CN103595730A - Ciphertext cloud storage method and system - Google Patents
Ciphertext cloud storage method and system Download PDFInfo
- Publication number
- CN103595730A CN103595730A CN201310626060.XA CN201310626060A CN103595730A CN 103595730 A CN103595730 A CN 103595730A CN 201310626060 A CN201310626060 A CN 201310626060A CN 103595730 A CN103595730 A CN 103595730A
- Authority
- CN
- China
- Prior art keywords
- data
- ciphertext
- user
- encryption
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a ciphertext cloud storage method and system. In the ciphertext cloud storage method system composed of at least one client terminal and a cloud terminal server, the ciphertext cloud storage method comprises the steps that (1) a user adopts a ciphertext and/or a plaintext to conduct data synchronism on the client terminal in the process of data storage and selects an encryption algorithm for the ciphertext; (2) authentication parameters provided based on the identity of the user is used for generating a master key, synchronous data of the ciphertext are encrypted on the client terminal through two-level keys comprising the master key and an encryption and decryption key, and the master key is backed up; (3) the ciphertext and a ciphertext index are synchronized on the client terminal and a cloud terminal, or a plaintext index is established after synchronous data of the plaintext are synchronized on the cloud terminal and the client terminal; (4) the plaintext and/or ciphertext is/are stored in a local private cloud storage server or in a storage server of a cloud storage provider according to a mount point requested by the user. By the adoption of the ciphertext cloud storage method and system, the data cannot be lost when the terminal is lost, if protection is inappropriate, only the ciphertext form of a file is damaged, and the ciphertext cloud storage system can dock with multiple cloud server providers.
Description
Technical field
The present invention relates to information security field, specifically, relate to the method and system of realizing ciphering user data storage and bright cryptogram search under a kind of cloud storage environment.
Background technology
Along with the appearance of smart mobile phone, network access equipment is diversification day by day.The intelligent terminal of these access networks often also possesses certain data acquisition, Storage and Processing ability.From user's visual angle, have a plurality of intellectual computing devices (as PC, notebook, smart mobile phone, panel computer etc.) has become normality simultaneously, how between a plurality of heterogeneous terminals, to safeguard the demand that a unified user file view necessitates.
Meanwhile, the data that realize on heterogeneous platform for user of day by day popularizing of cloud computing synchronously provide a solution.Cloud computing is a kind of novel computation model, it can be by resource managements such as network, storage, application and service within a configurable shared resource pond, and these resources are offered to user with the form of service, user can be easily from resource pool Gains resources and maintenance and management infrastructure voluntarily.For example: Baidu's cloud dish provides the free online memory space of 1T for user, and user can be uploaded to high in the clouds by the data file of oneself, and in other terminal, obtains the copy of these files.The cloud service of Amazon provides memory space and computing capability simultaneously, and user only needs to pay very low expense can obtain a large amount of calculating and storage resources.
These cloud computing schemes have solved the demand of user ID file to a certain extent, but aspect fail safe, exist significant defect.Due to cloud mode, data owner no longer safeguards the carrier of storage data, and which cloud service user no matter select provide commercial city to trust completely it.But in reality, user's data, are especially used data that intelligent terminal gathers (such as individual photo, communications records etc.) often relevant to privacy, and user does not wish it to entrust to completely stores service business.Lack active data security protection means and become one of most important reason hindering cloud service popularization.The main challenge that existing technical scheme faces comprises:
1) risk of lost terminal.Data are lost with the loss of terminal, even if adopted cloud synchronization scenario, the data that are present in terminal with plaintext form also can produce the risk of divulging a secret.
2) risk of cloud service provider abuse authority.Cloud service provider spies upon and analyzes user data based on commercial object.Such as the analysis engine that the companies such as Google and Baidu generally adopt, may relate to user's the privacy informations such as use habit.
3) cloud service provider protects risk improperly.Cloud service provider does not provide enough security protections, starts a leak or suffer assault in management, and the user data causing leaks.For example: the leakage of a state or party secret that Google DOC occurs, user has seen not one's own data.
4) risk that cloud service provider closes down.Once cloud service provider closes down, whether user can fetch exists the data that are placed on high in the clouds will become a major issue.Yahoo has closed mail service in 2013, if this type of event appears at it cloud service provider, Similar Problems also can highlight.
Published application for a patent for invention; publication number: CN102428686 is for the system and method for the data of safeguard protection cloud, provides a kind of safety can integrated data to store in cloud computing resources and transmitted the secure data parser in any appropriate system of data with cloud computing resources.Then this secure data parser resolution data is a plurality of parts of separate, stored or transmission by this Data Segmentation.In order to increase fail safe, can utilize the part of initial data, data or the encryption of these two.The method mainly provides safe storage and transmission security.The detailed strategy of key management is not provided, and single key does not have secondary key to guarantee data security.Can not retrieve ciphertext, the file operation flow process of client is not provided.Can not effectively solve and the docking of third party cloud storage server.
Published application for a patent for invention, application number: 201010595149.0 1 kinds of document retrieval method and systems towards the storage of ciphertext cloud, the method be take cloud computing as background, use index terms, original generating ciphertext index file and the ciphertext of the symmetric key difference encrypted indexes file of client generation, user's master key encrypted symmetric key generates key ciphertext, is stored in high in the clouds.Wherein, server end is preserved a concordance list, for storing user by the resulting ciphertext of attribute metamessage of its index document that secret key encryption is uploaded; When retrieval, client first obtains the ciphertext of user index key from server end, then utilize user's master key to be decrypted, then with the index key obtaining, attribute metamessage is encrypted and attribute metamessage ciphertext is sent to server end, server end utilizes this attribute metamessage ciphertext to retrieve concordance list, thereby is met the paper trail of condition and returns to client.The method does not provide inquiry expressly, insufficiency; Do not provide to third party cloud provider to connection function, cost is high; Key management functions is weak, can not upgrade user's key, and do not provide client key storage, obtain, upgrade, a series of solutions such as backup; Synchronizing function and the synchronization policy of client are not provided, and user file can only once add Miyun storage, and the file operation flow process based on transparent encryption and decryption functions of client is not provided; And there is leak in the fail safe of this scheme, due to index terms and original text are used to same encryption key, and index terms is all through the simple keyword after participle, according to the cryptanalysis of frequency, can decode it, obtain symmetric key, thereby can obtain the information of original text.
Summary of the invention
For the problems referred to above, the object of the invention is to propose a kind of ciphertext cloud storage means and system, for user provides comparatively complete data security preventive means.This method can promote user's data security protection and secret protection ability effectively.Can give up the misgivings that user selects cloud scheme, for promoting the development of cloud computing, increase information system service efficiency, promote energy-saving and emission-reduction all tool be of great significance.
To achieve these goals, technical scheme of the present invention is: a kind of ciphertext cloud storage means, and in client, set up and be synchronously connected with high in the clouds, the steps include:
1) it is synchronous that in the data that user deposits in client, selection employing ciphertext and/or plaintext carry out data, and described ciphertext is selected to cryptographic algorithm;
2) use the parameters for authentication providing based on user identity to generate master key, and obtain the preset encryption and decryption key of ciphertext or generate corresponding ciphertext encryption and decryption key according to described master key, at the two-stage key of described customer end adopted master key+encryption and decryption key, the synchronous data of ciphertext are encrypted and set up ciphertext index and this master key is backed up;
3) in the synchronous described ciphertext of described client and high in the clouds and ciphertext index ciphertext index and the ciphertext synchronous data of deletion in client; Or after described high in the clouds and the synchronous described plaintext synchrodata of client, in described high in the clouds, set up expressly index; And realize transparent to user of encryption and decryption process:
4) described plaintext and/or ciphertext are stored in to local privately owned cloud storage server or according to the mount point of user's request, are stored in the storage server of cloud storage provider.
Further, the method for synchronous described plaintext comprises uploading, download or deleting of data, by following method, realizes the expressly synchronous and renewal of synchrodata to user:
1) while starting, load data monitoring service, and the data list generation reading according to local data base or service data watch-list;
2), according to the data monitoring list of obtaining, data-driven file-name field and the data path field on server produces the mapping one by one of data and list, and the data in watch-list are associated with local data; If automatic synchronization, data monitoring device is monitored the state of local data, if data mode comprises the up-to-date time that attribute is synchronous, the data modification time, data cryptographic Hash changes, the synchronous event of trigger data; If manually set out simultaneous operation, the direct synchronous event of trigger data;
3) described data monitoring device obtains simultaneous operation, check whether client terminal local data exist, if described local data exists, whether the metadata information that detects local attribute is identical with cloud storage server, the metadata information of described local attribute comprises the data hashed value of data modification time and regular length, and data locks in time;
4), if data do not exist, drive and carry out downloading data attribute metadata and plaintext synchrodata;
5) if described cloud storage server data modification is downloaded through driving, Cloud Server data pull, to local, and is upgraded to local data attributes metadata;
6) if described client terminal local data modification comprise: situation about upload for the first time, service end not having metadata, through driving, upload, client terminal local data, data attribute metadata are uploaded to cloud storage server;
7) if described cloud storage server data and client data are modified simultaneously, according to user, select to comprise through driving: cancellation operation, rewriting data, the additional conflict solution retaining.
Further, the method for synchronous described ciphertext comprises uploading, download or deleting of data, by following method, is realized the synchronous of user's ciphertext synchrodata and is upgraded:
1) while starting, load data monitoring service, and the data list generation reading according to local data base or service data watch-list;
2), according to the data monitoring list of obtaining, data-driven file-name field and the data path field on server produces the mapping one by one of data and list, and the data in watch-list are associated with local data; If automatic synchronization, data monitoring device is monitored the state of local data, if data mode comprises the up-to-date time that attribute is synchronous, the data modification time, data cryptographic Hash changes, the synchronous event of trigger data; If manually set out simultaneous operation, the direct synchronous event of trigger data;
3) described data monitoring device obtains simultaneous operation, check whether client terminal local data exist, if described local data exists, whether the metadata information that detects local attribute is identical with cloud storage server, the metadata information of described local attribute comprises the data hashed value of data modification time and regular length, and data locks in time;
4), if data do not exist, drive and carry out downloading data attribute metadata and plaintext synchrodata;
5) if described cloud storage server data modification is downloaded through driving, Cloud Server data pull, to local, and is upgraded to local data attributes metadata;
6) if described client terminal local data modification comprise: situation about upload for the first time, service end not having metadata, through driving, upload, client terminal local data, data attribute metadata are uploaded to cloud storage server;
7) for uploading, need generating ciphertext index successively, enciphered data generating ciphertext, then uploads to cloud storage server through driving by encrypt data, ciphertext index and ciphertext metadata attributes;
8) for download, because encrypt data can not be realized incremental update, thus when processing, conflict determines whether ciphertext, if ciphertext operates or rewritable paper according to cancelling of user's judgement.
Further, described synchronous bright encrypt data type comprises: file, sqlite database, SharedPreferences.
Further, described two-stage secret key encryption realizes by following method:
1) while moving, from internal memory, read master key and from memory cache or database, read the encryption and decryption key of storage simultaneously,
2), when user uses client for the first time, the corresponding parameters for authentication providing according to user, generates described master key, this master key is backed up simultaneously;
3) user is at every turn when carrying out the storage of ciphertext cloud, according to described parameters for authentication, from stored data base, read the individual event hashed value of regular length of the master key of described storage, the individual event hashed value that the described parameters for authentication providing with user utilizes identical algorithms to generate the regular length of key is compared;
4), when searching described encryption and decryption key, according to data encryption attribute metadata information and user encryption scheme, search the encryption and decryption key of storage, and use master key to decipher the encryption and decryption key of described storage;
5) if do not find the encryption and decryption key of described storage, generate encryption and decryption key, and carry out cipher key backup; By the individual event hashed value of the regular length of master key, and the encryption and decryption cipher key backup after master key is encrypted is to database and cloud server; Encryption and decryption key and data-mapping relation table after encrypting are also backuped to high in the clouds simultaneously.
Further, the parameters for authentication of described master key comprises: the biological characteristic of user password or user fingerprints, sound, iris.
Further, by following method, realize transparent to user of encryption and decryption process:
1) when user uses first, the file of selecting required encryption to upload, now file is uploaded preliminary treatment;
2) obtain key and algorithm, selected file is encrypted, is uploaded and preserves file attribute information to database, the former clear text file of described selected file is deleted after uploading successfully;
3) user to ciphertext request read or during retouching operation, call corresponding abstract encryption device assembly and be decrypted operation, generate expressly temporary file, and preserve expressly temporary file attribute information metadata and arrive temporary file table, and give upper level applications by plaintext temporary file;
4) user uses application program to be all directed to expressly temporary file to the operation of file, carries out temporary file attribute and contrast with the original attribute metadata of storing when carrying out next file operation or synchronous refresh;
5) if file is not modified, delete temporary file, file does not carry out synchronously; If file, through revising, calls encryption device unit described interim clear text file is encrypted to operation, and synchronous, successfully delete afterwards described interim clear text file uploading.
The present invention also proposes a kind of ciphertext cloud storage system, comprising: one or more clients and cloud server, it is characterized in that,
It is synchronous that in the data that user deposits in client, selection employing ciphertext and/or plaintext carry out data;
The parameters for authentication that use provides based on user identity generates master key, and obtain the preset encryption and decryption key of ciphertext or generate corresponding ciphertext encryption and decryption key according to described master key, at the two-stage key of described customer end adopted master key+encryption and decryption key, the synchronous data of ciphertext are encrypted and set up ciphertext index;
In described high in the clouds and the synchronous described ciphertext of client and ciphertext index ciphertext index and the ciphertext synchronous data of deletion in client; After described high in the clouds and the synchronous described plaintext synchrodata of client, set up expressly index simultaneously;
Described plaintext and/or ciphertext are stored in to local privately owned cloud storage server or according to the mount point of user's request, are stored in the storage server of cloud storage provider;
Described client also comprises encryption and decryption module (1) for carrying out encryption and decryption operation, for completing with the master key of personal identification binding with the key management module (2) of the encryption and decryption key two-stage key management of data binding, the index module (3) generating for ciphertext index, in order to realize the retrieval of bright ciphertext, for searching ciphertext, generate participle and the uni-directional hash of respective queries statement, and with mutual enquiry module (4), synchronization module (5) and the administration module (6) in high in the clouds;
Described synchronization module (5) is connected ciphertext and the index for calling and accepting to generate with index module (3) with transparent encryption and decryption module (1), complete the synchronous function of ciphertext and index;
Described administration module (6) and transparent encryption and decryption module (1), key management module (2) is connected to user that operation-interface is provided, and to set ciphertext security strategy, to comprise, obtains described parameters for authentication and enciphering and deciphering algorithm;
After the synchronous described plaintext in described high in the clouds is set up plaintext index or synchronous described ciphertext and ciphertext index beyond the clouds simultaneously, delete the ciphertext index in client and need enciphered data; Described plaintext and/or ciphertext are stored in to local storage server or according to the mount point of user's request, are stored in the stores service interface of cloud storage provider;
Described Cloud Server end also comprises with the synchronization module (7) of client synchronization module (5) connection synchronizes for realizing ciphertext, and ciphertext index is synchronous; In order to creating the index module (8), enquiry module (9) of index expressly, in order to realize and the docking of other cloud platforms, extension storage ability to connection module (10), key management module (11), user management module (12);
Described enquiry module (9) is connected with the enquiry module (4) of client, in order to support the bright cryptogram search of index and the cryptogram search of support sequential scanning, finally returns to Query Result;
Described key management module (11) is connected with the key management module (2) of client, for storage backup user's master key individual event hashed value, the encryption and decryption key that uses master key to encrypt, the metamessage value of user data attribute, adopts database to realize; Provide interface to accept user's request, carry out key recovery;
Described user management module (12) realizes the management of user account number and access control, comprises registered user, safeguards super administrator and domestic consumer.
Further, in described storage system, according to user, set, adopt Priority Control Strategies, for the high data of priority, after user's request, meet with a response immediately obtaining, set up index, enciphered data, the synchronous operation of upgrading; For the low data of priority,, when client access power supply or inactive state, automatically carry out index foundation, enciphered data, the synchronous operation of upgrading.
Further, described extension storage ability to connection module (10), comprise: carry is controlled functional module and data operation modules, wherein carry is controlled increases mount point submodule being mainly divided into of functional module, delete mount point submodule, obtain mount point information submodule, and data operation modules is mainly divided into general operation interface sub-module and exterior storage Interface realization submodule;
Described increase mount point submodule: user increases outside cloud storage mount point, and mount point information is write in corresponding configuration file;
Described deletion mount point submodule: delete the outside cloud storage mount point of carry, and upgrade corresponding configuration file;
Described acquisition mount point information submodule: obtain the current all mount point information of user;
Described general operation interface sub-module: the general access interface that docks and carry out data interaction with all exterior storage cloud platforms is provided.
Further, described extension storage ability also comprises that to connection module (10) Amazon S3, Dropbox, HDFS exterior storage type carry out specific implementation to described general operation interface.
By method and system disclosed by the invention, perfect solution in background technology, mention, the defect of prior art scheme and risk, aspect index, for expressly setting up beyond the clouds index, for ciphertext, in setting up index and be chosen in different environment according to the fail safe of file and index efficiency, client sets up index.At secondary key management aspect, wherein master key and personal identification binding.Isomery cloud platform aspect, has solved Autonomous determination API between a plurality of cloud service provider, causes unifying cooperation, the problem of managerial confusion.Making provides unified management interface for tension management person, and simple operations.And when can guarantee fail safe, reduce carrying cost, beneficial effect of the present invention is as follows:
1. lost terminal can obliterated data.Clear text file and cryptograph files are all synchronized to cloud server after selected, and user selects these files to download after can authenticating (being authentication) by master key in another client.If user is file encryption, no matter in terminal or high in the clouds, sensitive document is all to exist with ciphertext form so, even if lost terminal can leakage information yet, it is identical with the difficulty of attack cryptographic algorithm that assailant obtains difficulty expressly.
2. cloud service provider can't see clear text file.The master key of deciphering decruption key, binds with user by authentication, and cloud service provider cannot decrypted user data, therefore also cannot abuse.
3. protect improper ciphertext form of only losing file.Even if cloud service provider is captured by hacker, hacker can only obtain the ciphertext form of file, and it is identical with the difficulty of attacking cryptographic algorithm that assailant obtains difficulty expressly.
4. can dock a plurality of cloud service provider.Provide connection module, user can be distributed in data in the storage that different cloud service providers provides, and wherein Yi Jia cloud service provider closes down also can not affect the survival of other copies.
Accompanying drawing explanation
Fig. 1 is the structural representation of ciphertext cloud storage system of the present invention;
Fig. 2 is the key management module structure chart of ciphertext cloud storage system of the present invention;
Fig. 3 is that the key management module of ciphertext cloud storage means of the present invention is related to schematic diagram;
Fig. 4 be ciphertext cloud storage means of the present invention key management module obtain cipher key processes figure;
Fig. 5 is the encryption and decryption modular structure figure of ciphertext cloud storage system of the present invention;
Fig. 6 is the encryption flow figure of the encryption and decryption module of ciphertext cloud storage means of the present invention;
Fig. 7 is the exposition flow chart of the encryption and decryption module of ciphertext cloud storage means of the present invention;
Fig. 8 is the client Synchronous Pre processing procedure figure of the synchronization module of ciphertext cloud storage means of the present invention;
Fig. 9 is the client simultaneous operation procedure chart of the synchronization module of ciphertext cloud storage means of the present invention;
Figure 10 is the cloud server simultaneous operation procedure chart of the synchronization module of ciphertext cloud storage means of the present invention;
Figure 11 is the docking modular structure figure of ciphertext cloud storage system of the present invention;
Figure 12 is the isomery cloud platform Middleware implementation procedure chart to connection module of ciphertext cloud storage means of the present invention;
Figure 13 is the ciphertext index submodule work schematic diagram of the index module of ciphertext cloud storage means of the present invention;
Figure 14 is the plaintext index submodule work schematic diagram of the index module of ciphertext cloud storage means of the present invention;
Figure 15 is the client query submodule work schematic diagram of the enquiry module of ciphertext cloud storage means of the present invention;
Figure 16 is the high in the clouds query processing submodule work schematic diagram of the enquiry module of ciphertext cloud storage means of the present invention;
Figure 17 is the ciphertext cloud storage means basic step figure of ciphertext cloud storage means of the present invention;
Figure 18 is the search method figure of the ciphertext cloud storage of ciphertext cloud storage means of the present invention;
Figure 19 is the basic step figure that the client file of ciphertext cloud storage means of the present invention deals with;
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention will be further described in detail, but the scope not limiting the present invention in any way.
In one embodiment of this invention, to the cloud storage means of ciphertext, be:
A) (user) is encrypted selecting files in client; For the one or more files in one or more clients, user is that data owner can use identical or different encryption device unit, in client, with identical or different key, it is carried out to transparent encryption and decryption; Described client may be various intellectual computing devices, comprises mobile intelligent terminal (such as smart mobile phone, PAD, PDA or other intelligent movable equipment) and conventional internet access device (such as notebook computer, PC or server etc.);
B) select files described in arranging according to expressly or the form of ciphertext be synchronized to high in the clouds or be saved to local client; For data owner provides synchronization policy option, make its can arrange selected file with expressly or the form of ciphertext be synchronized to high in the clouds, or be only kept at client and asynchronous; Synchronizing function assembly is according to the selected synchronization policy of data owner, and plaintext or the ciphertext form of the synchronous file of needs and the metadata of describing its attribute are uploaded to high in the clouds; And in needs, be synchronized to identical or different client;
C) master key and personal identification binding, can only provide operation by this user, as utilize fingerprint characteristic, iris feature etc. to generate fixing master key, and the feature that this master key can not provided by other people generates, thereby realize and personal identification binding.Expressly do not bind with master key, be not expressly encrypted operation, do not need to use master key deciphering encryption and decryption key.Expressly, in client stored in clear, upload to high in the clouds and set up expressly index storage.Master key is provided by user, is used for deciphering obtaining encryption and decryption key.When encryption and decryption key is bound master key with file, use, each file has one to encrypt decryption key, can be different between these encryption and decryption keys.The present invention that propose with master key personal identification binding and with the encryption and decryption key two-stage key management method of file binding, provide: authentication, key produces, key updating, key storage, cipher key backup, key recovery and cipher key destruction function.
D) user sends synchronization request, and encryption and/or clear text file are synchronized to high in the clouds; Data owner asks file synchronization to high in the clouds, the strategy that client is set according to the owner, check whether be to encrypt to upload, if encrypt, upload, operation in accordance with the following steps: create ciphertext index in client, enciphered data, encrypted indexes, upload file and index after encryption, until high in the clouds, return after uploading successful message and delete clear text file and the index in terminal; If not encrypt, upload, the plaintext of upload file, and set up beyond the clouds clear text file index.
E) cloud storage server comprises that an isomery cloud platform, to connected components, is used for connecting one or more cloud memory devices to connected components, realizes carry and controls function and Data Control function; Its medium cloud memory device can be local storage server, can be also cloud storage provider stores service interface (such as: S3 etc.).Described carry is controlled function, comprises increase, deletes mount point, obtains mount point information etc.; Described Data Control function, comprises the file of uploading, download, deleting in exterior storage.Cloud platform by isomery to connected components can provide can compatible extensions data store, user data can leave these cloud stores service business in, but Information Security can not lose, thereby reduce the cost of cloud storage and the risk of maintenance.
F) according to user, set, adopt Priority Control Strategies, for the high file of priority, after user's request, meet with a response immediately obtaining, set up index, encrypt file, the synchronous operation of upgrading; For the low file of priority,, when client access power supply or inactive state, automatically carry out index foundation, encrypt file, the synchronous operation of upgrading.
In this another embodiment of the present invention, a ciphertext cloud storage system, comprising:
One or more clients and cloud server;
Described client comprises transparent encryption and decryption module 1, key management module 2, index module 3, enquiry module 4, synchronization module 5 and administration module 6;
Described transparent encryption and decryption module 1 and index module 3 are used for respectively carrying out encryption and decryption operation and ciphertext index generates;
Described key management module 2 completes and the master key of personal identification binding and the encryption and decryption key two-stage key management of binding with file;
Described enquiry module 4, in order to realize the retrieval of bright ciphertext, generates participle and the uni-directional hash of respective queries statement for searching ciphertext, and mutual with high in the clouds.
Described synchronization module 5 is connected ciphertext and the index for calling and accepting to generate with index module 3 with transparent encryption and decryption module 1, complete the synchronous function of ciphertext and index;
Described administration module 6 with transparent encryption and decryption module 1, key management module 2 is connected to user that operation-interface is provided, and to set ciphertext security strategy, to comprise, obtains described parameters for authentication and enciphering and deciphering algorithm;
Described Cloud Server end comprises synchronization module 7, index module 8, enquiry module 9, to connection module 10, key management module 11, user management module 12;
Described synchronization module 7 is connected with client synchronization module 5, realizes ciphertext synchronous, ciphertext index synchronizing function;
Described index module 8 is in order to create expressly index;
Described enquiry module 9 is connected with the enquiry module 4 of client, in order to support the bright cryptogram search of index and the cryptogram search of support sequential scanning, finally returns to Query Result.
Described to connection module 10 in order to realize and the docking of other cloud platforms, extension storage ability.
Described key management module 11 is connected with the key management module 2 of client, and for storage backup user's master key individual event hashed value, the encryption and decryption key that uses master key to encrypt, the metamessage value of user file attribute, adopts database to realize.Provide interface to accept user's request, carry out key recovery.
Described user management module 12 realizes the management of user account number and access control, comprises registered user, safeguards super administrator and domestic consumer etc.
The present embodiment adopts ciphertext cloud storage system structure as shown in Figure 1, comprises that client, high in the clouds storage server, client connect by network and cloud server.
In client, comprise (transparent) encryption and decryption module 1, key management module 2, index module 3, enquiry module 4, synchronization module 5 and administration module 6;
(transparent) encryption and decryption module 1 and index module 3 are used for respectively carrying out encryption and decryption operation and ciphertext index generates;
Key management module 2 has been used for and the master key of personal identification binding and the encryption and decryption key two-stage key management of binding with file;
Enquiry module 4, in order to realize the retrieval of bright ciphertext, generates participle and the uni-directional hash of respective queries statement for searching ciphertext, and mutual with high in the clouds.
Synchronization module 5 is connected ciphertext and the index for calling and accepting to generate with index module 3 with transparent encryption and decryption module 1, complete the synchronous function of ciphertext and index;
Administration module 6 with transparent encryption and decryption module 1, key management module 2 is connected to user that operation-interface is provided, and to set ciphertext security strategy, to comprise, obtains described parameters for authentication and enciphering and deciphering algorithm;
In this concrete embodiment, client is the Android mobile phone that the application of above-mentioned module is installed.
Cloud Server end comprises synchronization module 7, index module 8, enquiry module 9, to connection module 10, key management module 11, user management module 12;
High in the clouds synchronization module 7 is connected with client synchronization module 5, realizes ciphertext synchronous, ciphertext index synchronizing function;
High in the clouds index module 8 is in order to create expressly index;
High in the clouds enquiry module 9 is connected with the enquiry module 4 of client, in order to support the bright cryptogram search of index and the cryptogram search of support sequential scanning, finally returns to Query Result.
To connection module 10 in order to realize and the docking of other cloud platforms, extension storage ability.
High in the clouds key management module 11 is connected with the key management module 2 of client, and for storage backup user's master key individual event hashed value, the encryption and decryption key that uses master key to encrypt, the metamessage value of user file attribute, adopts database to realize.Provide interface to receive user's request, carry out key recovery.
User management module 12 realizes the management of user account number and access control, comprises registered user, safeguards super administrator and domestic consumer etc.
In this concrete embodiment, cloud server is the Linux cloud service platform for Hadoop of building that above-mentioned module is installed.
In ciphertext cloud storage means of the present invention and system, key management module, encryption and decryption module, synchronization module, to connection module, enquiry module, be its important core that realizes.
Step c of the present invention) the key production process in described key management mechanism, comprises that master key produces, encryption and decryption key produces and key obtains.By following method, realize:
1) described key generation module needs as service random start, and during operation, master key reads from internal memory, and the encryption and decryption key of storage reads from memory cache or database;
2) when user uses for the first time, the corresponding parameters for authentication that this module provides according to user, generates described master key, calls cipher key backup module and back up after generation.Described parameters for authentication includes but are not limited to the biological characteristics such as username-password or user fingerprints, sound;
3) when transparent encryption and decryption module request encryption and decryption key, according to file encryption attribute metadata information and user encryption scheme, search the encryption and decryption key of storage, and use master key to decipher the encryption and decryption key of described storage, offer encryption and decryption module; If do not find the encryption and decryption key of described storage, generate the enough random safe and reliable encryption and decryption key of length, offer encryption and decryption module, and use described cipher key backup module to back up
Step c of the present invention) described key management mechanism is as follows,
Verification process: read the individual event hashed value of regular length of the master key of described storage from stored data base, the individual event hashed value value that the described parameters for authentication providing with user utilizes identical algorithms to generate the regular length of key is compared.If identical, by authentication; Otherwise, eject warning, and log off.
Key updating process: when user sends update request, and by after described authentication, utilize new parameters for authentication, key generation module generates new master key described in re invocation, and backs up by described cipher key backup module.
Cipher key backup process: by the individual event hashed value of the regular length of master key, and the encryption and decryption cipher key backup after master key is encrypted is to database and cloud server; Encryption and decryption key and File Mapping relation table after encrypting are also backuped to high in the clouds simultaneously.
Key recovery process: according to the user name and password, by encryption and decryption key and encryption key and the recovery of File Mapping relation table from high in the clouds to client after the individual event hashed value of the regular length of this user's master key, encryption.
Cipher key destruction process: according to user request, by master key and encryption and decryption key simultaneously in the destruction of wiping in database and high in the clouds.
As shown in Figure 2, in the key management of ciphertext cloud storage means of the present invention, realized and the master key of personal identification binding and the encryption and decryption key two-stage key management method of binding with file.Mainly be divided into six major parts, every part is that one or several independent submodule forms, and completes a relatively independent function.As shown in Figure 3, the relation of collaborative work between key management module different piece in this concrete embodiment:
Key generation module: comprise that master key produces, encryption key produces, and key obtains.Mainly complete generation and the encryption and decryption of master key to encryption key of master key, encryption key.
1. user's registered user name and password when using this application for the first time, generates master key KEY by this module according to corresponding parameters for authentication (password+user name, the biological characteristics such as fingerprint)
master.(after producing, calling cipher key backup module preserves)
2. as encryption and decryption module encryption key request KEY
encryptiontime, according to file encryption attribute and user encryption scheme, search respective encrypted key K EY
encryptionand use master key KEY
masterdeciphering offers encryption and decryption module, generates respective encrypted key K EY as do not found
encryption, offer encryption and decryption module and use master key KEY
masterencrypt f
encrypt(KEY
encryption, KEY
master) (calling cipher key backup module backs up).As the main thread of this module, random start in addition, run duration master key reads from internal memory, and encryption key can read from memory cache, or reading database.
Key updating module: mainly completing is to complete the renewal operation of key according to the order of subscriber administration interface.When user sends more newer command, need to input old parameters for authentication, as password or biological characteristic, and new parameters for authentication, invokes authentication module, when old parameters for authentication authentication is passed through, just deciphers all encryption and decryption keys with old master key, and use new parameters for authentication to generate new master key, and encryption and decryption secret key encryption is stored.(calling the double copies that cipher key backup module is carried out client and high in the clouds).
Key authentication module: mainly complete the authentication to user identity.The master key HASH value generating according to user's parameters for authentication stores in the DB in client, and in the time need to verifying, calculates the parameters for authentication generation master key HASH value of user's input and the HASH value comparison in DB.
Cipher key backup module: mainly complete the value by master key HASH, cryptographic key backup is to DB and high in the clouds; And other database files (such as the mapping table of encryption key and file, subscriber's meter etc.) relevant with encryption key are also backuped to high in the clouds.
1. when master key produces, at once backup to DB and the DB table of revising is backuped to high in the clouds;
2. same, after encryption key produces, the ciphertext of encryption key is done to same backup, the encryption key associated with encryption key and the correspondence table of encrypted file are also backuped to high in the clouds simultaneously.
Key recovery module: mainly complete according to user name and user cipher this user's master key HASH value, encryption key and the DB relevant with the encryption key recovery from high in the clouds to client.When user moves to a new cell-phone customer terminal or when mobile phone terminal key loses, can recover from high in the clouds these data, for user, authenticate and encryption and decryption data.
Cipher key destruction module: mainly complete master key and encryption key ciphertext in the destruction in DB and high in the clouds.When user's special requirement, user's key all can be destroyed.
As shown in Figure 4, the concrete embodiment that obtains cipher key processes of key management module is as follows:
Step 1. judges whether encryption and decryption key storage database exists.
If step 2. exists, point out user to input master key KEY
master, use KEY
masterthe encryption and decryption key of storing in deciphers database, and return.
If step 3. does not exist, call key generation module, generate encryption and decryption key, be stored in memory buffer.
The master key KEY of step 4. user input
masterencrypt encryption and decryption key, be stored in database.And call cipher key backup module, database is uploaded in the database of high in the clouds.
As shown in Figure 5, the encryption and decryption module in ciphertext cloud storage method of the present invention is used for carrying out the encryption and decryption operation concrete to file.Mainly be divided into six parts, every part is that one or several independent submodule forms, and completes a relatively independent function.
User application expansion module, the operation in order to supervisory user application program to data, comprises the application programs such as address list, calendar, contact person, photograph album, document, the unfolding mode of control documents;
Abstract encryption and decryption module, in order to connect other assemblies, provides general encryption and decryption interface, and this interface can be realized as openssl etc. by the algorithms library of increasing income, and also can oneself realize enciphering and deciphering algorithm;
Data encapsulation module, in order to shield the impact of different types of data on enciphering and deciphering algorithm, realizes the unified encapsulation to address list, note, file, improves versatility;
Encryption and decryption configuration module, in order to select enciphering and deciphering algorithm as 3DES, AES, Blowfish etc. with user interactions at administration interface, is kept in configuration file.
As shown in Figure 6, in this concrete embodiment, the concrete encryption flow of encryption and decryption module is as follows:
Step 1. obtains needing plaintext and the relevant information of encryption by user application expansion module.
Step 2. is imported plaintext into data encapsulation module by abstract encryption and decryption module.
The cleartext information of the different-format that step 3. pair is imported into, carries out piecemeal and encapsulation, obtains consolidation form.
The enciphering and deciphering algorithm that step 4. is preserved to encryption and decryption configuration module requesting query user by abstract encryption and decryption module.
The configuration file of step 5. encryption and decryption configuration module access cache, as sharedpreference under Android etc., returns to abstract encryption and decryption module by the enciphering and deciphering algorithm inquiring.
Step 6. by abstract encryption and decryption module to key management module acquisition request encryption and decryption key.
The encryption and decryption key of depositing in step 7. key management module access memory buffer memory, is used master key deciphering to return to abstract encryption and decryption module.
Step 8. is called the specific implementation interface of abstract encryption and decryption, and plaintext, algorithm types, encryption and decryption key are imported into as parameter.
The realization of the concrete encryption and decryption of step 9. can be the algorithms library of increasing income, as openssl etc., or user-defined function, to the plain text encryption of piecemeal and return.
The abstract encryption and decryption module of step 10. is returned to the ciphertext after encryption to upper strata.
As shown in Figure 7, in this concrete embodiment, the concrete deciphering flow process of encryption and decryption module is as follows:
Step 1. obtains needing the ciphertext of deciphering by user application expansion module, and ciphertext is carried out to piecemeal.
The enciphering and deciphering algorithm that step 2. is preserved to encryption and decryption configuration module requesting query user by abstract encryption and decryption module.
The configuration file of step 3. encryption and decryption configuration module access cache, as sharedpreference under Android etc., returns to abstract encryption and decryption module by the enciphering and deciphering algorithm inquiring.
Step 4. by abstract encryption and decryption module to key management module acquisition request encryption and decryption key.
The encryption and decryption key of depositing in step 5. key management module access memory buffer memory, is used master key deciphering to return to abstract encryption and decryption module.
Step 6. is called the specific implementation interface of abstract encryption and decryption, and ciphertext, algorithm types, encryption and decryption key are imported into as parameter.
The realization of the concrete encryption and decryption of step 7. can be the algorithms library of increasing income, as openssl etc., or user-defined function, to the decrypt ciphertext of piecemeal and return.
Step 8. is imported the plaintext of the encapsulation of deciphering into data encapsulation module by abstract encryption and decryption module.
The plaintext of step 9. data encapsulation module to the encapsulation of deciphering, transfers former clear data to and returns to abstract encryption and decryption module
The abstract encryption and decryption module of step 10. is returned to the plaintext after deciphering to upper strata.
Synchronization module in ciphertext cloud storage means embodiment of the present invention, completes terminal data and carries out bi-directional synchronization to cloud server, comprises the upload and download of data, and the renewal of data and deletion.Wherein data type comprises: file, sqlite database, SharedPreferences etc.
Step b of the present invention) described plaintext synchronization mechanism, comprises uploading, download or deleting of file, by following method, is realized the synchronous of user data and is upgraded:
1) in client terminal start-up, startup file monitor service;
2) from database, obtain file monitor list, shine upon and call file monitor device;
3) described file monitor device obtains simultaneous operation, checks that whether client terminal local file exists, if file does not exist, drives downloader module download file attribute metadata and clear text file;
4) if described local file exists, whether the metadata information that detects local attribute is identical with server, comprises the file hash value of file modification time and regular length, and the file synchronization time.Described file individual event hashed value comprises HASH value, SHA-1 value etc.;
5) if described cloud storage server file modification drives downloader module, Cloud Server file is pulled to this locality;
6) if described client terminal local file modification, local file is newer than server file, this situation comprises for the first time to be uploaded, service end does not have the situation of metadata, drives uploader module, by the storage that uploads onto the server of client terminal local file;
7) if described cloud storage server file and client file are modified simultaneously, drive conflict processing module, comprise resolution policies such as cancelling operation, rewritable paper, additional reservation.
Step b) described ciphertext synchronization mechanism, to compare calling of lower floor identical with described plaintext synchronization mechanism, and increasing following method, to solve ciphertext synchronous:
1) for uploading, after obtaining described simultaneous operation, first carry out the synchronous ciphertext preprocessing process of described file, this pretreatment module is obtained user's operation file, calls successively index module, generating ciphertext index; Transparent encryption and decryption module, generating ciphertext file;
2) by described cryptograph files and ciphertext index according to the step of expressly uploading, give lower layer components and carry out upload procedure;
3) for download also synchronize with described plaintext upgrade similar, because ciphertext document can not be realized incremental update, thus in conflict processing module, determine whether ciphertext, if ciphertext is only cancelled and being operated or rewritable paper according to user's judgement.
As shown in Figure 8, as follows in the concrete embodiment step of the client Synchronous Pre processing procedure of synchronization module of the present invention:
Step 1. is load document monitor service file_observation when client terminal start-up, and this service lifecycle is systems life cycle.
Step 2. is file reading list file_list from database file_list.db.This list comprises that the metadata attributes defining in a series of the present invention of file is as follows:
| field name | type | field description |
| _ id | integer | the id of file |
| filename | text | filename |
| path | text | the path of file on server |
| parent | integer | the id of file father file |
| created | integer | the document creation time |
| modified | integer | modification time |
| content_type | text | file type |
| content_length | integer | file size |
| media_path | text | the local store path of file |
| file_owner | text | account name |
| last_sync_date | text | the up-to-date time that attribute is synchronous |
| keep_in_sync | integer | whether need synchronous. |
| last_sync_date_for_data | text | the up-to-date time that data are synchronous |
| modified_at_last_sync_for_data | text | the up-to-date time of data change |
| hash_value | text | file cryptographic Hash |
| encrypted | integer | whether file is encrypted |
File monitor list file_list in step 3. initialization files monitor service.By file monitor device, be responsible for scheduled maintenance.Listed files is the list of the metadata attributes of the synchronous file wanted deposited in database, and file monitor list is in internal memory, according to the listed files of getting from database read, to generate the listed files of safeguarding by monitor service.
Step 4. file monitor device obtains file monitor list, according to filename field and path field, produces the mapping one by one of file and list, and the file in watch-list is associated with local file.
Step 5. is for automatic synchronization, and file monitor device is monitored the state of local file, if file status comprises the up-to-date time that attribute is synchronous, the file modification time, file cryptographic Hash etc. changes, and triggers the event of file synchronization.For the simultaneous operation of manually setting out, directly trigger the event of file synchronization.
Step 6. event processing mechanism obtains file directory path, and the listed files under this path.Carry out concrete simultaneous operation process.
As shown in Figure 9, the concrete embodiment step of the client simultaneous operation process of the synchronization module proposing in the present invention is as follows: in this concrete embodiment, suppose, manually select synchronous documents test.txt.
Step 1. checks whether local file test.txt exists, if do not exist, to cloud server, sends download command.
If step 2. local file test.txt exists, the database server_filelist.db of cloud server storing documents metadata is downloaded to this locality.
Step 3. judges whether local file test.txt changes, and whether is greater than last_sync_date_for_data lock in time of file content according to the modification time modified of file in local file metadata.
Step 4. further judges whether the test.txt of server changes, and according to the modification time modified of file in server metadata, whether is greater than file content modification last_sync_date_for_data lock in time in local metadata.
If the modified<last_sync_date_for_data of step 5. local file test.txt metadata and the modified<last_sync_date_for_data of server test.txt metadata, represent that local and server file test.txt does not have to change, and does not need synchronous renewal.
If the modified<last_sync_date_for_data of step 6. local file test.txt metadata and the modified>last_sync_date_for_data of server test.txt metadata, represent that server test.txt file changes, to cloud server, send download command get request, by the get process specific implementation of webdav agreement.
If the modified>last_sync_date_for_data of step 7. local file test.txt metadata and the modified>last_sync_date_for_data of server test.txt metadata, expression this locality and server file are all changed, and processing conflicts.Prompting user selects: 1. cancel synchronously, 2. adopt server file to cover local file, 3. both rename retains.
If the modified>last_sync_date_for_data of step 8. local file test.txt metadata and the modified<last_sync_date_for_data of server test.txt metadata, represent that local file changes, need upload to cloud server, to cloud server, send upload command put request, by the put process specific implementation of webdav agreement.
As shown in figure 10, as follows in the concrete embodiment step of the cloud server simultaneous operation process of synchronization module of the present invention: suppose that the final operation that user selects is that local file is uploaded to cloud server operation, down operation and this flow process are similar.
1. receive client synchronization request;
2. judge whether it is put request, if open file, create synchronization object, and synchronous documents is read in; Otherwise carry out other file operation, as deleted file request, transaction file request;
3. the MD5 value of authenticating documents, being verified is file allocation memory location, is defaulted as under active user's master catalogue;
4. call file store method, file fragmentation is write to storage system.
As shown in figure 11, in the concrete embodiment of ciphertext cloud storage means of the present invention, connection module is used for realizing all functions of isomery cloud platform to connected components, realize with other cloud storage platform as with Amazon S3, Dropbox, HDFS dynamically seamlessly to connection function, thereby can realize the extensibility storage of cloud data.Isomery cloud platform docking whole software structure is mainly divided into two parts, first carry is controlled functional module, it two is data operation modules, wherein carry is controlled increases mount point submodule being mainly divided into of functional module, delete mount point submodule, obtain mount point information submodule, and data operation modules is mainly divided into general operation interface sub-module and exterior storage Interface realization submodule.
Increase mount point submodule: user increases outside cloud storage mount point, and mount point information is write in corresponding configuration file.When carrying out outside cloud storage carry, user need to provide corresponding parameter to middleware, as: the information such as the exterior storage type of mount point, institute's carry, user name.Increase after mount point success, user just can operate corresponding exterior storage cloud as the cloud platform of operation oneself.
Delete mount point submodule: delete the outside cloud storage mount point of carry, and upgrade corresponding configuration file.User need to provide the parameter informations such as mount point, user name.Deleted after this mount point, user just can not be stored into row data interaction by privately owned cloud and outside cloud.
Obtain mount point information submodule: obtain the current all mount point information of user.The mount point information that need to know active user when software program initializes or when refreshing, has obtained the file that is placed on exterior storage to be shown to user after these mount point information.
General operation interface sub-module: the general access interface that docks and carry out data interaction with all exterior storage cloud platforms is provided.
Exterior storage Interface realization submodule: this module comprises Amazon S3, Dropbox, the specific implementation of HDFS exterior storage type to general operation interface.When user uses general-purpose interface, will indirectly call the Interface realization of respective external storage class, thereby reach the function that outside is stored into line operate.
Step e of the present invention) described isomery cloud platform docking middleware, by following method, realize:
1) user provides the carry information of service provider to write in configuration file the described outside third party cloud of needs, and described carry information comprises user name, storage class etc.;
2) when user initiates carry request, described docking middleware obtains profile information, constructs corresponding abstract operation interface;
3) described in this, abstract operation interface module provides general data access interface ,Dui lower floor mutual for each cloud service business to upper strata, realizes abstract operation corresponding to different storage classes.Described cloud service business storage class includes but not limited to: Amazon S3, Dropbox, HDFS etc., described abstract operation comprises the directory operation interfaces such as file operation interface, mkdir such as fopen, and can expand dynamically according to demand.
As shown in figure 12, in the concrete embodiment of ciphertext cloud storage means of the present invention, isomery cloud platform Middleware implementation process is as follows:
The request that step 1. user produces to be increased mount point, delete mount point or obtain mount point information.
Whether step 2. generates corresponding basic parameter according to user's respective request, and be that personal user creates corresponding mount point according to user's type.
Step 3. reads mount point information in array $ mountPoints from configuration file mount.json, jumps to corresponding submodule realize according to corresponding request.
Step 4. judges the carry entry that whether has had current group or user in mount point information array mountPoints.
Step 5. writes new mount point information in $ mountPoints array.
Step 6. judges user or the group data that whether have current application in carry entry, if exist, new mount point added to after this user or group, otherwise with regard to newly-built this user.
Step 7. writes all mount point information $ mountPoints arrays of upgrading in configuration file mount.json.
Whether the exterior storage class that step 8. judgement is asked there is or supports operation.
Step 9. creates the processing of mount point failure.
Step 11. is deleted the mount point information that will delete from $ mountPoints array.
Step 12. Reconfigurations file mount.json.
Step 13. judgement user is with GROUP form carry or with USER form carry.
Step 14. is carried out standardization processing by the information of acquisition, unified display format, as exterior storage is converted into OC Files||Storage class name.
Step 15. is returned to acquisition mount point information.
Index module in ciphertext cloud storage means embodiment of the present invention, sets up the search index of synchronous documents to the demand of document retrieval according to user.In this embodiment, index, based on keyword, is divided into expressly index submodule and ciphertext index submodule.
As shown in figure 13, ciphertext index submodule in ciphertext cloud storage means embodiment of the present invention, because synchronous data are stored in the mode of ciphertext, index building in index beyond the clouds, the index part of ciphertext index submodule creates in client, and the type that can set up the text of index comprises the unstructured datas such as txt, pdf, word.Keyword in index is encrypted and the entity in index is encrypted and adopted two kinds of different cryptographic algorithm, keyword to adopt SHA-1 hash algorithm to carry out uni-directional hash encryption.Then the index of encryption is synchronized to high in the clouds, by synchronization module, is stored under the catalogue of appointment.This module is the nucleus module of client, and it carries out the encryption of index by the external interface that calls encryption and decryption module and key management module, also invoke synchronous module is realized to uploading of ciphertext index file.The concrete embodiment of process that ciphertext index creates is as follows:
Step 1. pair clear text file is carried out preliminary treatment, comprises and removes redundant field, stop words, punctuation mark etc.
Step 2. adopts AKanalyzer Words partition system to carry out word segmentation processing, obtains keyword.
Step 3. is marked to each keyword, adopts IF*IDF algorithm.
Step 4. index writes disk Qian, indexed cache district and calls the keyword fragment in encryption and decryption module SHA-1 algorithm for encryption index.
Step 5. is generating ciphertext index tree in internal memory, creates index.This index index metadata structure is as follows:
| Field name | Type | Describe |
| Index_ID | int | Index number, automatic increase |
| Index_name | Char | The name of index |
| Index_path | Text | The path that index is deposited |
| Index_UserID | Bigint | The user ID being associated with index |
| Index_length | Bigint | The size of index |
| Index_time | Datatime | The index creation time |
| Index_time | Datatime | The index modification time |
Step 6. writes magnetic disc store by the index after encrypting.
Step 7. invoke synchronous module, is synchronized to cloud server by ciphertext index.
As shown in figure 14, plaintext index submodule in ciphertext cloud storage means embodiment of the present invention, because synchronous data are stored in mode expressly, so expressly index creates at server end, this module obtains the data of synchronization module transmission by common interface, data are carried out to preliminary treatment, and index creation is realized by lucene, without it is expanded, then export index stores to assigned catalogue.Because the basis in high in the clouds is hadoop, the MapReduce framework of hadoop can be realized high concurrent parallel computation, so adopt MapRedcue framework when carrying out high in the clouds index module design.The concrete embodiment of process of the plaintext index creation proposing is in the present invention as follows:
After step 1. file synchronization task completes, notice cloud server plaintext index module creates expressly index.
Step 2. is imported expressly text into, and the JobTracker of Hadoop, with the physical location of each the file century storage Key that does, is cut apart file data.
Step 3. is distributed to each TaskTracker by the text data after cutting apart, and each TaskTracker starts 2 Map index process tasks, and monitors Map executing state, generates independent inverted index.
Step 4.Reduce is merged into as a whole by independent inverted index.
Step 5. is kept at plaintext index under the corresponding catalogue of cloud server.The structural information of this plaintext index metadata is as follows:
| Field name | Type | Describe |
| Index_ID | int | Index number, automatic increase |
| Index_name | Char | The title of index |
| Index_path | Text | Path deposited in index |
| Index_UserID | int | The user ID being associated with this index |
| Index_length | int | The size of index |
| Index_time | Datatime | The time of index creation |
| Index_modify | Datatime | The time of index modification |
Enquiry module in ciphertext cloud storage means embodiment of the present invention, plaintext or the cryptograph files index according to index module, set up, carry out the inquiry of bright ciphertext keyword, is divided into client query submodule and high in the clouds inquiry submodule, high in the clouds query processing module.
As shown in figure 15, the concrete embodiment of the process of client query submodule is as follows:
Step 1. is inputted the keyword that will search in client query interface, then selects cryptogram search, expressly inquiry or comprehensive inquiry.
Step 2. is selected according to user, if be chosen as cryptogram search or comprehensive inquiry, key word of the inquiry be encrypted to the SHA-1 algorithm that calls encryption and decryption module keyword is asked to Hash.
Step 3. is according to the cryptographic Hash of keyword, the query statement of generating ciphertext.
Step 4., according to plaintext keyword, generates query statement expressly.
Step 5. client sends the inquiry request of set form to cloud server by http agreement.Form shape is as http: // 192.168.111.83:8080/index.jsp plain=test & encrypt=aJaaaaaaLasaaaaaaaa, and plain represents expressly keyword, encrypt represents ciphertext keyword.
Step 6. cloud server calls high in the clouds query processing module, carries out query processing, obtains listed files.
Step 7. cloud server returns to client by the listed files inquiring, and client shows at Query Result interface.
The similar client query submodule of process of high in the clouds inquiry submodule, the flow process that is about to client query submodule is transplanted to page end, makes user can carry out bright cryptogram search operation can be by web page access high in the clouds data time.
As shown in figure 16, high in the clouds query processing module major function is that server support is carried out bright cryptogram search to generating indexes beyond the clouds, by upper layer module, is called, and unified interface is provided.Use MapReduce structure, at all Slave nodes, all dispose enquiry module.In query script, by Master node, segmentation is carried out in inverted index storehouse, each Slave node is only retrieved a segment index, obtains part matching result collection, after Master gathers sequence, by Web server, to user, presents final Query Result.The concrete embodiment of high in the clouds query processing process is as follows:
Step 1. cloud server receives the inquiry request that client is sent.
Character string parsing generated query request Query in step 2. pair inquiry request, divides expressly inquiry or cryptogram search according to plain or encrypt field, calls respectively corresponding processing module.
Step 3. is set according to plaintext inquiry request generated query, and to each server, looks into (Slave node) and send, each querying server retrieval inverted index, and only complete partial query result, all Query Results draw expressly Query Result after gathering.
Step 4. is set according to cryptogram search request generated query, and to each server, looks into (Slave node) and send, each querying server retrieval inverted index, and only complete partial query result, all Query Results draw cryptogram search result after gathering.
Step 5. merges bright ciphertext result.
Step 6. returns to the listed files of inquiry gained to upper layer application.High in the clouds metadata information is deposited in this document list, and the metadata information that is stored in high in the clouds data by searching can accurately navigate to the file that will search, and the list of file relative address is fed back to client.The major key of this table is path, and its structure is as follows:
| Field name | Type | Field description |
| fileid | Int | File ID, automatic increase |
| storage | Int | Storage system type |
| path | String | Memory location |
| path?hash | Text | The cryptographic Hash of store path |
| parent | Int | The file at place |
| name | Char | Filename |
| mimetype | Int | File type |
| mimepart | Int | ? |
| size | Int | File size |
| mtime | Text | Last modification time |
| encrypted | Bool | Whether encrypt |
| etag | Text | Version flag |
In the present invention, mainly realize the ciphertext cloud storage means to user data, the encrypt data of client encrypt uploads to Cloud Server end.
As shown in figure 17, the basic step of the concrete embodiment of ciphertext cloud storage means of the present invention is:
Step 1. is first when client terminal start-up, and user inputs master key, by key authentication, enters system; If start and enter administration configuration interface first, user, according to enciphering and deciphering algorithm list, selects the algorithm for encryption and decryption, as AES_192_ofb, user is selected to be kept in configuration file, then enters system.
Step 2. user selects the file test.txt that need to upload, and appointment is that ciphertext is uploaded storage.
The file test.txt that step 3. file monitor device is selected user adds file monitor list, after this client this document is being revised through user, delete and wait after operation, file change arrives cloud server by automatic synchronization, or this test.txt file on cloud server is modified, delete, also will be synchronized to client.
Step 4. is called the content creating ciphertext index of index module to the file test.txt of user's selection, and the ciphertext index of generation is stored in the application program sandbox of client.
Step 5. obtains the association attributes metadata of the file test.txt of user's selection, and database list item is stored in local data base.
The file test.txt that step 6. couple user selects calls encryption and decryption module and key management module, at key, produce submodule, user inputs master key deciphering encryption and decryption key or produces random encryption and decryption key, then adopt cryptographic algorithm AES_192_ofb, symmetric block cipher test.txt, obtains ciphertext test.txt and stores under corresponding catalogue.
Step 7. invoke synchronous module, by synchronization policy and the synchronous protocol of its specific implementation, clear text file attribute metadata list item and ciphertext index by the ciphertext test.txt, the test.txt that produce, be synchronized to cloud server, after synchronous success, delete local ciphertext index.
Step 8. cloud server receives the file attribute metadata of test.txt server end file metadata is upgraded, and obtains new listed files.
Step 9. cloud server is to the cryptograph files test.txt burst storage receiving.
The index module of step 10. cloud server receives the ciphertext index of uploading, and ciphertext index is stored under corresponding catalogue.
In the present invention, also realize the search method to the ciphertext cloud storage of user data, the encrypt data that client uploads to cloud server to encryption is retrieved.
The unified interface that of the present invention a) described transparent encryption and decryption is provided by abstract encryption device assembly realizes, described abstract encryption device assembly reads user device configuration, obtain enciphering and deciphering algorithm, and obtain encryption and decryption key by key management module, drive encryption device unit to implement encryption and decryption operation.Described encryption device unit, by abstract encryption device assembly management, can be to use hardware encipher equipment or software cryptography equipment to realize, dynamic extending cryptographic algorithm.By following method, realize encryption and decryption process possessory transparent to data:
1) when user uses first, the file of selecting required encryption to upload, now file is uploaded preliminary treatment by Synchronization Component.
2) by abstract encryption device assembly, obtain key and algorithm, selected file is encrypted, is uploaded and preserves file attribute information to database.The former clear text file of described selected file is deleted after uploading successfully.
3) user to ciphertext request read or during retouching operation, call abstract encryption device assembly and be decrypted operation, generate expressly temporary file, and preserve expressly temporary file attribute information metadata to temporary file table.And give upper level applications by plaintext temporary file.
4) user uses application program to be all directed to expressly temporary file to the operation of file.When carrying out next file operation or synchronous refresh, carrying out temporary file attribute contrasts with the original attribute metadata of storing.
5) if file is not modified, delete temporary file, file does not carry out synchronously.If file, through revising, calls encryption device unit described interim clear text file is encrypted to operation, and synchronous.Successfully delete afterwards described interim clear text file uploading.
As shown in figure 18, the basic step of the concrete embodiment of search method of ciphertext cloud storage of the present invention is:
Step 1. user provide master key, by authentication, enters system.
Step 2. user enters query interface input inquiry statement Information Security, selects bright cryptogram search.
Step 3. is called client query submodule, carries out morphological analysis and generates expressly keyword, to each keyword, adopts SHA-1 algorithm to generate the expressly corresponding Hash of keyword, constructs corresponding inquiry request.
Step 4. high in the clouds query processing module receives inquiry request, carry out inquiry request parsing, and call distributed bright ciphertext index inquiry, merge the list of spanned file Query Result, and the cryptograph files test.txt list that this is comprised to keyword is back to client.
The listed files that step 5. client cloud server returns, and the listed files that comprises cryptograph files test.txt in Query Result interface display.
Step 6. user selects to download to the cryptograph files test.txt of client terminal local, the synchronous processing procedure of client carries out sending request to cloud server, and the attribute metadata of cryptograph files test.txt is synchronized to client, carry out collision detection and processing, if desired download this cryptograph files and to service end, send get request.
The synchronization module of step 7. cloud server receives the synchronization request that client is sent, and the cryptograph files test.txt of storage is downloaded to client by network.
Step 8. is when user opens downloaded cryptograph files test.txt by client, request user rs authentication master key, by rear, call key management module and obtain encryption and decryption key, and obtain enciphering and deciphering algorithm AES_192_ofb, the abstract encryption and decryption submodule that calls encryption and decryption module is decrypted cryptograph files test.txt, obtains being stored in clear text file test.txt interim in application program sandbox.
Step 9. client file operation process, client is carried out operational processes to temporary file test.txt expressly, comprises and opens modification etc.
In the present invention, also realize the bright cryptograph files method of operation to the ciphertext cloud storage of user data, be that client is opened the bright ciphertext of storage, revise, the operating process of rename, as shown in figure 19, the basic step of the concrete embodiment of the File Open retouching operation of ciphertext cloud storage of the present invention is as follows:
Step 1. user selects the file that need to open, and this document can be also clear text file for cryptograph files.
Step 2. is searched this document path from file metadata attribute database, judges the information that whether has this document in database.
If there is this document information in step 3. part metadata attributes database, open temporary file information table temp_list from file metadata database, search the meta-attribute information that whether has this document, thereby judge whether this document has been temporary file.
If step 4. file is temporary file, the temporary folder from application program sandbox private room obtains temporary file and directly gives upper level applications as Kingsoft WPS etc., and operations such as opening, edit, close, generates new interim clear text file.
If step 5. file is not temporary file, what expression was opened is another file.By the file modification time modified storing in the contrast modification time modified of temporary file and file metadata attribute database, contrast, judge whether temporary file is the latest document being modified.
Step 6. request user rs authentication master key, by rear, call key management module and obtain encryption and decryption key, and obtain enciphering and deciphering algorithm AES_192_ofb, the abstract encryption and decryption submodule that calls encryption and decryption module is encrypted the temporary file under temporary folder, according to the file path of storing in temporary file information table temp_list in file metadata database, be stored under the corresponding catalogue of client.
The meta-data attribute information that step 7. is obtained the temporary file under temporary folder is updated in file metadata attribute database.
Step 8. is wiped the temporary file under temporary folder.
Step 9. is new file due to what open, opens the database of this document metadata attributes, according to field encryption, judges whether file is ciphertext.
If the file that step 11. is newly opened is ciphertext, ask user rs authentication master key, by rear, call key management module and obtain encryption and decryption key, and obtain enciphering and deciphering algorithm AES_192_ofb, the abstract encryption and decryption submodule that calls encryption and decryption module is decrypted this document, and the temporary file after deciphering leaves under the temporary folder of application program sandbox private room.
Step 12. is obtained the metadata attributes of interim clear text file, is updated in database.
By method and system disclosed by the invention, perfect solution defect and the risk of the prior art scheme mentioned in background technology, make the lost terminal can obliterated data, cloud service provider can not malice the data of spying upon user, cloud service provider is captured only loses file cipher text, and can dock a plurality of cloud service provider.
Claims (11)
1. a ciphertext cloud storage means, sets up and is synchronously connected with high in the clouds in client, the steps include:
1) it is synchronous that in the data that user deposits in client, selection employing ciphertext and/or plaintext carry out data, and described ciphertext is selected to cryptographic algorithm;
2) use the parameters for authentication providing based on user identity to generate master key, and obtain the preset encryption and decryption key of ciphertext or generate corresponding ciphertext encryption and decryption key according to described master key, at the two-stage key of described customer end adopted master key+encryption and decryption key, the synchronous data of ciphertext are encrypted and set up ciphertext index and this master key is backed up;
3) in the synchronous described ciphertext of described client and high in the clouds and ciphertext index ciphertext index and the ciphertext synchronous data of deletion in client; Or after described high in the clouds and the synchronous described plaintext synchrodata of client, in described high in the clouds, set up expressly index; And realize transparent to user of encryption and decryption process:
4) described plaintext and/or ciphertext are stored in to local privately owned cloud storage server or according to the mount point of user's request, are stored in the storage server of cloud storage provider.
2. ciphertext cloud storage means as claimed in claim 1, is characterized in that, the method for synchronous described plaintext comprises uploading, download or deleting of data, by following method, realizes the expressly synchronous and renewal of synchrodata to user:
1) while starting, load data monitoring service, and the data list generation reading according to local data base or service data watch-list;
2), according to the data monitoring list of obtaining, data-driven file-name field and the data path field on server produces the mapping one by one of data and list, and the data in watch-list are associated with local data; If automatic synchronization, data monitoring device is monitored the state of local data, if data mode comprises the up-to-date time that attribute is synchronous, the data modification time, data cryptographic Hash changes, the synchronous event of trigger data; If manually set out simultaneous operation, the direct synchronous event of trigger data;
3) described data monitoring device obtains simultaneous operation, check whether client terminal local data exist, if described local data exists, whether the metadata information that detects local attribute is identical with cloud storage server, the metadata information of described local attribute comprises the data hashed value of data modification time and regular length, and data locks in time;
4), if data do not exist, drive and carry out downloading data attribute metadata and plaintext synchrodata;
5) if described cloud storage server data modification is downloaded through driving, Cloud Server data pull, to local, and is upgraded to local data attributes metadata;
6) if described client terminal local data modification comprise: situation about upload for the first time, service end not having metadata, through driving, upload, client terminal local data, data attribute metadata are uploaded to cloud storage server;
7) if described cloud storage server data and client data are modified simultaneously, according to user, select to comprise through driving: cancellation operation, rewriting data, the additional conflict solution retaining.
3. ciphertext cloud storage means as claimed in claim 1, is characterized in that, the method for synchronous described ciphertext comprises uploading, download or deleting of data, by following method, is realized the synchronous of user's ciphertext synchrodata and is upgraded:
1) while starting, load data monitoring service, and the data list generation reading according to local data base or service data watch-list;
2), according to the data monitoring list of obtaining, data-driven file-name field and the data path field on server produces the mapping one by one of data and list, and the data in watch-list are associated with local data; If automatic synchronization, data monitoring device is monitored the state of local data, if data mode comprises the up-to-date time that attribute is synchronous, the data modification time, data cryptographic Hash changes, the synchronous event of trigger data; If manually set out simultaneous operation, the direct synchronous event of trigger data;
3) described data monitoring device obtains simultaneous operation, check whether client terminal local data exist, if described local data exists, whether the metadata information that detects local attribute is identical with cloud storage server, the metadata information of described local attribute comprises the data hashed value of data modification time and regular length, and data locks in time;
4), if data do not exist, drive and carry out downloading data attribute metadata and plaintext synchrodata;
5) if described cloud storage server data modification is downloaded through driving, Cloud Server data pull, to local, and is upgraded to local data attributes metadata;
6) if described client terminal local data modification comprise: situation about upload for the first time, service end not having metadata, through driving, upload, client terminal local data, data attribute metadata are uploaded to cloud storage server;
7) for uploading, need generating ciphertext index successively, enciphered data generating ciphertext, then uploads to cloud storage server through driving by encrypt data, ciphertext index and ciphertext metadata attributes;
8) for download, because encrypt data can not be realized incremental update, thus when processing, conflict determines whether ciphertext, if ciphertext operates or rewritable paper according to cancelling of user's judgement.
4. the ciphertext cloud storage means as described in claim 1 or 3, is characterized in that, described synchronous bright encrypt data type comprises: file, sqlite database, SharedPreferences.
5. ciphertext cloud storage means as claimed in claim 1, is characterized in that, described two-stage secret key encryption realizes by following method:
1) while moving, from internal memory, read master key and from memory cache or database, read the encryption and decryption key of storage simultaneously,
2), when user uses client for the first time, the corresponding parameters for authentication providing according to user, generates described master key, this master key is backed up simultaneously;
3) user is at every turn when carrying out the storage of ciphertext cloud, according to described parameters for authentication, from stored data base, read the individual event hashed value of regular length of the master key of described storage, the individual event hashed value that the described parameters for authentication providing with user utilizes identical algorithms to generate the regular length of key is compared;
4), when searching described encryption and decryption key, according to data encryption attribute metadata information and user encryption scheme, search the encryption and decryption key of storage, and use master key to decipher the encryption and decryption key of described storage;
5) if do not find the encryption and decryption key of described storage, generate encryption and decryption key, and carry out cipher key backup; By the individual event hashed value of the regular length of master key, and the encryption and decryption cipher key backup after master key is encrypted is to database and cloud server; Encryption and decryption key and data-mapping relation table after encrypting are also backuped to high in the clouds simultaneously.
6. ciphertext cloud storage means as claimed in claim 5, is characterized in that, the parameters for authentication of described master key comprises: the biological characteristic of user password or user fingerprints, sound, iris.
7. ciphertext cloud storage means as claimed in claim 1, is characterized in that, by following method, realizes transparent to user of encryption and decryption process:
1) when user uses first, the file of selecting required encryption to upload, now file is uploaded preliminary treatment;
2) obtain key and algorithm, selected file is encrypted, is uploaded and preserves file attribute information to database, the former clear text file of described selected file is deleted after uploading successfully;
3) user to ciphertext request read or during retouching operation, call corresponding abstract encryption device assembly and be decrypted operation, generate expressly temporary file, and preserve expressly temporary file attribute information metadata and arrive temporary file table, and give upper level applications by plaintext temporary file;
4) user uses application program to be all directed to expressly temporary file to the operation of file, carries out temporary file attribute and contrast with the original attribute metadata of storing when carrying out next file operation or synchronous refresh;
5) if file is not modified, delete temporary file, file does not carry out synchronously; If file, through revising, calls encryption device unit described interim clear text file is encrypted to operation, and synchronous, successfully delete afterwards described interim clear text file uploading.
8. a ciphertext cloud storage system, comprising: one or more clients and cloud server, it is characterized in that,
It is synchronous that in the data that user deposits in client, selection employing ciphertext and/or plaintext carry out data;
The parameters for authentication that use provides based on user identity generates master key, and obtain the preset encryption and decryption key of ciphertext or generate corresponding ciphertext encryption and decryption key according to described master key, at the two-stage key of described customer end adopted master key+encryption and decryption key, the synchronous data of ciphertext are encrypted and set up ciphertext index;
In described high in the clouds and the synchronous described ciphertext of client and ciphertext index ciphertext index and the ciphertext synchronous data of deletion in client; After described high in the clouds and the synchronous described plaintext synchrodata of client, set up expressly index simultaneously;
Described plaintext and/or ciphertext are stored in to local privately owned cloud storage server or according to the mount point of user's request, are stored in the storage server of cloud storage provider;
Described client also comprises encryption and decryption module (1) for carrying out encryption and decryption operation, for completing with the master key of personal identification binding with the key management module (2) of the encryption and decryption key two-stage key management of data binding, the index module (3) generating for ciphertext index, in order to realize the retrieval of bright ciphertext, for searching ciphertext, generate participle and the uni-directional hash of respective queries statement, and with mutual enquiry module (4), synchronization module (5) and the administration module (6) in high in the clouds;
Described synchronization module (5) is connected ciphertext and the index for calling and accepting to generate with index module (3) with transparent encryption and decryption module (1), complete the synchronous function of ciphertext and index;
Described administration module (6) and transparent encryption and decryption module (1), key management module (2) is connected to user that operation-interface is provided, and to set ciphertext security strategy, to comprise, obtains described parameters for authentication and enciphering and deciphering algorithm;
After the synchronous described plaintext in described high in the clouds is set up plaintext index or synchronous described ciphertext and ciphertext index beyond the clouds simultaneously, delete the ciphertext index in client and need enciphered data; Described plaintext and/or ciphertext are stored in to local storage server or according to the mount point of user's request, are stored in the stores service interface of cloud storage provider;
Described Cloud Server end also comprises with the synchronization module (7) of client synchronization module (5) connection synchronizes for realizing ciphertext, and ciphertext index is synchronous; In order to creating the index module (8), enquiry module (9) of index expressly, in order to realize and the docking of other cloud platforms, extension storage ability to connection module (10), key management module (11), user management module (12);
Described enquiry module (9) is connected with the enquiry module (4) of client, in order to support the bright cryptogram search of index and the cryptogram search of support sequential scanning, finally returns to Query Result;
Described key management module (11) is connected with the key management module (2) of client, for storage backup user's master key individual event hashed value, the encryption and decryption key that uses master key to encrypt, the metamessage value of user data attribute, adopts database to realize; Provide interface to accept user's request, carry out key recovery;
Described user management module (12) realizes the management of user account number and access control, comprises registered user, safeguards super administrator and domestic consumer.
9. ciphertext cloud storage system as claimed in claim 8, it is characterized in that, in described storage system, according to user, set, adopt Priority Control Strategies, for the high data of priority, after user request, meet with a response immediately obtaining, set up index, enciphered data, the synchronous operation of upgrading; For the low data of priority,, when client access power supply or inactive state, automatically carry out index foundation, enciphered data, the synchronous operation of upgrading.
10. ciphertext cloud storage system as claimed in claim 8, it is characterized in that, described extension storage ability to connection module (10), comprise: carry is controlled functional module and data operation system, wherein carry is controlled increases mount point submodule being mainly divided into of functional module, delete mount point submodule, obtain mount point information submodule, and data operation modules is mainly divided into general operation interface sub-module and exterior storage Interface realization submodule;
Described increase mount point submodule: user increases outside cloud storage mount point, and mount point information is write in corresponding configuration file;
Described deletion mount point submodule: delete the outside cloud storage mount point of carry, and upgrade corresponding configuration file;
Described acquisition mount point information submodule: obtain the current all mount point information of user;
Described general operation interface sub-module: the general access interface that docks and carry out data interaction with all exterior storage cloud platforms is provided.
11. ciphertext cloud storage systems as claimed in claim 10, is characterized in that, described extension storage ability connection module (10) is also comprised to Amazon S3, Dropbox, HDFS exterior storage type carry out specific implementation to described general operation interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310626060.XA CN103595730B (en) | 2013-11-28 | 2013-11-28 | A kind of ciphertext cloud storage method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310626060.XA CN103595730B (en) | 2013-11-28 | 2013-11-28 | A kind of ciphertext cloud storage method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103595730A true CN103595730A (en) | 2014-02-19 |
| CN103595730B CN103595730B (en) | 2016-06-08 |
Family
ID=50085712
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310626060.XA Expired - Fee Related CN103595730B (en) | 2013-11-28 | 2013-11-28 | A kind of ciphertext cloud storage method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103595730B (en) |
Cited By (90)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103870574A (en) * | 2014-03-18 | 2014-06-18 | 江苏物联网研究发展中心 | Label manufacturing and indexing method based on H. 264 ciphertext cloud video storage |
| CN104572827A (en) * | 2014-12-08 | 2015-04-29 | 北京工业大学 | Mixed search system based on plaintext and ciphertext |
| CN104580395A (en) * | 2014-12-22 | 2015-04-29 | 西安电子科技大学 | Multi-cloud cooperative storage middleware system based on existing cloud storage platform |
| CN104580255A (en) * | 2015-02-02 | 2015-04-29 | 陈梅池 | Terminal equipment authentication method and terminal equipment authentication system based on identification equipment capable of identifying code streams |
| CN104615692A (en) * | 2015-01-23 | 2015-05-13 | 重庆邮电大学 | Search encryption method supporting dynamic updating and multi-keyword safe ranking |
| CN104679816A (en) * | 2014-12-17 | 2015-06-03 | 北京可思云海科技有限公司 | Application method of SQLITE database in embedded system |
| CN104732828A (en) * | 2015-04-07 | 2015-06-24 | 江苏金智教育信息技术有限公司 | E-class taking method and system |
| CN105187379A (en) * | 2015-07-17 | 2015-12-23 | 上海交通大学 | Multi-party distrust-based password split managing method |
| CN105303121A (en) * | 2015-09-30 | 2016-02-03 | 西安电子科技大学 | Safe query method, device and system of high-dimensional spatial data |
| CN105357415A (en) * | 2015-11-09 | 2016-02-24 | 北京奇虎科技有限公司 | Picture encryption and decryption methods and devices |
| CN105391722A (en) * | 2015-11-25 | 2016-03-09 | 湖北工业大学 | Anti-leakage cloud storage method of address list hidden in irises |
| CN105516180A (en) * | 2015-12-30 | 2016-04-20 | 北京金科联信数据科技有限公司 | Cloud secret key authentication system based on public key algorithm |
| CN105610803A (en) * | 2015-12-23 | 2016-05-25 | 浙江工业大学 | Method for protecting privacy of cloud computed big data |
| RU2589861C2 (en) * | 2014-06-20 | 2016-07-10 | Закрытое акционерное общество "Лаборатория Касперского" | System and method of user data encryption |
| CN105959106A (en) * | 2016-06-13 | 2016-09-21 | 四川特伦特科技股份有限公司 | Low-complexity digital encryption method |
| CN106034107A (en) * | 2015-03-11 | 2016-10-19 | 西安酷派软件科技有限公司 | Data processing method and device and intelligent electronic equipment |
| CN106096336A (en) * | 2016-06-13 | 2016-11-09 | 北京京东尚科信息技术有限公司 | Software anti-crack method and system |
| WO2016184221A1 (en) * | 2015-05-15 | 2016-11-24 | 中兴通讯股份有限公司 | Password management method, device and system |
| CN106302449A (en) * | 2016-08-15 | 2017-01-04 | 中国科学院信息工程研究所 | A kind of ciphertext storage cloud service method open with searching ciphertext and system |
| CN106446655A (en) * | 2016-10-28 | 2017-02-22 | 郑建钦 | Method for improving safety of mobile storage |
| CN106485128A (en) * | 2016-10-28 | 2017-03-08 | 鄢碧珠 | A kind of system based on removable storage device fingerprint |
| CN106506148A (en) * | 2016-10-28 | 2017-03-15 | 郑建钦 | A kind of date storage method based on mobile fingerprint |
| CN106529327A (en) * | 2016-10-08 | 2017-03-22 | 西安电子科技大学 | Data access system and method oriented to encryption database under hybrid cloud environment |
| CN106570416A (en) * | 2016-10-28 | 2017-04-19 | 鄢碧珠 | Fingerprint-based cloud storage method |
| CN106570415A (en) * | 2016-10-28 | 2017-04-19 | 郑建钦 | Remote end data storage system |
| CN106844015A (en) * | 2016-12-19 | 2017-06-13 | 北京五八信息技术有限公司 | The data processing method and device of application program |
| CN107194271A (en) * | 2017-04-18 | 2017-09-22 | 华南农业大学 | A kind of shared private cloud storage system of weak center |
| CN107222310A (en) * | 2017-08-01 | 2017-09-29 | 成都大学 | A kind of parallelization processing method of the Ciphertext policy cloud encryption based on encryption attribute |
| CN107451301A (en) * | 2017-09-12 | 2017-12-08 | 彩讯科技股份有限公司 | Processing method, device, equipment and the storage medium of bill mail are delivered in real time |
| CN107566463A (en) * | 2017-08-21 | 2018-01-09 | 北京航空航天大学 | A kind of cloudy storage management system for improving storage availability |
| CN107609870A (en) * | 2017-09-02 | 2018-01-19 | 福建新大陆支付技术有限公司 | More application key management method, system and POS terminals for POS |
| CN107783728A (en) * | 2016-08-31 | 2018-03-09 | 百度在线网络技术(北京)有限公司 | Date storage method, device and equipment |
| CN107893583A (en) * | 2017-10-16 | 2018-04-10 | 杭州软库科技有限公司 | A kind of intelligent door lock system and control method |
| CN107995160A (en) * | 2017-10-26 | 2018-05-04 | 常熟市第人民医院 | A kind of JSON data packet encrypting and decrypting methods based on high in the clouds management and control |
| CN108111587A (en) * | 2017-12-15 | 2018-06-01 | 中山大学 | A kind of cloud storage searching method based on time release |
| CN108173948A (en) * | 2017-12-29 | 2018-06-15 | 中国船舶重工集团公司第七〇九研究所 | A kind of Distributed Experiment data real-time exchange method |
| CN104836862B (en) * | 2015-06-04 | 2018-07-27 | 杭州怪咖网络科技有限公司 | A kind of Intelligent terminal data storage method |
| CN108566431A (en) * | 2018-04-20 | 2018-09-21 | 郑州云海信息技术有限公司 | A kind of distributed memory system and construction method |
| CN108595291A (en) * | 2018-04-01 | 2018-09-28 | 陈丽霞 | A kind of medical data standby system |
| CN108667917A (en) * | 2018-04-24 | 2018-10-16 | 厦门集微科技有限公司 | A kind of method, apparatus, computer storage media and terminal for realizing data storage |
| WO2019006640A1 (en) * | 2017-07-04 | 2019-01-10 | 深圳齐心集团股份有限公司 | Big data management system |
| CN109583221A (en) * | 2018-12-07 | 2019-04-05 | 中国科学院深圳先进技术研究院 | Dropbox system based on cloudy server architecture |
| CN109598145A (en) * | 2018-12-07 | 2019-04-09 | 无锡予果科技有限公司 | It is a kind of to prevent the data divulged a secret transmission and method for cloud storage and system |
| CN109657497A (en) * | 2018-12-21 | 2019-04-19 | 北京思源互联科技有限公司 | Secure file system and its method |
| CN109660604A (en) * | 2018-11-29 | 2019-04-19 | 上海碳蓝网络科技有限公司 | Data access method and equipment |
| CN109726583A (en) * | 2018-12-12 | 2019-05-07 | 西安得安信息技术有限公司 | Cloud data base encryption server system |
| CN109842589A (en) * | 2017-11-27 | 2019-06-04 | 中兴通讯股份有限公司 | A kind of cloud storage encryption method, device, equipment and storage medium |
| CN109858263A (en) * | 2019-01-21 | 2019-06-07 | 北京城市网邻信息技术有限公司 | Search data memory method, apparatus, electronic equipment and storage medium |
| CN109948322A (en) * | 2018-10-25 | 2019-06-28 | 贵州财经大学 | Localize the personal cloud storage data assurance case apparatus and method of encryption protection |
| CN109981267A (en) * | 2019-03-22 | 2019-07-05 | 西安电子科技大学 | Large-scale consumer multi-key cipher scene cloud encrypting database system and storage querying method |
| CN109981634A (en) * | 2019-03-20 | 2019-07-05 | 中共中央办公厅电子科技学院(北京电子科技学院) | A kind of cloud storage system based on cryptographic technique |
| CN110012086A (en) * | 2019-03-27 | 2019-07-12 | 努比亚技术有限公司 | Improve method, terminal and the storage medium of application downloading and installation speed |
| CN110110550A (en) * | 2019-04-19 | 2019-08-09 | 深圳华中科技大学研究院 | It is a kind of support cloud storage can search for encryption method and system |
| TWI669628B (en) * | 2018-07-17 | 2019-08-21 | 關楗股份有限公司 | Token device for conducting cryptography key backup or restoration operation |
| CN110324402A (en) * | 2019-05-08 | 2019-10-11 | 湖南文盾信息技术有限公司 | A kind of credible cloud storage service platform and working method based on trusted users front end |
| CN110378128A (en) * | 2019-06-17 | 2019-10-25 | 深圳壹账通智能科技有限公司 | Data ciphering method, device and terminal device |
| CN110598440A (en) * | 2019-08-08 | 2019-12-20 | 中腾信金融信息服务(上海)有限公司 | Distributed automatic encryption and decryption system |
| CN110609959A (en) * | 2019-09-24 | 2019-12-24 | 珠海格力电器股份有限公司 | Project life cycle-based retrieval method, storage medium and electronic device |
| CN111131138A (en) * | 2019-03-26 | 2020-05-08 | 武汉华工智云科技有限公司 | Intelligent mobile terminal and cloud server interaction system supporting privacy protection |
| CN111143870A (en) * | 2019-12-30 | 2020-05-12 | 兴唐通信科技有限公司 | Distributed encryption storage device, system and encryption and decryption method |
| CN111190870A (en) * | 2019-12-27 | 2020-05-22 | 山东乾云启创信息科技股份有限公司 | Virtual storage method, device and medium based on spread spectrum processor |
| CN111245832A (en) * | 2020-01-13 | 2020-06-05 | 深圳云塔信息技术有限公司 | Encryption system and method for interfacing with cloud storage platform |
| CN111400381A (en) * | 2020-02-28 | 2020-07-10 | 北京致医健康信息技术有限公司 | Data storage method and device, computer equipment and storage medium |
| CN111625843A (en) * | 2019-07-23 | 2020-09-04 | 方盈金泰科技(北京)有限公司 | Data transparent encryption and decryption system suitable for big data platform |
| CN111711671A (en) * | 2020-06-01 | 2020-09-25 | 深圳华中科技大学研究院 | Cloud storage method for efficient ciphertext file updating based on blind storage |
| CN106452770B (en) * | 2015-08-12 | 2020-10-13 | 深圳市腾讯计算机***有限公司 | Data encryption method, data decryption method, device and system |
| CN112000523A (en) * | 2020-08-25 | 2020-11-27 | 浪潮云信息技术股份公司 | Cloud backup system and method |
| CN112134943A (en) * | 2020-09-21 | 2020-12-25 | 李波 | Internet of things cloud storage system and method |
| CN112148739A (en) * | 2020-09-25 | 2020-12-29 | 世融能量科技有限公司 | Ciphertext indexing method and system independent of encryption database |
| CN112543171A (en) * | 2019-09-23 | 2021-03-23 | 上海傲觉网络科技有限公司 | Chat data acquisition encryption management system |
| CN112765671A (en) * | 2021-02-08 | 2021-05-07 | 上海万向区块链股份公司 | Localized data privacy encryption method and system |
| CN113014383A (en) * | 2021-03-10 | 2021-06-22 | 四川九洲空管科技有限责任公司 | Encryption and decryption algorithm test verification device and system for friend or foe identification system |
| CN113225179A (en) * | 2021-04-07 | 2021-08-06 | 卡斯柯信号有限公司 | Encryption method for train controller |
| CN113301095A (en) * | 2020-12-08 | 2021-08-24 | 阿里巴巴集团控股有限公司 | Method and device for providing data of cloud object |
| CN113641694A (en) * | 2021-07-16 | 2021-11-12 | 南京国电南自维美德自动化有限公司 | Massive historical data backup method and recovery method for database |
| CN113703821A (en) * | 2021-08-26 | 2021-11-26 | 北京百度网讯科技有限公司 | Cloud mobile phone updating method, device, equipment and storage medium |
| CN113780798A (en) * | 2021-09-07 | 2021-12-10 | 杭州天宽科技有限公司 | Key index display system based on cloud computing |
| CN113779597A (en) * | 2021-08-19 | 2021-12-10 | 深圳技术大学 | Method, device, equipment and medium for storing and similar retrieving of encrypted document |
| CN113836553A (en) * | 2021-09-22 | 2021-12-24 | 北京计算机技术及应用研究所 | Distributed storage data protection method for dynamic reconstruction of cryptographic algorithm |
| CN113972985A (en) * | 2021-09-02 | 2022-01-25 | 北京电子科技学院 | Private cloud encryption storage method based on cloud cipher machine key management |
| CN113994626A (en) * | 2019-05-22 | 2022-01-28 | 妙泰公司 | Distributed data storage method and system with enhanced security, resiliency and control |
| CN114218597A (en) * | 2021-12-30 | 2022-03-22 | 北京荣达天下信息科技有限公司 | Method and system suitable for privacy data confidentiality inside enterprise |
| CN114218322A (en) * | 2021-12-13 | 2022-03-22 | 深圳市电子商务安全证书管理有限公司 | Data display method, device, equipment and medium based on ciphertext transmission |
| CN114422500A (en) * | 2021-12-29 | 2022-04-29 | 成都鲁易科技有限公司 | Method and device for processing file identification conflict in cloud backup and electronic equipment |
| CN114500073A (en) * | 2022-02-11 | 2022-05-13 | 浪潮云信息技术股份公司 | User data cut-over method and system supporting privacy protection in cloud storage system |
| CN115329389A (en) * | 2022-10-17 | 2022-11-11 | 中安网脉(北京)技术股份有限公司 | File protection system and method based on data sandbox |
| CN116541348A (en) * | 2023-03-22 | 2023-08-04 | 河北热点科技股份有限公司 | Intelligent data storage method and terminal query integrated machine |
| CN116976884A (en) * | 2023-08-06 | 2023-10-31 | 唐山骅驰科技有限责任公司 | Transaction data processing method based on cloud storage and NFC |
| CN117972712A (en) * | 2023-12-29 | 2024-05-03 | 北京辰光融信技术有限公司 | Firmware updating method, device, computer equipment and computer storage medium |
| CN117972712B (en) * | 2023-12-29 | 2024-07-02 | 北京辰光融信技术有限公司 | Firmware updating method, device, computer equipment and computer storage medium |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110516460B (en) * | 2019-08-29 | 2021-05-14 | 重庆市筑智建信息技术有限公司 | Encryption security method and system for BIM data |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588365A (en) * | 2004-08-02 | 2005-03-02 | 中国科学院计算机网络信息中心 | Ciphertext global search technology |
| CN102024054A (en) * | 2010-12-10 | 2011-04-20 | 中国科学院软件研究所 | Ciphertext cloud-storage oriented document retrieval method and system |
| CN102075542A (en) * | 2011-01-26 | 2011-05-25 | 中国科学院软件研究所 | Cloud computing data security supporting platform |
| CN102428686A (en) * | 2009-05-19 | 2012-04-25 | 安全第一公司 | Systems and methods for securing data in the cloud |
| CN102708216A (en) * | 2012-06-28 | 2012-10-03 | 北京邮电大学 | Word-segmentation organizing method and clustering method for ciphertext search |
| CN103345526A (en) * | 2013-07-22 | 2013-10-09 | 武汉大学 | Efficient privacy protection encrypted message querying method in cloud environment |
-
2013
- 2013-11-28 CN CN201310626060.XA patent/CN103595730B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588365A (en) * | 2004-08-02 | 2005-03-02 | 中国科学院计算机网络信息中心 | Ciphertext global search technology |
| CN102428686A (en) * | 2009-05-19 | 2012-04-25 | 安全第一公司 | Systems and methods for securing data in the cloud |
| CN102024054A (en) * | 2010-12-10 | 2011-04-20 | 中国科学院软件研究所 | Ciphertext cloud-storage oriented document retrieval method and system |
| CN102075542A (en) * | 2011-01-26 | 2011-05-25 | 中国科学院软件研究所 | Cloud computing data security supporting platform |
| CN102708216A (en) * | 2012-06-28 | 2012-10-03 | 北京邮电大学 | Word-segmentation organizing method and clustering method for ciphertext search |
| CN103345526A (en) * | 2013-07-22 | 2013-10-09 | 武汉大学 | Efficient privacy protection encrypted message querying method in cloud environment |
Cited By (134)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103870574A (en) * | 2014-03-18 | 2014-06-18 | 江苏物联网研究发展中心 | Label manufacturing and indexing method based on H. 264 ciphertext cloud video storage |
| CN103870574B (en) * | 2014-03-18 | 2017-03-08 | 江苏物联网研究发展中心 | Forming label based on the storage of H.264 ciphertext cloud video and indexing means |
| RU2589861C2 (en) * | 2014-06-20 | 2016-07-10 | Закрытое акционерное общество "Лаборатория Касперского" | System and method of user data encryption |
| US9596221B2 (en) | 2014-06-20 | 2017-03-14 | AO Kaspersky Lab | Encryption of user data for storage in a cloud server |
| CN104572827A (en) * | 2014-12-08 | 2015-04-29 | 北京工业大学 | Mixed search system based on plaintext and ciphertext |
| CN104572827B (en) * | 2014-12-08 | 2017-12-15 | 北京工业大学 | It is a kind of based on across plaintext and the Hybrid Search system of ciphertext |
| CN104679816A (en) * | 2014-12-17 | 2015-06-03 | 北京可思云海科技有限公司 | Application method of SQLITE database in embedded system |
| CN104679816B (en) * | 2014-12-17 | 2018-02-06 | 上海彩亿信息技术有限公司 | A kind of SQLITE database application methods under embedded system |
| CN104580395A (en) * | 2014-12-22 | 2015-04-29 | 西安电子科技大学 | Multi-cloud cooperative storage middleware system based on existing cloud storage platform |
| CN104580395B (en) * | 2014-12-22 | 2018-02-23 | 西安电子科技大学 | A kind of cloudy collaboration Storage Middleware Applying system based on existing cloud storage platform |
| CN104615692A (en) * | 2015-01-23 | 2015-05-13 | 重庆邮电大学 | Search encryption method supporting dynamic updating and multi-keyword safe ranking |
| CN104615692B (en) * | 2015-01-23 | 2017-09-19 | 重庆邮电大学 | It is a kind of to support that dynamic updates and multiple key safe ordering can search for encryption method |
| CN104580255B (en) * | 2015-02-02 | 2017-12-12 | 广州邻礼信息科技有限公司 | Authentication method and system of the identification equipment based on recognizable code stream to terminal device |
| CN104580255A (en) * | 2015-02-02 | 2015-04-29 | 陈梅池 | Terminal equipment authentication method and terminal equipment authentication system based on identification equipment capable of identifying code streams |
| CN106034107B (en) * | 2015-03-11 | 2019-12-10 | 西安酷派软件科技有限公司 | Data processing method and device and intelligent electronic equipment |
| CN106034107A (en) * | 2015-03-11 | 2016-10-19 | 西安酷派软件科技有限公司 | Data processing method and device and intelligent electronic equipment |
| CN104732828A (en) * | 2015-04-07 | 2015-06-24 | 江苏金智教育信息技术有限公司 | E-class taking method and system |
| WO2016184221A1 (en) * | 2015-05-15 | 2016-11-24 | 中兴通讯股份有限公司 | Password management method, device and system |
| CN104836862B (en) * | 2015-06-04 | 2018-07-27 | 杭州怪咖网络科技有限公司 | A kind of Intelligent terminal data storage method |
| CN105187379B (en) * | 2015-07-17 | 2018-10-23 | 上海交通大学 | Password based on multi-party mutual mistrust splits management method |
| CN105187379A (en) * | 2015-07-17 | 2015-12-23 | 上海交通大学 | Multi-party distrust-based password split managing method |
| CN106452770B (en) * | 2015-08-12 | 2020-10-13 | 深圳市腾讯计算机***有限公司 | Data encryption method, data decryption method, device and system |
| CN105303121B (en) * | 2015-09-30 | 2018-05-25 | 西安电子科技大学 | The Safety query method, apparatus and system of a kind of High dimensional space data |
| CN105303121A (en) * | 2015-09-30 | 2016-02-03 | 西安电子科技大学 | Safe query method, device and system of high-dimensional spatial data |
| CN105357415A (en) * | 2015-11-09 | 2016-02-24 | 北京奇虎科技有限公司 | Picture encryption and decryption methods and devices |
| CN105357415B (en) * | 2015-11-09 | 2017-12-08 | 北京奇虎科技有限公司 | Image ciphering, the method and device of decryption |
| CN105391722A (en) * | 2015-11-25 | 2016-03-09 | 湖北工业大学 | Anti-leakage cloud storage method of address list hidden in irises |
| CN105610803A (en) * | 2015-12-23 | 2016-05-25 | 浙江工业大学 | Method for protecting privacy of cloud computed big data |
| CN105516180A (en) * | 2015-12-30 | 2016-04-20 | 北京金科联信数据科技有限公司 | Cloud secret key authentication system based on public key algorithm |
| CN105959106A (en) * | 2016-06-13 | 2016-09-21 | 四川特伦特科技股份有限公司 | Low-complexity digital encryption method |
| CN106096336B (en) * | 2016-06-13 | 2019-01-29 | 北京京东尚科信息技术有限公司 | Software anti-crack method and system |
| CN106096336A (en) * | 2016-06-13 | 2016-11-09 | 北京京东尚科信息技术有限公司 | Software anti-crack method and system |
| CN105959106B (en) * | 2016-06-13 | 2019-04-02 | 四川特伦特科技股份有限公司 | A kind of low-complexity digital encryption method |
| CN106302449B (en) * | 2016-08-15 | 2019-10-11 | 中国科学院信息工程研究所 | A kind of storage of ciphertext and the open cloud service method of searching ciphertext and system |
| CN106302449A (en) * | 2016-08-15 | 2017-01-04 | 中国科学院信息工程研究所 | A kind of ciphertext storage cloud service method open with searching ciphertext and system |
| CN107783728A (en) * | 2016-08-31 | 2018-03-09 | 百度在线网络技术(北京)有限公司 | Date storage method, device and equipment |
| CN106529327A (en) * | 2016-10-08 | 2017-03-22 | 西安电子科技大学 | Data access system and method oriented to encryption database under hybrid cloud environment |
| CN106570416A (en) * | 2016-10-28 | 2017-04-19 | 鄢碧珠 | Fingerprint-based cloud storage method |
| CN106446655A (en) * | 2016-10-28 | 2017-02-22 | 郑建钦 | Method for improving safety of mobile storage |
| CN106485128A (en) * | 2016-10-28 | 2017-03-08 | 鄢碧珠 | A kind of system based on removable storage device fingerprint |
| CN106506148A (en) * | 2016-10-28 | 2017-03-15 | 郑建钦 | A kind of date storage method based on mobile fingerprint |
| CN106570415A (en) * | 2016-10-28 | 2017-04-19 | 郑建钦 | Remote end data storage system |
| CN106844015B (en) * | 2016-12-19 | 2020-03-24 | 北京五八信息技术有限公司 | Data processing method and device for application program |
| CN106844015A (en) * | 2016-12-19 | 2017-06-13 | 北京五八信息技术有限公司 | The data processing method and device of application program |
| CN107194271A (en) * | 2017-04-18 | 2017-09-22 | 华南农业大学 | A kind of shared private cloud storage system of weak center |
| WO2019006640A1 (en) * | 2017-07-04 | 2019-01-10 | 深圳齐心集团股份有限公司 | Big data management system |
| CN107222310A (en) * | 2017-08-01 | 2017-09-29 | 成都大学 | A kind of parallelization processing method of the Ciphertext policy cloud encryption based on encryption attribute |
| CN107566463A (en) * | 2017-08-21 | 2018-01-09 | 北京航空航天大学 | A kind of cloudy storage management system for improving storage availability |
| CN107609870A (en) * | 2017-09-02 | 2018-01-19 | 福建新大陆支付技术有限公司 | More application key management method, system and POS terminals for POS |
| CN107609870B (en) * | 2017-09-02 | 2023-05-30 | 福建新大陆支付技术有限公司 | Multi-application key management method and system for POS (point of sale) and POS terminal |
| CN107451301A (en) * | 2017-09-12 | 2017-12-08 | 彩讯科技股份有限公司 | Processing method, device, equipment and the storage medium of bill mail are delivered in real time |
| CN107893583A (en) * | 2017-10-16 | 2018-04-10 | 杭州软库科技有限公司 | A kind of intelligent door lock system and control method |
| CN107995160A (en) * | 2017-10-26 | 2018-05-04 | 常熟市第人民医院 | A kind of JSON data packet encrypting and decrypting methods based on high in the clouds management and control |
| CN109842589A (en) * | 2017-11-27 | 2019-06-04 | 中兴通讯股份有限公司 | A kind of cloud storage encryption method, device, equipment and storage medium |
| CN108111587A (en) * | 2017-12-15 | 2018-06-01 | 中山大学 | A kind of cloud storage searching method based on time release |
| CN108111587B (en) * | 2017-12-15 | 2020-11-06 | 中山大学 | Cloud storage searching method based on time release |
| CN108173948B (en) * | 2017-12-29 | 2020-12-04 | 中国船舶重工集团公司第七一九研究所 | Distributed test data real-time exchange method |
| CN108173948A (en) * | 2017-12-29 | 2018-06-15 | 中国船舶重工集团公司第七〇九研究所 | A kind of Distributed Experiment data real-time exchange method |
| CN108595291B (en) * | 2018-04-01 | 2021-08-31 | 山东协和学院 | Medical data backup system |
| CN108595291A (en) * | 2018-04-01 | 2018-09-28 | 陈丽霞 | A kind of medical data standby system |
| CN108566431A (en) * | 2018-04-20 | 2018-09-21 | 郑州云海信息技术有限公司 | A kind of distributed memory system and construction method |
| CN108667917B (en) * | 2018-04-24 | 2021-12-07 | 厦门集微科技有限公司 | Method and device for realizing data storage, computer storage medium and terminal |
| CN108667917A (en) * | 2018-04-24 | 2018-10-16 | 厦门集微科技有限公司 | A kind of method, apparatus, computer storage media and terminal for realizing data storage |
| TWI669628B (en) * | 2018-07-17 | 2019-08-21 | 關楗股份有限公司 | Token device for conducting cryptography key backup or restoration operation |
| CN109948322B (en) * | 2018-10-25 | 2023-03-21 | 贵州财经大学 | Personal cloud storage data safe box device and method for localized encryption protection |
| CN109948322A (en) * | 2018-10-25 | 2019-06-28 | 贵州财经大学 | Localize the personal cloud storage data assurance case apparatus and method of encryption protection |
| CN109660604B (en) * | 2018-11-29 | 2023-04-07 | 上海碳蓝网络科技有限公司 | Data access method and equipment |
| CN109660604A (en) * | 2018-11-29 | 2019-04-19 | 上海碳蓝网络科技有限公司 | Data access method and equipment |
| CN109583221A (en) * | 2018-12-07 | 2019-04-05 | 中国科学院深圳先进技术研究院 | Dropbox system based on cloudy server architecture |
| CN109598145A (en) * | 2018-12-07 | 2019-04-09 | 无锡予果科技有限公司 | It is a kind of to prevent the data divulged a secret transmission and method for cloud storage and system |
| CN109726583A (en) * | 2018-12-12 | 2019-05-07 | 西安得安信息技术有限公司 | Cloud data base encryption server system |
| CN109657497B (en) * | 2018-12-21 | 2023-06-13 | 北京思源理想控股集团有限公司 | Secure file system and method thereof |
| CN109657497A (en) * | 2018-12-21 | 2019-04-19 | 北京思源互联科技有限公司 | Secure file system and its method |
| CN109858263A (en) * | 2019-01-21 | 2019-06-07 | 北京城市网邻信息技术有限公司 | Search data memory method, apparatus, electronic equipment and storage medium |
| CN109858263B (en) * | 2019-01-21 | 2021-05-14 | 北京城市网邻信息技术有限公司 | Data storage and retrieval method and device, electronic equipment and storage medium |
| CN109981634A (en) * | 2019-03-20 | 2019-07-05 | 中共中央办公厅电子科技学院(北京电子科技学院) | A kind of cloud storage system based on cryptographic technique |
| CN109981267B (en) * | 2019-03-22 | 2021-06-08 | 西安电子科技大学 | Large-scale user multi-key scene cloud encryption database system and storage query method |
| CN109981267A (en) * | 2019-03-22 | 2019-07-05 | 西安电子科技大学 | Large-scale consumer multi-key cipher scene cloud encrypting database system and storage querying method |
| CN111131138A (en) * | 2019-03-26 | 2020-05-08 | 武汉华工智云科技有限公司 | Intelligent mobile terminal and cloud server interaction system supporting privacy protection |
| CN110012086B (en) * | 2019-03-27 | 2023-10-20 | 努比亚技术有限公司 | Method, terminal and storage medium for improving application downloading and installation speed |
| CN110012086A (en) * | 2019-03-27 | 2019-07-12 | 努比亚技术有限公司 | Improve method, terminal and the storage medium of application downloading and installation speed |
| CN110110550A (en) * | 2019-04-19 | 2019-08-09 | 深圳华中科技大学研究院 | It is a kind of support cloud storage can search for encryption method and system |
| CN110110550B (en) * | 2019-04-19 | 2023-05-09 | 深圳华中科技大学研究院 | Searchable encryption method and system supporting cloud storage |
| CN110324402A (en) * | 2019-05-08 | 2019-10-11 | 湖南文盾信息技术有限公司 | A kind of credible cloud storage service platform and working method based on trusted users front end |
| CN110324402B (en) * | 2019-05-08 | 2022-03-11 | 湖南文盾信息技术有限公司 | Trusted cloud storage service platform based on trusted user front end and working method |
| CN113994626A (en) * | 2019-05-22 | 2022-01-28 | 妙泰公司 | Distributed data storage method and system with enhanced security, resiliency and control |
| CN110378128A (en) * | 2019-06-17 | 2019-10-25 | 深圳壹账通智能科技有限公司 | Data ciphering method, device and terminal device |
| CN111625843A (en) * | 2019-07-23 | 2020-09-04 | 方盈金泰科技(北京)有限公司 | Data transparent encryption and decryption system suitable for big data platform |
| CN110598440B (en) * | 2019-08-08 | 2023-05-09 | 中腾信金融信息服务(上海)有限公司 | Distributed automatic encryption and decryption system |
| CN110598440A (en) * | 2019-08-08 | 2019-12-20 | 中腾信金融信息服务(上海)有限公司 | Distributed automatic encryption and decryption system |
| CN112543171A (en) * | 2019-09-23 | 2021-03-23 | 上海傲觉网络科技有限公司 | Chat data acquisition encryption management system |
| CN110609959B (en) * | 2019-09-24 | 2023-10-24 | 珠海格力电器股份有限公司 | Retrieval method based on project lifecycle, storage medium and electronic equipment |
| CN110609959A (en) * | 2019-09-24 | 2019-12-24 | 珠海格力电器股份有限公司 | Project life cycle-based retrieval method, storage medium and electronic device |
| CN111190870A (en) * | 2019-12-27 | 2020-05-22 | 山东乾云启创信息科技股份有限公司 | Virtual storage method, device and medium based on spread spectrum processor |
| CN111143870B (en) * | 2019-12-30 | 2022-05-13 | 兴唐通信科技有限公司 | Distributed encryption storage device, system and encryption and decryption method |
| CN111143870A (en) * | 2019-12-30 | 2020-05-12 | 兴唐通信科技有限公司 | Distributed encryption storage device, system and encryption and decryption method |
| CN111245832A (en) * | 2020-01-13 | 2020-06-05 | 深圳云塔信息技术有限公司 | Encryption system and method for interfacing with cloud storage platform |
| CN111400381A (en) * | 2020-02-28 | 2020-07-10 | 北京致医健康信息技术有限公司 | Data storage method and device, computer equipment and storage medium |
| CN111400381B (en) * | 2020-02-28 | 2024-05-10 | 北京致医健康信息技术有限公司 | Data storage method, device, computer equipment and storage medium |
| CN111711671A (en) * | 2020-06-01 | 2020-09-25 | 深圳华中科技大学研究院 | Cloud storage method for efficient ciphertext file updating based on blind storage |
| CN112000523A (en) * | 2020-08-25 | 2020-11-27 | 浪潮云信息技术股份公司 | Cloud backup system and method |
| CN112134943A (en) * | 2020-09-21 | 2020-12-25 | 李波 | Internet of things cloud storage system and method |
| CN112134943B (en) * | 2020-09-21 | 2023-08-22 | 李波 | Internet of things cloud storage system and method |
| CN112148739A (en) * | 2020-09-25 | 2020-12-29 | 世融能量科技有限公司 | Ciphertext indexing method and system independent of encryption database |
| CN112148739B (en) * | 2020-09-25 | 2023-12-29 | 世融能量科技有限公司 | Ciphertext index method and system independent of encryption database |
| CN113301095A (en) * | 2020-12-08 | 2021-08-24 | 阿里巴巴集团控股有限公司 | Method and device for providing data of cloud object |
| CN113301095B (en) * | 2020-12-08 | 2024-05-10 | 阿里巴巴集团控股有限公司 | Method and device for providing data of cloud object |
| CN112765671A (en) * | 2021-02-08 | 2021-05-07 | 上海万向区块链股份公司 | Localized data privacy encryption method and system |
| CN112765671B (en) * | 2021-02-08 | 2021-09-21 | 上海万向区块链股份公司 | Localized data privacy encryption method and system |
| CN113014383A (en) * | 2021-03-10 | 2021-06-22 | 四川九洲空管科技有限责任公司 | Encryption and decryption algorithm test verification device and system for friend or foe identification system |
| CN113225179A (en) * | 2021-04-07 | 2021-08-06 | 卡斯柯信号有限公司 | Encryption method for train controller |
| CN113641694B (en) * | 2021-07-16 | 2023-12-22 | 南京国电南自维美德自动化有限公司 | Database massive historical data backup method and database massive historical data recovery method |
| CN113641694A (en) * | 2021-07-16 | 2021-11-12 | 南京国电南自维美德自动化有限公司 | Massive historical data backup method and recovery method for database |
| CN113779597B (en) * | 2021-08-19 | 2023-08-18 | 深圳技术大学 | Method, device, equipment and medium for storing and similar searching of encrypted document |
| CN113779597A (en) * | 2021-08-19 | 2021-12-10 | 深圳技术大学 | Method, device, equipment and medium for storing and similar retrieving of encrypted document |
| CN113703821A (en) * | 2021-08-26 | 2021-11-26 | 北京百度网讯科技有限公司 | Cloud mobile phone updating method, device, equipment and storage medium |
| CN113972985A (en) * | 2021-09-02 | 2022-01-25 | 北京电子科技学院 | Private cloud encryption storage method based on cloud cipher machine key management |
| CN113780798B (en) * | 2021-09-07 | 2024-05-28 | 杭州天宽科技有限公司 | Key index display system based on cloud computing |
| CN113780798A (en) * | 2021-09-07 | 2021-12-10 | 杭州天宽科技有限公司 | Key index display system based on cloud computing |
| CN113836553B (en) * | 2021-09-22 | 2023-10-20 | 北京计算机技术及应用研究所 | Distributed storage data protection method for dynamic reconstruction of cryptographic algorithm |
| CN113836553A (en) * | 2021-09-22 | 2021-12-24 | 北京计算机技术及应用研究所 | Distributed storage data protection method for dynamic reconstruction of cryptographic algorithm |
| CN114218322A (en) * | 2021-12-13 | 2022-03-22 | 深圳市电子商务安全证书管理有限公司 | Data display method, device, equipment and medium based on ciphertext transmission |
| CN114422500B (en) * | 2021-12-29 | 2023-05-09 | 成都鲁易科技有限公司 | Method and device for processing file identification conflict in cloud backup and electronic equipment |
| CN114422500A (en) * | 2021-12-29 | 2022-04-29 | 成都鲁易科技有限公司 | Method and device for processing file identification conflict in cloud backup and electronic equipment |
| CN114218597A (en) * | 2021-12-30 | 2022-03-22 | 北京荣达天下信息科技有限公司 | Method and system suitable for privacy data confidentiality inside enterprise |
| CN114218597B (en) * | 2021-12-30 | 2023-10-10 | 北京荣达天下信息科技有限公司 | Method and system suitable for privacy data confidentiality in enterprises |
| CN114500073B (en) * | 2022-02-11 | 2024-04-12 | 浪潮云信息技术股份公司 | User data cutting method and system supporting privacy protection in cloud storage system |
| CN114500073A (en) * | 2022-02-11 | 2022-05-13 | 浪潮云信息技术股份公司 | User data cut-over method and system supporting privacy protection in cloud storage system |
| CN115329389A (en) * | 2022-10-17 | 2022-11-11 | 中安网脉(北京)技术股份有限公司 | File protection system and method based on data sandbox |
| CN116541348B (en) * | 2023-03-22 | 2023-09-26 | 河北热点科技股份有限公司 | Intelligent data storage method and terminal query integrated machine |
| CN116541348A (en) * | 2023-03-22 | 2023-08-04 | 河北热点科技股份有限公司 | Intelligent data storage method and terminal query integrated machine |
| CN116976884A (en) * | 2023-08-06 | 2023-10-31 | 唐山骅驰科技有限责任公司 | Transaction data processing method based on cloud storage and NFC |
| CN117972712A (en) * | 2023-12-29 | 2024-05-03 | 北京辰光融信技术有限公司 | Firmware updating method, device, computer equipment and computer storage medium |
| CN117972712B (en) * | 2023-12-29 | 2024-07-02 | 北京辰光融信技术有限公司 | Firmware updating method, device, computer equipment and computer storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103595730B (en) | 2016-06-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103595730B (en) | A kind of ciphertext cloud storage method and system | |
| CN106302449B (en) | A kind of storage of ciphertext and the open cloud service method of searching ciphertext and system | |
| KR102243754B1 (en) | Data isolation in blockchain networks | |
| US20220407725A1 (en) | File storage method, terminal, and storage medium | |
| US10762229B2 (en) | Secure searchable and shareable remote storage system and method | |
| US10445517B1 (en) | Protecting data in insecure cloud storage | |
| JP6810172B2 (en) | Distributed data system with document management and access control | |
| US10536459B2 (en) | Document management systems and methods | |
| CN102075542B (en) | Cloud computing data security supporting platform | |
| CN103023875B (en) | A kind of account management system and method | |
| US8949268B2 (en) | Method and system to capture, share and find information and relationships | |
| EP2107485A2 (en) | Secure Peer-To-Peer Distribution of an Updatable Keyring | |
| CN102685148A (en) | Method for realizing secure network backup system under cloud storage environment | |
| CN104023085A (en) | Security cloud storage system based on increment synchronization | |
| CN103180842A (en) | Cloud computing system and data synchronization method therefor | |
| US11256662B2 (en) | Distributed ledger system | |
| US9930063B2 (en) | Random identifier generation for offline database | |
| CN104580395A (en) | Multi-cloud cooperative storage middleware system based on existing cloud storage platform | |
| JP2011198325A (en) | Method and system for performing safe bringing-out of file data to outside | |
| CN112559252B (en) | Configuration data management method and device based on attribute classification | |
| CN102932468A (en) | Shared data access method | |
| Antoine et al. | Social networking on top of the WebdamExchange system | |
| Lakhe et al. | Introducing Hadoop | |
| Gabel et al. | Secure database outsourcing to the cloud using the mimosecco middleware | |
| RAJA et al. | Assemblage Interrogatives Information Basis as a Service Pattern |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160608 Termination date: 20161128 |