CN1889426A - Method and system for realizing network safety storaging and accessing - Google Patents
Method and system for realizing network safety storaging and accessing Download PDFInfo
- Publication number
- CN1889426A CN1889426A CN 200510080584 CN200510080584A CN1889426A CN 1889426 A CN1889426 A CN 1889426A CN 200510080584 CN200510080584 CN 200510080584 CN 200510080584 A CN200510080584 A CN 200510080584A CN 1889426 A CN1889426 A CN 1889426A
- Authority
- CN
- China
- Prior art keywords
- client
- server
- information
- key
- user identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
This invention discloses a method for realizing safe storing and access of networks, which configures a cryptographic key device in advance containing the ID information of user identities, a server end generates related file packets based on the information and stores it including the following steps: a, when the device accesses a customer end, the customer end sends the ID information in the device to the server, which verifies the user identity ID, b, the customer end maps the file packets in the server related to said user to the local customer end, c, the customer end processes the information mapped to the local customer end and transmits the processed information to the file packet in the server. This invention also discloses a system for realizing safe storage and access.
Description
Technical field
The present invention relates to the computer security technique field, relate to a kind of network security storage and method and system of visiting of realizing or rather.
Background technology
Along with continuous development, the progress of society, the competition of industry-by-industry is also fierce day by day.How in the keen competition environment, to reduce cost, increasing work efficiency becomes one of target that each enterprise pursues.
Such as, present nearly all company all needs for the employee is equipped with computer, but in fact is not that each employee needs to use a computer every day, and all the more so the sales force in company, they just get back to company once in a while and just can use a computer.In light of this situation, for the service efficiency that improves computer to reduce cost, it is that 4~5 employees are equipped with a computer that enterprise tends to.Like this, if 20 people are arranged in the company, then only need 4~5 public computers of outfit just can satisfy general office and required.
If but dispose a computer for a plurality of employees, then may occur using two or more employees of same computer all need use a computer in company, but an other situation that computer is out of use.In this case, wherein a people wants to use idle computer, then the data of oneself must be copied on this free time computer, perhaps the data of oneself are set to shared file, obvious practical operation is got up and is bothered very much, and the safety of data also can not get ensureing, such as the problem that probably can occur divulging a secret in data transmission procedure.
For this reason, many companies have set up the server that is used to store employee's data file, so that each employee can use any computer to obtain the data that self are stored on the server.But there is safety issue equally in this scheme: for general traditional data directory sharing mode, storage user data is a unencrypted on the server, the assailant can take the data original text away by attack server, thereby brings serious loss for user and company.In addition, present this mode to server the time, also may occur the problem of divulging a secret in the network transmission process by the network storage with data.
Summary of the invention
In view of this, subject matter to be solved by this invention is to provide a kind of method that realizes network security storage and visit, so that the user can pass through computer security, access server easily.
The present invention also provides a kind of network security storage and system that visits of realizing simultaneously.
For addressing the above problem, the invention provides following technical scheme:
A kind of network security storage and method of visiting of realizing of the present invention, pre-configured key device, the identification information that has user identity in the described key device, server end generates corresponding file bag according to the identification information of this user identity, and preserves described User Identity information; This method further may further comprise the steps:
A. when key device inserted client, client sent to server with the identification information of user identity in the described key device, by server the User Identity that receives is verified;
B. client will be mapped to this client with this user-dependent file bag in the server after server authentication is passed through;
C. client is handled the information in the file bag that is mapped to this client, and the information after will handling sends to the file bag in the server.
The User Identity information of preserving in the described key device is PKI.
The step that described server end generates corresponding file bag according to the identification information of user identity and preserves described User Identity information comprises: the identification information according to user identity generates corresponding file bag, be this document symmetric key that is responsible for assigning, and the file bag is encrypted with this symmetric key, be symmetric key encryption with described PKI afterwards, and preserve described file bag, user's the PKI and the symmetric key of encryption;
Among the step b, described client will be mapped to this client with user-dependent file bag and comprise: client is obtained the symmetric key of encryption from server, and obtain symmetric key before encrypting by decryption processing, download and user-dependent file bag from server afterwards, and utilizing the symmetric key that obtains that this document bag is decrypted processing, the file bag after will deciphering then is mapped to this client;
Among the step c, the file bag that the information after described client will be handled sends in the server is: client is encrypted with the symmetric key that step b is obtained the information after handling, and the information after will encrypting sends in the described file bag.
Among the described step b, the symmetric key that described client is obtained before encrypting by decryption processing is:
Client is obtained PKI from key device, and by this PKI the symmetric key of encrypting is decrypted processing;
Perhaps the symmetric key that will encrypt sends to key device, is utilized the PKI self preserved that the symmetric key of this encryption is decrypted processing by this key device.
Further there is private key in the described key device;
Among the step b, the symmetric key that described client is obtained before encrypting by decryption processing is:
Client is obtained private key from key device, and by the symmetric key decryption processing of this private key to encrypting;
Perhaps the symmetric key of encrypting is sent to key device, by described private key the symmetric key of this encryption is decrypted the symmetric key that obtains before encrypting by key device, and described symmetric key is sent to client by client.
Among the described step a, described server is verified the User Identity that receives and comprised: client sends to server with described PKI, server judges in the User Identity information of self preserving whether have this PKI, if have, then determine to verify and pass through, otherwise, determine that checking do not pass through.
Further there is private key in the described key device;
Among the step a, described server further comprised before determining that checking is passed through:
A1. server generates a long number word, with described PKI this long number word is encrypted, and the long number word after will encrypting is transferred to client;
A2. client is decrypted by the long number word of the private key in the key device after to this encryption, obtains corresponding long number word, generates the signature of this long number word with private key, afterwards this signature is sent to server;
A3. whether server is should signature correct with described public key verifications, if correct, determines that then checking passes through; Otherwise, determine that checking do not pass through.
Among the described step b, client is mapped to this client with the associated documents bag in the server and is: the associated documents bag in the server is mapped as virtual disk in this client;
Among the step c, described client is handled the information in the file bag that is mapped to this client and comprised: the driver by this virtual disk is handled described information.
Further comprise after the described step c: with after client is separated, announcement server is closed the file bag that is mapped to this client at key device.
A kind of network security storage and system that visits of realizing of the present invention, this system comprises key device, client and server, wherein,
The identification information that has user identity in the key device, the User Identity information that is used for self preserving sends to server;
Client, be used for when key device inserts, the User Identity in the described key device being verified by server, and after server authentication is passed through, to be mapped to this client with this user-dependent file bag in the server, and the information in this document bag is handled;
Server is used to preserve User Identity information, for the user distributes corresponding file bag, the User Identity information in the key device is verified, and after checking is passed through, the information in the corresponding document bag is sent to client.
Described client is further used for and will wraps in and be mapped as virtual disk or virtual directory in this client with this user-dependent file in the server;
Comprise User Identity affirmation module, access control module and network virtual driver module in the described client, wherein,
User Identity is confirmed to be used for module the User Identity of described key device is sent to server, and the authorization information returned of reception server, and authorization information is sent to access control module;
Access control module is used for receiving checking by after the information access request at virtual disk or virtual directory that receives being sent to the network virtual driver module;
The network virtual driver module is used for obtaining according to described access request the information of the corresponding document bag of server, and this information is handled accordingly.
The file bag of preserving in the described server is the file bag after encrypting;
Further comprise in the described network virtual driver module: the encryption and decryption module is used for the data of reading from virtual disk are decrypted computing, and the data that write in the virtual disk is carried out cryptographic calculation.
Comprise subscriber information storing module and User Identity authentication module in the described server, wherein,
Subscriber information storing module is used to preserve User Identity information, and distributes corresponding file bag for the user;
The User Identity authentication module is used for the User Identity information of key device is verified, authorization information is sent to client, and after checking is passed through, the information in the corresponding document bag is sent to client.
Described subscriber information storing module is further used for generating symmetric key, and with this symmetric key the file bag is encrypted, and symmetric key is sent to client;
Described client is further used for by described symmetric key the information of reading being decrypted processing from the file bag, and the information that writes in the file bag is carried out encryption.
The pre-configured key device that has User Identity information of the present invention program, server generates corresponding file bag according to this User Identity information, and preserve described User Identity information, afterwards after key device inserts client, client is verified the User Identity information in this key device by server, and the checking by after corresponding file bag is mapped to this client, client is then handled the information in this document bag according to user's demand, and the information after will handling sends in the corresponding document bag of server, realized that the user carries out read operation by different terminals to the information in the server, and because server is before supporting read operation, need verify user's key device, so fail safe is better.
And the present invention program only needs the user that key device is done once setting in server, can carry out read-write operation to the corresponding document bag in the server by any client that is connected with this server afterwards.And behind user's EO, only need extract key device, client will be closed the file of this encryption automatically, even other people login the document that also can't see this user on this PC.
In addition, the present invention program can also encrypt with symmetric key the file bag in the server, and by user's identification information symmetric key is carried out encrypted transmission, has further guaranteed the fail safe of transfer of data and access.
The key computing that the present invention program adopted can be the symmetric key computing, it also can be the unsymmetrical key computing, it can also be other key computing, and these key computings can be finished in client, also can finish in key device, promptly the present invention program provides the mode of multiple realization key computing.
Description of drawings
Fig. 1 is the present invention program's realization flow figure;
Fig. 2 is the logic realization schematic diagram of specific embodiment among the present invention program;
Fig. 3 is the present invention program's a system construction drawing.
Embodiment
The present invention program as shown in Figure 1, corresponding following steps:
There is the User Identity information that is used for identification in this key device.This identification information can be a PKI.
Be to realize encrypted transmission, can be each file symmetric key that is responsible for assigning by server, and the file bag be encrypted with this symmetric key to information in the file bag.For guaranteeing that client can be obtained symmetric key and this symmetric key can not obtained by other clients, can also carry out encryption to corresponding symmetric key with PKI, and preserve the symmetric key of this encryption.Certainly, server also can be deleted the PKI and the corresponding information of being preserved as required.
In addition, this symmetric key can also be distributed by key device, and this symmetric key is sent to server, and server then can carry out encryption to the file bag according to this symmetric key.Wherein, be to guarantee the fail safe of symmetric key, can be by key device with this symmetric key public key encryption, and encrypted symmetric key sent to server, server then is decrypted symmetric key according to this PKI.
If client just sends to server with the User Identity information such as PKI, then server can be judged the identification information that whether exists client to send in the User Identity information of self preserving, if exist, thinks that then checking passes through; Otherwise, think the checking do not pass through.
Certainly, if the User Identity information in the key device is PKI, and also preserved private key in this key device, then server can also be after determining self to have preserved this user's identification information, generate a long number word, with this PKI the long number word is encrypted, and the long number word after will encrypting is transferred to client; Client then is decrypted by the long number word of the private key in the key device after to this encryption, obtains corresponding long number word, and generates the signature of this long number word with this private key, afterwards this signature is sent to server; Server then verifies with corresponding public key whether this signature is correct, if correct, determines that then checking passes through, otherwise, determine that checking do not pass through.
If the file bag that generates in the step 102 is by symmetric key encryption, then client is when being mapped to this client with the associated documents bag in the server, also need to obtain corresponding symmetric key, by symmetric key the information in the file bag is decrypted processing afterwards, the file bag after will deciphering then is mapped to this client.Afterwards, the user can the data in this document bag be read, revise, operation such as preservation.Client computer is then encrypted amended data again with symmetric key, and sends to server.
For obtaining symmetric key, if server has been done encryption to this symmetric key, then client also needs this symmetric key is decrypted processing.If the employing symmetric encipherment algorithm, then client can be directly to obtain PKI from key device, and with this PKI this symmetric key is decrypted processing; Or the symmetric key of encrypting sent to key device, utilize the PKI of self preserving that this symmetric key is decrypted processing by key device.If the employing rivest, shamir, adelman then needs to preserve in the key device private key, client can directly be obtained private key from key device, and is decrypted processing with this private key; Perhaps this symmetric key is sent to key device, utilize the private key of self preserving that this symmetric key is decrypted processing by key device.
In this step, the file bag being mapped to client, can be to be mapped as a catalogue, also can be to be mapped as a disk.No matter be mapped as catalogue or disk, it all is virtual, also be that client reality does not exist this catalogue or disk, therefore, need obtain the information in this catalogue or the disk by the respective virtual driver in the client, also, obtain the information in the corresponding document bag in the server promptly by virtual device driver and server interaction.
To be mapped as a disk is example, the present invention program need be provided with a filter in the upper strata or the lower floor of the hard disc apparatus object of client, by this filter the original hard disc in the client is retrained, promptly judge that by this filter user's visit still is at virtual disk at original hard disc, if at virtual disk, then need to start corresponding virtual disk driver, and generate corresponding access request by this virtual disk driver, by the network service in the client this access request is mapped to the visit of the data of ad-hoc location in the specific file bag in the server afterwards.
In this step, client is read and write corresponding information, needs by corresponding Map Drivers reading writing information from server.
Can realize the safe storage and the visit of network by above-mentioned steps.
Fig. 2 is the logical schematic that the present invention is based on PKI and bag setting of private key realization user file and visit.
In addition, if key device is extracted from client, then client needs announcement server to close the file bag that it is mapped to this client.
By above description as can be seen, the pairing system of scheme provided by the invention comprises key device, client and server, as shown in Figure 3.
Wherein, need to preserve User Identity information in the key device, this User Identity information can be PKI.Can also further preserve private key in this key device, as previously mentioned, this private key is used for obtaining symmetric key by the asymmetric encryption computing, and is used for the more strict checking of server end etc.Key device can also have calculating, key systematic function etc., so this key device also needs the chip that can calculate except needing one independently the memory space.The function that key device had does not repeat them here as previously mentioned.Key device can have the USB mouth, and mutual by USB mouth and PC.
For client, normally the file of server end is wrapped in this locality and be mapped as virtual disk or virtual directory.For realizing the visit to this virtual disk or virtual directory, client need comprise User Identity affirmation module, access control module and network virtual driver module usually.Wherein, User Identity confirms that module is used for the User Identity of described key device is sent to server, and the authorization information returned of reception server, and authorization information is sent to access control module; Access control module is used to receive the access request at virtual disk, and after information is passed through in the checking that receives server end, this access request is sent to the network virtual driver module; The network virtual driver module is used for showing according to the information of described access request to the corresponding document bag of server.
Because the user need operation such as read and write to the information in virtual disk or the virtual directory usually, therefore, the network module for reading and writing can be set further in the network virtual driver module, by this module the data in the file bag in the server is read and write processing.In addition, because the file bag of preserving in the server is generally the file bag after the encryption, therefore also need the encryption and decryption module in the network virtual driver module, by this encryption and decryption module the data that the network module for reading and writing reads are decrypted processing, and the data that the network module for reading and writing writes are carried out encryption.
For server, it needs to comprise subscriber information storing module and User Identity authentication module at least, and wherein, subscriber information storing module is used to preserve User Identity information, and the file bag that distributes for this user; The User Identity authentication module is used for the User Identity information of key device is verified, and authorization information is sent to client, and after checking is passed through, the information in the corresponding document bag sent to client.For server, its can also have symmetric key systematic function, the file bag is encrypted and symmetric key is sent to client according to symmetric key, reaching with PKI is functions such as symmetric key encryption, and these functions can be arranged in the subscriber information storing module.
The above only is the present invention program's preferred embodiment, not in order to limit protection scope of the present invention.
Claims (14)
1, a kind of network security storage and method of visiting of realizing, it is characterized in that pre-configured key device has the identification information of user identity in the described key device, server end generates corresponding file bag according to the identification information of this user identity, and preserves described User Identity information; This method further may further comprise the steps:
A. when key device inserted client, client sent to server with the identification information of user identity in the described key device, by server the User Identity that receives is verified;
B. client will be mapped to this client with this user-dependent file bag in the server after server authentication is passed through;
C. client is handled the information in the file bag that is mapped to this client, and the information after will handling sends to the file bag in the server.
2, method according to claim 1 is characterized in that, the User Identity information of preserving in the described key device is PKI.
3, method according to claim 1, it is characterized in that, the step that described server end generates corresponding file bag according to the identification information of user identity and preserves described User Identity information comprises: the identification information according to user identity generates corresponding file bag, be this document symmetric key that is responsible for assigning, and the file bag is encrypted with this symmetric key, be symmetric key encryption with described PKI afterwards, and preserve described file bag, user's the PKI and the symmetric key of encryption;
Among the step b, described client will be mapped to this client with user-dependent file bag and comprise: client is obtained the symmetric key of encryption from server, and obtain symmetric key before encrypting by decryption processing, download and user-dependent file bag from server afterwards, and utilizing the symmetric key that obtains that this document bag is decrypted processing, the file bag after will deciphering then is mapped to this client;
Among the step c, the file bag that the information after described client will be handled sends in the server is: client is encrypted with the symmetric key that step b is obtained the information after handling, and the information after will encrypting sends in the described file bag.
4, method according to claim 3 is characterized in that among the described step b, and the symmetric key that described client is obtained before encrypting by decryption processing is:
Client is obtained PKI from key device, and by this PKI the symmetric key of encrypting is decrypted processing;
Perhaps the symmetric key that will encrypt sends to key device, is utilized the PKI self preserved that the symmetric key of this encryption is decrypted processing by this key device.
5, method according to claim 3 is characterized in that, further has private key in the described key device;
Among the step b, the symmetric key that described client is obtained before encrypting by decryption processing is:
Client is obtained private key from key device, and by the symmetric key decryption processing of this private key to encrypting;
Perhaps the symmetric key of encrypting is sent to key device, by described private key the symmetric key of this encryption is decrypted the symmetric key that obtains before encrypting by key device, and described symmetric key is sent to client by client.
6, method according to claim 2, it is characterized in that among the described step a, described server is verified the User Identity that receives and comprised: client sends to server with described PKI, server judges in the User Identity information of self preserving whether have this PKI, if have, determine that then checking passes through, otherwise, determine that checking do not pass through.
7, method according to claim 6 is characterized in that, further has private key in the described key device;
Among the step a, described server further comprised before determining that checking is passed through:
A1. server generates a long number word, with described PKI this long number word is encrypted, and the long number word after will encrypting is transferred to client;
A2. client is decrypted by the long number word of the private key in the key device after to this encryption, obtains corresponding long number word, generates the signature of this long number word with private key, afterwards this signature is sent to server;
A3. whether server is should signature correct with described public key verifications, if correct, determines that then checking passes through; Otherwise, determine that checking do not pass through.
8, method according to claim 1 is characterized in that among the described step b, and client is mapped to this client with the associated documents bag in the server and is: the associated documents bag in the server is mapped as virtual disk in this client;
Among the step c, described client is handled the information in the file bag that is mapped to this client and comprised: the driver by this virtual disk is handled described information.
9, method according to claim 1 is characterized in that, further comprises after the described step c: with after client is separated, announcement server is closed the file bag that is mapped to this client at key device.
10, a kind of network security storage and system that visits of realizing is characterized in that this system comprises key device, client and server, wherein,
The identification information that has user identity in the key device, the User Identity information that is used for self preserving sends to server;
Client, be used for when key device inserts, the User Identity in the described key device being verified by server, and after server authentication is passed through, to be mapped to this client with this user-dependent file bag in the server, and the information in this document bag is handled;
Server is used to preserve User Identity information, for the user distributes corresponding file bag, the User Identity information in the key device is verified, and after checking is passed through, the information in the corresponding document bag is sent to client.
11, system according to claim 10 is characterized in that, described client is further used for and will wraps in and be mapped as virtual disk or virtual directory in this client with this user-dependent file in the server;
Comprise User Identity affirmation module, access control module and network virtual driver module in the described client, wherein,
User Identity is confirmed to be used for module the User Identity of described key device is sent to server, and the authorization information returned of reception server, and authorization information is sent to access control module;
Access control module is used for receiving checking by after the information access request at virtual disk or virtual directory that receives being sent to the network virtual driver module;
The network virtual driver module is used for obtaining according to described access request the information of the corresponding document bag of server, and this information is handled accordingly.
12, system according to claim 11 is characterized in that, the file bag of preserving in the described server is the file bag after encrypting;
Further comprise in the described network virtual driver module: the encryption and decryption module is used for the data of reading from virtual disk are decrypted computing, and the data that write in the virtual disk is carried out cryptographic calculation.
13, system according to claim 10 is characterized in that, comprises subscriber information storing module and User Identity authentication module in the described server, wherein,
Subscriber information storing module is used to preserve User Identity information, and distributes corresponding file bag for the user;
The User Identity authentication module is used for the User Identity information of key device is verified, authorization information is sent to client, and after checking is passed through, the information in the corresponding document bag is sent to client.
14, system according to claim 13 is characterized in that, described subscriber information storing module is further used for generating symmetric key, and with this symmetric key the file bag is encrypted, and symmetric key is sent to client;
Described client is further used for by described symmetric key the information of reading being decrypted processing from the file bag, and the information that writes in the file bag is carried out encryption.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2005100805849A CN1889426B (en) | 2005-06-30 | 2005-06-30 | Method and system for realizing network safety storing and accessing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2005100805849A CN1889426B (en) | 2005-06-30 | 2005-06-30 | Method and system for realizing network safety storing and accessing |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1889426A true CN1889426A (en) | 2007-01-03 |
| CN1889426B CN1889426B (en) | 2010-08-25 |
Family
ID=37578687
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2005100805849A Active CN1889426B (en) | 2005-06-30 | 2005-06-30 | Method and system for realizing network safety storing and accessing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1889426B (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009152755A1 (en) * | 2008-06-16 | 2009-12-23 | 中兴通讯股份有限公司 | Method and system for generating an identity identifier of a key |
| CN102025503A (en) * | 2010-11-04 | 2011-04-20 | 北京曙光天演信息技术有限公司 | Data security implementation method in cluster environment and high-security cluster |
| WO2011085566A1 (en) * | 2010-01-15 | 2011-07-21 | 中兴通讯股份有限公司 | Method for realizing secret key mapping, authentication server, terminal and system there of |
| CN102420821A (en) * | 2011-11-28 | 2012-04-18 | 飞天诚信科技股份有限公司 | Method and system for improving transmission security of file |
| CN102761559A (en) * | 2012-08-02 | 2012-10-31 | 上海上讯信息技术有限公司 | Private data-based network security sharing method and communication terminal |
| CN102843356A (en) * | 2012-07-11 | 2012-12-26 | 深圳市紫色力腾科技发展有限公司 | Controllable exchange method for symmetric key-encrypted file |
| CN102984273A (en) * | 2012-12-13 | 2013-03-20 | 华为技术有限公司 | Encryption method, decryption method, encryption device and decryption device of virtual disk and cloud server |
| CN103279717A (en) * | 2013-06-19 | 2013-09-04 | 福建伊时代信息科技股份有限公司 | Operation method and device for documents |
| CN101753532B (en) * | 2008-11-29 | 2013-09-25 | 华为数字技术(成都)有限公司 | Method for controlling storage equipment, verifying device and storage device |
| CN103413100A (en) * | 2013-08-30 | 2013-11-27 | 国家电网公司 | File security protection system |
| CN104331375A (en) * | 2014-10-29 | 2015-02-04 | 中国建设银行股份有限公司 | Shared virtualized resource management method and shared virtualized resource management device under shared virtualized resource pool environment |
| CN104580086A (en) * | 2013-10-17 | 2015-04-29 | 腾讯科技(深圳)有限公司 | Information transmission method, client side, server and system |
| CN104618325A (en) * | 2014-12-19 | 2015-05-13 | 中国印钞造币总公司 | Secure transmission method and device for electronic label seal |
| CN108881243A (en) * | 2018-06-26 | 2018-11-23 | 晋商博创(北京)科技有限公司 | (SuSE) Linux OS login authentication method, equipment, terminal and server based on CPK |
| US10193875B2 (en) | 2014-12-19 | 2019-01-29 | Xiaomi Inc. | Method and apparatus for controlling access to surveillance video |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1338841A (en) * | 2000-08-11 | 2002-03-06 | 海南格方网络安全有限公司 | Intelligent key for security authentication of computer |
| CN1422034A (en) * | 2002-12-17 | 2003-06-04 | 胡祥义 | Utilization of symmetrical cipher for network digital signature |
| CN100426719C (en) * | 2003-09-01 | 2008-10-15 | 台均科技(深圳)有限公司 | Method of identification between user device and local client use or remote-network service |
| CN2667807Y (en) * | 2004-01-08 | 2004-12-29 | 中国工商银行 | Network bank with device for encrypting and idetificating utilizing USB key |
-
2005
- 2005-06-30 CN CN2005100805849A patent/CN1889426B/en active Active
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9713001B2 (en) | 2008-06-16 | 2017-07-18 | Zte Corporation | Method and system for generating an identifier of a key |
| US8750515B2 (en) | 2008-06-16 | 2014-06-10 | Zte Corporation | Method and system for generating an identifier of a key |
| WO2009152755A1 (en) * | 2008-06-16 | 2009-12-23 | 中兴通讯股份有限公司 | Method and system for generating an identity identifier of a key |
| CN101753532B (en) * | 2008-11-29 | 2013-09-25 | 华为数字技术(成都)有限公司 | Method for controlling storage equipment, verifying device and storage device |
| WO2011085566A1 (en) * | 2010-01-15 | 2011-07-21 | 中兴通讯股份有限公司 | Method for realizing secret key mapping, authentication server, terminal and system there of |
| CN102025503A (en) * | 2010-11-04 | 2011-04-20 | 北京曙光天演信息技术有限公司 | Data security implementation method in cluster environment and high-security cluster |
| CN102025503B (en) * | 2010-11-04 | 2014-04-16 | 曙光云计算技术有限公司 | Data security implementation method in cluster environment and high-security cluster |
| CN102420821A (en) * | 2011-11-28 | 2012-04-18 | 飞天诚信科技股份有限公司 | Method and system for improving transmission security of file |
| CN102420821B (en) * | 2011-11-28 | 2015-05-27 | 飞天诚信科技股份有限公司 | Method and system for improving transmission security of file |
| CN102843356A (en) * | 2012-07-11 | 2012-12-26 | 深圳市紫色力腾科技发展有限公司 | Controllable exchange method for symmetric key-encrypted file |
| CN102843356B (en) * | 2012-07-11 | 2015-05-13 | 深圳市紫色力腾科技发展有限公司 | Controllable exchange method for symmetric key-encrypted file |
| CN102761559B (en) * | 2012-08-02 | 2016-02-17 | 上海上讯信息技术股份有限公司 | Network security based on private data shares method and communication terminal |
| CN102761559A (en) * | 2012-08-02 | 2012-10-31 | 上海上讯信息技术有限公司 | Private data-based network security sharing method and communication terminal |
| CN102984273A (en) * | 2012-12-13 | 2013-03-20 | 华为技术有限公司 | Encryption method, decryption method, encryption device and decryption device of virtual disk and cloud server |
| CN102984273B (en) * | 2012-12-13 | 2015-01-07 | 华为技术有限公司 | Encryption method, decryption method, encryption device and decryption device of virtual disk and cloud server |
| CN103279717A (en) * | 2013-06-19 | 2013-09-04 | 福建伊时代信息科技股份有限公司 | Operation method and device for documents |
| CN103413100A (en) * | 2013-08-30 | 2013-11-27 | 国家电网公司 | File security protection system |
| CN103413100B (en) * | 2013-08-30 | 2016-09-07 | 国家电网公司 | File security protection system |
| CN104580086A (en) * | 2013-10-17 | 2015-04-29 | 腾讯科技(深圳)有限公司 | Information transmission method, client side, server and system |
| CN104331375A (en) * | 2014-10-29 | 2015-02-04 | 中国建设银行股份有限公司 | Shared virtualized resource management method and shared virtualized resource management device under shared virtualized resource pool environment |
| CN104618325A (en) * | 2014-12-19 | 2015-05-13 | 中国印钞造币总公司 | Secure transmission method and device for electronic label seal |
| US10193875B2 (en) | 2014-12-19 | 2019-01-29 | Xiaomi Inc. | Method and apparatus for controlling access to surveillance video |
| CN108881243A (en) * | 2018-06-26 | 2018-11-23 | 晋商博创(北京)科技有限公司 | (SuSE) Linux OS login authentication method, equipment, terminal and server based on CPK |
| WO2020001455A1 (en) * | 2018-06-26 | 2020-01-02 | 晋商博创(北京)科技有限公司 | Cpk-based linux operating system login authentication method, device, terminal and server |
| CN108881243B (en) * | 2018-06-26 | 2021-02-23 | 晋商博创(北京)科技有限公司 | Linux operating system login authentication method, equipment, terminal and server based on CPK |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1889426B (en) | 2010-08-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1889426A (en) | Method and system for realizing network safety storaging and accessing | |
| JP7312892B2 (en) | Encrypted asset encryption key parts that allow assembly of asset encryption keys using a subset of encrypted asset encryption key parts | |
| US11270006B2 (en) | Intelligent storage devices with cryptographic functionality | |
| CN106063185B (en) | Method and apparatus for safely shared data | |
| EP3011429B1 (en) | Multiple authority data security and access | |
| US8462955B2 (en) | Key protectors based on online keys | |
| CN104205123B (en) | Systems and methods for secure third-party data storage | |
| US20130185569A1 (en) | Data protection system and method based on cloud storage | |
| US10503917B2 (en) | Performing operations on intelligent storage with hardened interfaces | |
| CN1675878A (en) | Mobile network authentication for protecting stored content | |
| US20130173916A1 (en) | Secure storage system for distributed data | |
| CN1171015A (en) | Conditional access system and smartcard allowing such access | |
| CN109558340B (en) | Secure solid-state disk encryption system and method based on trusted authentication | |
| EP3296912B1 (en) | Memory system and binding method between the same and host | |
| CN1866224A (en) | Mobile memory device and method for accessing encrypted data in mobile memory device | |
| CN1977490A (en) | Storage medium processing method, storage medium processing apparatus, and program | |
| CN1592877A (en) | Method and device for encryption/decryption of data on mass storage device | |
| WO2013100905A1 (en) | Method and system for distributed off-line logon using one-time passwords | |
| CN1991799A (en) | Safety memory device and data management method | |
| US20100241852A1 (en) | Methods for Producing Products with Certificates and Keys | |
| CN1881924A (en) | Group communication safety distribution media recording and retaking method and device | |
| US20140090016A1 (en) | Shared secret identification for secure communication | |
| CN1723650A (en) | Pre-licensing of rights management protected content | |
| US20120284534A1 (en) | Memory Device and Method for Accessing the Same | |
| US9356782B2 (en) | Block encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |