CN114567447B - Data sharing management method and device based on cloud server - Google Patents

Data sharing management method and device based on cloud server Download PDF

Info

Publication number
CN114567447B
CN114567447B CN202210441338.5A CN202210441338A CN114567447B CN 114567447 B CN114567447 B CN 114567447B CN 202210441338 A CN202210441338 A CN 202210441338A CN 114567447 B CN114567447 B CN 114567447B
Authority
CN
China
Prior art keywords
data
electronic document
sharing
cloud server
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210441338.5A
Other languages
Chinese (zh)
Other versions
CN114567447A (en
Inventor
杨胜
曾海波
袁平
唐必成
黄瑛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiaying Technology Co ltd
Original Assignee
Jiaying Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiaying Technology Co ltd filed Critical Jiaying Technology Co ltd
Priority to CN202210441338.5A priority Critical patent/CN114567447B/en
Publication of CN114567447A publication Critical patent/CN114567447A/en
Application granted granted Critical
Publication of CN114567447B publication Critical patent/CN114567447B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/176Support for shared access to files; File sharing support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Abstract

The invention discloses a data sharing management method and device based on a cloud server, wherein the method comprises the following steps: receiving a data uploading request of a terminal user, and performing identity authentication and issuing data uploading authority; the cloud server receives a data stream uploaded by a terminal user; constructing an electronic document of the received data stream according to a document format selected by a user to form a data electronic document; carrying out watermark signature processing on the data electronic document to form a data sharing electronic document; encrypting the corresponding digital certificate chain to obtain an encrypted data sharing electronic document; and storing the encrypted data sharing electronic document on a cloud server according to a preset storage form, and sharing the encrypted data sharing electronic document outwards based on a sharing access interface provided by the cloud server. In the embodiment of the invention, the secret-related data can be pertinently shared according to the corresponding secret-related grade, and the security of the secret-related data is ensured.

Description

Data sharing management method and device based on cloud server
Technical Field
The invention relates to the technical field of data sharing, in particular to a data sharing management method and device based on a cloud server.
Background
In some large enterprises, some confidential data need to be shared in a limited range, in the existing sharing mode, the confidential data are generally stored in different servers according to confidential grades, then login shields such as the servers are distributed to corresponding personnel who inquire the confidential data, and the corresponding personnel log in the corresponding servers through the login shields to check or share the corresponding confidential data; thus, a plurality of different servers are needed to store the confidential data of different levels, and the resource may be wasted; moreover, the data does not carry out independent encryption processing on the confidential data on the related server, so that people can pretend to be a login shield to log in the corresponding server easily, and the problem of secret leakage of the confidential data is caused.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, and provides a data sharing management method and device based on a cloud server, which can realize the targeted storage and sharing of secret-related data on one server according to corresponding secret-related grades, so that the security of the secret-related data is ensured.
In order to solve the above technical problem, an embodiment of the present invention provides a data sharing management method based on a cloud server, where the method includes:
the method comprises the following steps that a cloud server receives a data uploading request of a terminal user, and performs identity authentication and data uploading permission issuing on the terminal user;
the cloud server receives a data stream uploaded by the terminal user, wherein the data stream comprises data information, a user electronic signature and a selected corresponding document format;
the cloud server builds an electronic document of the received data stream according to a document format selected by a user to form a data electronic document;
performing watermark signature processing on the data electronic document by using a watermark signature rule based on the user electronic signature to form a data sharing electronic document;
encrypting by using a corresponding digital certificate chain based on the sharing grade of the data sharing electronic document to obtain an encrypted data sharing electronic document;
and storing the encrypted data sharing electronic document on the cloud server according to a preset storage form, and sharing the encrypted data sharing electronic document outwards based on a sharing access interface provided by the cloud server.
Optionally, the cloud server receives a data upload request of a terminal user, and performs identity authentication and issues a data upload permission for the terminal user, including:
the authorization center of the cloud server receives a data uploading request of the terminal user, generates an electronic document to be authenticated based on the data uploading request and the terminal user identity information, and sends the electronic document to the terminal user;
the terminal user carries out user identity authentication processing on the identity authentication center on the cloud server based on the electronic document to be authenticated to form an identity information authentication electronic document;
and the authorization center issues data uploading authority to the terminal user based on the identity authentication electronic document.
Optionally, the issuing, by the authorization center, a data upload permission to the terminal user based on the identity authentication electronic document includes:
the terminal user generates a random number based on the user characteristic information in the identity information authentication electronic document, and utilizes a public chain certificate private key to carry out electronic signature to generate an uploading request authorization application of a data uploading request provided to the authorization center;
and the authorization center verifies the validity of the uploading request authorization application, and after the validity is passed, the authorization center issues data uploading permission to the terminal user based on a preset authorization strategy.
Optionally, the receiving, by the cloud server, the data stream uploaded by the end user includes:
the terminal user selects a corresponding document format based on the data uploading authority, constructs the data information, the user electronic signature and the selected corresponding document format into a data stream, and sends the data stream to the cloud server;
and the cloud server receives the data stream uploaded by the terminal user.
Optionally, the cloud server constructs an electronic document from the received data stream according to a document format selected by the user, and forms a data electronic document, including:
the cloud server matches the corresponding document format to the corresponding matched file format template based on the selected corresponding document format in the data stream;
and filling the data information in the data stream into a corresponding matched file format template according to a preset filling rule to construct an electronic document, and forming the data electronic document.
Optionally, the performing watermark signature processing on the data electronic document by using a watermark signature rule based on the user electronic signature to form a data sharing electronic document includes:
acquiring watermark parameters in the watermark signature rule, and performing watermark construction processing by using the user electronic signature based on the watermark parameters to acquire the user electronic signature watermark;
and loading the user electronic signature watermark to the designated signature position of the data electronic document to form a data sharing electronic document.
Optionally, the encrypting the data-sharing electronic document based on the sharing level of the data-sharing electronic document by using the corresponding digital certificate chain to obtain an encrypted data-sharing electronic document includes:
obtaining the sharing grade of the terminal user for dividing the data sharing electronic document;
and matching the digital certificate chain corresponding to the sharing level in a sharing level encryption database, and encrypting the data sharing electronic document by using the sharing level and the corresponding digital certificate chain to obtain an encrypted data sharing electronic document.
Optionally, the storing the encrypted data sharing electronic document on the cloud server according to a preset storage form includes:
acquiring a user name of a terminal user for uploading data in the encrypted data sharing electronic document and a retrieval keyword during data sharing;
respectively constructing an index relationship between the encrypted data sharing electronic document and the user name and between the encrypted data sharing electronic document and the retrieval key words;
and storing the encrypted data sharing electronic document on the cloud server according to a preset storage form, and storing the user name and the retrieval keyword in an index database in a matching manner.
Optionally, the sharing processing of the encrypted data sharing electronic document based on the sharing access interface provided by the cloud server includes:
the cloud server obtains the name of the encrypted data sharing electronic document stored on the cloud server, and updates a current sharing directory by using the name of the encrypted data sharing electronic document;
and the cloud server carries out sharing processing on the updated shared directory through the shared access interface.
In addition, an embodiment of the present invention further provides a data sharing management apparatus based on a cloud server, where the apparatus includes:
the authority obtaining module: the system comprises a cloud server, a data uploading server and a data uploading server, wherein the cloud server is used for receiving a data uploading request of a terminal user, authenticating the identity of the terminal user and issuing data uploading authority;
a data receiving module: the cloud server is used for receiving a data stream uploaded by the terminal user, wherein the data stream comprises data information, a user electronic signature and a selected corresponding document format;
the document construction module: the cloud server is used for constructing an electronic document of the received data stream according to a document format selected by a user to form a data electronic document;
a watermark signature module: the electronic document processing device is used for carrying out watermark signature processing on the data electronic document by utilizing a watermark signature rule based on the user electronic signature to form a data sharing electronic document;
the document encryption module: the electronic document encryption device is used for carrying out encryption processing by utilizing a corresponding digital certificate chain based on the sharing level of the data sharing electronic document to obtain an encrypted data sharing electronic document;
an external sharing module: the cloud server is used for storing the encrypted data sharing electronic document on the cloud server according to a preset storage form and sharing the encrypted data sharing electronic document outwards based on a sharing access interface provided by the cloud server.
In the embodiment of the invention, data uploading is realized through the data uploading authority of the terminal user, meanwhile, a data electronic document is formed on the cloud server, watermark signing and encryption processing are sequentially carried out to form an encrypted data sharing electronic document, then corresponding storage processing is carried out, and finally external sharing processing is carried out, so that the aim of carrying out targeted storage and sharing on secret-related data according to corresponding secret-related grades on one server can be realized, and the safety of the secret-related data is ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic flowchart of a cloud server-based data sharing management method according to an embodiment of the present invention;
fig. 2 is a structural entity diagram of the cloud server-based data sharing management apparatus according to the embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example one
Referring to fig. 1, fig. 1 is a schematic flowchart illustrating a data sharing management method based on a cloud server according to an embodiment of the present invention.
As shown in fig. 1, a data sharing management method based on a cloud server includes:
s11: the method comprises the following steps that a cloud server receives a data uploading request of a terminal user, and performs identity authentication and data uploading permission issuing on the terminal user;
in the specific implementation process of the invention, the cloud server receives a data uploading request of a terminal user, and performs identity authentication and data uploading permission on the terminal user, and the method comprises the following steps: the authorization center of the cloud server receives a data uploading request of the terminal user, generates an electronic document to be authenticated based on the data uploading request and the terminal user identity information, and sends the electronic document to the terminal user; the terminal user carries out user identity authentication processing on the identity authentication center on the cloud server based on the electronic document to be authenticated to form an identity information authentication electronic document; and the authorization center issues data uploading authority to the terminal user based on the identity authentication electronic document.
Further, the authorization center issues a data uploading right to the terminal user based on the identity authentication electronic document, including: the terminal user generates a random number based on the user characteristic information in the identity information authentication electronic document, and utilizes a public chain certificate private key to carry out electronic signature to generate an uploading request authorization application of a data uploading request provided to the authorization center; and the authorization center verifies the validity of the uploading request authorization application and issues data uploading permission to the terminal user based on a preset authorization strategy after the validity is passed.
Specifically, a module is created on the cloud server, and the module is an authorization center and is mainly used for authorizing a user who accesses the cloud server, wherein the authorization includes authorization during data uploading, receipt inquiry authorization, data management authorization and the like; when an authorization center of the cloud server receives a data uploading request of a terminal user, generating an electronic document to be authenticated according to the data uploading request and terminal user identity information, issuing the electronic document to be authenticated to the terminal user, and performing user identity authentication processing on the terminal user according to an identity authentication center of the electronic document to be authenticated on the cloud server, so that an identity information authentication electronic document is formed when the identity authentication of the terminal user passes; and finally, the authorization center issues data uploading authority to the terminal user according to the identity authentication electronic document.
The method comprises the steps that user identity authentication processing is carried out on a terminal user according to an identity authentication center of an electronic document to be authenticated on a cloud server, and specifically comprises double identity authentication processing, account password authentication processing of the user is firstly carried out, corresponding account information and corresponding password information are input on the terminal user according to a provided account input frame and a corresponding password input frame, the account information and the corresponding password information are uploaded to the identity authentication center in the cloud server to carry out primary identity authentication processing, after identity authentication is passed, the identity authentication center of the cloud server calls camera equipment of a terminal where the terminal user is located to collect face information or living body fingerprint information of the user to carry out secondary identity authentication processing, and under the condition that the two times of identity authentication are passed, the identity information authentication electronic document can be formed.
When an authorization center issues data uploading authority to a terminal user according to an identity authentication electronic document, the terminal user firstly generates a random number according to user characteristic information in the identity authentication electronic document, and carries out electronic signature processing by using a private key of a public chain certificate, and generates an uploading request authorization application of a data uploading request provided to the authorization center; and then the authorization center issues data uploading authority to the terminal user according to a preset authorization strategy after verifying the validity of the uploading request authorization application.
The preset authorization policy comprises the highest authority of the identity of the user on the cloud server, and the granted authority cannot be higher than the highest authority.
S12: the cloud server receives a data stream uploaded by the terminal user, wherein the data stream comprises data information, a user electronic signature and a selected corresponding document format;
in a specific implementation process of the present invention, the receiving, by the cloud server, the data stream uploaded by the terminal user includes: the terminal user selects a corresponding document format based on the data uploading authority, constructs the data information, the user electronic signature and the selected corresponding document format into a data stream, and sends the data stream to the cloud server; and the cloud server receives the data stream uploaded by the terminal user.
Specifically, the terminal user selects a corresponding document format according to the data uploading authority, constructs the data information, the user electronic signature and the selected corresponding document format as a data stream, and sends the data stream to the cloud server; the cloud server receives the data; i.e. the data stream comprises data information, the user electronic signature and the selection of the corresponding document format.
S13: the cloud server builds an electronic document of the received data stream according to a document format selected by a user to form a data electronic document;
in the specific implementation process of the present invention, the cloud server constructs an electronic document from a received data stream according to a document format selected by a user, and forms a data electronic document, including: the cloud server matches the corresponding document format to the corresponding matched file format template based on the selected corresponding document format in the data stream; and filling the data information in the data stream into a corresponding matched file format template according to a preset filling rule to construct an electronic document, and forming the data electronic document.
Specifically, the cloud server matches the corresponding matching file format template according to the selected corresponding file format in the data stream, and then fills the data information in the data stream into the corresponding matching file format template according to a preset filling rule to construct an electronic document, so as to form the data electronic document.
S14: performing watermark signature processing on the data electronic document by using a watermark signature rule based on the user electronic signature to form a data sharing electronic document;
in a specific implementation process of the present invention, the performing watermark signature processing on the data electronic document by using a watermark signature rule based on the user electronic signature to form a data sharing electronic document includes: acquiring watermark parameters in the watermark signature rule, and performing watermark construction processing by using the user electronic signature based on the watermark parameters to acquire a user electronic signature watermark; and loading the user electronic signature watermark to the designated signature position of the data electronic document to form a data sharing electronic document.
Specifically, firstly, obtaining watermark parameters in the watermark signature rule on the cloud server according to the preset settings, and performing watermark construction processing by using the user electronic signature according to the watermark parameters, and then obtaining the user electronic signature watermark, wherein when the watermark is constructed, the watermark construction processing is mainly performed on the user electronic signature by using parameters such as the watermark type, the watermark size and the watermark transparency in the watermark parameters; finally, the user electronic signature watermark is loaded to the appointed signature position of the data electronic document to form a data sharing electronic document; the formed data sharing electronic document is signed by loading the signature watermark, so that the data sharing electronic document has more information, and meanwhile, the watermark signature cannot be changed, and the data security is guaranteed.
S15: encrypting by using a corresponding digital certificate chain based on the sharing level of the data sharing electronic document to obtain an encrypted data sharing electronic document;
in a specific implementation process of the present invention, the encrypting the sharing level of the data sharing electronic document by using the corresponding digital certificate chain to obtain the encrypted data sharing electronic document includes: obtaining the sharing grade of the terminal user for dividing the data sharing electronic document; and matching the digital certificate chain corresponding to the sharing level in a sharing level encryption database, and encrypting the data sharing electronic document by using the sharing level and the corresponding digital certificate chain to obtain the encrypted data sharing electronic document.
Specifically, the sharing level of the data sharing electronic document divided by the end user is obtained; then, matching the sharing level in a sharing level encryption database to obtain a digital certificate chain corresponding to the sharing level, and encrypting the data sharing electronic document by using the sharing level and the corresponding digital certificate chain to obtain an encrypted data sharing electronic document; the digital certificate chain is a certificate created for different security sharing levels and also comprises a corresponding root CA certificate; after the corresponding root CA certificate user passes the identity authentication of the subsequent shared user, when the server authorizes the inquiry authority according to the inquiry authority level of the shared user, the inquiry authority level of the security period issues the corresponding root CA certificate; the corresponding encrypted data-sharing electronic document can be queried.
S16: and storing the encrypted data sharing electronic document on the cloud server according to a preset storage form, and sharing the encrypted data sharing electronic document outwards based on a sharing access interface provided by the cloud server.
In a specific implementation process of the present invention, the storing the encrypted data sharing electronic document on the cloud server according to a preset storage form includes: acquiring a user name of a terminal user for uploading data in the encrypted data sharing electronic document and a retrieval keyword during data sharing; respectively constructing an index relationship between the encrypted data sharing electronic document and the user name and between the encrypted data sharing electronic document and the retrieval key words; and storing the encrypted data sharing electronic document on the cloud server according to a preset storage form, and storing the user name and the retrieval keyword in an index database in a matching manner.
Further, the sharing the encrypted data sharing electronic document to the outside based on the sharing access interface provided by the cloud server includes: the cloud server obtains the name of the encrypted data sharing electronic document stored on the cloud server, and updates a current sharing directory by using the name of the encrypted data sharing electronic document; and the cloud server carries out sharing processing on the updated shared directory through the shared access interface.
Specifically, firstly, a user name of a terminal user for uploading data in the encrypted data sharing electronic document and a retrieval keyword during data sharing are obtained; then, establishing an index relationship between the encrypted data sharing electronic document and the user name and between the encrypted data sharing electronic document and the retrieval key words respectively; the encrypted data sharing electronic document can be inquired through the user name and the retrieval keyword during data sharing; and then, storing the secret data sharing electronic document on a cloud server according to a preset storage form, and matching and storing the user name and the retrieval key word in an index database. Therefore, the subsequent shared user can conveniently inquire and retrieve the secret data sharing electronic document, so that the shared user can quickly find related stable data, the inquiry time is shortened, and the use experience of the user is provided.
Further, after obtaining the name of the encrypted data sharing electronic document stored on the cloud server, the cloud server updates the current sharing directory by using the name of the encrypted data sharing electronic document; and then, the updated shared directory is subjected to sharing processing through a shared access interface by the cloud server.
In addition, when a terminal user needs to manage the shared encrypted data sharing electronic document, a management application needs to be sent to an authorization center of the cloud server, and corresponding authorization management permissions are sent to the terminal user through the authorization center according to the authorization mode in the step one, so that the existing encrypted data sharing electronic document can be correspondingly managed, wherein the permissions include editing permissions, deleting permissions and the like; the shared user also needs to apply for the inquiry authority to the authorization center, the authorization center needs to issue the inquiry authority to the shared user according to the authority of the shared user, the inquiry authority comprises a root CA certificate with time limit corresponding to the inquiry authority, so that the shared user can inquire, read and the like the encrypted data sharing electronic document with the inquiry authority by using the root CA certificate at the corresponding time limit.
In the embodiment of the invention, data uploading is realized through the data uploading authority of the terminal user, meanwhile, a data electronic document is formed on the cloud server, watermark signing and encryption processing are sequentially carried out to form an encrypted data sharing electronic document, then corresponding storage processing is carried out, and finally external sharing processing is carried out, so that the aim of carrying out targeted storage and sharing on secret-related data according to corresponding secret-related grades on one server can be realized, and the safety of the secret-related data is ensured.
Example two
Referring to fig. 2, fig. 2 is a structural entity diagram of a data sharing management apparatus based on a cloud server in an embodiment of the present invention.
As shown in fig. 2, a data sharing management apparatus based on a cloud server, the apparatus includes:
the right acquisition module 21: the method comprises the steps that a cloud server receives a data uploading request of a terminal user, and performs identity authentication and data uploading permission on the terminal user;
in the specific implementation process of the invention, the cloud server receives a data uploading request of a terminal user, and performs identity authentication and data uploading permission on the terminal user, and the method comprises the following steps: the authorization center of the cloud server receives a data uploading request of the terminal user, generates an electronic document to be authenticated based on the data uploading request and the terminal user identity information, and sends the electronic document to the terminal user; the terminal user carries out user identity authentication processing on the identity authentication center on the cloud server based on the electronic document to be authenticated to form an identity information authentication electronic document; and the authorization center issues data uploading authority to the terminal user based on the identity authentication electronic document.
Further, the authorization center issues a data uploading permission to the terminal user based on the identity authentication electronic document, and the method includes: the terminal user generates a random number based on the user characteristic information in the identity information authentication electronic document, and utilizes a public chain certificate private key to carry out electronic signature to generate an uploading request authorization application of a data uploading request provided to the authorization center; and the authorization center verifies the validity of the uploading request authorization application and issues data uploading permission to the terminal user based on a preset authorization strategy after the validity is passed.
Specifically, a module is created on the cloud server, and the module is an authorization center and is mainly used for authorizing a user who accesses the cloud server, wherein the authorization includes authorization during data uploading, receipt inquiry authorization, data management authorization and the like; when an authorization center of the cloud server receives a data uploading request of a terminal user, generating an electronic document to be authenticated according to the data uploading request and terminal user identity information, issuing the electronic document to be authenticated to the terminal user, and performing user identity authentication processing on the terminal user according to an identity authentication center of the electronic document to be authenticated on the cloud server, so that an identity information authentication electronic document is formed when the identity authentication of the terminal user passes; and finally, the authorization center issues data uploading authority to the terminal user according to the identity authentication electronic document.
The method comprises the steps that user identity authentication processing is carried out on a terminal user according to an identity authentication center of an electronic document to be authenticated on a cloud server, and specifically comprises double identity authentication processing, account password authentication processing of the user is firstly carried out, corresponding account information and corresponding password information are input on the terminal user according to a provided account input frame and a corresponding password input frame, the account information and the corresponding password information are uploaded to the identity authentication center in the cloud server to carry out primary identity authentication processing, after identity authentication is passed, the identity authentication center of the cloud server calls camera equipment of a terminal where the terminal user is located to collect face information or living body fingerprint information of the user to carry out secondary identity authentication processing, and under the condition that the two times of identity authentication are passed, the identity information authentication electronic document can be formed.
When an authorization center issues data uploading authority to a terminal user according to an identity authentication electronic document, the terminal user firstly generates a random number according to user characteristic information in the identity authentication electronic document, and carries out electronic signature processing by using a private key of a public chain certificate, and generates an uploading request authorization application of a data uploading request provided to the authorization center; and then the authorization center issues data uploading authority to the terminal user according to a preset authorization strategy after verifying the validity of the uploading request authorization application.
The preset authorization policy comprises the highest authority of the identity of the user on the cloud server, and the granted authority cannot be higher than the highest authority.
The data receiving module 22: the cloud server is used for receiving a data stream uploaded by the terminal user, wherein the data stream comprises data information, a user electronic signature and a selected corresponding document format;
in a specific implementation process of the present invention, the receiving, by the cloud server, the data stream uploaded by the terminal user includes: the terminal user selects a corresponding document format based on the data uploading authority, constructs the data information, the user electronic signature and the selected corresponding document format into a data stream, and sends the data stream to the cloud server; and the cloud server receives the data stream uploaded by the terminal user.
Specifically, the terminal user selects a corresponding document format according to the data uploading authority, constructs the data information, the user electronic signature and the selected corresponding document format as a data stream, and sends the data stream to the cloud server; the cloud server receives the data; i.e. the data stream comprises data information, the user electronic signature and the selection of the corresponding document format.
The document building module 23: the cloud server is used for constructing an electronic document of the received data stream according to a document format selected by a user to form a data electronic document;
in the specific implementation process of the invention, the cloud server constructs the electronic document of the received data stream according to the document format selected by the user to form the data electronic document, and the method comprises the following steps: the cloud server matches the corresponding document format to the corresponding matched file format template based on the selected corresponding document format in the data stream; and filling the data information in the data stream into a corresponding matched file format template according to a preset filling rule to construct an electronic document, and forming the data electronic document.
Specifically, the cloud server matches the corresponding matching file format template according to the selected corresponding file format in the data stream, and then fills the data information in the data stream into the corresponding matching file format template according to a preset filling rule to construct an electronic document, so as to form the data electronic document.
The watermark signature module 24: the electronic document processing device is used for carrying out watermark signature processing on the data electronic document by utilizing a watermark signature rule based on the user electronic signature to form a data sharing electronic document;
in a specific implementation process of the present invention, the performing watermark signature processing on the data electronic document by using a watermark signature rule based on the user electronic signature to form a data sharing electronic document includes: acquiring watermark parameters in the watermark signature rule, and performing watermark construction processing by using the user electronic signature based on the watermark parameters to acquire a user electronic signature watermark; and loading the user electronic signature watermark to the designated signature position of the data electronic document to form a data sharing electronic document.
Specifically, firstly, obtaining a watermark parameter in the watermark signature rule according to presetting on the cloud server, and carrying out watermark construction processing by using the user electronic signature according to the watermark parameter, and then obtaining a user electronic signature watermark, wherein when the watermark is constructed, the watermark construction processing is mainly carried out on the user electronic signature by using parameters such as the watermark type, the watermark size and the watermark transparency in the watermark parameter; finally, the user electronic signature watermark is loaded to the appointed signature position of the data electronic document to form a data sharing electronic document; the formed data sharing electronic document is signed by loading the signature watermark, so that the data sharing electronic document has more information, and meanwhile, the watermark signature cannot be changed, and the data security is guaranteed.
The document encryption module 25: the electronic document encryption device is used for carrying out encryption processing by utilizing a corresponding digital certificate chain based on the sharing level of the data sharing electronic document to obtain an encrypted data sharing electronic document;
in a specific implementation process of the present invention, the encrypting the sharing level of the data sharing electronic document by using the corresponding digital certificate chain to obtain the encrypted data sharing electronic document includes: obtaining the sharing grade of the data sharing electronic document divided by the terminal user; and matching the digital certificate chain corresponding to the sharing level in a sharing level encryption database, and encrypting the data sharing electronic document by using the sharing level and the corresponding digital certificate chain to obtain an encrypted data sharing electronic document.
Specifically, the sharing level of the data sharing electronic document divided by the end user is obtained; then, matching the sharing level in a sharing level encryption database to obtain a digital certificate chain corresponding to the sharing level, and encrypting the data sharing electronic document by using the sharing level and the corresponding digital certificate chain to obtain an encrypted data sharing electronic document; the digital certificate chain is a certificate created for different security sharing levels and also comprises a corresponding root CA certificate; after the corresponding root CA certificate user passes the identity authentication of the subsequent shared user, when the server authorizes the inquiry authority according to the inquiry authority level of the shared user, the inquiry authority level of the security period issues the corresponding root CA certificate; the corresponding encrypted data-sharing electronic document can be queried.
External sharing module 26: the cloud server is used for storing the encrypted data sharing electronic document on the cloud server according to a preset storage form and sharing the encrypted data sharing electronic document outwards based on a sharing access interface provided by the cloud server.
In a specific implementation process of the present invention, the storing the encrypted data sharing electronic document on the cloud server according to a preset storage form includes: acquiring a user name of a terminal user for uploading data in the encrypted data sharing electronic document and a retrieval keyword during data sharing; respectively constructing an index relationship between the encrypted data sharing electronic document and the user name and between the encrypted data sharing electronic document and the retrieval key words; and storing the encrypted data sharing electronic document on the cloud server according to a preset storage form, and storing the user name and the retrieval keyword in an index database in a matching manner.
Further, the sharing processing of the encrypted data sharing electronic document to the outside based on the sharing access interface provided by the cloud server includes: the cloud server obtains the name of the encrypted data sharing electronic document stored on the cloud server, and updates a current sharing directory by using the name of the encrypted data sharing electronic document; and the cloud server carries out sharing processing on the updated shared directory through the shared access interface.
Specifically, firstly, a user name of a terminal user for uploading data in the encrypted data sharing electronic document and a retrieval keyword during data sharing are obtained; then, establishing an index relationship between the encrypted data sharing electronic document and the user name and between the encrypted data sharing electronic document and the retrieval key words respectively; the encrypted data sharing electronic document can be inquired through the user name and the retrieval keywords during data sharing; and then, storing the secret data sharing electronic document on a cloud server according to a preset storage form, and matching and storing the user name and the retrieval key word in an index database. Therefore, the inquiry and the retrieval of the follow-up shared user to the secret data sharing electronic document can be facilitated, so that the shared user can quickly find out related stable data, the inquiry time is shortened, and the use experience of the user is provided.
Further, after obtaining the name of the encrypted data sharing electronic document stored on the cloud server, the cloud server updates the current sharing directory by using the name of the encrypted data sharing electronic document; and then, the updated shared directory is subjected to sharing processing through a shared access interface by the cloud server.
In addition, when a terminal user needs to manage the shared encrypted data sharing electronic document, a management application needs to be sent to an authorization center of the cloud server, and corresponding authorization management permissions are sent to the terminal user through the authorization center according to the authorization mode in the step one, so that the existing encrypted data sharing electronic document can be correspondingly managed, wherein the permissions include editing permissions, deleting permissions and the like; the shared user also needs to apply for the inquiry authority to the authorization center, the authorization center needs to issue the inquiry authority to the shared user according to the authority of the shared user, the inquiry authority comprises a root CA certificate with time limit corresponding to the inquiry authority, so that the shared user can inquire, read and the like the encrypted data sharing electronic document with the inquiry authority by using the root CA certificate at the corresponding time limit.
In the embodiment of the invention, the data uploading is realized through the data uploading authority of the terminal user, meanwhile, the data electronic document is formed on the cloud server, the watermark signing and the encryption processing are sequentially carried out to form the encrypted data sharing electronic document, then, the corresponding storage processing is carried out, and finally, the external sharing processing is carried out, so that the aim of carrying out the targeted storage and sharing on the secret-related data according to the corresponding secret-related grade can be realized on one server, and the safety of the secret-related data is ensured.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable storage medium, and the storage medium may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.
In addition, the data sharing management method and apparatus based on the cloud server provided by the embodiment of the present invention are described in detail, and a specific example should be adopted herein to explain the principle and the implementation manner of the present invention, and the description of the above embodiment is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (8)

1. A data sharing management method based on a cloud server is characterized by comprising the following steps:
the method comprises the following steps that a cloud server receives a data uploading request of a terminal user, and performs identity authentication and data uploading permission issuing on the terminal user;
the cloud server receives a data stream uploaded by the terminal user, wherein the data stream comprises data information, a user electronic signature and a selected corresponding document format;
the cloud server builds an electronic document of the received data stream according to a document format selected by a user to form a data electronic document;
performing watermark signature processing on the data electronic document by using a watermark signature rule based on the user electronic signature to form a data sharing electronic document;
encrypting by using a corresponding digital certificate chain based on the sharing grade of the data sharing electronic document to obtain an encrypted data sharing electronic document;
storing the encrypted data sharing electronic document on the cloud server according to a preset storage form, and sharing the encrypted data sharing electronic document outwards based on a sharing access interface provided by the cloud server;
the cloud server receives a data uploading request of a terminal user, performs identity authentication on the terminal user and issues a data uploading permission, and the method comprises the following steps:
the authorization center of the cloud server receives a data uploading request of the terminal user, generates an electronic document to be authenticated based on the data uploading request and the terminal user identity information, and sends the electronic document to the terminal user;
the terminal user carries out user identity authentication processing on the identity authentication center on the cloud server based on the electronic document to be authenticated to form an identity information authentication electronic document;
the authorization center authenticates the electronic document based on the identity information and issues a data uploading authority to the terminal user;
the authorization center issues data uploading authority to the terminal user based on the identity information authentication electronic document, and the authorization center comprises:
the terminal user generates a random number based on the user characteristic information in the identity information authentication electronic document, and utilizes a public chain certificate private key to carry out electronic signature to generate an uploading request authorization application of a data uploading request provided to the authorization center;
and the authorization center verifies the validity of the uploading request authorization application and issues data uploading permission to the terminal user based on a preset authorization strategy after the validity is passed.
2. The data sharing management method according to claim 1, wherein the receiving, by the cloud server, the data stream uploaded by the end user comprises:
the terminal user selects a corresponding document format based on the data uploading authority, constructs the data information, the user electronic signature and the selected corresponding document format into a data stream, and sends the data stream to the cloud server;
and the cloud server receives the data stream uploaded by the terminal user.
3. The data sharing management method according to claim 1, wherein the cloud server constructs an electronic document from the received data stream according to a document format selected by a user, and forms a data electronic document, including:
the cloud server matches a corresponding matched file format template based on the selected corresponding document format in the data stream;
and filling the data information in the data stream into a corresponding matched file format template according to a preset filling rule to construct an electronic document, and forming the data electronic document.
4. The data sharing management method according to claim 1, wherein the performing a watermark signature process on the data electronic document based on the user electronic signature by using a watermark signature rule to form a data sharing electronic document comprises:
acquiring watermark parameters in the watermark signature rule, and performing watermark construction processing by using the user electronic signature based on the watermark parameters to acquire the user electronic signature watermark;
and loading the user electronic signature watermark to the designated signature position of the data electronic document to form a data sharing electronic document.
5. The data sharing management method according to claim 1, wherein the encrypting process using the corresponding digital certificate chain based on the sharing level of the data sharing electronic document to obtain an encrypted data sharing electronic document comprises:
obtaining the sharing grade of the terminal user for dividing the data sharing electronic document;
and matching the digital certificate chain corresponding to the sharing level in a sharing level encryption database, and encrypting the data sharing electronic document by using the sharing level and the corresponding digital certificate chain to obtain an encrypted data sharing electronic document.
6. The data sharing management method according to claim 1, wherein the storing the encrypted data sharing electronic document on the cloud server according to a preset storage form includes:
acquiring a user name of a terminal user for uploading data in the encrypted data sharing electronic document and a retrieval keyword during data sharing;
respectively constructing an index relationship between the encrypted data sharing electronic document and the user name and between the encrypted data sharing electronic document and the retrieval key words;
and storing the encrypted data sharing electronic document on the cloud server according to a preset storage form, and storing the user name and the retrieval keyword in an index database in a matching manner.
7. The data sharing management method according to claim 1, wherein the sharing processing of the encrypted data sharing electronic document to the outside based on the sharing access interface provided by the cloud server includes:
the cloud server obtains the name of the encrypted data sharing electronic document stored on the cloud server, and updates the current sharing directory by using the name of the encrypted data sharing electronic document;
and the cloud server carries out sharing processing on the updated shared directory through the shared access interface.
8. A data sharing management device based on a cloud server, the device comprising:
an authority obtaining module: the method comprises the steps that a cloud server receives a data uploading request of a terminal user, and performs identity authentication and data uploading permission on the terminal user;
a data receiving module: the cloud server is used for receiving a data stream uploaded by the terminal user, wherein the data stream comprises data information, a user electronic signature and a selected corresponding document format;
the document construction module: the cloud server is used for constructing an electronic document of the received data stream according to a document format selected by a user to form a data electronic document;
a watermark signature module: the electronic document processing device is used for carrying out watermark signature processing on the data electronic document by utilizing a watermark signature rule based on the user electronic signature to form a data sharing electronic document;
the document encryption module: the electronic document encryption device is used for encrypting the data sharing electronic document by utilizing the corresponding digital certificate chain based on the sharing grade of the data sharing electronic document to obtain an encrypted data sharing electronic document;
an external sharing module: the cloud server is used for storing the encrypted data sharing electronic document on the cloud server according to a preset storage form and sharing the encrypted data sharing electronic document outwards based on a sharing access interface provided by the cloud server;
the cloud server receives a data uploading request of a terminal user, performs identity authentication on the terminal user and issues a data uploading permission, and the method comprises the following steps:
the authorization center of the cloud server receives a data uploading request of the terminal user, generates an electronic document to be authenticated based on the data uploading request and the terminal user identity information, and sends the electronic document to the terminal user;
the terminal user carries out user identity authentication processing on the basis of the electronic document to be authenticated in an identity authentication center on the cloud server to form an identity information authentication electronic document;
the authorization center authenticates the electronic document based on the identity information and issues a data uploading authority to the terminal user;
the authorization center issues data uploading authority to the terminal user based on the identity information authentication electronic document, and the authorization center comprises:
the terminal user generates a random number based on the user characteristic information in the identity information authentication electronic document, and utilizes a public chain certificate private key to carry out electronic signature to generate an uploading request authorization application of a data uploading request provided to the authorization center;
and the authorization center verifies the validity of the uploading request authorization application, and after the validity is passed, the authorization center issues data uploading permission to the terminal user based on a preset authorization strategy.
CN202210441338.5A 2022-04-26 2022-04-26 Data sharing management method and device based on cloud server Active CN114567447B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210441338.5A CN114567447B (en) 2022-04-26 2022-04-26 Data sharing management method and device based on cloud server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210441338.5A CN114567447B (en) 2022-04-26 2022-04-26 Data sharing management method and device based on cloud server

Publications (2)

Publication Number Publication Date
CN114567447A CN114567447A (en) 2022-05-31
CN114567447B true CN114567447B (en) 2022-07-19

Family

ID=81721526

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210441338.5A Active CN114567447B (en) 2022-04-26 2022-04-26 Data sharing management method and device based on cloud server

Country Status (1)

Country Link
CN (1) CN114567447B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114942912B (en) * 2022-07-25 2022-12-23 天津联想协同科技有限公司 Network disk file collection method and device, network disk and storage medium
CN115348295A (en) * 2022-08-26 2022-11-15 中国长江三峡集团有限公司 Data sharing method and device for offshore wind power equipment
CN117112499B (en) * 2023-10-25 2024-01-02 数研院(福建)信息产业发展有限公司 Data directory grading method, medium and equipment
CN117424757B (en) * 2023-12-18 2024-03-12 佳瑛科技有限公司 Data encryption method and device based on cloud database storage

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005196614A (en) * 2004-01-09 2005-07-21 Sony Corp Information processing system and information processing method
CN102014133A (en) * 2010-11-26 2011-04-13 清华大学 Method for implementing safe storage system in cloud storage environment
CN103002029A (en) * 2012-11-26 2013-03-27 北京百度网讯科技有限公司 Management method, system and client for uploaded files
CN104158827A (en) * 2014-09-04 2014-11-19 中电长城网际系统应用有限公司 Cryptograph data sharing method and device, inquiring server and data uploading client terminal
CN105025041A (en) * 2015-08-25 2015-11-04 北京百度网讯科技有限公司 File upload method, file upload apparatus and system
CN105323209A (en) * 2014-06-05 2016-02-10 江苏博智软件科技有限公司 Cloud data security protection method adopting fully homomorphic encryption technology and multiple digital watermarking technology
CN106341236A (en) * 2016-09-09 2017-01-18 深圳大学 Access control method facing cloud storage service platform and system thereof
CN113067699A (en) * 2021-03-04 2021-07-02 深圳科盾量子信息科技有限公司 Data sharing method and device based on quantum key and computer equipment
CN113542187A (en) * 2020-04-13 2021-10-22 富泰华工业(深圳)有限公司 File uploading and downloading method and device, computer device and medium
CN113704221A (en) * 2021-11-01 2021-11-26 佳瑛科技有限公司 Method and system for storing electronic document based on distributed environment
CN113722695A (en) * 2021-11-02 2021-11-30 佳瑛科技有限公司 Cloud server-based financial data secure sharing method, device and system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9807073B1 (en) * 2014-09-29 2017-10-31 Amazon Technologies, Inc. Access to documents in a document management and collaboration system
JP6907491B2 (en) * 2016-09-20 2021-07-21 コニカミノルタ株式会社 Information sharing servers, information sharing systems and programs
CN111600875B (en) * 2020-05-14 2022-03-22 江苏大学 Anonymous data sharing method and system based on data source and data master hiding

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005196614A (en) * 2004-01-09 2005-07-21 Sony Corp Information processing system and information processing method
CN102014133A (en) * 2010-11-26 2011-04-13 清华大学 Method for implementing safe storage system in cloud storage environment
CN103002029A (en) * 2012-11-26 2013-03-27 北京百度网讯科技有限公司 Management method, system and client for uploaded files
CN105323209A (en) * 2014-06-05 2016-02-10 江苏博智软件科技有限公司 Cloud data security protection method adopting fully homomorphic encryption technology and multiple digital watermarking technology
CN104158827A (en) * 2014-09-04 2014-11-19 中电长城网际系统应用有限公司 Cryptograph data sharing method and device, inquiring server and data uploading client terminal
CN105025041A (en) * 2015-08-25 2015-11-04 北京百度网讯科技有限公司 File upload method, file upload apparatus and system
CN106341236A (en) * 2016-09-09 2017-01-18 深圳大学 Access control method facing cloud storage service platform and system thereof
CN113542187A (en) * 2020-04-13 2021-10-22 富泰华工业(深圳)有限公司 File uploading and downloading method and device, computer device and medium
CN113067699A (en) * 2021-03-04 2021-07-02 深圳科盾量子信息科技有限公司 Data sharing method and device based on quantum key and computer equipment
CN113704221A (en) * 2021-11-01 2021-11-26 佳瑛科技有限公司 Method and system for storing electronic document based on distributed environment
CN113722695A (en) * 2021-11-02 2021-11-30 佳瑛科技有限公司 Cloud server-based financial data secure sharing method, device and system

Also Published As

Publication number Publication date
CN114567447A (en) 2022-05-31

Similar Documents

Publication Publication Date Title
CN114567447B (en) Data sharing management method and device based on cloud server
US11223614B2 (en) Single sign on with multiple authentication factors
US11314891B2 (en) Method and system for managing access to personal data by means of a smart contract
CN109274652B (en) Identity information verification system, method and device and computer storage medium
US20230376584A1 (en) Systems and methods for device and user authorization
EP3585032B1 (en) Data security service
CN108964885B (en) Authentication method, device, system and storage medium
CN106559408B (en) SDN authentication method based on trust management
CN115701301A (en) Integration of blockchains, administrative group permissions, and access in an enterprise environment
CN109617692B (en) Anonymous login method and system based on block chain
US10929545B2 (en) System for providing access to data stored in a distributed trust computing network
CN101321064A (en) Information system access control method and apparatus based on digital certificate technique
CN113722695B (en) Cloud server-based financial data secure sharing method, device and system
CN113132362B (en) Trusted authorization method, trusted authorization device, electronic equipment and storage medium
CN110378152B (en) Contract signing management system and method based on PKICA authentication and block chain technology
WO2022151925A1 (en) Data acquisition method and apparatus, and device and storage medium
CN115842680B (en) Network identity authentication management method and system
CN112487450A (en) File server access grading method
CN108449348A (en) A kind of on-line authentication system and method for supporting user identity secret protection
CN111399980A (en) Safety authentication method, device and system for container organizer
US9118660B2 (en) Method and system for providing access to encrypted data files for multiple federated authentication providers and verified identities
CN110995661B (en) Network card platform
KR20220075723A (en) Personal authentication method and system using decentralized identifiers
KR101651563B1 (en) Using history-based authentication code management system and method thereof
CN111078649A (en) Block chain-based on-cloud file storage method and device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant