, the user key is the management module according to the first user terminal module
User property configuration, the user key is obtained from the memory module of cloud for decrypting the first user terminal module
The first user data, first user data is second user terminal module according to the use of the first user terminal module
Family attribute is sent to the cloud memory module after being encrypted;
It determines the user property authorized, and is sent out after being encrypted according to the user property authorized to second user data
Give the cloud memory module.
5. method as claimed in claim 4, which is characterized in that the method also includes:
Receive and store the common parameter that the management module is sent;
It determines the user property authorized, specifically includes:
Obtain the user property for being stored with the third user terminal module of the common parameter;
Select user property from the user property of the third user terminal module, and using the user property selected as having awarded
The user property of power.
6. method as claimed in claim 5, which is characterized in that the user property authorized according to is to second user
Data are encrypted, and are specifically included:
According to the user property authorized and the received common parameter, the second user data are added
It is close.
7. a kind of data sharing device characterized by comprising
Extraction module, for extracting the user property of user terminal module;
Processing module configures user key for the user property according to extraction for the user terminal module;
Sending module, for the user key of configuration to be handed down to the user terminal module, wherein the user key is used for
The user data that the user terminal module is obtained from the memory module of cloud is decrypted, the user data is according to the user
The user property of terminal module carries out encrypted user data.
8. a kind of data sharing device characterized by comprising
Receiving module, for receiving the user key of management module transmission, the user key is the management module according to the
The user property configuration of one user terminal module, the user key is for decrypting the first user terminal module from cloud
The first user data obtained in memory module, first user data are that second user terminal module is used according to described first
The user property of family terminal module is sent to the cloud memory module after being encrypted;
Processing module, for determining the user property authorized, and according to the user property authorized to second user number
According to being encrypted;
Sending module, for the encrypted second user data to be sent to the cloud memory module.
9. a kind of electronic equipment characterized by comprising processor, memory and bus, the memory are stored with the place
The executable machine readable instructions of device are managed, when electronic equipment operation, pass through bus between the processor and the memory
Communication executes the data sharing side as described in claim 4~6 is any when the machine readable instructions are executed by the processor
The step of method.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer journey on the computer readable storage medium
Sequence, the step of data sharing method as described in claim 2~6 is any is executed when which is run by processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810752112.0A CN108989305A (en) | 2018-07-10 | 2018-07-10 | A kind of data-sharing systems, method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810752112.0A CN108989305A (en) | 2018-07-10 | 2018-07-10 | A kind of data-sharing systems, method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108989305A true CN108989305A (en) | 2018-12-11 |
Family
ID=64537668
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810752112.0A Pending CN108989305A (en) | 2018-07-10 | 2018-07-10 | A kind of data-sharing systems, method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108989305A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105208007A (en) * | 2015-08-26 | 2015-12-30 | 中标软件有限公司 | Data sharing system |
| CN105530087A (en) * | 2015-12-28 | 2016-04-27 | 北京航空航天大学 | Attribute-based encryption method of adaptive chosen ciphertext security |
| US20160196452A1 (en) * | 2011-06-17 | 2016-07-07 | Microsoft Technology Licensing, Llc | Cloud key directory for federating data exchanges |
| CN106888213A (en) * | 2017-03-14 | 2017-06-23 | 深圳大学 | Cloud ciphertext access control method and system |
| US20180020001A1 (en) * | 2016-07-14 | 2018-01-18 | Sap Se | Private data access controls in mobile applications |
| CN108200181A (en) * | 2018-01-11 | 2018-06-22 | 中国人民解放军战略支援部队信息工程大学 | A kind of revocable attribute-based encryption system and method towards cloud storage |
-
2018
- 2018-07-10 CN CN201810752112.0A patent/CN108989305A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160196452A1 (en) * | 2011-06-17 | 2016-07-07 | Microsoft Technology Licensing, Llc | Cloud key directory for federating data exchanges |
| CN105208007A (en) * | 2015-08-26 | 2015-12-30 | 中标软件有限公司 | Data sharing system |
| CN105530087A (en) * | 2015-12-28 | 2016-04-27 | 北京航空航天大学 | Attribute-based encryption method of adaptive chosen ciphertext security |
| US20180020001A1 (en) * | 2016-07-14 | 2018-01-18 | Sap Se | Private data access controls in mobile applications |
| CN106888213A (en) * | 2017-03-14 | 2017-06-23 | 深圳大学 | Cloud ciphertext access control method and system |
| CN108200181A (en) * | 2018-01-11 | 2018-06-22 | 中国人民解放军战略支援部队信息工程大学 | A kind of revocable attribute-based encryption system and method towards cloud storage |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109495274B (en) | Decentralized intelligent lock electronic key distribution method and system | |
| CN105871538B (en) | Quantum key distribution system, quantum key delivering method and device | |
| CN106161402B (en) | Encryption equipment key injected system, method and device based on cloud environment | |
| CN109120639A (en) | A kind of data cloud storage encryption method and system based on block chain | |
| CN107948156B (en) | Identity-based closed key management method and system | |
| US20140270179A1 (en) | Method and system for key generation, backup, and migration based on trusted computing | |
| US10250613B2 (en) | Data access method based on cloud computing platform, and user terminal | |
| CN107733654B (en) | Intelligent equipment firmware updating and official user certificate distribution method based on combined key | |
| CN104584509A (en) | An access control method, a device and a system for shared data | |
| US8948397B2 (en) | Major management apparatus, authorized management apparatus, electronic apparatus for delegated key management, and key management methods thereof | |
| CN110572258B (en) | Cloud password computing platform and computing service method | |
| CN105873031A (en) | Authentication and key negotiation method of distributed unmanned aerial vehicle based on trusted platform | |
| CN104601571A (en) | Data encryption system and method for interaction between tenants and cloud server memory | |
| CN103020543B (en) | A kind of virtual disk reflection encryption handling system and method | |
| CN106685919A (en) | Secure cloud storage method with passive dynamic key distribution mechanism | |
| CN105933345A (en) | Verifiable outsourcing attribute-based encryption method based on linear secret sharing | |
| CN110224816A (en) | Anti- quantum calculation application system and short distance energy-saving communication method and computer equipment based on key card and sequence number | |
| CN113434875A (en) | Lightweight access method and system based on block chain | |
| CN109120399A (en) | A kind of data ciphering method based on asymmetric encryption, decryption method and system | |
| CN114268482A (en) | Rapid strategy retrieval method based on attribute bloom filter | |
| CN108763944A (en) | Multicenter large attribute Domain Properties base encryption method can be revoked safely in calculating in mist | |
| CN104506320A (en) | Method and system for identity authentication | |
| US11032708B2 (en) | Securing public WLAN hotspot network access | |
| CN103490890A (en) | Combination public key authentication password method based on conic curves | |
| CN116340331A (en) | Large instrument experimental result evidence-storing method and system based on blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181211 |
|
| RJ01 | Rejection of invention patent application after publication |