CN109995821A - Method and system, the client, server, object storage system of file upload - Google Patents

Method and system, the client, server, object storage system of file upload Download PDF

Info

Publication number
CN109995821A
CN109995821A CN201711488753.1A CN201711488753A CN109995821A CN 109995821 A CN109995821 A CN 109995821A CN 201711488753 A CN201711488753 A CN 201711488753A CN 109995821 A CN109995821 A CN 109995821A
Authority
CN
China
Prior art keywords
file
private key
storage system
object storage
user account
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711488753.1A
Other languages
Chinese (zh)
Inventor
李中男
张�浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Suzhou Software Technology Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Suzhou Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Suzhou Software Technology Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201711488753.1A priority Critical patent/CN109995821A/en
Publication of CN109995821A publication Critical patent/CN109995821A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Method and system, the client, server, object storage system uploaded the present invention provides a kind of file, to solve client on object storage system when transmitting file, the problem that transmission efficiency is low and server process pressure is big.The described method includes: user end to server sends the request for authenticating the legitimacy of user account password corresponding with the account;If the authentication response that the server received is sent is that the user account has authenticated the request for passing through, uploading to server transmission file;Receive the private key that the server is sent, wherein the private key be for identify the user account by legitimacy certification can directly on object storage system transmitting file key;It is signed using the private key to the user account, and directly sends file to be uploaded and the user account after signature to the object storage system.

Description

Method and system, the client, server, object storage system of file upload
Technical field
The present invention relates to method and system, clients, service that field of communication technology more particularly to a kind of file upload Device, object storage system.
Background technique
Object storage system (Object-Based Storage System) is to combine NAS (Network Attached Storage, network attached storage) and the advantages of SAN (Storage Area Network, storage area network), have simultaneously The high speed of SAN directly accesses and the advantage of the data sharing of NAS, and therefore, object storage system is as new network storage component Preferred storage mode as Dropbox storage.
Nowadays, the process of transmitting file is referring to Fig. 1 on object storage system, and S101 client is sent to Dropbox server The certification request of username and password;S102 Dropbox server authenticates the client;S103 Dropbox server is in determination The request is the response that passes through to client return authentication after legitimate request;S104 client to Dropbox server up transfer file, S105 Dropbox server judges whether the metadata information for being stored with this document, S106 if so, return the file second pass response, If it is not, then send the content of the file to be uploaded to object storage system, S107 object storage system after finishing receiving, to Dropbox server transmits and receives the response completed, and S108 Dropbox server saves the metadata information of file to be uploaded, S109 Dropbox server sends file to client and uploads the message completed.
In conclusion needing Dropbox server to carry out data relay, no on existing object storage system when transmitting file The efficiency of transmission has only been dragged down, so that file uploads time delay, has also increased the processing pressure of Dropbox server.
Summary of the invention
Method and system, the client, server, object storage system uploaded the embodiment of the invention provides a kind of file System, when solving the transmitting file on existing object storage system, the problem that transmission efficiency is low and processing pressure is big.
The method that a kind of file provided in an embodiment of the present invention uploads, comprising:
User end to server sends the request for authenticating the legitimacy of user account password corresponding with the account;
Pass through if the authentication response that the server that the client receives is sent has authenticated for the user account, The request of upper transmitting file is then sent to the server;
The client receives the private key that the server is sent, wherein the private key is for identifying user's account Number by legitimacy certification can directly on object storage system transmitting file key;
The client signs to the user account using the private key, and directly to the object storage system User account after upper transmitting file and signature.
Preferably, being directly being stored to the object if the size of the file to be uploaded is greater than preset threshold On system before transmitting file, this method further include:
The fragment request of file is sent to the object storage system;
Receive object storage system feedback for determine the file uploaded whether be file after fragment mark;
The file to be uploaded is subjected to fragment, the file after obtaining at least two fragments;Wherein, after each fragment File no more than preset threshold;
The transmitting file directly on the object storage system, comprising:
File from fragment to the object storage system and the mark after directly uploading.
Preferably, after the transmitting file directly on the object storage system and the user account after signature, this method Further include:
File, which is sent, to the server uploads the message completed.
The method that a kind of file provided in an embodiment of the present invention uploads, this method comprises:
The private key acquisition request that object storage system is sent according to the server received generates and is used for identity user account By legitimacy certification can directly on the object storage system transmitting file private key;
The object storage system is to private key described in the server feedback;
The object storage system receives the user account after the file and signature that the client uploads, wherein described The user account client after signature is signed to obtain using the private key to user account;
According to the user account after signature, whether the object storage system verifies the private key effective;If the private key Effectively, then the message completed is uploaded to the client feedback file.
Preferably, this method further include:
If the file received is the file after fragment, file mergences interface is called to merge the file received Processing.
Preferably, to after private key described in the server feedback, this method further include:
If not receiving the file that the client uploads within a preset time, marks the private key and failed.
Preferably, if the private key has failed, to the failed message of private key described in the client feedback.
The method that a kind of file provided in an embodiment of the present invention uploads, this method comprises:
Server carries out the user account password corresponding with the user account in the legitimacy certification request received Certification;If being stored with user account password corresponding with the user account in the server, user's account is sent Number by certification response;
The server receives the file upload request that client is sent, wherein the file upload request includes to upper The metadata information of the file of biography;
The server determines in object storage system whether be stored with according to the metadata information of the file to be uploaded The file to be uploaded;If nothing, private key acquisition request is sent to the object storage system, wherein the private key is to use In identify the user account by legitimacy certification can directly on the object storage system transmitting file key;
The server receives the private key that the object storage system is sent, and the private key is transmitted to the client End.
Preferably, after receiving the file that the client is sent and uploading the message completed, this method further include:
Store the metadata information of the file to be uploaded.
A kind of client provided in an embodiment of the present invention, comprising:
Sending module, for sending the legitimacy for authenticating user account password corresponding with the account to server Request;It wherein, include user account password corresponding with the account in the legitimacy certification request;
The sending module, the authentication response that the server for being also used to receive in receiving module is sent are the use Family account authenticated by when, then the request of upper transmitting file is sent to the server;
The receiving module, the authentication response and private key sent for receiving the server, wherein the private key is For identify the user account by legitimacy certification can directly on object storage system transmitting file key;
Uploading module is stored for being signed using the private key to the user account, and directly to the object System sends the user account after file to be uploaded and signature.
Preferably, the client further includes fragment module;When the size of the file to be uploaded is greater than preset threshold,
The sending module is also used to send the fragment request of file to the object storage system;
The receiving module, be also used to receive object storage system feedback for determine the file uploaded whether be The mark of file after fragment;
The fragment module is also used to the file to be uploaded carrying out fragment, the file after obtaining at least two fragments; Wherein, the file after each fragment is no more than preset threshold;
The uploading module, file from fragment to the object storage system and the mark after being also used to directly upload.
Preferably, after directly sending the user account after file to be uploaded and signature to the object storage system, The sending module is also used to:
File, which is sent, to the server uploads the message completed.
A kind of object storage system provided in an embodiment of the present invention, comprising:
Private key module, the private key acquisition request for being sent according to the server received, generates and is used for identity user account Number by legitimacy certification can directly on the object storage system transmitting file private key;
Respond module is used for private key described in the server feedback;
Receiving module, the user account after file and signature for receiving the client upload, wherein the signature The client of user account afterwards is signed to obtain using the private key to user account;
Authentication module, for whether effective verifying the private key according to the user account after signature;If the private key has Effect then uploads the message completed to the client feedback file.
Preferably, the system further includes merging module;Wherein, the merging module is used for:
If the file received is the file after fragment, file mergences interface is called to merge the file received Processing.
Preferably, the respond module is also used to after private key described in the server feedback:
If not receiving the file that the client uploads within a preset time, marks the private key and failed.
Preferably, the authentication module is also used to:
If the private key has failed, to the failed message of private key described in the client feedback.
A kind of server provided in an embodiment of the present invention, comprising:
Authentication module, for corresponding with the user account close to the user account in the legitimacy certification request received Code is authenticated;If being stored with user account password corresponding with the user account in the server, described in transmission The response that user account passes through certification;
Receiving module, for receive client transmission file upload request, wherein the file upload request include to The metadata information of the file of upload;
Request module determines in object storage system whether deposit for the metadata information according to the file to be uploaded Contain the file to be uploaded;If nothing, private key acquisition request is sent to the object storage system, wherein the private key For for identify the user account by legitimacy certification can directly on the object storage system transmitting file key;
Forwarding module, the private key sent for receiving the object storage system, and the private key is transmitted to the visitor Family end.
Preferably, the forwarding module is also used after receiving the file that the client is sent and uploading the message completed In:
Store the metadata information of the file to be uploaded.
A kind of file uploading system provided in an embodiment of the present invention, the system include above-mentioned client, above-mentioned service Device and above-mentioned object storage system.
A kind of communication equipment provided in an embodiment of the present invention, including memory, processor and it is stored in the memory Computer program that is upper and can running on the processor, the processor realize such as above-mentioned file when executing described program The method of upload.
A kind of computer readable storage medium provided in an embodiment of the present invention, is stored thereon with computer program, the program The step in the method uploaded such as above-mentioned file is realized when being executed by processor.
Method and system, the client, server, object storage system uploaded the present invention provides a kind of file, service Device sends private key to the client authenticated by legitimacy, which can be directly on object storage system using the private key Transmitting file has skipped the step of server forwards file to be uploaded, had both alleviated the processing pressure of server, and also improved file The efficiency of upload;Since server has carried out the certification of legitimacy to client, the stolen probability of transmitting file is also just reduced.
Detailed description of the invention
Fig. 1 is the flow diagram of upload object storage file in the prior art;
Fig. 2 a is the flow diagram for the method that the file for the client-side that the embodiment of the present invention one provides uploads;
Fig. 2 b is the flow diagram for the method that the file for the client-side that the embodiment of the present invention one provides uploads;
Fig. 3 is the flow diagram for the method that the file of object storage system side provided by Embodiment 2 of the present invention uploads;
Fig. 4 a is the flow diagram for the method that the file for the server side that the embodiment of the present invention three provides uploads;
Fig. 4 b is the flow diagram of the file uploading method for the server side that the embodiment of the present invention three provides;
Fig. 5 is a kind of flow diagram for file uploading system that the embodiment of the present invention four provides;
Fig. 6 is a kind of structural schematic diagram for client that the embodiment of the present invention five provides;
Fig. 7 is a kind of structural schematic diagram for object storage system that the embodiment of the present invention six provides;
Fig. 8 is a kind of structural schematic diagram for server that the embodiment of the present invention seven provides.
Specific embodiment
Method and system, the client, server, object storage system uploaded the embodiment of the invention provides a kind of file System, when solving the transmitting file on existing object storage system, the problem that transmission efficiency is low and processing pressure is big.
Following will be combined with the drawings in the embodiments of the present invention, is clearly and completely retouched to the technical solution in the present invention It states, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based in the present invention Embodiment, every other embodiment obtained by those of ordinary skill in the art without making creative efforts, all Belong to the scope of protection of the invention.
Embodiment one:
The method that the file of client-side uploads is provided in the embodiment of the present invention one, referring to fig. 2 a, this method comprises:
S201, legitimacy certification request is sent to server;Wherein, in the legitimacy certification request include user account and The corresponding password of the account;
Pass through if the authentication response that S202, the server received are sent has authenticated for the user account, to server Send file upload request;
S203, the private key that server is sent is received, wherein the private key is to have recognized by legitimacy for identity user account Card can directly on object storage system transmitting file key;
S204, it is signed using the private key to user account, and transmitting file and signature directly on object storage system User account afterwards.
For step S202, this method further include:
Pass through if the authentication response that the server received is sent is that the user account is unverified, shows authentification failure.
For step S204, file to be uploaded and the user account after signature directly are sent to object storage system, specifically Include:
The interface for upper transmitting file of object storage system is called, and file to be uploaded is directly uploaded by the interface With for verify private key whether effectively sign after user account.
The embodiment of the present invention one carries out legitimacy certification to user account password corresponding with the account by server, if By certification, then private key is sent to client, client recalls the interface of object storage system, and object storage system first has to It whether effective verifies private key, after being verified, receives the file that client uploads, alleviate the processing pressure of server, promoted Upper transfer efficiency.
For step S204, if the size of file to be uploaded is greater than preset threshold, it is determined that file to be uploaded is big text Part, therefore, before directly sending file to be uploaded to the object storage system, this method further include:
The fragment request of file is sent to object storage system;
Receive object storage system feedback for determine the file uploaded whether be file after fragment mark;
File to be uploaded is subjected to fragment, the file after obtaining at least two fragments;Wherein, the file after each fragment is equal No more than preset threshold;
At this point, directly sending file to be uploaded to object storage system, comprising:
File from fragment to object storage system and mark after directly sending.
Specifically, file to be uploaded is subjected to fragment, comprising: the initialization of object storage system is first called to upload interface (InitiateMultipartUpload), interface is uploaded to file to initialize;Then the file of object storage system is called Fragment uploads interface (UploadPart), is the small text that multiple file sizes are not more than preset threshold by the file fragmentation after signature Part, then the small documents after fragment are uploaded in object storage system.After file after all fragments uploads successfully, object Storage system will call file mergences interface to merge processing to the file received, by the identical fragment of the mark received File mergences afterwards is file to get original file to be uploaded is arrived.
Object storage system is called if the size of the file after signature is not more than preset threshold for step S204 File uploads interface, and directly sends file to be uploaded and the user account after signature to object storage system.Wherein, at this time It can be OSS (Object Storage Service, object storage service) API (Application that file, which uploads interface, Programming Interface, application programming interface) in Put Object upload interface, or be HTTP request In file upload interface.
By can not only promote file uploading speed for the method for big file fragmentation, document breaking point can also be avoided continuous The problem of biography.
B referring to fig. 2 should after directly sending the user account after file to be uploaded and signature to object storage system Method further include:
S205, the message that file uploads completion is sent to server, further server is receiving disappearing for upload completion After breath, the metadata information of the file destination will be stored, wherein metadata information include the file destination store path and The MD5 value of the file destination, the time for creating the file destination.
The present invention passes through the metadata information for storing the file of the upload in the server, ensure that the server can be to be somebody's turn to do Client provides the function of file second biography and file download.
Embodiment two:
The method that the file of object storage system side uploads is provided in the embodiment of the present invention two, referring to Fig. 3, this method packet It includes:
S301, the private key acquisition request sent according to the server received, generate and have passed through for identity user account Legitimacy certification can directly on object storage system transmitting file private key;
S302, the private key generated is sent to server;
S303, the user account after the file and signature that client is sent is received, wherein the user account after signature is visitor It is signed using private key to user account at family end;
S304, according to the user account after signature, whether effective verify the private key;If the private key is effective, to client Feedback file uploads the message completed.
For step S304, before uploading the message completed to the client feedback file, this method further include:
If include in the file received for determine the file uploaded whether be file after fragment mark, that is, receive The file arrived is the file after fragment, then calls file mergences interface to merge processing to the file received, merging Cheng Hou uploads the message completed to the client feedback file;If without the mark in the file received, directly to the client Feedback file is held to upload the message completed.
For step S303, if not receiving file destination within a preset time, this method further include:
The private key is marked to have failed or directly deleted the corresponding public key of private key.
For step S304, this method further include: if the private key failed or object storage system in there is no the private key pair The public key answered, then to client feedback private key message out of date/failed.
Wherein, the time to count point of the preset time is the time that the private key is issued server by object storage system.
Embodiment three:
The method that the file of server side uploads is provided in the embodiment of the present invention three, referring to fig. 4 a, this method comprises:
S401, the user account password corresponding with the user account in the legitimacy certification request received is recognized Card;
If being stored with user account password corresponding with the user account in S402, server, it is logical to send user account Cross the response of certification;
S403, the file upload request that client is sent is received, wherein this document upload request includes file to be uploaded Metadata information;
S404, according to the metadata information of file to be uploaded, determine in object storage system whether be stored with this document;
If S405, nothing, private key acquisition request is sent to object storage system, wherein private key is used for identity user account By legitimacy certification can directly on object storage system transmitting file;
S406, the private key that object storage system is sent is received, and private key is transmitted to client.
B referring to fig. 4, after step S406, this method further include:
S407, the message that the file that client is sent uploads completion is received;
The metadata information of S408, storage file to be uploaded.Wherein, the metadata information of file to be uploaded includes: this article The time of the MD5 value of the store path of part and this document, the described this document of creation.
The embodiment of the present invention three ensure that the server can by the metadata information of the upper transmitting file of storage in the server The function of file second biography and file download is provided for the client.
Example IV:
Referring to Fig. 5, the embodiment of the present invention four provides a kind of system that file uploads, which includes client, service Device and object storage system, wherein
S501, user end to server send the application of legitimacy certification, wherein include using in the legitimacy certification request Family account password corresponding with the account.
S502, server authenticate the user account password corresponding with the user account in this application;If service The user account is stored in device, and the corresponding password of the account is accurate, it is determined that the user account is sent by certification Pass through the response of certification;Otherwise, the response of illegal user is returned.
If S503, client receive the response for having passed through certification, file upload request is sent to server, wherein should File upload request includes the metadata information of file to be uploaded;If receiving the response of non-effective user, show that mistake mentions Show.
S504, server check the metadata information whether is stored in the server;If nothing, then determine object storage It is not stored with this document in system, and sends private key acquisition request to object storage system;If being stored with this yuan of number in server It is believed that breath, then execute S512.
S505, object storage system generate and have passed through for identity user account according to the private key acquisition request received Legitimacy certification can directly on the object storage system transmitting file private key, and send the private key to server.
The private key received is transmitted to client by S506, server.
S507, client sign to the user account using the private key.
S508, client judge whether the size of file to be uploaded is greater than 4 Mbytes;If so, storing system to object System sends the fragment request of file, receive object storage system feedback for determining whether the file uploaded is fragment after File mark, first call object storage system initialization upload interface (InitiateMultipartUpload), to text Part uploads interface and is initialized;Then the file fragmentation of object storage system is called to upload interface (UploadPart), it will be to The file fragmentation of upload is that multiple file sizes are not more than 4 Mbytes of small documents, then by after fragment small documents, receive User account after mark and signature uploads in object storage system;Otherwise, the file of object storage system is called to upload Interface, and transmitting file and the user account after signature directly on object storage system.
S509, object storage system receive client upload file and signature after user account, and according to signature after User account, whether effective the private key is verified, if in vain, the failed message of the private key is directly fed back to client; If effectively, uploading the message completed to the client feedback file;
S510, after the completion of upload, user end to server send file upload complete message;
S511, server store file to be uploaded after the file for receiving client transmission uploads the message completed Metadata information.
S512, transmitting file second biography on this is returned.
Each client transmitting file on object storage system is required to authenticate the legitimacy of user account, only After certification passes through, server can just be sent to it the private key of time-effectiveness, that is, be more than the setting time limit of the key, which will In vain, the purpose that also cannot achieve upper transmitting file with the file of the private key signature ensure that the legitimacy and safety of private key, into And guarantee the safety that this document uploads.
Specifically, it verifies the whether effective method of private key: public key corresponding with the private key is first determined whether there is, if not depositing , it is determined that the private key is invalid;If it exists, then public key corresponding with private key is recycled, the user account after signature is tested Card.If being verified, prove that the private key is effective, if not passing through, proves that the private key is invalid.It is i.e. corresponding with the private key if it exists Public key, and the user account after signature is verified using the public key, then private key is effective;Otherwise, private key is invalid.
Embodiment five:
Referring to Fig. 6, the embodiment of the present invention five provides a kind of client, comprising:
Sending module 601, for sending legitimacy certification request to server;Wherein, in the legitimacy certification request Including user account password corresponding with the account;
Sending module 601, the authentication response that the server for being also used to receive in receiving module is sent are the use Family account authenticated by when, then to the server send file upload request;
Receiving module 602, the authentication response and private key sent for receiving the server, wherein the private key is For identify the user account by legitimacy certification can directly on object storage system transmitting file key;
Uploading module 603 for being signed using the private key to the user account, and is directly deposited to the object Storage system sends the user account after file to be uploaded and signature.
Specifically, which further includes fragment module 604;When the size of the file to be uploaded is greater than preset threshold When,
Sending module 601 is also used to send the fragment request of file to the object storage system;
Receiving module 602, be also used to receive object storage system feedback for determine the file uploaded whether be The mark of file after fragment;
Fragment module 604, for the file to be uploaded to be carried out fragment, the file after obtaining at least two fragments;Its In, the file after each fragment is no more than preset threshold;
Uploading module 603, file from fragment to the object storage system and the mark after being also used to directly upload.
Specifically, after the transmitting file directly on the object storage system and the user account after signature, mould is sent Block 601 is specifically used for:
File, which is sent, to the server uploads the message completed.
Embodiment six:
Referring to Fig. 7, the embodiment of the present invention six provides a kind of object storage system, comprising:
Private key module 701, the private key acquisition request for being sent according to the server received, generates and is used for identity user Account by legitimacy certification can directly on the object storage system transmitting file private key;
Respond module 702, the private key for being generated to the server feedback;
Receiving module 703, the user account after file and signature for receiving the client upload, wherein described The user account client after signature is signed to obtain using the private key to user account;
Authentication module 704, for whether effective verifying the private key according to the user account after signature;If the private key Effectively, then the message completed is uploaded to the client feedback file.
Specifically, which further includes merging module 705;Wherein, merging module 705 is used for:
If the file received is the file after fragment, file mergences interface is called to merge the file received Processing.
Specifically, after the private key generated to the server feedback, the respond module 702 is also used to:
If not receiving the file that the client uploads within a preset time, marks the private key and failed.
Specifically, the authentication module 704 is also used to:
If the private key has failed, to the failed message of private key described in the client feedback.
Referring to Fig. 8, the embodiment of the present invention seven provides a kind of server, comprising:
Authentication module 801, for the user account and user account correspondence in the legitimacy certification request received Password authenticated;If being stored with user account password corresponding with the user account in the server, send The response that the user account passes through certification;
Receiving module 802, for receiving the file upload request of client transmission, wherein the file upload request packet Include the metadata information of file to be uploaded;
Request module 803, for the metadata information according to the file to be uploaded, determine in object storage system whether It is stored with the file to be uploaded;If nothing, private key acquisition request is sent to the object storage system, wherein the private Key for identify the client by legitimacy certification can directly on the object storage system transmitting file;
Forwarding module 804, the private key sent for receiving the object storage system, and the private key is transmitted to described Client.
Specifically, after receiving the file that the client is sent and uploading the message completed, the forwarding module 804 is also For:
Store the metadata information of the file to be uploaded.
Wherein, the server that embodiment seven provides can be Dropbox server.
Correspondingly, the method for the upload of file described in the embodiment of the present invention can be realized by corresponding entity apparatus, such as By calculating equipment etc. accordingly.Wherein, calculate equipment be specifically as follows desktop computer, portable computer, smart phone, Tablet computer, personal digital assistant (Personal Digital Assistant, PDA) etc..
Embodiment eight:
It provides a kind of communication equipment in the embodiment of the present invention eight, including memory, processor and is stored in described deposit On reservoir and the computer program that can run on the processor, the processor realize such as embodiment when executing described program The method that file described in one uploads perhaps is realized as implemented the method or realize strictly according to the facts that file described in two uploads The method for applying the upload of file described in example three.
Wherein, processor can be central processing unit (Center Processing Unit, CPU);Communication equipment also wraps It includes: input equipment and output equipment etc., wherein input equipment may include keyboard, mouse, touch screen etc., and output equipment can To include display equipment, such as liquid crystal display (Liquid Crystal Display, LCD), cathode-ray tube (Cathode Ray Tube, CRT) etc..
Embodiment nine:
A kind of computer readable storage medium is provided in the embodiment of the present invention nine, is stored thereon with computer program, it should The method that the file as described in embodiment one uploads is realized when program is executed by processor, or is realized as implemented described in two File upload method, or realize the file as described in embodiment three upload method in step.
Wherein, computer readable storage medium can be any usable medium that computer can access or data storage is set It is standby, including but not limited to magnetic storage (such as floppy disk, hard disk, tape, magneto-optic disk (MO) etc.), optical memory (such as CD, DVD, BD, HVD etc.) and semiconductor memory (such as ROM, EPROM, EEPROM, nonvolatile memory (NAND FLASH), solid state hard disk (SSD)) etc..
In conclusion the method and system uploaded the embodiment of the invention provides a kind of file, client, server, right As storage system, server sends private key to the client authenticated by legitimacy, which can be direct using the private key The transmitting file on object storage system has skipped the step of server forwards file to be uploaded, had both alleviated the processing of server Pressure also improves the efficiency of file upload;Since server has carried out the certification of legitimacy to client, also just reduce The stolen probability of transmitting file.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more, The shape for the computer program product implemented in usable storage medium (including but not limited to magnetic disk storage and optical memory etc.) Formula.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to include these modifications and variations.

Claims (21)

1. a kind of method that file uploads, which is characterized in that this method comprises:
User end to server sends the request for authenticating the legitimacy of user account password corresponding with the account;
Pass through if the authentication response that the server received is sent has authenticated for the user account, to the server The request of transmitting file in transmission;
Receive the private key that the server is sent, wherein the private key is to have passed through legitimacy for identifying the user account Certification can directly on object storage system transmitting file key;
It is signed using the private key to the user account, and transmitting file and signature directly on the object storage system User account afterwards.
2. the method according to claim 1, wherein if the size of the file to be uploaded is greater than default threshold Value, then directly on the object storage system before transmitting file, this method further include:
The fragment request of file is sent to the object storage system;
Receive object storage system feedback for determine the file uploaded whether be file after fragment mark;
The file to be uploaded is subjected to fragment, the file after obtaining at least two fragments;Wherein, the text after each fragment Part is no more than preset threshold;
The transmitting file directly on the object storage system, comprising:
File from fragment to the object storage system and the mark after directly uploading.
3. the method according to claim 1, wherein in transmitting file and label directly on the object storage system After user account after name, this method further include:
File, which is sent, to the server uploads the message completed.
4. a kind of method that file uploads, which is characterized in that this method comprises:
The private key acquisition request that object storage system is sent according to the server received generates and has led to for identity user account Cross legitimacy certification can directly on the object storage system transmitting file private key;
The object storage system is to private key described in the server feedback;
The object storage system receives the user account after the file and signature that the client uploads, wherein the signature The client of user account afterwards is signed to obtain using the private key to user account;
According to the user account after signature, whether the object storage system verifies the private key effective;If the private key is effective, The message completed then is uploaded to the client feedback file.
5. according to the method described in claim 4, it is characterized in that, this method further include:
If the file received is the file after fragment, file mergences interface is called to merge place to the file received Reason.
6. according to the method described in claim 4, it is characterized in that, to after private key described in the server feedback, the party Method further include:
If not receiving the file that the client uploads within a preset time, marks the private key and failed.
7. according to the method described in claim 6, it is characterized in that, if the private key fails, to the client feedback institute State the failed message of private key.
8. a kind of method that file uploads, which is characterized in that this method comprises:
Server recognizes the user account password corresponding with the user account in the request of the legitimacy certification received Card;If being stored with user account password corresponding with the user account in the server, the user account is sent Pass through the response of certification;
The server receives the file upload request that client is sent, wherein the file upload request includes to be uploaded The metadata information of file;
According to the metadata information of the file to be uploaded, determine the text to be uploaded whether is stored in object storage system Part;If nothing, private key acquisition request is sent to the object storage system, wherein the private key is for identifying the user Account by legitimacy certification can directly on the object storage system transmitting file key;
The private key that the object storage system is sent is received, and the private key is transmitted to the client.
9. according to the method described in claim 8, it is characterized in that, uploading completion receiving the file that the client is sent Message after, this method further include:
Store the metadata information of the file to be uploaded.
10. a kind of client characterized by comprising
Sending module, for sending asking for the legitimacy for authenticating user account password corresponding with the account to server It asks;
The sending module, the authentication response that the server for being also used to receive in receiving module is sent are user's account Number authenticated by when, Xiang Suoshu server sends the request of upper transmitting file;
The receiving module, the authentication response and private key sent for receiving the server, wherein the private key be for Identify the user account by legitimacy certification can directly on object storage system transmitting file key;
Uploading module, for being signed using the private key to the user account, and directly to the object storage system User account after upper transmitting file and signature.
11. client according to claim 10, which is characterized in that the client further includes fragment module;When it is described to When the size of the file of upload is greater than preset threshold,
The sending module is also used to send the fragment request of file to the object storage system;
The receiving module, whether the file for determining upload for being also used to receive the object storage system feedback is fragment The mark of file afterwards;
The fragment module, for the file to be uploaded to be carried out fragment, the file after obtaining at least two fragments;Wherein, File after each fragment is no more than preset threshold;
The uploading module, file from fragment to the object storage system and the mark after being also used to directly upload.
12. client according to claim 10, which is characterized in that in the transmitting file directly on the object storage system After the user account after signature, the sending module is also used to:
File, which is sent, to the server uploads the message completed.
13. a kind of object storage system characterized by comprising
Private key module, the private key acquisition request for being sent according to the server received, generates for identity user account By legitimacy certification can directly on the object storage system transmitting file private key;
Respond module is used for private key described in the server feedback;
Receiving module, the user account after file and signature for receiving the client upload, wherein after the signature The user account client is signed to obtain using the private key to user account;
Authentication module, for whether effective verifying the private key according to the user account after signature;If the private key is effective, The message completed is uploaded to the client feedback file.
14. object storage system according to claim 13, which is characterized in that the system further includes merging module;Wherein, The merging module is used for:
If the file received is the file after fragment, file mergences interface is called to merge place to the file received Reason.
15. object storage system according to claim 13, which is characterized in that private key described in the server feedback Later, the respond module is also used to:
If not receiving the file that the client uploads within a preset time, marks the private key and failed.
16. object storage system according to claim 15, which is characterized in that the authentication module is also used to:
If the private key has failed, to the failed message of private key described in the client feedback.
17. a kind of server characterized by comprising
Authentication module, for the user account password corresponding with the user account in the legitimacy certification request received into Row certification;If being stored with user account password corresponding with the user account in the server, the user is sent The response that account passes through certification;
Receiving module, for receiving the file upload request of client transmission, wherein the file upload request includes to be uploaded File metadata information;
Request module determines in object storage system whether be stored with for the metadata information according to the file to be uploaded The file to be uploaded;If nothing, private key acquisition request is sent to the object storage system, wherein the private key is to use In identify the user account by legitimacy certification can directly on the object storage system transmitting file key;
Forwarding module, the private key sent for receiving the object storage system, and the private key is transmitted to the client.
18. server according to claim 17, which is characterized in that uploaded receiving the file that the client is sent After the message of completion, the forwarding module is also used to:
Store the metadata information of the file to be uploaded.
19. a kind of file uploading system, which is characterized in that the system includes such as the described in any item clients of claim 10-12 End, the server as described in claim 17 or 18 and such as described in any item object storage systems of claim 13-16.
20. a kind of communication equipment, including memory, processor and it is stored on the memory and can be on the processor The computer program of operation, which is characterized in that the processor is realized when executing described program such as any one of claim 1-3 institute The method that the file stated uploads perhaps is realized the method uploaded such as the described in any item files of claim 4-7 or is realized such as The method that file described in claim 8 or 9 uploads.
21. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is by processor The method that file as described in any one of claims 1-3 uploads is realized when execution, or is realized such as any one of claim 4-7 Step in the method that the file uploads, or the method for realization file upload as claimed in claim 8 or 9.
CN201711488753.1A 2017-12-29 2017-12-29 Method and system, the client, server, object storage system of file upload Pending CN109995821A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711488753.1A CN109995821A (en) 2017-12-29 2017-12-29 Method and system, the client, server, object storage system of file upload

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711488753.1A CN109995821A (en) 2017-12-29 2017-12-29 Method and system, the client, server, object storage system of file upload

Publications (1)

Publication Number Publication Date
CN109995821A true CN109995821A (en) 2019-07-09

Family

ID=67110002

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711488753.1A Pending CN109995821A (en) 2017-12-29 2017-12-29 Method and system, the client, server, object storage system of file upload

Country Status (1)

Country Link
CN (1) CN109995821A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110597766A (en) * 2019-08-16 2019-12-20 深圳市元征科技股份有限公司 Data transmission method and device
CN114827130A (en) * 2022-04-24 2022-07-29 中国银行股份有限公司 File uploading method and device
CN116506224A (en) * 2023-06-27 2023-07-28 中航金网(北京)电子商务有限公司 File uploading method and device, computer equipment and storage medium

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685148A (en) * 2012-05-31 2012-09-19 清华大学 Method for realizing secure network backup system under cloud storage environment
CN102708165A (en) * 2012-04-26 2012-10-03 华为软件技术有限公司 Method and device for processing files in distributed file system
CN103581216A (en) * 2012-07-20 2014-02-12 中国电信股份有限公司 Fragmentation data storage method, device and system
CN103685162A (en) * 2012-09-05 2014-03-26 中国移动通信集团公司 File storing and sharing method
CN106230893A (en) * 2016-07-15 2016-12-14 国云科技股份有限公司 A kind of method of data synchronization based on mixed cloud storage
CN106341236A (en) * 2016-09-09 2017-01-18 深圳大学 Access control method facing cloud storage service platform and system thereof
US20170048021A1 (en) * 2014-05-13 2017-02-16 Cloud Crowding Corp. Distributed secure data storage and transmission of streaming media content
CN106658045A (en) * 2015-10-29 2017-05-10 阿里巴巴集团控股有限公司 Cloud storage and cloud download methods for multimedia data and related devices
CN106682028A (en) * 2015-11-10 2017-05-17 阿里巴巴集团控股有限公司 Method, device and system for obtaining web application
US20170286695A1 (en) * 2016-04-01 2017-10-05 Egnyte, Inc. Methods for Improving Performance and Security in a Cloud Computing System

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102708165A (en) * 2012-04-26 2012-10-03 华为软件技术有限公司 Method and device for processing files in distributed file system
CN102685148A (en) * 2012-05-31 2012-09-19 清华大学 Method for realizing secure network backup system under cloud storage environment
CN103581216A (en) * 2012-07-20 2014-02-12 中国电信股份有限公司 Fragmentation data storage method, device and system
CN103685162A (en) * 2012-09-05 2014-03-26 中国移动通信集团公司 File storing and sharing method
US20170048021A1 (en) * 2014-05-13 2017-02-16 Cloud Crowding Corp. Distributed secure data storage and transmission of streaming media content
CN106658045A (en) * 2015-10-29 2017-05-10 阿里巴巴集团控股有限公司 Cloud storage and cloud download methods for multimedia data and related devices
CN106682028A (en) * 2015-11-10 2017-05-17 阿里巴巴集团控股有限公司 Method, device and system for obtaining web application
US20170286695A1 (en) * 2016-04-01 2017-10-05 Egnyte, Inc. Methods for Improving Performance and Security in a Cloud Computing System
CN106230893A (en) * 2016-07-15 2016-12-14 国云科技股份有限公司 A kind of method of data synchronization based on mixed cloud storage
CN106341236A (en) * 2016-09-09 2017-01-18 深圳大学 Access control method facing cloud storage service platform and system thereof

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110597766A (en) * 2019-08-16 2019-12-20 深圳市元征科技股份有限公司 Data transmission method and device
CN110597766B (en) * 2019-08-16 2024-01-05 深圳市元征科技股份有限公司 Data transmission method and device
CN114827130A (en) * 2022-04-24 2022-07-29 中国银行股份有限公司 File uploading method and device
CN114827130B (en) * 2022-04-24 2024-04-16 中国银行股份有限公司 File uploading method and device
CN116506224A (en) * 2023-06-27 2023-07-28 中航金网(北京)电子商务有限公司 File uploading method and device, computer equipment and storage medium
CN116506224B (en) * 2023-06-27 2023-10-03 中航金网(北京)电子商务有限公司 File uploading method and device, computer equipment and storage medium

Similar Documents

Publication Publication Date Title
US11108568B2 (en) Blockchain-based content verification
US11431501B2 (en) Coordinating access authorization across multiple systems at different mutual trust levels
KR101883156B1 (en) System and method for authentication, user terminal, authentication server and service server for executing the same
US10073958B2 (en) Security system for verification of user credentials
WO2019184135A1 (en) Application login method and apparatus, and computer device and storage medium
US11764966B2 (en) Systems and methods for single-step out-of-band authentication
US8819801B2 (en) Secure machine enrollment in multi-tenant subscription environment
US20170063830A1 (en) Method, client, server and system of login verification
US8847729B2 (en) Just in time visitor authentication and visitor access media issuance for a physical site
CN110177124B (en) Identity authentication method based on block chain and related equipment
US20180054432A1 (en) Protection feature for data stored at storage service
US20130086381A1 (en) Multi-server authentication token data exchange
US9225744B1 (en) Constrained credentialed impersonation
CN110944046B (en) Control method of consensus mechanism and related equipment
KR20160006185A (en) Two factor authentication
US20180248685A1 (en) Systems, Devices, and Methods for In-Field Authenticating of Autonomous Robots
US20230370265A1 (en) Method, Apparatus and Device for Constructing Token for Cloud Platform Resource Access Control
US9747434B1 (en) Authenticating with an external device by providing a message having message fields arranged in a particular message field order
CN111314172B (en) Block chain-based data processing method, device, equipment and storage medium
US20230379160A1 (en) Non-fungible token authentication
CN109981576B (en) Key migration method and device
CN109995821A (en) Method and system, the client, server, object storage system of file upload
CN111949959A (en) Authorization authentication method and device in Oauth protocol
KR101246339B1 (en) System and method using qr code for security authentication
CN109769010B (en) Method, device, equipment and storage medium for accessing CloudStack server based on SDK

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190709