CN109889518A - A kind of encryption storage method - Google Patents
A kind of encryption storage method Download PDFInfo
- Publication number
- CN109889518A CN109889518A CN201910119568.8A CN201910119568A CN109889518A CN 109889518 A CN109889518 A CN 109889518A CN 201910119568 A CN201910119568 A CN 201910119568A CN 109889518 A CN109889518 A CN 109889518A
- Authority
- CN
- China
- Prior art keywords
- user
- server
- file
- key
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a kind of encryption storage methods, including user's registration, user data upload and user data are read, wherein: user's registration includes that user by user end to server sends registration request, server saves user information and generates a pair of of public private key pair for each user, a file key is generated for each user file, and user file is encrypted and saved using file key, file key is subjected to the encrypted file key of encryption generation with public key and is saved, private key is sent to client by server, client carries out encryption to the file key using entry password and generates encrypted private key, and server is sent by encrypted private key, server saves the encrypted private key.It through the invention can be after server-side user data be stolen, since can not user encryption data be decrypted and be avoided with the generation of privacy of user leakage problem.
Description
Technical field
The present invention relates to encryption technology fields, more particularly, to a kind of encryption storage method.
Background technique
In recent years, with the rapid development of internet technology, the demand that people store data is higher and higher, major interconnection
Net company is all proposed the Dropbox product of oneself, such as Baidu's Dropbox, Kingsoft Dropbox etc., while data storage capacity increases,
Higher requirements are also raised to data storage safe practice by people, since the data of Dropbox are all to be hosted in internet operation
Quotient, once the data of operator are stolen, the loss of user is huge, so how to protect the private data of user becomes safely
More and more popular topic.
For these reasons, the present invention is intended to provide user can be effectively protected in a kind of encryption storage method, this method
The safety of private data is especially stored in the safety of the user data of server end, even if service end data generation is stolen,
Secure user data can be effectively protected.
Summary of the invention
Purpose to realize the present invention, is achieved using following technical scheme:
A kind of encryption storage method, including user's registration, user data upload and user data are read, in which: user's note
Volume includes user by user end to server transmission registration request, and server saves user information and simultaneously generates one for each user
To public private key pair, a file key is generated for each user file, and encrypt to user file using file key
And saved, file key is subjected to the encrypted file key of encryption generation with public key and saved, server will be private
Key is sent to client, and client carries out encryption to the file key using entry password and generates encrypted private key, and will
Encrypted private key is sent to server, and server saves the encrypted private key.
The encryption storage method, in which: user sends registration request to Dropbox server by client, transmission
It include user information in registration information, user information includes user name, entry password;After receiving registration information,
Server carries out duplicate checking to user name, if user name has existed in the server, issues user name to client and repeats
Prompt, and stop subsequent registration service, until the user name in the registration information that client is sent is not in server
In the presence of until.
The encryption storage method, in which: if user name is not present in the server, server saves user's letter
It ceases and is that each user automatically generates a pair of of public private key pair, while also generating file key for user file.
The encryption storage method, in which: server determines that generating public private key pair is when generating public private key pair first
It is no to generate successfully, if failed regeneration, it can regenerate, if it succeeds, file key is generated for user;Server is in life
When at file key, determines to generate whether file key generates success first, if failed regeneration, it is close to regenerate file
Key, until file key generates successfully.
The encryption storage method, in which: when user data upload includes user's upload user file, server is upper
The user file of biography generates a new file key, and for server when generating this document key, server-side is close using this document
Key encrypts upper transmitting file, generates user encryption file and is saved, server is using public key to the text of upper transmitting file
Part key is encrypted, and is generated encrypted file key and is saved.
The encryption storage method, in which: server determines this document key when generating new file key first
Whether creation is successful, if creation failure, prompts error message, and re-create, until creating successfully.
The encryption storage method, in which: when user encryption file in user's reading service device, user, which inputs, to be logged in
Password, server-side receive user's entry password, generate the decryption of encrypted private key with the entry password and obtain private key, service
Device is decrypted to obtain file key using file key encryption file of the private key to file, and server uses file key pair
The file decrypted is decrypted in the encryption file of file, and the file of decryption is sent to client.
A kind of encryption storage method, including user's registration, user data upload and user data are read, in which: user's note
Volume includes user by user end to server transmission registration request, and server saves user information and simultaneously generates one for each user
To public private key pair, a file key is generated for each user file, and encrypt to user file using file key
And saved, file key is subjected to the encrypted file key of encryption generation with public key and saved, server will be private
Key is sent to client, and client carries out encryption to the file key using encrypted ones and generates encrypted private key, and will
Encrypted private key is sent to server, and server saves the encrypted private key.
The encryption storage method, in which: user sends registration request to Dropbox server by client, transmission
It include user information in registration information, user information includes user name, entry password, encrypted ones;Registration is received to ask
After seeking information, server carries out duplicate checking to user name, if user name has existed in the server, issues and uses to client
The duplicate prompt of name in an account book, and stop subsequent registration service, until the user name in the registration information that client is sent not
Until server exists.
The encryption storage method, in which: if user name is not present in the server, server judgement encryption mouth
Whether order is identical as entry password, if the same stops subsequent registration service, and issue change encrypted ones to client
With the prompt information of entry password, until the encrypted ones received are different from entry password;If encrypted ones with step on
It is different to record password, then server saves user information and automatically generates a pair of of public private key pair for each user, while being also user
File generated file key.
The encryption storage method, in which: server determines that generating public private key pair is when generating public private key pair first
It is no to generate successfully, if failed regeneration, public private key pair is regenerated, if it succeeds, file key is generated for user;Service
Device determines whether generation file key generates success when generating file key first, if failed regeneration, can regenerate,
Until file key generates successfully.
The encryption storage method, in which: when user data upload includes transmitting file on user, server is to upload
One new file key of file generated, when generating this document key, server-side is uploaded server using this document key pair
File is encrypted, and is generated user encryption file and is simultaneously saved, server using public key to the file key of upper transmitting file into
Row encryption, generates encrypted file key and is saved.
The encryption storage method, in which: server determines this document key when generating new file key first
Whether creation is successful, if creation failure, prompts error message, and re-create new file key, until creating successfully.
The encryption storage method, in which: when user encryption file in user's reading service device, user inputs encryption
Password, server-side receive user encryption password, generate the decryption of encrypted private key with the encrypted ones and obtain private key, service
Device is decrypted to obtain file key using file key encryption file of the private key to file, and server uses file key pair
The file decrypted is decrypted in the encryption file of file, and the file of decryption is sent to client.
The encryption storage method, in which: server saves the user information in addition to encrypted ones.
Detailed description of the invention
Fig. 1 is present invention encryption storage method timing diagram;
Fig. 2 is user's registration step schematic diagram;
Fig. 3 is user data upload schematic diagram;
Fig. 4 is that user data reads schematic diagram.
Specific embodiment
Embodiment of the present invention is described in detail with reference to the accompanying drawing.
As shown in Figure 1, encryption storage method of the invention runs on encryption storage system, wherein encryption storage system includes
(Dropbox) server and client computer, server end and client are connected by communication network, and realization communicates with each other.
Encryption storage method of the invention is related to server end and client interactive operation, is illustrated in fig. 1 shown below.It is described to add
Close storage method includes: 1. user's registrations;2. user data upload;3. user data is read.It is specific as follows:
1. user's registration, user sends registration request, the registration information of transmission to Dropbox server by client
In include user name, entry password etc. user information, after receiving registration information, server can look into user name
Weight issues the duplicate prompt of user name to client, and stop subsequent note if user name has existed in the server
Volume service, until the user name in the registration information that client is sent not server there are until;If user name exists
It being not present in server, then server saves user information and automatically generates a pair of of public private key pair (Pub, Pek) for each user,
Symmetric key Fkn also is generated for each user file simultaneously, and user file is encrypted and is carried out using symmetric key Fkn
It saves, symmetric key Fkn is encrypted with public key Pub and generates encrypted symmetric key Fcn and saves, is serviced
The private key Pek of unsymmetrical key is sent to client by device, after client carries out encryption generation encryption to Pek using entry password
Private key C, and send server end for encrypted private key C, server saves the encrypted private key C, and user infuses at this time
Volume is completed.
As shown in Fig. 2, server can automatically generate a pair of of public private key pair for each user as described above in registration process
(Pub, Pek), server determine to generate whether public private key pair generates success first, such as when generating public private key pair (Pub, Pek)
Fruit failed regeneration can then regenerate, if it succeeds, the user information for user generates symmetric key Fkn, server is in life
When at symmetric key Fkn, determines to generate whether symmetric key Fkn generates success first, if failed regeneration, can regenerate
Fkn, until Fkn is generated successfully.
2. user data upload: as shown in figure 3, server is that file generated one of upload is new on user when transmitting file
Symmetric key Fkm, server when generating symmetric key Fkm, first determine generate symmetric key Fkm whether generate success,
If creation failure, prompts error message, and re-create, after the completion of symmetric key creation, server-side uses symmetric key Fkm
Upper transmitting file Fm is encrypted, user encryption file Fcm is generated and is saved, server is literary to uploading using public key Pub
The encryption key Fkm of part is encrypted, and is generated encrypted symmetric key Fkcm and is saved, finally, server end returns
Client file uploads success message, and file uploads successfully.
3. user data is read
As shown in figure 4, user inputs entry password when user reads the user encryption file Fm in (Dropbox) server,
Server-side receives user's entry password, generates encrypted private key C decryption with the entry password and obtains private key Pek, services
Device is decrypted to obtain symmetric key Fkm using symmetric key encryption file Fkcm of the Pek to file Fm, and server uses symmetrical
The file Fm decrypted is decrypted to the encryption file Fcm of file in key Fkm, and the Fm of decryption is sent to client.
Embodiments of the present invention 1 above, by this way can after server-side user data are stolen, due to
Can not user encryption data be decrypted and be avoided with the generation of privacy of user leakage problem.
Since general user is at application internet, in multiple websites, the user name of registration and entry password are often identical,
So if user reveals in the user name and entry password of other occasions, it is likely that lead to the use in above embodiment 1
There is the decrypted situation of data in family encryption data after being stolen, for this purpose, the present invention provides embodiment 2, embodiment 2
Encrypting storage method includes:
1. user's registration, user sends registration request, the registration information of transmission to Dropbox server by client
In include user name, entry password, encrypted ones etc. user information, the encrypted ones are different from entry password, receive
After registration information, server can carry out duplicate checking to user name, if user name has existed in the server, to client
End issues the duplicate prompt of user name, and stops subsequent registration service, until in the registration information that client is sent
User name is not until server exists;If user name is not present in the server, server judges encrypted ones and steps on
It whether identical records password, if the same stops subsequent registration service, and issue change encrypted ones to client and log in
The prompt information of password, until the encrypted ones received are different from entry password;If encrypted ones and entry password
Difference, server save user information and automatically generate a pair of of public private key pair (Pub, Pek) for each user, while being also each
User file generates symmetric key Fkn, and user file is encrypted and saved using symmetric key Fkn, will be right
Claim key Fkn to be encrypted with public key Pub to generate encrypted symmetric key Fcn and saved, server will be non-right
The private key Pek of key is claimed to be sent to client, client adds private key Pek using the encrypted ones different from entry password
Dense to be sent to server end at encrypted private key C, and by encrypted private key C, server saves the encrypted private key
C, user's registration is completed at this time.
As shown in Fig. 2, server can automatically generate a pair of of public private key pair for each user as described above in registration process
(Pub, Pek), server determine to generate whether public private key pair generates success first, such as when generating public private key pair (Pub, Pek)
Fruit failed regeneration can then regenerate, if it succeeds, the user information for user generates symmetric key Fkn, server is in life
When at symmetric key Fkn, determines to generate whether symmetric key Fkn generates success first, if failed regeneration, can regenerate
Fkn, until Fkn is generated successfully.
2. user data upload: as shown in figure 3, first passing through user name on user when transmitting file and entry password logging in clothes
Business device, then upload user file, server are the file generated one new symmetric key Fkm uploaded, and server is generating
When symmetric key Fkm, determine to generate whether symmetric key Fkm generates success first, if creation failure, prompts error message,
And re-create, after the completion of symmetric key creation, server-side encrypts upper transmitting file Fm using symmetric key Fkm, generates
User encryption file Fcm is simultaneously saved, and server is encrypted using encryption key Fkm of the public key Pub to upper transmitting file, raw
It at encrypted symmetric key Fkcm and is saved, finally, server end returns to client message, file is uploaded successfully.
3. user data is read
As shown in figure 4, first passing through user name and login when user reads the user encryption file Fm in (Dropbox) server
Password logon server, the request for reading user data is issued to server, and server prompts user inputs encrypted ones, user
Encrypted ones are inputted, and server-side receives user encryption password, encrypted private key C decryption is generated with the encrypted ones and obtained
Private key Pek, server are decrypted to obtain key Fkm using key encryption file Fkcm of the Pek to file Fm, and server uses
The file Fm decrypted is decrypted to the encryption file Fcm of file in Fkm, and the Fm of decryption is sent to client.
Further, in user's registration, server only saves the user information except encrypted ones, in this way
Thoroughly user's entry password and user encryption password can be separated, server end does not store encrypted ones, can be to greatest extent
Avoid file flow out caused by privacy of user leakage.
By embodiment 2, hacker can effectively be avoided to steal user password by way of hitting library and by the password
The generation of the case where decrypted user encryption data.
Claims (3)
1. a kind of encryption storage method, including user's registration, user data upload and user data are read, it is characterised in that: use
Family registration includes user by user end to server transmission registration request, and it is simultaneously raw for each user that server saves user information
Public private key pair in a pair is generated a file key for each user file, and is carried out using file key to user file
It encrypts and is saved, file key is subjected to the encrypted file key of encryption generation with public key and saves, server
Private key is sent to client, client carries out encryption to the file key using entry password and generates encrypted private key,
And server is sent by encrypted private key, server saves the encrypted private key.
2. encryption storage method according to claim 1, it is characterised in that: user is sent out by client to Dropbox server
Registration request is sent, includes user information in the registration information of transmission, user information includes user name, entry password;It receives
To after registration information, server carries out duplicate checking to user name, if user name has existed in the server, to client
End issues the duplicate prompt of user name, and stops subsequent registration service, until in the registration information that client is sent
User name is not until server exists.
3. encryption storage method according to claim 2, it is characterised in that: if user name is not present in the server,
Then server saves user information and automatically generates a pair of of public private key pair for each user, while also generating file for user file
Key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910119568.8A CN109889518B (en) | 2019-02-18 | 2019-02-18 | Encryption storage method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910119568.8A CN109889518B (en) | 2019-02-18 | 2019-02-18 | Encryption storage method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109889518A true CN109889518A (en) | 2019-06-14 |
| CN109889518B CN109889518B (en) | 2022-02-15 |
Family
ID=66928270
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910119568.8A Active CN109889518B (en) | 2019-02-18 | 2019-02-18 | Encryption storage method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109889518B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110795745A (en) * | 2019-10-14 | 2020-02-14 | 山东药品食品职业学院 | Information storage and transmission system based on server and method thereof |
| CN110943976A (en) * | 2019-11-08 | 2020-03-31 | 中国电子科技网络信息安全有限公司 | Password-based user signature private key management method |
| CN110955883A (en) * | 2019-11-27 | 2020-04-03 | 南方科技大学 | Method, device, equipment and storage medium for generating user key |
| CN111368323A (en) * | 2020-03-24 | 2020-07-03 | 杨九妹 | Medical insurance financial user information encryption method and system based on big data |
| CN116506224A (en) * | 2023-06-27 | 2023-07-28 | 中航金网(北京)电子商务有限公司 | File uploading method and device, computer equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101799853A (en) * | 2010-03-05 | 2010-08-11 | 中国人民解放军国防科学技术大学 | Hierarchical information encryption sharing method |
| CN101872404A (en) * | 2009-04-21 | 2010-10-27 | 普天信息技术研究院有限公司 | Method for protecting Java software program |
| US20130034229A1 (en) * | 2011-08-05 | 2013-02-07 | Apple Inc. | System and method for wireless data protection |
| US20150161410A1 (en) * | 2011-04-19 | 2015-06-11 | Invenia As | Method for secure storing of a data file via a computer communication network |
| CN104917759A (en) * | 2015-05-26 | 2015-09-16 | 西安电子科技大学 | Third-party-based safety file storage and sharing system and method |
| CN105187456A (en) * | 2015-10-27 | 2015-12-23 | 成都卫士通信息产业股份有限公司 | Cloud-drive file data safety protection method |
-
2019
- 2019-02-18 CN CN201910119568.8A patent/CN109889518B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101872404A (en) * | 2009-04-21 | 2010-10-27 | 普天信息技术研究院有限公司 | Method for protecting Java software program |
| CN101799853A (en) * | 2010-03-05 | 2010-08-11 | 中国人民解放军国防科学技术大学 | Hierarchical information encryption sharing method |
| US20150161410A1 (en) * | 2011-04-19 | 2015-06-11 | Invenia As | Method for secure storing of a data file via a computer communication network |
| US20130034229A1 (en) * | 2011-08-05 | 2013-02-07 | Apple Inc. | System and method for wireless data protection |
| CN104917759A (en) * | 2015-05-26 | 2015-09-16 | 西安电子科技大学 | Third-party-based safety file storage and sharing system and method |
| CN105187456A (en) * | 2015-10-27 | 2015-12-23 | 成都卫士通信息产业股份有限公司 | Cloud-drive file data safety protection method |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110795745A (en) * | 2019-10-14 | 2020-02-14 | 山东药品食品职业学院 | Information storage and transmission system based on server and method thereof |
| CN110943976A (en) * | 2019-11-08 | 2020-03-31 | 中国电子科技网络信息安全有限公司 | Password-based user signature private key management method |
| CN110955883A (en) * | 2019-11-27 | 2020-04-03 | 南方科技大学 | Method, device, equipment and storage medium for generating user key |
| CN110955883B (en) * | 2019-11-27 | 2023-06-23 | 南方科技大学 | Method, device, equipment and storage medium for generating user key |
| CN111368323A (en) * | 2020-03-24 | 2020-07-03 | 杨九妹 | Medical insurance financial user information encryption method and system based on big data |
| CN116506224A (en) * | 2023-06-27 | 2023-07-28 | 中航金网(北京)电子商务有限公司 | File uploading method and device, computer equipment and storage medium |
| CN116506224B (en) * | 2023-06-27 | 2023-10-03 | 中航金网(北京)电子商务有限公司 | File uploading method and device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109889518B (en) | 2022-02-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20240126895A1 (en) | Data security using request-supplied keys | |
| CN109889518A (en) | A kind of encryption storage method | |
| AU2013101722A4 (en) | Data security management system | |
| CN107332808A (en) | A kind of method, server and the terminal of the certification of cloud desktop | |
| CN107359998B (en) | A kind of foundation and operating method of portable intelligent password management system | |
| US9160535B2 (en) | Truly anonymous cloud key broker | |
| US20100313018A1 (en) | Method and system for backup and restoration of computer and user information | |
| CN112468481B (en) | Single-page and multi-page web application identity integrated authentication method based on CAS | |
| CN106453384A (en) | Security cloud disk system and security encryption method thereof | |
| CN104869102B (en) | Authorization method, device and system based on xAuth agreement | |
| US11374767B2 (en) | Key-based authentication for backup service | |
| CN103179134A (en) | Single sign on method and system based on Cookie and application server thereof | |
| CN104202162A (en) | System for login based on mobile phone and login method | |
| US20030135734A1 (en) | Secure mutual authentication system | |
| CN103780609A (en) | Cloud data processing method and device and cloud data security gateway | |
| CN102143131A (en) | User logout method and authentication server | |
| CN106209816B (en) | A kind of web camera login method and system | |
| CN105183402B (en) | Date storage method | |
| CN106529216B (en) | Software authorization system and software authorization method based on public storage platform | |
| WO2002103535A1 (en) | Qualification certifying method using variable certification information | |
| CN105426783B (en) | More Backup Data storage methods | |
| CN104394170B (en) | Secured account application method, safety device, server and system | |
| US20220417020A1 (en) | Information processing device, information processing method, and non-transitory computer readable storage medium | |
| CN115189975B (en) | Login method, login device, electronic equipment and storage medium | |
| WO2024088145A1 (en) | Data processing method and apparatus, and program product, computer device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 518000 west-2, floor 5, building 2, shunheda plant area, liuxiandong Industrial Zone, Xinwei community, Xili street, Nanshan District, Shenzhen City, Guangdong Province Patentee after: Tiangu information technology (Shenzhen) Co.,Ltd. Address before: 518100 3b06, building 3, area a, Bao'an Internet industry base, hemp community, Xixiang street, Bao'an District, Shenzhen, Guangdong Province Patentee before: SKYSOLIDISS INFORMATION SAFETY SYSTEM (SHENZHEN) Co.,Ltd. |
|
| CP03 | Change of name, title or address | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220412 Address after: 518000 west of floor 5-3-west of floor 6, building 2, shunheda plant, liuxiandong Industrial Zone, Xinwei community, Xili street, Nanshan District, Shenzhen, Guangdong Patentee after: Tiangu information security system (Shenzhen) Co.,Ltd. Address before: 518000 west-2, floor 5, building 2, shunheda plant area, liuxiandong Industrial Zone, Xinwei community, Xili street, Nanshan District, Shenzhen City, Guangdong Province Patentee before: Tiangu information technology (Shenzhen) Co.,Ltd. |
|
| TR01 | Transfer of patent right |