CN110401689A - File management method, device and storage medium - Google Patents

File management method, device and storage medium Download PDF

Info

Publication number
CN110401689A
CN110401689A CN201811412957.1A CN201811412957A CN110401689A CN 110401689 A CN110401689 A CN 110401689A CN 201811412957 A CN201811412957 A CN 201811412957A CN 110401689 A CN110401689 A CN 110401689A
Authority
CN
China
Prior art keywords
file
key
fragment
encryption
management server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811412957.1A
Other languages
Chinese (zh)
Other versions
CN110401689B (en
Inventor
彭向阳
李斌
奚驰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201811412957.1A priority Critical patent/CN110401689B/en
Publication of CN110401689A publication Critical patent/CN110401689A/en
Application granted granted Critical
Publication of CN110401689B publication Critical patent/CN110401689B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0637Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of file management method, device and storage medium, method includes: that file described in encryption end key pair file-based carries out fragment encryption;The fragment of the file of encryption is uploaded to document management server;Obtain the encryption key encrypted for the key to the file;Based on the encryption key, the key of the file is encrypted, security key is obtained;The security key is uploaded to service server;The security key, for decrypting end after the service server acquisition security key, the key of the file is obtained to the secure key decryption, is decrypted with the fragment to the file obtained from the document management server, obtains the file.

Description

File management method, device and storage medium
Technical field
The present invention relates to data processing technique more particularly to a kind of file management methods, device and storage medium.
Background technique
In the related technology, in order to guarantee the safety of file, server storage will be uploaded to by generalling use after file encryption, so And when file is larger, file encryption is uploaded to, upload low efficiency higher to the performance requirement of terminal again, and encryption is used Key be generally stored inside terminal local, safety is low.
Summary of the invention
In view of this, the embodiment of the present invention provides a kind of file management method, device and storage medium, file can be improved The safety of storage.
In a first aspect, the embodiment of the present invention provides a kind of file management method, comprising:
It encrypts file described in the key pair file-based of end and carries out fragment encryption;
The fragment of the file of encryption is uploaded to document management server;
Obtain the encryption key encrypted for the key to the file;
Based on the encryption key, the key of the file is encrypted, security key is obtained;
The security key is uploaded to service server;
The security key is used for for decrypting end after the service server acquisition security key, to the peace Full key is decrypted to obtain the key of the file, is carried out with the fragment to the file obtained from the document management server Decryption, obtains the file.
Second aspect, the embodiment of the present invention provide a kind of file management method, comprising:
The fragment of the file of encryption is obtained from document management server;The fragment is added based on the key of the file It is close;
Security key is obtained from service server;The security key is to obtain after encrypting to the key of the file It arrives;
Obtain the decruption key for decrypting the security key;
Based on the decruption key, to obtaining the key of the file after the secure key decryption, and it is based on the text The fragment of the file acquired in the key pair of part is decrypted, and obtains the file.
The third aspect, the embodiment of the present invention provide a kind of document management apparatus, and described device includes:
First encryption unit carries out fragment encryption for file described in key pair file-based;
First uploading unit, for upload encryption the file fragment to document management server;
Acquiring unit, for obtaining the encryption key encrypted for the key to the file;
Second encryption unit encrypts the key of the file, it is close to obtain safety for being based on the encryption key Key;
Second uploading unit, for uploading the security key to service server;
The security key, after obtaining the security key from the service server, to the security key solution The close key for obtaining the file is decrypted with the fragment to the file obtained from the document management server.
Fourth aspect, the embodiment of the present invention provide a kind of document management apparatus, and described device includes:
Fragment acquiring unit, the fragment of the file for obtaining encryption from document management server;The fragment is based on institute The key for stating file is encrypted;
First key acquiring unit, for obtaining security key from service server;The security key is to the text The key of part obtains after being encrypted;
Second key acquiring unit, for obtaining the decruption key for decrypting the security key;
Decryption unit, for being based on the decruption key, to obtaining the key of the file after the secure key decryption, And the fragment of the file acquired in the key pair based on the file is decrypted, and obtains the file.
5th aspect, the embodiment of the present invention provide a kind of document management apparatus, and described device includes:
Memory, for storing executable instruction;
Processor when for executing the executable instruction stored in the memory, is realized provided in an embodiment of the present invention The file management method.
6th aspect, the embodiment of the present invention provide a kind of storage medium, are stored with executable instruction, the executable instruction It is performed, for realizing the file management method provided in an embodiment of the present invention.
It is had the advantages that using the above embodiment of the present invention
1), in the embodiment of the present invention to need the file of upload server using fragment encryption by the way of, file is added Close fragmentation, when file it is very big when, reduce consumption to equipment performance by the way of fragment encryption, improve treatment effeciency And user experience, simultaneously as file is encrypted using fragment, it can be achieved that encrypting when uploading to file, improves the place of file Manage efficiency;
2), since the key of file resource and file uses distributed storage, and while encrypted to file, to text The key of part is also encrypted, so that server also cannot achieve the decryption to file, it is ensured that the safety of file resource.
Detailed description of the invention
Fig. 1 is an optional configuration diagram of file management system provided in an embodiment of the present invention;
Fig. 2 is an optional structural schematic diagram of terminal 400 provided in an embodiment of the present invention;
Fig. 3 is the flow diagram of file management method provided in an embodiment of the present invention;
Fig. 4 is the method schematic diagram provided in an embodiment of the present invention that fragment encryption is carried out to file;
Fig. 5 is the method schematic diagram provided in an embodiment of the present invention that fragment encryption is carried out to file;
Fig. 6 is the flow diagram of file management method provided in an embodiment of the present invention;
Fig. 7 is the configuration diagram of file management system provided in an embodiment of the present invention;
Fig. 8 is the flow diagram of file management method provided in an embodiment of the present invention;
Fig. 9 is the flow diagram of file management method provided in an embodiment of the present invention;
Figure 10 is the interface schematic diagram that second terminal provided in an embodiment of the present invention receives wechat document message;
Figure 11 is the composed structure schematic diagram of document management apparatus 800 provided in an embodiment of the present invention;
Figure 12 is the composed structure schematic diagram of document management apparatus 900 provided in an embodiment of the present invention.
Specific embodiment
The present invention is further described in detail below with reference to the accompanying drawings and embodiments.It should be appreciated that mentioned herein Embodiment is only used to explain the present invention, is not intended to limit the present invention.In addition, embodiment provided below is for implementing Section Example of the invention, rather than provide and implement whole embodiments of the invention, in the absence of conflict, the present invention is implemented Example record technical solution can mode in any combination implement.
It should be noted that in embodiments of the present invention, the terms "include", "comprise" or its any other variant are intended to Cover non-exclusive inclusion, so that including the method for a series of elements or device not only includes wanting of being expressly recited Element, but also including other elements that are not explicitly listed, or further include for implementation method or device intrinsic want Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including the element Method or device in there is also other relevant factor (such as the step in method or the unit in device, for example, Unit can be partial circuit, segment processor, subprogram or software etc.).
Unless otherwise defined, all technical and scientific terms used herein and belong to technical field of the invention The normally understood meaning of technical staff is identical.Term used herein is only for the purpose of describing specific embodiments It is not intended to limit the present invention.
In the following description, it is related to " some embodiments ", which depict the subsets of all possible embodiments, but can To understand, " some embodiments " can be the same subsets or different subsets of all possible embodiments, and can not conflict In the case where be combined with each other.
It may be noted that it is the similar object of difference that term " first second " involved in the embodiment of the present invention, which is only, no Represent the particular sorted for being directed to object, it is possible to understand that specific sequence can be interchanged in ground, " first second " in the case where permission Or precedence, so that the embodiment of the present invention described herein can be real with the sequence other than illustrating or describing herein It applies.
Illustrate the exemplary application for realizing the document management apparatus of the embodiment of the present invention below, it is provided in an embodiment of the present invention Document management apparatus may be embodied as various types of user terminals such as smart phone, tablet computer, laptop.In the following, Cover the exemplary application of terminal when supporting paper managing device is embodied as terminal.
It is an optional configuration diagram of file management system provided in an embodiment of the present invention referring to Fig. 1, Fig. 1, is Realize that one exemplary application of support, terminal 400 (illustrating terminal 400-1 and terminal 400-2) are connected by network 200 Server 300 (illustrating server 300-1 and server 300-2) is connect, network 200 can be wide area network or local Net, or be combination, realize that data are transmitted using Radio Link.
File as described in terminal (such as terminal 400-1) key pair file-based carries out fragment encryption, uploads the described of encryption The fragment of file is to document management server (such as server 300-1);Terminal acquisition adds for the key to the file Close encryption key is based on the encryption key, encrypts to the key of the file, obtain security key, and upload institute Security key is stated to service server (such as server 300-2);So that terminal (such as terminal 400-2) is obtained from the service server After taking the security key, the key of the file is obtained to the secure key decryption, to from the file-management services The fragment for the file that device obtains is decrypted, and obtains the file.
Device provided in an embodiment of the present invention may be embodied as the mode of hardware or software and hardware combining, illustrate this hair below The various exemplary implementations for the device that bright embodiment provides.
Referring to fig. 2, Fig. 2 is an optional structural schematic diagram of terminal 400 provided in an embodiment of the present invention, terminal 400 Can be mobile phone, computer, digital broadcast terminal, information transceiving equipment, game console, tablet device, Medical Devices, Body-building equipment, personal digital assistant etc. are not construed as limiting according to the structure of terminal 400, structure as described herein, such as can To omit members described below, alternatively, adding the component do not recorded hereafter to adapt to the special need of certain applications It asks.
Terminal 400 shown in Fig. 2 includes: at least one processor 410, memory 440, at least one network interface 420 With user interface 430.Various components in terminal 400 are coupled by bus system 450.It is understood that bus system 450 For realizing the connection communication between these components.Bus system 450 except include data/address bus in addition to, further include power bus, Control bus and status signal bus in addition.But for the sake of clear explanation, various buses are all designated as bus system in Fig. 2 450。
User interface 430 may include display, keyboard, mouse, trace ball, click wheel, key, button, touch-sensitive plate or Person's touch screen etc..
Memory 440 can be volatile memory or nonvolatile memory, may also comprise volatile and non-volatile Both memories.Wherein, nonvolatile memory can be read-only memory (ROM, Read Only Memory), programmable Read memory (PROM, Programmable Read-Only Memory), Erasable Programmable Read Only Memory EPROM (EPROM, Erasable Programmable Read-Only Memory), flash memory (Flash Memory) etc..Volatile memory can be with It is random access memory (RAM, Random Access Memory), is used as External Cache.By exemplary but not It is restricted explanation, the RAM of many forms is available, such as static random access memory (SRAM, Static Random Access Memory), synchronous static random access memory (SSRAM, Synchronous Static Random Access Memory).The memory 440 of description of the embodiment of the present invention is intended to include the memory of these and any other suitable type.
Memory 440 in the embodiment of the present invention can store executable instruction 4401 to support the behaviour of document management apparatus Make, the example of these executable instructions includes: the various shapes such as program, plug-in unit and script for operating on document management apparatus The software module of formula, program for example may include operating system and application program, wherein operating system includes various system journeys Sequence, such as ccf layer, core library layer, driving layer etc., for realizing various basic businesses and the hardware based task of processing.
As the example that document management apparatus provided in an embodiment of the present invention uses software and hardware combining to implement, the present invention is implemented Document management apparatus provided by example can be embodied directly in be combined by the software module that processor 440 executes, and software module can To be located in storage medium, storage medium is located at memory 440, and processor 410 reads software module in memory 440 and includes Executable instruction is completed in conjunction with necessary hardware (e.g., including processor 440 and the other assemblies for being connected to bus 450) File management method provided in an embodiment of the present invention.
As an example, processor 410 can be a kind of IC chip, and the processing capacity with signal, for example, it is general Processor, digital signal processor (DSP, Digital Signal Processor) or other programmable logic device are divided Vertical door or transistor logic, discrete hardware components etc., wherein general processor can be microprocessor or any normal The processor etc. of rule.
In conjunction with the exemplary application and implementation of the document management apparatus above-mentioned for realizing the embodiment of the present invention, illustrate to realize this The file management method of inventive embodiments.
Fig. 3 is the flow diagram of file management method provided in an embodiment of the present invention, referring to Fig. 3, the embodiment of the present invention The file management method of offer includes:
Step 101: file described in key pair file-based carries out fragment encryption.
In one embodiment, encryption end can realize the fragment encryption to file in the following way:
By file carry out fragment processing, obtain multiple fragments of the file, using Advanced Encryption Standard (AES, Advanced Encryption Standard) electronic codebook mode (ECB, Electronic Code Book) mode it is corresponding Cipher mode, the key according to the file respectively encrypt each fragment.Specifically, Fig. 4 is that the present invention is implemented The method schematic diagram that fragment encryption is carried out to file that example provides, referring to fig. 4, file exists before being encrypted with plaintext version, File is subjected to fragment processing, obtain as shown in Figure 4 multiple Plaintext blocks (i.e. fragment, fragment size can according to be actually needed into Row setting), then each Plaintext block is encrypted respectively using the key of file, obtains corresponding ciphertext blocks (after encrypting Fragment), for example, for Plaintext block P, using obtaining corresponding ciphertext blocks C, C=E after key (K1) encryption of fileK1(P); Herein, the key of file is block cipher, alternatively referred to as block encryption, in practical applications, can be generated at random.
In the embodiment of the present invention to need the file of upload server using fragment encryption by the way of, it is broken to the encryption of file Piece, when file it is very big when, reduce consumption to equipment performance by the way of fragment encryption, improve treatment effeciency and use Family experience, simultaneously as file is encrypted using fragment, it can be achieved that encrypting when uploading to file, improves the processing effect of file Rate.
In one embodiment, the fragment encryption to file can be realized in the following way:
The file is subjected to fragment processing, obtains multiple fragments of the file with serial number;By the text Key of the key of part as the first fragment of the file, according to the key of first fragment, according to the volume of the fragment Number sequence calculates separately the key of each fragment by the way of iteration;Each institute of key pair corresponding to each fragment is respectively adopted Fragment is stated to be encrypted.
Specifically, Fig. 5 is the method schematic diagram provided in an embodiment of the present invention that fragment encryption is carried out to file, referring to Fig. 5, File exists before being encrypted with plaintext version, and file is carried out fragment processing, obtain having serial number as bright in Fig. 5 Literary block 1, Plaintext block 2, Plaintext block 3, Plaintext block 4 ..., using the key of file as the key for being used for encrypting plaintext block 1, (first is close Key), then according to the key (the second key) of the cipher key calculation Plaintext block 2 of Plaintext block 1, the cipher key calculation according to Plaintext block 2 is bright The key (third key) of literary block 3, the key (the 4th key) of the cipher key calculation Plaintext block 4 according to Plaintext block 3, such iteration meter The key of subsequent each Plaintext block is calculated, is then encrypted using the corresponding key pair Plaintext block of each Plaintext block, is obtained corresponding Ciphertext blocks.In this way, to the file of upload server is needed by the way of fragment encryption, to the encryption fragmentation of file, drop The low consumption to equipment performance, promotion user experience, since file is encrypted using fragment, it can be achieved that adding when uploading to file It is close, the treatment effeciency of file is improved, simultaneously as each fragment used key when being encrypted is mutually different, is mentioned significantly The safety of high file.
In practical applications, terminal can confirm file-management services to server before executing to the upload of file Whether this document has been stored in device, and in one embodiment, terminal can realize in the following way whether this document is stored in The verification of document management server:
Terminal calculates the abstract of the file (such as using secure hash algorithm (SHA, Secure Hash Algorithm) SHA1), the upload request of file is then sent to document indexing server, wherein the upload request of file carries plucking for file It wants;The files-designated of the abstract of stored file and corresponding abstract in document management server is stored in document indexing server Know, after the upload request of document indexing server resolution file obtains the abstract of file, abstract file-based, which is indexed, to be looked into It looks for whether itself stores the abstract of this document, if indexing the abstract of the file, shows that this document had been uploaded, if The abstract for not indexing this document shows that this document was not uploaded.
Here, SHA being illustrated, SHA is a kind of data encryption algorithm, and the thought of the algorithm is to receive a Duan Mingwen, Then one section of (usually smaller) ciphertext is converted into irreversibly with one kind, can also simply be interpreted as taking a string it is defeated Enter code (referred to as preliminary mapping or information), and they are converted into length is shorter, digit is fixed output sequence i.e. hashed value (also referred to as For informative abstract or message authentication codes) process.
In actual implementation, if document indexing server does not index the abstract of this document, the mark of corresponding this document is generated Know, meanwhile, it requests to upload to document management server and the resource authorization of this document (is requested that terminal is allowed to execute this document Upload), the mark of this document is for uniquely identifying this document, such as file identifier descriptors (FID, File Identifier Descriptor), to obtain the text from document management server based on the mark of this document for terminal Part.In practical applications, at least one following information: the size information of file, fragment can be also carried in the upload request of file Quantity information, destination address etc..
In actual implementation, if document indexing server indexes the abstract of this document, is returned to terminal and upload end Information.
Step 102: uploading the fragment of the file of encryption to document management server.
In one embodiment, terminal can upload the fragment of the file of encryption to file-management services in the following way Device:
Terminal uploads the fragment of the file of encryption to file-management services by the way of multi-channel parallel upload Device;Wherein, each channel uploads the fragment of a file every time.That is, terminal starts multiple uploads simultaneously Thread (such as 3), each fragment for uploading thread and uploading a file every time, so, it can be achieved that disposably uploading multiple texts The fragment of part improves the upper transfer efficiency of file to document management server.
Step 103: obtaining the encryption key encrypted for the key to the file.
In one embodiment, it is close can to obtain in the following way the encryption encrypted for the key to file for terminal Key:
Terminal is sent for obtaining the request of encryption key to Key Management server;The request carries authentication information; Receive the encryption key that the Key Management server is sent;The encryption key is that the Key Management server is based on The authentication information send after subscription authentication passes through.
Illustratively, terminal is sent for obtaining the request of encryption key to Key Management server, is carried in the request For the user name of subscription authentication, encrypted message (i.e. authentication information, wherein user name, encrypted message can be used bill, The form presence of session), after Key Management server analysis request, carrying out subscription authentication (in one embodiment, can also will Authentication information is sent to authentication server, executes authentication process by authentication server), after subscription authentication passes through, returns and add Key is to terminal.
In practical applications, after progress subscription authentication passes through, Key Management server is while returning to Crypted password, also Key version information corresponding with encryption key is returned, correspondingly, terminal is receiving key version corresponding with encryption key After this information, the key version information is uploaded to service server, so that terminal is described close from service server acquisition After key version information, the encryption key is obtained from the Key Management server according to the key version information.
Step 104: being based on the encryption key, the key of the file is encrypted, security key is obtained.
In one embodiment, terminal can realize the encryption to the key of file in the following way:
Terminal uses the corresponding cipher mode of ecb mode of AES, adds according to key of the encryption key to file It is close;For example, the key of file is K1, encryption key K2, then security key K3=EK2(K1)。
Step 105: uploading the security key to service server.
In actual implementation, while terminal uploads key version information to service server, security key is also uploaded To service server, so that after terminal obtains key version information, security key from service server, according to key version information Encryption key is obtained from Key Management server, the key of file is obtained to secure key decryption.Namely encryption key for pair While the key of file is encrypted, also as the decruption key of security key, security key for being formed to encryption into Row decryption.
In embodiments of the present invention, since the key of file resource and file uses distributed storage, and file is carried out While encryption, the key of file is also encrypted, so that server also cannot achieve the decryption to file, it is ensured that file money The safety in source.
In practical applications, when user needs to carry out file download, it is close that the safety is obtained from service server respectively Key obtains the file from document management server, security key is decrypted to obtain the key of file, then uses file Key pair obtain the file be decrypted.
Fig. 6 is the flow diagram of file management method provided in an embodiment of the present invention, and Fig. 7 provides for the embodiment of the present invention File management system configuration diagram, realize upload (upload onto the server) of the terminal to file, in conjunction with Fig. 6, figure 7, file management method provided in an embodiment of the present invention includes:
Step 201: the abstract SHA1 of terminal calculation document.
Here, in actual implementation, terminal can carry out the digest calculations of file using secure hash algorithm, obtain described The abstract SHA1 of file.
Step 202: sending the upload request for carrying the file of abstract to document indexing server.
Here, the abstract of stored file and correspondence in document management server are stored in document indexing server to pluck The file identification wanted requests to upload resource authorization to document management server for generating, storing, retrieve resource index.
In actual implementation, after document indexing server receives the upload request for carrying the file of abstract, parsing is obtained The abstract of file, abstract file-based is indexed lookup, when finding the abstract of this document, returns to terminal and uploads knot The message of beam generates the mark of this document when not finding the abstract of this document, establishes the abstract and file identification of this document Mapping relations, and return to the mark of file to terminal.
Step 203: document indexing server returns to the mark FID of file to terminal.
Step 204: terminal generates random key K1.
Here, the random key K1 that terminal generates is the key of file, for encrypting to file.
Step 205: being based on random key K1, fragment encryption is carried out to file, and be uploaded to document management server.
Here, file is carried out fragment processing by terminal, obtains multiple fragments of file, corresponding using the ecb mode of AES Cipher mode respectively encrypts each fragment using random key K1, for fragment P, after random key K1 encryption, Obtain C=EK1(P)。
In actual implementation, terminal to multiple encrypted fragments using multi-channel parallel upload by the way of, in this way, improve The upper transfer efficiency of file.
Step 206: terminal is sent for obtaining the request of encryption key to Key Management server.
Here, the authentication carried in the request for obtaining encryption key that terminal is sent for carrying out subscription authentication is believed Breath, such as user name and corresponding password, in practical applications, which exists in the form of bill, session.
In practical applications, authentication information is obtained after the above-mentioned request analysis that Key Management server sends terminal, it is close Key management server can carry out subscription authentication based on authentication information, or send authentication information and (do not show in figure to authentication server Out), subscription authentication is carried out by authentication server, after the authentication is passed, is considered as the terminal and obtains the authorization for obtaining encryption key, Return to encryption key and corresponding key version information.
Step 207: Key Management server returns to encryption key K2 and corresponding key version V to terminal.
In actual implementation, encryption key K2 and key version V are one-to-one relationship, can be obtained by key version V Corresponding encryption key.
Step 208: terminal encrypts random key K1 using encryption key K2, obtains security key K3.
Here, in actual implementation, the corresponding cipher mode of ecb mode of AES can be used, according to the encryption key pair The key of file is encrypted, K3=EK2(K1)。
Step 209: mark FID, security key K3 and the key version V of upper transmitting file to service server.
Using the above embodiment of the present invention, to the file of upload server is needed by the way of fragment encryption, to file Encryption fragmentation, reduce to the consumption of equipment performance, promote user experience, can be real simultaneously as file is using fragment encryption Now encrypting when uploading to file, improves the treatment effeciency of file;The key of file resource and file uses distributed storage, And while encryption to file, the key of file is also encrypted, so that server also cannot achieve the solution to file It is close, it is ensured that the safety of file resource.
Fig. 8 is the flow diagram of file management method provided in an embodiment of the present invention, relative to embodiment illustrated in fig. 6, Scheme shown in Fig. 8 realizes downloading of the terminal to file, and referring to Fig. 8, file management method provided in an embodiment of the present invention includes:
Step 301: the corresponding mark FID of file, key version V and security key K3 needed for terminal obtains.
Here, in practical applications, the terminal for if desired carrying out file download is to upload this document before to server Terminal, then terminal itself can storage file mark FID, key version V and security key K3, directly from itself store this article It is obtained in the relevant information of part.
If desired the terminal for carrying out file download is not to upload the terminal of this document to server before, for example, for micro- Believe that the application scenarios of chat, terminal A send a file to terminal B, then it is corresponding to carry file in the file message that terminal B is received Mark FID, key version V and security key K3, i.e. terminal B obtain the corresponding mark FID of file, key from service server Version V and security key K3.
Step 302: terminal is based on key version V, requests decruption key K2 to Key Management server.
In practical applications, Key Management server stores one-to-one key version V and decruption key K2 (encryption Key K2), due in embodiments of the present invention, to the symmetric cryptography that is encrypted as of random key K1, therefore while encrypting, is used Encryption key K2, while also can be used as the decruption key that security key K3 is decrypted.
Step 303: terminal receives the decruption key K2 that Key Management server returns.
Step 304: terminal requests corresponding file to document management server according to the mark FID of file.
Step 305: document management server returns to the fragment of the file of encryption to terminal.
In practical applications, document management server can be used serial manner and send the fragment of file to terminal, such as text Part management server passes through network protocol (HTTPS, Hyper Text Transfer Protocol over Secure Socket Layer) establish with the communication connection of terminal, send the fragment of file to terminal.
Step 306: terminal decrypts security key K3 to obtain the key K1 of file using decruption key K2, and according to file Key K1 the fragment of the file of encryption is decrypted to obtain the file.
Here, in actual implementation, terminal is decrypted the fragment of file using the manner of decryption of corresponding cipher mode; For example, ciphertext blocks C is decrypted using random key K1 to obtain Plaintext block P, P=DK1(C), multiple files decryption obtained Plaintext block integrated to obtain this document.
Next by taking application scenarios is wechat (such as wechat enterprises) as an example to the file management method of the embodiment of the present invention into Row explanation.Fig. 9 is the flow diagram of file management method provided in an embodiment of the present invention, in this embodiment, first terminal (in the present embodiment as encryption end) carries out file (such as picture text to second terminal (being used as decrypting end in the present embodiment) Part, video file) transmission, first terminal will need the file that transmits to be uploaded to server first, and then second terminal side is from clothes The downloading of corresponding document is carried out at business device, referring to Fig. 9, file management method provided in an embodiment of the present invention includes:
Step 401: first terminal sends document message to service server.
Here, document message indicates that the document is sent to second terminal by service server, meanwhile, document message is for asking It asks and uploads the document to document management server, the corresponding abstract SHA1 of the document is carried in document message.
Step 402: service server parsing document message obtains abstract SHA1, and forward abstract SHA1 takes to file index Business device.
Step 403: document indexing server is based on abstract SHA1 and judges whether store this article in document management server Shelves execute step 404 if not stored the document;If storing the document, step 408 is executed.
Here, document indexing server judges whether store the document in document management server based on abstract SHA1 Concrete mode is referring to previous embodiment, and details are not described herein again.
Step 404: first terminal receives the mark for the document that document indexing server is sent.
In practical applications, when document indexing server determines that the document was not uploaded (i.e. in document management server It is not stored) when, the mark of corresponding the document is generated, the mapping relations of the mark of the document and the abstract SHA1 of document are established.
Step 405: first terminal uses random key K1, carries out fragment encryption to document, and is uploaded to file management clothes Business device.
Step 406: first terminal obtains the encryption key for encrypting to random key K1 from Key Management server K2, and the key version V of corresponding K2.
Step 407: first terminal is encrypted to obtain security key K3 to K1 using K2, upload FID, security key K3 and Then key version V executes step 408 to service server.
Step 408: document indexing server sends the mark FID of corresponding abstract SHA1 to service server.
The mapping that mark FID, security key K3 and key version V are stored in actual implementation, at service server is closed System can obtain corresponding security key K3 and key version V by identifying FID index.
Step 409: service server sends document message to second terminal.
Here, in practical applications, what service server was sent makes second terminal obtain the document message of the document In carry the corresponding mark FID of document, security key K3 and key version V.
Step 410: second terminal parsing document message obtains the corresponding mark FID of the document, security key K3 and close Key version V.
Step 411: second terminal is based on key version V, requests decruption key K2 to Key Management server.
Step 412: second terminal obtains the fragment of document from document management server according to the mark FID of document.
Step 413: second terminal decrypts K3 using K2 to obtain random key K1, and according to K1 to point of the document of encryption Piece is decrypted to obtain the document.
Figure 10 is the interface schematic diagram that second terminal provided in an embodiment of the present invention receives wechat document message, referring to figure 10, first terminal sends document message to the wechat interface of second terminal by service server, and first terminal is first by this article Shelves carry out fragment encryption and the fragment of distributed storage document and the key of encryption, service server are sent to the text of second terminal Carry mark FID, security key K3 and key version V in shelves message, when the document message received when the user clicks, second eventually FID, the security key K3 and key version V that end group carries in document message obtain the document fragment of encryption and corresponding respectively Key, to fragment parsing after obtain the actual content of the document.
Continue to explain document management apparatus provided in an embodiment of the present invention, document management apparatus provided in an embodiment of the present invention Pure software implementation also can be used, Figure 11 is the composed structure schematic diagram of document management apparatus 800 provided in an embodiment of the present invention, should Document management apparatus can realize the upload of file, and referring to Figure 11, document management apparatus 800 provided in an embodiment of the present invention includes:
First encryption unit 111 carries out fragment encryption for file described in key pair file-based;
First uploading unit 112, for upload encryption the file fragment to document management server;
Acquiring unit 113, for obtaining the encryption key encrypted for the key to the file;
Second encryption unit 114 encrypts the key of the file, is pacified for being based on the encryption key Full key;
Second uploading unit 115, for uploading the security key to service server;
The security key, after obtaining the security key from the service server, to the security key solution The close key for obtaining the file is decrypted with the fragment to the file obtained from the document management server.
In one embodiment, first encryption unit is also used to the file carrying out fragment processing, obtains the text Multiple fragments of part;
Using the corresponding cipher mode of electronic codebook mode ecb mode of Advanced Encryption Standard AES, according to the close of the file Key respectively encrypts each fragment.
In one embodiment, first encryption unit is also used to the file carrying out fragment processing, obtains having company Multiple fragments of the file for the number of sequeling;
Using the key of the file as the key of the first fragment of the file, according to the key of first fragment, The key of each fragment is calculated separately by the way of iteration according to the number order of the fragment;
Each fragment of key pair corresponding to each fragment is respectively adopted to be encrypted.
In one embodiment, the acquiring unit is also used to send the request for obtaining the encryption key to key Management server;The request carries authentication information;
Receive the encryption key that the Key Management server is sent;The encryption key is key management clothes Business device is based on the authentication information and send after subscription authentication passes through.
In one embodiment, the acquiring unit is also used to receive described in the correspondence that the Key Management server is sent The key version information of encryption key;
Second uploading unit is also used to upload the key version information, the security key to service server, After obtaining the key version information, the security key from the service server, according to the key version information from The Key Management server obtains the encryption key, obtains the key of the file to the secure key decryption.
In one embodiment, first uploading unit is also used in such a way that multi-channel parallel uploads, and uploads encryption The file fragment to document management server;Wherein, each channel uploads the fragment of a file every time.
In one embodiment, the acquiring unit is also used to calculate plucking for the file using secure hash algorithm SHA It wants;
Based on the abstract of the file, the mark of the file is obtained from document indexing server;
Second uploading unit, is also used to upload the mark of the file to the service server, with from the industry After business server obtains the mark of the file, the mark according to the file indexes to obtain from the document management server The file.
In one embodiment, the acquiring unit is also used to the abstract based on the file, sends the upload of the file It requests to the document indexing server;
Receive the mark for the file that the document indexing server returns;
The file is identified as abstract of the document indexing server based on the file, determines the file management It is generated when the not stored file of server.
Figure 12 is the composed structure schematic diagram of document management apparatus 900 provided in an embodiment of the present invention, this document management dress The downloading for setting achievable file, referring to Figure 12, document management apparatus provided in an embodiment of the present invention includes:
Fragment acquiring unit 121, the fragment of the file for obtaining encryption from document management server;The fragment is based on The key of the file is encrypted;
First key acquiring unit 122, for obtaining security key from service server;The security key is to described The key of file obtains after being encrypted;
Second key acquiring unit 123, for obtaining the decruption key for decrypting the security key;
Decryption unit 124, for being based on the decruption key, to obtaining the close of the file after the secure key decryption Key, and the fragment of the file acquired in the key pair based on the file is decrypted, and obtains the file.
In one embodiment, described device further include:
Information acquisition unit, for obtaining the key message of the file, the key message includes: the mark of the file Know, the key version information of the corresponding decruption key;
The mark of the file, for for indexing to obtain the file from the document management server;
The key version information, for obtaining the decryption from Key Management server according to the key version information Key.
In one embodiment, the information acquisition unit is also used to receive the file that the service server is sent Message, the message carries the key message;
The message for parsing the file obtains the key message.
In one embodiment, the fragment acquiring unit, is also used to the mark based on the file, with the file management Server carries out transmission key negotiation;
After transmission key negotiation passes through, the fragment for the file that the document management server is sent is received;
The fragment is that the document management server uses the transmission key, to the key progress according to the file The fragment of encryption obtains after encrypting again.
In one embodiment, the decryption unit is also used to the key based on the file, using the ecb mode pair of AES The fragment of the file is decrypted in the manner of decryption answered, and obtains the content information of the fragment;
The content information for all fragments that the file includes is combined, the file is obtained.
The embodiment of the invention also provides a kind of readable storage medium storing program for executing, storage medium may include: movable storage device, with Machine accesses memory (RAM, Random Access Memory), read-only memory (ROM, Read-Only Memory), magnetic disk Or the various media that can store program code such as CD.The readable storage medium storing program for executing is stored with executable instruction;
The executable instruction realizes above-mentioned file management method when for being executed by processor.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain Lid is within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.

Claims (15)

1. a kind of file management method, which is characterized in that the described method includes:
It encrypts file described in the key pair file-based of end and carries out fragment encryption;
The fragment of the file of encryption is uploaded to document management server;
Obtain the encryption key encrypted for the key to the file;
Based on the encryption key, the key of the file is encrypted, security key is obtained;
The security key is uploaded to service server;
The security key is used for for decrypting end after the service server acquisition security key, close to the safety Key is decrypted to obtain the key of the file, is solved with the fragment to the file obtained from the document management server It is close, obtain the file.
2. the method as described in claim 1, which is characterized in that file described in the key pair file-based carries out fragment and adds It is close, comprising:
The file is subjected to fragment processing, obtains multiple fragments of the file;
Key point using the corresponding cipher mode of electronic codebook mode ecb mode of Advanced Encryption Standard AES, according to the file It is other that each fragment is encrypted.
3. the method as described in claim 1, which is characterized in that file described in the key pair file-based carries out fragment and adds It is close, comprising:
The file is subjected to fragment processing, obtains multiple fragments of the file with serial number;
Using the key of the file as the key of the first fragment of the file, according to the key of first fragment, according to The number order of the fragment calculates separately the key of each fragment by the way of iteration;
Each fragment of key pair corresponding to each fragment is respectively adopted to be encrypted.
4. the method as described in claim 1, which is characterized in that the acquisition was encrypted for the key to the file Encryption key, comprising:
It sends for obtaining the request of the encryption key to Key Management server;The request carries authentication information;
Receive the encryption key that the Key Management server is sent;The encryption key is the Key Management server Send after subscription authentication passes through based on the authentication information.
5. method as claimed in claim 4, which is characterized in that the method also includes:
Receive the key version information for the correspondence encryption key that the Key Management server is sent;
The key version information, the security key to service server are uploaded, described in obtaining from the service server After key version information, the security key, according to the key version information from described in Key Management server acquisition Encryption key obtains the key of the file to the secure key decryption.
6. the method as described in claim 1, which is characterized in that the fragment of the file for uploading encryption to file management Server, comprising:
By the way of multi-channel parallel upload, the fragment of the file of encryption is uploaded to document management server;Wherein, often A channel uploads the fragment of a file every time.
7. the method as described in claim 1, which is characterized in that the method also includes:
The abstract of the file is calculated using secure hash algorithm SHA;
Based on the abstract of the file, the mark of the file is obtained from document indexing server;
The mark of the file is uploaded to the service server, to obtain the mark of the file from the service server Afterwards, it indexes to obtain the file from the document management server according to the mark of the file.
8. the method for claim 7, which is characterized in that the abstract based on the file, from file index service Device obtains the mark of the file, comprising:
Based on the abstract of the file, the upload request of the file is sent to the document indexing server;
Receive the mark for the file that the document indexing server returns;
The file is identified as abstract of the document indexing server based on the file, determines the file-management services It is generated when the not stored file of device.
9. a kind of file management method, which is characterized in that the described method includes:
The fragment of the file of encryption is obtained from document management server;The fragment is encrypted based on the key of the file;
Security key is obtained from service server;The security key is to obtain after encrypting to the key of the file;
Obtain the decruption key for decrypting the security key;
Based on the decruption key, to obtaining the key of the file after the secure key decryption, and based on the file The fragment of the file acquired in key pair is decrypted, and obtains the file.
10. method as claimed in claim 9, which is characterized in that the method also includes:
The key message of the file is obtained, the key message includes: the mark of the file, the corresponding decruption key Key version information;
The mark of the file, for for indexing to obtain the file from the document management server;
The key version information, it is close for obtaining the decryption from Key Management server according to the key version information Key.
11. method as claimed in claim 10, which is characterized in that the file for obtaining encryption from document management server Fragment, comprising:
Based on the mark of the file, transmission key negotiation is carried out with the document management server;
After transmission key negotiation passes through, the fragment for the file that the document management server is sent is received;
The fragment is that the document management server uses the transmission key, is encrypted to the key according to the file The fragment encrypt again after obtain.
12. a kind of document management apparatus, which is characterized in that described device includes:
First encryption unit carries out fragment encryption for file described in key pair file-based;
First uploading unit, for upload encryption the file fragment to document management server;
Acquiring unit, for obtaining the encryption key encrypted for the key to the file;
Second encryption unit encrypts the key of the file, obtains security key for being based on the encryption key;
Second uploading unit, for uploading the security key to service server;
The security key obtains the secure key decryption after obtaining the security key from the service server To the key of the file, it is decrypted with the fragment to the file obtained from the document management server.
13. a kind of document management apparatus, which is characterized in that described device includes:
Fragment acquiring unit, the fragment of the file for obtaining encryption from document management server;The fragment is based on the text The key of part is encrypted;
First key acquiring unit, for obtaining security key from service server;The security key is to the file Key obtains after being encrypted;
Second key acquiring unit, for obtaining the decruption key for decrypting the security key;
Decryption unit, for being based on the decruption key, to obtaining the key of the file, and base after the secure key decryption The fragment of the file acquired in the key pair of the file is decrypted, and obtains the file.
14. a kind of storage medium, which is characterized in that be stored with executable instruction, the executable instruction is performed, for real Existing file management method as claimed in any one of claims 1 to 8.
15. a kind of storage medium, which is characterized in that be stored with executable instruction, the executable instruction is performed, for real Now such as the described in any item file management methods of claim 9 to 11.
CN201811412957.1A 2018-11-23 2018-11-23 File management method, device and storage medium Active CN110401689B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811412957.1A CN110401689B (en) 2018-11-23 2018-11-23 File management method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811412957.1A CN110401689B (en) 2018-11-23 2018-11-23 File management method, device and storage medium

Publications (2)

Publication Number Publication Date
CN110401689A true CN110401689A (en) 2019-11-01
CN110401689B CN110401689B (en) 2021-12-10

Family

ID=68322200

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811412957.1A Active CN110401689B (en) 2018-11-23 2018-11-23 File management method, device and storage medium

Country Status (1)

Country Link
CN (1) CN110401689B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111245597A (en) * 2020-01-17 2020-06-05 众安信息技术服务有限公司 Key management method, system and equipment
CN111698576A (en) * 2020-06-23 2020-09-22 网易有道信息技术(杭州)有限公司 Information encryption method, decryption method, server, client, and medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030208693A1 (en) * 2002-05-02 2003-11-06 Fuji Xerox Co., Ltd. Method and system for transferring data
CN102333236A (en) * 2011-10-27 2012-01-25 中国华录集团有限公司 Video content encryption and decryption system
CN103685557A (en) * 2013-12-26 2014-03-26 金蝶软件(中国)有限公司 Method and device for uploading and downloading file
CN104837035A (en) * 2015-04-30 2015-08-12 华为软件技术有限公司 Video playing method and terminal
CN106254324A (en) * 2016-07-26 2016-12-21 杭州文签网络技术有限公司 A kind of encryption method storing file and device
CN108429733A (en) * 2018-02-05 2018-08-21 济南浪潮高新科技投资发展有限公司 A kind of system of data processing

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030208693A1 (en) * 2002-05-02 2003-11-06 Fuji Xerox Co., Ltd. Method and system for transferring data
CN102333236A (en) * 2011-10-27 2012-01-25 中国华录集团有限公司 Video content encryption and decryption system
CN103685557A (en) * 2013-12-26 2014-03-26 金蝶软件(中国)有限公司 Method and device for uploading and downloading file
CN104837035A (en) * 2015-04-30 2015-08-12 华为软件技术有限公司 Video playing method and terminal
CN106254324A (en) * 2016-07-26 2016-12-21 杭州文签网络技术有限公司 A kind of encryption method storing file and device
CN108429733A (en) * 2018-02-05 2018-08-21 济南浪潮高新科技投资发展有限公司 A kind of system of data processing

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111245597A (en) * 2020-01-17 2020-06-05 众安信息技术服务有限公司 Key management method, system and equipment
CN111245597B (en) * 2020-01-17 2023-09-15 众安信息技术服务有限公司 Key management method, system and equipment
CN111698576A (en) * 2020-06-23 2020-09-22 网易有道信息技术(杭州)有限公司 Information encryption method, decryption method, server, client, and medium
CN111698576B (en) * 2020-06-23 2022-04-01 网易有道信息技术(杭州)有限公司 Information encryption method, decryption method, server, client, and medium

Also Published As

Publication number Publication date
CN110401689B (en) 2021-12-10

Similar Documents

Publication Publication Date Title
CN108055274B (en) Encryption and sharing method and system based on alliance chain storage data
US10417394B2 (en) Method and system for unified mobile content protection
AU2021203184B2 (en) Transaction messaging
EP3453135B1 (en) System and method for encryption and decryption based on quantum key distribution
US9037870B1 (en) Method and system for providing a rotating key encrypted file system
US9819494B2 (en) Digital signature service system based on hash function and method thereof
Zou et al. Phosphor: A cloud based DRM scheme with sim card
US10084790B2 (en) Peer to peer enterprise file sharing
US20120303967A1 (en) Digital rights management system and method for protecting digital content
US9641328B1 (en) Generation of public-private key pairs
CN110708291B (en) Data authorization access method, device, medium and electronic equipment in distributed network
CN111414628B (en) Data storage method and device and computing equipment
JP2017112604A (en) Method for improving encryption/decryption speed by complexly applying symmetric key encryption and asymmetric key double encryption
JP2014175970A (en) Information distribution system, information processing device, and program
CN110401689A (en) File management method, device and storage medium
CN111010283B (en) Method and apparatus for generating information
CN110602075A (en) File stream processing method, device and system for encryption access control
KR101413248B1 (en) device for encrypting data in a computer and storage for storing a program encrypting data in a computer
KR101423953B1 (en) Method for searching data in remote computing environment and Method therefor
CN106921644A (en) The verification method and device of client data file
Gopika et al. Secure Data Sharing in Multiple Cloud Servers Using Forward and Backward Secrecy
Baselios Mathews et al. Secure Data Sharing in Multiple Cloud Servers Using Forward and Backward Secrecy
KR100771339B1 (en) Method and system for providing commerce service
CN116055105A (en) Cloud storage data processing method, device and server
US20150326544A1 (en) Method of processing data in distributed storage system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant