CN110807210A - Information processing method, platform, system and computer storage medium - Google Patents

Information processing method, platform, system and computer storage medium Download PDF

Info

Publication number
CN110807210A
CN110807210A CN201911066134.2A CN201911066134A CN110807210A CN 110807210 A CN110807210 A CN 110807210A CN 201911066134 A CN201911066134 A CN 201911066134A CN 110807210 A CN110807210 A CN 110807210A
Authority
CN
China
Prior art keywords
information
external link
encrypted
file
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911066134.2A
Other languages
Chinese (zh)
Other versions
CN110807210B (en
Inventor
郭嘉宁
袁磊
张跃华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Lenovo Synergy Technology Co Ltd
Original Assignee
Beijing Lenovo Synergy Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Lenovo Synergy Technology Co Ltd filed Critical Beijing Lenovo Synergy Technology Co Ltd
Priority to CN201911066134.2A priority Critical patent/CN110807210B/en
Publication of CN110807210A publication Critical patent/CN110807210A/en
Application granted granted Critical
Publication of CN110807210B publication Critical patent/CN110807210B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The embodiment of the invention discloses an information processing method, a platform, a system and a computer storage medium, wherein the method comprises the following steps: receiving an external link creation request, and acquiring a target file corresponding to the external link creation request; and creating and sending first encrypted external link information corresponding to the target file according to the external link creation request. According to the information processing method, the platform, the system and the computer storage medium provided by the embodiment of the invention, the whole process of the external link is controlled by adopting an encryption control means in the external link creation and/or use process, so that the safety of the external link is greatly improved, and the information leakage risk is reduced.

Description

Information processing method, platform, system and computer storage medium
Technical Field
The present invention relates to the field of information processing technologies, and in particular, to an information processing method, a platform, a system, and a computer storage medium.
Background
For cloud storage systems such as enterprise network disk systems, the external link is a common method for transmitting and distributing files, and a user can conveniently and quickly acquire required file information through the external link. Nowadays, data security is more and more important, and any uncontrolled and unreliable data transmission, especially sensitive file transfer related to business confidentiality, can cause information leakage, and once the information leakage occurs, the information leakage causes immeasurable loss for any enterprise. Therefore, it is very important to provide a reliable and secure data transmission and distribution method.
The traditional external chain is usually used in a mode of extracting codes, namely, a password is set when the external chain is created, and a user can obtain a file by inputting the password when accessing. However, this method has many safety hazards, such as: the 'extraction code' is a plaintext, so that leakage is easy to occur in the transmission process, and when a file is uploaded and downloaded through an external link, an attacker is easy to acquire the file by intercepting a file stream.
Therefore, how to effectively improve the security of data transmission becomes a technical problem to be solved urgently at present.
Disclosure of Invention
In order to effectively overcome the above-mentioned defects in the prior art, embodiments of the present invention creatively provide an information processing method, including: receiving an external link creation request, and acquiring a target file corresponding to the external link creation request; and creating and sending first encrypted external link information corresponding to the target file according to the external link creation request.
In an embodiment, before creating and sending the first encrypted out-link information corresponding to the target file according to the out-link creation request, the method further includes: performing confidential examination on the target file; the creating and sending the first encrypted outer chain information according to the outer chain creation request includes: and creating and sending the first encryption external link information according to the secret-related examination result of the target file.
In an embodiment, the target file comprises one or more files, and the performing confidential inspection on the target file comprises: sensitive information query is carried out on the target files one by one to obtain files with sensitive information and/or files without sensitive information; the creating and sending the first encryption external link information according to the secret-related examination result of the target file comprises the following steps: when the sensitive information query result does not include the file with the sensitive information, creating and sending the first encrypted external link information according to the target file and the external link creation request; when the sensitive information query result comprises the file with the sensitive information, creating and sending the first encrypted external link information according to the file without the sensitive information and the external link creation request; or, sending an external link creation approval request according to the target file and the external link creation request; the creating and sending the first encrypted external link information according to the secret-related examination result of the target file comprises: and receiving response information responding to the external link creation approval request, and creating and sending the first encrypted external link information according to the external link creation request when the response information is passing information.
In an embodiment, the method further comprises: receiving second encrypted external link information, wherein the second encrypted external link information comprises external link information and characteristic identification information in the first encrypted external link information; generating an encrypted file corresponding to the target file according to the second encrypted external link information; and granting the operation authority corresponding to the encrypted file to the client corresponding to the characteristic identification information.
In an embodiment, the feature identification information includes first identity information, and before granting the operation right corresponding to the encrypted file to the client corresponding to the feature identification information, the method further includes: judging whether the first identity information accords with authentication identity information; the granting of the operation authority corresponding to the encrypted file to the client corresponding to the feature identification information includes: when the first identity information accords with the authentication identity information, operation permission corresponding to the encrypted file is granted to a client corresponding to the characteristic identification information; and when the first identity information does not conform to the authentication identity information, not granting the operation authority corresponding to the encrypted file.
In an implementation manner, the creating of the external link request carries creating identity information, and creating and sending the first encrypted external link information corresponding to the target file according to the external link creating request includes: acquiring first key data corresponding to the creation identity information; creating original external link information corresponding to the target file according to the external link creation request; adding the first key data into the original outer chain information through an asymmetric algorithm to obtain first encrypted outer chain information; and sending the first encrypted external link information to a client corresponding to the identity information.
Another aspect of the embodiments of the present invention provides an information processing platform, including: the data acquisition module is used for receiving an external link creation request and acquiring a target file corresponding to the external link creation request; the data processing module is used for creating and sending first encrypted external link information corresponding to the target file according to the external link creation request; the data acquisition module is further configured to receive second encrypted external link information, where the second encrypted external link information includes external link information and feature identification information in the first encrypted external link information; the data processing module is further used for generating an encrypted file corresponding to the target file according to the second encrypted external link information; granting an operation authority corresponding to the encrypted file to a client corresponding to the characteristic identification information; and the data processing module is also used for sending the encrypted file to the client corresponding to the characteristic identification information.
Another aspect of the embodiments of the present invention provides an information processing method, which is at least applied to a client, and the method includes: sending an external link establishing request to the information processing platform; receiving and decrypting the first encrypted external link information to obtain external link information; encrypting the outer link information to obtain encrypted transmission outer link information; and sending the encrypted transmission outer link information to a client.
Another aspect of the embodiments of the present invention provides an information processing method, which is at least applied to a client, and the method includes: receiving and decrypting the encrypted transmission outer link information to obtain outer link information; adding characteristic identification information representing the client into the external link information to obtain characteristic external link information; encrypting the characteristic outer chain information to obtain second encrypted outer chain information; and sending the second encrypted external link information to an information processing platform.
In an embodiment, the feature identification information includes second identity information, and the method further includes: receiving an encrypted file; verifying the user information of the encrypted file according to second identity information in the second encrypted external link information; when the user information accords with the second identity information, decrypting the encrypted file; and when the user information does not accord with the second identity information, destroying the encrypted file.
Yet another aspect of the embodiments of the present invention provides an information processing system, where the system at least includes a first client, a second client, and an information processing platform; the first client is used for sending an external link creation request to the information processing platform; the information processing platform is used for receiving an external link creation request and acquiring a target file corresponding to the external link creation request; creating and sending first encrypted external link information corresponding to the target file to the first client according to the external link creation request; the first client is further used for receiving and decrypting the first encrypted external link information to obtain external link information; encrypting the outer link information to obtain encrypted transmission outer link information; sending the encrypted transmission outer link information to the second client; the second client is used for receiving and decrypting the encrypted and transmitted external link information to obtain the external link information; adding characteristic identification information representing the client into the external link information to obtain characteristic external link information; encrypting the characteristic outer chain information to obtain second encrypted outer chain information; sending the second encrypted external link information to an information processing platform; the information processing platform is further used for receiving second encrypted external link information, wherein the second encrypted external link information comprises external link information and characteristic identification information in the first encrypted external link information; generating an encrypted file corresponding to the target file according to the second encrypted external link information; granting an operation authority corresponding to the encrypted file to a client corresponding to the characteristic identification information; sending the encrypted file to a client corresponding to the characteristic identification information; the second client is also used for receiving the encrypted file; verifying the user information of the encrypted file according to second identity information in the second encrypted external link information; when the user information accords with the second identity information, decrypting the encrypted file; and when the user information does not accord with the second identity information, destroying the encrypted file.
Yet another aspect of the embodiments of the present invention provides a computer-readable storage medium, in which computer-executable instructions are stored, and when the instructions are executed, the computer-readable storage medium is configured to perform any one of the information processing methods described above.
According to the information processing method, the platform, the system and the computer storage medium provided by the embodiment of the invention, the whole process of the external link is controlled by adopting an encryption control means in the external link creation and/or use process, so that the safety of the external link is greatly improved, and the information leakage risk is reduced.
Drawings
The above and other objects, features and advantages of exemplary embodiments of the present invention will become readily apparent from the following detailed description read in conjunction with the accompanying drawings. Several embodiments of the invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which:
in the drawings, the same or corresponding reference numerals indicate the same or corresponding parts.
Fig. 1 is a schematic flow chart illustrating an implementation of an information processing method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart illustrating an implementation of an information processing method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an information processing platform according to an embodiment of the present invention;
fig. 4 is a schematic flow chart of another implementation of an information processing method according to an embodiment of the present invention;
fig. 5 is a schematic flow chart of an implementation of another information processing method according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an information processing system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means two or more unless specifically defined otherwise.
The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present specification. Rather, they are merely examples of methods, apparatus or devices consistent with certain aspects of the specification, as detailed in the claims that follow.
Referring to fig. 1, an aspect of the present invention provides an information processing method, including:
step 101, receiving an external link creation request, and acquiring a target file corresponding to the external link creation request;
step 102, creating and sending first encrypted external link information corresponding to the target file according to the external link creation request.
The information processing method in the embodiment of the present invention may be applied to a client or a server, where the client includes, for example, a desktop, a mobile phone, and even an application client, and the embodiment of the present invention does not limit a specific form of the client to which the method is applied. The server in the embodiment of the invention can comprise a single server, a server cluster and a platform constructed based on the server cluster.
In order to solve the problems that an external link extraction code is usually a plaintext and an attacker is easy to learn and use an external link address in the conventional method, the embodiment of the invention creates and sends out first encrypted external link information after receiving an external link creation request, encrypts the external link information and then transmits the encrypted external link information, and can restrict an external link user so as to improve the use safety of the external link.
In the embodiment of the invention, the external link information can be encrypted by adopting an asymmetric key algorithm, and because the asymmetric key is used, the public key is used for encryption, and public key data can be simultaneously sent when a requester sends an external link creation request, so that the external link creation request and the public key data can be simultaneously received in step 101, and then the external link information is encrypted by the public key data in step 102, so that the first encrypted external link information is created and obtained, and when the first encrypted external link information is sent to the requester, the requester decrypts the first encrypted external link information by using the private key held by the requester, so that the external link information can be obtained and used, and the confidentiality is greatly improved. Of course, other encryption methods may also be adopted in the embodiment of the present invention, as long as the leakage of the external link information can be effectively prevented, and the embodiment of the present invention does not limit the specific encryption method here.
In the embodiment of the invention, the visit operation is recorded for the whole process of the visitor, so that the whole visit process of the external link has traces and can be followed, and the source can be traced when problems occur.
In an embodiment, before creating and sending the first encrypted out-link information corresponding to the target file according to the out-link creation request, the method further includes:
performing confidential examination on the target file;
creating and transmitting the first encrypted outer-link information according to the outer-link creation request includes:
and creating and sending first encryption external link information according to the secret-related examination result of the target file.
In the embodiment of the present invention, in order to solve the problems that in the conventional manner, creation of an external link is not controlled, and a file carrying sensitive information is easy to flow out, the creation of the external link is controlled, specifically: before the first encryption external link information is created, firstly, the confidential review is carried out on the target file, and then the first encryption external link information is created according to the confidential review result. The confidential review may specifically be to filter out the sensitive information file or initiate an approval process, and the judgment of the sensitive information file may be implemented in a manner of performing sensitive content judgment or directory stepping management, and the like, when the file is uploaded or stored.
In one embodiment, the target file comprises one or more files, and the confidential review of the target file comprises:
sensitive information query is carried out on the target files one by one to obtain files with sensitive information and/or files without sensitive information; creating and sending first encryption external link information according to the secret-related examination result of the target file, wherein the first encryption external link information comprises the following steps: when the sensitive information query result does not include the file of the sensitive information, creating and sending first encrypted external link information according to the target file and the external link creation request; when the sensitive information query result comprises the file with the sensitive information, creating and sending first encrypted external link information according to the file without the sensitive information and the external link creation request;
or the like, or, alternatively,
sending an external link creation approval request according to the target file and the external link creation request; creating and sending first encryption external link information according to the secret-related examination result of the target file comprises the following steps: and receiving response information responding to the external link creation approval request, and creating and sending first encrypted external link information according to the external link creation request when the response information is passing information.
In the embodiment of the present invention, the confidential review of the target file may be performed by: sensitive information query is carried out on target files one by one, because the requested target files may comprise one or more than one, the obtained sensitive information query results may be files with sensitive information, files without sensitive information or files containing sensitive information and files without sensitive information at the same time, and when the sensitive information query results are files without sensitive information, namely files without sensitive information, the first encrypted external link information is directly created and sent according to the target files and the external link creation request; and when the sensitive information query result comprises the file with the sensitive information, the first encrypted external link information is created only according to the file without the sensitive information and the external link creation request, namely, the requester is not granted the external link creation permission of the file with the sensitive information, so that the confidential file and the sensitive information file can be effectively protected, and the safety and the reliability of data transmission are improved.
In the embodiment of the invention, the confidential examination of the target file can also be realized by sending an external link creation approval request according to the target file and the external link creation request, wherein the external link creation approval request comprises target file information in the external link creation request and is used for pushing suspected leakage information of the sensitive content. The external link creation approval request can be sent to an external link creation requester for primary approval, and then sent to a secondary approver such as a server manager for secondary approval, so that the transmission security of the confidential files is enhanced. When the received response information is passing information, namely, when secondary approvers such as an external link creation requester and a server manager pass the external link creation approval request, creating and sending first encrypted external link information according to the external link creation request; and when the response information is failure information, the first encrypted external chain information is not created and sent according to the external chain creation request, wherein the failure information can come from any approver.
Referring to fig. 2, in an implementation manner, the method further includes:
103, receiving second encrypted external link information, wherein the second encrypted external link information comprises external link information and characteristic identification information in the first encrypted external link information;
104, generating an encrypted file corresponding to the target file according to the second encrypted external link information;
and 105, granting the operation authority corresponding to the encrypted file to the client corresponding to the characteristic identification information.
In the embodiment of the present invention, after receiving the first encrypted external link information, the external link creation requester may use the external link information by itself, and then the feature identification information in the second encrypted external link information at this time is the feature identification information for representing the address or identity of the external link creation requester, and certainly, the external link creation requester may also send the received first encrypted external link information to other external link users for use, and then the feature identification information in the second encrypted external link information at this time is the feature identification information for representing the addresses or identities of other external link users. In the conventional method, when a file is uploaded or downloaded through an external link, an attacker often acquires the file by intercepting a file stream, so that the security of file transmission is improved by encrypting a target file to obtain an encrypted file, the encryption method can be an asymmetric key algorithm or other encryption methods, and the specific method for generating the encrypted file is not limited in the embodiment of the invention. The characteristic identification information can represent the corresponding client, so that the operation authority of the encrypted file can be granted to the corresponding client by directly utilizing the characteristic identification information after the encrypted file is generated, wherein the operation authority can be downloading, previewing and the like.
The embodiment of the invention adopts encryption control means to control the whole outer chain flow in the outer chain creation and use processes, greatly improves the outer chain safety and reduces the information leakage risk.
In an implementation manner, the feature identification information includes first identity information, and before granting the operation right corresponding to the encrypted file to the client corresponding to the feature identification information, the method further includes:
judging whether the first identity information accords with authentication identity information;
the step of granting the operation authority corresponding to the encrypted file to the client corresponding to the characteristic identification information comprises:
when the first identity information accords with the authentication identity information, operation permission corresponding to the encrypted file is granted to the client corresponding to the characteristic identification information;
when the first identity information does not conform to the authentication identity information, an operation authority corresponding to the encrypted file is not granted.
Because the external link user is not restricted in the traditional method, the risk of file leakage is increased, so that the external link user starts use authentication in the embodiment of the invention, and only the requester conforming to the authentication identity information can be granted with the corresponding operation authority by judging whether the first identity information conforms to the authentication identity information, namely, the requester in the white list can carry out the operation on the target file, and the requester not in the white list is not granted with the operation authority, namely, the target file cannot be subjected to any operation, so that the behavior of an attacker using the external link to leak the file is effectively avoided. The authentication identity information is pre-stored white list identity information, and the first identity information and the authentication identity information may be information which can be used for identity verification, such as login name, identity card information, mobile phone number information and the like.
In an implementation manner, the creating of the external link request carries creating identity information, and creating and sending the first encrypted external link information corresponding to the target file according to the external link creating request includes:
acquiring first key data corresponding to the created identity information;
creating original external link information corresponding to the target file according to the external link creation request;
adding the first key data into the original outer chain information through an asymmetric algorithm to obtain first encrypted outer chain information;
and sending the first encrypted external link information to the client corresponding to the created identity information.
In the embodiment of the present invention, the external link creation request carries the creation identity information, that is, the identity information of the external link creation requester, and the first key data corresponding to the creation identity information may be sent by the external link creation requester when the external link creation request is sent, or the first key data may be obtained and stored from each pre-stored white list external link creation requester in advance. In the embodiment of the invention, the original external link information is encrypted by adopting an asymmetric algorithm, so that the first key data used for encrypting the original external link information can be public key data or private key data. According to the method for encrypting the external link information by the asymmetric algorithm and then sending the first encrypted external link information to the client corresponding to the created identity information, the private key is not required to be transmitted to the outside at the external link creation requester, namely the client corresponding to the created identity information, so that other attackers cannot decrypt the first encrypted external link information even if the attackers steal the first encrypted external link information, and therefore the attackers cannot locate the file through a Uniform Resource Locator (URL), and therefore the safety of external link transmission is effectively improved.
Referring to fig. 3, another aspect of the present invention provides an information processing platform, including:
a data obtaining module 201, configured to receive an external link creation request, and obtain a target file corresponding to the external link creation request;
the data processing module 202 is configured to create and send first encrypted external link information corresponding to the target file according to the external link creation request;
the data obtaining module 201 is further configured to receive second encrypted external link information, where the second encrypted external link information includes external link information and feature identification information in the first encrypted external link information; generating an encrypted file corresponding to the target file according to the second encrypted external link information; granting an operation authority corresponding to the encrypted file to a client corresponding to the characteristic identification information;
the data processing module 202 is further configured to send the encrypted file to the client corresponding to the feature identification information.
In an implementation, the data processing module 202 is further configured to perform a confidential review on the target file before creating and sending the first encrypted external link information corresponding to the target file according to the external link creation request; and creating and sending first encryption external link information according to the secret-related examination result of the target file.
In an implementation manner, the target file includes one or more files, and the data processing module 202 is further configured to perform sensitive information query on the target file one by one to obtain a file with sensitive information and/or a file without sensitive information; when the sensitive information query result does not include the file of the sensitive information, creating and sending first encrypted external link information according to the target file and the external link creation request; when the sensitive information query result comprises the file with the sensitive information, creating and sending first encrypted external link information according to the file without the sensitive information and the external link creation request;
the data processing module 202 is further configured to send an external link creation approval request according to the target file and the external link creation request; and receiving response information responding to the external link creation approval request, and creating and sending first encrypted external link information according to the external link creation request when the response information is passing information.
In an implementation manner, the feature identification information includes first identity information, and the data processing module 202 is further configured to determine whether the first identity information conforms to the authentication identity information before granting the operation right corresponding to the encrypted file to the client corresponding to the feature identification information; when the first identity information accords with the authentication identity information, operation permission corresponding to the encrypted file is granted to the client corresponding to the characteristic identification information; when the first identity information does not conform to the authentication identity information, an operation authority corresponding to the encrypted file is not granted.
In an implementation manner, the external link creation request carries creation identity information, and the data obtaining module 201 is further configured to obtain first key data corresponding to the creation identity information;
the data processing module 202 is further configured to create original external link information corresponding to the target file according to the external link creation request; adding the first key data into the original outer chain information through an asymmetric algorithm to obtain first encrypted outer chain information; and sending the first encrypted external link information to the client corresponding to the created identity information.
The information processing platform provided by the embodiment of the invention adopts encryption control means in the whole process of external link creation and use, controls the whole flow of the external link, greatly improves the safety of the external link and reduces the risk of information leakage.
Referring to fig. 4, another aspect of the present invention provides an information processing method at least applied to a client, the method including:
step 301, sending an external link creation request to an information processing platform;
step 302, receiving and decrypting the first encrypted external link information to obtain external link information;
step 303, encrypting the outer link information to obtain encrypted transmission outer link information;
step 304, sending the encrypted transmission outer link information to the client.
The information processing method provided by the embodiment of the invention is at least applied to a client, is used for receiving and decrypting first encrypted external link information fed back by an information processing platform after sending an external link creation request to the information processing platform, and can also be used for encrypting the first encrypted external link information and transmitting the encrypted external link information to the client or other clients so as to obtain the operation permission corresponding to the external link information. Of course, when the client uses the outer link information, the first encrypted outer link information is received and decrypted to obtain the outer link information, and the obtained outer link information does not need to be encrypted and then transmitted. The client includes, for example, a desktop, a mobile phone, and even an application client, and the embodiment of the present invention is not limited to the specific form of the client to which the method is applied. The information processing method in the embodiment of the invention can also be applied to servers, wherein the servers can comprise a single server, a server cluster and even a platform constructed based on the server cluster. In the embodiment of the invention, the transmission safety of the external link data can be ensured by adopting the encryption control mode during the external link receiving and transmitting.
Referring to fig. 5, another aspect of the embodiment of the present invention provides an information processing method at least applied to a client, the method including:
step 401, receiving and decrypting the encrypted and transmitted external link information to obtain external link information;
step 402, adding the characteristic identification information representing the client into the external link information to obtain characteristic external link information;
step 403, encrypting the characteristic external link information to obtain second encrypted external link information;
step 404, sending the second encrypted external link information to the information processing platform.
In an implementation, the feature identification information includes second identity information, and the method further includes:
step 405, receiving an encrypted file;
step 406, verifying the user information of the encrypted file according to the second identity information in the second encrypted external link information; when the user information accords with the second identity information, the encrypted file is decrypted; and when the user information does not accord with the second identity information, destroying the encrypted file.
The information processing method provided by the embodiment of the invention is at least applied to a client, is used for receiving and decrypting the encrypted transmission outer chain information after receiving the encrypted transmission outer chain information sent by an outer chain creation client or a server, and is used for adding the characteristic identification information representing the client into the decrypted outer chain information to obtain the characteristic outer chain information, and sending the characteristic outer chain information to an information processing platform after encryption. According to the embodiment of the invention, the encryption control method is adopted when the external link is transmitted and sent to the information processing platform, so that the transmission security of the external link data is greatly improved, and the difficulty of attackers in acquiring and using the external link information is increased. Of course, in the embodiment of the present invention, when the external link creation client and the external link using client are the same client, only the first encrypted external link information needs to be decrypted and then encrypted again to obtain the second encrypted external link information, and a process of performing external link encryption transmission and decryption between the external link creation client and the external link using client is not required.
The client to which the method of the embodiment of the present invention is applied includes, for example, a desktop, a mobile phone, and even an application software client, and the embodiment of the present invention does not limit the specific form of the client to which the method is applied. The information processing method in the embodiment of the invention can also be applied to servers, wherein the servers can comprise a single server, a server cluster and even a platform constructed based on the server cluster. The encrypted file is an executable file, the second identity information is the biological characteristic information of the user or other information used for confirming the identity characteristics of the user, the biological characteristic information can be voiceprint, iris or facial characteristics and the like of the user, the authentication of the identity of the user can be strengthened by verifying the second identity information of the user, the file is still controlled even if the file is downloaded to the local, and therefore the situation that information stealing is carried out by stealing a client or a server by other people is effectively prevented.
Referring to fig. 6, a further aspect of the present invention provides an information processing system, which at least includes a first client 501, a second client 502 and an information processing platform 503; wherein the content of the first and second substances,
a first client 501, configured to send an external link creation request to the information processing platform 503;
the information processing platform 503 is configured to receive an external link creation request and obtain a target file corresponding to the external link creation request; creating and sending first encrypted external link information corresponding to the target file to the first client 501 according to the external link creation request;
the first client 501 is further configured to receive and decrypt the first encrypted external link information to obtain external link information; encrypting the outer link information to obtain encrypted transmission outer link information; sending the encrypted transmission outer link information to the second client 502;
the second client 502 is configured to receive and decrypt the encrypted and transmitted outer link information to obtain outer link information; adding the characteristic identification information representing the client into the external link information to obtain characteristic external link information; encrypting the characteristic outer link information to obtain second encrypted outer link information; sending the second encrypted outer link information to the information processing platform 503;
the information processing platform 503 is further configured to receive second encrypted external link information, where the second encrypted external link information includes external link information and feature identification information in the first encrypted external link information; generating an encrypted file corresponding to the target file according to the second encrypted external link information; granting an operation authority corresponding to the encrypted file to a client corresponding to the characteristic identification information; sending an encrypted file to a client corresponding to the characteristic identification information;
the second client 502 is further configured to receive an encrypted file; verifying the user information of the encrypted file according to second identity information in the second encrypted external link information; when the user information accords with the second identity information, the encrypted file is decrypted; and when the user information does not accord with the second identity information, destroying the encrypted file.
In the embodiment of the present invention, after the first client 501 sends the external link creation request to the information processing platform 503 to obtain the first encrypted external link information created by the information processing platform 503, the encrypted external link information is transmitted to the second client 502, the second client 502 also sends the request to the information processing platform 503 by using the encrypted external link information, and the information processing platform 503 verifies both the external link creation request sent by the first client 501 and the second encrypted external link information sent by the second client 502, so that the whole process from creation generation to transmission use of the external link can be managed and controlled by encryption, and the risk of information leakage is effectively reduced. In the embodiment of the present invention, the first client 501 is the same as or different from the second client 502, and when the first client 501 is the same as the second client 502, the first client 501 is further configured to receive and decrypt the first encrypted external link information to obtain the external link information; adding the feature representation information representing the first client 501 into the external link information to obtain feature external link information; encrypting the characteristic outer link information to obtain second encrypted outer link information; sending the second encrypted outer link information to the information processing platform 503; in the embodiment of the present invention, the encrypted file sent by the information processing platform 503 is an executable file, the second identity information is biometric information of the user or other information used for confirming the identity characteristics of the user, the biometric information may be voiceprint, iris, facial characteristics, or the like of the user, and the authentication of the user identity can be strengthened by verifying the second identity information of the user, so that the file is still controlled even if the file is downloaded locally, thereby effectively preventing other people from stealing the client or the server to steal the information.
Another aspect of the present invention provides a computer-readable storage medium having stored thereon computer-executable instructions for performing any one of the above-mentioned information processing methods when the instructions are executed.
Here, it should be noted that: the above description of the embodiments is similar to the above description of the method embodiments, and has similar beneficial effects to the method embodiments, and for technical details not disclosed in the embodiments of the present invention, please refer to the description of the method embodiments of the present invention for understanding, so that details are not repeated.
In the embodiment of the present invention, the implementation order among the steps may be replaced without affecting the implementation purpose.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (12)

1. An information processing method characterized by comprising:
receiving an external link creation request, and acquiring a target file corresponding to the external link creation request;
and creating and sending first encrypted external link information corresponding to the target file according to the external link creation request.
2. The method of claim 1, wherein prior to creating and sending first encrypted out-link information corresponding to the target file in accordance with the out-link creation request, the method further comprises:
performing confidential examination on the target file;
the creating and sending the first encrypted outer chain information according to the outer chain creation request includes:
and creating and sending the first encryption external link information according to the secret-related examination result of the target file.
3. The method of claim 2, wherein the target file comprises one or more files, and wherein the performing a confidential review on the target file comprises:
sensitive information query is carried out on the target files one by one to obtain files with sensitive information and/or files without sensitive information;
the creating and sending the first encryption external link information according to the secret-related examination result of the target file comprises the following steps:
when the sensitive information query result does not include the file with the sensitive information, creating and sending the first encrypted external link information according to the target file and the external link creation request;
when the sensitive information query result comprises the file with the sensitive information, creating and sending the first encrypted external link information according to the file without the sensitive information and the external link creation request;
or the like, or, alternatively,
sending an external link creation approval request according to the target file and the external link creation request;
the creating and sending the first encrypted external link information according to the secret-related examination result of the target file comprises:
and receiving response information responding to the external link creation approval request, and creating and sending the first encrypted external link information according to the external link creation request when the response information is passing information.
4. The method of claim 1, further comprising:
receiving second encrypted external link information, wherein the second encrypted external link information comprises external link information and characteristic identification information in the first encrypted external link information;
generating an encrypted file corresponding to the target file according to the second encrypted external link information;
and granting the operation authority corresponding to the encrypted file to the client corresponding to the characteristic identification information.
5. The method of claim 4, wherein the feature identification information comprises first identity information, and before granting the operation right corresponding to the encrypted file to the client corresponding to the feature identification information, the method further comprises:
judging whether the first identity information accords with authentication identity information;
the granting of the operation authority corresponding to the encrypted file to the client corresponding to the feature identification information includes:
when the first identity information accords with the authentication identity information, operation permission corresponding to the encrypted file is granted to a client corresponding to the characteristic identification information;
and when the first identity information does not conform to the authentication identity information, not granting the operation authority corresponding to the encrypted file.
6. The method according to any one of claims 1 to 5, wherein the out-link creation request carries creation identity information, and the creating and sending of the first encrypted out-link information corresponding to the target file according to the out-link creation request comprises:
acquiring first key data corresponding to the creation identity information;
creating original external link information corresponding to the target file according to the external link creation request;
adding the first key data into the original outer chain information through an asymmetric algorithm to obtain first encrypted outer chain information;
and sending the first encrypted external link information to a client corresponding to the identity information.
7. An information processing platform, comprising:
the data acquisition module is used for receiving an external link creation request and acquiring a target file corresponding to the external link creation request;
the data processing module is used for creating and sending first encrypted external link information corresponding to the target file according to the external link creation request;
the data acquisition module is further configured to receive second encrypted external link information, where the second encrypted external link information includes external link information and feature identification information in the first encrypted external link information;
the data processing module is further used for generating an encrypted file corresponding to the target file according to the second encrypted external link information; granting an operation authority corresponding to the encrypted file to a client corresponding to the characteristic identification information;
and the data processing module is also used for sending the encrypted file to the client corresponding to the characteristic identification information.
8. An information processing method at least applied to a client, the method comprising:
sending an external link establishing request to the information processing platform;
receiving and decrypting the first encrypted external link information to obtain external link information;
encrypting the outer link information to obtain encrypted transmission outer link information;
and sending the encrypted transmission outer link information to a client.
9. An information processing method at least applied to a client, the method comprising:
receiving and decrypting the encrypted transmission outer link information to obtain outer link information;
adding characteristic identification information representing the client into the external link information to obtain characteristic external link information;
encrypting the characteristic outer chain information to obtain second encrypted outer chain information;
and sending the second encrypted external link information to an information processing platform.
10. The method of claim 9, wherein the feature identification information includes second identity information, the method further comprising:
receiving an encrypted file;
verifying the user information of the encrypted file according to second identity information in the second encrypted external link information; when the user information accords with the second identity information, decrypting the encrypted file; and when the user information does not accord with the second identity information, destroying the encrypted file.
11. An information processing system is characterized by comprising at least a first client, a second client and an information processing platform; wherein the content of the first and second substances,
the first client is used for sending an external link establishing request to the information processing platform;
the information processing platform is used for receiving an external link creation request and acquiring a target file corresponding to the external link creation request; creating and sending first encrypted external link information corresponding to the target file to the first client according to the external link creation request;
the first client is further used for receiving and decrypting the first encrypted external link information to obtain external link information; encrypting the outer link information to obtain encrypted transmission outer link information; sending the encrypted transmission outer link information to the second client;
the second client is used for receiving and decrypting the encrypted and transmitted external link information to obtain the external link information; adding characteristic identification information representing the client into the external link information to obtain characteristic external link information; encrypting the characteristic outer chain information to obtain second encrypted outer chain information; sending the second encrypted external link information to an information processing platform;
the information processing platform is further used for receiving second encrypted external link information, wherein the second encrypted external link information comprises external link information and characteristic identification information in the first encrypted external link information; generating an encrypted file corresponding to the target file according to the second encrypted external link information; granting an operation authority corresponding to the encrypted file to a client corresponding to the characteristic identification information; sending the encrypted file to a client corresponding to the characteristic identification information;
the second client is also used for receiving the encrypted file; verifying the user information of the encrypted file according to second identity information in the second encrypted external link information; when the user information accords with the second identity information, decrypting the encrypted file; and when the user information does not accord with the second identity information, destroying the encrypted file.
12. A computer-readable storage medium having stored therein computer-executable instructions for performing the information processing method of any one of claims 1 to 6 when the instructions are executed.
CN201911066134.2A 2019-11-04 2019-11-04 Information processing method, platform, system and computer storage medium Active CN110807210B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911066134.2A CN110807210B (en) 2019-11-04 2019-11-04 Information processing method, platform, system and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911066134.2A CN110807210B (en) 2019-11-04 2019-11-04 Information processing method, platform, system and computer storage medium

Publications (2)

Publication Number Publication Date
CN110807210A true CN110807210A (en) 2020-02-18
CN110807210B CN110807210B (en) 2022-07-15

Family

ID=69501112

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911066134.2A Active CN110807210B (en) 2019-11-04 2019-11-04 Information processing method, platform, system and computer storage medium

Country Status (1)

Country Link
CN (1) CN110807210B (en)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685148A (en) * 2012-05-31 2012-09-19 清华大学 Method for realizing secure network backup system under cloud storage environment
US20130198521A1 (en) * 2012-01-28 2013-08-01 Jianqing Wu Secure File Drawer and Safe
CN104281814A (en) * 2013-07-03 2015-01-14 钟丹东 File anti-disclosure system for files and working method thereof
CN105306527A (en) * 2015-09-14 2016-02-03 联想(北京)有限公司 Data sharing method and device
CN106446707A (en) * 2016-08-31 2017-02-22 北京明朝万达科技股份有限公司 Dynamic data leakage prevention system and method
CN106911654A (en) * 2015-12-23 2017-06-30 北京奇虎科技有限公司 A kind of data download method and device
CN106936579A (en) * 2015-12-30 2017-07-07 航天信息股份有限公司 Cloud storage data storage and read method based on trusted third party agency
CN108183943A (en) * 2017-12-14 2018-06-19 宁波升维信息技术有限公司 A kind of resource acquiring method
CN108259437A (en) * 2016-12-29 2018-07-06 北京神州泰岳软件股份有限公司 A kind of http access methods, http-server and system
CN108737412A (en) * 2018-05-15 2018-11-02 福建天晴数码有限公司 A kind of method and terminal for realizing request of data
US20190013936A1 (en) * 2014-04-04 2019-01-10 Zettaset, Inc. Cloud Storage Encryption With Variable Block Sizes
CN109905376A (en) * 2019-02-01 2019-06-18 湖南快乐阳光互动娱乐传媒有限公司 A kind of method and system preventing unauthorized access server

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130198521A1 (en) * 2012-01-28 2013-08-01 Jianqing Wu Secure File Drawer and Safe
CN102685148A (en) * 2012-05-31 2012-09-19 清华大学 Method for realizing secure network backup system under cloud storage environment
CN104281814A (en) * 2013-07-03 2015-01-14 钟丹东 File anti-disclosure system for files and working method thereof
US20190013936A1 (en) * 2014-04-04 2019-01-10 Zettaset, Inc. Cloud Storage Encryption With Variable Block Sizes
CN105306527A (en) * 2015-09-14 2016-02-03 联想(北京)有限公司 Data sharing method and device
CN106911654A (en) * 2015-12-23 2017-06-30 北京奇虎科技有限公司 A kind of data download method and device
CN106936579A (en) * 2015-12-30 2017-07-07 航天信息股份有限公司 Cloud storage data storage and read method based on trusted third party agency
CN106446707A (en) * 2016-08-31 2017-02-22 北京明朝万达科技股份有限公司 Dynamic data leakage prevention system and method
CN108259437A (en) * 2016-12-29 2018-07-06 北京神州泰岳软件股份有限公司 A kind of http access methods, http-server and system
CN108183943A (en) * 2017-12-14 2018-06-19 宁波升维信息技术有限公司 A kind of resource acquiring method
CN108737412A (en) * 2018-05-15 2018-11-02 福建天晴数码有限公司 A kind of method and terminal for realizing request of data
CN109905376A (en) * 2019-02-01 2019-06-18 湖南快乐阳光互动娱乐传媒有限公司 A kind of method and system preventing unauthorized access server

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
T.J.JEYAPRABHA 等: ""Smart and secure data storage using Encrypt-interleaving,"", 《2017 INNOVATIONS IN POWER AND ADVANCED COMPUTING TECHNOLOGIES (I-PACT)》 *
于新国 等: ""对数字信息资源开放存储的研究"", 《价值工程》 *
尹训春: ""基于编码技术的网盘存储的研究"", 《中国优秀硕士学位论文全文数据库信息科技辑》 *
徐艳 等: ""网络计算环境下大容量数据安全存储策略研究"", 《计算机测量与控制》 *

Also Published As

Publication number Publication date
CN110807210B (en) 2022-07-15

Similar Documents

Publication Publication Date Title
US9537864B2 (en) Encryption system using web browsers and untrusted web servers
US6801998B1 (en) Method and apparatus for presenting anonymous group names
US8196186B2 (en) Security architecture for peer-to-peer storage system
EP3453136B1 (en) Methods and apparatus for device authentication and secure data exchange between a server application and a device
US9973481B1 (en) Envelope-based encryption method
CN109274652B (en) Identity information verification system, method and device and computer storage medium
US10033703B1 (en) Pluggable cipher suite negotiation
KR102137122B1 (en) Security check method, device, terminal and server
US20100228987A1 (en) System and method for securing information using remote access control and data encryption
CN112632593B (en) Data storage method, data processing method, device and storage medium
CN110049016B (en) Data query method, device, system, equipment and storage medium of block chain
CN108347428B (en) Registration system, method and device of application program based on block chain
DK2414983T3 (en) Secure computer system
JP2009199147A (en) Communication control method and communication control program
CN112861157A (en) Data sharing method based on decentralized identity and proxy re-encryption
CN112487450A (en) File server access grading method
KR20180116628A (en) User access authentication system based on personal image
CN110807210B (en) Information processing method, platform, system and computer storage medium
CN108667800B (en) Access authority authentication method and device
CN111740995A (en) Authorization authentication method and related device
KR102053993B1 (en) Method for Authenticating by using Certificate
KR20190114505A (en) Single sign on service authentication method and system using token management demon
JP4202980B2 (en) Module starter, method and system
KR100559152B1 (en) Method and apparatus for maintaining the security of contents
CN113556365B (en) Authentication result data transmission system, method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant