CN103699850A - Method and device for processing files under cloud environment - Google Patents
Method and device for processing files under cloud environment Download PDFInfo
- Publication number
- CN103699850A CN103699850A CN201310753166.6A CN201310753166A CN103699850A CN 103699850 A CN103699850 A CN 103699850A CN 201310753166 A CN201310753166 A CN 201310753166A CN 103699850 A CN103699850 A CN 103699850A
- Authority
- CN
- China
- Prior art keywords
- file
- user
- needs
- key
- processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a device for processing files under a cloud environment. The method includes receiving a file processing request from a user; invoking a secret key corresponding to identity of the user; utilizing the invoked secret key to process the files that the user requests to process. By the method and the device, the files of the user can be processed only through the secret key corresponding to the identity of the user, so that further confidential treatment is performed on personal data files of the user, and personal privacy leakage is prevented.
Description
Technical field
The present invention relates to computer realm, especially, relate to document handling method and device under a kind of cloud environment.
Background technology
Under cloud computing environment, each user's data are to be stored in above remote disk, conventionally only have user oneself just can see the data of oneself, but if the words of the root of system login, will gather around systematic all authorities, that is to say that the user who has root authority can see proprietary data.
For file in correlation technique, easily by user under non-, viewed, the problem that causes individual privacy to be invaded, not yet proposes effective solution at present.
Summary of the invention
For file in correlation technique, easily by user under non-, viewed, the problem that causes individual privacy to be invaded, the present invention proposes document handling method and the device under a kind of cloud environment, can carry out confidential treatment to the data of individual subscriber, prevents individual privacy leakage.
Technical scheme of the present invention is achieved in that
According to an aspect of the present invention, provide the document handling method under a kind of cloud environment.
This document disposal route comprises:
Reception is from user's file processing request;
Call the key corresponding with user's identity;
The key that utilization is called asks the file of processing to be processed to user.
And, in file processing request, representing that user asks in the situation that storage file in the file system of cloud platform, document handling method further comprises:
Reception is from the file of user's needs storage;
And, utilize the key calling to ask the file of processing to be processed to user and comprise:
Utilize user's key to be encrypted the file of needs storage, and the file after encrypting is stored in to the file system of cloud platform.
Wherein, receiving the file of storing from user's needs comprises:
Receive the byte stream of the file that needs storage;
And, utilize user's key that the file of needs storage is encrypted and is comprised:
The byte stream receiving is carried out to burst processing, obtain a plurality of fragment datas;
To each fragment data be encrypted respectively and storage encryption after fragment data.
And, in the situation that file processing request represents that user asks to open file from the file system of cloud platform, utilize the key calling to ask the file of processing to be processed to user and comprise:
The file of from the file system of cloud platform, needs being opened is read, and utilizes the file that user's key is opened needs to be decrypted, and the file after deciphering is sent to user.
Preferably, the file of from the file system of cloud platform, needs being opened is read and is comprised:
Read the byte stream of the file that need to open;
The byte stream reading is carried out to burst processing, obtain a plurality of fragment datas;
Utilize user's key to be decrypted each fragment data.
According to an aspect of the present invention, provide the document handling apparatus under a kind of cloud environment.
This document treating apparatus comprises:
Receiver module, for receiving the file processing request from user;
Calling module, for calling the key corresponding with user's identity;
Processing module, for utilizing the key calling to ask the file of processing to be processed to user.
And, in file processing request, representing that user asks in the situation that storage file in the file system of cloud platform, receiver module is further used for receiving the file from user's needs storage;
And processing module is further used for utilizing user's key to be encrypted the file of needs storage, and the file after encrypting is stored in to the file system of cloud platform.
Wherein, when receiving the file of storing from user's needs, receiver module is for receiving the byte stream of the file that needs storage;
And processing module, for the byte stream receiving is carried out to burst processing, obtains a plurality of fragment datas, and for each fragment data is encrypted respectively and storage encryption after fragment data.
Preferably, in the situation that file processing request represents that user asks to open file from the file system of cloud platform, processing module is read for the file of needs being opened from the file system of cloud platform, utilize the file that user's key is opened needs to be decrypted, and the file after deciphering is sent to user.
Further, when the file of the file system from cloud platform, needs being opened is read, processing module, for reading the byte stream of the file that need to open, is carried out burst processing to the byte stream reading, and obtains a plurality of fragment datas; And, utilize user's key to be decrypted each fragment data.
The present invention could process user's file by key corresponding to user's identity, thereby the data file of individual subscriber has been carried out to further confidential treatment, prevents individual privacy leakage.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is according to the process flow diagram of the document handling method of the embodiment of the present invention;
Fig. 2 is the principle schematic of opaque encrypted file system according to an embodiment of the invention;
Fig. 3 is the process flow diagram of writing in files step according to an embodiment of the invention;
Fig. 4 is the process flow diagram of file reading according to one embodiment of present invention;
Fig. 5 is according to the block diagram of the document handling apparatus of the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, the every other embodiment that those of ordinary skills obtain, belongs to the scope of protection of the invention.
According to embodiments of the invention, provide the document handling method under a kind of cloud environment.
As shown in Figure 1, according to the document handling method of the embodiment of the present invention, comprise:
Step S101, receives the file processing request from user;
Step S103, calls the key corresponding with user's identity;
Step S105, utilizes the key calling to ask the file of processing to be processed to user.
And, in file processing request, representing that user asks in the situation that storage file in the file system of cloud platform, document handling method can further receive the file from user's needs storage; And, utilize the key calling to ask the file of processing to be processed to user and comprise: utilize user's key to be encrypted the file of needs storage, and the file after encrypting is stored in to the file system of cloud platform.
Wherein, receive the byte stream that the file of storing from user's needs can receive the file that needs storage; And, utilize user's key that the file of needs storage is encrypted and is comprised: the byte stream receiving to be carried out to burst processing, obtain a plurality of fragment datas; Then to each fragment data be encrypted respectively and storage encryption after fragment data.
And, in the situation that file processing request represents that user asks to open file from the file system of cloud platform, utilize the key calling to ask the file of processing to be processed to user and comprise:
The file of from the file system of cloud platform, needs being opened is read, and utilizes the file that user's key is opened needs to be decrypted, and the file after deciphering is sent to user.
Preferably, the file of from the file system of cloud platform, needs being opened is read and is comprised:
Read the byte stream of the file that need to open;
The byte stream reading is carried out to burst processing, obtain a plurality of fragment datas;
Utilize user's key to be decrypted each fragment data.
Fig. 2 is the principle schematic of opaque encrypted file system according to an embodiment of the invention, and common file system adds authentication, key management and data encryption module, forms the encrypted file system that different user produces different keys.Opaque file system comprises multiple order, comprises fopen, fclose, fseek, fread etc.
Shown in Fig. 3, be the process flow diagram of writing in files step according to one embodiment of present invention, comprise:
Detect user and click save button;
Read the throttling of user's input word;
Byte stream burst is processed;
Obtain user key;
Encrypt fragment data;
Judge whether to arrive end of file, if otherwise return to last step;
If it is the data of having encrypted are preserved to disk.
Shown in Fig. 4, be the process flow diagram of file reading according to one embodiment of present invention, comprise:
User's open file operation;
Read user file byte stream;
Byte stream burst is processed;
Obtain user key;
Deciphering fragment data;
Judge whether to arrive end of file, if otherwise return to last step;
If it is declassified document is returned to user.
Existing storage scheme has parallel storage, cloud dish and common file system etc., the function of these storages is to be all made in above the file system of this province of operating system, user's data are exactly that stored in clear is on disk, use after opaque encrypted file system, user's data encryption not only again server end encrypt, and access that can anti-locking system power user root.
In an embodiment of the present invention, in file system, not only added authenticating user identification module, but also key management and authentication module have been added, when this file encryption system mount to root file system time, will point out user to input user cipher, system produces a key according to this password again and deposits key management module in, each user of system has a key like this, when data having been detected and write, key with regard to invoke user carries out data encryption storage, in the time of user's sense data, just the file of reading is decrypted, then return to user, like this, just accomplished this user, accessing file is transparent, concerning other users, accessing file is opaque.
According to embodiments of the invention, provide the document handling apparatus under a kind of cloud environment.
As shown in Figure 5, according to the document handling apparatus of the embodiment of the present invention, comprise:
Calling module 52, for calling the key corresponding with user's identity;
And, in file processing request, representing that user asks in the situation that storage file in the file system of cloud platform, receiver module is further used for receiving the file from user's needs storage;
And processing module is further used for utilizing user's key to be encrypted the file of needs storage, and the file after encrypting is stored in to the file system of cloud platform.
Wherein, when receiving the file of storing from user's needs, receiver module is for receiving the byte stream of the file that needs storage;
And processing module, for the byte stream receiving is carried out to burst processing, obtains a plurality of fragment datas, and for each fragment data is encrypted respectively and storage encryption after fragment data.
Preferably, in the situation that file processing request represents that user asks to open file from the file system of cloud platform, processing module is read for the file of needs being opened from the file system of cloud platform, utilize the file that user's key is opened needs to be decrypted, and the file after deciphering is sent to user.
Further, when the file of the file system from cloud platform, needs being opened is read, processing module, for reading the byte stream of the file that need to open, is carried out burst processing to the byte stream reading, and obtains a plurality of fragment datas; And, utilize user's key to be decrypted each fragment data.
In sum, by means of technique scheme of the present invention, by the key that user's identity is corresponding, could process user's file, thereby the data file of individual subscriber has been carried out to further confidential treatment, prevent individual privacy leakage, technical scheme of the present invention provides a kind of opaque encrypted file system, each user has the key of oneself, when reading, be expressly, it when writing, is ciphertext, needn't first encrypt again and store when user's deposit data like this, by the function of opaque encrypted file system, just can reach the effect of encryption.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (10)
1. the document handling method under cloud environment, is characterized in that, comprising:
Reception is from user's file processing request;
Call the key corresponding with described user's identity;
The described key that utilization is called asks the file of processing to be processed to described user.
2. document handling method according to claim 1, is characterized in that, in described file processing request, represents that user asks in the situation that storage file in the file system of cloud platform, and described document handling method further comprises:
Reception is from the file of user's needs storage;
And, utilize the described key calling to ask the file of processing to be processed to described user and comprise:
Utilize described user's key to be encrypted the described file of storage that needs, and the file after encrypting is stored in to the file system of described cloud platform.
3. document handling method according to claim 2, is characterized in that, receives the file of storing from user's needs and comprises:
Receive the described byte stream that needs the file of storage;
And, utilize described user's key that the described file that need to store is encrypted and is comprised:
The byte stream receiving is carried out to burst processing, obtain a plurality of fragment datas;
To each fragment data be encrypted respectively and storage encryption after fragment data.
4. document handling method according to claim 1, it is characterized in that, in the situation that described file processing request represents that user asks to open file from the file system of cloud platform, utilize the described key calling to ask the file of processing to be processed to described user and comprise:
The file of from the described file system of cloud platform, needs being opened is read, and utilizes the file that described user's key is opened described needs to be decrypted, and the file after deciphering is sent to described user.
5. document handling method according to claim 4, is characterized in that, the file of from the described file system of cloud platform, needs being opened is read and comprised:
Read the byte stream of the file that need to open;
The byte stream reading is carried out to burst processing, obtain a plurality of fragment datas;
Utilize described user's key to be decrypted each fragment data.
6. the document handling apparatus under cloud environment, is characterized in that, comprising:
Receiver module, for receiving the file processing request from user;
Calling module, for calling the key corresponding with described user's identity;
Processing module, for utilizing the described key calling to ask the file of processing to be processed to described user.
7. document handling apparatus according to claim 6, it is characterized in that, in described file processing request, represent that user asks in the situation that storage file in the file system of cloud platform, described receiver module is further used for receiving the file from user's needs storage;
And described processing module is further used for utilizing described user's key to be encrypted the described file of storage that needs, and the file after encrypting is stored in to the file system of described cloud platform.
8. document handling apparatus according to claim 7, is characterized in that, when receiving the file of storing from user's needs, described receiver module is for receiving the described byte stream that needs the file of storage;
And described processing module, for the byte stream receiving is carried out to burst processing, obtains a plurality of fragment datas, and for each fragment data is encrypted respectively and storage encryption after fragment data.
9. document handling apparatus according to claim 6, it is characterized in that, in the situation that described file processing request represents that user asks to open file from the file system of cloud platform, described processing module is read for the file of needs being opened from the described file system of cloud platform, utilize the file that described user's key is opened described needs to be decrypted, and the file after deciphering is sent to described user.
10. document handling apparatus according to claim 9, it is characterized in that, when the file of the described file system from cloud platform, needs being opened is read, described processing module is for reading the byte stream of the file that need to open, the byte stream reading is carried out to burst processing, obtain a plurality of fragment datas; And, utilize described user's key to be decrypted each fragment data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310753166.6A CN103699850A (en) | 2013-12-31 | 2013-12-31 | Method and device for processing files under cloud environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310753166.6A CN103699850A (en) | 2013-12-31 | 2013-12-31 | Method and device for processing files under cloud environment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN103699850A true CN103699850A (en) | 2014-04-02 |
Family
ID=50361374
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310753166.6A Pending CN103699850A (en) | 2013-12-31 | 2013-12-31 | Method and device for processing files under cloud environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103699850A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106815528A (en) * | 2016-12-07 | 2017-06-09 | 重庆软云科技有限公司 | A kind of file management method and device, storage device |
CN107508801A (en) * | 2017-08-04 | 2017-12-22 | 安徽智圣通信技术股份有限公司 | A kind of file tamper-proof method and device |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102306114A (en) * | 2010-09-25 | 2012-01-04 | 广东电子工业研究院有限公司 | Regular data backup and recovery method based on cloud storage |
CN102821096A (en) * | 2012-07-17 | 2012-12-12 | 华中科技大学 | Distributed storage system and file sharing method thereof |
CN103220291A (en) * | 2013-04-09 | 2013-07-24 | 电子科技大学 | Access control method base on attribute encryption algorithm |
CN103346998A (en) * | 2013-05-18 | 2013-10-09 | 北京凯锐立德科技有限公司 | File breaking encryption-based file security protection method |
US20130297680A1 (en) * | 2012-05-02 | 2013-11-07 | Box, Inc. | System and method for a third-party application to access content within a cloud-based platform |
US20130326220A1 (en) * | 2012-05-31 | 2013-12-05 | Apple Inc. | Recipient blind cryptographic access control for publicly hosted message and data streams |
-
2013
- 2013-12-31 CN CN201310753166.6A patent/CN103699850A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102306114A (en) * | 2010-09-25 | 2012-01-04 | 广东电子工业研究院有限公司 | Regular data backup and recovery method based on cloud storage |
US20130297680A1 (en) * | 2012-05-02 | 2013-11-07 | Box, Inc. | System and method for a third-party application to access content within a cloud-based platform |
US20130326220A1 (en) * | 2012-05-31 | 2013-12-05 | Apple Inc. | Recipient blind cryptographic access control for publicly hosted message and data streams |
CN102821096A (en) * | 2012-07-17 | 2012-12-12 | 华中科技大学 | Distributed storage system and file sharing method thereof |
CN103220291A (en) * | 2013-04-09 | 2013-07-24 | 电子科技大学 | Access control method base on attribute encryption algorithm |
CN103346998A (en) * | 2013-05-18 | 2013-10-09 | 北京凯锐立德科技有限公司 | File breaking encryption-based file security protection method |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106815528A (en) * | 2016-12-07 | 2017-06-09 | 重庆软云科技有限公司 | A kind of file management method and device, storage device |
CN106815528B (en) * | 2016-12-07 | 2019-10-29 | 重庆软云科技有限公司 | A kind of file management method and device, storage equipment |
CN107508801A (en) * | 2017-08-04 | 2017-12-22 | 安徽智圣通信技术股份有限公司 | A kind of file tamper-proof method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103107995B (en) | A kind of cloud computing environment date safety storing system and method | |
US11290446B2 (en) | Access to data stored in a cloud | |
CN106022155A (en) | Method and server for security management in database | |
CN103378971B (en) | A kind of data encryption system and method | |
CN107295069A (en) | Data back up method, device, storage medium and server | |
CN103236930A (en) | Data encryption method and system | |
US10536276B2 (en) | Associating identical fields encrypted with different keys | |
CN104618096A (en) | Method and device for protecting secret key authorized data, and TPM (trusted platform module) secrete key management center | |
CN104660551A (en) | Webservice-based database access device and method | |
CN104333545A (en) | Method for encrypting cloud storage file data | |
Park et al. | Research on Note-Taking Apps with Security Features. | |
US10623400B2 (en) | Method and device for credential and data protection | |
Singh et al. | A Review on Cloud Data Security Challenges and existing Countermeasures in Cloud Computing | |
CN106548351A (en) | A kind of optimization method and terminal of fingerprint payment flow | |
CN103577771B (en) | A kind of virtual desktop anti-data-leakage guard method based on disk encryption | |
Oli et al. | Confidentiality technique to encrypt and obfuscate non-numerical and numerical data to enhance security in public cloud storage | |
CN103699850A (en) | Method and device for processing files under cloud environment | |
Suthar et al. | EncryScation: A novel framework for cloud iaas, daas security using encryption and obfuscation techniques | |
WO2018236351A1 (en) | Symmetrically encrypt a master passphrase key | |
CN101123494A (en) | A network access behavior data encryption system and method | |
Pawar et al. | Comparative Analysis of PAVD Security System with Security Mechanism of Different Cloud Storage Services | |
CN114978620B (en) | Encryption method and decryption method for identity identification number | |
US20240119168A1 (en) | Blind subpoena protection | |
US20240048532A1 (en) | Data exchange protection and governance system | |
CN102467625A (en) | Data protection method, device and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 100193 Beijing, Haidian District, northeast Wang West Road, building 8, building 36, floor 5 Applicant after: Shuguang Cloud Computing Group Co Ltd Address before: 100193 Beijing, Haidian District, northeast Wang West Road, building 8, building 36, floor 5 Applicant before: Shuguang Cloud Computing Technology Co., Ltd. |
|
CB02 | Change of applicant information | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140402 |
|
RJ01 | Rejection of invention patent application after publication |