CN109995821A - Method and system, the client, server, object storage system of file upload - Google Patents
Method and system, the client, server, object storage system of file upload Download PDFInfo
- Publication number
- CN109995821A CN109995821A CN201711488753.1A CN201711488753A CN109995821A CN 109995821 A CN109995821 A CN 109995821A CN 201711488753 A CN201711488753 A CN 201711488753A CN 109995821 A CN109995821 A CN 109995821A
- Authority
- CN
- China
- Prior art keywords
- file
- private key
- storage system
- object storage
- user account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Method and system, the client, server, object storage system uploaded the present invention provides a kind of file, to solve client on object storage system when transmitting file, the problem that transmission efficiency is low and server process pressure is big.The described method includes: user end to server sends the request for authenticating the legitimacy of user account password corresponding with the account;If the authentication response that the server received is sent is that the user account has authenticated the request for passing through, uploading to server transmission file;Receive the private key that the server is sent, wherein the private key be for identify the user account by legitimacy certification can directly on object storage system transmitting file key;It is signed using the private key to the user account, and directly sends file to be uploaded and the user account after signature to the object storage system.
Description
Technical field
The present invention relates to method and system, clients, service that field of communication technology more particularly to a kind of file upload
Device, object storage system.
Background technique
Object storage system (Object-Based Storage System) is to combine NAS (Network Attached
Storage, network attached storage) and the advantages of SAN (Storage Area Network, storage area network), have simultaneously
The high speed of SAN directly accesses and the advantage of the data sharing of NAS, and therefore, object storage system is as new network storage component
Preferred storage mode as Dropbox storage.
Nowadays, the process of transmitting file is referring to Fig. 1 on object storage system, and S101 client is sent to Dropbox server
The certification request of username and password;S102 Dropbox server authenticates the client;S103 Dropbox server is in determination
The request is the response that passes through to client return authentication after legitimate request;S104 client to Dropbox server up transfer file,
S105 Dropbox server judges whether the metadata information for being stored with this document, S106 if so, return the file second pass response,
If it is not, then send the content of the file to be uploaded to object storage system, S107 object storage system after finishing receiving, to
Dropbox server transmits and receives the response completed, and S108 Dropbox server saves the metadata information of file to be uploaded, S109
Dropbox server sends file to client and uploads the message completed.
In conclusion needing Dropbox server to carry out data relay, no on existing object storage system when transmitting file
The efficiency of transmission has only been dragged down, so that file uploads time delay, has also increased the processing pressure of Dropbox server.
Summary of the invention
Method and system, the client, server, object storage system uploaded the embodiment of the invention provides a kind of file
System, when solving the transmitting file on existing object storage system, the problem that transmission efficiency is low and processing pressure is big.
The method that a kind of file provided in an embodiment of the present invention uploads, comprising:
User end to server sends the request for authenticating the legitimacy of user account password corresponding with the account;
Pass through if the authentication response that the server that the client receives is sent has authenticated for the user account,
The request of upper transmitting file is then sent to the server;
The client receives the private key that the server is sent, wherein the private key is for identifying user's account
Number by legitimacy certification can directly on object storage system transmitting file key;
The client signs to the user account using the private key, and directly to the object storage system
User account after upper transmitting file and signature.
Preferably, being directly being stored to the object if the size of the file to be uploaded is greater than preset threshold
On system before transmitting file, this method further include:
The fragment request of file is sent to the object storage system;
Receive object storage system feedback for determine the file uploaded whether be file after fragment mark;
The file to be uploaded is subjected to fragment, the file after obtaining at least two fragments;Wherein, after each fragment
File no more than preset threshold;
The transmitting file directly on the object storage system, comprising:
File from fragment to the object storage system and the mark after directly uploading.
Preferably, after the transmitting file directly on the object storage system and the user account after signature, this method
Further include:
File, which is sent, to the server uploads the message completed.
The method that a kind of file provided in an embodiment of the present invention uploads, this method comprises:
The private key acquisition request that object storage system is sent according to the server received generates and is used for identity user account
By legitimacy certification can directly on the object storage system transmitting file private key;
The object storage system is to private key described in the server feedback;
The object storage system receives the user account after the file and signature that the client uploads, wherein described
The user account client after signature is signed to obtain using the private key to user account;
According to the user account after signature, whether the object storage system verifies the private key effective;If the private key
Effectively, then the message completed is uploaded to the client feedback file.
Preferably, this method further include:
If the file received is the file after fragment, file mergences interface is called to merge the file received
Processing.
Preferably, to after private key described in the server feedback, this method further include:
If not receiving the file that the client uploads within a preset time, marks the private key and failed.
Preferably, if the private key has failed, to the failed message of private key described in the client feedback.
The method that a kind of file provided in an embodiment of the present invention uploads, this method comprises:
Server carries out the user account password corresponding with the user account in the legitimacy certification request received
Certification;If being stored with user account password corresponding with the user account in the server, user's account is sent
Number by certification response;
The server receives the file upload request that client is sent, wherein the file upload request includes to upper
The metadata information of the file of biography;
The server determines in object storage system whether be stored with according to the metadata information of the file to be uploaded
The file to be uploaded;If nothing, private key acquisition request is sent to the object storage system, wherein the private key is to use
In identify the user account by legitimacy certification can directly on the object storage system transmitting file key;
The server receives the private key that the object storage system is sent, and the private key is transmitted to the client
End.
Preferably, after receiving the file that the client is sent and uploading the message completed, this method further include:
Store the metadata information of the file to be uploaded.
A kind of client provided in an embodiment of the present invention, comprising:
Sending module, for sending the legitimacy for authenticating user account password corresponding with the account to server
Request;It wherein, include user account password corresponding with the account in the legitimacy certification request;
The sending module, the authentication response that the server for being also used to receive in receiving module is sent are the use
Family account authenticated by when, then the request of upper transmitting file is sent to the server;
The receiving module, the authentication response and private key sent for receiving the server, wherein the private key is
For identify the user account by legitimacy certification can directly on object storage system transmitting file key;
Uploading module is stored for being signed using the private key to the user account, and directly to the object
System sends the user account after file to be uploaded and signature.
Preferably, the client further includes fragment module;When the size of the file to be uploaded is greater than preset threshold,
The sending module is also used to send the fragment request of file to the object storage system;
The receiving module, be also used to receive object storage system feedback for determine the file uploaded whether be
The mark of file after fragment;
The fragment module is also used to the file to be uploaded carrying out fragment, the file after obtaining at least two fragments;
Wherein, the file after each fragment is no more than preset threshold;
The uploading module, file from fragment to the object storage system and the mark after being also used to directly upload.
Preferably, after directly sending the user account after file to be uploaded and signature to the object storage system,
The sending module is also used to:
File, which is sent, to the server uploads the message completed.
A kind of object storage system provided in an embodiment of the present invention, comprising:
Private key module, the private key acquisition request for being sent according to the server received, generates and is used for identity user account
Number by legitimacy certification can directly on the object storage system transmitting file private key;
Respond module is used for private key described in the server feedback;
Receiving module, the user account after file and signature for receiving the client upload, wherein the signature
The client of user account afterwards is signed to obtain using the private key to user account;
Authentication module, for whether effective verifying the private key according to the user account after signature;If the private key has
Effect then uploads the message completed to the client feedback file.
Preferably, the system further includes merging module;Wherein, the merging module is used for:
If the file received is the file after fragment, file mergences interface is called to merge the file received
Processing.
Preferably, the respond module is also used to after private key described in the server feedback:
If not receiving the file that the client uploads within a preset time, marks the private key and failed.
Preferably, the authentication module is also used to:
If the private key has failed, to the failed message of private key described in the client feedback.
A kind of server provided in an embodiment of the present invention, comprising:
Authentication module, for corresponding with the user account close to the user account in the legitimacy certification request received
Code is authenticated;If being stored with user account password corresponding with the user account in the server, described in transmission
The response that user account passes through certification;
Receiving module, for receive client transmission file upload request, wherein the file upload request include to
The metadata information of the file of upload;
Request module determines in object storage system whether deposit for the metadata information according to the file to be uploaded
Contain the file to be uploaded;If nothing, private key acquisition request is sent to the object storage system, wherein the private key
For for identify the user account by legitimacy certification can directly on the object storage system transmitting file key;
Forwarding module, the private key sent for receiving the object storage system, and the private key is transmitted to the visitor
Family end.
Preferably, the forwarding module is also used after receiving the file that the client is sent and uploading the message completed
In:
Store the metadata information of the file to be uploaded.
A kind of file uploading system provided in an embodiment of the present invention, the system include above-mentioned client, above-mentioned service
Device and above-mentioned object storage system.
A kind of communication equipment provided in an embodiment of the present invention, including memory, processor and it is stored in the memory
Computer program that is upper and can running on the processor, the processor realize such as above-mentioned file when executing described program
The method of upload.
A kind of computer readable storage medium provided in an embodiment of the present invention, is stored thereon with computer program, the program
The step in the method uploaded such as above-mentioned file is realized when being executed by processor.
Method and system, the client, server, object storage system uploaded the present invention provides a kind of file, service
Device sends private key to the client authenticated by legitimacy, which can be directly on object storage system using the private key
Transmitting file has skipped the step of server forwards file to be uploaded, had both alleviated the processing pressure of server, and also improved file
The efficiency of upload;Since server has carried out the certification of legitimacy to client, the stolen probability of transmitting file is also just reduced.
Detailed description of the invention
Fig. 1 is the flow diagram of upload object storage file in the prior art;
Fig. 2 a is the flow diagram for the method that the file for the client-side that the embodiment of the present invention one provides uploads;
Fig. 2 b is the flow diagram for the method that the file for the client-side that the embodiment of the present invention one provides uploads;
Fig. 3 is the flow diagram for the method that the file of object storage system side provided by Embodiment 2 of the present invention uploads;
Fig. 4 a is the flow diagram for the method that the file for the server side that the embodiment of the present invention three provides uploads;
Fig. 4 b is the flow diagram of the file uploading method for the server side that the embodiment of the present invention three provides;
Fig. 5 is a kind of flow diagram for file uploading system that the embodiment of the present invention four provides;
Fig. 6 is a kind of structural schematic diagram for client that the embodiment of the present invention five provides;
Fig. 7 is a kind of structural schematic diagram for object storage system that the embodiment of the present invention six provides;
Fig. 8 is a kind of structural schematic diagram for server that the embodiment of the present invention seven provides.
Specific embodiment
Method and system, the client, server, object storage system uploaded the embodiment of the invention provides a kind of file
System, when solving the transmitting file on existing object storage system, the problem that transmission efficiency is low and processing pressure is big.
Following will be combined with the drawings in the embodiments of the present invention, is clearly and completely retouched to the technical solution in the present invention
It states, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based in the present invention
Embodiment, every other embodiment obtained by those of ordinary skill in the art without making creative efforts, all
Belong to the scope of protection of the invention.
Embodiment one:
The method that the file of client-side uploads is provided in the embodiment of the present invention one, referring to fig. 2 a, this method comprises:
S201, legitimacy certification request is sent to server;Wherein, in the legitimacy certification request include user account and
The corresponding password of the account;
Pass through if the authentication response that S202, the server received are sent has authenticated for the user account, to server
Send file upload request;
S203, the private key that server is sent is received, wherein the private key is to have recognized by legitimacy for identity user account
Card can directly on object storage system transmitting file key;
S204, it is signed using the private key to user account, and transmitting file and signature directly on object storage system
User account afterwards.
For step S202, this method further include:
Pass through if the authentication response that the server received is sent is that the user account is unverified, shows authentification failure.
For step S204, file to be uploaded and the user account after signature directly are sent to object storage system, specifically
Include:
The interface for upper transmitting file of object storage system is called, and file to be uploaded is directly uploaded by the interface
With for verify private key whether effectively sign after user account.
The embodiment of the present invention one carries out legitimacy certification to user account password corresponding with the account by server, if
By certification, then private key is sent to client, client recalls the interface of object storage system, and object storage system first has to
It whether effective verifies private key, after being verified, receives the file that client uploads, alleviate the processing pressure of server, promoted
Upper transfer efficiency.
For step S204, if the size of file to be uploaded is greater than preset threshold, it is determined that file to be uploaded is big text
Part, therefore, before directly sending file to be uploaded to the object storage system, this method further include:
The fragment request of file is sent to object storage system;
Receive object storage system feedback for determine the file uploaded whether be file after fragment mark;
File to be uploaded is subjected to fragment, the file after obtaining at least two fragments;Wherein, the file after each fragment is equal
No more than preset threshold;
At this point, directly sending file to be uploaded to object storage system, comprising:
File from fragment to object storage system and mark after directly sending.
Specifically, file to be uploaded is subjected to fragment, comprising: the initialization of object storage system is first called to upload interface
(InitiateMultipartUpload), interface is uploaded to file to initialize;Then the file of object storage system is called
Fragment uploads interface (UploadPart), is the small text that multiple file sizes are not more than preset threshold by the file fragmentation after signature
Part, then the small documents after fragment are uploaded in object storage system.After file after all fragments uploads successfully, object
Storage system will call file mergences interface to merge processing to the file received, by the identical fragment of the mark received
File mergences afterwards is file to get original file to be uploaded is arrived.
Object storage system is called if the size of the file after signature is not more than preset threshold for step S204
File uploads interface, and directly sends file to be uploaded and the user account after signature to object storage system.Wherein, at this time
It can be OSS (Object Storage Service, object storage service) API (Application that file, which uploads interface,
Programming Interface, application programming interface) in Put Object upload interface, or be HTTP request
In file upload interface.
By can not only promote file uploading speed for the method for big file fragmentation, document breaking point can also be avoided continuous
The problem of biography.
B referring to fig. 2 should after directly sending the user account after file to be uploaded and signature to object storage system
Method further include:
S205, the message that file uploads completion is sent to server, further server is receiving disappearing for upload completion
After breath, the metadata information of the file destination will be stored, wherein metadata information include the file destination store path and
The MD5 value of the file destination, the time for creating the file destination.
The present invention passes through the metadata information for storing the file of the upload in the server, ensure that the server can be to be somebody's turn to do
Client provides the function of file second biography and file download.
Embodiment two:
The method that the file of object storage system side uploads is provided in the embodiment of the present invention two, referring to Fig. 3, this method packet
It includes:
S301, the private key acquisition request sent according to the server received, generate and have passed through for identity user account
Legitimacy certification can directly on object storage system transmitting file private key;
S302, the private key generated is sent to server;
S303, the user account after the file and signature that client is sent is received, wherein the user account after signature is visitor
It is signed using private key to user account at family end;
S304, according to the user account after signature, whether effective verify the private key;If the private key is effective, to client
Feedback file uploads the message completed.
For step S304, before uploading the message completed to the client feedback file, this method further include:
If include in the file received for determine the file uploaded whether be file after fragment mark, that is, receive
The file arrived is the file after fragment, then calls file mergences interface to merge processing to the file received, merging
Cheng Hou uploads the message completed to the client feedback file;If without the mark in the file received, directly to the client
Feedback file is held to upload the message completed.
For step S303, if not receiving file destination within a preset time, this method further include:
The private key is marked to have failed or directly deleted the corresponding public key of private key.
For step S304, this method further include: if the private key failed or object storage system in there is no the private key pair
The public key answered, then to client feedback private key message out of date/failed.
Wherein, the time to count point of the preset time is the time that the private key is issued server by object storage system.
Embodiment three:
The method that the file of server side uploads is provided in the embodiment of the present invention three, referring to fig. 4 a, this method comprises:
S401, the user account password corresponding with the user account in the legitimacy certification request received is recognized
Card;
If being stored with user account password corresponding with the user account in S402, server, it is logical to send user account
Cross the response of certification;
S403, the file upload request that client is sent is received, wherein this document upload request includes file to be uploaded
Metadata information;
S404, according to the metadata information of file to be uploaded, determine in object storage system whether be stored with this document;
If S405, nothing, private key acquisition request is sent to object storage system, wherein private key is used for identity user account
By legitimacy certification can directly on object storage system transmitting file;
S406, the private key that object storage system is sent is received, and private key is transmitted to client.
B referring to fig. 4, after step S406, this method further include:
S407, the message that the file that client is sent uploads completion is received;
The metadata information of S408, storage file to be uploaded.Wherein, the metadata information of file to be uploaded includes: this article
The time of the MD5 value of the store path of part and this document, the described this document of creation.
The embodiment of the present invention three ensure that the server can by the metadata information of the upper transmitting file of storage in the server
The function of file second biography and file download is provided for the client.
Example IV:
Referring to Fig. 5, the embodiment of the present invention four provides a kind of system that file uploads, which includes client, service
Device and object storage system, wherein
S501, user end to server send the application of legitimacy certification, wherein include using in the legitimacy certification request
Family account password corresponding with the account.
S502, server authenticate the user account password corresponding with the user account in this application;If service
The user account is stored in device, and the corresponding password of the account is accurate, it is determined that the user account is sent by certification
Pass through the response of certification;Otherwise, the response of illegal user is returned.
If S503, client receive the response for having passed through certification, file upload request is sent to server, wherein should
File upload request includes the metadata information of file to be uploaded;If receiving the response of non-effective user, show that mistake mentions
Show.
S504, server check the metadata information whether is stored in the server;If nothing, then determine object storage
It is not stored with this document in system, and sends private key acquisition request to object storage system;If being stored with this yuan of number in server
It is believed that breath, then execute S512.
S505, object storage system generate and have passed through for identity user account according to the private key acquisition request received
Legitimacy certification can directly on the object storage system transmitting file private key, and send the private key to server.
The private key received is transmitted to client by S506, server.
S507, client sign to the user account using the private key.
S508, client judge whether the size of file to be uploaded is greater than 4 Mbytes;If so, storing system to object
System sends the fragment request of file, receive object storage system feedback for determining whether the file uploaded is fragment after
File mark, first call object storage system initialization upload interface (InitiateMultipartUpload), to text
Part uploads interface and is initialized;Then the file fragmentation of object storage system is called to upload interface (UploadPart), it will be to
The file fragmentation of upload is that multiple file sizes are not more than 4 Mbytes of small documents, then by after fragment small documents, receive
User account after mark and signature uploads in object storage system;Otherwise, the file of object storage system is called to upload
Interface, and transmitting file and the user account after signature directly on object storage system.
S509, object storage system receive client upload file and signature after user account, and according to signature after
User account, whether effective the private key is verified, if in vain, the failed message of the private key is directly fed back to client;
If effectively, uploading the message completed to the client feedback file;
S510, after the completion of upload, user end to server send file upload complete message;
S511, server store file to be uploaded after the file for receiving client transmission uploads the message completed
Metadata information.
S512, transmitting file second biography on this is returned.
Each client transmitting file on object storage system is required to authenticate the legitimacy of user account, only
After certification passes through, server can just be sent to it the private key of time-effectiveness, that is, be more than the setting time limit of the key, which will
In vain, the purpose that also cannot achieve upper transmitting file with the file of the private key signature ensure that the legitimacy and safety of private key, into
And guarantee the safety that this document uploads.
Specifically, it verifies the whether effective method of private key: public key corresponding with the private key is first determined whether there is, if not depositing
, it is determined that the private key is invalid;If it exists, then public key corresponding with private key is recycled, the user account after signature is tested
Card.If being verified, prove that the private key is effective, if not passing through, proves that the private key is invalid.It is i.e. corresponding with the private key if it exists
Public key, and the user account after signature is verified using the public key, then private key is effective;Otherwise, private key is invalid.
Embodiment five:
Referring to Fig. 6, the embodiment of the present invention five provides a kind of client, comprising:
Sending module 601, for sending legitimacy certification request to server;Wherein, in the legitimacy certification request
Including user account password corresponding with the account;
Sending module 601, the authentication response that the server for being also used to receive in receiving module is sent are the use
Family account authenticated by when, then to the server send file upload request;
Receiving module 602, the authentication response and private key sent for receiving the server, wherein the private key is
For identify the user account by legitimacy certification can directly on object storage system transmitting file key;
Uploading module 603 for being signed using the private key to the user account, and is directly deposited to the object
Storage system sends the user account after file to be uploaded and signature.
Specifically, which further includes fragment module 604;When the size of the file to be uploaded is greater than preset threshold
When,
Sending module 601 is also used to send the fragment request of file to the object storage system;
Receiving module 602, be also used to receive object storage system feedback for determine the file uploaded whether be
The mark of file after fragment;
Fragment module 604, for the file to be uploaded to be carried out fragment, the file after obtaining at least two fragments;Its
In, the file after each fragment is no more than preset threshold;
Uploading module 603, file from fragment to the object storage system and the mark after being also used to directly upload.
Specifically, after the transmitting file directly on the object storage system and the user account after signature, mould is sent
Block 601 is specifically used for:
File, which is sent, to the server uploads the message completed.
Embodiment six:
Referring to Fig. 7, the embodiment of the present invention six provides a kind of object storage system, comprising:
Private key module 701, the private key acquisition request for being sent according to the server received, generates and is used for identity user
Account by legitimacy certification can directly on the object storage system transmitting file private key;
Respond module 702, the private key for being generated to the server feedback;
Receiving module 703, the user account after file and signature for receiving the client upload, wherein described
The user account client after signature is signed to obtain using the private key to user account;
Authentication module 704, for whether effective verifying the private key according to the user account after signature;If the private key
Effectively, then the message completed is uploaded to the client feedback file.
Specifically, which further includes merging module 705;Wherein, merging module 705 is used for:
If the file received is the file after fragment, file mergences interface is called to merge the file received
Processing.
Specifically, after the private key generated to the server feedback, the respond module 702 is also used to:
If not receiving the file that the client uploads within a preset time, marks the private key and failed.
Specifically, the authentication module 704 is also used to:
If the private key has failed, to the failed message of private key described in the client feedback.
Referring to Fig. 8, the embodiment of the present invention seven provides a kind of server, comprising:
Authentication module 801, for the user account and user account correspondence in the legitimacy certification request received
Password authenticated;If being stored with user account password corresponding with the user account in the server, send
The response that the user account passes through certification;
Receiving module 802, for receiving the file upload request of client transmission, wherein the file upload request packet
Include the metadata information of file to be uploaded;
Request module 803, for the metadata information according to the file to be uploaded, determine in object storage system whether
It is stored with the file to be uploaded;If nothing, private key acquisition request is sent to the object storage system, wherein the private
Key for identify the client by legitimacy certification can directly on the object storage system transmitting file;
Forwarding module 804, the private key sent for receiving the object storage system, and the private key is transmitted to described
Client.
Specifically, after receiving the file that the client is sent and uploading the message completed, the forwarding module 804 is also
For:
Store the metadata information of the file to be uploaded.
Wherein, the server that embodiment seven provides can be Dropbox server.
Correspondingly, the method for the upload of file described in the embodiment of the present invention can be realized by corresponding entity apparatus, such as
By calculating equipment etc. accordingly.Wherein, calculate equipment be specifically as follows desktop computer, portable computer, smart phone,
Tablet computer, personal digital assistant (Personal Digital Assistant, PDA) etc..
Embodiment eight:
It provides a kind of communication equipment in the embodiment of the present invention eight, including memory, processor and is stored in described deposit
On reservoir and the computer program that can run on the processor, the processor realize such as embodiment when executing described program
The method that file described in one uploads perhaps is realized as implemented the method or realize strictly according to the facts that file described in two uploads
The method for applying the upload of file described in example three.
Wherein, processor can be central processing unit (Center Processing Unit, CPU);Communication equipment also wraps
It includes: input equipment and output equipment etc., wherein input equipment may include keyboard, mouse, touch screen etc., and output equipment can
To include display equipment, such as liquid crystal display (Liquid Crystal Display, LCD), cathode-ray tube (Cathode
Ray Tube, CRT) etc..
Embodiment nine:
A kind of computer readable storage medium is provided in the embodiment of the present invention nine, is stored thereon with computer program, it should
The method that the file as described in embodiment one uploads is realized when program is executed by processor, or is realized as implemented described in two
File upload method, or realize the file as described in embodiment three upload method in step.
Wherein, computer readable storage medium can be any usable medium that computer can access or data storage is set
It is standby, including but not limited to magnetic storage (such as floppy disk, hard disk, tape, magneto-optic disk (MO) etc.), optical memory (such as CD,
DVD, BD, HVD etc.) and semiconductor memory (such as ROM, EPROM, EEPROM, nonvolatile memory (NAND
FLASH), solid state hard disk (SSD)) etc..
In conclusion the method and system uploaded the embodiment of the invention provides a kind of file, client, server, right
As storage system, server sends private key to the client authenticated by legitimacy, which can be direct using the private key
The transmitting file on object storage system has skipped the step of server forwards file to be uploaded, had both alleviated the processing of server
Pressure also improves the efficiency of file upload;Since server has carried out the certification of legitimacy to client, also just reduce
The stolen probability of transmitting file.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more,
The shape for the computer program product implemented in usable storage medium (including but not limited to magnetic disk storage and optical memory etc.)
Formula.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to include these modifications and variations.
Claims (21)
1. a kind of method that file uploads, which is characterized in that this method comprises:
User end to server sends the request for authenticating the legitimacy of user account password corresponding with the account;
Pass through if the authentication response that the server received is sent has authenticated for the user account, to the server
The request of transmitting file in transmission;
Receive the private key that the server is sent, wherein the private key is to have passed through legitimacy for identifying the user account
Certification can directly on object storage system transmitting file key;
It is signed using the private key to the user account, and transmitting file and signature directly on the object storage system
User account afterwards.
2. the method according to claim 1, wherein if the size of the file to be uploaded is greater than default threshold
Value, then directly on the object storage system before transmitting file, this method further include:
The fragment request of file is sent to the object storage system;
Receive object storage system feedback for determine the file uploaded whether be file after fragment mark;
The file to be uploaded is subjected to fragment, the file after obtaining at least two fragments;Wherein, the text after each fragment
Part is no more than preset threshold;
The transmitting file directly on the object storage system, comprising:
File from fragment to the object storage system and the mark after directly uploading.
3. the method according to claim 1, wherein in transmitting file and label directly on the object storage system
After user account after name, this method further include:
File, which is sent, to the server uploads the message completed.
4. a kind of method that file uploads, which is characterized in that this method comprises:
The private key acquisition request that object storage system is sent according to the server received generates and has led to for identity user account
Cross legitimacy certification can directly on the object storage system transmitting file private key;
The object storage system is to private key described in the server feedback;
The object storage system receives the user account after the file and signature that the client uploads, wherein the signature
The client of user account afterwards is signed to obtain using the private key to user account;
According to the user account after signature, whether the object storage system verifies the private key effective;If the private key is effective,
The message completed then is uploaded to the client feedback file.
5. according to the method described in claim 4, it is characterized in that, this method further include:
If the file received is the file after fragment, file mergences interface is called to merge place to the file received
Reason.
6. according to the method described in claim 4, it is characterized in that, to after private key described in the server feedback, the party
Method further include:
If not receiving the file that the client uploads within a preset time, marks the private key and failed.
7. according to the method described in claim 6, it is characterized in that, if the private key fails, to the client feedback institute
State the failed message of private key.
8. a kind of method that file uploads, which is characterized in that this method comprises:
Server recognizes the user account password corresponding with the user account in the request of the legitimacy certification received
Card;If being stored with user account password corresponding with the user account in the server, the user account is sent
Pass through the response of certification;
The server receives the file upload request that client is sent, wherein the file upload request includes to be uploaded
The metadata information of file;
According to the metadata information of the file to be uploaded, determine the text to be uploaded whether is stored in object storage system
Part;If nothing, private key acquisition request is sent to the object storage system, wherein the private key is for identifying the user
Account by legitimacy certification can directly on the object storage system transmitting file key;
The private key that the object storage system is sent is received, and the private key is transmitted to the client.
9. according to the method described in claim 8, it is characterized in that, uploading completion receiving the file that the client is sent
Message after, this method further include:
Store the metadata information of the file to be uploaded.
10. a kind of client characterized by comprising
Sending module, for sending asking for the legitimacy for authenticating user account password corresponding with the account to server
It asks;
The sending module, the authentication response that the server for being also used to receive in receiving module is sent are user's account
Number authenticated by when, Xiang Suoshu server sends the request of upper transmitting file;
The receiving module, the authentication response and private key sent for receiving the server, wherein the private key be for
Identify the user account by legitimacy certification can directly on object storage system transmitting file key;
Uploading module, for being signed using the private key to the user account, and directly to the object storage system
User account after upper transmitting file and signature.
11. client according to claim 10, which is characterized in that the client further includes fragment module;When it is described to
When the size of the file of upload is greater than preset threshold,
The sending module is also used to send the fragment request of file to the object storage system;
The receiving module, whether the file for determining upload for being also used to receive the object storage system feedback is fragment
The mark of file afterwards;
The fragment module, for the file to be uploaded to be carried out fragment, the file after obtaining at least two fragments;Wherein,
File after each fragment is no more than preset threshold;
The uploading module, file from fragment to the object storage system and the mark after being also used to directly upload.
12. client according to claim 10, which is characterized in that in the transmitting file directly on the object storage system
After the user account after signature, the sending module is also used to:
File, which is sent, to the server uploads the message completed.
13. a kind of object storage system characterized by comprising
Private key module, the private key acquisition request for being sent according to the server received, generates for identity user account
By legitimacy certification can directly on the object storage system transmitting file private key;
Respond module is used for private key described in the server feedback;
Receiving module, the user account after file and signature for receiving the client upload, wherein after the signature
The user account client is signed to obtain using the private key to user account;
Authentication module, for whether effective verifying the private key according to the user account after signature;If the private key is effective,
The message completed is uploaded to the client feedback file.
14. object storage system according to claim 13, which is characterized in that the system further includes merging module;Wherein,
The merging module is used for:
If the file received is the file after fragment, file mergences interface is called to merge place to the file received
Reason.
15. object storage system according to claim 13, which is characterized in that private key described in the server feedback
Later, the respond module is also used to:
If not receiving the file that the client uploads within a preset time, marks the private key and failed.
16. object storage system according to claim 15, which is characterized in that the authentication module is also used to:
If the private key has failed, to the failed message of private key described in the client feedback.
17. a kind of server characterized by comprising
Authentication module, for the user account password corresponding with the user account in the legitimacy certification request received into
Row certification;If being stored with user account password corresponding with the user account in the server, the user is sent
The response that account passes through certification;
Receiving module, for receiving the file upload request of client transmission, wherein the file upload request includes to be uploaded
File metadata information;
Request module determines in object storage system whether be stored with for the metadata information according to the file to be uploaded
The file to be uploaded;If nothing, private key acquisition request is sent to the object storage system, wherein the private key is to use
In identify the user account by legitimacy certification can directly on the object storage system transmitting file key;
Forwarding module, the private key sent for receiving the object storage system, and the private key is transmitted to the client.
18. server according to claim 17, which is characterized in that uploaded receiving the file that the client is sent
After the message of completion, the forwarding module is also used to:
Store the metadata information of the file to be uploaded.
19. a kind of file uploading system, which is characterized in that the system includes such as the described in any item clients of claim 10-12
End, the server as described in claim 17 or 18 and such as described in any item object storage systems of claim 13-16.
20. a kind of communication equipment, including memory, processor and it is stored on the memory and can be on the processor
The computer program of operation, which is characterized in that the processor is realized when executing described program such as any one of claim 1-3 institute
The method that the file stated uploads perhaps is realized the method uploaded such as the described in any item files of claim 4-7 or is realized such as
The method that file described in claim 8 or 9 uploads.
21. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is by processor
The method that file as described in any one of claims 1-3 uploads is realized when execution, or is realized such as any one of claim 4-7
Step in the method that the file uploads, or the method for realization file upload as claimed in claim 8 or 9.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711488753.1A CN109995821A (en) | 2017-12-29 | 2017-12-29 | Method and system, the client, server, object storage system of file upload |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711488753.1A CN109995821A (en) | 2017-12-29 | 2017-12-29 | Method and system, the client, server, object storage system of file upload |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109995821A true CN109995821A (en) | 2019-07-09 |
Family
ID=67110002
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711488753.1A Pending CN109995821A (en) | 2017-12-29 | 2017-12-29 | Method and system, the client, server, object storage system of file upload |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109995821A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110597766A (en) * | 2019-08-16 | 2019-12-20 | 深圳市元征科技股份有限公司 | Data transmission method and device |
CN114827130A (en) * | 2022-04-24 | 2022-07-29 | 中国银行股份有限公司 | File uploading method and device |
CN116506224A (en) * | 2023-06-27 | 2023-07-28 | 中航金网(北京)电子商务有限公司 | File uploading method and device, computer equipment and storage medium |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102685148A (en) * | 2012-05-31 | 2012-09-19 | 清华大学 | Method for realizing secure network backup system under cloud storage environment |
CN102708165A (en) * | 2012-04-26 | 2012-10-03 | 华为软件技术有限公司 | Method and device for processing files in distributed file system |
CN103581216A (en) * | 2012-07-20 | 2014-02-12 | 中国电信股份有限公司 | Fragmentation data storage method, device and system |
CN103685162A (en) * | 2012-09-05 | 2014-03-26 | 中国移动通信集团公司 | File storing and sharing method |
CN106230893A (en) * | 2016-07-15 | 2016-12-14 | 国云科技股份有限公司 | A kind of method of data synchronization based on mixed cloud storage |
CN106341236A (en) * | 2016-09-09 | 2017-01-18 | 深圳大学 | Access control method facing cloud storage service platform and system thereof |
US20170048021A1 (en) * | 2014-05-13 | 2017-02-16 | Cloud Crowding Corp. | Distributed secure data storage and transmission of streaming media content |
CN106658045A (en) * | 2015-10-29 | 2017-05-10 | 阿里巴巴集团控股有限公司 | Cloud storage and cloud download methods for multimedia data and related devices |
CN106682028A (en) * | 2015-11-10 | 2017-05-17 | 阿里巴巴集团控股有限公司 | Method, device and system for obtaining web application |
US20170286695A1 (en) * | 2016-04-01 | 2017-10-05 | Egnyte, Inc. | Methods for Improving Performance and Security in a Cloud Computing System |
-
2017
- 2017-12-29 CN CN201711488753.1A patent/CN109995821A/en active Pending
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102708165A (en) * | 2012-04-26 | 2012-10-03 | 华为软件技术有限公司 | Method and device for processing files in distributed file system |
CN102685148A (en) * | 2012-05-31 | 2012-09-19 | 清华大学 | Method for realizing secure network backup system under cloud storage environment |
CN103581216A (en) * | 2012-07-20 | 2014-02-12 | 中国电信股份有限公司 | Fragmentation data storage method, device and system |
CN103685162A (en) * | 2012-09-05 | 2014-03-26 | 中国移动通信集团公司 | File storing and sharing method |
US20170048021A1 (en) * | 2014-05-13 | 2017-02-16 | Cloud Crowding Corp. | Distributed secure data storage and transmission of streaming media content |
CN106658045A (en) * | 2015-10-29 | 2017-05-10 | 阿里巴巴集团控股有限公司 | Cloud storage and cloud download methods for multimedia data and related devices |
CN106682028A (en) * | 2015-11-10 | 2017-05-17 | 阿里巴巴集团控股有限公司 | Method, device and system for obtaining web application |
US20170286695A1 (en) * | 2016-04-01 | 2017-10-05 | Egnyte, Inc. | Methods for Improving Performance and Security in a Cloud Computing System |
CN106230893A (en) * | 2016-07-15 | 2016-12-14 | 国云科技股份有限公司 | A kind of method of data synchronization based on mixed cloud storage |
CN106341236A (en) * | 2016-09-09 | 2017-01-18 | 深圳大学 | Access control method facing cloud storage service platform and system thereof |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110597766A (en) * | 2019-08-16 | 2019-12-20 | 深圳市元征科技股份有限公司 | Data transmission method and device |
CN110597766B (en) * | 2019-08-16 | 2024-01-05 | 深圳市元征科技股份有限公司 | Data transmission method and device |
CN114827130A (en) * | 2022-04-24 | 2022-07-29 | 中国银行股份有限公司 | File uploading method and device |
CN114827130B (en) * | 2022-04-24 | 2024-04-16 | 中国银行股份有限公司 | File uploading method and device |
CN116506224A (en) * | 2023-06-27 | 2023-07-28 | 中航金网(北京)电子商务有限公司 | File uploading method and device, computer equipment and storage medium |
CN116506224B (en) * | 2023-06-27 | 2023-10-03 | 中航金网(北京)电子商务有限公司 | File uploading method and device, computer equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11108568B2 (en) | Blockchain-based content verification | |
US11431501B2 (en) | Coordinating access authorization across multiple systems at different mutual trust levels | |
KR101883156B1 (en) | System and method for authentication, user terminal, authentication server and service server for executing the same | |
US10073958B2 (en) | Security system for verification of user credentials | |
WO2019184135A1 (en) | Application login method and apparatus, and computer device and storage medium | |
US11764966B2 (en) | Systems and methods for single-step out-of-band authentication | |
US8819801B2 (en) | Secure machine enrollment in multi-tenant subscription environment | |
US20170063830A1 (en) | Method, client, server and system of login verification | |
US8847729B2 (en) | Just in time visitor authentication and visitor access media issuance for a physical site | |
CN110177124B (en) | Identity authentication method based on block chain and related equipment | |
US20180054432A1 (en) | Protection feature for data stored at storage service | |
US20130086381A1 (en) | Multi-server authentication token data exchange | |
US9225744B1 (en) | Constrained credentialed impersonation | |
CN110944046B (en) | Control method of consensus mechanism and related equipment | |
KR20160006185A (en) | Two factor authentication | |
US20180248685A1 (en) | Systems, Devices, and Methods for In-Field Authenticating of Autonomous Robots | |
US20230370265A1 (en) | Method, Apparatus and Device for Constructing Token for Cloud Platform Resource Access Control | |
US9747434B1 (en) | Authenticating with an external device by providing a message having message fields arranged in a particular message field order | |
CN111314172B (en) | Block chain-based data processing method, device, equipment and storage medium | |
US20230379160A1 (en) | Non-fungible token authentication | |
CN109981576B (en) | Key migration method and device | |
CN109995821A (en) | Method and system, the client, server, object storage system of file upload | |
CN111949959A (en) | Authorization authentication method and device in Oauth protocol | |
KR101246339B1 (en) | System and method using qr code for security authentication | |
CN109769010B (en) | Method, device, equipment and storage medium for accessing CloudStack server based on SDK |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190709 |