CN109214198A - A kind of secure cloud document system encrypting search - Google Patents
A kind of secure cloud document system encrypting search Download PDFInfo
- Publication number
- CN109214198A CN109214198A CN201810931661.4A CN201810931661A CN109214198A CN 109214198 A CN109214198 A CN 109214198A CN 201810931661 A CN201810931661 A CN 201810931661A CN 109214198 A CN109214198 A CN 109214198A
- Authority
- CN
- China
- Prior art keywords
- information
- user
- password
- document
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to cloud storages and information security field, a kind of secure cloud document system that can encrypt search is provided, mainly from safe information transmission, local information and server information security storage etc., comprehensive considers user for the demand of information security, while ensuring information security, Password management services are provided for user, cipher text searching service is provided, in the case where guaranteeing secured premise, safe full-text search service is provided for user.
Description
Technical field
The present invention relates to cloud storages and information security field, provide a kind of based on document security storage, document word content
The secure cloud document system that search can be encrypted, stored from safe information transmission, local information and server information security etc.,
Comprehensive consideration user provides security document storage service, and corresponding document content for the demand of information security for user
Full-text search with other document associations information and search service can be encrypted.
Background technique
With the rapid development of cloud computing technology, more and more information need to be saved in cloud, and obtain from cloud.
User obtains information or storage information, needs to interact by network with cloud server, user's steps on
Record safety, the protection of user information and privacy are just particularly important.
Information security issue is an eternal topic, logical from " tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China ", " Morse code ", " digital certificate " to safety
Letter, purpose are ensuring that confidentiality, authenticity, integrality, the reliability of information encryption of information, the tamper-resistance properties etc. of information
Deng.
With the development of computer technology, network technology, the communication technology etc., Protective Information Security Techniques are also improved,
Information enciphering and deciphering algorithm has obtained steadily developing, and the safety of information is just particularly important.
Information security mainly considers following aspect: user logs in safety, information transmission security and information storage security.
The design of the design of cloud computing system, especially cloud document storage system will take into account the demand of this three aspect.
How the information security of user, peace that protection local information safety, especially cloud information store and transmit are guaranteed
Entirely?
Document information security strategy needs to pay attention to: document owner whether be information security protected object, document information
Whether in document owner, whether divulging a secret for server jeopardizes document information safety to the power to make decision of safety;User is crucial sensitive
Storage safety of the information in server;The safety of information transmission when user and server interact.
The common security algorithm of the present invention: AES, RSA, SHA series and national standard SM series, autonomous security algorithm FlCode
And zy6;Standard modular design, is freely combined convenient for algorithm, the peace of guarantee the storage of cloud document, transmit, can search for etc.
Entirely.
Secure cloud document system will also meet the need of the convenient management document of user while guaranteeing that customer documentation is safe
It asks, ensures information security, prevent transmission channel, server from divulging a secret.
The relevant technology of the present invention:
" a kind of method and system for separating encoding and decoding ", publication number: CN105721882A, referred to as: separate code algorithm, algorithm
Concrete implementation is FlCode algorithm.
System realizes information encoding-decoding using the conversion between mathematics difference system, the separation code table of associative transformation.
System relies on separation code table, separate code block encoding algorithm, converts information into transform sequence and digit sequence, real
The method of existing information coding.
System also relies on separation code table, separate code packet decoding algorithm to carry out information solution to transform sequence and digit sequence
Code, the method for realizing information reduction.
Multichannel of the system for information stores and transmits, and separation code table can also play the work of information encryption as password
With;The storage of information is divided into three parts: separation code table, transform sequence and digit sequence.
Separate code table: separation code table is character string, and the length of character string determines that conversion system, character correspond in separation code table
The number that position represents.
Encoding and decoding conversion unit is separated, abbreviation grouped element, it is the basic unit of information block, the information of coded treatment
Unit.
Information unit step-by-step setting, generally takes calculation processing graduation of whole numbers of units, and 32,64 or 128.
Information transform sequence refers to: the information of the unit read by setting forms integer, is converted by the system of setting
Conversion, the character string formed in conjunction with code table.
Digit sequence refers to: the information of the unit read by setting forms integer, converts conversion by the system of setting,
In conjunction with a Number Sequence for the character that code table is formed.
Separate code information coding: requiring to read specific bit according to grouped element, then requires to be converted into according to separation code table
Corresponding system (character representation of the corresponding number in separation code table), transform sequence is recorded in transformation result, after conversion
Digit sequence is recorded in digit, is continued until that conversion finishes, and eventually form two parts: the character of transform sequence must be point
Character from code table, digit sequence mainly record the corresponding length in transformation record of converting unit.
The decoding of separate code information: from digit sequence read digit information, correlation is read from transform sequence by digit information
Character, in conjunction with the system definition of separation code table, be converted to integer according to separate code table transform at corresponding number, successively deposit
Enter to decoding result, until conversion finishes.
Conversion forms the piecemeal storage or transmission of information between different systems, it is ensured that the safety of information is commonly used
Safe information transmission between the communication of multi-homed host, or the communication in different channels;Meet specific information in conjunction with code table
Transmission safety.
" the eap-message digest method and system based on path hash ", publication number: CN106301764A, referred to as: eap-message digest
Algorithm, one of algorithm concrete implementation are zy6 algorithm.
Information is calculated by grouping, packet path hash, result sequence reconciliation paths hash, ultimately produces eap-message digest.
Step-by-step grouping and path hash calculating are the main features of system: indicating that every k bit is basic as one by k grouping
Unit, multiple units form one group of participation packet path hash and calculate.
Path hash, which calculates to refer to calculating, to be needed to be carried out by specified path, specified pathdepth, and each divided
Group information will affect multiple elements of path setting, to achieve the purpose that hash.
Based on the eap-message digest method and system of path hash, it can extend and derive different digest algorithms, by not
Same grouping;Different transform sequence, different path hashing algorithms, can produce different eap-message digests, to meet
Different demands for security;Message grouping enables the system to the information of processing large capacity, and path hashes calculations incorporated k grouping can be with
Realize k multiplied by 2 k power bit eap-message digest.
" a kind of ciphertext full-text search system ", publication number CN107423341A.
System includes full-text index system, indexes security algorithm and information safety system.
System passes through index encryption, and querying condition encryption, query result is ciphertext, realizes adding for full-text search whole process
Close, the encryption and decryption of information is completed in user side, to guarantee the safety of information.
The feature of Encryption Algorithm: the result consistency having the same of the identical encryption of statement prefix is indexed, that is, uses ciphertext
Retrieval and original sentence retrieval be consistent, to realize the retrieval of ciphertext.
It indexes security algorithm to realize using separate code algorithm, the ciphertext of index is compiled by the way of semantic feature coding
Code forms ciphertext semantic tree, constructs ciphertext full-text search system by semantic tree.
The cloud document that the present invention realizes, document information safety are provided centered on document owner from being transferred to server
Storage and the safety assurance of subsequent searches, realize document local cipher, and the local secure storage of Encryption Algorithm and password is real
Existing information transmission security influences document and divulges a secret so that transmission process and server end be effectively prevent to divulge a secret.
Summary of the invention
The present invention realizes a kind of secure cloud document system that can encrypt search, comprising: Subscriber Management System, file management system
System, full-text search system, file format conversion system composition.
BROAD SUMMARY includes: multi-level security mechanism, user management, document security storage, document keyword, description
Full-text search and cipher text searching with word content.
The multi-level security mechanism of the present invention and general safety design, realize user log in safely, be locally stored safety, pass
Defeated safety, server storage safety and document storage and retrieval safety;Multi-level security mechanism, in algorithm security level, mainly
Combination is realized using security algorithm combination and password, in information security level, is designed using general safety, from user local
Start, until information is transferred to server storage, realizes comprehensive safety assurance, including information transmission security and information storage
Safety, wherein information storage is divided into local information store and server info storage again, and specific implementation includes: that automatic cipher is raw
At, message packet, local cipher and decryption, transmission encryption and decryption and the encryption and decryption of server end etc., encryption and decryption
It is realized using multi-level security mechanism.
User logs in safety: mainly using safe transmission mode, the local security algorithm of combining information realizes the peace of user
It is complete to log in.
Transmission safety: negotiating security algorithm and password using user and server, realizes user according to agreement and server
It securely communicates, comprising: the information that information security algorithm, digital finger-print and needs transmit;Ssl combination system can also be used
Invention safe transmission mode carries out.
Local information security definitions: the information security of user terminal (browser front end, APP and client) system is known as local
Information security handles the information locally saved in a manner of encryption, that is, the information being locally stored is encrypted information, to protect
Demonstrate,prove local information safety, local information specifically includes that file information security algorithm and password, transmission security algorithm and password, close
Literary searching algorithm and password, and the safe handling with this interconnected system.
Local information store safety: information local cipher simultaneously synchronizes and is stored in server, and it is encryption that server, which stores information,
Information;Server managers can not decrypted user store information, user storage information will not be revealed server is divulged a secret, protect
Cloud document file management system can be used safely at distinct device end by demonstrate,proving user.
Server info storage safety: server is stored as encryption information, and information encryption and decryption are locally carried out in user,
Specifically include that the storage of user's local information encryption, the storage of encrypted document, the storage etc. of ciphertext index.
Document storage and retrieval safety: guarantee that customer documentation passes in conjunction with local information security algorithm and transmission security mechanism
Defeated, server storage, document information can search for the safety of aspect;Document security storage: local information security algorithm and biography are utilized
Defeated security mechanism, document local cipher simultaneously synchronize and are stored in server, and the document information of server storage is encryption information, thus
Guarantee document storage safety;Document keyword, description and the full-text search of word content and cipher text searching: based on autonomous " a kind of
Ciphertext full-text search system " technology realizes document keyword, description and the full-text search of word content and cipher text searching.
User management: mode is managed independently using user, each user is the administrator of system, can reasonably be distributed
Itself memory space, and license to other users;Hierarchy of users is determined that user can manage together by common document catalogue level
The user of any subdirectory under one catalogue and the catalogue.
The technology of the present invention realization specifically includes that security algorithm, ciphertext index algorithm, transmission safety, automatic cipher generate skill
Art, full-text search technology, cloud document management technologies etc..
Security algorithm: the security algorithm for using and supporting includes but is not limited to: AES, RSA, SM are serial, SHA is serial,
FlCode and zy6.
Zy6 is the Message Digest 5 based on path, and result is the value of 384bit;AES is conciliate using 256 encryptions
It is close;Hashing algorithm: sm3, sha256 and zy6.
Ciphertext index algorithm: FlCode, in conjunction with hashing algorithm.
Transmission safety: ssl, the combination of customized transmission safe practice and the two are supported.
Automatic cipher generation technique: mainly generating password required for cloud document system, including but not limited to transmission password,
File password, ciphertext index password, technology specifically include that the text information that password generates obtains, text hash, information duplicate removal,
Password generates.
Full-text search technology: the full-text search after supporting document full-text search and file encryption.
Cloud document management technologies: file transmission, file management and sharing files etc.;The biography of big file is supported in file transmission
It is defeated, support the fractional transmission of file, while supporting file to upload, document word content is extracted in front end;Text is supported in file management
The operation such as part copy, mobile, deletion, the operations such as support catalogue copy, mobile, deletion, support multifile or catalogue mixing
The operation such as copy, mobile, deletion;Sharing files support the multi-user of multifile, more catalogues to share, and support single sharing.
The present invention is in multi-level security algorithm, and about the definition of security algorithm combination, mathematical formulae is as follows:
Einfo=E (info, key);Info=D (Einfo, key);
Info is information, and password key, E are the mathematical notation of security algorithm encryption;D is the mathematics of security algorithm decryption
It indicates, Einfo is encrypted information.
Mathematical definition: defined function F (Gk): GnFor function { G0, G1..., Gn-1, GkFor GnIn take the combination of k function.
GiThe variable space and Value space, the variable space are the information for needing to encrypt, and Value space is encrypted information,
The two space is digital information, and the information encrypted in combinatorial operation is the input of subsequent Encryption Algorithm.
The definition of the information processing variable space and Value space:
The variable space of information processing is digital information, and all digital informations are one-dimensional digital space, and Value space is also
One-dimensional digital space, information encryption and decryption operation are to map one by one, are reversible operation.
Information processing algorithm, which is divided into, damages algorithm and lossless compression, after the main distinction is information processing, if existing can
Consistent reduction;Conventional security algorithm encrypts and is decrypted for information, belongs to lossless compression, information can be restored unanimously.
We discuss the security algorithm for encrypting and decrypting, it is assumed that the information of algorithm input is independent variable, the letter of output
Breath is dependent variable, and the variable space and Value space are information.
Brief note: raw information x, encryption information are E (x);Decryption function is defined as D, then has x=D (E (x));From mathematics
In meaning, D and E inverse operation each other.
From information security algorithm angle, there are passwords to { K0, K1, for symmetry algorithm, K0=K1;For asymmetric calculation
Method, K0≠K1;Thus E function is K0With the function of information x, it is abbreviated as EK0(x);Same decryption function is DK1;And there is Dk1(Ek0
(x))=x is set up.
Define the encryption of security algorithm:
F(Gk): GnFor safe function { G0, G1..., Gn-1, GkFor GnIn take the combination of k function, K (Sk): SiIt is above-mentioned
The password pair of safe function combination.
Specific encrypted combination operation is as follows, such as:
EG3=G0(G1(G2(x))), password is to for S0={ k00, k01, S1={ k10, k11, S2={ k20, k21};
To put it differently,The decryption for corresponding to G, then have:
Angle based on mathematics, EG3Corresponding to E,Corresponding to D, thus description of the invention is all made of E and indicates to encrypt fortune
It calculates, D indicates decryption operation, and S's combines the combination it can be appreciated that K.
Security algorithm of the present invention is all made of this combinational algorithm, guarantees algorithm security.
Security algorithm concrete application of the present invention includes: the safe handling of information local cipher, file encryption, transmission safety, passes
Input password modification and setting, the setting of ciphertext password.
The security algorithm of the information security of transmission channel, the file information and local information, needs the specific mould of given algorithm
Block defines the combining form of algorithm, the mode of management of the password pair of combination and the cooperation of algorithm.
Information local cipher safe handling: Information Encryption Algorithm E, password K, decipherment algorithm D, information x are then protected
E (x) is deposited, and synchronizes and is saved in server.
File encryption: the information for needing locally to save, comprising: the algorithm and password of document identification, information security;The information
After local cipher, then is synchronized by safe transmission and be saved in server.
Transmission safety: including security algorithm combination, the design of communication protocol;Definition and the combination for choosing security algorithm, if
The agreement of communication is counted, guarantees communicating pair to the agreement implementation and response.
Communication protocol includes at least following part: the digital finger-print of information, information, information are set according to the concrete function of system
Meter, including protocol name, the information such as parameter of calling;It is generally divided into request and response two ways.
Information Authentication: the digital finger-print of verification information guarantees the integrality of data.
Transmit the modification and setting of password: in such a way that network transmission defines agreement, the data format of agreement is carried out.
Communication protocols change transmission in include: request mode, the information of request;Specific processing is defined in the mode of request
Mode, such as modification transmission password, confirmation modification, synchronized update;Include the other modes with server communication in request method:
User's login, Modify password, demand file list etc..
Transmission password modification is by the way of once confirming: the transmission for needing to modify using original transmission password transmission is close
Code, then server uses original transmission password response, and new transmission password is used after changing successfully.
The modification of transmission password using auto negotiation and the mechanism that manually sets and deposit, transmit password be encrypted in local into
Row, which, which needs to synchronize by safe transmission, is saved in server;System obtains text in the communications, by duplicate removal and washing
Text after board algorithm is submitted to server as transmission password, uses new transmission password after server response success, this is close
Code needs local cipher to save, and the result of encryption is synchronized and is saved in server.
The setting of ciphertext password: ciphertext password is carried out by the way of classification setting, and different document classifications corresponds to not
The setting of same password, password is set automatically using program, and the auto negotiation mode of reference transmission password selectes password, needs to protect
Deposit the password of item name and the category.
When password of classifying is uploaded for document classification, extracts word content and establish ciphertext index;Classification password is for inquiring
When classifying documents, the condition of encrypted query, to the content of text searching server inquiry document;The classification password must locally add
Close preservation, and synchronize and be saved in server.
Information security services mode of the present invention:
1, the mode of login authentication is divided to two kinds of forms:
First is that local contain local cipher information, local password is inputted, it is close with the user name and login of decryption after decryption
Code arrives server authentication using the transmission password in solution confidential information.
Second is that local do not have local cipher information, if it is known that transmission password, then using transmission password to server authentication;
If user does not know transmission password, and server does not transmit the setting of password, then uses default behavior kimonos
Business device communication.
If user does not know transmission password, and server saves the local information of encryption, then downloads encryption information, inputs
Local password after decryption, arrives server authentication by the transmission password of decryption with the user name and login password of decryption.
2, the use of local password:
The encryption information that sync server saves is unfolded after inputting local password to locally;
Encryption needs the information encrypted, such as: the password and mark that transmission password, document and ciphertext index need, it is local
After preservation, is synchronized by safe transmission and be saved in server.
After the information for needing to encrypt is changed, first use local cipher, after the service of being saved in is synchronized by safe transmission
Device.
After local password changes, first use local cipher, after synchronized by safe transmission and be saved in server.
3, safe information transmission: information, the processing of message digit fingerprint package, the encrypted transmission of packet information;Transmission letter
The decryption processing of breath, while verifying digital finger-print.
Safe transmission, key step are as follows:
Initialization encryption and decipherment algorithm and corresponding password, are respectively defined as: Einfo, Dinfo and key.
First connection, using transmitting after the key and algorithm for encryption of system default, algorithm uses FlCode, and password is used and mentioned
For default.
Decryption is received, digital finger-print is verified, correctly returns to successful information, unsuccessfully return to null character string;
User and server carry out encrypted transmission when communication, and the information of decryption post-processing transmission also needs to carry out letter after decryption
Cease the detection of integrality.
The definition of safety-oriented data transfer package:
The content includes at least the information of digital finger-print and transmission, generally adds decollator using digital finger-print, adds
Transmitting digital information.
4, local (user terminal) encryption: local information need to be stored in local after local password encrypts, and realize local letter
Breath storage, while the result encrypted is uploaded onto the server preservation.
Local information store mainly comprises the steps that local cipher;It is locally stored;Server storage;Store information
Synchronization Design.
5, document security design Storage: local cipher uploads;Password and algorithm local cipher;It synchronizes and is saved in server.
6, the safe design of cipher text searching: the classification of given document, or according to the automatic classification of document, machine is arranged and manages automatically
The ciphertext password of the classification.
The foundation of ciphertext index: the text information for uploading document is extracted, system is according to document classification, and selected ciphertext is close automatically
Code or artificial setting code generate the information that ciphertext index needs in conjunction with FlCode, full-text index server are sent to save;Ciphertext
It is synchronized after password local cipher and is saved in server.
Cryptogram search design: classification is provided, decrypts to obtain the ciphertext password of the classification by local password, then rely on ciphertext
Password carrys out encrypted query condition, and ciphertext full-text search server is sent to inquire;Query result decryption.
User management of the invention: using mode corresponding with document system catalogue, and user corresponds to the catalogue of document system
It is broadly divided into public directory and personal directory, public directory corresponds to the work of user itself or at the angle of cloud document system
Color, personal directory are specific to person ownership, other people have no right to consult.
User management permission depends primarily on the bibliographic structure level where user, each to be belonged to check per family
All documents under oneself catalogue can also distribute any level subdirectory under the catalogue and use to other according to the setting of system
Family;Then the empowerment management of user, selected catalogue license to other users.
For information security of the invention since user terminal, the text information of document and document can be in local cipher, so
Be saved in server in the form of ciphertext afterwards, relevant algorithm and password after local cipher synchronize be saved in server;
Transmission safety is to guarantee information transmission peace under conditions of user and server are using uniform transmission information security algorithm and password
Entirely;Information integrity is completed mainly by digital fingerprint algorithms.
Information search safety of the present invention mainly includes two aspects: the storage safety of index safety and information;The same peace
Full algorithm and password synchronize after local cipher and are saved in server, guarantee information storage and computable safety.
Cloud document main feature of the present invention: multi-level and maltilevel security algorithm combination design guarantees the safety of information;Clothes
The form storage of ciphertext can be used in business device storage as needed, and encryption and decryption execute in user terminal as far as possible, prevent from servicing
Device is divulged a secret the influence caused to document information;The full-text search of document content and document associations information provides more preferably for cloud document
Search mechanisms realize the search that encrypts of document information in conjunction with ciphertext full-text search, entire search process whole process encryption, only
Only decrypted in user terminal.
The foundation of document sharing mechanism guarantees that user realizes the sharing and cooperation of document beyond the clouds, and user be free to
Share document to different users, catalogue and file can be shared.
Cloud document file management system provided by the invention, can both mount existing file catalogue, and existing document is included in
To the administrative mechanism of cloud document, the manager of document different directories is planned, and establish full-text index for it;It can also directly mount
New file directory provides the service of cloud document beyond the clouds.
Detailed description of the invention
Fig. 1 secure cloud document
Fig. 2 user logs in
Fig. 3 local information safety
Fig. 4 safe transmission
Specific implementation
A kind of secure cloud document system encrypting search, main service to be offered includes: Subscriber Management System, document pipe
Reason system, the part such as full-text search system and document format conversion forms, referring to attached drawing 1.
Attached drawing 1 provides the overall framework of cloud document services, is broadly divided into the logical of user terminal, server and user and server
Letter composition;User terminal includes the front end exposition based on web service, or is based on client application system, including with
The storage at family end and safe handling algorithm, user's request and request results displaying etc.;Safety between user and server is logical
Letter is carried out using https, ssl or customized Secure Communication.
Attached drawing 2 provides the flow chart of user's login, and user, which logs in, mainly to be passed through server authentication user's name and log in close
Code, confirms the identity of user, distributes session id to correct user is verified, guarantees can verify that in subsequent use;Detailed process
It is as follows:
The processing first logged into logs on to server using default security transmission mode, can also be combined certainly using https
The safe transmission mode of definition.
Log-on message is stored in client after local cipher, and synchronizes by safe transmission and be saved in server.
It when local preservation local cipher information, logs on, inputs local password, decryption local cipher information and safety biography
Then defeated mode and information arrives server and carries out login authentication.
When the local local cipher information without preservation, then need from server sync local cipher information to local, user
Local password is inputted, local cipher information is decrypted, can be obtained correct log-on message and safe transmission mode, the service of then arriving
Carry out login authentication.
Attached drawing 3 provides the safe and simple flow chart of local information, and local information is mainly used for safely information in local (user
End) storage safety, while information synchronous safety after local cipher is saved in server;The information for needing safe preservation includes
But it is not limited to: login password, transmission password, file password and ciphertext index password and the combination of security algorithm etc.;Pass through this
It is saved in local after ground password encryption, is then synchronized by safe transmission and is saved in server;Local security algorithm and password are more
After changing, the information saved originally is changed after needing to decrypt and is encrypted again, and the result of encryption is saved in local and server.
Attached drawing 4 indicates that the schematic diagram of safe transmission, the security algorithm that safe transmission uses include that digital finger-print and safety are calculated
The information of method, transmission includes at least: the digital finger-print and information of information, and the security algorithm and password that safe transmission uses are by servicing
Device negotiates (the two is consistent) with user terminal.
One of automatic cipher generating algorithm example, the password generation algorithm of separate code algorithm: ciphertext index algorithm is separation
Code algorithm and hashing algorithm, the password needed are the password of separate code algorithm, the text in the password requirement password of separate code algorithm
Word cannot repeat, it is therefore desirable to which in addition to this algorithm (identical text only retains one) of duplicate removal must also have the dynamic of text
The technology for obtaining and caching, in communication process, text information and caching in selection communication generate slow as dynamic password
Rush pond;In order to ensure information security, it is also necessary to a kind of algorithm (using the sequence of random number algorithm exchange text) shuffled is used,
Guarantee the safety of separate code algorithm;Ciphertext is generated by semantic tree hashing algorithm by the text information of separate code algorithm process
Index.
The two of automatic cipher generating algorithm example, this example mainly introduce single algorithm password generate, combinational algorithm and this
It is similar, password generation algorithm needed for encrypting and decrypt using document security: from message buffer pond selected text information, by shuffling
After algorithm, the hashed value for result of shuffling it is given as the password automatically generated.
Duplicate Removal Algorithm example, code are realized by javascript:
Shuffling algorithm example, code are realized by javascript:
Cloud document file management system example is broadly divided into following part: the upload and downloading of cloud document, supports super large file
It uploads and downloading, support section is transmitted;The file management of cloud document, comprising: copy, is deleted and edited at mobile, renaming;Cloud
The content indexing of document, the index of the index of file attributes, file content such as including document title;Document remarks, keyword etc.
The full-text index of file description information;The local cipher of cloud document, the foundation of ciphertext full-text index;File encryption password and ciphertext
The local cipher of the important informations such as password, local to decrypt, server end encryption storage;The safe transmission of information, establishes server
The Automatic Negotiation Mechanism at end and client, the cipher mode of definition transmission information, the local cipher processing of cipher mode;User's
Administrative mechanism, user correspond to the directory management of cloud document system, and each user has two DocumentRoots, public directory and
People's catalogue, user be free to distribute the space of oneself to other users, and the user of system must have unique title;Text
Part sharing mechanism can share the personal directory of user, can also share its public directory as needed certainly;Share packet
It includes file and shares and share with file;Browsing file function, online browse cloud document browse cloud document after decryption.
The search of its medium cloud document content includes: the foundation of document word content full-text index, for the document of division format,
It is synchronous to establish in document upload procedure;Extended formatting needs to format by file conversion service device, is converted to text
Full-text index is imported into after this information;The full-text search of the description contents such as remarks, the keyword of document gives interface by system,
User's input content is submitted to full-text index system;Cipher text searching after file encryption is built using mud baby's cipher text searching system
It is vertical, need to obtain or set the password of ciphertext when establishing, which synchronizes after local cipher is saved in server, when search
It calls and local decryption is carried out to information;
Wherein user management includes: the corresponding relationship of user and catalogue, and user has unique user name, and different user is public
Catalogue can be identical altogether, and personal directory is unique, and personal directory, which belongs to individual subscriber, to be owned, other people have no right to browse;Public directory
Browse right management, is determined by level where User Catalog, the user of upper directory has the permission managed to junior;With
The management of family password, password are divided into login password, transmission password and local password;Login password is used for authentication, Yong Hushou
Weighted code is equal to user login code;Password is transmitted, for adding when interactive information between user and server, user and user
Close and decryption processing, guarantee information transmission security, can by system auto negotiation between user and server, user and user,
The result of negotiation synchronizes after local cipher is saved in server;Local password, relevant information, ciphertext for document cipher
Password relevant information is indexed, local cipher synchronizing information is saved in server, and encryption and decryption are only completed in user terminal, kimonos
Being engaged in, device is unrelated, and guarantee user information is in safety server storage and be locally stored;User distributes public directory in cloud document
And personal directory, public directory level determine user right, user can manage all documents in oneself public directory, user
Document under personal directory only belongs to user, other people have no right to manage.
Wherein customer documentation and information sharing mechanism: sharing mechanism is shared by user name;File and file can divide
Enjoy multiple users.
Example medium cloud file encryption specifically includes that file upload is that content-encrypt uploads, the password and file name of encryption
It is encrypted by local password, synchronizes and be saved in server;Cloud document files title uses in upload procedure and adds after local cipher
Close file name replaces original filename;The encryption of document and server are unrelated, and when upload encrypts, and guarantee document storage
Safety, prevents divulging a secret for server end.
Information encryption and decryption include: that the encryption of local cipher information and decryption are completed in user terminal in example;Transmission letter
The encryption and decryption of breath are completed jointly by communicating pair, guarantee that information transmission security, communicating pair are not limited to server and user,
It may be user and user, server and server.
Local information encryption and the management of server end encryption information safely, important information pass through local cipher, add in example
Confidential information realizes server and local synchronization storage.
Example medium cloud document content cipher text searching includes: the cipher text searching of document content, needs the word content to document
The processing of ciphertext index is carried out, the process and services device of processing is unrelated, and the result of processing is established by server to be indexed;Ciphertext rope
After drawing the related information of the password and document when establishing by local cipher, is locally saving and be synchronized to server.
Content, cipher text searching and intelligent content analysis and processing in example: the full-text search based on content is provided, is provided
Cipher text searching provides the intelligent processing of content,
Secure communication in example: it is completed using the mechanism with server auto negotiation, accomplishes each user and server
Signcode and security algorithm it is personalized, the diversification of same user security algorithm and signcode in communication process, from
And guarantee information transmission security.
The safety that the cloud document that example is realized embodies mainly includes following aspect: multi-level security mechanism, automatic cipher
It generates and combines local password, provide convenient and fast security management mechanism for user, document security is mainly reflected in the document of user
After leaving the terminal device of user, transmission uses safe transmission, and being stored in server is encrypted document, and search is supported to encrypt
Search mechanisms guarantee customer documentation safety on the whole, and multi-level security algorithm combination general safety design is one of this example feature.
Message packet algorithm examples: information transmission is to provide in the form of data packet, and by network implementations, data packet is necessary
There is certain format;Data packet generally has the agreement of communication, data, the contents such as data packet separation;In order to guarantee the complete of data packet
Whole property, it is also necessary to increase digital finger-print or digital certificate;Message packet format character: message digit fingerprint, separator, information.
Here is the specific example that this example obtains cloud file catalogue, agreement and safe transmission related content is introduced, from agreement
Start to digital finger-print, message packet to transmission, the whole process of decryption verification.
Agreement includes two parts: requesting the operation executed, and the content for needing to operate, case-based system User Catalog
Getdirmsg is as follows: { action: " getdir.action ", msg:{ " user ": " guest ";
{ action: " getdir.action ", msg:{ " user ": " guest " digital finger-print are as follows:
W810sGE6WoTvBmAW0UaoxbpVG=4Hjcb6NAfdVeoAH0eXZaeJ8iuBX6MU Ft15xbRX;
Message packet are as follows:
W810sGE6WoTvBmAW0UaoxbpVG=4Hjcb6NAfdVeoAH0eXZae.J8iuBX6M UFt15xbRX#
{ action: " getdir.action ", msg:{ " user ": " guest ";
Transmit password are as follows:
0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+-;
It as a result is nxjcM PtkhS nZ6lS1 2Rmgnl MkloL1 U96sm1 7R3d81 GdCoS e5ApA1
mlSr11 81jpo1q5mpa1 UAmt21 opjjl1 6hncR U9Cko1 zInoz1 QBSrK1 W8ewt2 Dl6tA1
F9Dbx1 zhnqL1 K9ewt2IQSsD1 WIDU02 smTsB1 09ewt2 W8ewt2 DlnpP1 Q9ewt2 ZR7;
Decoding process: decrypting first, obtains message packet;
W810sGE6WoTvBmAW0UaoxbpVG=4Hjcb6NAfdVeoAH0eXZaeJ8iuBX6MU Ft15xbRX#
{ action: " getdir.action ", msg:{ " user ": " guest ";
It is correct to verify package format, i.e., whether meets the basic format requirement of package;
Whether the integrality of verification information package, i.e. verifying digital finger-print are correct.
Local information encrypted instance:
Encrypted transmission password, local save are defined as aseinfo, and using algorithm AES, password generates the zy6 for using password
Algorithm generates 256 key.Specific algorithm is as follows:
Generate key: password generates the zy6 algorithm for using password, generates 256 key, Key=zy6 (pwd) .substr
(256);
The information for needing to store is that Infostr is { " ssl.pwd ": " password " };
Encryption information AesStr=AesEncode (Infostr) |, then save information saveaes be aesinfo:
AesStr}。
It synchronizes and is saved in server.
Secure communication example:
The protocol data packet infsostr for being saved in server is { action: " saveaes.action ", msg:
{ { aesinfo:AesStr } } }
Digital finger-print is zy6str=zy6 (infsostr).
Data packet is zy6str# { action: " saveaes.action ", msg:{ { aesinfo:AesStr } }.
Server decryption, verify digital finger-print, correctly, then save the user transmit password encryption information aesinfo:
AesStr}。
Document storing example specifically includes that file encryption, the upload of document, the index etc. of document word content.
File encryption: for there is the document of security requirement, using uploading after local cipher, synchronous save is needed to encrypt calculation
The local cipher information of method and password.
Document word content extracts, and in document upload procedure, needs to extract document word content, according to requiring in foundation
The full-text index of appearance.
For there is the document of security requirement, needs to establish ciphertext index for document word content, synchronous save is needed to add
The local cipher information of close algorithm and password.
Security algorithm and cryptosync: the local cipher of security algorithm and password save and synchronize be saved in server.
Cloud document realizes example:
File management system: providing the operation service of file, specifically includes that file is uploaded, downloaded, the management of cloud file
(copy, it is mobile, delete, renaming and the functions such as share).
Subscriber Management System: the user of key management system distributes catalogue and the space of account and file system for user
Size provides user authorization management, the management and verifying of user password, the change management etc. of user's authorization.
Full-text index system includes: the full-text index system of full text and ciphertext, is searched using mud baby is multilingual with ciphertext full text
Cable system provides for user based on information such as file attribute, file content and file remarks in conjunction with actually constituting for this system
Full article retrieval.
File format conversion system: it is mainly used for document and turns format conversion, be mainly used for: is converted to what online displaying was applicable in
Format is converted to text formatting convenient for establishing full-text index, shows for document full-text index and front end and provide supporting.
File system: the file system format supported using operating system stores equipment, definition storage according to actual selection
Redundancy setting, can also using customized User space file system, distributed file system and other application class document system
System etc..
Database uses mongodb database, and (such as user management, document describe information needed for main preservation system
And full-text index), specific deployment can be disposed with principal and subordinate, more male parents etc. according to actual demand.
Cloud document system concrete application module is as follows:
User management: pyramidal structure is used, existing management mode is suitble to;User can free distributing user,
Share the memory space of oneself.
User's authorization: main to provide the user authority management of cloud document system, user can authorize other users, and management is used
Any level subdirectory under the catalogue at family oneself or the catalogue, the cloud disk space that shared system provides.
User password management specifically includes that local password, login password and transmission password;Login password is used for user's body
Part certification;Transmit password, the main communication managed between user and server, user and user, server and server;Transmission
Password modification needs and server synchronous vacations, and modification result is stored in user terminal and server after local cipher, convenient for this
The equipment room of ground information is synchronous.
Document management: the management of document normal storage and file encryption storage management, file encryption and ciphertext index are by user
End guarantees the safety of information transimission and storage, associated safety algorithm and password are saved in server after local cipher to complete.
Document management specifically includes: file transmission, file encryption, file content obtain, file description management, word content
Full-text search, the cipher text searching of word content, the functions such as copy, movement, renaming of file.
File retrieval is divided into two classes, full-text search and searching ciphertext, and searching ciphertext is looked by file encryption Cipher Processing
It is inquired after inquiry condition to server, the result of inquiry is decrypted according to related algorithm and password, realizes inquiry and checks
Relevant document.
Document is shared: being divided into sharing files and shares with catalogue.
The concrete form that document is shared includes: to share to one or more user, multiple files or file sharing,
The management of sharing files and copy.
Security module: it stored by one group of cryptographic assurance information, transmit, can search for the safety of encryption mechanism;Information security
Principal concern: cloud information storage security, information transmission security, subscriber authentication safety, comprehensive guarantee customer documentation
And information security, stealing and divulging a secret for information is prevented, safe guarantee is provided for cloud document;
Security module specifically includes: user's checking, login authentication, session verifying;Transmission safety;Local security;Service
Device safety;The information security of file and file content.
File format changing module: being mainly used for the acquisition of document word content, and format needed for the online preview of file turns
It changes;
File format conversion includes: the acquisition of Front-end Document word content, and document format and content obtain server.
The online previewing module of file: using htm15 technology, realizes in conjunction with jquery, realizes the online browse of document information.
The online preview of file include: the online preview of Media Stream, the online preview of Pdf document, the online preview of text file, other
The online preview of formatted file.
Full text and cipher text searching module: being realized using semantic tree Full-text Indexing Technology, for managing and handling cloud document text
The full-text index of word information.
Full text and cipher text searching module particular content: the acquisition of front end text information, front end ciphertext index module, full-text search
Service system, front end query interface (semantic tree query, NLP interface), index information serializing save.
Document content full-text search: main that the full-text search of document text information is provided.
The full-text search of file description and keyword: document information can provide file description and keyword, on this basis
Realize full-text search service.
The full-text search of file name and Custom Attributes.
The ciphertext full-text search of document associations information: including document word content, description and keyword, title and customized
The ciphertext full-text search of attribute.
Local cipher conciliates closely knit example, the generation including aes algorithm and aes algorithm key, and key, which is generated, uses user password
Zy6, it is specific as follows:
From the encryption information of server sync are as follows:
" result ": 1, " value ": { " aesinfo ": " a42b3276eb8b3869a75bd4066b9fd4990a50
439409bfe3ee164d415f2381691df4e010f9199cb9e525b8f5cc3b44d48a1591b3fa86dbe137
d73c066ef90a52e52ac9a00de2ac8b7387″}}。
Local password is zxj, encryption information aesinfo are as follows:
″a42b3276eb8b3869a75bd4066b9fd4990a50439409bfe3ee164d415f2381691df4e
010f9199cb9e525b8f5cc3b44d48a1591b3fa86dbe137d73c066ef90a52e52ac9a00de2ac8b7
387″。
Local password zxj passes through the key that zy6 is generated are as follows:
″87c1762fa0046eea13bfdd3f59e14b7c″.
By AES decrypted result are as follows:
{ " mb ": " 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRST UVWXYZ
+-″}。
Decrypt the password transmitted:
″0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+-″。
Local cipher process after modification transmission password is given below.
Transmission safety uses zy6 algorithm, password are as follows:
" artificial intelligence can bring great potential for many industries, and semantic understanding and intelligent search technique are in the ascendant,
Integrated multilingual natural language understanding service is realized by exclusive semantic tree index technology, is realized in conjunction with knowledge mapping
Intelligentized search service.", which removes repetition and obtain, and " artificial intelligence can bring great potential, language for many industries
Reason and good sense solution and search technique it is in the ascendant by exclusive tree draw realization integration kind naturally speech service in conjunction with knowledge mapping.", i.e.,
For the transmission password of FlCode.
Local password is " zxj ", key are as follows: " 7c1762fa0046eea13bfdd3f59e14b7c ".
The information for needing to encrypt are as follows:
{ " mb ": " artificial intelligence can bring great potential, semantic understanding and search technique Fang Xingwei for many industries
Chinese mugwort draws realization integration kind by exclusive tree and says that service combines knowledge mapping naturally.″}.
The result of encryption is;
″a42b3276eb8b38bd2cd30285fb4f7a1bdbb29c12e2756131c4cc858caa489d9a251
d8632f70c7734bb5c2a68ceaf756bf43374222921389c24efb3b530b6ba3c943155b0010e41c
17ce9d7e36b633ce46333e79b88c9d0ef0f0ea448e4512a33898be0cd112be4dd5a26becada2
bced6b0543b279419ae4caffb0d428b1bc608d4873b1c6d3157744a69757c0bffa79faf2094f
060951b81aa6dd5f0825d7250d65822f52520ddd2016ec9a471aa684bd1ebda5f″。
It is locally stored are as follows:
Key is " global_core_configaesinfo_zxj "
Value are as follows:
″a42b3276eb8b38bd2cd30285fb4f7a1bdbb29c12e2756131c4cc858caa489d9a251
d8632f70c7734bb5c2a68ceaf756bf43374222921389c24efb3b530b6ba3c943155b0010e41c
17ce9d7e36b633ce46333e79b88c9d0ef0f0ea448e4512a33898be0cd112be4dd5a26becada2
bced6b0543b279419ae4caffb0d428b1bc608d4873b1c6d3157744a69757c0bffa79faf2094f
060951b81aa6dd5f0825d7250d65822f52520ddd2016ec9a471aa684bd1ebda5f″。
Secure communication after modification transmission password, for modifying user login code:
Transmit password are as follows:
" artificial intelligence can bring great potential for many industries, semantic understanding and search technique it is in the ascendant by
Exclusive tree draws realization integration kind, and speech service combines knowledge mapping naturally.″.
Modify the information of transmission are as follows:
{ " user ": " zxj ", " password ": " B2G4EOVZv8BsqpyTfuuvm0RQ0Am8xKCxDYnGYKHeRw
WU7NW8WdIut9u=aM8Ys9Cw ", " password1 ": " xY5SbW04rKEjLZQ-mu5bvfmUYSx2Dp0NlUE2gS
WZbyWQpJHq399inQ-d-PQ9Cc=X " };
Using zy6 algorithm, digital finger-print sign are as follows:
" BIenoCDxYvaVA6PJ4znwU=W8qqa20rgeRX=xoktNOR0mupMBhwBwHwD4 klWEwR4g ".
Defeated safety uses FlCode, encrypted result are as follows:
" one can may close that intelligence language row justice can open up that emerging side is latent and intelligence is permitted to take exhibition license intelligence cable body and drawn so for skill, and power spectrum work is to end
It is right by means of work.It justice can mostly be become with the industrial speech intelligence side of searching of justice of work side can solely search the fit not intelligent Suo Aili that opens up of the real band intelligence exhibition of skill and take work
It is real.For Chinese mugwort, can and license can skilled worker's intelligence exhibition business manage existing intelligence knowing the only human body of the only work knot intelligence of work hair body and borrow figure row that can borrow row body perhaps
Solution figure figure and only kind of big words intelligence have multipotency speech exhibition figure rope show intelligence and can be permitted able personization kind by means of figure row to try hard to dive big kind and draw the right band of figure
Row.It borrows solution to have work that can now issue the huge existing intelligence of being engaged in of big one justice of work perhaps for reality solving skill justice by means of the big change big words intelligence spectrum work of intelligence and knows that opening up industry perhaps is permitted
Can the existing only map art power of business permitted to take work skill language and searched.Know the real figure of work work be the right power industry ability art solution of power energy intelligence language take that intelligence knows borrow
Spectrum intelligence mostly band draw from language work move under water can justice can be permitted business knot and so close work that art intelligence figure can be closed for business, art figure intelligence of diving now knows so non-work of knowledge
It is that hair can be mostly a kind of with the existing intelligence of the latent Chinese mugwort of industry that the more gravitation of intelligence are not searched in intelligence business, which, huge energy.Borrow intelligence from a kind of solely figure side and intelligence side for kind of a figure
It is huge can close come it is right borrow solution to there is work post to have an effect from intelligence speech people to carry out square intelligence, one, which unhitches, searches intelligence and is combined into intelligence by one's own efforts and attract that search Xing Xingzhi more
The exhibition for closing work can have skill solution to take homo sapiens to take skill more, and intelligence one, which borrows greatly to search multipotency and can search body reason, draws body body Chinese mugwort, and intelligence is not from by means of knowing
Reason can close rope power can intelligence hair kind of people know that the emerging tree of assistant engineer is permitted and search Zhan Zhishi, emerging pansophy of searching is mostly Xinghua intelligence knot to take and only scheme to be permitted
Latent kind ".
Server decryption verification digital finger-print, decrypted result are as follows:
{ " user ": " zxj ", " password ": " B2G4EOVZv8BsqpyTfuuvm0RQ0Am8xKCxDYnGYKHeRw
WU7NW8WdIut9u=aM8Ys9Cw ", " password1 ": " xY5SbW04rKEjLZQ-mu5bvfmUYSx2Dp0NlUE2gS
WZbyWQpJHq399inQ-d-PQ9Cc=X " }.
The original password of user is verified, the value that correctly then Modify password indicates for password1.
Server response are as follows:
" an exhibition exhibition language knows work, self solve more know work may body spectrogram work and right reason, intelligence intelligence is closed emerging has the speech to be with industry
More speech pansophies more than energy draw.Draw knowledge for energy work tree.It borrows people to close people's intelligence solution and have right work hair that can search latent spectrum side may to take to take work more
Clothes can be managed greatly by closing spectrum, and the non-language exhibition intelligence work clothes of diagram work reconciliation, which help kimonos intelligence realification so to ungird, to have science and engineering can emerging latent Dali from side
Work and reason language, which close existing intelligence body intelligence, can draw figure skill and carry out only industry exhibition and so can draw solving skill justice and can know body kind and try hard to body tree and borrow solve in people's tree body figure side
There is work rope and close graphic language knowledge assistant engineer for how emerging work tree Ai Shushuization intelligence and ends body conjunction treeization intelligence spectrum come the right a variety of Xie works for sending out spectrumization intelligence
Know that one kind tries hard to the real tree graph kind of industry knowledge and permitted to borrow with the big work of row.The reason that can may set knot perhaps with huge energy skill spectrum shows intelligence and draws.Tree searches work
Intelligence, for the right intelligence of being engaged in search art people draw search work show power band be and the only language work conjunction work language rope of the big art tree of work take that intelligence composes can be from intelligence Ai work.By means of energy
Ai Zizhi helps the conjunction assistant engineer searched the knowledge right intelligence of industry introduction to be engaged in perhaps, and mostly treeization intelligence license solutions do not have the kind by means of the business of work intelligence to show to the emerging work intelligence of row
Intelligence dialect know in fact assistant engineer can help can and work, power, which draws to have to send out more exhibitions by means of work and search, takes intelligence.Big work Ai work it is latent big solely can body intelligence help solely
Changing can know that borrowing hair one to take intelligence comes the non-work language spectrum of Zhan Tiyi and kind Xie work from solely tree justice with the intelligence Ai work that takes more than the only realification intelligence of spectrum of work
Searching the right combination of work and can searching workization exhibition reason with the latent feasible solution of work Xing Yiyi disintegration intelligence is that body intelligence rope is permitted to know the non-art work of next only work Suo Li clothes
With it is self-service help language work industry tree give full play to one's skill work it is huge now have for the tree of a non-work latent solve the huge emerging work of row in fact from intelligence.Zhan Lili searches huge help of work and borrows
The row emerging work speech right intelligence kind of art work clothes help spectrum solely borrow work close art have it is latent show from intelligence know language work art help language permitted to search from now intelligence it is right from being engaged in
Intelligent intelligence can plant Xie work and be permitted to be language, know that the more speech intelligence of tree are known by means of work clothes and say intelligence by square science and engineering Suo Shu more.It is emerging that knot figure takes art work intelligence
Power be body intelligence business languages from intelligence justice do not take skill figure intelligence straw line reason be body intelligence reason justice one reason search work post side's language know assistant engineer close Xu Zhongxing
Existing intelligence knows that the kind of Chinese mugwort shows intelligence one and draws latent conjunction language work conjunction.Spectrum power borrows work knot skill figure intelligent Force to search work to dive to be permitted to self solve from intelligence band and permitted
Not more Suo Xing works are latent, and the non-art work of clothes is only, compose Suo work.The non-work of business not more helps conjunction language work reality ethnic group existing certainly existing from now intelligence speech rope
Intelligence borrows the huge conjunction of the power business knot how emerging work clothes of assistant engineer's business figure row to carry out science and engineering to be permitted, and figure skill show intelligence figure power kind Chinese mugwort and helps from the intelligence language power perhaps right by means of work more
Can intelligence Ai work and, reason greatly from intelligence reason the right Xie work of great Ai permitted that Chinese mugwort is helped to self solve work.It can manage greatly from the only language the Worker's Stadium tree of intelligence side's force not composing
The non-work of energy industry body of intelligence, figure art searches emerging the Worker's Stadium self energy Chinese mugwort, and from intelligence, the more Chinese mugworts of tree draw figure from intelligence business industry language and solely complete a course in fact ".
Transmit password are as follows: " artificial intelligence can bring great potential, semantic understanding and search technique side for many industries
Xing Weiai draws realization integration kind by exclusive tree and says that service combines knowledge mapping naturally.″.
Decrypted result are as follows:
″XXlErMvEWytF0F0IL0v2P0CoH0mPQVToBn2BaTJH1kktzmmnA3ctL3N2guaQSM0f#{″
Result ": 1, " value ": " user ": " zxj ", " id ": " 906a12c3879fd3cdedc4e120 ", " pid ": " ", "
Aesinfo ": " a42b3276eb8b38bd2cd30285fb4f7a1bdbb29c12e2756131c4cc858c aa489d9a25
1d8632f70c7734bb5c2a68ceaf756bf43374222921389c24efb3b530b6ba3c943155b0010e41
c17ce9d7e36b633ce46333e79b88c9d0ef0f0ea448e4512a33898be0cd112be4dd5a26becada
2bced6b0543b279419ae4caffb0d428b1bc608d4873b1c6d3157744a69757c0bffa79faf2094
f060951b81aa6ddSf0825d7250d65822f52520ddd2016ec9a471aa684bd1ebda5f″}}″。
Digital finger-print are as follows:
″XX]ErMvEWytF0F0ILOv2P0CoHOmPQVToBn2BaTJH1kktzmmnA3ctL3N2guaQSM0f″。
The information of transmission are as follows:
" result ": 1, " value ": " user ": " zxj ", " id ": " 906a12c3879fd3cdedc4e120 ", "
Pid ": " ", " aesinfo ": " a42b3276eb8b38bd2cd30285fb4f7a1bdbb29c12e2756131c4cc858c a
a489d9a251d8632f70c7734bb5c2a68ceaf756bf43374222921389c24efb3b530b6ba3c94315
5b0010e41c17ce9d7e36b633ce46333e79b88c9d0ef0f0ea448e4512a33898be0cd112be4dd5
a26becada2bced6b0543b279419ae4caffb0d428b1bc608d4873b1c6d3157744a69757c0bffa
79faf2094f060951b81aa6dd5f0825d7250d65822f52520ddd2016ec9a471aa684bd1ebda
5f″}}。
Indicate that result is correct, aesinfo is dialect encryption information.
Algorithmic code expression is given below, msg is information, and key is password.
Separate code FlCode algorithm is defined as encoding: encode_fl (msg, key), be decoded as decode_fl (msg,
key)。
The zy6 algorithm of one of Message Digest 5 based on path hash, generates the hashed value of 384bit, algorithm is defined as
Zy6 (msg), default initial parameter (javascript expression) var m_zy64=new Array (63,0,34,17,58,
23,16,2,59,55,56,7,47,61,8,4,38,25,48,3,37,41,1,32,39,57,33,30,18,45,14,28,
15,60,5,40,43,53,10,20,49,35,62,31,6,24,22,26,46,29,36,9,11,52,44,13,27,54,
19,50,51,12,42,21).
Aes algorithm uses the key of 256bit, and key value is that zy6 (password) takes 256bit length, and password is close
Code;It is encrypted as encode_aes (msg, key), is decrypted as decode_aes (msg, key).
Digital fingerprint algorithms are hashing algorithm sm3, sha256, zy6, corresponding algorithm are as follows:
Sm3 (msg), sba256 (msg), zy6 (msg).
User logs in the algorithm used as cryptographic hash combination user's name hashes again.
Automatic safe algorithm is mentioned using FlCode, the Automatic Negotiation Mechanism of password, the automatic setting algorithm of password, document
It takes, the adjustment of the sequence of document text, the duplicate removal etc. of word content.
Message Digest 5 of the zy6 based on path, javascript are realized:
Separate code FlCode algorithm javascript is realized:
Safe transmission algorithm examples:
Claims (10)
1. one kind can encrypt the secure cloud document system of search, from safe information transmission, local information and server information security
Storage etc., comprehensive consideration user provides the demand of information security while ensuring information security for user
Password management services, cipher text searching service provide safe full-text search service, feature in the case where guaranteeing secured premise for user
It is:
User management;
Multi-level security mechanism and general safety design;
The full-text search and ciphertext full-text search of document and document associations information storage security, document content and description.
2. right 1 describes user management, it is characterised in that:
User, authorized user and distribution catalogue are managed to user, user logs in the verifying of link, the peace of user and server session
Entirely.
User is at least gathered around in cloud document system there are two root, and one is public directory, the other is personal directory;
User is related to level of its public directory in cloud file catalogue in the permission in cloud document system, and user can manage
All documents of its root and the catalogue subdirectory, and other users corresponding with this catalogue;
The modification of user login information is submitted to server process using safe information transmission;
The modification of user login information can also directly be modified its authorization code by the user of same catalogue or higher level's catalogue;
The public directory of user is replaced in the modification of User Catalog authorization.
The storage safety of user information, the storage of user information local cipher, encryption information, which synchronizes, is saved in server.
3. right 1 describes multi-level security mechanism, it is characterised in that:
Multi-level security mechanism is implemented from algorithm level and practical operation level (storage, transmission);
Cloud document system includes at least the design of three classes password: login password, local password and transmission password;Login password is used for
User authentication, localization of the local password for information encrypt, and transmission password is used for the safe transmission of information;
Transmission safety, is transmitted as ciphertext;Storage safety, preservation is encrypted document;Search safety, search use cipher text searching;
User logs in safety.
4. the multi-level security mechanism that right 3 describes is combined using security algorithm and is realized, it is characterised in that:
Security algorithm combination includes: execution module, combination order, and password is to combination, combination order, and information encryption and decryption are successively
Implement by combined order;
Information includes at least safely at many levels: the digital finger-print and information security algorithm of message packet, which combine, to be calculated;
Multi-level security mechanism includes: that user logs in safety, information transmission security and information storage security in practical operation link
(including local and server).
Multi-level security mechanism further include: automatic cipher generation technique.
5. the message packet that right 4 describes, it is characterised in that:
At least contain in message packet: the digital finger-print of information itself and information;Digital fingerprint algorithms using SHA, SM3 series and
Zy6 algorithm;Information integrity detection: the correctness of the digital finger-print of information is checked.
6. the automatic cipher generation technique that right 4 describes, it is characterised in that:
Automatic cipher generation technique: text information is collected in the acquisition of text information, user terminal and server communication;Automatic duplicate removal
Algorithm guarantees that text does not repeat in password using separate code algorithm (FlCode);Shuffling algorithm, the random ordering for text are handled,
Guarantee the intensity of password.
7. the general safety design that right 1 describes, it is characterised in that:
Information transmission security: being encrypted using the multi-level security mechanism that right 4 describes, after the message packet processing that right 5 describes,
Again using being encrypted using the multi-level security mechanism that right 4 describes, encrypted transmission is realized;The decryption of information is transmitted, is utilized
It being decrypted using the multi-level security mechanism that right 4 describes, the information after decryption needs to carry out the comparison of message digit fingerprint,
Verifying transmission information integrity;The information exchange being mainly used between user and server, the information between user and user are handed over
Mutually, the information exchange between server and server, interaction both sides both can also use third-party channel by agreement
Carry out transmission encrypting information.
Information storage security includes local information and server information storage security, and local information safety: local information is using power
It is saved in local after the multi-level security mechanism encryption of 4 description of benefit, and synchronizes and is saved in server, server provides encryption letter
The synchronous service of breath guarantees the consistency of encryption information;The information for needing local cipher includes but is not limited to: document security algorithm
With password, ciphertext index security algorithm and password, information transmission security algorithm and password, user login information etc.;Server letter
Breath storage safety: local information is encrypted using the multi-level security mechanism that right 4 describes, synchronizes and is saved in server, when synchronous
It is carried out using the safe transmission mode that above- mentioned information transmission describes safely;Server saves the multi-level peace described using right 4
The document and ciphertext full-text index information of full encryption mechanism.
8. document and document associations information storage security that right 1 describes, are primarily characterized in that:
The algorithm of document and document associations information security encrypts local information using the multi-level security mechanism that right 4 describes, adopts
The message packet technology described with right 5, the automatic cipher generation technique that right 6 describes, automatic cipher for encrypted document and
Document associations information, automatic cipher are encrypted using the multi-level security mechanism that right 4 describes using local password, the result of encryption
It is stored in local, and synchronizes and is saved in server, server saves the automatic cipher for document and related information of encryption, supplies
Locally decryption uses subsequent document;The multi-level safety that document and document associations information utilize right 4 to describe through automatic cipher
Server is saved in after encryption mechanism.
9. the user that right 3 describes logs in safety, it is characterised in that:
User security is carried out by the way of logging in the main information transmission security described using right 7, and specific features include:
User's first login then carries out log-on message by the way of setting if there is the safe information transmission mode of setting
Transmission;It is carried out if not using the safe information transmission mode of default, is in brief exactly using separate code algorithm
(FlCode) mode, setting code transmission;
User logs on, and is divided into two kinds of situations:
The information for the local cipher introduced in the local information storage security for saving 7 descriptions of having the right, which includes that user steps on
The information of information and safe transmission is recorded, user inputs local password, after being correctly decoded, using the information and server communication;
The information for the local cipher introduced in the information storage security of local 7 descriptions of not having the right, input after user's name and
Server sync obtains local cipher information, and user inputs local password, logical using the information and server after being correctly decoded
Letter;
If more news occurs for the information for local cipher described in the information storage security of the description of right 7 occur, equivalent
Operation above.
10. the full-text search and ciphertext full-text search of document content and description that right 1 describes, it is characterised in that:
Full-text search and cipher text searching realize that ciphertext index main algorithm is separate code algorithm using semantic tree index technology
(FlCode)。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810931661.4A CN109214198B (en) | 2018-08-13 | 2018-08-13 | Secure cloud document system capable of encrypted searching |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810931661.4A CN109214198B (en) | 2018-08-13 | 2018-08-13 | Secure cloud document system capable of encrypted searching |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109214198A true CN109214198A (en) | 2019-01-15 |
| CN109214198B CN109214198B (en) | 2021-09-24 |
Family
ID=64988229
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810931661.4A Active CN109214198B (en) | 2018-08-13 | 2018-08-13 | Secure cloud document system capable of encrypted searching |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109214198B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110602099A (en) * | 2019-09-16 | 2019-12-20 | 广西师范大学 | Privacy protection method based on verifiable symmetric searchable encryption |
| CN113312536A (en) * | 2021-05-28 | 2021-08-27 | 中铁十一局集团第五工程有限公司 | Engineering survey intelligent management control platform |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1932816A (en) * | 2006-09-30 | 2007-03-21 | 华中科技大学 | Full text search system based on ciphertext |
| US20080175384A1 (en) * | 2002-04-22 | 2008-07-24 | Shannon Byrne | System for dynamically encrypting content for secure internet commerce and providing embedded fulfillment software |
| CN101783873A (en) * | 2009-01-19 | 2010-07-21 | 北京视典无限传媒技术有限公司 | Digital multimedia information transmission platform |
| CN102024054A (en) * | 2010-12-10 | 2011-04-20 | 中国科学院软件研究所 | Ciphertext cloud-storage oriented document retrieval method and system |
| CN105681280A (en) * | 2015-12-29 | 2016-06-15 | 西安电子科技大学 | Searchable encryption method based on Chinese in cloud environment |
| CN106919850A (en) * | 2015-12-25 | 2017-07-04 | 腾讯科技(深圳)有限公司 | A kind of file encryption, decryption method and device |
-
2018
- 2018-08-13 CN CN201810931661.4A patent/CN109214198B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080175384A1 (en) * | 2002-04-22 | 2008-07-24 | Shannon Byrne | System for dynamically encrypting content for secure internet commerce and providing embedded fulfillment software |
| CN1932816A (en) * | 2006-09-30 | 2007-03-21 | 华中科技大学 | Full text search system based on ciphertext |
| CN101783873A (en) * | 2009-01-19 | 2010-07-21 | 北京视典无限传媒技术有限公司 | Digital multimedia information transmission platform |
| CN102024054A (en) * | 2010-12-10 | 2011-04-20 | 中国科学院软件研究所 | Ciphertext cloud-storage oriented document retrieval method and system |
| CN106919850A (en) * | 2015-12-25 | 2017-07-04 | 腾讯科技(深圳)有限公司 | A kind of file encryption, decryption method and device |
| CN105681280A (en) * | 2015-12-29 | 2016-06-15 | 西安电子科技大学 | Searchable encryption method based on Chinese in cloud environment |
Non-Patent Citations (3)
| Title |
|---|
| QIU LIU等: "Verifiable Ranked Search Over Dymamic Encrypted Data in Cloud Computing", 《网页在线公开:HTTPS://IEEEXPLORE.IEEE.ORG/STAMP/STAMP.JSP?TP=&ARNUMBER=7969156》 * |
| 刘文景等: "云计算环境下基于布隆过滤器的可验证可搜索加密方案", 《青岛大学学报(自然科学版)》 * |
| 杨旸: "加密云数据下基于Simhash的模糊排序搜索方法", 《计算机学报》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110602099A (en) * | 2019-09-16 | 2019-12-20 | 广西师范大学 | Privacy protection method based on verifiable symmetric searchable encryption |
| CN110602099B (en) * | 2019-09-16 | 2021-04-06 | 广西师范大学 | Privacy protection method based on verifiable symmetric searchable encryption |
| CN113312536A (en) * | 2021-05-28 | 2021-08-27 | 中铁十一局集团第五工程有限公司 | Engineering survey intelligent management control platform |
| CN113312536B (en) * | 2021-05-28 | 2022-11-08 | 中铁十一局集团第五工程有限公司 | Engineering survey intelligent management control platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109214198B (en) | 2021-09-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103763319B (en) | Method for safely sharing mobile cloud storage light-level data | |
| US9419797B2 (en) | System, processing device, computer program and method, to transparently encrypt and store data objects such that owners of the data object and permitted viewers are able to view decrypted data objects after entering user selected passwords | |
| CN102761521B (en) | Cloud security storage and sharing service platform | |
| CN109948322B (en) | Personal cloud storage data safe box device and method for localized encryption protection | |
| US20130287210A1 (en) | Data processing apparatus and data storage apparatus | |
| KR100839220B1 (en) | Method for searching encrypted database and System thereof | |
| CN106612320A (en) | Encrypted data dereplication method for cloud storage | |
| JP2008259139A (en) | Key management system and key management method | |
| CN108449309A (en) | A kind of mixed type can search for encryption method and system | |
| CN111930881B (en) | Connection keyword authentication searchable encryption method based on state cryptographic algorithm | |
| CN107359998A (en) | A kind of foundation of portable intelligent password management system and operating method | |
| CN106302411A (en) | The secure cloud storage method and system of support file encryption based on windows platform | |
| US20150256336A1 (en) | End-To-End Encryption Method for Digital Data Sharing Through a Third Party | |
| Sun et al. | Research on logistics information blockchain data query algorithm based on searchable encryption | |
| CN106326666A (en) | Health record information management service system | |
| CN105721146B (en) | A kind of big data sharing method towards cloud storage based on SMC | |
| CN115603934A (en) | Multi-user searchable encryption method and device based on block chain | |
| Geeta et al. | SDVADC: secure deduplication and virtual auditing of data in cloud | |
| KR20120091507A (en) | Data access privilege managing method and apparatus | |
| CN113626859B (en) | Method, system, equipment and medium for supporting encryption protection of key escrow personal file | |
| CN109214198A (en) | A kind of secure cloud document system encrypting search | |
| Mahalakshmi et al. | Effectuation of secure authorized deduplication in hybrid cloud | |
| CN106161654A (en) | A kind of cloud educational system | |
| Li et al. | Secure deduplication storage systems with keyword search | |
| Huang et al. | Adaptive Secure Cross‐Cloud Data Collaboration with Identity‐Based Cryptography and Conditional Proxy Re‐Encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |