CN110401689A - File management method, device and storage medium - Google Patents
File management method, device and storage medium Download PDFInfo
- Publication number
- CN110401689A CN110401689A CN201811412957.1A CN201811412957A CN110401689A CN 110401689 A CN110401689 A CN 110401689A CN 201811412957 A CN201811412957 A CN 201811412957A CN 110401689 A CN110401689 A CN 110401689A
- Authority
- CN
- China
- Prior art keywords
- file
- key
- fragment
- encryption
- management server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0637—Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of file management method, device and storage medium, method includes: that file described in encryption end key pair file-based carries out fragment encryption;The fragment of the file of encryption is uploaded to document management server;Obtain the encryption key encrypted for the key to the file;Based on the encryption key, the key of the file is encrypted, security key is obtained;The security key is uploaded to service server;The security key, for decrypting end after the service server acquisition security key, the key of the file is obtained to the secure key decryption, is decrypted with the fragment to the file obtained from the document management server, obtains the file.
Description
Technical field
The present invention relates to data processing technique more particularly to a kind of file management methods, device and storage medium.
Background technique
In the related technology, in order to guarantee the safety of file, server storage will be uploaded to by generalling use after file encryption, so
And when file is larger, file encryption is uploaded to, upload low efficiency higher to the performance requirement of terminal again, and encryption is used
Key be generally stored inside terminal local, safety is low.
Summary of the invention
In view of this, the embodiment of the present invention provides a kind of file management method, device and storage medium, file can be improved
The safety of storage.
In a first aspect, the embodiment of the present invention provides a kind of file management method, comprising:
It encrypts file described in the key pair file-based of end and carries out fragment encryption;
The fragment of the file of encryption is uploaded to document management server;
Obtain the encryption key encrypted for the key to the file;
Based on the encryption key, the key of the file is encrypted, security key is obtained;
The security key is uploaded to service server;
The security key is used for for decrypting end after the service server acquisition security key, to the peace
Full key is decrypted to obtain the key of the file, is carried out with the fragment to the file obtained from the document management server
Decryption, obtains the file.
Second aspect, the embodiment of the present invention provide a kind of file management method, comprising:
The fragment of the file of encryption is obtained from document management server;The fragment is added based on the key of the file
It is close;
Security key is obtained from service server;The security key is to obtain after encrypting to the key of the file
It arrives;
Obtain the decruption key for decrypting the security key;
Based on the decruption key, to obtaining the key of the file after the secure key decryption, and it is based on the text
The fragment of the file acquired in the key pair of part is decrypted, and obtains the file.
The third aspect, the embodiment of the present invention provide a kind of document management apparatus, and described device includes:
First encryption unit carries out fragment encryption for file described in key pair file-based;
First uploading unit, for upload encryption the file fragment to document management server;
Acquiring unit, for obtaining the encryption key encrypted for the key to the file;
Second encryption unit encrypts the key of the file, it is close to obtain safety for being based on the encryption key
Key;
Second uploading unit, for uploading the security key to service server;
The security key, after obtaining the security key from the service server, to the security key solution
The close key for obtaining the file is decrypted with the fragment to the file obtained from the document management server.
Fourth aspect, the embodiment of the present invention provide a kind of document management apparatus, and described device includes:
Fragment acquiring unit, the fragment of the file for obtaining encryption from document management server;The fragment is based on institute
The key for stating file is encrypted;
First key acquiring unit, for obtaining security key from service server;The security key is to the text
The key of part obtains after being encrypted;
Second key acquiring unit, for obtaining the decruption key for decrypting the security key;
Decryption unit, for being based on the decruption key, to obtaining the key of the file after the secure key decryption,
And the fragment of the file acquired in the key pair based on the file is decrypted, and obtains the file.
5th aspect, the embodiment of the present invention provide a kind of document management apparatus, and described device includes:
Memory, for storing executable instruction;
Processor when for executing the executable instruction stored in the memory, is realized provided in an embodiment of the present invention
The file management method.
6th aspect, the embodiment of the present invention provide a kind of storage medium, are stored with executable instruction, the executable instruction
It is performed, for realizing the file management method provided in an embodiment of the present invention.
It is had the advantages that using the above embodiment of the present invention
1), in the embodiment of the present invention to need the file of upload server using fragment encryption by the way of, file is added
Close fragmentation, when file it is very big when, reduce consumption to equipment performance by the way of fragment encryption, improve treatment effeciency
And user experience, simultaneously as file is encrypted using fragment, it can be achieved that encrypting when uploading to file, improves the place of file
Manage efficiency;
2), since the key of file resource and file uses distributed storage, and while encrypted to file, to text
The key of part is also encrypted, so that server also cannot achieve the decryption to file, it is ensured that the safety of file resource.
Detailed description of the invention
Fig. 1 is an optional configuration diagram of file management system provided in an embodiment of the present invention;
Fig. 2 is an optional structural schematic diagram of terminal 400 provided in an embodiment of the present invention;
Fig. 3 is the flow diagram of file management method provided in an embodiment of the present invention;
Fig. 4 is the method schematic diagram provided in an embodiment of the present invention that fragment encryption is carried out to file;
Fig. 5 is the method schematic diagram provided in an embodiment of the present invention that fragment encryption is carried out to file;
Fig. 6 is the flow diagram of file management method provided in an embodiment of the present invention;
Fig. 7 is the configuration diagram of file management system provided in an embodiment of the present invention;
Fig. 8 is the flow diagram of file management method provided in an embodiment of the present invention;
Fig. 9 is the flow diagram of file management method provided in an embodiment of the present invention;
Figure 10 is the interface schematic diagram that second terminal provided in an embodiment of the present invention receives wechat document message;
Figure 11 is the composed structure schematic diagram of document management apparatus 800 provided in an embodiment of the present invention;
Figure 12 is the composed structure schematic diagram of document management apparatus 900 provided in an embodiment of the present invention.
Specific embodiment
The present invention is further described in detail below with reference to the accompanying drawings and embodiments.It should be appreciated that mentioned herein
Embodiment is only used to explain the present invention, is not intended to limit the present invention.In addition, embodiment provided below is for implementing
Section Example of the invention, rather than provide and implement whole embodiments of the invention, in the absence of conflict, the present invention is implemented
Example record technical solution can mode in any combination implement.
It should be noted that in embodiments of the present invention, the terms "include", "comprise" or its any other variant are intended to
Cover non-exclusive inclusion, so that including the method for a series of elements or device not only includes wanting of being expressly recited
Element, but also including other elements that are not explicitly listed, or further include for implementation method or device intrinsic want
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including the element
Method or device in there is also other relevant factor (such as the step in method or the unit in device, for example,
Unit can be partial circuit, segment processor, subprogram or software etc.).
Unless otherwise defined, all technical and scientific terms used herein and belong to technical field of the invention
The normally understood meaning of technical staff is identical.Term used herein is only for the purpose of describing specific embodiments
It is not intended to limit the present invention.
In the following description, it is related to " some embodiments ", which depict the subsets of all possible embodiments, but can
To understand, " some embodiments " can be the same subsets or different subsets of all possible embodiments, and can not conflict
In the case where be combined with each other.
It may be noted that it is the similar object of difference that term " first second " involved in the embodiment of the present invention, which is only, no
Represent the particular sorted for being directed to object, it is possible to understand that specific sequence can be interchanged in ground, " first second " in the case where permission
Or precedence, so that the embodiment of the present invention described herein can be real with the sequence other than illustrating or describing herein
It applies.
Illustrate the exemplary application for realizing the document management apparatus of the embodiment of the present invention below, it is provided in an embodiment of the present invention
Document management apparatus may be embodied as various types of user terminals such as smart phone, tablet computer, laptop.In the following,
Cover the exemplary application of terminal when supporting paper managing device is embodied as terminal.
It is an optional configuration diagram of file management system provided in an embodiment of the present invention referring to Fig. 1, Fig. 1, is
Realize that one exemplary application of support, terminal 400 (illustrating terminal 400-1 and terminal 400-2) are connected by network 200
Server 300 (illustrating server 300-1 and server 300-2) is connect, network 200 can be wide area network or local
Net, or be combination, realize that data are transmitted using Radio Link.
File as described in terminal (such as terminal 400-1) key pair file-based carries out fragment encryption, uploads the described of encryption
The fragment of file is to document management server (such as server 300-1);Terminal acquisition adds for the key to the file
Close encryption key is based on the encryption key, encrypts to the key of the file, obtain security key, and upload institute
Security key is stated to service server (such as server 300-2);So that terminal (such as terminal 400-2) is obtained from the service server
After taking the security key, the key of the file is obtained to the secure key decryption, to from the file-management services
The fragment for the file that device obtains is decrypted, and obtains the file.
Device provided in an embodiment of the present invention may be embodied as the mode of hardware or software and hardware combining, illustrate this hair below
The various exemplary implementations for the device that bright embodiment provides.
Referring to fig. 2, Fig. 2 is an optional structural schematic diagram of terminal 400 provided in an embodiment of the present invention, terminal 400
Can be mobile phone, computer, digital broadcast terminal, information transceiving equipment, game console, tablet device, Medical Devices,
Body-building equipment, personal digital assistant etc. are not construed as limiting according to the structure of terminal 400, structure as described herein, such as can
To omit members described below, alternatively, adding the component do not recorded hereafter to adapt to the special need of certain applications
It asks.
Terminal 400 shown in Fig. 2 includes: at least one processor 410, memory 440, at least one network interface 420
With user interface 430.Various components in terminal 400 are coupled by bus system 450.It is understood that bus system 450
For realizing the connection communication between these components.Bus system 450 except include data/address bus in addition to, further include power bus,
Control bus and status signal bus in addition.But for the sake of clear explanation, various buses are all designated as bus system in Fig. 2
450。
User interface 430 may include display, keyboard, mouse, trace ball, click wheel, key, button, touch-sensitive plate or
Person's touch screen etc..
Memory 440 can be volatile memory or nonvolatile memory, may also comprise volatile and non-volatile
Both memories.Wherein, nonvolatile memory can be read-only memory (ROM, Read Only Memory), programmable
Read memory (PROM, Programmable Read-Only Memory), Erasable Programmable Read Only Memory EPROM (EPROM,
Erasable Programmable Read-Only Memory), flash memory (Flash Memory) etc..Volatile memory can be with
It is random access memory (RAM, Random Access Memory), is used as External Cache.By exemplary but not
It is restricted explanation, the RAM of many forms is available, such as static random access memory (SRAM, Static Random
Access Memory), synchronous static random access memory (SSRAM, Synchronous Static Random Access
Memory).The memory 440 of description of the embodiment of the present invention is intended to include the memory of these and any other suitable type.
Memory 440 in the embodiment of the present invention can store executable instruction 4401 to support the behaviour of document management apparatus
Make, the example of these executable instructions includes: the various shapes such as program, plug-in unit and script for operating on document management apparatus
The software module of formula, program for example may include operating system and application program, wherein operating system includes various system journeys
Sequence, such as ccf layer, core library layer, driving layer etc., for realizing various basic businesses and the hardware based task of processing.
As the example that document management apparatus provided in an embodiment of the present invention uses software and hardware combining to implement, the present invention is implemented
Document management apparatus provided by example can be embodied directly in be combined by the software module that processor 440 executes, and software module can
To be located in storage medium, storage medium is located at memory 440, and processor 410 reads software module in memory 440 and includes
Executable instruction is completed in conjunction with necessary hardware (e.g., including processor 440 and the other assemblies for being connected to bus 450)
File management method provided in an embodiment of the present invention.
As an example, processor 410 can be a kind of IC chip, and the processing capacity with signal, for example, it is general
Processor, digital signal processor (DSP, Digital Signal Processor) or other programmable logic device are divided
Vertical door or transistor logic, discrete hardware components etc., wherein general processor can be microprocessor or any normal
The processor etc. of rule.
In conjunction with the exemplary application and implementation of the document management apparatus above-mentioned for realizing the embodiment of the present invention, illustrate to realize this
The file management method of inventive embodiments.
Fig. 3 is the flow diagram of file management method provided in an embodiment of the present invention, referring to Fig. 3, the embodiment of the present invention
The file management method of offer includes:
Step 101: file described in key pair file-based carries out fragment encryption.
In one embodiment, encryption end can realize the fragment encryption to file in the following way:
By file carry out fragment processing, obtain multiple fragments of the file, using Advanced Encryption Standard (AES,
Advanced Encryption Standard) electronic codebook mode (ECB, Electronic Code Book) mode it is corresponding
Cipher mode, the key according to the file respectively encrypt each fragment.Specifically, Fig. 4 is that the present invention is implemented
The method schematic diagram that fragment encryption is carried out to file that example provides, referring to fig. 4, file exists before being encrypted with plaintext version,
File is subjected to fragment processing, obtain as shown in Figure 4 multiple Plaintext blocks (i.e. fragment, fragment size can according to be actually needed into
Row setting), then each Plaintext block is encrypted respectively using the key of file, obtains corresponding ciphertext blocks (after encrypting
Fragment), for example, for Plaintext block P, using obtaining corresponding ciphertext blocks C, C=E after key (K1) encryption of fileK1(P);
Herein, the key of file is block cipher, alternatively referred to as block encryption, in practical applications, can be generated at random.
In the embodiment of the present invention to need the file of upload server using fragment encryption by the way of, it is broken to the encryption of file
Piece, when file it is very big when, reduce consumption to equipment performance by the way of fragment encryption, improve treatment effeciency and use
Family experience, simultaneously as file is encrypted using fragment, it can be achieved that encrypting when uploading to file, improves the processing effect of file
Rate.
In one embodiment, the fragment encryption to file can be realized in the following way:
The file is subjected to fragment processing, obtains multiple fragments of the file with serial number;By the text
Key of the key of part as the first fragment of the file, according to the key of first fragment, according to the volume of the fragment
Number sequence calculates separately the key of each fragment by the way of iteration;Each institute of key pair corresponding to each fragment is respectively adopted
Fragment is stated to be encrypted.
Specifically, Fig. 5 is the method schematic diagram provided in an embodiment of the present invention that fragment encryption is carried out to file, referring to Fig. 5,
File exists before being encrypted with plaintext version, and file is carried out fragment processing, obtain having serial number as bright in Fig. 5
Literary block 1, Plaintext block 2, Plaintext block 3, Plaintext block 4 ..., using the key of file as the key for being used for encrypting plaintext block 1, (first is close
Key), then according to the key (the second key) of the cipher key calculation Plaintext block 2 of Plaintext block 1, the cipher key calculation according to Plaintext block 2 is bright
The key (third key) of literary block 3, the key (the 4th key) of the cipher key calculation Plaintext block 4 according to Plaintext block 3, such iteration meter
The key of subsequent each Plaintext block is calculated, is then encrypted using the corresponding key pair Plaintext block of each Plaintext block, is obtained corresponding
Ciphertext blocks.In this way, to the file of upload server is needed by the way of fragment encryption, to the encryption fragmentation of file, drop
The low consumption to equipment performance, promotion user experience, since file is encrypted using fragment, it can be achieved that adding when uploading to file
It is close, the treatment effeciency of file is improved, simultaneously as each fragment used key when being encrypted is mutually different, is mentioned significantly
The safety of high file.
In practical applications, terminal can confirm file-management services to server before executing to the upload of file
Whether this document has been stored in device, and in one embodiment, terminal can realize in the following way whether this document is stored in
The verification of document management server:
Terminal calculates the abstract of the file (such as using secure hash algorithm (SHA, Secure Hash Algorithm)
SHA1), the upload request of file is then sent to document indexing server, wherein the upload request of file carries plucking for file
It wants;The files-designated of the abstract of stored file and corresponding abstract in document management server is stored in document indexing server
Know, after the upload request of document indexing server resolution file obtains the abstract of file, abstract file-based, which is indexed, to be looked into
It looks for whether itself stores the abstract of this document, if indexing the abstract of the file, shows that this document had been uploaded, if
The abstract for not indexing this document shows that this document was not uploaded.
Here, SHA being illustrated, SHA is a kind of data encryption algorithm, and the thought of the algorithm is to receive a Duan Mingwen,
Then one section of (usually smaller) ciphertext is converted into irreversibly with one kind, can also simply be interpreted as taking a string it is defeated
Enter code (referred to as preliminary mapping or information), and they are converted into length is shorter, digit is fixed output sequence i.e. hashed value (also referred to as
For informative abstract or message authentication codes) process.
In actual implementation, if document indexing server does not index the abstract of this document, the mark of corresponding this document is generated
Know, meanwhile, it requests to upload to document management server and the resource authorization of this document (is requested that terminal is allowed to execute this document
Upload), the mark of this document is for uniquely identifying this document, such as file identifier descriptors (FID, File
Identifier Descriptor), to obtain the text from document management server based on the mark of this document for terminal
Part.In practical applications, at least one following information: the size information of file, fragment can be also carried in the upload request of file
Quantity information, destination address etc..
In actual implementation, if document indexing server indexes the abstract of this document, is returned to terminal and upload end
Information.
Step 102: uploading the fragment of the file of encryption to document management server.
In one embodiment, terminal can upload the fragment of the file of encryption to file-management services in the following way
Device:
Terminal uploads the fragment of the file of encryption to file-management services by the way of multi-channel parallel upload
Device;Wherein, each channel uploads the fragment of a file every time.That is, terminal starts multiple uploads simultaneously
Thread (such as 3), each fragment for uploading thread and uploading a file every time, so, it can be achieved that disposably uploading multiple texts
The fragment of part improves the upper transfer efficiency of file to document management server.
Step 103: obtaining the encryption key encrypted for the key to the file.
In one embodiment, it is close can to obtain in the following way the encryption encrypted for the key to file for terminal
Key:
Terminal is sent for obtaining the request of encryption key to Key Management server;The request carries authentication information;
Receive the encryption key that the Key Management server is sent;The encryption key is that the Key Management server is based on
The authentication information send after subscription authentication passes through.
Illustratively, terminal is sent for obtaining the request of encryption key to Key Management server, is carried in the request
For the user name of subscription authentication, encrypted message (i.e. authentication information, wherein user name, encrypted message can be used bill,
The form presence of session), after Key Management server analysis request, carrying out subscription authentication (in one embodiment, can also will
Authentication information is sent to authentication server, executes authentication process by authentication server), after subscription authentication passes through, returns and add
Key is to terminal.
In practical applications, after progress subscription authentication passes through, Key Management server is while returning to Crypted password, also
Key version information corresponding with encryption key is returned, correspondingly, terminal is receiving key version corresponding with encryption key
After this information, the key version information is uploaded to service server, so that terminal is described close from service server acquisition
After key version information, the encryption key is obtained from the Key Management server according to the key version information.
Step 104: being based on the encryption key, the key of the file is encrypted, security key is obtained.
In one embodiment, terminal can realize the encryption to the key of file in the following way:
Terminal uses the corresponding cipher mode of ecb mode of AES, adds according to key of the encryption key to file
It is close;For example, the key of file is K1, encryption key K2, then security key K3=EK2(K1)。
Step 105: uploading the security key to service server.
In actual implementation, while terminal uploads key version information to service server, security key is also uploaded
To service server, so that after terminal obtains key version information, security key from service server, according to key version information
Encryption key is obtained from Key Management server, the key of file is obtained to secure key decryption.Namely encryption key for pair
While the key of file is encrypted, also as the decruption key of security key, security key for being formed to encryption into
Row decryption.
In embodiments of the present invention, since the key of file resource and file uses distributed storage, and file is carried out
While encryption, the key of file is also encrypted, so that server also cannot achieve the decryption to file, it is ensured that file money
The safety in source.
In practical applications, when user needs to carry out file download, it is close that the safety is obtained from service server respectively
Key obtains the file from document management server, security key is decrypted to obtain the key of file, then uses file
Key pair obtain the file be decrypted.
Fig. 6 is the flow diagram of file management method provided in an embodiment of the present invention, and Fig. 7 provides for the embodiment of the present invention
File management system configuration diagram, realize upload (upload onto the server) of the terminal to file, in conjunction with Fig. 6, figure
7, file management method provided in an embodiment of the present invention includes:
Step 201: the abstract SHA1 of terminal calculation document.
Here, in actual implementation, terminal can carry out the digest calculations of file using secure hash algorithm, obtain described
The abstract SHA1 of file.
Step 202: sending the upload request for carrying the file of abstract to document indexing server.
Here, the abstract of stored file and correspondence in document management server are stored in document indexing server to pluck
The file identification wanted requests to upload resource authorization to document management server for generating, storing, retrieve resource index.
In actual implementation, after document indexing server receives the upload request for carrying the file of abstract, parsing is obtained
The abstract of file, abstract file-based is indexed lookup, when finding the abstract of this document, returns to terminal and uploads knot
The message of beam generates the mark of this document when not finding the abstract of this document, establishes the abstract and file identification of this document
Mapping relations, and return to the mark of file to terminal.
Step 203: document indexing server returns to the mark FID of file to terminal.
Step 204: terminal generates random key K1.
Here, the random key K1 that terminal generates is the key of file, for encrypting to file.
Step 205: being based on random key K1, fragment encryption is carried out to file, and be uploaded to document management server.
Here, file is carried out fragment processing by terminal, obtains multiple fragments of file, corresponding using the ecb mode of AES
Cipher mode respectively encrypts each fragment using random key K1, for fragment P, after random key K1 encryption,
Obtain C=EK1(P)。
In actual implementation, terminal to multiple encrypted fragments using multi-channel parallel upload by the way of, in this way, improve
The upper transfer efficiency of file.
Step 206: terminal is sent for obtaining the request of encryption key to Key Management server.
Here, the authentication carried in the request for obtaining encryption key that terminal is sent for carrying out subscription authentication is believed
Breath, such as user name and corresponding password, in practical applications, which exists in the form of bill, session.
In practical applications, authentication information is obtained after the above-mentioned request analysis that Key Management server sends terminal, it is close
Key management server can carry out subscription authentication based on authentication information, or send authentication information and (do not show in figure to authentication server
Out), subscription authentication is carried out by authentication server, after the authentication is passed, is considered as the terminal and obtains the authorization for obtaining encryption key,
Return to encryption key and corresponding key version information.
Step 207: Key Management server returns to encryption key K2 and corresponding key version V to terminal.
In actual implementation, encryption key K2 and key version V are one-to-one relationship, can be obtained by key version V
Corresponding encryption key.
Step 208: terminal encrypts random key K1 using encryption key K2, obtains security key K3.
Here, in actual implementation, the corresponding cipher mode of ecb mode of AES can be used, according to the encryption key pair
The key of file is encrypted, K3=EK2(K1)。
Step 209: mark FID, security key K3 and the key version V of upper transmitting file to service server.
Using the above embodiment of the present invention, to the file of upload server is needed by the way of fragment encryption, to file
Encryption fragmentation, reduce to the consumption of equipment performance, promote user experience, can be real simultaneously as file is using fragment encryption
Now encrypting when uploading to file, improves the treatment effeciency of file;The key of file resource and file uses distributed storage,
And while encryption to file, the key of file is also encrypted, so that server also cannot achieve the solution to file
It is close, it is ensured that the safety of file resource.
Fig. 8 is the flow diagram of file management method provided in an embodiment of the present invention, relative to embodiment illustrated in fig. 6,
Scheme shown in Fig. 8 realizes downloading of the terminal to file, and referring to Fig. 8, file management method provided in an embodiment of the present invention includes:
Step 301: the corresponding mark FID of file, key version V and security key K3 needed for terminal obtains.
Here, in practical applications, the terminal for if desired carrying out file download is to upload this document before to server
Terminal, then terminal itself can storage file mark FID, key version V and security key K3, directly from itself store this article
It is obtained in the relevant information of part.
If desired the terminal for carrying out file download is not to upload the terminal of this document to server before, for example, for micro-
Believe that the application scenarios of chat, terminal A send a file to terminal B, then it is corresponding to carry file in the file message that terminal B is received
Mark FID, key version V and security key K3, i.e. terminal B obtain the corresponding mark FID of file, key from service server
Version V and security key K3.
Step 302: terminal is based on key version V, requests decruption key K2 to Key Management server.
In practical applications, Key Management server stores one-to-one key version V and decruption key K2 (encryption
Key K2), due in embodiments of the present invention, to the symmetric cryptography that is encrypted as of random key K1, therefore while encrypting, is used
Encryption key K2, while also can be used as the decruption key that security key K3 is decrypted.
Step 303: terminal receives the decruption key K2 that Key Management server returns.
Step 304: terminal requests corresponding file to document management server according to the mark FID of file.
Step 305: document management server returns to the fragment of the file of encryption to terminal.
In practical applications, document management server can be used serial manner and send the fragment of file to terminal, such as text
Part management server passes through network protocol (HTTPS, Hyper Text Transfer Protocol over Secure
Socket Layer) establish with the communication connection of terminal, send the fragment of file to terminal.
Step 306: terminal decrypts security key K3 to obtain the key K1 of file using decruption key K2, and according to file
Key K1 the fragment of the file of encryption is decrypted to obtain the file.
Here, in actual implementation, terminal is decrypted the fragment of file using the manner of decryption of corresponding cipher mode;
For example, ciphertext blocks C is decrypted using random key K1 to obtain Plaintext block P, P=DK1(C), multiple files decryption obtained
Plaintext block integrated to obtain this document.
Next by taking application scenarios is wechat (such as wechat enterprises) as an example to the file management method of the embodiment of the present invention into
Row explanation.Fig. 9 is the flow diagram of file management method provided in an embodiment of the present invention, in this embodiment, first terminal
(in the present embodiment as encryption end) carries out file (such as picture text to second terminal (being used as decrypting end in the present embodiment)
Part, video file) transmission, first terminal will need the file that transmits to be uploaded to server first, and then second terminal side is from clothes
The downloading of corresponding document is carried out at business device, referring to Fig. 9, file management method provided in an embodiment of the present invention includes:
Step 401: first terminal sends document message to service server.
Here, document message indicates that the document is sent to second terminal by service server, meanwhile, document message is for asking
It asks and uploads the document to document management server, the corresponding abstract SHA1 of the document is carried in document message.
Step 402: service server parsing document message obtains abstract SHA1, and forward abstract SHA1 takes to file index
Business device.
Step 403: document indexing server is based on abstract SHA1 and judges whether store this article in document management server
Shelves execute step 404 if not stored the document;If storing the document, step 408 is executed.
Here, document indexing server judges whether store the document in document management server based on abstract SHA1
Concrete mode is referring to previous embodiment, and details are not described herein again.
Step 404: first terminal receives the mark for the document that document indexing server is sent.
In practical applications, when document indexing server determines that the document was not uploaded (i.e. in document management server
It is not stored) when, the mark of corresponding the document is generated, the mapping relations of the mark of the document and the abstract SHA1 of document are established.
Step 405: first terminal uses random key K1, carries out fragment encryption to document, and is uploaded to file management clothes
Business device.
Step 406: first terminal obtains the encryption key for encrypting to random key K1 from Key Management server
K2, and the key version V of corresponding K2.
Step 407: first terminal is encrypted to obtain security key K3 to K1 using K2, upload FID, security key K3 and
Then key version V executes step 408 to service server.
Step 408: document indexing server sends the mark FID of corresponding abstract SHA1 to service server.
The mapping that mark FID, security key K3 and key version V are stored in actual implementation, at service server is closed
System can obtain corresponding security key K3 and key version V by identifying FID index.
Step 409: service server sends document message to second terminal.
Here, in practical applications, what service server was sent makes second terminal obtain the document message of the document
In carry the corresponding mark FID of document, security key K3 and key version V.
Step 410: second terminal parsing document message obtains the corresponding mark FID of the document, security key K3 and close
Key version V.
Step 411: second terminal is based on key version V, requests decruption key K2 to Key Management server.
Step 412: second terminal obtains the fragment of document from document management server according to the mark FID of document.
Step 413: second terminal decrypts K3 using K2 to obtain random key K1, and according to K1 to point of the document of encryption
Piece is decrypted to obtain the document.
Figure 10 is the interface schematic diagram that second terminal provided in an embodiment of the present invention receives wechat document message, referring to figure
10, first terminal sends document message to the wechat interface of second terminal by service server, and first terminal is first by this article
Shelves carry out fragment encryption and the fragment of distributed storage document and the key of encryption, service server are sent to the text of second terminal
Carry mark FID, security key K3 and key version V in shelves message, when the document message received when the user clicks, second eventually
FID, the security key K3 and key version V that end group carries in document message obtain the document fragment of encryption and corresponding respectively
Key, to fragment parsing after obtain the actual content of the document.
Continue to explain document management apparatus provided in an embodiment of the present invention, document management apparatus provided in an embodiment of the present invention
Pure software implementation also can be used, Figure 11 is the composed structure schematic diagram of document management apparatus 800 provided in an embodiment of the present invention, should
Document management apparatus can realize the upload of file, and referring to Figure 11, document management apparatus 800 provided in an embodiment of the present invention includes:
First encryption unit 111 carries out fragment encryption for file described in key pair file-based;
First uploading unit 112, for upload encryption the file fragment to document management server;
Acquiring unit 113, for obtaining the encryption key encrypted for the key to the file;
Second encryption unit 114 encrypts the key of the file, is pacified for being based on the encryption key
Full key;
Second uploading unit 115, for uploading the security key to service server;
The security key, after obtaining the security key from the service server, to the security key solution
The close key for obtaining the file is decrypted with the fragment to the file obtained from the document management server.
In one embodiment, first encryption unit is also used to the file carrying out fragment processing, obtains the text
Multiple fragments of part;
Using the corresponding cipher mode of electronic codebook mode ecb mode of Advanced Encryption Standard AES, according to the close of the file
Key respectively encrypts each fragment.
In one embodiment, first encryption unit is also used to the file carrying out fragment processing, obtains having company
Multiple fragments of the file for the number of sequeling;
Using the key of the file as the key of the first fragment of the file, according to the key of first fragment,
The key of each fragment is calculated separately by the way of iteration according to the number order of the fragment;
Each fragment of key pair corresponding to each fragment is respectively adopted to be encrypted.
In one embodiment, the acquiring unit is also used to send the request for obtaining the encryption key to key
Management server;The request carries authentication information;
Receive the encryption key that the Key Management server is sent;The encryption key is key management clothes
Business device is based on the authentication information and send after subscription authentication passes through.
In one embodiment, the acquiring unit is also used to receive described in the correspondence that the Key Management server is sent
The key version information of encryption key;
Second uploading unit is also used to upload the key version information, the security key to service server,
After obtaining the key version information, the security key from the service server, according to the key version information from
The Key Management server obtains the encryption key, obtains the key of the file to the secure key decryption.
In one embodiment, first uploading unit is also used in such a way that multi-channel parallel uploads, and uploads encryption
The file fragment to document management server;Wherein, each channel uploads the fragment of a file every time.
In one embodiment, the acquiring unit is also used to calculate plucking for the file using secure hash algorithm SHA
It wants;
Based on the abstract of the file, the mark of the file is obtained from document indexing server;
Second uploading unit, is also used to upload the mark of the file to the service server, with from the industry
After business server obtains the mark of the file, the mark according to the file indexes to obtain from the document management server
The file.
In one embodiment, the acquiring unit is also used to the abstract based on the file, sends the upload of the file
It requests to the document indexing server;
Receive the mark for the file that the document indexing server returns;
The file is identified as abstract of the document indexing server based on the file, determines the file management
It is generated when the not stored file of server.
Figure 12 is the composed structure schematic diagram of document management apparatus 900 provided in an embodiment of the present invention, this document management dress
The downloading for setting achievable file, referring to Figure 12, document management apparatus provided in an embodiment of the present invention includes:
Fragment acquiring unit 121, the fragment of the file for obtaining encryption from document management server;The fragment is based on
The key of the file is encrypted;
First key acquiring unit 122, for obtaining security key from service server;The security key is to described
The key of file obtains after being encrypted;
Second key acquiring unit 123, for obtaining the decruption key for decrypting the security key;
Decryption unit 124, for being based on the decruption key, to obtaining the close of the file after the secure key decryption
Key, and the fragment of the file acquired in the key pair based on the file is decrypted, and obtains the file.
In one embodiment, described device further include:
Information acquisition unit, for obtaining the key message of the file, the key message includes: the mark of the file
Know, the key version information of the corresponding decruption key;
The mark of the file, for for indexing to obtain the file from the document management server;
The key version information, for obtaining the decryption from Key Management server according to the key version information
Key.
In one embodiment, the information acquisition unit is also used to receive the file that the service server is sent
Message, the message carries the key message;
The message for parsing the file obtains the key message.
In one embodiment, the fragment acquiring unit, is also used to the mark based on the file, with the file management
Server carries out transmission key negotiation;
After transmission key negotiation passes through, the fragment for the file that the document management server is sent is received;
The fragment is that the document management server uses the transmission key, to the key progress according to the file
The fragment of encryption obtains after encrypting again.
In one embodiment, the decryption unit is also used to the key based on the file, using the ecb mode pair of AES
The fragment of the file is decrypted in the manner of decryption answered, and obtains the content information of the fragment;
The content information for all fragments that the file includes is combined, the file is obtained.
The embodiment of the invention also provides a kind of readable storage medium storing program for executing, storage medium may include: movable storage device, with
Machine accesses memory (RAM, Random Access Memory), read-only memory (ROM, Read-Only Memory), magnetic disk
Or the various media that can store program code such as CD.The readable storage medium storing program for executing is stored with executable instruction;
The executable instruction realizes above-mentioned file management method when for being executed by processor.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain
Lid is within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.
Claims (15)
1. a kind of file management method, which is characterized in that the described method includes:
It encrypts file described in the key pair file-based of end and carries out fragment encryption;
The fragment of the file of encryption is uploaded to document management server;
Obtain the encryption key encrypted for the key to the file;
Based on the encryption key, the key of the file is encrypted, security key is obtained;
The security key is uploaded to service server;
The security key is used for for decrypting end after the service server acquisition security key, close to the safety
Key is decrypted to obtain the key of the file, is solved with the fragment to the file obtained from the document management server
It is close, obtain the file.
2. the method as described in claim 1, which is characterized in that file described in the key pair file-based carries out fragment and adds
It is close, comprising:
The file is subjected to fragment processing, obtains multiple fragments of the file;
Key point using the corresponding cipher mode of electronic codebook mode ecb mode of Advanced Encryption Standard AES, according to the file
It is other that each fragment is encrypted.
3. the method as described in claim 1, which is characterized in that file described in the key pair file-based carries out fragment and adds
It is close, comprising:
The file is subjected to fragment processing, obtains multiple fragments of the file with serial number;
Using the key of the file as the key of the first fragment of the file, according to the key of first fragment, according to
The number order of the fragment calculates separately the key of each fragment by the way of iteration;
Each fragment of key pair corresponding to each fragment is respectively adopted to be encrypted.
4. the method as described in claim 1, which is characterized in that the acquisition was encrypted for the key to the file
Encryption key, comprising:
It sends for obtaining the request of the encryption key to Key Management server;The request carries authentication information;
Receive the encryption key that the Key Management server is sent;The encryption key is the Key Management server
Send after subscription authentication passes through based on the authentication information.
5. method as claimed in claim 4, which is characterized in that the method also includes:
Receive the key version information for the correspondence encryption key that the Key Management server is sent;
The key version information, the security key to service server are uploaded, described in obtaining from the service server
After key version information, the security key, according to the key version information from described in Key Management server acquisition
Encryption key obtains the key of the file to the secure key decryption.
6. the method as described in claim 1, which is characterized in that the fragment of the file for uploading encryption to file management
Server, comprising:
By the way of multi-channel parallel upload, the fragment of the file of encryption is uploaded to document management server;Wherein, often
A channel uploads the fragment of a file every time.
7. the method as described in claim 1, which is characterized in that the method also includes:
The abstract of the file is calculated using secure hash algorithm SHA;
Based on the abstract of the file, the mark of the file is obtained from document indexing server;
The mark of the file is uploaded to the service server, to obtain the mark of the file from the service server
Afterwards, it indexes to obtain the file from the document management server according to the mark of the file.
8. the method for claim 7, which is characterized in that the abstract based on the file, from file index service
Device obtains the mark of the file, comprising:
Based on the abstract of the file, the upload request of the file is sent to the document indexing server;
Receive the mark for the file that the document indexing server returns;
The file is identified as abstract of the document indexing server based on the file, determines the file-management services
It is generated when the not stored file of device.
9. a kind of file management method, which is characterized in that the described method includes:
The fragment of the file of encryption is obtained from document management server;The fragment is encrypted based on the key of the file;
Security key is obtained from service server;The security key is to obtain after encrypting to the key of the file;
Obtain the decruption key for decrypting the security key;
Based on the decruption key, to obtaining the key of the file after the secure key decryption, and based on the file
The fragment of the file acquired in key pair is decrypted, and obtains the file.
10. method as claimed in claim 9, which is characterized in that the method also includes:
The key message of the file is obtained, the key message includes: the mark of the file, the corresponding decruption key
Key version information;
The mark of the file, for for indexing to obtain the file from the document management server;
The key version information, it is close for obtaining the decryption from Key Management server according to the key version information
Key.
11. method as claimed in claim 10, which is characterized in that the file for obtaining encryption from document management server
Fragment, comprising:
Based on the mark of the file, transmission key negotiation is carried out with the document management server;
After transmission key negotiation passes through, the fragment for the file that the document management server is sent is received;
The fragment is that the document management server uses the transmission key, is encrypted to the key according to the file
The fragment encrypt again after obtain.
12. a kind of document management apparatus, which is characterized in that described device includes:
First encryption unit carries out fragment encryption for file described in key pair file-based;
First uploading unit, for upload encryption the file fragment to document management server;
Acquiring unit, for obtaining the encryption key encrypted for the key to the file;
Second encryption unit encrypts the key of the file, obtains security key for being based on the encryption key;
Second uploading unit, for uploading the security key to service server;
The security key obtains the secure key decryption after obtaining the security key from the service server
To the key of the file, it is decrypted with the fragment to the file obtained from the document management server.
13. a kind of document management apparatus, which is characterized in that described device includes:
Fragment acquiring unit, the fragment of the file for obtaining encryption from document management server;The fragment is based on the text
The key of part is encrypted;
First key acquiring unit, for obtaining security key from service server;The security key is to the file
Key obtains after being encrypted;
Second key acquiring unit, for obtaining the decruption key for decrypting the security key;
Decryption unit, for being based on the decruption key, to obtaining the key of the file, and base after the secure key decryption
The fragment of the file acquired in the key pair of the file is decrypted, and obtains the file.
14. a kind of storage medium, which is characterized in that be stored with executable instruction, the executable instruction is performed, for real
Existing file management method as claimed in any one of claims 1 to 8.
15. a kind of storage medium, which is characterized in that be stored with executable instruction, the executable instruction is performed, for real
Now such as the described in any item file management methods of claim 9 to 11.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811412957.1A CN110401689B (en) | 2018-11-23 | 2018-11-23 | File management method, device and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811412957.1A CN110401689B (en) | 2018-11-23 | 2018-11-23 | File management method, device and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110401689A true CN110401689A (en) | 2019-11-01 |
CN110401689B CN110401689B (en) | 2021-12-10 |
Family
ID=68322200
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811412957.1A Active CN110401689B (en) | 2018-11-23 | 2018-11-23 | File management method, device and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110401689B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111245597A (en) * | 2020-01-17 | 2020-06-05 | 众安信息技术服务有限公司 | Key management method, system and equipment |
CN111698576A (en) * | 2020-06-23 | 2020-09-22 | 网易有道信息技术(杭州)有限公司 | Information encryption method, decryption method, server, client, and medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030208693A1 (en) * | 2002-05-02 | 2003-11-06 | Fuji Xerox Co., Ltd. | Method and system for transferring data |
CN102333236A (en) * | 2011-10-27 | 2012-01-25 | 中国华录集团有限公司 | Video content encryption and decryption system |
CN103685557A (en) * | 2013-12-26 | 2014-03-26 | 金蝶软件(中国)有限公司 | Method and device for uploading and downloading file |
CN104837035A (en) * | 2015-04-30 | 2015-08-12 | 华为软件技术有限公司 | Video playing method and terminal |
CN106254324A (en) * | 2016-07-26 | 2016-12-21 | 杭州文签网络技术有限公司 | A kind of encryption method storing file and device |
CN108429733A (en) * | 2018-02-05 | 2018-08-21 | 济南浪潮高新科技投资发展有限公司 | A kind of system of data processing |
-
2018
- 2018-11-23 CN CN201811412957.1A patent/CN110401689B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030208693A1 (en) * | 2002-05-02 | 2003-11-06 | Fuji Xerox Co., Ltd. | Method and system for transferring data |
CN102333236A (en) * | 2011-10-27 | 2012-01-25 | 中国华录集团有限公司 | Video content encryption and decryption system |
CN103685557A (en) * | 2013-12-26 | 2014-03-26 | 金蝶软件(中国)有限公司 | Method and device for uploading and downloading file |
CN104837035A (en) * | 2015-04-30 | 2015-08-12 | 华为软件技术有限公司 | Video playing method and terminal |
CN106254324A (en) * | 2016-07-26 | 2016-12-21 | 杭州文签网络技术有限公司 | A kind of encryption method storing file and device |
CN108429733A (en) * | 2018-02-05 | 2018-08-21 | 济南浪潮高新科技投资发展有限公司 | A kind of system of data processing |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111245597A (en) * | 2020-01-17 | 2020-06-05 | 众安信息技术服务有限公司 | Key management method, system and equipment |
CN111245597B (en) * | 2020-01-17 | 2023-09-15 | 众安信息技术服务有限公司 | Key management method, system and equipment |
CN111698576A (en) * | 2020-06-23 | 2020-09-22 | 网易有道信息技术(杭州)有限公司 | Information encryption method, decryption method, server, client, and medium |
CN111698576B (en) * | 2020-06-23 | 2022-04-01 | 网易有道信息技术(杭州)有限公司 | Information encryption method, decryption method, server, client, and medium |
Also Published As
Publication number | Publication date |
---|---|
CN110401689B (en) | 2021-12-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108055274B (en) | Encryption and sharing method and system based on alliance chain storage data | |
US10417394B2 (en) | Method and system for unified mobile content protection | |
AU2021203184B2 (en) | Transaction messaging | |
EP3453135B1 (en) | System and method for encryption and decryption based on quantum key distribution | |
US9037870B1 (en) | Method and system for providing a rotating key encrypted file system | |
US9819494B2 (en) | Digital signature service system based on hash function and method thereof | |
Zou et al. | Phosphor: A cloud based DRM scheme with sim card | |
US10084790B2 (en) | Peer to peer enterprise file sharing | |
US20120303967A1 (en) | Digital rights management system and method for protecting digital content | |
US9641328B1 (en) | Generation of public-private key pairs | |
CN110708291B (en) | Data authorization access method, device, medium and electronic equipment in distributed network | |
CN111414628B (en) | Data storage method and device and computing equipment | |
JP2017112604A (en) | Method for improving encryption/decryption speed by complexly applying symmetric key encryption and asymmetric key double encryption | |
JP2014175970A (en) | Information distribution system, information processing device, and program | |
CN110401689A (en) | File management method, device and storage medium | |
CN111010283B (en) | Method and apparatus for generating information | |
CN110602075A (en) | File stream processing method, device and system for encryption access control | |
KR101413248B1 (en) | device for encrypting data in a computer and storage for storing a program encrypting data in a computer | |
KR101423953B1 (en) | Method for searching data in remote computing environment and Method therefor | |
CN106921644A (en) | The verification method and device of client data file | |
Gopika et al. | Secure Data Sharing in Multiple Cloud Servers Using Forward and Backward Secrecy | |
Baselios Mathews et al. | Secure Data Sharing in Multiple Cloud Servers Using Forward and Backward Secrecy | |
KR100771339B1 (en) | Method and system for providing commerce service | |
CN116055105A (en) | Cloud storage data processing method, device and server | |
US20150326544A1 (en) | Method of processing data in distributed storage system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |