CN110807210B - Information processing method, platform, system and computer storage medium - Google Patents
Information processing method, platform, system and computer storage medium Download PDFInfo
- Publication number
- CN110807210B CN110807210B CN201911066134.2A CN201911066134A CN110807210B CN 110807210 B CN110807210 B CN 110807210B CN 201911066134 A CN201911066134 A CN 201911066134A CN 110807210 B CN110807210 B CN 110807210B
- Authority
- CN
- China
- Prior art keywords
- information
- external link
- encrypted
- link information
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000010365 information processing Effects 0.000 title claims abstract description 67
- 238000003672 processing method Methods 0.000 title claims abstract description 26
- 238000000034 method Methods 0.000 claims abstract description 50
- 230000005540 biological transmission Effects 0.000 claims description 30
- 238000012545 processing Methods 0.000 claims description 13
- 238000012552 review Methods 0.000 claims description 9
- 238000010586 diagram Methods 0.000 description 2
- 230000001815 facial effect Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000007796 conventional method Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses an information processing method, a platform, a system and a computer storage medium, wherein the method comprises the following steps: receiving an external link creation request, and acquiring a target file corresponding to the external link creation request; and creating and sending first encrypted external link information corresponding to the target file according to the external link creation request. According to the information processing method, the platform, the system and the computer storage medium provided by the embodiment of the invention, the whole process of the external link is controlled by adopting an encryption control means in the external link creation and/or use process, so that the safety of the external link is greatly improved, and the information leakage risk is reduced.
Description
Technical Field
The present invention relates to the field of information processing technologies, and in particular, to an information processing method, a platform, a system, and a computer storage medium.
Background
For cloud storage systems such as enterprise network disk systems, the external link is a common method for transmitting and distributing files, and a user can conveniently and quickly acquire required file information through the external link. Nowadays, data security is more and more important, and any uncontrolled and unreliable data transmission, especially sensitive file transmission related to business confidentiality, can cause information leakage, and once the information leakage occurs, the information leakage causes immeasurable loss to any enterprise. Therefore, it is very important to provide a reliable and secure data transmission and distribution method.
The traditional external link is usually used in a mode of extracting codes, namely, a password is set when the external link is created, and a user inputs the password to acquire a file when accessing. However, there are many safety hazards in this way, such as: the 'extraction code' is a plaintext, leakage is easy to occur in the transmission process, and when a file is uploaded and downloaded through an external link, an attacker is easy to acquire the file by intercepting a file stream.
Therefore, how to effectively improve the security of data transmission becomes a technical problem to be solved urgently at present.
Disclosure of Invention
In order to effectively overcome the above-mentioned defects in the prior art, embodiments of the present invention creatively provide an information processing method, including: receiving an external link creation request, and acquiring a target file corresponding to the external link creation request; and creating and sending first encrypted external link information corresponding to the target file according to the external link creation request.
In an embodiment, before creating and sending the first encrypted out-link information corresponding to the target file according to the out-link creation request, the method further includes: performing confidential examination on the target file; the creating and sending the first encrypted outer chain information according to the outer chain creation request includes: and creating and sending the first encryption external link information according to the secret-related examination result of the target file.
In one embodiment, the target file comprises one or more files, and the performing a confidential review on the target file comprises: inquiring the sensitive information of the target files one by one to obtain files with sensitive information and/or files without sensitive information; the creating and sending the first encryption external link information according to the secret-related examination result of the target file comprises the following steps: when the sensitive information query result does not include the file with the sensitive information, creating and sending the first encrypted external link information according to the target file and the external link creation request; when the sensitive information query result comprises the file with the sensitive information, creating and sending the first encrypted external link information according to the file without the sensitive information and the external link creation request; or, sending an external link creation approval request according to the target file and the external link creation request; the creating and sending the first encrypted external link information according to the secret-related examination result of the target file comprises: and receiving response information responding to the external link creation approval request, and creating and sending the first encrypted external link information according to the external link creation request when the response information is passing information.
In an embodiment, the method further comprises: receiving second encrypted external link information, wherein the second encrypted external link information comprises external link information and characteristic identification information in the first encrypted external link information; generating an encrypted file corresponding to the target file according to the second encrypted external link information; and granting the operation authority corresponding to the encrypted file to the client corresponding to the characteristic identification information.
In an embodiment, the feature identification information includes first identity information, and before granting the operation right corresponding to the encrypted file to the client corresponding to the feature identification information, the method further includes: judging whether the first identity information accords with authentication identity information; the granting of the operation authority corresponding to the encrypted file to the client corresponding to the feature identification information comprises: when the first identity information accords with the authentication identity information, operation permission corresponding to the encrypted file is granted to a client corresponding to the characteristic identification information; and when the first identity information does not accord with the authentication identity information, not granting the operation authority corresponding to the encrypted file.
In an implementation manner, the creating of the external link request carries creating identity information, and creating and sending the first encrypted external link information corresponding to the target file according to the external link creating request includes: acquiring first key data corresponding to the creation identity information; creating original external link information corresponding to the target file according to the external link creation request; adding the first key data into the original outer chain information through an asymmetric algorithm to obtain first encrypted outer chain information; and sending the first encrypted external link information to a client corresponding to the identity information.
Another aspect of the embodiments of the present invention provides an information processing platform, including: the data acquisition module is used for receiving an external link creation request and acquiring a target file corresponding to the external link creation request; the data processing module is used for creating and sending first encrypted external link information corresponding to the target file according to the external link creation request; the data acquisition module is further configured to receive second encrypted external link information, where the second encrypted external link information includes external link information and feature identification information in the first encrypted external link information; the data processing module is further used for generating an encrypted file corresponding to the target file according to the second encrypted external link information; granting operation permission corresponding to the encrypted file to a client corresponding to the characteristic identification information; the data processing module is further configured to send the encrypted file to a client corresponding to the feature identification information.
Another aspect of the embodiments of the present invention provides an information processing method, which is at least applied to a client, and the method includes: sending an external link establishing request to the information processing platform; receiving and decrypting the first encrypted external link information to obtain external link information; encrypting the outer link information to obtain encrypted transmission outer link information; and sending the encrypted transmission outer link information to a client.
In another aspect, an embodiment of the present invention provides an information processing method, which is applied to at least one client, where the method includes: receiving and decrypting the encrypted transmission outer link information to obtain outer link information; adding the characteristic identification information representing the client into the external link information to obtain characteristic external link information; encrypting the characteristic outer link information to obtain second encrypted outer link information; and sending the second encrypted external link information to an information processing platform.
In an implementation manner, the feature identification information includes second identity information, and the method further includes: receiving an encrypted file; verifying the user information of the encrypted file according to second identity information in the second encrypted external link information; when the user information accords with the second identity information, decrypting the encrypted file; and when the user information does not accord with the second identity information, destroying the encrypted file.
In another aspect, an embodiment of the present invention provides an information processing system, where the system includes at least a first client, a second client, and an information processing platform; the first client is used for sending an external link creation request to the information processing platform; the information processing platform is used for receiving an external link creation request and acquiring a target file corresponding to the external link creation request; creating and sending first encrypted external link information corresponding to the target file to the first client according to the external link creation request; the first client is further used for receiving and decrypting the first encrypted external link information to obtain external link information; encrypting the outer link information to obtain encrypted transmission outer link information; sending the encrypted transmission outer link information to the second client; the second client is used for receiving and decrypting the encrypted and transmitted external link information to obtain the external link information; adding the characteristic identification information representing the client into the external link information to obtain characteristic external link information; encrypting the characteristic outer link information to obtain second encrypted outer link information; sending the second encrypted external link information to an information processing platform; the information processing platform is further used for receiving second encrypted external link information, wherein the second encrypted external link information comprises external link information and characteristic identification information in the first encrypted external link information; generating an encrypted file corresponding to the target file according to the second encrypted external link information; granting an operation authority corresponding to the encrypted file to a client corresponding to the characteristic identification information; sending the encrypted file to a client corresponding to the characteristic identification information; the second client is also used for receiving the encrypted file; verifying the user information of the encrypted file according to second identity information in the second encrypted external link information; when the user information accords with the second identity information, decrypting the encrypted file; and when the user information does not accord with the second identity information, destroying the encrypted file.
Yet another aspect of the embodiments of the present invention provides a computer-readable storage medium, in which computer-executable instructions are stored, and when the instructions are executed, the computer-readable storage medium is configured to perform any one of the information processing methods described above.
According to the information processing method, the platform, the system and the computer storage medium provided by the embodiment of the invention, the whole process of the external link is controlled by adopting an encryption control means in the external link creation and/or use process, so that the safety of the external link is greatly improved, and the information leakage risk is reduced.
Drawings
The above and other objects, features and advantages of exemplary embodiments of the present invention will become readily apparent from the following detailed description read in conjunction with the accompanying drawings. Several embodiments of the invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which:
in the drawings, the same or corresponding reference numerals indicate the same or corresponding parts.
Fig. 1 is a schematic flow chart illustrating an implementation of an information processing method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart illustrating an implementation of an information processing method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an information processing platform according to an embodiment of the present invention;
fig. 4 is a schematic flowchart illustrating an implementation of another information processing method according to an embodiment of the present invention;
fig. 5 is a schematic flow chart of an implementation of another information processing method according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an information processing system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or to implicitly indicate the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one of the feature. In the description of the present invention, "a plurality" means two or more unless specifically defined otherwise.
The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present specification. Rather, they are merely examples of methods, apparatus or devices consistent with certain aspects of the specification, as detailed in the claims that follow.
Referring to fig. 1, an embodiment of the invention provides an information processing method, including:
and 102, creating and sending first encrypted external link information corresponding to the target file according to the external link creation request.
The information processing method in the embodiment of the present invention may be applied to a client or a server, where the client includes, for example, a desktop, a mobile phone, and even an application client, and the embodiment of the present invention does not limit a specific form of the client to which the method is applied. The server in the embodiment of the invention can comprise a single server, a server cluster and a platform constructed based on the server cluster.
The embodiment of the invention aims to solve the problems that the outer link extracting code is usually a plaintext and an attacker is easy to learn and use an outer link address in the traditional method, and the outer link extracting code is created and sent out after receiving an outer link creating request, and the outer link information is encrypted and then transmitted, so that the outer link user can be restrained, and the use safety of the outer link is improved.
In the embodiment of the invention, the outer link information can be encrypted by adopting an asymmetric key algorithm, and because the asymmetric key is used, the public key is used for encryption, and public key data can be simultaneously sent when a requester sends an outer link creation request, so that step 101 can simultaneously receive the outer link creation request and the public key data, and then step 102 encrypts the outer link information by the public key data, so that the first encrypted outer link information is created and obtained, and when the first encrypted outer link information is sent to the requester, the requester decrypts the first encrypted outer link information by using the private key held by the requester, so that the outer link information can be obtained and used, and the confidentiality is greatly improved. Of course, other encryption methods may also be adopted in the embodiment of the present invention, as long as the leakage of the external link information can be effectively prevented, and the embodiment of the present invention does not limit the specific encryption method here.
In the embodiment of the invention, the visit operation is recorded for the whole process of the visitor, so that the whole visit process of the external link has traces and can be followed, and the source can be traced when problems occur.
In one implementation, before creating and sending the first encrypted out-link information corresponding to the target file according to the out-link creation request, the method further includes:
performing confidential examination on the target file;
creating and transmitting the first encrypted outer-link information according to the outer-link creation request includes:
and creating and sending first encryption external link information according to the secret-related examination result of the target file.
In the embodiment of the present invention, in order to solve the problems that in the conventional manner, creation of an external link is not controlled, and a file carrying sensitive information is easy to flow out, the creation of the external link is controlled, specifically: before the first encryption external link information is created, firstly, the confidential review is carried out on the target file, and then the first encryption external link information is created according to the confidential review result. The confidential review may specifically be to filter out the sensitive information file or initiate an approval process, and the judgment of the sensitive information file may be implemented in a manner of performing sensitive content judgment or directory stepping management, and the like, when the file is uploaded or stored.
In one embodiment, the target file comprises one or more files, and performing a confidential review on the target file comprises:
inquiring sensitive information of the target files one by one to obtain files with sensitive information and/or files without sensitive information; creating and sending first encryption external link information according to the secret-related examination result of the target file, wherein the first encryption external link information comprises the following steps: when the sensitive information query result does not comprise the file of the sensitive information, creating and sending first encrypted external link information according to the target file and the external link creation request; when the sensitive information query result comprises the file of the sensitive information, creating and sending first encrypted external link information according to the file without the sensitive information and the external link creation request;
or the like, or a combination thereof,
sending an external link creation approval request according to the target file and the external link creation request; creating and sending first encryption external link information according to the secret-related examination result of the target file comprises the following steps: and receiving response information responding to the external link creation approval request, and creating and sending first encrypted external link information according to the external link creation request when the response information is passing information.
In the embodiment of the present invention, the confidential review of the target file may be performed by: sensitive information query is carried out on target files one by one, because the requested target files may comprise one or more than one, the obtained sensitive information query results may be files with sensitive information, files without sensitive information or files containing sensitive information and files without sensitive information at the same time, and when the sensitive information query results are files without sensitive information, namely files without sensitive information, the first encrypted external link information is directly created and sent according to the target files and the external link creation request; and when the sensitive information query result comprises the file with the sensitive information, the first encrypted external link information is created only according to the file without the sensitive information and the external link creation request, namely, the requester is not granted the external link creation permission of the file with the sensitive information, so that the confidential file and the sensitive information file can be effectively protected, and the safety and the reliability of data transmission are improved.
In the embodiment of the invention, the confidential examination of the target file can also be realized by sending an external link creation approval request according to the target file and the external link creation request, wherein the external link creation approval request comprises target file information in the external link creation request and is used for pushing suspected leakage information of the sensitive content. The external link creation approval request can be sent to an external link creation requester for primary approval, and then sent to a secondary approver such as a server manager for secondary approval, so that the transmission safety of the confidential files is enhanced. When the received response information is pass information, namely, when secondary approvers such as an external link creation requester and a server manager pass the external link creation approval request, creating and sending first encrypted external link information according to the external link creation request; and when the response information is failure information, the first encrypted external chain information is not created and sent according to the external chain creation request, wherein the failure information can come from any approver.
Referring to fig. 2, in an implementation manner, the method further includes:
103, receiving second encrypted external link information, wherein the second encrypted external link information comprises external link information and characteristic identification information in the first encrypted external link information;
104, generating an encrypted file corresponding to the target file according to the second encrypted external link information;
and 105, granting the operation authority corresponding to the encrypted file to the client corresponding to the characteristic identification information.
In the embodiment of the present invention, after receiving the first encrypted external link information, the external link creation requester may use the external link information by itself, and then the feature identification information in the second encrypted external link information at this time is the feature identification information for representing the address or identity of the external link creation requester, and certainly, the external link creation requester may also send the received first encrypted external link information to other external link users for use, and then the feature identification information in the second encrypted external link information at this time is the feature identification information for representing the addresses or identities of other external link users. In the conventional method, when a file is uploaded or downloaded through an external link, an attacker often acquires the file by intercepting a file stream, so that the security of file transmission is improved by encrypting a target file to obtain an encrypted file, the encryption method can be an asymmetric key algorithm or other encryption methods, and the specific method for generating the encrypted file is not limited in the embodiment of the invention. The characteristic identification information can represent the corresponding client, so that the operation authority of the encrypted file can be granted to the corresponding client by directly utilizing the characteristic identification information after the encrypted file is generated, wherein the operation authority can be downloading, previewing and the like.
The embodiment of the invention adopts encryption control means to control the whole outer chain flow in the outer chain creation and use processes, greatly improves the outer chain safety and reduces the information leakage risk.
In an implementation manner, the feature identification information includes first identity information, and before granting the operation right corresponding to the encrypted file to the client corresponding to the feature identification information, the method further includes:
judging whether the first identity information accords with authentication identity information;
the step of granting the operation authority corresponding to the encrypted file to the client corresponding to the feature identification information comprises:
when the first identity information accords with the authentication identity information, operation permission corresponding to the encrypted file is granted to the client corresponding to the characteristic identification information;
when the first identity information does not conform to the authentication identity information, operation authority corresponding to the encrypted file is not granted.
Because the external link user is not restricted in the traditional method, the risk of file leakage is increased, the external link user starts use authentication in the embodiment of the invention, and only the requester conforming to the authentication identity information can be granted the corresponding operation authority by judging whether the first identity information conforms to the authentication identity information, namely, the requester in the white list can carry out the operation on the target file, and the requester not in the white list can not be granted the operation authority, namely, the requester can not carry out any operation on the target file, thereby effectively avoiding the behavior that an attacker uses the external link to leak the file. The first identity information and the authentication identity information may be login names, identity card information, mobile phone number information and other information which can be used for identity verification.
In an implementation manner, the creating of the external link request carries creating identity information, and creating and sending the first encrypted external link information corresponding to the target file according to the external link creating request includes:
acquiring first key data corresponding to the created identity information;
creating original external link information corresponding to the target file according to the external link creation request;
adding the first key data into the original outer link information through an asymmetric algorithm to obtain first encrypted outer link information;
and sending the first encrypted external link information to the client corresponding to the created identity information.
In the embodiment of the present invention, the external link creation request carries the creation identity information, that is, the identity information of the external link creation requester, and the first key data corresponding to the creation identity information may be sent by the external link creation requester when the external link creation request is sent, or the first key data may be obtained and stored from each pre-stored white list external link creation requester in advance. In the embodiment of the invention, the original external link information is encrypted by adopting an asymmetric algorithm, so that the first key data for encrypting the original external link information can be public key data or private key data. According to the method for encrypting the external link information by the asymmetric algorithm and then sending the first encrypted external link information to the client corresponding to the created identity information, as the private key is not required to be transmitted to the outside at the external link creation requester, namely the client corresponding to the created identity information, other attackers cannot decrypt the first encrypted external link information even if the attackers steal the first encrypted external link information, the attackers cannot locate the file through a Uniform Resource Locator (URL), and therefore the safety of external link transmission is effectively improved.
Referring to fig. 3, another embodiment of the present invention provides an information processing platform, including:
a data obtaining module 201, configured to receive an external link creation request, and obtain a target file corresponding to the external link creation request;
the data processing module 202 is configured to create and send first encrypted external link information corresponding to the target file according to the external link creation request;
the data obtaining module 201 is further configured to receive second encrypted external link information, where the second encrypted external link information includes external link information and feature identification information in the first encrypted external link information; generating an encrypted file corresponding to the target file according to the second encrypted external link information; granting an operation authority corresponding to the encrypted file to a client corresponding to the characteristic identification information;
the data processing module 202 is further configured to send the encrypted file to the client corresponding to the feature identification information.
In an implementation manner, the data processing module 202 is further configured to perform a confidential review on the target file before creating and sending the first encrypted external link information corresponding to the target file according to the external link creation request; and creating and sending first encryption external link information according to the secret-related examination result of the target file.
In an implementation manner, the target file includes one or more files, and the data processing module 202 is further configured to perform sensitive information query on the target file one by one to obtain a file with sensitive information and/or a file without sensitive information; when the sensitive information query result does not include the file of the sensitive information, creating and sending first encrypted external link information according to the target file and the external link creation request; when the sensitive information query result comprises the file with the sensitive information, creating and sending first encrypted external link information according to the file without the sensitive information and the external link creation request;
the data processing module 202 is further configured to send an external link creation approval request according to the target file and the external link creation request; and receiving response information responding to the external link creation approval request, and creating and sending first encrypted external link information according to the external link creation request when the response information is passing information.
In an implementation manner, the feature identification information includes first identity information, and the data processing module 202 is further configured to determine whether the first identity information conforms to the authentication identity information before granting the operation right corresponding to the encrypted file to the client corresponding to the feature identification information; when the first identity information accords with the authentication identity information, operation permission corresponding to the encrypted file is granted to the client corresponding to the characteristic identification information; when the first identity information does not conform to the authentication identity information, operation authority corresponding to the encrypted file is not granted.
In an implementation manner, the external link creation request carries creation identity information, and the data obtaining module 201 is further configured to obtain first key data corresponding to the creation identity information;
the data processing module 202 is further configured to create original external link information corresponding to the target file according to the external link creation request; adding the first key data into the original outer link information through an asymmetric algorithm to obtain first encrypted outer link information; and sending the first encrypted external link information to the client corresponding to the created identity information.
The information processing platform provided by the embodiment of the invention adopts an encryption control means in the whole process of external link creation and use, controls the whole flow of the external link, greatly improves the safety of the external link and reduces the risk of information leakage.
Referring to fig. 4, another aspect of the present invention provides an information processing method at least applied to a client, the method including:
The information processing method provided by the embodiment of the invention is at least applied to a client, is used for receiving and decrypting first encrypted external link information fed back by an information processing platform after sending an external link creation request to the information processing platform, and can also be used for encrypting the first encrypted external link information and transmitting the encrypted external link information to the client or other clients so as to obtain the operation permission corresponding to the external link information. Of course, when the external link information is used at the client, the first encrypted external link information is received and decrypted to obtain the external link information, and the obtained external link information does not need to be encrypted and then transmitted. The client includes, for example, a desktop, a mobile phone, and even an application client, and the embodiment of the present invention is not limited to the specific form of the client to which the method is applied. The information processing method in the embodiment of the invention can also be applied to servers, wherein the servers can comprise a single server, a server cluster and even a platform constructed based on the server cluster. In the embodiment of the invention, the encryption control mode is adopted during the reception and transmission of the external link, so that the transmission safety of the external link data can be ensured.
Referring to fig. 5, another aspect of the embodiment of the present invention provides an information processing method, at least applied to a client, the method including:
In an implementation manner, the feature identification information includes the second identity information, and the method further includes:
The information processing method provided by the embodiment of the invention is at least applied to a client, is used for receiving and decrypting the encrypted transmission outer chain information after receiving the encrypted transmission outer chain information sent by an outer chain creation client or a server, and is used for adding the characteristic identification information representing the client into the decrypted outer chain information to obtain the characteristic outer chain information, and sending the characteristic outer chain information to an information processing platform after encryption. According to the embodiment of the invention, the encryption control method is adopted when the external link is transmitted and sent to the information processing platform, so that the transmission safety of the external link data is greatly improved, and the difficulty of attackers in acquiring and using the external link information is increased. Of course, in the embodiment of the present invention, when the external link creation client and the external link using client are the same client, only the first encrypted external link information needs to be decrypted and then encrypted again to obtain the second encrypted external link information, and a process of performing external link encryption transmission and decryption between the external link creation client and the external link using client is not required.
The client to which the method of the embodiment of the present invention is applied includes, for example, a desktop, a mobile phone, and even an application software client, and the embodiment of the present invention does not limit the specific form of the client to which the method is applied. The information processing method in the embodiment of the invention can also be applied to servers, wherein the servers can comprise a single server, a server cluster and even a platform constructed based on the server cluster. The encrypted file is an executable file, the second identity information is the biological characteristic information of the user or other information used for confirming the identity characteristics of the user, the biological characteristic information can be voiceprint, iris or facial characteristics and the like of the user, the authentication of the identity of the user can be strengthened by verifying the second identity information of the user, the file is still controlled even if the file is downloaded to the local, and therefore the situation that information stealing is carried out by stealing a client or a server by other people is effectively prevented.
Referring to fig. 6, a further aspect of the present invention provides an information processing system, which at least includes a first client 501, a second client 502 and an information processing platform 503; wherein,
a first client 501, configured to send an external link creation request to an information processing platform 503;
the information processing platform 503 is configured to receive an external link creation request and obtain a target file corresponding to the external link creation request; creating and sending first encrypted external link information corresponding to the target file to the first client 501 according to the external link creation request;
the first client 501 is further configured to receive and decrypt the first encrypted external link information to obtain external link information; encrypting the outer link information to obtain encrypted transmission outer link information; sending the encrypted transmission outer link information to the second client 502;
the second client 502 is configured to receive and decrypt the encrypted and transmitted outer link information to obtain outer link information; adding the characteristic identification information representing the client into the external link information to obtain characteristic external link information; encrypting the characteristic outer link information to obtain second encrypted outer link information; sending the second encrypted outer link information to the information processing platform 503;
the information processing platform 503 is further configured to receive second encrypted external link information, where the second encrypted external link information includes external link information and feature identification information in the first encrypted external link information; generating an encrypted file corresponding to the target file according to the second encrypted external link information; granting an operation authority corresponding to the encrypted file to a client corresponding to the characteristic identification information; sending an encrypted file to a client corresponding to the characteristic identification information;
the second client 502 is further configured to receive an encrypted file; verifying the user information of the encrypted file according to second identity information in the second encrypted external link information; when the user information accords with the second identity information, the encrypted file is decrypted; and when the user information does not accord with the second identity information, destroying the encrypted file.
In the embodiment of the present invention, after the first client 501 sends the external link creation request to the information processing platform 503 to obtain the first encrypted external link information created by the information processing platform 503, the encrypted external link information is transmitted to the second client 502, the second client 502 also sends the request to the information processing platform 503 by using the encrypted external link information, and the information processing platform 503 verifies both the external link creation request sent by the first client 501 and the second encrypted external link information sent by the second client 502, so that the whole process from creation generation to transmission use of the external link can be managed and controlled by encryption, and the risk of information leakage is effectively reduced. In the embodiment of the present invention, the first client 501 is the same as or different from the second client 502, and when the first client 501 is the same as the second client 502, the first client 501 is further configured to receive and decrypt the first encrypted external link information to obtain the external link information; adding feature representation information representing the first client 501 into the external link information to obtain feature external link information; encrypting the characteristic outer link information to obtain second encrypted outer link information; sending the second encrypted outer link information to the information processing platform 503; in addition, in the embodiment of the present invention, the encrypted file sent by the information processing platform 503 is an executable file, the second identity information is biometric information of the user or other information used for confirming the identity characteristics of the user, the biometric information may be information such as a voiceprint, an iris, or a facial feature of the user, and the authentication of the user identity can be strengthened by verifying the second identity information of the user, so that the file is still controlled even if the file is downloaded locally, thereby effectively preventing other people from stealing the client or the server to steal information.
Another aspect of the present invention provides a computer-readable storage medium having stored thereon computer-executable instructions for performing any one of the above-mentioned information processing methods when the instructions are executed.
It is to be noted here that: the above description of the embodiments is similar to the above description of the method embodiments, and has similar advantages to the method embodiments, and for technical details not disclosed in the embodiments of the present invention, please refer to the description of the method embodiments of the present invention for understanding, so that details are not repeated herein for saving.
In the embodiment of the present invention, the implementation order among the steps may be replaced without affecting the implementation purpose.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (9)
1. An information processing method, characterized by comprising:
receiving an external link creation request, and acquiring a target file corresponding to the external link creation request;
creating and sending first encrypted external link information corresponding to the target file according to the external link creation request; the first encrypted external link information is obtained by encrypting external link information for public key data, and the first encrypted external link information is decrypted by a requester by using a private key;
receiving second encrypted external link information, wherein the second encrypted external link information comprises external link information and characteristic identification information in the first encrypted external link information;
generating an encrypted file corresponding to the target file according to the second encrypted external link information;
and granting the operation authority corresponding to the encrypted file to the client corresponding to the characteristic identification information.
2. The method of claim 1, wherein prior to creating and sending first encrypted out-link information corresponding to the target file in accordance with the out-link creation request, the method further comprises:
performing confidential review on the target file;
the creating and sending the first encrypted external link information according to the external link creation request comprises:
and creating and sending the first encryption external link information according to the secret-related examination result of the target file.
3. The method of claim 2, wherein the target file comprises one or more files, and wherein performing a confidential review on the target file comprises:
inquiring the sensitive information of the target files one by one to obtain files with sensitive information and/or files without sensitive information;
the creating and sending the first encryption external link information according to the secret-related examination result of the target file comprises the following steps:
when the sensitive information query result does not comprise the file with the sensitive information, creating and sending the first encrypted external link information according to the target file and the external link creation request;
when the sensitive information query result comprises the file with the sensitive information, creating and sending the first encrypted external link information according to the file without the sensitive information and the external link creation request;
or,
sending an external link creation approval request according to the target file and the external link creation request;
the creating and sending the first encrypted external link information according to the secret-related examination result of the target file comprises:
and receiving response information responding to the external link creation approval request, and creating and sending the first encrypted external link information according to the external link creation request when the response information is passing information.
4. The method of claim 1, wherein the feature identification information comprises first identity information, and before granting the operation right corresponding to the encrypted file to the client corresponding to the feature identification information, the method further comprises:
judging whether the first identity information accords with authentication identity information;
the granting of the operation authority corresponding to the encrypted file to the client corresponding to the feature identification information comprises:
when the first identity information accords with the authentication identity information, operation permission corresponding to the encrypted file is granted to a client corresponding to the characteristic identification information;
and when the first identity information does not conform to the authentication identity information, not granting the operation authority corresponding to the encrypted file.
5. The method according to any one of claims 1 to 4, wherein the creating of the external link request carries creating identity information, and the creating and sending of the first encrypted external link information corresponding to the target file according to the external link creating request comprises:
acquiring first key data corresponding to the creation identity information; the first key data is the public key data;
creating original external link information corresponding to the target file according to the external link creation request;
adding the first key data into the original outer chain information through an asymmetric algorithm to obtain first encrypted outer chain information;
and sending the first encrypted external link information to a client corresponding to the identity information.
6. An information processing platform, comprising:
the data acquisition module is used for receiving an external link creation request and acquiring a target file corresponding to the external link creation request;
the data processing module is used for creating and sending first encrypted external link information corresponding to the target file according to the external link creation request; the first encrypted external link information is obtained by encrypting external link information for public key data, and the first encrypted external link information is decrypted by a requester by using a private key;
the data acquisition module is further configured to receive second encrypted external link information, where the second encrypted external link information includes external link information and feature identification information in the first encrypted external link information;
the data processing module is further used for generating an encrypted file corresponding to the target file according to the second encrypted external link information; granting an operation authority corresponding to the encrypted file to a client corresponding to the characteristic identification information;
and the data processing module is also used for sending the encrypted file to the client corresponding to the characteristic identification information.
7. An information processing method applied to at least a first client and a second client, the method comprising:
the first client is used for sending an external link establishing request to the information processing platform;
the first encryption external link information is received and decrypted to obtain external link information;
the outer link information is encrypted to obtain encrypted transmission outer link information;
the first client is also used for sending the encrypted transmission external link information to the second client;
the second client is used for receiving and decrypting the encrypted transmission outer link information to obtain outer link information;
the system comprises an external link information acquisition unit, a client and a server, wherein the external link information acquisition unit is used for acquiring external link information of a client;
the characteristic outer chain information is encrypted to obtain second encrypted outer chain information;
the second client is also used for sending the second encryption external link information to an information processing platform;
the second client is also used for receiving the encrypted file;
the second encryption external link information is used for encrypting the second encrypted external link information; when the user information accords with the second identity information, decrypting the encrypted file; and when the user information does not accord with the second identity information, destroying the encrypted file.
8. An information processing system is characterized by comprising at least a first client, a second client and an information processing platform; wherein,
the first client is used for sending an external link establishing request to the information processing platform;
the information processing platform is used for receiving an external link creation request and acquiring a target file corresponding to the external link creation request; creating and sending first encrypted external link information corresponding to the target file to the first client according to the external link creation request;
the first client is further used for receiving and decrypting the first encrypted external link information to obtain external link information; encrypting the outer link information to obtain encrypted transmission outer link information; sending the encrypted transmission outer link information to the second client;
the second client is used for receiving and decrypting the encrypted and transmitted external link information to obtain the external link information; adding the characteristic identification information representing the client into the external link information to obtain characteristic external link information; encrypting the characteristic outer link information to obtain second encrypted outer link information; sending the second encrypted external link information to an information processing platform;
the information processing platform is further used for receiving second encrypted external link information, wherein the second encrypted external link information comprises external link information and characteristic identification information in the first encrypted external link information; generating an encrypted file corresponding to the target file according to the second encrypted external link information; granting operation permission corresponding to the encrypted file to a client corresponding to the characteristic identification information; sending the encrypted file to a client corresponding to the characteristic identification information;
the second client is also used for receiving the encrypted file; verifying the user information of the encrypted file according to second identity information in the second encrypted external link information; when the user information accords with the second identity information, decrypting the encrypted file; and when the user information does not accord with the second identity information, destroying the encrypted file.
9. A computer-readable storage medium having stored therein computer-executable instructions for performing the information processing method of any one of claims 1 to 5 when the instructions are executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911066134.2A CN110807210B (en) | 2019-11-04 | 2019-11-04 | Information processing method, platform, system and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911066134.2A CN110807210B (en) | 2019-11-04 | 2019-11-04 | Information processing method, platform, system and computer storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110807210A CN110807210A (en) | 2020-02-18 |
| CN110807210B true CN110807210B (en) | 2022-07-15 |
Family
ID=69501112
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911066134.2A Active CN110807210B (en) | 2019-11-04 | 2019-11-04 | Information processing method, platform, system and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110807210B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111431896A (en) * | 2020-03-20 | 2020-07-17 | 上海中通吉网络技术有限公司 | Data sharing method and system |
| CN113986132A (en) * | 2021-10-27 | 2022-01-28 | 北京八分量信息科技有限公司 | Method, device and related product for sharing storage resources in heterogeneous network |
Family Cites Families (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9449183B2 (en) * | 2012-01-28 | 2016-09-20 | Jianqing Wu | Secure file drawer and safe |
| CN102685148B (en) * | 2012-05-31 | 2014-10-15 | 清华大学 | Method for realizing secure network backup system under cloud storage environment |
| CN104281814B (en) * | 2013-07-03 | 2018-11-02 | 江苏保旺达软件技术有限公司 | File anti-disclosure system and its working method |
| US10873454B2 (en) * | 2014-04-04 | 2020-12-22 | Zettaset, Inc. | Cloud storage encryption with variable block sizes |
| CN105306527A (en) * | 2015-09-14 | 2016-02-03 | 联想(北京)有限公司 | Data sharing method and device |
| CN106911654A (en) * | 2015-12-23 | 2017-06-30 | 北京奇虎科技有限公司 | A kind of data download method and device |
| CN106936579A (en) * | 2015-12-30 | 2017-07-07 | 航天信息股份有限公司 | Cloud storage data storage and read method based on trusted third party agency |
| CN106446707A (en) * | 2016-08-31 | 2017-02-22 | 北京明朝万达科技股份有限公司 | Dynamic data leakage prevention system and method |
| CN108259437B (en) * | 2016-12-29 | 2021-06-04 | 北京神州泰岳软件股份有限公司 | HTTP access method, HTTP server and system |
| CN108183943A (en) * | 2017-12-14 | 2018-06-19 | 宁波升维信息技术有限公司 | A kind of resource acquiring method |
| CN108737412B (en) * | 2018-05-15 | 2021-06-25 | 福建天晴数码有限公司 | Method and terminal for realizing data request |
| CN109905376B (en) * | 2019-02-01 | 2022-03-22 | 湖南快乐阳光互动娱乐传媒有限公司 | Method and system for preventing illegal access to server |
-
2019
- 2019-11-04 CN CN201911066134.2A patent/CN110807210B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN110807210A (en) | 2020-02-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3453136B1 (en) | Methods and apparatus for device authentication and secure data exchange between a server application and a device | |
| US9537864B2 (en) | Encryption system using web browsers and untrusted web servers | |
| CN110049016B (en) | Data query method, device, system, equipment and storage medium of block chain | |
| US8196186B2 (en) | Security architecture for peer-to-peer storage system | |
| CN109274652B (en) | Identity information verification system, method and device and computer storage medium | |
| US20100228987A1 (en) | System and method for securing information using remote access control and data encryption | |
| US11757877B1 (en) | Decentralized application authentication | |
| CN112632593B (en) | Data storage method, data processing method, device and storage medium | |
| EP2414983B1 (en) | Secure Data System | |
| CN112861157A (en) | Data sharing method based on decentralized identity and proxy re-encryption | |
| US7234060B1 (en) | Generation and use of digital signatures | |
| US7487535B1 (en) | Authentication on demand in a distributed network environment | |
| CN111193755B (en) | Data access method, data encryption method and data encryption and access system | |
| CN110807210B (en) | Information processing method, platform, system and computer storage medium | |
| CN110138558B (en) | Transmission method and device of session key and computer-readable storage medium | |
| CN108667800B (en) | Access authority authentication method and device | |
| CN113886793A (en) | Device login method, device, electronic device, system and storage medium | |
| CN112565156B (en) | Information registration method, device and system | |
| KR102053993B1 (en) | Method for Authenticating by using Certificate | |
| CN112688949B (en) | Access method, device, equipment and computer readable storage medium | |
| CN115514523A (en) | Data security access system, method, device and medium based on zero trust system | |
| KR20190114505A (en) | Single sign on service authentication method and system using token management demon | |
| KR20170111809A (en) | Bidirectional authentication method using security token based on symmetric key | |
| CN112769560B (en) | Key management method and related device | |
| CN113556365B (en) | Authentication result data transmission system, method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |