WO2018086120A1 - Procédé d'accès à un fichier sécurisé, appareil terminal et dispositif de stockage dédié - Google Patents

Procédé d'accès à un fichier sécurisé, appareil terminal et dispositif de stockage dédié Download PDF

Info

Publication number
WO2018086120A1
WO2018086120A1 PCT/CN2016/105723 CN2016105723W WO2018086120A1 WO 2018086120 A1 WO2018086120 A1 WO 2018086120A1 CN 2016105723 W CN2016105723 W CN 2016105723W WO 2018086120 A1 WO2018086120 A1 WO 2018086120A1
Authority
WO
WIPO (PCT)
Prior art keywords
files
split
file
module
terminal device
Prior art date
Application number
PCT/CN2016/105723
Other languages
English (en)
Chinese (zh)
Inventor
林信南
李大刚
魏益群
吴大畏
陈小刚
宋志棠
朱晓阳
张鹏程
孙巍
Original Assignee
北京大学深圳研究生院
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京大学深圳研究生院 filed Critical 北京大学深圳研究生院
Priority to CN201680012948.6A priority Critical patent/CN107438848A/zh
Priority to PCT/CN2016/105723 priority patent/WO2018086120A1/fr
Publication of WO2018086120A1 publication Critical patent/WO2018086120A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/172Caching, prefetching or hoarding of files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Definitions

  • the present invention relates to the field of file security management, and in particular, to a file security access method, a terminal device, and a dedicated storage device.
  • embodiments of the present invention are expected to provide a file security access method, a terminal device, and a dedicated storage device.
  • an embodiment provides a file security storage method, including:
  • the terminal device splits the source file to be uploaded into multiple first-level split files according to a preset splitting algorithm; [0013] the terminal device uploads a part of the multiple first-level split files to the cloud storage The server, another part is used to send to the dedicated storage device;
  • the terminal device receives the multiple secondary split files sent by the dedicated storage device and uploads to the cloud storage server, where the multiple secondary split files are all received by the dedicated storage device according to the splitting algorithm.
  • the first-level split files are separately generated after the split.
  • an embodiment provides a file security storage method, including:
  • the dedicated storage device receives the first-level split files sent by the terminal device, and the first-level split files are part of the split files obtained by the terminal device after the source files to be uploaded according to the preset splitting algorithm. , another part of the split file is uploaded to the cloud storage server;
  • the dedicated storage device separately splits all the received first-level split files according to the preset splitting algorithm, and generates a plurality of second-level split files;
  • the dedicated storage device sends all the generated secondary split files to the terminal device, and the secondary split files are used to be uploaded to the cloud storage server by the terminal device.
  • the preset splitting algorithm includes an encryption algorithm
  • the encryption algorithm includes:
  • the generated M sequence is logically added to the data in the file to be split.
  • the preset splitting algorithm includes:
  • an embodiment provides a file security reading method, including:
  • the terminal device acquires, from the cloud storage server, all the first-level split files and all the second-level split files that constitute the source file to be downloaded;
  • the terminal device sends the all the second-level split files to the dedicated storage device, where all the second-level split files are used by the dedicated storage device to merge according to the preset merge algorithm to generate a plurality of first-level split files; 0028] the terminal device receives all the first-level split files sent by the dedicated storage device;
  • the terminal device combines all the first-level split files obtained from the dedicated storage device with all the first-level split files acquired from the cloud storage server according to a preset merge algorithm to generate a source file.
  • an embodiment provides a file security reading method, including:
  • the dedicated storage device receives all the secondary split files that the terminal device obtains from the cloud storage server and constitutes the source file to be downloaded;
  • the dedicated storage device combines all the secondary split files according to a preset merge algorithm to generate several levels. Demolition of documents;
  • the dedicated storage device sends all the generated first-level split files to the terminal device, and the first-level split files are used by the terminal device to be acquired by the terminal device from the cloud storage server according to a preset merge algorithm. All the first-level split files of the source file to be downloaded are merged to generate the source file.
  • the preset combining algorithm includes:
  • the files to be merged are combined into a file according to the corresponding corresponding random extraction location information.
  • the preset merging algorithm further includes: a decryption algorithm, where the decryption algorithm includes: [0038] extracting secret key information;
  • the data of the file to be decrypted is logically subtracted according to the secret key information.
  • an embodiment provides a terminal device, where the terminal device includes: a splitting module, a first sending module, a first receiving module, and a first uploading module;
  • the splitting module is configured to split the source file to be uploaded into multiple first-level split files according to a preset splitting algorithm
  • the first uploading module is configured to upload a part of the plurality of first-level split files to a cloud storage server, where the first sending module is configured to send another part to a dedicated storage device;
  • the first receiving module is configured to receive multiple secondary split files sent by the dedicated storage device
  • the first uploading module is further configured to upload, by the first receiving module, the plurality of second-level split files received from the dedicated storage device to the cloud storage server, where the multiple secondary split files are dedicated
  • the storage device separately separates the received first-level split files according to the splitting algorithm.
  • an embodiment provides a dedicated storage device, where the device includes: a second receiving module, a splitting module, and a second sending module;
  • the second receiving module is configured to receive a plurality of first-level split files sent by the terminal device, where the first-level split files are obtained by splitting the source files to be uploaded by the terminal device according to the preset splitting algorithm. After the split file, another part of the split file is uploaded to the cloud storage server;
  • the splitting module is configured to separately split all the received first-level split files according to a preset splitting algorithm, and generate multiple secondary split files;
  • the second sending module is configured to send all the secondary split files generated after the splitting module is split to the terminal Devices, these secondary split files are used to be uploaded to the cloud storage server by the terminal device.
  • the branching module includes an encryption module
  • the encryption module includes:
  • a first M sequence generator for generating an M sequence
  • a Luo Jijia operation module which is used for logically adding the generated M sequence and the data in the file to be split
  • the analyzing module further includes:
  • a second M sequence generator configured to generate a plurality of randomly extracted location information
  • the extraction splitting module is configured to generate a plurality of split files by extracting data in the corresponding locations from the plurality of randomly extracted location information.
  • an embodiment provides a terminal device, where the terminal device includes: an acquiring module, a third sending module, a third receiving module, and a merging module;
  • the obtaining module is configured to acquire, from the cloud storage server, all the first-level split files and all the second-level split files that constitute the source file to be downloaded;
  • the third sending module is configured to send all the second-level split files to the dedicated storage device, where all the second-level split files are used by the dedicated storage device to merge according to a preset merge algorithm to generate a plurality of Level split file;
  • the third receiving module is configured to receive all the first-level split files sent by the dedicated storage device
  • the merging module is configured to combine the first tier split files obtained from the dedicated storage device with all the tiered split files obtained from the cloud storage server according to a preset merging algorithm to generate a source file.
  • an embodiment provides a dedicated storage device, where the device includes: a fourth receiving module, a merging module, and a fourth sending module;
  • the fourth receiving module is configured to receive all secondary split files that are obtained by the terminal device from the cloud storage server and constitute a source file to be downloaded;
  • the merging module is configured to combine all the second-level split files according to a preset merging algorithm to generate a plurality of first-level split files;
  • the fourth sending module is configured to send the generated first-level split files to the terminal device, where the first-level split files are used by the terminal device to store the same from the cloud device by the terminal device according to a preset merge algorithm. All the first-level split files that are obtained by the server and compose the source files to be downloaded are merged to generate the source files.
  • the merging module includes:
  • a location extraction module configured to separately extract random extraction location information of all files to be merged
  • the extraction synthesis module is configured to merge the files to be merged into files according to respective corresponding random extraction location information.
  • the merging module further includes a decryption module, where the decryption module includes:
  • a key extraction module configured to extract key information
  • the subtraction operation module is configured to perform logical subtraction on the data of the file to be decrypted according to the secret key information.
  • the embodiment of the present invention has at least the following advantages:
  • the source file is split into a plurality of first-level split files on the terminal device side by the two-stage splitting process of the source file, and then the terminal is The device sends some of the first-level split files to the dedicated storage device.
  • This part of the split-level file is used for the second split on the dedicated storage device side, that is, the first-level split will be split by the dedicated storage device.
  • the file is split into multiple secondary split files.
  • the file security access method provided by the embodiment of the invention performs two-level splitting in the storage process, so that the incompleteness of the source file is fully ensured, thereby ensuring the recovery of the source file, thereby ensuring the source.
  • the security of the file in the cloud storage server is performed by the cloud storage server.
  • FIG. 2 is a flow chart of an embodiment of a secure storage method of a file in accordance with an embodiment of the present invention
  • FIG. 3 is a flow chart of a method for securely storing a file according to the present invention in a second embodiment
  • FIG. 4 is a flow chart of an embodiment of the file security reading method of the present invention in an embodiment
  • FIG. 5 is a flow chart of a second embodiment of the secure reading method of the present invention.
  • FIG. 6 is a basic structural diagram of a terminal device of the present invention in an embodiment
  • FIG. 7 is a basic structural diagram of a dedicated storage device of the present invention in an embodiment
  • FIG. 8 is a basic structural diagram of a terminal device of the present invention in a second embodiment
  • FIG. 9 is a basic structural diagram of a dedicated storage device of the present invention in a second embodiment
  • 10 is a flowchart of a third embodiment of a secure storage method of the present invention
  • 11 is a flowchart of a third embodiment of the secure reading method of the present invention
  • FIG. 12 is a flow chart showing an example of a secure storage method of a file in accordance with an embodiment of the present invention.
  • FIG. 13 is a flowchart showing an example of a first splitting algorithm in an embodiment of the secure storage method of the present invention in an embodiment
  • FIG. 14 is an exemplary flow chart of a second splitting algorithm in an embodiment of the secure storage method of the present invention in an embodiment
  • FIG. 15 is a flow chart showing an example of a file security reading method of the present invention in an embodiment
  • 16 is a flowchart showing an example of a first merging algorithm in an embodiment of the file security reading method of the present invention.
  • 17 is a flow chart showing an example of a second merging algorithm in an embodiment of the file security reading method of the present invention.
  • the inventive concept of the present application is as follows: Referring to FIG. 1 (a) and (b), a file security access system architecture and a processing flowchart are implemented according to the inventive concept.
  • the core device or device of the present invention is a local terminal and a key disk having an encrypted file split/merge function.
  • the file security storage process is shown in Figure 1 (a).
  • the local terminal uses its processing capability to execute the file splitting algorithm, splitting the local file F into F1 and F2, and also local files during the process of splitting the local file.
  • F encrypts, stores the file encryption information into the key disk in the anti-crack key information storage, and uses the file related information (used to distinguish different files and realize secure storage operation of multiple files) to store the key disk storage space through the file management system.
  • FIG. 1(b) The file security reading system architecture and processing flow implemented in accordance with the inventive concept are as shown in FIG. 1(b).
  • the file management system After the user inserts the key disk in the local terminal, the file management system identifies which file needs to be read, determines to read F ⁇ , reads F21, F22, and Fl from the cloud respectively, and transfers F22 to the key disk, ke y
  • the disk reads the random sequence in the key information memory, and merges into F2 through the key disk file merging algorithm.
  • the F2 is transmitted to the local terminal, and the F1 and F2 are merged into the complete file F by the local terminal file merging algorithm, and the cloud file reading process is completed.
  • the file security storage and reading process needs to perform data splitting and merging operations on the key disk and the local terminal respectively, and the local terminal can use the processing capability of the local terminal on the local terminal, and the above algorithm needs to be utilized on the key disk.
  • the embedded system implements the algorithm and implements the storage management function of the encrypted information.
  • FIG. 2 a flow chart of steps of a file security storage method according to the present invention is shown, which may specifically include
  • Step 201 The terminal device splits the source file to be uploaded into multiple first-level split files according to a preset splitting algorithm.
  • the terminal device may refer to any device with data processing capability such as a PC, a server, a tablet, and a smart phone.
  • the terminal device may directly extract the source file locally, or may obtain the source file from other devices.
  • the preset splitting algorithm includes an encryption algorithm, that is, the source file is also split during the process of splitting the source file according to the preset splitting algorithm. Encrypt. Specifically, the source file is encrypted, and any encryption algorithm may be used as needed, and no limitation is imposed here.
  • the encryption algorithm includes:
  • the generated M sequence is logically added to the data in the file to be split.
  • the terminal device may set the length of the M sequence generated by the M sequence generator.
  • the security of the source file can be further ensured by encrypting the source file during the process of splitting the source file.
  • the preset splitting algorithm includes:
  • the terminal device may select any algorithm that can be used to split the source file as a preset splitting algorithm, and the purpose is to split the file to be split into multiple points by using a preset splitting algorithm. Unpack the files to ensure that the information of each split file is not complete.
  • the multiple random extraction locations need to be able to include all the extractable locations in the source file, so that the plurality of randomly extracted locations are respectively extracted.
  • the split files can include all the data that makes up the source file.
  • the foregoing solution further includes: the terminal device saves the plurality of randomly extracted location information locally, and establishes an association relationship between the plurality of randomly extracted location information and the corresponding split files.
  • Step 202 The terminal device uploads a part of the multiple first-level split files to the cloud storage server, and another part is used to send to the dedicated storage device.
  • Step 203 The terminal device receives the multiple secondary split files sent by the dedicated storage device and uploads to the cloud storage server, where the multiple secondary split files are dedicated storage devices and receive according to the splitting algorithm. All the first-level split files to be sent are separately generated after the split.
  • the terminal device uploads a partial split file obtained by itself and a secondary split file received from the dedicated storage device to the cloud storage server, and the cloud The storage server authenticates the terminal device. After the terminal device authentication and authentication is passed, the terminal device is allowed to upload a file to the meta storage server.
  • the two-stage splitting process of the source file is completed by the above steps, that is, the source file is split into multiple first-level split files on the terminal device side; after that, the terminal device splits the partial-level split file. Sended to the dedicated storage device, this part of the split file is used for the second split on the dedicated storage device side, that is, the partial split file is split into the secondary split file. Therefore, the two-stage splitting can fully guarantee the incompleteness of the source file and ensure the recovery of the source file, thus ensuring the security of the source file in the cloud storage server.
  • Step 301 The dedicated storage device receives a plurality of first-level split files sent by the terminal device, and the first level Minute
  • the split file is a part of the split file obtained after the terminal device splits the source file to be uploaded according to the preset splitting algorithm, and the other part of the split file is uploaded to the cloud storage server;
  • the dedicated storage device refers to a storage device that can be connected to the terminal device and has data processing capability, for example, a KEY disk or the like.
  • Step 302 The dedicated storage device separately splits all the received primary split files according to the preset splitting algorithm, and generates multiple secondary split files.
  • the preset splitting algorithm includes an encryption algorithm, that is, a process of splitting the file to be split according to a preset splitting algorithm is also treated. Unpack the file for encryption
  • any encryption algorithm may be used as needed, and no limitation is imposed here.
  • the encryption algorithm includes:
  • the generated M sequence is logically added to the data in the file to be split.
  • the dedicated storage device can set the length of the M sequence generated by the M sequence generator.
  • the security of the source file can be further ensured by encrypting the file to be split during the process of splitting the file to be split.
  • the preset splitting algorithm includes:
  • the dedicated storage device may select any algorithm that can be used for splitting the file to be split as a preset splitting algorithm, and the purpose is to split the file to be split into multiple pieces by using a preset splitting algorithm. Split files to ensure that the information of each split file is not complete.
  • the multiple random extraction locations need to be able to include all the extractable locations in the file to be split, so that the multiple extracted locations are respectively extracted.
  • the obtained plurality of split files can include all the data constituting the files to be split.
  • the above solution further includes: the dedicated storage device saves a plurality of randomly extracted location information locally, and Establishing an association relationship between a plurality of randomly extracted location information and their respective corresponding split files.
  • Step 303 The dedicated storage device sends all the generated secondary split files to the terminal device, where the secondary split files are used to be uploaded by the terminal device to the cloud storage server.
  • the dedicated storage device may actively send the generated secondary split file to the terminal device after all the secondary split files are generated, or send all generated secondary split files according to the request of the terminal device. To the terminal device.
  • FIG. 4 a flow chart of steps of a file security reading method according to the present invention is shown, which may specifically include
  • Step 401 The terminal device acquires, from the cloud storage server, all the first-level split files and all the second-level split files that constitute the source file to be downloaded.
  • the cloud storage server may perform authentication and authentication on the terminal device, where the terminal device After the authentication is passed, the terminal device is allowed to obtain files from the cloud storage server.
  • the source file is the final file that needs to be read.
  • the terminal device directly acquires all the first-level split files and the second-level split files that make up the source file from the cloud storage server.
  • Step 402 The terminal device sends the all the second-level split files to the dedicated storage device, where all the second-level split files are used by the dedicated storage device to merge according to the preset merge algorithm to generate a first-level split.
  • Step 403 The terminal device receives all the first-level split files sent by the dedicated storage device.
  • Step 404 The terminal device combines all the first-level split files obtained from the dedicated storage device with all the first-level split files obtained from the cloud storage server according to a preset merge algorithm to generate a source file.
  • the preset combining algorithm includes:
  • the files to be merged are combined into a file according to the corresponding corresponding random extraction location information.
  • the preset merging algorithm further includes: a decryption algorithm, where the decryption algorithm includes:
  • the data of the file to be decrypted is logically subtracted according to the secret key information.
  • FIG. 5 a flow chart of steps of a file security reading method according to the present invention is shown, which may specifically include
  • Step 501 The dedicated storage device receives all the secondary split files that are obtained by the terminal device from the cloud storage server and that constitute the source file to be downloaded.
  • Step 502 The dedicated storage device combines all the secondary split files according to a preset merge algorithm to generate a plurality of first-level split files;
  • the preset combining algorithm includes:
  • the files to be merged are combined into a file according to the corresponding corresponding random extraction location information.
  • the preset merging algorithm further includes: a decryption algorithm, where the decryption algorithm includes:
  • the files to be merged are combined into a file according to the corresponding corresponding random extraction location information.
  • Step 503 The dedicated storage device sends all the generated first-level split files to the terminal device, where the first-level split files are used by the terminal device according to a preset merge algorithm to be used by the terminal device from the cloud storage server.
  • the acquired first-level split files that make up the source files to be downloaded are merged to generate the source files.
  • the terminal device includes: a splitting module 61, a first sending module 62, a first receiving module 63, and a first uploading module 64. ; among them,
  • the splitting module 61 is configured to split the source file to be uploaded into multiple first-level split files according to a preset splitting algorithm
  • the first uploading module 564 is configured to upload a part of the plurality of first-level split files to a cloud storage server, where the first sending module 62 is configured to send another part to a dedicated storage device;
  • the first receiving module 63 is configured to receive multiple secondary split files sent by the dedicated storage device
  • the first uploading module 64 is further configured to upload, by the first receiving module 63, the plurality of second-level split files received from the dedicated storage device to the cloud storage server, where the multiple secondary split files A file generated by the dedicated storage device separately splitting all the received first-level split files according to the splitting algorithm
  • the distribution module 61 includes an encryption module, and the encryption module includes:
  • a first M sequence generator configured to generate an M sequence
  • the Luo added operation module is configured to perform logical addition operation on the generated M sequence and the data in the file to be split.
  • the analyzing module 61 further includes:
  • a second M sequence generator configured to generate a plurality of randomly extracted location information
  • the extraction splitting module is configured to generate a plurality of split files by extracting data in the corresponding locations from the plurality of randomly extracted location information.
  • the foregoing splitting module 61, the first sending module 62, the first receiving module 63, and the first uploading module 64 may all be configured by a central processing unit (CPU) in the terminal device.
  • CPU central processing unit
  • Microprocessor MPU, Micro Processing Unit
  • DSP Digital Signal Processor
  • FPGA Field-Programmable Gate Array
  • FIG. 7 is a structural block diagram of an embodiment of a dedicated storage device according to the present invention.
  • the dedicated storage device includes: a second receiving module 71, a splitting module 72, and a second sending module 73;
  • the second receiving module 71 is configured to receive the first-level split files sent by the terminal device, where the first-level split files are obtained after the terminal device splits the source files to be uploaded according to the preset splitting algorithm. Part of the split file, another part of the split file is uploaded to the cloud storage server;
  • the splitting module 72 is configured to separately split all the received first-level split files according to a preset splitting algorithm, and generate multiple secondary split files;
  • the second sending module 73 is configured to send all the secondary split files generated after the splitting module is split to the terminal device, where the secondary split files are used to be uploaded by the terminal device to the cloud storage server.
  • the distribution module 72 includes an encryption module, and the encryption module includes:
  • a first M sequence generator for generating an M sequence
  • the Luo Jijia operation module is configured to perform logical addition operation on the generated M sequence and the data in the file to be split.
  • the analyzing module 72 further includes:
  • a second M sequence generator configured to generate a plurality of randomly extracted location information
  • the extracting and splitting module is configured to generate a plurality of split files by extracting data on the corresponding locations in the files to be split according to the plurality of randomly extracted location information.
  • the foregoing second receiving module 71, the splitting module 72, and the second sending module 73 may be implemented by a CPU, an MPU, a DSP, or an FPGA in a dedicated storage device.
  • the terminal device includes: an obtaining module 81, a third sending module 82, a third receiving module 83, and a merging module 84; [0198]
  • the obtaining module 81 is configured to acquire, from the cloud storage server, all the first-level split files and all the second-level split files that constitute the source file to be downloaded;
  • the third sending module 82 is configured to send all the secondary split files to the dedicated storage device, where all the secondary split files are used by the dedicated storage device to merge according to a preset merge algorithm.
  • the third receiving module 83 is configured to receive all the first-level split files sent by the dedicated storage device;
  • the merging module 84 is configured to combine all the tiered split files obtained from the dedicated storage device with all the tiered split files acquired from the cloud storage server according to a preset merging algorithm to generate a source file.
  • the merging module 84 includes:
  • a location extraction module configured to separately extract random extraction location information of all files to be merged
  • the extraction synthesis module is configured to merge the files to be merged into files according to respective corresponding random extraction location information.
  • the merging module 84 further includes a decryption module, where the decryption module includes:
  • a key extraction module configured to extract key information
  • the algorithm is used for performing a logical subtraction on the data of the file to be decrypted according to the key information.
  • the foregoing obtaining module 81, the third sending module 82, the third receiving module 83, and the combining module 84 may all be implemented by a CPU, an MPU, a DSP, or an FPGA in the terminal device.
  • FIG. 9 is a structural block diagram of an embodiment of a dedicated storage device according to the present invention.
  • the dedicated storage device includes: a fourth receiving module 91, a merging module 92, and a fourth sending module 93;
  • the fourth receiving module 91 is configured to receive all secondary split files that are obtained by the terminal device from the cloud storage server and that constitute the source file to be downloaded;
  • the merging module 92 is configured to combine all the second-level split files according to a preset merging algorithm to generate a first-level split file
  • the fourth sending module 93 is configured to send the generated first-level split files to the terminal device, where the first-level split files are used by the terminal device to follow the preset merge algorithm from the cloud device by the terminal device. All the first-level split files that are obtained in the storage server and constitute the source files to be downloaded are merged to generate the source files.
  • the merging module 92 includes a location extraction module, configured to separately extract random extraction location information of all files to be merged;
  • the extraction synthesis module is configured to merge the files to be merged into files according to respective corresponding random extraction location information.
  • the merging module 92 further includes a decryption module, where the decryption module includes:
  • a key extraction module configured to extract key information
  • the algorithm is used for performing a logical subtraction on the data of the file to be decrypted according to the key information.
  • the fourth receiving module 91, the merging module 92, and the fourth sending module 93 may be implemented by a CPU, an MPU, a DSP, or an FPGA in a dedicated storage device.
  • FIG. 10 a flow chart of steps of a file security storage method according to the present invention is shown, which may specifically include
  • Step 1001 The terminal device splits the source file to be uploaded into multiple first-level split files according to a preset splitting algorithm.
  • the preset splitting algorithm includes an encryption algorithm, and the encryption algorithm may adopt any algorithm capable of data encryption, and the preset splitting algorithm may adopt any algorithm capable of performing file splitting. There are no restrictions here.
  • the encryption algorithm includes:
  • the generated M sequence is logically added to the data in the file to be split.
  • the preset splitting algorithm comprises:
  • Step 1002 The terminal device uploads a part of the multiple primary split files to the cloud storage server.
  • Another part is used to send to a dedicated storage device
  • Step 1003 The dedicated storage device receives the first-level split files sent by the terminal device.
  • Step 1004 The dedicated storage device separately splits all the received first-level split files according to the preset splitting algorithm, and generates multiple secondary split files.
  • Step 1005 The dedicated storage device sends all the generated secondary split files to the terminal device.
  • Step 1006 The terminal device receives the multiple secondary split files sent by the dedicated storage device and uploads them to the cloud storage server.
  • FIG. 11 a flow chart of steps of a file security reading method according to the present invention is shown, which may specifically include
  • Step 1101 The terminal device acquires, from the cloud storage server, all the first-level split files and all the second-level split files that constitute the source file to be downloaded.
  • Step 1102 The terminal device sends the all secondary split files to the dedicated storage device.
  • Step 1103 The dedicated storage device receives all the secondary split files that the terminal device obtains from the cloud storage server and that constitute the source file to be downloaded.
  • Step 1104 The dedicated storage device combines all the secondary split files according to a preset merge algorithm to generate a plurality of first-level split files;
  • the preset merging algorithm may adopt any algorithm that can perform file merging, and is not limited herein.
  • the preset combining algorithm includes:
  • the files to be merged are combined into a file according to the corresponding corresponding random extraction location information.
  • the preset merging algorithm further includes: a decryption algorithm, where the decryption algorithm corresponds to an encryption algorithm used by the file.
  • the decryption algorithm includes:
  • the data of the file to be decrypted is logically subtracted according to the secret key information.
  • Step 1105 The dedicated storage device sends all the generated primary split files to the terminal device.
  • Step 1106 The terminal device receives all the first-level split files sent by the dedicated storage device.
  • Step 1107 The terminal device obtains all the first-level points that will be obtained from the dedicated storage device according to a preset merge algorithm.
  • the split file is merged with all the first-level split files obtained from the cloud storage server to generate the source file.
  • Step 1201 The terminal device extracts a source file
  • the terminal device may refer to any device with data processing capability such as a PC, a server, a tablet, and a smart phone.
  • the terminal device may directly extract the source file locally, or may obtain the source file from other devices.
  • Step 1202 The terminal device splits the source file into a first split file and a second split file according to a preset splitting algorithm.
  • the preset splitting algorithm includes: an encryption algorithm.
  • the terminal device encrypts the source file according to the encryption algorithm, including:
  • the terminal device invokes an M sequence generator to generate an M sequence
  • the generated M sequence is logically added to the data in the source file to generate an encrypted source file.
  • the terminal device can set the length of the M sequence generated by the M sequence generator.
  • the terminal device splits the source file according to the preset splitting algorithm, including:
  • the terminal device invokes the M sequence generator generator to generate first random extraction location information for the first split file and second random extraction location information for the second split file.
  • S1302. Generate a first split file by extracting data in the corresponding location from the source file according to the first randomly extracted location information.
  • step S1302 of generating the first split file and the step S1303 of generating the second split file are not sequentially limited. In actual operation, any swap order or two may be needed according to requirements. The steps are performed in the same way.
  • the first random extraction location and the second extraction location together can include all of the extractable locations in the source file.
  • the foregoing solution further includes: the terminal device saves the first extracted location information and the second extracted location information locally, and establishes an association relationship between the first extracted location information and the first split file and the second extracted location information. The association with the second split file.
  • Step 1203 The terminal device sends the second split file to the dedicated storage device, and uploads the first split file to the cloud storage server.
  • Step 1204 The dedicated storage device splits the received second split file according to a preset splitting algorithm.
  • the dedicated storage device splits the received second split file according to a preset splitting algorithm.
  • the dedicated storage device splits the second split file according to the preset splitting algorithm, and obtains the third split file and the fourth split file, including:
  • the dedicated storage device invokes the M sequence generator generator to generate third random extraction location information for the third split file and fourth random extraction location information for the fourth split file;
  • S1402. Generate a third split file by extracting data in the corresponding location in the second split file according to the third randomly extracted location information.
  • step S1402 of generating the third split file and the step S1403 of generating the fourth split file are not sequentially limited. In actual operation, any swap order or two may be needed according to requirements. The steps are performed in the same way.
  • the third random extraction location and the fourth extraction location together can include all the extractable locations in the source file.
  • the above solution further includes: the dedicated storage device sets the third extracted location information and the fourth extracted location information The information is stored locally, and the association relationship between the third extracted location information and the third split file and the association relationship between the fourth extracted location information and the fourth split file are established.
  • Step 1205 The dedicated storage device sends the obtained third split file and the fourth split file to the terminal device.
  • the dedicated storage device may actively send the generated third split file and the fourth split file to the terminal device after the third split file and the fourth split file are generated, or may be configured by the terminal device.
  • the request sends the generated third split file and the fourth split file to the terminal device.
  • Step 1206 The terminal device uploads the received third split file and the fourth split file to the cloud storage server.
  • the cloud storage server performs authentication and authentication on the terminal device. After the terminal device authentication and authentication is passed, the terminal device is allowed to upload a file to the meta storage server.
  • the two-stage splitting process of the source file is completed, that is, the source file is split into the first split file and the second split file on the terminal device side (this first split file and The second split file is the first-level split file); after that, the terminal device sends the second split file to the dedicated storage device, and on the dedicated storage device side, splits the second split file into the third split.
  • the file and the fourth split file (this third split file and the fourth split file are the second split files).
  • the application example 2 corresponds to the application example 1, that is, the source file read in the file security reading method provided by the application example 2 is a split source file for the application example.
  • FIG. 15 a flow chart of steps of a file security reading method according to the present invention is shown, which may specifically include
  • Step 1501 The terminal device acquires, from the cloud storage server, a first split file, a third split file, and a fourth split file that form a source file.
  • the terminal device acquires the first split file, the third split file, and the fourth point from the cloud storage server. Before the file is removed, the cloud storage server can authenticate the terminal device. After the terminal device authentication is passed, the terminal device is allowed to obtain the file from the cloud storage server.
  • the terminal device directly acquires the first split file that constitutes the source file from the cloud storage server.
  • Step 1502 The terminal device sends the third split file and the fourth split file to a dedicated storage device
  • the terminal device sends the third split file and the fourth split file acquired from the cloud storage server to the dedicated storage device.
  • Step 1503 The dedicated storage device combines the third split file and the fourth split file according to a preset merge algorithm to generate a second split file.
  • the dedicated storage device combines the third split file and the fourth split file according to a preset merge algorithm to generate a second split file, including:
  • S1601 the dedicated storage device locally extracts the third extracted location information and the fourth extracted location information;
  • S1602 sequentially determining, according to the third extracted location information, a location of each data in the third split file, and according to The fourth extracted location information sequentially determines the location of each data in the fourth split file;
  • the method further includes: the dedicated storage device decrypting the second split file.
  • the dedicated storage device decrypts the second split file by:
  • the dedicated storage device extracts the secret key information, and the secret key information corresponds to the second split file; after that, the extracted secret key information and the data in the second split file are logically subtracted.
  • Step 1504 The dedicated storage device sends the restored second split file to the terminal device.
  • the restored second split file is sent to the terminal device.
  • Step 1505 The terminal device combines the second split file with the first split file acquired from the cloud storage server according to the second merge algorithm to generate a source file.
  • the terminal device merges the second split file with the first split file acquired from the cloud storage server according to the second merge algorithm.
  • the terminal device extracts first extracted location information and second extracted location information from the local device.
  • S1702 sequentially determining, according to the first extracted location information, a location of each data in the first split file, and sequentially determining, according to the second extracted location information, a location of each data in the second split file;
  • S1703 Restore the source file according to the location of each data.
  • the source file is generated.
  • the method further includes: the terminal device decrypting the source file generated after the combination.
  • the terminal device decrypts the source file by:
  • embodiments of the embodiments of the invention may be provided as a method, apparatus, or computer program product.
  • embodiments of the invention may be in the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware.
  • embodiments of the invention may take the form of a computer program product embodied on one or more computer usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
  • Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of a method, a terminal device (system), and a computer program product according to an embodiment of the present invention. It will be understood that each flow and/or block of the flowchart and/or block diagrams, and combinations of flow and / or blocks in the flowcharts and / or block diagrams can be implemented by computer program instructions.
  • the computer program instructions can be provided to a processor of a general purpose computer, a special purpose computer, an embedded processor, or other programmable data processing terminal device to produce a machine that causes instructions to be executed by a processor of a computer or other programmable data processing terminal device Means are provided for implementing the functions specified in one or more of the flow or in one or more blocks of the flow chart.
  • These computer program instructions may also be stored in a computer readable memory operable in a particular manner by a computer or other programmable data processing terminal device such that instructions generated in the computer readable memory include instruction means Manufacturing device, the instruction device is implemented in a flow or a flow of a flow chart The functions specified in a block or blocks of a block and/or block diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé de stockage de fichier sécurisé, comprenant les étapes suivantes : un appareil terminal divise, selon un algorithme de division prédéterminé, un fichier source à télécharger en de multiples fichiers divisés primaires (201) ; l'appareil terminal télécharge une partie des multiples fichiers divisés primaires vers un serveur de stockage Cloud et transmet la partie restante à un dispositif de stockage dédié (202) ; et l'appareil terminal reçoit de multiples fichiers divisés secondaires transmis à partir du dispositif de stockage dédié et télécharge ceux-ci vers le serveur de stockage Cloud, les multiples fichiers divisés secondaires étant des fichiers générés par division de tous les fichiers divisés primaires reçus selon l'algorithme de division par le dispositif de stockage dédié (203). Le procédé d'accès à un fichier sécurisé effectue une division en deux étapes dans le processus de stockage, assurant totalement une incomplétude du fichier source et une complexité de récupération favorable du fichier source, et par conséquent la sécurité du fichier source dans le serveur de stockage Cloud.
PCT/CN2016/105723 2016-11-14 2016-11-14 Procédé d'accès à un fichier sécurisé, appareil terminal et dispositif de stockage dédié WO2018086120A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201680012948.6A CN107438848A (zh) 2016-11-14 2016-11-14 一种文件安全存取方法、终端设备及专用存储装置
PCT/CN2016/105723 WO2018086120A1 (fr) 2016-11-14 2016-11-14 Procédé d'accès à un fichier sécurisé, appareil terminal et dispositif de stockage dédié

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/105723 WO2018086120A1 (fr) 2016-11-14 2016-11-14 Procédé d'accès à un fichier sécurisé, appareil terminal et dispositif de stockage dédié

Publications (1)

Publication Number Publication Date
WO2018086120A1 true WO2018086120A1 (fr) 2018-05-17

Family

ID=60458674

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/105723 WO2018086120A1 (fr) 2016-11-14 2016-11-14 Procédé d'accès à un fichier sécurisé, appareil terminal et dispositif de stockage dédié

Country Status (2)

Country Link
CN (1) CN107438848A (fr)
WO (1) WO2018086120A1 (fr)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102664928A (zh) * 2012-04-01 2012-09-12 南京邮电大学 一种用于云存储的数据安全存取方法及用户端系统
CN102693398A (zh) * 2012-05-09 2012-09-26 深圳大学 一种数据加密方法及系统
CN103067519A (zh) * 2013-01-04 2013-04-24 深圳市广道高新技术有限公司 一种异构平台下数据分布存储的方法及装置
CN105027498A (zh) * 2013-06-11 2015-11-04 章寅生 一种通过远程分隔和组装数据文件实现安全存储的方法及其系统和装置
CN105184185A (zh) * 2015-09-07 2015-12-23 南京伍安信息科技有限公司 用于分离存储与还原数据的key盘及其分离与还原数据方法
CN106022158A (zh) * 2016-05-09 2016-10-12 福建南威软件有限公司 一种文件资料的外带管理系统

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103207971A (zh) * 2012-01-12 2013-07-17 富泰华工业(深圳)有限公司 基于云存储的数据安全保护系统及方法
CN102970129B (zh) * 2012-11-16 2013-10-30 深圳光启创新技术有限公司 基于时间信息的信号加密、解密方法和装置

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102664928A (zh) * 2012-04-01 2012-09-12 南京邮电大学 一种用于云存储的数据安全存取方法及用户端系统
CN102693398A (zh) * 2012-05-09 2012-09-26 深圳大学 一种数据加密方法及系统
CN103067519A (zh) * 2013-01-04 2013-04-24 深圳市广道高新技术有限公司 一种异构平台下数据分布存储的方法及装置
CN105027498A (zh) * 2013-06-11 2015-11-04 章寅生 一种通过远程分隔和组装数据文件实现安全存储的方法及其系统和装置
CN105184185A (zh) * 2015-09-07 2015-12-23 南京伍安信息科技有限公司 用于分离存储与还原数据的key盘及其分离与还原数据方法
CN106022158A (zh) * 2016-05-09 2016-10-12 福建南威软件有限公司 一种文件资料的外带管理系统

Also Published As

Publication number Publication date
CN107438848A (zh) 2017-12-05

Similar Documents

Publication Publication Date Title
US11477006B2 (en) Secure analytics using an encrypted analytics matrix
CN105760764B (zh) 一种嵌入式存储设备文件的加解密方法、装置及终端
JP6840264B2 (ja) ブロックチェーンネットワーク内で使用するためのフィールドプログラマブルゲートアレイベースの信頼できる実行環境
EP3289723B1 (fr) Système de cryptage, portefeuille de clés de cryptage et procédé
CN107196926B (zh) 一种云外包隐私集合比较方法与装置
CN110049016B (zh) 区块链的数据查询方法、装置、系统、设备及存储介质
CN112491847A (zh) 区块链一体机及其自动建链方法、装置
CN105656624A (zh) 一种客户端、服务器、数据传输方法与系统
CN105245328A (zh) 一种基于第三方的用户及文件的密钥产生管理方法
JP2020508619A (ja) データバックアップ方法およびデータバックアップ装置、記憶媒体ならびにサーバ
CN101605137A (zh) 安全分布式文件系统
CN107993073B (zh) 一种人脸识别系统及其工作方法
CN106161444B (zh) 数据安全存储方法及用户设备
CN105745861A (zh) 信息发布系统
WO2014146607A1 (fr) Procédé de traitement d'informations, procédé de récupération d'informations, dispositif, terminal d'utilisateur, et serveur
US20180063095A1 (en) Data encipherment prior to recipient selection
US20200396079A1 (en) System and method for shared secret encryption and verification of recordings of meeting proceedings
EP2869232A1 (fr) Dispositif à clé de sécurité pour des services de nuage sécurisé, système et procédé de fourniture de services de nuage sécurisé
CN107306254B (zh) 基于双层加密的数字版权保护方法及系统
US20160292446A1 (en) Data encryption and compression
CN111970114B (zh) 文件加密方法、系统、服务器和存储介质
US20160292447A1 (en) Multi-layered encryption
CA2891610C (fr) Agent dispensant un service de securite nuagique et dispositif de jeton de securite destine au service de securite nuagique
CN111177699B (zh) 一种数据提取方法、秘钥生成方法、解锁方法及装置
US20160294876A1 (en) Unique graphic identifier

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16921430

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16921430

Country of ref document: EP

Kind code of ref document: A1