CN109889518B - Encryption storage method - Google Patents
Encryption storage method Download PDFInfo
- Publication number
- CN109889518B CN109889518B CN201910119568.8A CN201910119568A CN109889518B CN 109889518 B CN109889518 B CN 109889518B CN 201910119568 A CN201910119568 A CN 201910119568A CN 109889518 B CN109889518 B CN 109889518B
- Authority
- CN
- China
- Prior art keywords
- user
- file
- server
- encrypted
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses an encryption storage method, which comprises user registration, user data uploading and user data reading, wherein: the user registration comprises the steps that a user sends a registration request to a server through a client, the server stores user information and generates a pair of public and private keys for each user, a file key is generated for each user file, the user files are encrypted and stored by using the file keys, the file keys are encrypted by using public keys to generate encrypted file keys and are stored, the server sends the private keys to the client, the client encrypts the file keys by using login passwords to generate encrypted private keys and sends the encrypted private keys to the server, and the server stores the encrypted private keys. By the method and the device, the problem of user privacy disclosure can be avoided because the encrypted data of the user cannot be decrypted after the user data at the server end is stolen.
Description
Technical Field
The invention relates to the technical field of encryption, in particular to an encryption storage method.
Background
In recent years, with the rapid development of internet technology, people have higher and higher requirements on data storage, and various large internet companies have introduced their own network disk products, such as a hundred-degree network disk, a Jinshan network disk, and the like.
For the above reasons, the present invention is directed to provide an encryption storage method, which can effectively protect the security of private data of a user, especially the security of user data stored in a server, and can also effectively protect the security of user data even if the server data is stolen.
Disclosure of Invention
In order to realize the purpose of the invention, the following technical scheme is adopted for realizing the purpose:
an encryption storage method comprises user registration, user data uploading and user data reading, wherein: the user registration comprises the steps that a user sends a registration request to a server through a client, the server stores user information and generates a pair of public and private keys for each user, a file key is generated for each user file, the user files are encrypted and stored by using the file keys, the file keys are encrypted by using public keys to generate encrypted file keys and are stored, the server sends the private keys to the client, the client encrypts the file keys by using login passwords to generate encrypted private keys and sends the encrypted private keys to the server, and the server stores the encrypted private keys.
The encryption storage method, wherein: a user sends a registration request to a network disk server through a client, wherein the sent registration request information comprises user information, and the user information comprises a user name and a login password; and after receiving the registration request information, the server checks the user name for duplication, if the user name already exists in the server, sends out prompt of user name duplication to the client, and suspends subsequent registration service until the user name in the registration request information sent by the client does not exist in the server.
The encryption storage method, wherein: if the user name does not exist in the server, the server stores the user information and automatically generates a pair of public and private keys for each user, and also generates a file key for the user file.
The encryption storage method, wherein: when a server generates a public and private key pair, firstly, judging whether the generation of the public and private key pair is successful or not, if the generation is failed, regenerating, and if the generation is successful, generating a file key for a user; when the server generates the file key, firstly, whether the file key is successfully generated is judged, and if the file key is unsuccessfully generated, the file key is regenerated until the file key is successfully generated.
The encryption storage method, wherein: the method comprises the steps that when a user uploads a user file, a server generates a new file key for the uploaded user file, when the server generates the file key, the server encrypts the uploaded file by using the file key to generate a user encrypted file and stores the user encrypted file, and the server encrypts the file key of the uploaded file by using a public key to generate an encrypted file key and stores the encrypted file key.
The encryption storage method, wherein: when the server generates a new file key, firstly, whether the file key is successfully created is judged, if the file key is unsuccessfully created, error information is prompted, and the file key is re-created until the file key is successfully created.
The encryption storage method, wherein: when a user reads a user encrypted file in the server, the user inputs a login password, the server receives the user login password, the encrypted private key is decrypted by using the login password to generate a private key, the server decrypts the file key encrypted file of the file by using the private key to obtain a file key, the server decrypts the encrypted file of the file by using the file key to obtain a decrypted file, and the decrypted file is sent to the client.
An encryption storage method comprises user registration, user data uploading and user data reading, wherein: the user registration comprises the steps that a user sends a registration request to a server through a client, the server stores user information and generates a pair of public and private keys for each user, a file key is generated for each user file, the user files are encrypted and stored by using the file keys, the file keys are encrypted by using public keys to generate encrypted file keys and are stored, the server sends private keys to the client, the client encrypts the file keys by using encryption passwords to generate encrypted private keys and sends the encrypted private keys to the server, and the server stores the encrypted private keys.
The encryption storage method, wherein: a user sends a registration request to a network disk server through a client, wherein the sent registration request information comprises user information, and the user information comprises a user name, a login password and an encryption password; and after receiving the registration request information, the server checks the user name for duplication, if the user name already exists in the server, sends out prompt of user name duplication to the client, and suspends subsequent registration service until the user name in the registration request information sent by the client does not exist in the server.
The encryption storage method, wherein: if the user name does not exist in the server, the server judges whether the encrypted password is the same as the login password, if so, the subsequent registration service is stopped, and prompt information for changing the encrypted password and the login password is sent to the client until the received encrypted password is different from the login password; if the encrypted password is different from the login password, the server saves the user information and automatically generates a pair of public and private keys for each user, and also generates a file key for the user file.
The encryption storage method, wherein: when a server generates a public and private key pair, firstly, judging whether the generation of the public and private key pair is successful, if the generation is failed, regenerating the public and private key pair, and if the generation is successful, generating a file key for a user; when the server generates the file key, whether the file key is successfully generated or not is judged firstly, and if the file key is unsuccessfully generated, the file key is regenerated until the file key is successfully generated.
The encryption storage method, wherein: when the user data uploading comprises the file uploading of the user, the server generates a new file key for the uploaded file, when the server generates the file key, the server encrypts the uploaded file by using the file key to generate a user encrypted file and stores the user encrypted file, and the server encrypts the file key of the uploaded file by using a public key to generate an encrypted file key and stores the encrypted file key.
The encryption storage method, wherein: when the server generates a new file key, firstly, whether the file key is successfully created is judged, if the file key is unsuccessfully created, error information is prompted, and the new file key is re-created until the file key is successfully created.
The encryption storage method, wherein: when a user reads a user encrypted file in the server, the user inputs an encrypted password, the server receives the user encrypted password, the encrypted private key is decrypted by the encrypted password to generate a private key, the server decrypts the file key encrypted file of the file by using the private key to obtain a file key, the server decrypts the encrypted file of the file by using the file key to obtain a decrypted file, and the decrypted file is sent to the client.
The encryption storage method, wherein: the server holds the user information except for the encrypted password.
Drawings
FIG. 1 is a timing diagram of an encryption storage method according to the present invention;
FIG. 2 is a schematic diagram of a user registration procedure;
FIG. 3 is a schematic diagram of user data upload;
FIG. 4 is a schematic diagram of user data reading.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
As shown in fig. 1, the encrypted storage method of the present invention operates in an encrypted storage system, where the encrypted storage system includes a (network disk) server and a client, and the server and the client are connected through a communication network to achieve mutual communication.
The encryption storage method of the invention relates to the interactive operation of a server side and a client side, and is shown in the following figure 1. The encryption storage method comprises the following steps: 1. registering a user; 2. uploading user data; 3. and (4) reading user data. The method comprises the following specific steps:
1. the method comprises the steps that a user registers, the user sends a registration request to a network disk server through a client, the sent registration request information comprises user information such as a user name and a login password, the server checks the user name again after receiving the registration request information, if the user name exists in the server, a prompt of user name repetition is sent to the client, and subsequent registration service is stopped until the user name in the registration request information sent by the client does not exist in the server; if the user name does not exist in the server, the server stores user information and automatically generates a pair of public and private key pairs (Pub, Pek) for each user, generates a symmetric key Fkn for each user file, encrypts and stores the user file by using the symmetric key Fkn, encrypts and protects the symmetric key Fkn by using a public key Pub to generate and store an encrypted symmetric key Fcn, sends a private key Pek of the asymmetric key to the client, encrypts and generates an encrypted private key C by using a login password at the client, sends the encrypted private key C to the server, and stores the encrypted private key C by the server, so that the user registration is completed.
As shown in fig. 2, in the registration process, as described above, the server automatically generates a pair of public and private keys (Pub, Pek) for each user, and when generating the pair of public and private keys (Pub, Pek), the server first determines whether generation of the pair of public and private keys is successful, and if the generation is unsuccessful, the pair of public and private keys is regenerated, and if the generation is successful, the server generates a symmetric key Fkn for user information of the user, and when generating the symmetric key Fkn, the server first determines whether generation of the symmetric key Fkn is successful, and if the generation is unsuccessful, the pair of public and private keys is regenerated until the generation of Fkn is successful.
2. Uploading user data: as shown in fig. 3, when a user uploads a file, the server generates a new symmetric key Fkm for the uploaded file, when the server generates a symmetric key Fkm, the server first determines whether the generation of the symmetric key Fkm is successful, if the creation is failed, error information is prompted, the creation is repeated, after the creation of the symmetric key is completed, the server encrypts the uploaded file Fm by using the symmetric key Fkm to generate and store a user encrypted file Fcm, the server encrypts the encrypted key Fkm of the uploaded file by using the public key Pub to generate and store an encrypted symmetric key Fkcm, and finally, the server returns a client file upload success message, and the file upload is successful.
3. User data reading
As shown in fig. 4, when a user reads a user encrypted file Fm in a (web disk) server, the user inputs a login password, the server receives the user login password, decrypts the encrypted private key C with the login password to generate a private key Pek, the server decrypts a symmetric key encrypted file Fkcm of the file Fm with Pek to obtain a symmetric key Fkm, and the server decrypts an encrypted file Fcm of the file with the symmetric key Fkm to obtain a decrypted file Fm and sends the decrypted Fm to a client.
The above is the embodiment 1 of the present invention, by which the problem of disclosure of user privacy can be avoided because the encrypted data of the user cannot be decrypted after the user data at the server is stolen.
Since the user names and login passwords registered in a plurality of websites are often the same when a general user applies to the internet, if the user name and login password of the user on other occasions are leaked, the situation that the data is decrypted may occur after the encrypted data of the user in the above embodiment 1 is stolen, and therefore, the invention provides an embodiment 2, and the encryption storage method of the embodiment 2 includes:
1. the method comprises the steps that a user registers, the user sends a registration request to a network disk server through a client, the sent registration request information comprises user information such as a user name, a login password and an encryption password, the encryption password is different from the login password, after the registration request information is received, the server checks the user name again, if the user name exists in the server, repeated prompt of the user name is sent to the client, and subsequent registration service is stopped until the user name in the registration request information sent by the client does not exist in the server; if the user name does not exist in the server, the server judges whether the encrypted password is the same as the login password, if so, the subsequent registration service is stopped, and prompt information for changing the encrypted password and the login password is sent to the client until the received encrypted password is different from the login password; if the encrypted password is different from the login password, the server stores user information and automatically generates a pair of public and private keys (Pub, Pek) for each user, simultaneously generates a symmetric key Fkn for each user file, encrypts and stores the user file by using the symmetric key Fkn, encrypts and protects the symmetric key Fkn by using a public key Pub to generate an encrypted symmetric key Fcn and stores the encrypted symmetric key Fcn, the server sends a private key Pek of the asymmetric key to the client, the client encrypts a private key Pek by using an encrypted password different from the login password to generate an encrypted private key C, and sends the encrypted private key C to the server, and the server stores the encrypted private key C, so that the user registration is completed.
As shown in fig. 2, in the registration process, as described above, the server automatically generates a pair of public and private keys (Pub, Pek) for each user, and when generating the pair of public and private keys (Pub, Pek), the server first determines whether generation of the pair of public and private keys is successful, and if the generation is unsuccessful, the pair of public and private keys is regenerated, and if the generation is successful, the server generates a symmetric key Fkn for user information of the user, and when generating the symmetric key Fkn, the server first determines whether generation of the symmetric key Fkn is successful, and if the generation is unsuccessful, the pair of public and private keys is regenerated until the generation of Fkn is successful.
2. Uploading user data: as shown in fig. 3, when a user uploads a file, the user logs in a server through a user name and a login password, then uploads the user file, the server generates a new symmetric key Fkm for the uploaded file, when the server generates a symmetric key Fkm, the server first determines whether the generation of the symmetric key Fkm is successful, if the generation is unsuccessful, error information is prompted and the file is created again, after the creation of the symmetric key is completed, the server encrypts the uploaded file Fm through the symmetric key Fkm to generate and store a user encrypted file Fcm, the server encrypts the encrypted key Fkm of the uploaded file through a public key Pub to generate and store an encrypted symmetric key Fkcm, and finally, the server returns a client message, and the file is uploaded successfully.
3. User data reading
As shown in fig. 4, when a user reads a user encrypted file Fm in a (web disk) server, the user logs in the server through a user name and a login password, a request for reading user data is sent to the server, the server prompts the user to input an encrypted password, the user inputs the encrypted password, the server receives the user encrypted password, the encrypted private key C is decrypted by the encrypted password to generate a private key Pek, the server decrypts a key encrypted file Fkcm of the file Fm by using Pek to obtain a key Fkm, and the server decrypts the encrypted file Fcm of the file by using Fkm to obtain a decrypted file Fm, and sends the decrypted Fm to a client.
Furthermore, in the user registration, the server only stores user information except the encrypted password, the user login password and the user encrypted password can be completely separated in the mode, the server side does not store the encrypted password, and the user privacy leakage caused by file outflow can be avoided to the maximum extent.
By the embodiment 2, the situation that a hacker steals the user password by means of hitting the library and decrypts the user encrypted data by the password can be effectively avoided.
Claims (1)
1. An encryption storage method comprises user registration, user data uploading and user data reading, and is characterized in that: the user registration comprises the steps that a user sends a registration request to a server through a client, the server stores user information and generates a pair of public and private keys for each user, a file key is generated for each user file, the file keys are used for encrypting and storing the user files, the file keys are encrypted by public keys to generate encrypted file keys and are stored, the server sends private keys to the client, the client encrypts the private keys by using encryption passwords to generate encrypted private keys and sends the encrypted private keys to the server, and the server stores the encrypted private keys; a user sends a registration request to a server through a client, wherein the sent registration request information comprises user information, and the user information comprises a user name, a login password and an encryption password; after receiving the registration request information, the server checks the user name for duplication, if the user name already exists in the server, a prompt that the user name is repeated is sent to the client, and subsequent registration service is stopped until the user name in the registration request information sent by the client does not exist in the server; if the user name does not exist in the server, the server judges whether the encrypted password is the same as the login password, if so, the subsequent registration service is stopped, and prompt information for changing the encrypted password and the login password is sent to the client until the received encrypted password is different from the login password; if the encrypted password is different from the login password, the server stores the user information, automatically generates a pair of public and private keys for each user and simultaneously generates a file key for the user file; when a server generates a public and private key pair, firstly, judging whether the generation of the public and private key pair is successful or not, if the generation is failed, regenerating, and if the generation is successful, generating a file key for a user; when the server generates the file key, firstly, judging whether the file key is successfully generated or not, and if the file key is unsuccessfully generated, regenerating the file key until the file key is successfully generated; when the user data uploading comprises the file uploading of the user, the server generates a new file key for the uploaded file, when the server generates the file key, the server encrypts the uploaded file by using the file key to generate a user encrypted file and stores the user encrypted file, and the server encrypts the file key of the uploaded file by using a public key to generate an encrypted file key and stores the encrypted file key; when a user reads a user encrypted file in the server, the user inputs an encrypted password, the server receives the user encrypted password, the encrypted private key is decrypted by the encrypted password to generate a private key, the server decrypts the file key encrypted file of the file by using the private key to obtain a file key, the server decrypts the encrypted file of the file by using the file key to obtain a decrypted file, and the decrypted file is sent to the client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910119568.8A CN109889518B (en) | 2019-02-18 | 2019-02-18 | Encryption storage method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910119568.8A CN109889518B (en) | 2019-02-18 | 2019-02-18 | Encryption storage method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109889518A CN109889518A (en) | 2019-06-14 |
| CN109889518B true CN109889518B (en) | 2022-02-15 |
Family
ID=66928270
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910119568.8A Active CN109889518B (en) | 2019-02-18 | 2019-02-18 | Encryption storage method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109889518B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110795745B (en) * | 2019-10-14 | 2022-06-21 | 山东药品食品职业学院 | Information storage and transmission system based on server and method thereof |
| CN110943976B (en) * | 2019-11-08 | 2022-01-18 | 中国电子科技网络信息安全有限公司 | Password-based user signature private key management method |
| CN110955883B (en) * | 2019-11-27 | 2023-06-23 | 南方科技大学 | Method, device, equipment and storage medium for generating user key |
| CN111368323B (en) * | 2020-03-24 | 2020-12-01 | 上海竞动科技有限公司 | Medical insurance financial user information encryption method and system based on big data |
| CN116506224B (en) * | 2023-06-27 | 2023-10-03 | 中航金网(北京)电子商务有限公司 | File uploading method and device, computer equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101799853A (en) * | 2010-03-05 | 2010-08-11 | 中国人民解放军国防科学技术大学 | Hierarchical information encryption sharing method |
| CN101872404A (en) * | 2009-04-21 | 2010-10-27 | 普天信息技术研究院有限公司 | Method for protecting Java software program |
| CN104917759A (en) * | 2015-05-26 | 2015-09-16 | 西安电子科技大学 | Third-party-based safety file storage and sharing system and method |
| CN105187456A (en) * | 2015-10-27 | 2015-12-23 | 成都卫士通信息产业股份有限公司 | Cloud-drive file data safety protection method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012144909A1 (en) * | 2011-04-19 | 2012-10-26 | Invenia As | Method for secure storing of a data file via a computer communication network |
| US20130034229A1 (en) * | 2011-08-05 | 2013-02-07 | Apple Inc. | System and method for wireless data protection |
-
2019
- 2019-02-18 CN CN201910119568.8A patent/CN109889518B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101872404A (en) * | 2009-04-21 | 2010-10-27 | 普天信息技术研究院有限公司 | Method for protecting Java software program |
| CN101799853A (en) * | 2010-03-05 | 2010-08-11 | 中国人民解放军国防科学技术大学 | Hierarchical information encryption sharing method |
| CN104917759A (en) * | 2015-05-26 | 2015-09-16 | 西安电子科技大学 | Third-party-based safety file storage and sharing system and method |
| CN105187456A (en) * | 2015-10-27 | 2015-12-23 | 成都卫士通信息产业股份有限公司 | Cloud-drive file data safety protection method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109889518A (en) | 2019-06-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109889518B (en) | Encryption storage method | |
| EP3661120B1 (en) | Method and apparatus for security authentication | |
| CN107171794B (en) | A kind of electronic document signature method based on block chain and intelligent contract | |
| CN107359998B (en) | A kind of foundation and operating method of portable intelligent password management system | |
| US10452826B2 (en) | Verified and private portable identity | |
| CN1697367A (en) | A method and system for recovering password protected private data via a communication network without exposing the private data | |
| CN112468571B (en) | Intranet and extranet data synchronization method and device, electronic equipment and storage medium | |
| CN112084521B (en) | Unstructured data processing method, device and system for block chain | |
| CN103152178B (en) | cloud computing verification method and system | |
| CN102143131B (en) | User logout method and authentication server | |
| CN106934628A (en) | The generation verification method and system of a kind of passive anti-fake two-dimension code | |
| CN111865609A (en) | Private cloud platform data encryption and decryption system based on state cryptographic algorithm | |
| CN103780609A (en) | Cloud data processing method and device and cloud data security gateway | |
| CN104767766A (en) | Web Service interface verification method, Web Service server and client side | |
| CN115022868A (en) | Satellite terminal entity authentication method, system and storage medium | |
| US8997193B2 (en) | Single sign-on for disparate servers | |
| CN111327629A (en) | Identity verification method, client and server | |
| CN108768650B (en) | Short message verification system based on biological characteristics | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| CN103559430A (en) | Application account management method and device based on android system | |
| CN116170759A (en) | Local area network access method and system based on WeChat | |
| CN113965327B (en) | Key grouping method and key grouping management system of hardware password equipment | |
| JP2024501326A (en) | Access control methods, devices, network equipment, terminals and blockchain nodes | |
| CN104683979B (en) | A kind of authentication method and equipment | |
| CN112787821A (en) | Asymmetric encryption Token verification method, server, client and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 518000 west-2, floor 5, building 2, shunheda plant area, liuxiandong Industrial Zone, Xinwei community, Xili street, Nanshan District, Shenzhen City, Guangdong Province Patentee after: Tiangu information technology (Shenzhen) Co.,Ltd. Address before: 518100 3b06, building 3, area a, Bao'an Internet industry base, hemp community, Xixiang street, Bao'an District, Shenzhen, Guangdong Province Patentee before: SKYSOLIDISS INFORMATION SAFETY SYSTEM (SHENZHEN) Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220412 Address after: 518000 west of floor 5-3-west of floor 6, building 2, shunheda plant, liuxiandong Industrial Zone, Xinwei community, Xili street, Nanshan District, Shenzhen, Guangdong Patentee after: Tiangu information security system (Shenzhen) Co.,Ltd. Address before: 518000 west-2, floor 5, building 2, shunheda plant area, liuxiandong Industrial Zone, Xinwei community, Xili street, Nanshan District, Shenzhen City, Guangdong Province Patentee before: Tiangu information technology (Shenzhen) Co.,Ltd. |