WO2020000765A1 - Off-line data storage method and apparatus, computer device and storage medium - Google Patents

Off-line data storage method and apparatus, computer device and storage medium Download PDF

Info

Publication number
WO2020000765A1
WO2020000765A1 PCT/CN2018/109559 CN2018109559W WO2020000765A1 WO 2020000765 A1 WO2020000765 A1 WO 2020000765A1 CN 2018109559 W CN2018109559 W CN 2018109559W WO 2020000765 A1 WO2020000765 A1 WO 2020000765A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
user
data
data information
cloud server
Prior art date
Application number
PCT/CN2018/109559
Other languages
French (fr)
Chinese (zh)
Inventor
李洋
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2020000765A1 publication Critical patent/WO2020000765A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2151Time stamp

Definitions

  • the existing technical methods have problems of insecure data transmission and data storage, which makes data information easy to be stolen or intercepted by others, resulting in insufficient security of data information offline storage.
  • the embodiments of the present application provide an offline data storage method, device, computer equipment, and storage medium, which are aimed at solving the problem of insufficient safety of offline storage of data information in the prior art methods.
  • an embodiment of the present application provides an offline data storage method, which includes: if a confirmation message from a cloud server that a user successfully logs in to the cloud server for the first time is received, creating a virtualized secure disk space in a local disk; receiving Directory index information sent by the cloud server and displayed for user selection, obtaining directory selection information obtained by the user from the directories included in the directory index information, and sending the obtained directory selection information to the cloud server; via HTTPS
  • the encrypted transmission protocol establishes a data transmission connection with the cloud server to receive data information in the directory included in the directory selection information; and stores the received data information in a secure disk space, and according to the identifier bound by the logged-in user Message and data message download timestamp encrypts the stored data message.
  • an embodiment of the present application provides an offline data storage device, including: a secure disk space creation unit, configured to create a local disk if a confirmation message from a cloud server that a user successfully logs in to the cloud server for the first time is received; Virtualized secure disk space; a directory index information selecting unit, configured to receive directory index information sent by the cloud server and display it for user selection, and obtain directory selection information obtained by the user from the directories included in the directory index information And sending the obtained directory selection information to a cloud server; a data transmission unit configured to establish a data transmission connection with the cloud server through the HTTPS encrypted transmission protocol to receive data information in the directory included in the directory selection information; and The storage encryption unit is configured to store the received data information in a secure disk space, and encrypt the stored data information according to the identification information and the data information download timestamp bound by the logged-in user.
  • an embodiment of the present application further provides a computer device including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor executes the computer
  • the program implements the offline data storage method according to the first aspect.
  • FIG. 1 is a schematic flowchart of an offline data storage method according to an embodiment of the present application
  • FIG. 2 is a schematic diagram of an application scenario of an offline data storage method according to an embodiment of the present application
  • FIG. 4 is a schematic diagram of another sub-flow of an offline data storage method according to an embodiment of the present application.
  • FIG. 5 is a schematic diagram of another sub-flow of an offline data storage method according to an embodiment of the present application.
  • FIG. 8 is a schematic block diagram of a subunit of an offline data storage device according to an embodiment of the present application.
  • FIG. 9 is a schematic block diagram of another subunit of an offline data storage device according to an embodiment of the present application.
  • FIG. 10 is a schematic block diagram of another subunit of an offline data storage device according to an embodiment of the present application.
  • FIG. 11 is another schematic block diagram of an offline data storage device according to an embodiment of the present application.
  • the method includes steps S101 to S104.
  • S102 Receive directory index information sent by the cloud server and display it for user selection, obtain directory selection information selected by the user from the directories included in the directory index information, and send the acquired directory selection information to the cloud server. .
  • the received directory index information belonging to the logged-in user is shown in Table 1.
  • the directory index information includes file directory information, size, and number of files of two large folders, and file directory information, size, and number of files of subfolders in each large folder.
  • the directory selection information obtained by the user after receiving the directory index information and selecting it is shown in Table 2.
  • the directory selection information is received, and the directory selection information is obtained according to the user's selection of the directory index, and the directory selection information is sent to the cloud server.
  • the directory selection information is obtained according to the user's selection of the directory index, and the directory selection information is sent to the cloud server.
  • the cloud server transmits the data information in the corresponding directory in the directory selection information to the mobile device through the HTTPS encrypted transmission protocol, and transmits the data information through the HTTPS encrypted transmission protocol, which greatly reduces the security risk of the transmitted data information and avoids other users Intercept data information.
  • S104 Store the received data information in a secure disk space, and encrypt the stored data information according to the identification information and data information download timestamp bound by the logged-in user.
  • the received data information is stored in the established secure disk space, and the stored data information is encrypted according to the identification information and data information download time stamp bound by the logged-in user.
  • the identification information bound by the login user may be security identifier information (SID) of the user login operating system (for example, the Windows operating system) that receives the data information, where the security identifier information is the only identifier that identifies the user login to the operating system.
  • SID security identifier information
  • the data message download timestamp is the time when the data message was downloaded from the cloud server to the mobile device.
  • step S104 includes sub-steps S1041 and S1042.
  • S1041 Slicing the received data information to obtain slice data, storing the slice data in a secure disk space, copying the slice data according to a preset number of slice copies to generate a slice copy, and storing the slice copy To secure disk space.
  • slice storage is required based on the size of the data information that needs to be stored.
  • the specific steps are: obtaining the size of the data information, obtaining the number of slices according to the size of the data information and a preset slicing rule, slicing the data information according to the obtained number of slices and obtaining slice data, and storing the slice data in a secure disk space .
  • a slice copy is a copy of slice data after the slice data is copied.
  • the number of slice copies can be preset according to the actual usage of the user. The more slices are stored, the more secure the data information is and the higher the cost.
  • the specific steps are: generating a slice copy according to the preset number of slice copies, and storing the slice copy in a secure disk space.
  • the identification information bound by the logged-in user is the security identifier information of the operating system (such as the Windows operating system) of the user receiving the data information
  • the download time stamp of the data information is the completion of downloading the data information from the cloud server to the mobile device.
  • Time, random characters are both randomly generated character information for encryption.
  • the AES symmetrical encryption is performed on the stored slice data and slice copies. After the user logs out of the login account in the operating system, other users use this mobile device, or when the local disk in the mobile device is removed and read directly, the local disk is secure. Data information in the disk space is encrypted and cannot be read. Because the AES symmetric encryption method uses data information to download the timestamp and random characters to obtain the symmetric encryption key after hash encoding, it cannot be cracked by abnormal means, so the security of the stored data information is extremely high.
  • the reading and writing speed of the data information can be greatly improved, and the security of the offline data information can be increased to avoid other users. Crack and steal data information.
  • steps S105, S106, and S107 are further included.
  • the identification information bound to the current user is obtained, and it is determined whether the identification information of the current user is the same as the identification information bound by the logged-in user. If the bound identification information is the same, the data information is decrypted and the current user can access the data information; if the identification information of the current user is different from the identification information bound by the logged-in user, the data information is not decrypted, then The current user cannot access data information stored in secure disk space.
  • an access request for corresponding data information is generated.
  • Receive a user access request for data information and obtain identification information bound to the current user, that is, obtain security identifier information of the current user who logs in to the operating system.
  • the security identifier information of the current user is compared with the security identifier information in the symmetric encryption key. If they are the same, the data is compared. The information is decrypted, and the user can access the accessed folder smoothly; if they are not the same, the data information is not decrypted, and the user cannot access the accessed folder.
  • the deadline information can be added to the directory selection information.
  • the deadline information is the deadline for the mobile device to access the data information offline after obtaining the data information from the cloud server.
  • the user can check the data information by the mobile device before the deadline.
  • For offline access after the deadline, users cannot access the data information stored in the mobile device offline. You must log in to the cloud server through a network connection before you can access the data information stored in the mobile device offline.
  • By comparing the deadline information and the data information download timestamp with the current time in the user access request it can be determined whether the user can offline access the data information stored in the mobile device.
  • the deadline information is 7 days
  • the data information download timestamp is "2018-04-13”
  • the current time in the access request is April 22, 2018
  • the current time exceeds the deadline: April 20, 2018
  • So users ca n’t access offline data information stored in mobile devices.
  • the data information is decrypted, and the current user can access the decrypted data information in the secure disk space.
  • the specific access includes reading the data information , Modify, add, delete, etc.
  • the file modification information and hash value modification information of the data information need to be recorded at this time.
  • the file modification information is the record information of the current user's modification, addition, and deletion of the data information;
  • the hash value modification information is the encrypted information of the directory index information of the modified data information.
  • step S105a is further included after step S105 in another embodiment.
  • S105a If the identification information of the current user is different from the identification information bound by the logged-in user, the data information is not decrypted, and an alarm prompt message is issued.
  • the identification information of the current user is judged according to the information in the secret key to realize the security management of the data information, which can ensure the security of the stored data information and enable users with data information access rights to the data.
  • Information is accessed to improve the security of data information storage.
  • step S107 is further included after step S107.
  • the file modification information and hash value modification information of the data information in the secure disk space are obtained.
  • the data information corresponding to the data information in the secure disk space in the cloud server is updated. Specifically, the data information corresponding to the data information in the secure disk space in the cloud server is modified, added, or deleted according to the file modification information, and the data information in the cloud server and the secure disk space is modified according to the hash value modification information.
  • Directory index information is updated.
  • the data information corresponding to the data information in the secure disk space in the cloud server is automatically updated according to the file modification information and the hash value modification information, that is, through the secure disk space.
  • the data information in the synchronization of the corresponding data information in the cloud server can ensure the accuracy of the data information stored in the cloud server and also ensure the consistency with the data information in the secure disk space.
  • the data information is transmitted through the HTTPS encrypted transmission protocol, the data information is stored in a virtualized secure disk space, and the stored data information is encrypted. It can prevent other users from cracking and stealing data information, greatly improving the security of offline storage of data information, and reducing the risk of users in mobile office.
  • An embodiment of the present application further provides an offline data storage device, and the offline data storage device is configured to execute any one of the foregoing offline data storage methods.
  • FIG. 7, is a schematic block diagram of an offline data storage device according to an embodiment of the present application.
  • the offline data storage device 100 may be configured in the mobile device 10.
  • the offline data storage device 100 includes a secure disk space creation unit 101, a directory index information selection unit 102, a data transmission unit 103, and a storage encryption unit 104.
  • the directory index information selection unit 102 is configured to receive the directory index information sent by the cloud server and display it for user selection, obtain directory selection information selected by the user from the directories included in the directory index information, and obtain the acquired directory selection information.
  • the directory selection information is sent to the cloud server.
  • the data transmission unit 103 is configured to establish a data transmission connection with the cloud server through an HTTPS encrypted transmission protocol, so as to receive data information in a directory included in the directory selection information.
  • the storage encryption unit 104 is configured to store the received data information in a secure disk space, and encrypt the stored data information according to the identification information and the data information download timestamp bound by the login user.
  • the storage encryption unit 104 includes sub-units: a slice storage unit 1041 and a symmetric encryption unit 1042.
  • a slice storage unit 1041 is configured to slice the received data information to obtain slice data, store the slice data in a secure disk space, copy the slice data according to a preset number of slice copies to generate a slice copy, and The slice copy is stored to secure disk space.
  • the symmetric encryption unit 1042 is configured to perform AES symmetric encryption on the stored slice data and the slice copy according to the identification information bound by the logged-in user and the data information download timestamp.
  • the offline data storage device 100 further includes a decryption determination unit 105, a data information decryption unit 106, and a modification information recording unit 107.
  • the decryption judging unit 105 is configured to obtain the account information of the current user if a user's access request for data information is received, and determine whether the identification information of the current user is the same as the identification information bound by the logged-in user.
  • the data information decryption unit 106 is configured to decrypt the data information requested by the user if the identification information of the current user is the same as the identification information bound by the logged-in user.
  • the modification information recording unit 107 is configured to record the file modification information and the hash value modification information of the decrypted data information if the modification information of the decrypted data information is received.
  • the offline data storage device 100 further includes an alarm prompting unit 105 a.
  • the alarm prompting unit 105a is configured to: if the identification information of the current user is different from the identification information bound by the logged-in user, the data information is not decrypted, and an alarm prompting message is issued.
  • the offline data storage device 100 further includes a data information update unit 108.
  • a data information updating unit 108 is configured to receive data corresponding to the data information in the cloud server and the secure disk space according to the file modification information and the hash value modification information if the information from the cloud server that the user has not successfully logged in to the cloud server is received for the first time. Information is updated.
  • the above-mentioned offline data storage device can be implemented in the form of a computer program, which can be run on a computer device as shown in FIG. 12.
  • FIG. 12 is a schematic block diagram of a computer device according to an embodiment of the present application.
  • the computer device 500 may be a terminal.
  • the terminal may be an electronic device such as a tablet computer, a notebook computer, a personal digital assistant.
  • the computer device 500 includes a processor 502, a memory, and a network interface 505 connected through a system bus 501.
  • the memory may include a non-volatile storage medium 503 and an internal memory 504.
  • the non-volatile storage medium 503 can store an operating system 5031 and a computer program 5032.
  • the processor 502 can execute the offline data storage method.
  • the processor 502 is used to provide computing and control capabilities to support the operation of the entire computer device 500.
  • the internal memory 504 provides an environment for running the computer program 5032 in the non-volatile storage medium 503. When the computer program 5032 is executed by the processor 502, the processor 502 can execute the offline data storage method.
  • the network interface 505 is used for network communication, such as transmitting data information.
  • the network interface 505 is used for network communication, such as transmitting data information.
  • FIG. 12 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation on the computer equipment 500 to which the solution of the present application is applied. 500 may include more or fewer components than shown in the figure, or combine certain components, or have a different component arrangement.
  • the processor 502 is configured to run a computer program 5032 stored in a memory to implement the offline data storage method in the embodiment of the present application.
  • the embodiment of the computer device shown in FIG. 12 does not constitute a limitation on the specific configuration of the computer device.
  • the computer device may include more or fewer components than shown in the figure. Either some parts are combined or different parts are arranged.
  • the computer device may include only a memory and a processor. In such an embodiment, the structure and function of the memory and the processor are the same as those in the embodiment shown in FIG. 12, and details are not described herein again.
  • the processor 502 may be a central processing unit (CPU), and the processor 502 may also be another general-purpose processor, digital signal processor (Digital Signal Processor, DSP), Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • the general-purpose processor may be a microprocessor, or the processor may be any conventional processor.
  • a storage medium in another embodiment of the present application, is provided.
  • the storage medium may be a non-transitory computer-readable storage medium.
  • the storage medium stores a computer program, and the computer program implements the offline data storage method in the embodiment of the present application when the computer program is executed by the processor.
  • the storage medium may be an internal storage unit of the foregoing device, such as a hard disk or a memory of the device.
  • the storage medium may also be an external storage device of the device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) card, and a flash memory card provided on the device. (Flash Card), etc.
  • the storage medium may further include both an internal storage unit of the device and an external storage device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed are an off-line data storage method and apparatus, a computer device and a storage medium. The method comprises: if acknowledgment information, which indicates that a user successfully logs in to a cloud server for the first time and is sent by the cloud server, is received, creating a secure disk space in a local disk (S101); receiving directory index information sent by the cloud server for the user to obtain directory selection information by means of selection, and sending the directory selection information to the cloud server (S102); receiving data information by means of an HTTPS encryption transmission protocol (S103); and storing the data information in the secure disk space, and encrypting the stored data information according to identifier information bound with the logged-in user and a download timestamp of the data information (S104).

Description

离线数据存储方法、装置、计算机设备及存储介质Offline data storage method, device, computer equipment and storage medium
本申请要求于2018年6月29日提交中国专利局、申请号为201810700551.7、申请名称为“离线数据存储方法、装置、计算机设备及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed on June 29, 2018 with the Chinese Patent Office, application number 201810700551.7, and application name "Offline Data Storage Method, Device, Computer Equipment, and Storage Medium", the entire contents of which are hereby incorporated by reference Incorporated in this application.
技术领域Technical field
本申请涉及离线数据存储的技术领域,尤其涉及一种离线数据存储方法、装置、计算机设备及存储介质。The present application relates to the technical field of offline data storage, and in particular, to an offline data storage method, device, computer equipment, and storage medium.
背景技术Background technique
在企业员工出差进行移动办公过程中,员工需使用自己的移动设备与云端服务器通过网络连接进行数据传输。然而在实际应用过程因受限于网络波动,移动设备并不能够一直与云端服务器保持网络连接,因此这种实时数据传输的方式无法满足移动办公的安全和高效的要求。In the course of mobile work for corporate employees, employees need to use their mobile devices to communicate with cloud servers for data transmission. However, in the actual application process, due to network fluctuations, mobile devices cannot always maintain a network connection with the cloud server. Therefore, this real-time data transmission method cannot meet the requirements of mobile office security and efficiency.
现有的技术方法中存在数据传输及数据存储不安全的问题,使数据信息易被他人窃取或截获,从而导致数据信息离线存储的安全性不足。The existing technical methods have problems of insecure data transmission and data storage, which makes data information easy to be stolen or intercepted by others, resulting in insufficient security of data information offline storage.
发明内容Summary of the invention
本申请实施例提供了一种离线数据存储方法、装置、计算机设备及存储介质,旨在解决现有技术方法中存在数据信息离线存储安全性不足的问题。The embodiments of the present application provide an offline data storage method, device, computer equipment, and storage medium, which are aimed at solving the problem of insufficient safety of offline storage of data information in the prior art methods.
第一方面,本申请实施例提供了一种离线数据存储方法,其包括:若接收到云端服务器发送的用户首次成功登录云端服务器的确认信息,在本地磁盘中创建虚拟化的安全磁盘空间;接收云端服务器发送的目录索引信息并进行显示以供用户选择,获取用户从所述目录索引信息所包含的目录中选择得到的目录选择信息,并将所获取的目录选择信息发送至云端服务器;通过HTTPS加密传输协议与云端服务器建立数据传输连接,以接收与所述目录选择信息所包含目录内的数据信息;以及将所接收到的数据信息存储至安全磁盘空间,并根据登 录用户所绑定的标识信息及数据信息下载时间戳对已存储的数据信息进行加密。In a first aspect, an embodiment of the present application provides an offline data storage method, which includes: if a confirmation message from a cloud server that a user successfully logs in to the cloud server for the first time is received, creating a virtualized secure disk space in a local disk; receiving Directory index information sent by the cloud server and displayed for user selection, obtaining directory selection information obtained by the user from the directories included in the directory index information, and sending the obtained directory selection information to the cloud server; via HTTPS The encrypted transmission protocol establishes a data transmission connection with the cloud server to receive data information in the directory included in the directory selection information; and stores the received data information in a secure disk space, and according to the identifier bound by the logged-in user Message and data message download timestamp encrypts the stored data message.
第二方面,本申请实施例提供了一种离线数据存储装置,其包括:安全磁盘空间创建单元,用于若接收到云端服务器发送的用户首次成功登录云端服务器的确认信息,在本地磁盘中创建虚拟化的安全磁盘空间;目录索引信息选择单元,用于接收云端服务器发送的目录索引信息并进行显示以供用户选择,获取用户从所述目录索引信息所包含的目录中选择得到的目录选择信息,并将所获取的目录选择信息发送至云端服务器;数据传输单元,用于通过HTTPS加密传输协议与云端服务器建立数据传输连接,以接收与所述目录选择信息所包含目录内的数据信息;以及存储加密单元,用于将所接收到的数据信息存储至安全磁盘空间,并根据登录用户所绑定的标识信息及数据信息下载时间戳对已存储的数据信息进行加密。In a second aspect, an embodiment of the present application provides an offline data storage device, including: a secure disk space creation unit, configured to create a local disk if a confirmation message from a cloud server that a user successfully logs in to the cloud server for the first time is received; Virtualized secure disk space; a directory index information selecting unit, configured to receive directory index information sent by the cloud server and display it for user selection, and obtain directory selection information obtained by the user from the directories included in the directory index information And sending the obtained directory selection information to a cloud server; a data transmission unit configured to establish a data transmission connection with the cloud server through the HTTPS encrypted transmission protocol to receive data information in the directory included in the directory selection information; and The storage encryption unit is configured to store the received data information in a secure disk space, and encrypt the stored data information according to the identification information and the data information download timestamp bound by the logged-in user.
第三方面,本申请实施例又提供了一种计算机设备,其包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现上述第一方面所述的离线数据存储方法。In a third aspect, an embodiment of the present application further provides a computer device including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor executes the computer The program implements the offline data storage method according to the first aspect.
第四方面,本申请实施例还提供了一种存储介质,其中所述存储介质存储有计算机程序,所述计算机程序当被处理器执行时使所述处理器执行上述第一方面所述的离线数据存储方法。According to a fourth aspect, an embodiment of the present application further provides a storage medium, where the storage medium stores a computer program, and when the computer program is executed by a processor, causes the processor to execute the offline according to the first aspect. Data storage method.
本申请实施例提供了一种离线数据存储方法、装置、计算机设备及存储介质。通过HTTPS加密传输协议对数据信息进行传输,将数据信息存储至虚拟化的安全磁盘空间,并对已存储的数据信息进行加密。能够避免其他用户对数据信息进行破解和窃取,大幅提高了数据信息离线存储的安全性,降低用户在进行移动办公时的风险。The embodiments of the present application provide an offline data storage method, device, computer equipment, and storage medium. The data information is transmitted through the HTTPS encrypted transmission protocol, the data information is stored in a virtualized secure disk space, and the stored data information is encrypted. It can prevent other users from cracking and stealing data information, greatly improving the security of offline storage of data information, and reducing the risk of users in mobile office.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
为了更清楚地说明本申请实施例技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to explain the technical solutions of the embodiments of the present application more clearly, the drawings used in the description of the embodiments are briefly introduced below. Obviously, the drawings in the following description are some embodiments of the present application. For ordinary technicians, other drawings can be obtained based on these drawings without paying creative labor.
图1为本申请实施例提供的离线数据存储方法的流程示意图;FIG. 1 is a schematic flowchart of an offline data storage method according to an embodiment of the present application;
图2为本申请实施例提供的离线数据存储方法的应用场景示意图;2 is a schematic diagram of an application scenario of an offline data storage method according to an embodiment of the present application;
图3为本申请实施例提供的离线数据存储方法的子流程示意图;3 is a schematic diagram of a sub-flow of an offline data storage method according to an embodiment of the present application;
图4为本申请实施例提供的离线数据存储方法的另一子流程示意图;FIG. 4 is a schematic diagram of another sub-flow of an offline data storage method according to an embodiment of the present application; FIG.
图5为本申请实施例提供的离线数据存储方法的另一子流程示意图;5 is a schematic diagram of another sub-flow of an offline data storage method according to an embodiment of the present application;
图6为本申请实施例提供的离线数据存储方法的另一流程示意图;6 is another schematic flowchart of an offline data storage method according to an embodiment of the present application;
图7为本申请实施例提供的离线数据存储装置的示意性框图;7 is a schematic block diagram of an offline data storage device according to an embodiment of the present application;
图8为本申请实施例提供的离线数据存储装置的子单元示意性框图;8 is a schematic block diagram of a subunit of an offline data storage device according to an embodiment of the present application;
图9为本申请实施例提供的离线数据存储装置的另一子单元示意性框图;9 is a schematic block diagram of another subunit of an offline data storage device according to an embodiment of the present application;
图10为本申请实施例提供的离线数据存储装置的另一子单元示意性框图;10 is a schematic block diagram of another subunit of an offline data storage device according to an embodiment of the present application;
图11为本申请实施例提供的离线数据存储装置的另一示意性框图;11 is another schematic block diagram of an offline data storage device according to an embodiment of the present application;
图12为本申请实施例提供的计算机设备的示意性框图。FIG. 12 is a schematic block diagram of a computer device according to an embodiment of the present application.
具体实施方式detailed description
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In the following, the technical solutions in the embodiments of the present application will be clearly and completely described with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by a person of ordinary skill in the art without creative efforts shall fall within the protection scope of the present application.
请参阅图1,图1是本申请实施例提供的离线数据存储方法的示意流程图,图2为本申请实施例提供的离线数据存储方法的应用场景示意图,该离线数据存储方法应用于移动设备10中,该方法通过安装于移动设备10中的应用软件进行执行。该移动设备10通过登录云端服务器20,接收云端服务器20所发送的目录索引信息以供用户(移动设备10的使用者)选择,将用户所选择的目录选择信息发送至云端服务器20,移动设备10通过与云端服务器20建立网络连接,将云端服务器20中的数据信息传输至移动设备10内进行存储。其中,移动设备10是具有数据信息存储功能的用户终端,例如笔记本电脑、平板电脑或手机等;云端服务器20是用于存储和管理数据信息的企业终端。Please refer to FIG. 1. FIG. 1 is a schematic flowchart of an offline data storage method according to an embodiment of the present application. FIG. 2 is a schematic diagram of an application scenario of the offline data storage method provided by an embodiment of the present application. In 10, the method is executed by application software installed in the mobile device 10. The mobile device 10 logs in to the cloud server 20, receives the directory index information sent by the cloud server 20 for selection by the user (user of the mobile device 10), and sends the directory selection information selected by the user to the cloud server 20, and the mobile device 10 By establishing a network connection with the cloud server 20, data information in the cloud server 20 is transmitted to the mobile device 10 for storage. The mobile device 10 is a user terminal having a data information storage function, such as a laptop computer, a tablet computer, or a mobile phone. The cloud server 20 is an enterprise terminal for storing and managing data information.
需要说明的是,图2中仅仅示意出一台移动设备10与云端服务器20进行信息传输,在实际应用中,该云端服务器20也可与多台移动设备10进行信息传输。It should be noted that FIG. 2 only illustrates that one mobile device 10 performs information transmission with the cloud server 20. In practical applications, the cloud server 20 may also perform information transmission with multiple mobile devices 10.
如图1所示,该方法包括步骤S101~S104。As shown in FIG. 1, the method includes steps S101 to S104.
S101、若接收到云端服务器发送的用户首次成功登录云端服务器的确认信 息,在本地磁盘中创建虚拟化的安全磁盘空间。S101. If a confirmation message from a cloud server that the user successfully logs in to the cloud server for the first time is received, a virtualized secure disk space is created in the local disk.
若接收到云端服务器发送的用户通过移动设备成功登录云端服务器的信息,且为首次成功登录,则通过虚拟化技术在移动设备的本地磁盘中创建安全磁盘空间。其中,云端服务器为存储了企业所有办公数据信息的企业终端,用于存储和管理数据信息。移动设备为用户所使用的用于登录云端服务器的设备,移动设备中包括本地磁盘。本地磁盘即是移动设备中用于存储数据信息的信息存储单元,安全磁盘空间即是本地磁盘中划分出的用于存放从云端服务器所下载的数据信息的磁盘空间,通过虚拟化操作可实现将本地磁盘中的部分磁盘空间划分为安全磁盘空间。If the information from the cloud server that the user successfully logged in to the cloud server via the mobile device is received, and this is the first successful login, a secure disk space is created in the local disk of the mobile device through virtualization technology. Among them, the cloud server is an enterprise terminal that stores all the office data information of the enterprise, and is used to store and manage the data information. A mobile device is a device used by a user to log in to a cloud server, and the mobile device includes a local disk. The local disk is the information storage unit used to store data information in the mobile device. The secure disk space is the disk space allocated in the local disk to store the data information downloaded from the cloud server. It can be realized through virtualization operations. Part of the disk space on the local disk is divided into secure disk space.
其中,用户所使用的移动设备可以是包含本地磁盘的笔记本电脑、平板电脑或手机。企业所有的办公数据信息均存储在云端服务器中,用户通过移动设备与云端服务器建立网络连接并登录云端服务器,可实现对云端服务器中的数据信息进行读取、下载等操作。The mobile device used by the user may be a laptop computer, a tablet computer, or a mobile phone including a local disk. All the office data information of the enterprise is stored in the cloud server. The user establishes a network connection with the cloud server through a mobile device and logs in to the cloud server to read, download, and other operations on the data information in the cloud server.
例如,若接收到用户通过移动设备成功登录云端服务器的信息,且为首次成功登录,则通过虚拟化技术在移动设备的本地磁盘“E:\”中创建“E:\Safespace”作为安全磁盘空间进行使用。For example, if the user successfully receives the information that the user successfully logs in to the cloud server through the mobile device, and this is the first time that the user has successfully logged in, then the virtual technology is used to create "E: \ Safespace" as the safe disk space in the local disk "E: \" For use.
S102、接收云端服务器发送的目录索引信息并进行显示以供用户选择,获取用户从所述目录索引信息所包含的目录中选择得到的目录选择信息,并将所获取的目录选择信息发送至云端服务器。S102. Receive directory index information sent by the cloud server and display it for user selection, obtain directory selection information selected by the user from the directories included in the directory index information, and send the acquired directory selection information to the cloud server. .
用户通过移动设备接收云端服务器发送的目录索引信息,用户从目录索引信息所包含的目录中进行选择得到目录选择信息,移动设备将得到的目录选择信息发送至云端服务器。其中,目录索引信息中包含数据信息的文件目录信息、大小及文件个数,用户登录云端服务器后即可从云端服务器中获取属于登录用户的目录索引信息。目录索引信息中不包含具体的数据信息,只包含数据信息存储于云端服务器中所对应的文件目录信息、大小及文件个数。文件目录信息即是文件夹存储于云端服务器中的文件路径信息,大小即是文件夹内所有文件的占用存储空间的信息,文件个数即是文件夹内文件的数量信息。The user receives the directory index information sent by the cloud server through the mobile device, the user selects from the directories included in the directory index information to obtain the directory selection information, and the mobile device sends the obtained directory selection information to the cloud server. The directory index information includes the file directory information, size, and number of files of the data information. After the user logs in to the cloud server, the directory index information belonging to the logged-in user can be obtained from the cloud server. The directory index information does not contain specific data information, only the file directory information, size, and number of files corresponding to the data information stored in the cloud server. The file directory information is the file path information of the folder stored in the cloud server, the size is the information of the storage space occupied by all the files in the folder, and the number of files is the number of files in the folder.
用户通过对目录索引信息进行选择,即是按照自己的需求对云端服务器中的数据信息进行选择,目录选择信息发送至云端服务器后,即可实现将云端服务器目录选择信息中目录内的数据信息下载至移动设备的安全磁盘空间,以使 用户能够在离线的情况下使用移动设备的安全磁盘空间内所存储的数据信息进行办公。By selecting the directory index information, the user selects the data information in the cloud server according to his own needs. After the directory selection information is sent to the cloud server, the data information in the directory in the cloud server directory selection information can be downloaded. To the secure disk space of the mobile device, so that the user can use the data information stored in the secure disk space of the mobile device for office work when offline.
例如,接收到的属于登录用户的目录索引信息如表1所示。For example, the received directory index information belonging to the logged-in user is shown in Table 1.
Figure PCTCN2018109559-appb-000001
Figure PCTCN2018109559-appb-000001
表1Table 1
如表1中所示,目录索引信息中包含两个大文件夹的文件目录信息、大小及文件个数,以及每个大文件夹内子文件夹的文件目录信息、大小及文件个数。用户接收到目录索引信息,并对其进行选择得到的目录选择信息如表2所示。As shown in Table 1, the directory index information includes file directory information, size, and number of files of two large folders, and file directory information, size, and number of files of subfolders in each large folder. The directory selection information obtained by the user after receiving the directory index information and selecting it is shown in Table 2.
Figure PCTCN2018109559-appb-000002
Figure PCTCN2018109559-appb-000002
表2Table 2
在本实施例中,通过接收目录索引信息,并根据用户对目录索引的选择得到目录选择信息,将目录选择信息发送至云端服务器。在此过程中,无需直接获取具体的数据信息,而仅需获取数据信息存储在云端服务器中所对应的文件目录信息,减少了云端服务器与移动设备之间的信息传输时间,提高了数据信息选择的效率,可实现对所需的数据信息的快速选择和获取。In this embodiment, the directory selection information is received, and the directory selection information is obtained according to the user's selection of the directory index, and the directory selection information is sent to the cloud server. In this process, there is no need to directly obtain specific data information, but only the file directory information corresponding to the data information stored in the cloud server, which reduces the information transmission time between the cloud server and the mobile device and improves the data information selection. The efficiency can realize the rapid selection and acquisition of the required data information.
S103、通过HTTPS加密传输协议与云端服务器建立数据传输连接,以接收 与所述目录选择信息所包含目录内的数据信息。S103. Establish a data transmission connection with the cloud server through the HTTPS encrypted transmission protocol to receive data information in the directory included in the directory selection information.
移动设备通过HTTPS加密传输协议与云端服务器建立数据传输连接,接收目录选择信息所包含目录内的数据信息,也即是数据信息从云端服务器下载至移动设备。The mobile device establishes a data transmission connection with the cloud server through the HTTPS encrypted transmission protocol, and receives the data information in the directory included in the directory selection information, that is, the data information is downloaded from the cloud server to the mobile device.
HTTPS加密传输协议也即是HTTP传输协议的安全升级版。HTTP传输协议是应用层协议,位于HTTP传输协议之下是TCP协议。TCP协议负责传输,HTTP传输协议则定义了数据如何进行包装。HTTPS加密传输协议也即是在HTTP传输协议与TCP协议中间加了一层加密层TLS/SSL协议,其中,SSL协议是个加密套件,负责对HTTP传输协议的数据进行加密,而TLS协议是SSL协议的升级版。The HTTPS encrypted transmission protocol is a secure upgrade of the HTTP transmission protocol. The HTTP transport protocol is an application layer protocol, and under the HTTP transport protocol is the TCP protocol. The TCP protocol is responsible for transmission, and the HTTP transmission protocol defines how data is packaged. The HTTPS encrypted transmission protocol is a layer of TLS / SSL protocol added between the HTTP transmission protocol and the TCP protocol. Among them, the SSL protocol is an encryption suite that is responsible for encrypting the data of the HTTP transmission protocol, and the TLS protocol is the SSL protocol. An upgraded version.
云端服务器将目录选择信息中相应目录内的数据信息,通过HTTPS加密传输协议传输至移动设备,通过HTTPS加密传输协议进行数据信息的传输,大幅降低所传输的数据信息的安全风险,避免了其他用户截获数据信息。The cloud server transmits the data information in the corresponding directory in the directory selection information to the mobile device through the HTTPS encrypted transmission protocol, and transmits the data information through the HTTPS encrypted transmission protocol, which greatly reduces the security risk of the transmitted data information and avoids other users Intercept data information.
S104、将所接收到的数据信息存储至安全磁盘空间,并根据登录用户所绑定的标识信息及数据信息下载时间戳对已存储的数据信息进行加密。S104. Store the received data information in a secure disk space, and encrypt the stored data information according to the identification information and data information download timestamp bound by the logged-in user.
将所接收到的数据信息存储至已建立好的安全磁盘空间内,根据登录用户所绑定的标识信息及数据信息下载时间戳对已存储的数据信息进行加密。其中,登录用户所绑定的标识信息可以是接收数据信息的用户登录操作系统(例如Windows操作系统)的安全标识符信息(SID),其中,安全标识符信息即是标识用户登录操作系统的唯一的号码,数据信息下载时间戳即是数据信息从云端服务器下载至移动设备的完成时间。The received data information is stored in the established secure disk space, and the stored data information is encrypted according to the identification information and data information download time stamp bound by the logged-in user. The identification information bound by the login user may be security identifier information (SID) of the user login operating system (for example, the Windows operating system) that receives the data information, where the security identifier information is the only identifier that identifies the user login to the operating system. , The data message download timestamp is the time when the data message was downloaded from the cloud server to the mobile device.
在一实施例中,如图3所示,步骤S104包括子步骤S1041和S1042。In an embodiment, as shown in FIG. 3, step S104 includes sub-steps S1041 and S1042.
S1041、将所接收到的数据信息进行切片得到切片数据,将所述切片数据存储至安全磁盘空间,根据预设切片副本数量对所述切片数据进行拷贝生成切片副本,并将所述切片副本存储至安全磁盘空间。S1041: Slicing the received data information to obtain slice data, storing the slice data in a secure disk space, copying the slice data according to a preset number of slice copies to generate a slice copy, and storing the slice copy To secure disk space.
在将数据信息存储至安全磁盘空间时,需根据所需存储的数据信息的大小进行切片存储。通过对数据信息进行切片存储,能够大幅提高数据信息的读写速度。具体的步骤为,获取数据信息的大小,并根据数据信息的大小及预设的切片规则得到切片数量,根据得到的切片数量对数据信息进行切片并得到切片数据,将切片数据存储至安全磁盘空间。When storing data information in secure disk space, slice storage is required based on the size of the data information that needs to be stored. By slicing the data information, the reading and writing speed of the data information can be greatly improved. The specific steps are: obtaining the size of the data information, obtaining the number of slices according to the size of the data information and a preset slicing rule, slicing the data information according to the obtained number of slices and obtaining slice data, and storing the slice data in a secure disk space .
切片副本即是对切片数据进行复制后的切片数据的副本。切片副本数量可以根据用户实际的使用情况进行预设,切片存储数量越多越则所存储的数据信息越安全,同时成本也越高。具体的步骤为,根据预设切片副本数量生成切片副本,将切片副本存储至安全磁盘空间。A slice copy is a copy of slice data after the slice data is copied. The number of slice copies can be preset according to the actual usage of the user. The more slices are stored, the more secure the data information is and the higher the cost. The specific steps are: generating a slice copy according to the preset number of slice copies, and storing the slice copy in a secure disk space.
S1042、根据登录用户所绑定的标识信息及所述数据信息下载时间戳对已存储的切片数据及切片副本进行AES对称加密。S1042. Perform AES symmetric encryption on the stored slice data and the slice copy according to the identification information bound by the logged-in user and the data information download timestamp.
为防止其他用户对所存储的数据信息进行读取、修改、添加、删除等操作,需对存储的切片数据及切片副本进行加密,可采用AES对称加密的方法对已存储的切片数据及切片副本进行加密,其中,AES即是高级加密标准,进行AES对称加密即是采用高级加密标准进行对称加密。具体的操作过程为,获取登录用户所绑定的标识信息、数据信息下载时间戳及随机字符后,经过哈希编码得到对称加密的秘钥。具体的,登录用户所绑定的标识信息为接收数据信息的用户登录操作系统(例如Windows操作系统)的安全标识符信息,数据信息下载时间戳即是数据信息从云端服务器下载至移动设备的完成时间,随机字符既是随机生成的用于进行加密的字符信息。In order to prevent other users from reading, modifying, adding, deleting and other operations on the stored data information, the stored slice data and slice copies need to be encrypted. AES symmetric encryption can be used to store the slice data and slice copies. For encryption, AES is the advanced encryption standard, and for AES symmetric encryption, the advanced encryption standard is used for symmetric encryption. The specific operation process is that after obtaining the identification information bound to the logged-in user, the data information download timestamp, and a random character, a symmetric encryption key is obtained through hash coding. Specifically, the identification information bound by the logged-in user is the security identifier information of the operating system (such as the Windows operating system) of the user receiving the data information, and the download time stamp of the data information is the completion of downloading the data information from the cloud server to the mobile device. Time, random characters are both randomly generated character information for encryption.
对已存储的切片数据及切片副本进行AES对称加密,用户在操作系统中注销登录账号后,其他用户使用此移动设备,或将移动设备中的本地磁盘拆下直接读取时,本地磁盘中安全磁盘空间内的数据信息均为加密状态,无法读取。由于AES对称加密的方法中使用数据信息下载时间戳及随机字符经过哈希编码得到对称加密的秘钥,因此无法通过非正常途径进行破解,因此已存储的数据信息的安全性极高。The AES symmetrical encryption is performed on the stored slice data and slice copies. After the user logs out of the login account in the operating system, other users use this mobile device, or when the local disk in the mobile device is removed and read directly, the local disk is secure. Data information in the disk space is encrypted and cannot be read. Because the AES symmetric encryption method uses data information to download the timestamp and random characters to obtain the symmetric encryption key after hash encoding, it cannot be cracked by abnormal means, so the security of the stored data information is extremely high.
在本实施例中,通过对数据信息进行切片存储,并对存储于安全磁盘空间内的数据信息进行加密,可大幅提高数据信息的读写速度,并增加离线数据信息的安全性,避免其他用户对数据信息进行破解和窃取。In this embodiment, by slicing the data information and encrypting the data information stored in the secure disk space, the reading and writing speed of the data information can be greatly improved, and the security of the offline data information can be increased to avoid other users. Crack and steal data information.
在一实施例中,如图4所示,步骤S104之后还包括步骤S105、步骤S106和步骤S107。In an embodiment, as shown in FIG. 4, after step S104, steps S105, S106, and S107 are further included.
S105、若接收到用户对数据信息的访问请求,获取当前用户的帐户信息,判断当前用户的标识信息是否与登录用户所绑定的标识信息相同。S105. If a user access request for data information is received, obtain account information of the current user, and determine whether the identification information of the current user is the same as the identification information bound by the logged-in user.
若接收到用户对数据信息的访问请求,则获取与当前用户所绑定的标识信息,判断当前用户的标识信息与登录用户所绑定的标识信息是否相同,若当前 用户的标识信息与登录用户所绑定的标识信息相同,则对数据信息进行解密,当前用户可对数据信息进行访问;若当前用户的标识信息与登录用户所绑定的标识信息不相同,则不对数据信息进行解密,则当前用户无法访问安全磁盘空间中所存储的数据信息。If a user's access request for data information is received, the identification information bound to the current user is obtained, and it is determined whether the identification information of the current user is the same as the identification information bound by the logged-in user. If the bound identification information is the same, the data information is decrypted and the current user can access the data information; if the identification information of the current user is different from the identification information bound by the logged-in user, the data information is not decrypted, then The current user cannot access data information stored in secure disk space.
在此过程中,用户无需通过移动设备登录云端服务器,也无需进行网络连接,因此可在本地的安全磁盘空间对离线存储的数据信息进行访问。In this process, users do not need to log in to the cloud server through a mobile device, nor do they need to make a network connection, so they can access the data information stored offline in a local secure disk space.
具体的操作过程中,用户点击安全磁盘空间中的待访问文件夹,即是生成对相应数据信息的访问请求。接收用户对数据信息的访问请求,获取与当前用户绑定的标识信息,也即是获取登录操作系统的当前用户的安全标识符信息。判断当前用户的标识信息与登录用户所绑定的标识信息是否相同,具体的,将当前用户的安全标识符信息与对称加密的秘钥中的安全标识符信息进行比对,若相同则对数据信息进行解密,用户可顺利对待访问文件夹进行访问;若不相同则不对数据信息进行解密,用户无法对待访问文件夹进行访问。In the specific operation process, when the user clicks the folder to be accessed in the secure disk space, an access request for corresponding data information is generated. Receive a user access request for data information, and obtain identification information bound to the current user, that is, obtain security identifier information of the current user who logs in to the operating system. Determine whether the identification information of the current user is the same as the identification information bound by the logged-in user. Specifically, the security identifier information of the current user is compared with the security identifier information in the symmetric encryption key. If they are the same, the data is compared. The information is decrypted, and the user can access the accessed folder smoothly; if they are not the same, the data information is not decrypted, and the user cannot access the accessed folder.
此外,目录选择信息中还可添加截止日期信息,截止日期信息为移动设备从云端服务器获取数据信息后可对数据信息进行离线访问的截止时间,用户通过移动设备在截止日期之前可对对数据信息进行离线访问,超出截止日期后用户无法对移动设备内存储的数据信息进行离线访问,必须通过网络连接登录云端服务器后,才能对移动设备内存储的数据信息进行离线访问。通过截止日期信息和数据信息下载时间戳与用户访问请求中的当前时间进行对比,即可确定用户是否能够对移动设备内存储的数据信息进行离线访问。In addition, the deadline information can be added to the directory selection information. The deadline information is the deadline for the mobile device to access the data information offline after obtaining the data information from the cloud server. The user can check the data information by the mobile device before the deadline. For offline access, after the deadline, users cannot access the data information stored in the mobile device offline. You must log in to the cloud server through a network connection before you can access the data information stored in the mobile device offline. By comparing the deadline information and the data information download timestamp with the current time in the user access request, it can be determined whether the user can offline access the data information stored in the mobile device.
例如,截止日期信息为7天,数据信息下载时间戳为“2018-04-13”,访问请求中的当前时间为2018年4月22日,则当前时间超出截止日期:2018年4月20日,因此用户无法对移动设备内存储的数据信息进行离线访问。For example, the deadline information is 7 days, the data information download timestamp is "2018-04-13", and the current time in the access request is April 22, 2018, then the current time exceeds the deadline: April 20, 2018 , So users ca n’t access offline data information stored in mobile devices.
在本实施例中,通过判断当前用户的标识信息与登录用户所绑定的标识信息是否相同以对数据信息进行解密,避免其他用户对数据信息进行破解和窃取,大幅提高了数据信息在离线存储的安全性。In this embodiment, by judging whether the identification information of the current user and the identification information bound by the logged-in user are the same to decrypt the data information, it is possible to prevent other users from cracking and stealing the data information, which greatly improves the offline storage of data information. Security.
S106、若当前用户的标识信息与登录用户所绑定的标识信息相同,对用户请求访问的数据信息进行解密。S106. If the identification information of the current user is the same as the identification information bound by the logged-in user, decrypt the data information requested by the user.
若当前用户的标识信息与登录用户所绑定的标识信息相同,则对数据信息进行解密,当前用户可对安全磁盘空间中解密后的数据信息进行访问,具体的 访问包括对数据信息的读取、修改、添加、删除等操作。If the identification information of the current user is the same as the identification information bound by the logged-in user, the data information is decrypted, and the current user can access the decrypted data information in the secure disk space. The specific access includes reading the data information , Modify, add, delete, etc.
S107、若接收到对已解密的数据信息进行修改的信息,记录该数据信息的文件修改信息及哈希值修改信息。S107. If the modification information of the decrypted data information is received, record the file modification information and hash value modification information of the data information.
若接收到对已解密的数据信息进行修改的信息,此时需对数据信息的文件修改信息及哈希值修改信息进行记录。If the modification information of the decrypted data information is received, the file modification information and hash value modification information of the data information need to be recorded at this time.
其中,文件修改信息即是当前用户对数据信息进行修改、添加、删除等操作的记录信息;哈希值修改信息即是修改后数据信息的目录索引信息的加密信息。The file modification information is the record information of the current user's modification, addition, and deletion of the data information; the hash value modification information is the encrypted information of the directory index information of the modified data information.
在一实施例中,如图5所示,在另一实施例中步骤S105之后还包括步骤S105a。In an embodiment, as shown in FIG. 5, step S105a is further included after step S105 in another embodiment.
S105a、若当前用户的标识信息与登录用户所绑定的标识信息不相同,不对数据信息进行解密,并发出报警提示信息。S105a: If the identification information of the current user is different from the identification information bound by the logged-in user, the data information is not decrypted, and an alarm prompt message is issued.
若当前用户的标识信息与登录用户所绑定的标识信息不相同,表明当前用户不具有访问安全磁盘空间中所存储的数据信息的权限,则不对数据信息进行解密,并通过移动设备发出报警提示信息。具体的,可通过移动设备的扩音器发出语音提示信息。If the identification information of the current user is different from the identification information bound by the logged-in user, it indicates that the current user does not have access to the data information stored in the secure disk space, the data information is not decrypted, and an alarm prompt is issued through the mobile device information. Specifically, the voice prompt information can be sent through the loudspeaker of the mobile device.
在本实施例中,根据秘钥中的信息对当前用户的标识信息进行判断以实现对数据信息的安全管理,能够确保已存储的数据信息的安全,并使具有数据信息访问权限的用户对数据信息进行访问,提高了数据信息存储的安全性。In this embodiment, the identification information of the current user is judged according to the information in the secret key to realize the security management of the data information, which can ensure the security of the stored data information and enable users with data information access rights to the data. Information is accessed to improve the security of data information storage.
在一实施例中,如图6所示,步骤S107之后还包括步骤S108。In an embodiment, as shown in FIG. 6, step S107 is further included after step S107.
S108、若接收到云端服务器发送的用户非首次成功登录云端服务器的信息,根据文件修改信息及哈希值修改信息对云端服务器中与安全磁盘空间中数据信息相对应的数据信息进行更新。S108. If the information from the cloud server that the user successfully logs in to the cloud server is not received for the first time, update the data information corresponding to the data information in the secure disk space in the cloud server according to the file modification information and the hash value modification information.
若接收到云端服务器发送的用户通过移动设备非首次成功登录云端服务器的信息,则获取安全磁盘空间中数据信息的文件修改信息及哈希值修改信息,根据文件修改信息及哈希值修改信息对云端服务器中与安全磁盘空间中数据信息相对应的数据信息进行更新。具体的,根据文件修改信息对云端服务器中与安全磁盘空间中数据信息相对应的数据信息进行修改、添加、删除等操作,根据哈希值修改信息对云端服务器中与安全磁盘空间中数据信息的目录索引信息进行更新。If the information from the cloud server that the user successfully logs in to the cloud server through the mobile device is not received for the first time, the file modification information and hash value modification information of the data information in the secure disk space are obtained. The data information corresponding to the data information in the secure disk space in the cloud server is updated. Specifically, the data information corresponding to the data information in the secure disk space in the cloud server is modified, added, or deleted according to the file modification information, and the data information in the cloud server and the secure disk space is modified according to the hash value modification information. Directory index information is updated.
在本实施例中,用户再次登录云端服务器,则自动根据文件修改信息及哈希值修改信息对云端服务器中与安全磁盘空间中数据信息相对应的数据信息进行更新,也即是通过安全磁盘空间中的数据信息对云端服务器中相对应的数据信息进行同步,能够确保云端服务器中所存储的数据信息的准确性,也能够确保与安全磁盘空间中的数据信息的一致性。In this embodiment, when the user logs in to the cloud server again, the data information corresponding to the data information in the secure disk space in the cloud server is automatically updated according to the file modification information and the hash value modification information, that is, through the secure disk space. The data information in the synchronization of the corresponding data information in the cloud server can ensure the accuracy of the data information stored in the cloud server and also ensure the consistency with the data information in the secure disk space.
通过HTTPS加密传输协议对数据信息进行传输,将数据信息存储至虚拟化的安全磁盘空间,并对已存储的数据信息进行加密。能够避免其他用户对数据信息进行破解和窃取,大幅提高了数据信息离线存储的安全性,降低用户在进行移动办公时的风险。The data information is transmitted through the HTTPS encrypted transmission protocol, the data information is stored in a virtualized secure disk space, and the stored data information is encrypted. It can prevent other users from cracking and stealing data information, greatly improving the security of offline storage of data information, and reducing the risk of users in mobile office.
本申请实施例还提供一种离线数据存储装置,该离线数据存储装置用于执行前述离线数据存储方法的任一实施例。具体地,请参阅图7,图7是本申请实施例提供的离线数据存储装置的示意性框图。离线数据存储装置100可以配置于移动设备10中。An embodiment of the present application further provides an offline data storage device, and the offline data storage device is configured to execute any one of the foregoing offline data storage methods. Specifically, please refer to FIG. 7, which is a schematic block diagram of an offline data storage device according to an embodiment of the present application. The offline data storage device 100 may be configured in the mobile device 10.
如图7所示,离线数据存储装置100包括安全磁盘空间创建单元101、目录索引信息选择单元102、数据传输单元103、存储加密单元104。As shown in FIG. 7, the offline data storage device 100 includes a secure disk space creation unit 101, a directory index information selection unit 102, a data transmission unit 103, and a storage encryption unit 104.
安全磁盘空间创建单元101,用于若接收到云端服务器发送的用户首次成功登录云端服务器的确认信息,在本地磁盘中创建虚拟化的安全磁盘空间。The secure disk space creation unit 101 is configured to create a virtualized secure disk space in a local disk if a confirmation message from a cloud server that the user successfully logs in to the cloud server for the first time is received.
目录索引信息选择单元102,用于接收云端服务器发送的目录索引信息并进行显示以供用户选择,获取用户从所述目录索引信息所包含的目录中选择得到的目录选择信息,并将所获取的目录选择信息发送至云端服务器。The directory index information selection unit 102 is configured to receive the directory index information sent by the cloud server and display it for user selection, obtain directory selection information selected by the user from the directories included in the directory index information, and obtain the acquired directory selection information. The directory selection information is sent to the cloud server.
数据传输单元103,用于通过HTTPS加密传输协议与云端服务器建立数据传输连接,以接收与所述目录选择信息所包含目录内的数据信息。The data transmission unit 103 is configured to establish a data transmission connection with the cloud server through an HTTPS encrypted transmission protocol, so as to receive data information in a directory included in the directory selection information.
存储加密单元104,用于将所接收到的数据信息存储至安全磁盘空间,并根据登录用户所绑定的标识信息及数据信息下载时间戳对已存储的数据信息进行加密。The storage encryption unit 104 is configured to store the received data information in a secure disk space, and encrypt the stored data information according to the identification information and the data information download timestamp bound by the login user.
其他申请实施例中,如图8所示,所述存储加密单元104包括子单元:切片存储单元1041、对称加密单元1042。In other application embodiments, as shown in FIG. 8, the storage encryption unit 104 includes sub-units: a slice storage unit 1041 and a symmetric encryption unit 1042.
切片存储单元1041,用于将所接收到的数据信息进行切片得到切片数据,将所述切片数据存储至安全磁盘空间,根据预设切片副本数量对所述切片数据进行拷贝生成切片副本,并将所述切片副本存储至安全磁盘空间。A slice storage unit 1041 is configured to slice the received data information to obtain slice data, store the slice data in a secure disk space, copy the slice data according to a preset number of slice copies to generate a slice copy, and The slice copy is stored to secure disk space.
对称加密单元1042,用于根据登录用户所绑定的标识信息及所述数据信息下载时间戳对已存储的切片数据及切片副本进行AES对称加密。The symmetric encryption unit 1042 is configured to perform AES symmetric encryption on the stored slice data and the slice copy according to the identification information bound by the logged-in user and the data information download timestamp.
其他申请实施例中,如图9所示,所述离线数据存储装置100还包括解密判断单元105、数据信息解密单元106和修改信息记录单元107。In other application embodiments, as shown in FIG. 9, the offline data storage device 100 further includes a decryption determination unit 105, a data information decryption unit 106, and a modification information recording unit 107.
解密判断单元105,用于若接收到用户对数据信息的访问请求,获取当前用户的帐户信息,判断当前用户的标识信息是否与登录用户所绑定的标识信息相同。The decryption judging unit 105 is configured to obtain the account information of the current user if a user's access request for data information is received, and determine whether the identification information of the current user is the same as the identification information bound by the logged-in user.
数据信息解密单元106,用于若当前用户的标识信息与登录用户所绑定的标识信息相同,对用户请求访问的数据信息进行解密。修改信息记录单元107,用于若接收到对已解密的数据信息进行修改的信息,记录该数据信息的文件修改信息及哈希值修改信息。The data information decryption unit 106 is configured to decrypt the data information requested by the user if the identification information of the current user is the same as the identification information bound by the logged-in user. The modification information recording unit 107 is configured to record the file modification information and the hash value modification information of the decrypted data information if the modification information of the decrypted data information is received.
其他申请实施例中,如图10所示,在另一实施例中,所述离线数据存储装置100还包括报警提示单元105a。In other application embodiments, as shown in FIG. 10, in another embodiment, the offline data storage device 100 further includes an alarm prompting unit 105 a.
报警提示单元105a,用于若当前用户的标识信息与登录用户所绑定的标识信息不相同,不对数据信息进行解密,并发出报警提示信息。The alarm prompting unit 105a is configured to: if the identification information of the current user is different from the identification information bound by the logged-in user, the data information is not decrypted, and an alarm prompting message is issued.
其他申请实施例中,如图11所示,在另一实施例中所述离线数据存储装置100还包括数据信息更新单元108。In other application embodiments, as shown in FIG. 11, in another embodiment, the offline data storage device 100 further includes a data information update unit 108.
数据信息更新单元108,用于若接收到云端服务器发送的用户非首次成功登录云端服务器的信息,根据文件修改信息及哈希值修改信息对云端服务器中与安全磁盘空间中数据信息相对应的数据信息进行更新。A data information updating unit 108 is configured to receive data corresponding to the data information in the cloud server and the secure disk space according to the file modification information and the hash value modification information if the information from the cloud server that the user has not successfully logged in to the cloud server is received for the first time. Information is updated.
上述离线数据存储装置可以实现为计算机程序的形式,该计算机程序可以在如图12所示的计算机设备上运行。请参阅图12,图12是本申请实施例提供的计算机设备的示意性框图。该计算机设备500设备可以是终端。该终端可以是平板电脑、笔记本电脑、个人数字助理等电子设备。The above-mentioned offline data storage device can be implemented in the form of a computer program, which can be run on a computer device as shown in FIG. 12. Please refer to FIG. 12, which is a schematic block diagram of a computer device according to an embodiment of the present application. The computer device 500 may be a terminal. The terminal may be an electronic device such as a tablet computer, a notebook computer, a personal digital assistant.
参阅图12,该计算机设备500包括通过系统总线501连接的处理器502、存储器和网络接口505,其中,存储器可以包括非易失性存储介质503和内存储器504。该非易失性存储介质503可存储操作系统5031和计算机程序5032。该计算机程序5032被执行时,可使得处理器502执行离线数据存储方法。该处理器502用于提供计算和控制能力,支撑整个计算机设备500的运行。该内存储器504为非易失性存储介质503中的计算机程序5032的运行提供环境,该计算 机程序5032被处理器502执行时,可使得处理器502执行离线数据存储方法。该网络接口505用于进行网络通信,如进行数据信息的传输等。本领域技术人员可以理解,图12中示出的结构,仅仅是与本申请方案相关的部分结构的框图,并不构成对本申请方案所应用于其上的计算机设备500的限定,具体的计算机设备500可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。Referring to FIG. 12, the computer device 500 includes a processor 502, a memory, and a network interface 505 connected through a system bus 501. The memory may include a non-volatile storage medium 503 and an internal memory 504. The non-volatile storage medium 503 can store an operating system 5031 and a computer program 5032. When the computer program 5032 is executed, the processor 502 can execute the offline data storage method. The processor 502 is used to provide computing and control capabilities to support the operation of the entire computer device 500. The internal memory 504 provides an environment for running the computer program 5032 in the non-volatile storage medium 503. When the computer program 5032 is executed by the processor 502, the processor 502 can execute the offline data storage method. The network interface 505 is used for network communication, such as transmitting data information. Those skilled in the art can understand that the structure shown in FIG. 12 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation on the computer equipment 500 to which the solution of the present application is applied. 500 may include more or fewer components than shown in the figure, or combine certain components, or have a different component arrangement.
其中,所述处理器502用于运行存储在存储器中的计算机程序5032,以实现本申请实施例的离线数据存储方法。The processor 502 is configured to run a computer program 5032 stored in a memory to implement the offline data storage method in the embodiment of the present application.
本领域技术人员可以理解,图12中示出的计算机设备的实施例并不构成对计算机设备具体构成的限定,在其他实施例中,计算机设备可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。例如,在一些实施例中,计算机设备可以仅包括存储器及处理器,在这样的实施例中,存储器及处理器的结构及功能与图12所示实施例一致,在此不再赘述。Those skilled in the art can understand that the embodiment of the computer device shown in FIG. 12 does not constitute a limitation on the specific configuration of the computer device. In other embodiments, the computer device may include more or fewer components than shown in the figure. Either some parts are combined or different parts are arranged. For example, in some embodiments, the computer device may include only a memory and a processor. In such an embodiment, the structure and function of the memory and the processor are the same as those in the embodiment shown in FIG. 12, and details are not described herein again.
应当理解,在本申请实施例中,处理器502可以是中央处理单元(Central Processing Unit,CPU),该处理器502还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。其中,通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。It should be understood that, in the embodiment of the present application, the processor 502 may be a central processing unit (CPU), and the processor 502 may also be another general-purpose processor, digital signal processor (Digital Signal Processor, DSP), Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor may be a microprocessor, or the processor may be any conventional processor.
在本申请的另一实施例中提供一种存储介质。该存储介质可以为非易失性的计算机可读存储介质。该存储介质存储有计算机程序,其中计算机程序被处理器执行时实现本申请实施例的离线数据存储方法。In another embodiment of the present application, a storage medium is provided. The storage medium may be a non-transitory computer-readable storage medium. The storage medium stores a computer program, and the computer program implements the offline data storage method in the embodiment of the present application when the computer program is executed by the processor.
所述存储介质可以是前述设备的内部存储单元,例如设备的硬盘或内存。所述存储介质也可以是所述设备的外部存储设备,例如所述设备上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,所述存储介质还可以既包括所述设备的内部存储单元也包括外部存储设备。The storage medium may be an internal storage unit of the foregoing device, such as a hard disk or a memory of the device. The storage medium may also be an external storage device of the device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) card, and a flash memory card provided on the device. (Flash Card), etc. Further, the storage medium may further include both an internal storage unit of the device and an external storage device.
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,上述描述的设备、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and brevity of the description, for the specific working processes of the devices, devices, and units described above, reference may be made to the corresponding processes in the foregoing method embodiments, and details are not described herein again.
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到各种等效的修改或替换,这些修改或替换都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以权利要求的保护范围为准。The above description is only the specific implementation of this application, but the scope of protection of this application is not limited to this. Any person skilled in the art can easily think of various equivalents Modifications or replacements should be covered by the protection scope of this application. Therefore, the protection scope of this application shall be subject to the protection scope of the claims.

Claims (20)

  1. 一种离线数据存储方法,包括:An offline data storage method includes:
    若接收到云端服务器发送的用户首次成功登录云端服务器的确认信息,在本地磁盘中创建虚拟化的安全磁盘空间;If a confirmation message from the cloud server that the user successfully logs in to the cloud server is received for the first time, a virtualized secure disk space is created in the local disk;
    接收云端服务器发送的目录索引信息并进行显示以供用户选择,获取用户从所述目录索引信息所包含的目录中选择得到的目录选择信息,并将所获取的目录选择信息发送至云端服务器;Receiving the directory index information sent by the cloud server and displaying it for user selection, obtaining the directory selection information selected by the user from the directories included in the directory index information, and sending the acquired directory selection information to the cloud server;
    通过HTTPS加密传输协议与云端服务器建立数据传输连接,以接收与所述目录选择信息所包含目录内的数据信息;Establishing a data transmission connection with a cloud server through an HTTPS encrypted transmission protocol to receive data information in a directory included in the directory selection information;
    将所接收到的数据信息存储至安全磁盘空间,并根据登录用户所绑定的标识信息及数据信息下载时间戳对已存储的数据信息进行加密。The received data information is stored in a secure disk space, and the stored data information is encrypted according to the identification information and the data information download timestamp bound by the logged-in user.
  2. 根据权利要求1所述的离线数据存储方法,其中,所述将所接收到的数据信息存储至安全磁盘空间,并根据登录用户所绑定的标识信息及数据信息下载时间戳对已存储的数据信息进行加密,包括:The offline data storage method according to claim 1, wherein the stored data information is stored in a secure disk space, and the stored data is downloaded based on the identification information and data information binding timestamps bound by the logged-in user Information is encrypted, including:
    将所接收到的数据信息进行切片得到切片数据,将所述切片数据存储至安全磁盘空间,根据预设切片副本数量对所述切片数据进行拷贝生成切片副本,并将所述切片副本存储至安全磁盘空间;Slice the received data information to obtain slice data, store the slice data in a secure disk space, copy the slice data according to a preset number of slice copies to generate a slice copy, and store the slice copy in a secure disk space;
    根据登录用户所绑定的标识信息及所述数据信息下载时间戳对已存储的切片数据及切片副本进行AES对称加密。AES symmetric encryption is performed on the stored slice data and slice copies according to the identification information bound by the logged-in user and the data information download timestamp.
  3. 根据权利要求1所述的离线数据存储方法,其中,所述根据登录用户所绑定的标识信息及数据信息下载时间戳对已存储的数据信息进行加密之后,还包括:The offline data storage method according to claim 1, wherein after encrypting the stored data information according to the identification information and the data information download timestamp bound by the logged-in user, further comprising:
    若接收到用户对数据信息的访问请求,获取当前用户的帐户信息,判断当前用户的标识信息是否与登录用户所绑定的标识信息相同;If a user's access request for data information is received, obtain the account information of the current user, and determine whether the identification information of the current user is the same as the identification information bound by the logged-in user;
    若当前用户的标识信息与登录用户所绑定的标识信息相同,对用户请求访问的数据信息进行解密;If the identification information of the current user is the same as the identification information bound by the logged-in user, decrypt the data information requested by the user;
    若接收到对已解密的数据信息进行修改的信息,记录该数据信息的文件修改信息及哈希值修改信息。If the modification information of the decrypted data information is received, the file modification information and the hash value modification information of the data information are recorded.
  4. 根据权利要求3所述的离线数据存储方法,其中,所述判断当前用户的 标识信息是否与登录用户所绑定的标识信息相同之后,还包括:The offline data storage method according to claim 3, wherein after determining whether the identification information of the current user is the same as the identification information bound by the login user, further comprising:
    若当前用户的标识信息与登录用户所绑定的标识信息不相同,不对数据信息进行解密,并发出报警提示信息。If the identification information of the current user is different from the identification information bound by the logged-in user, the data information is not decrypted, and an alarm prompt message is issued.
  5. 根据权利要求3所述的离线数据存储方法,其中,所述记录该数据信息的文件修改信息及哈希值修改信息之后,还包括:The offline data storage method according to claim 3, wherein after the file modification information and hash value modification information of the recorded data information, further comprising:
    若接收到云端服务器发送的用户非首次成功登录云端服务器的信息,根据文件修改信息及哈希值修改信息对云端服务器中与安全磁盘空间中数据信息相对应的数据信息进行更新。If the information from the cloud server that the user successfully logs in to the cloud server is not received for the first time, the data information corresponding to the data information in the secure disk space in the cloud server is updated according to the file modification information and the hash value modification information.
  6. 一种离线数据存储装置,包括:An offline data storage device includes:
    安全磁盘空间创建单元,用于若接收到云端服务器发送的用户首次成功登录云端服务器的确认信息,在本地磁盘中创建虚拟化的安全磁盘空间;A secure disk space creation unit is used to create a virtualized secure disk space in a local disk if a confirmation message from a cloud server that the user successfully logs in to the cloud server for the first time is received;
    目录索引信息选择单元,用于接收云端服务器发送的目录索引信息并进行显示以供用户选择,获取用户从所述目录索引信息所包含的目录中选择得到的目录选择信息,并将所获取的目录选择信息发送至云端服务器;Directory index information selection unit, configured to receive directory index information sent by the cloud server and display it for user selection, obtain directory selection information selected by the user from directories included in the directory index information, and obtain the acquired directory Select information to send to the cloud server;
    数据传输单元,用于通过HTTPS加密传输协议与云端服务器建立数据传输连接,以接收与所述目录选择信息所包含目录内的数据信息;A data transmission unit, configured to establish a data transmission connection with a cloud server through an HTTPS encrypted transmission protocol to receive data information in a directory included in the directory selection information;
    存储加密单元,用于将所接收到的数据信息存储至安全磁盘空间,并根据登录用户所绑定的标识信息及数据信息下载时间戳对已存储的数据信息进行加密。The storage encryption unit is configured to store the received data information in a secure disk space, and encrypt the stored data information according to the identification information and the data information download timestamp bound by the logged-in user.
  7. 根据权利要求6所述的离线数据存储装置,其中,所述存储加密单元,包括:The offline data storage device according to claim 6, wherein the storage encryption unit comprises:
    切片存储单元,用于将所接收到的数据信息进行切片得到切片数据,将所述切片数据存储至安全磁盘空间,根据预设切片副本数量对所述切片数据进行拷贝生成切片副本,并将所述切片副本存储至安全磁盘空间;A slice storage unit is configured to slice the received data information to obtain slice data, store the slice data in a secure disk space, copy the slice data according to a preset number of slice copies to generate a slice copy, and save the slice copy. The slice copy is stored in secure disk space;
    对称加密单元,用于根据登录用户所绑定的标识信息及所述数据信息下载时间戳对已存储的切片数据及切片副本进行AES对称加密。The symmetric encryption unit is configured to perform AES symmetric encryption on the stored slice data and the slice copy according to the identification information bound by the logged-in user and the data information download timestamp.
  8. 根据权利要求6所述的离线数据存储装置,其中,所述离线数据存储装置,还包括:The offline data storage device according to claim 6, wherein the offline data storage device further comprises:
    解密判断单元,用于若接收到用户对数据信息的访问请求,获取当前用户的帐户信息,判断当前用户的标识信息是否与登录用户所绑定的标识信息相同。The decryption judging unit is configured to obtain the account information of the current user if a user's access request for data information is received, and determine whether the identification information of the current user is the same as the identification information bound by the logged-in user.
    数据信息解密单元,用于若当前用户的标识信息与登录用户所绑定的标识信息相同,对用户请求访问的数据信息进行解密;A data information decryption unit, configured to decrypt the data information requested by the user if the identification information of the current user is the same as the identification information bound by the logged-in user;
    修改信息记录单元,若接收到对已解密的数据信息进行修改的信息,记录该数据信息的文件修改信息及哈希值修改信息。The modification information recording unit, if receiving information for modifying the decrypted data information, records the file modification information and hash value modification information of the data information.
  9. 根据权利要求8所述的离线数据存储装置,其中,还包括:The offline data storage device according to claim 8, further comprising:
    报警提示单元,用于若当前用户的标识信息与登录用户所绑定的标识信息不相同,不对数据信息进行解密,并发出报警提示信息。An alarm prompting unit is configured to: if the identification information of the current user is different from the identification information bound by the logged-in user, the data information is not decrypted, and an alarm prompting message is issued.
  10. 根据权利要求8所述的离线数据存储装置,其中,还包括:The offline data storage device according to claim 8, further comprising:
    数据信息更新单元,用于若接收到云端服务器发送的用户非首次成功登录云端服务器的信息,根据文件修改信息及哈希值修改信息对云端服务器中与安全磁盘空间中数据信息相对应的数据信息进行更新。A data information updating unit is configured to receive data information corresponding to data information in the cloud server and the secure disk space according to the file modification information and the hash value modification information if the information from the cloud server that the user has not successfully logged in to the cloud server is received for the first time. Update.
  11. 一种计算机设备,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,其中,所述处理器执行所述计算机程序时实现以下步骤:A computer device includes a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein when the processor executes the computer program, the following steps are implemented:
    若接收到云端服务器发送的用户首次成功登录云端服务器的确认信息,在本地磁盘中创建虚拟化的安全磁盘空间;If a confirmation message from the cloud server that the user successfully logs in to the cloud server is received for the first time, a virtualized secure disk space is created in the local disk;
    接收云端服务器发送的目录索引信息并进行显示以供用户选择,获取用户从所述目录索引信息所包含的目录中选择得到的目录选择信息,并将所获取的目录选择信息发送至云端服务器;Receiving the directory index information sent by the cloud server and displaying it for user selection, obtaining the directory selection information selected by the user from the directories included in the directory index information, and sending the acquired directory selection information to the cloud server;
    通过HTTPS加密传输协议与云端服务器建立数据传输连接,以接收与所述目录选择信息所包含目录内的数据信息;Establishing a data transmission connection with a cloud server through an HTTPS encrypted transmission protocol to receive data information in a directory included in the directory selection information;
    将所接收到的数据信息存储至安全磁盘空间,并根据登录用户所绑定的标识信息及数据信息下载时间戳对已存储的数据信息进行加密。The received data information is stored in a secure disk space, and the stored data information is encrypted according to the identification information and the data information download timestamp bound by the logged-in user.
  12. 根据权利要求11所述的计算机设备,其中,所述将所接收到的数据信息存储至安全磁盘空间,并根据登录用户所绑定的标识信息及数据信息下载时间戳对已存储的数据信息进行加密,包括:The computer device according to claim 11, wherein the stored data information is stored in a secure disk space, and the stored data information is performed according to the identification information and the data information download timestamp bound by the logged-in user. Encryption, including:
    将所接收到的数据信息进行切片得到切片数据,将所述切片数据存储至安全磁盘空间,根据预设切片副本数量对所述切片数据进行拷贝生成切片副本,并将所述切片副本存储至安全磁盘空间;Slice the received data information to obtain slice data, store the slice data in a secure disk space, copy the slice data according to a preset number of slice copies to generate a slice copy, and store the slice copy in a secure disk space;
    根据登录用户所绑定的标识信息及所述数据信息下载时间戳对已存储的切 片数据及切片副本进行AES对称加密。AES symmetrical encryption is performed on the stored slice data and slice copies according to the identification information bound by the logged-in user and the data information download timestamp.
  13. 根据权利要求11所述的计算机设备,其中,所述根据登录用户所绑定的标识信息及数据信息下载时间戳对已存储的数据信息进行加密之后,还包括:The computer device according to claim 11, wherein after encrypting the stored data information according to the identification information and data information download timestamp bound by the logged-in user, further comprising:
    若接收到用户对数据信息的访问请求,获取当前用户的帐户信息,判断当前用户的标识信息是否与登录用户所绑定的标识信息相同;If a user's access request for data information is received, obtain the account information of the current user, and determine whether the identification information of the current user is the same as the identification information bound by the logged-in user;
    若当前用户的标识信息与登录用户所绑定的标识信息相同,对用户请求访问的数据信息进行解密;If the identification information of the current user is the same as the identification information bound by the logged-in user, decrypt the data information requested by the user;
    若接收到对已解密的数据信息进行修改的信息,记录该数据信息的文件修改信息及哈希值修改信息。If the modification information of the decrypted data information is received, the file modification information and the hash value modification information of the data information are recorded.
  14. 根据权利要求13所述的计算机设备,其中,所述判断当前用户的标识信息是否与登录用户所绑定的标识信息相同之后,还包括:The computer device according to claim 13, wherein after determining whether the identification information of the current user is the same as the identification information bound by the logged-in user, further comprising:
    若当前用户的标识信息与登录用户所绑定的标识信息不相同,不对数据信息进行解密,并发出报警提示信息。If the identification information of the current user is different from the identification information bound by the logged-in user, the data information is not decrypted, and an alarm prompt message is issued.
  15. 根据权利要求13所述的计算机设备,其中,所述记录该数据信息的文件修改信息及哈希值修改信息之后,还包括:The computer device according to claim 13, wherein after the file modification information and the hash value modification information that record the data information, further comprising:
    若接收到云端服务器发送的用户非首次成功登录云端服务器的信息,根据文件修改信息及哈希值修改信息对云端服务器中与安全磁盘空间中数据信息相对应的数据信息进行更新。If the information from the cloud server that the user successfully logs in to the cloud server is not received for the first time, the data information corresponding to the data information in the secure disk space in the cloud server is updated according to the file modification information and the hash value modification information.
  16. 一种存储介质,其中,所述存储介质存储有计算机程序,所述计算机程序当被处理器执行时使所述处理器执行以下操作:A storage medium, wherein the storage medium stores a computer program that, when executed by a processor, causes the processor to perform the following operations:
    若接收到云端服务器发送的用户首次成功登录云端服务器的确认信息,在本地磁盘中创建虚拟化的安全磁盘空间;If a confirmation message from the cloud server that the user successfully logs in to the cloud server is received for the first time, a virtualized secure disk space is created in the local disk;
    接收云端服务器发送的目录索引信息并进行显示以供用户选择,获取用户从所述目录索引信息所包含的目录中选择得到的目录选择信息,并将所获取的目录选择信息发送至云端服务器;Receiving the directory index information sent by the cloud server and displaying it for user selection, obtaining the directory selection information selected by the user from the directories included in the directory index information, and sending the acquired directory selection information to the cloud server;
    通过HTTPS加密传输协议与云端服务器建立数据传输连接,以接收与所述目录选择信息所包含目录内的数据信息;Establishing a data transmission connection with a cloud server through an HTTPS encrypted transmission protocol to receive data information in a directory included in the directory selection information;
    将所接收到的数据信息存储至安全磁盘空间,并根据登录用户所绑定的标识信息及数据信息下载时间戳对已存储的数据信息进行加密。The received data information is stored in a secure disk space, and the stored data information is encrypted according to the identification information and the data information download timestamp bound by the logged-in user.
  17. 根据权利要求16所述的存储介质,其中,所述将所接收到的数据信息存 储至安全磁盘空间,并根据登录用户所绑定的标识信息及数据信息下载时间戳对已存储的数据信息进行加密,包括:The storage medium according to claim 16, wherein the stored data information is stored in a secure disk space, and the stored data information is processed according to the identification information and the data information download timestamp bound by the logged-in user. Encryption, including:
    将所接收到的数据信息进行切片得到切片数据,将所述切片数据存储至安全磁盘空间,根据预设切片副本数量对所述切片数据进行拷贝生成切片副本,并将所述切片副本存储至安全磁盘空间;Slice the received data information to obtain slice data, store the slice data in a secure disk space, copy the slice data according to a preset number of slice copies to generate a slice copy, and store the slice copy in a secure disk space;
    根据登录用户所绑定的标识信息及所述数据信息下载时间戳对已存储的切片数据及切片副本进行AES对称加密。AES symmetric encryption is performed on the stored slice data and slice copies according to the identification information bound by the logged-in user and the data information download timestamp.
  18. 根据权利要求16所述的存储介质,其中,所述根据登录用户所绑定的标识信息及数据信息下载时间戳对已存储的数据信息进行加密之后,还包括:The storage medium according to claim 16, wherein after encrypting the stored data information according to the identification information and data information download timestamp bound by the logged-in user, further comprising:
    若接收到用户对数据信息的访问请求,获取当前用户的帐户信息,判断当前用户的标识信息是否与登录用户所绑定的标识信息相同;If a user's access request for data information is received, obtain the account information of the current user, and determine whether the identification information of the current user is the same as the identification information bound by the logged-in user;
    若当前用户的标识信息与登录用户所绑定的标识信息相同,对用户请求访问的数据信息进行解密;If the identification information of the current user is the same as the identification information bound by the logged-in user, decrypt the data information requested by the user;
    若接收到对已解密的数据信息进行修改的信息,记录该数据信息的文件修改信息及哈希值修改信息。If the modification information of the decrypted data information is received, the file modification information and the hash value modification information of the data information are recorded.
  19. 根据权利要求18所述的存储介质,其中,所述判断当前用户的标识信息是否与登录用户所绑定的标识信息相同之后,还包括:The storage medium according to claim 18, wherein after determining whether the identification information of the current user is the same as the identification information bound by the login user, further comprising:
    若当前用户的标识信息与登录用户所绑定的标识信息不相同,不对数据信息进行解密,并发出报警提示信息。If the identification information of the current user is different from the identification information bound by the logged-in user, the data information is not decrypted, and an alarm prompt message is issued.
  20. 根据权利要求18所述的存储介质,其中,所述记录该数据信息的文件修改信息及哈希值修改信息之后,还包括:The storage medium according to claim 18, wherein after the file modification information and hash value modification information recording the data information, further comprising:
    若接收到云端服务器发送的用户非首次成功登录云端服务器的信息,根据文件修改信息及哈希值修改信息对云端服务器中与安全磁盘空间中数据信息相对应的数据信息进行更新。If the information from the cloud server that the user successfully logs in to the cloud server is not received for the first time, the data information corresponding to the data information in the secure disk space in the cloud server is updated according to the file modification information and the hash value modification information.
PCT/CN2018/109559 2018-06-29 2018-10-10 Off-line data storage method and apparatus, computer device and storage medium WO2020000765A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810700551.7A CN108900510A (en) 2018-06-29 2018-06-29 Off-line data storage method, device, computer equipment and storage medium
CN201810700551.7 2018-06-29

Publications (1)

Publication Number Publication Date
WO2020000765A1 true WO2020000765A1 (en) 2020-01-02

Family

ID=64347454

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/109559 WO2020000765A1 (en) 2018-06-29 2018-10-10 Off-line data storage method and apparatus, computer device and storage medium

Country Status (2)

Country Link
CN (1) CN108900510A (en)
WO (1) WO2020000765A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11010486B2 (en) 2018-12-18 2021-05-18 Citrix Systems, Inc. Secure offline streaming of content
CN109451064B (en) * 2018-12-26 2021-08-17 深圳左邻永佳科技有限公司 Off-line implementation method and device of web application, computer equipment and storage medium
CN113656360B (en) * 2021-07-20 2024-02-06 北京达佳互联信息技术有限公司 File storage method, device, system, electronic equipment, storage medium and product

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102882923A (en) * 2012-07-25 2013-01-16 北京亿赛通科技发展有限责任公司 Secure storage system and method for mobile terminal
CN104935606A (en) * 2015-07-07 2015-09-23 成都睿峰科技有限公司 Terminal login method in cloud computing network
US20160006708A1 (en) * 2013-02-21 2016-01-07 Ns Solutions Corporation Information processing apparatus and mobile terminal device
CN106254442A (en) * 2016-07-29 2016-12-21 北京北信源软件股份有限公司 A kind of cloud disk data transmission method based on virtual encryption disk and device
CN107665312A (en) * 2016-07-28 2018-02-06 深圳市祈飞科技有限公司 Data guard method, client and system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8307177B2 (en) * 2008-09-05 2012-11-06 Commvault Systems, Inc. Systems and methods for management of virtualization data
CN102394894B (en) * 2011-11-28 2014-01-15 武汉大学 Network virtual disk file safety management method based on cloud computing
CN104503708B (en) * 2014-12-29 2018-05-22 成都极驰科技有限公司 The method and device of data hash storage
CN106817388B (en) * 2015-11-30 2020-07-28 阿里巴巴集团控股有限公司 Method and device for acquiring data by virtual machine and host machine and system for accessing data
CN106453384B (en) * 2016-11-09 2023-05-16 鹤荣育 Secure cloud disk system and secure encryption method thereof
CN107896220A (en) * 2017-11-30 2018-04-10 成都航天科工大数据研究院有限公司 A kind of cloud platform tenant management method based on multi-tenant and the industrial Internet of Things cloud platform for realizing this method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102882923A (en) * 2012-07-25 2013-01-16 北京亿赛通科技发展有限责任公司 Secure storage system and method for mobile terminal
US20160006708A1 (en) * 2013-02-21 2016-01-07 Ns Solutions Corporation Information processing apparatus and mobile terminal device
CN104935606A (en) * 2015-07-07 2015-09-23 成都睿峰科技有限公司 Terminal login method in cloud computing network
CN107665312A (en) * 2016-07-28 2018-02-06 深圳市祈飞科技有限公司 Data guard method, client and system
CN106254442A (en) * 2016-07-29 2016-12-21 北京北信源软件股份有限公司 A kind of cloud disk data transmission method based on virtual encryption disk and device

Also Published As

Publication number Publication date
CN108900510A (en) 2018-11-27

Similar Documents

Publication Publication Date Title
US11647007B2 (en) Systems and methods for smartkey information management
US10545884B1 (en) Access files
US9805210B2 (en) Encryption-based data access management
US9639711B2 (en) Systems and methods for data verification and replay prevention
US8621036B1 (en) Secure file access using a file access server
US10255446B2 (en) Clipboard management
US20140157354A1 (en) Securing Access to Resources on a Network
US10503920B2 (en) Methods and systems for management of data stored in discrete data containers
WO2020000765A1 (en) Off-line data storage method and apparatus, computer device and storage medium
US10726104B2 (en) Secure document management
KR20160146623A (en) A Method for securing contents in mobile environment, Recording medium for storing the method, and Security sytem for mobile terminal
JP6778033B2 (en) Take-out file simple encryption system and take-out file simple encryption program
US20160063264A1 (en) Method for securing a plurality of contents in mobile environment, and a security file using the same
US20230205908A1 (en) Protected storage for decryption data
CN116506224B (en) File uploading method and device, computer equipment and storage medium
US20240048380A1 (en) Cryptography-as-a-Service
KR20190076531A (en) Cloud storage encryption system
US20240048532A1 (en) Data exchange protection and governance system
US20240048361A1 (en) Key Management for Cryptography-as-a-service and Data Governance Systems
KR101703847B1 (en) A Method for securing contents in mobile environment, Recording medium for storing the method, and Security sytem for mobile terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18924937

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18924937

Country of ref document: EP

Kind code of ref document: A1