CN109614779A - A kind of secure data operation method, device, equipment and medium - Google Patents

A kind of secure data operation method, device, equipment and medium Download PDF

Info

Publication number
CN109614779A
CN109614779A CN201811624996.8A CN201811624996A CN109614779A CN 109614779 A CN109614779 A CN 109614779A CN 201811624996 A CN201811624996 A CN 201811624996A CN 109614779 A CN109614779 A CN 109614779A
Authority
CN
China
Prior art keywords
user
private key
key
file
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811624996.8A
Other languages
Chinese (zh)
Inventor
贾彦江
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Space Data Ltd By Share Ltd
Original Assignee
Beijing Space Data Ltd By Share Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Space Data Ltd By Share Ltd filed Critical Beijing Space Data Ltd By Share Ltd
Priority to CN201811624996.8A priority Critical patent/CN109614779A/en
Publication of CN109614779A publication Critical patent/CN109614779A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

This application provides a kind of secure data operation method, device, equipment and media, are applied in computer equipment or cloud storage equipment, this method comprises: obtaining the operation requests of user, the private key of the user is carried in the operation requests;According to the private key, determine whether the user has setting operation permission;If the user has the setting operation permission, operation corresponding with the setting operation permission is executed in the computer equipment.

Description

A kind of secure data operation method, device, equipment and medium
Technical field
This application involves technical field of data processing, in particular to a kind of secure data operation method, device, set Standby and medium.
Background technique
Currently, mainly existed in the form of cloud disk, Dropbox, virtual machine, virtual storage resource etc. based on public cloud storage mode, Key property is that free space or the payment storage resource of large capacity are provided on the basis of public cloud, realizes that the cloud of file is deposited Storage, and by internet through row file-sharing, still, there is very big safety factor in these products in shared procedure, e.g., when After user shares some file in Dropbox, the people for obtaining Share Permissions (e.g., reads all permissions for possessing this file Permission, shares permission at write permission), data will become the not control by data owner.
Summary of the invention
In view of this, the application's is designed to provide a kind of secure data operation method, device, equipment and medium, use In solving the problems, such as that data are not controlled in operation by data owner in the prior art.
In a first aspect, the embodiment of the present application provides a kind of secure data operation method, it is applied in computer equipment, it should Method includes:
The operation requests of user are obtained, the private key of the user is carried in the operation requests;
According to the private key, determine whether the user has setting operation permission;
If the user has the setting operation permission, executed and the setting operation in the computer equipment The corresponding operation of permission.
Optionally, described to determine whether the user has setting operation permission to the file according to the private key, packet It includes:
The private key is encrypted using preset algorithm, obtains encrypted private key;
If the encrypted private key is identical as setting private key, it is determined that the user has the setting operation permission;
If the encrypted private key and setting private key be not identical, it is determined that the user weighs without the setting operation Limit.
Optionally, the method also includes:
The data sharing request of the user is obtained, shared user identifier is carried in the data sharing request and shares File identification;
Using public key corresponding with the shared user identifier, to file code key corresponding with shared file mark into Row encryption, obtains data sharing code key;
The data sharing password is sent to the shared user.
Optionally, the operation requests include that virtual disk carry asks summed data operation requests.
Optionally, the preset algorithm is rivest, shamir, adelman.
Second aspect, the embodiment of the present application provide a kind of data safety operating device, are applied in computer equipment, should Device includes:
It obtains module and carries the private key of the user in the operation requests for obtaining the operation requests of user;
Determining module, for determining whether the user has setting operation permission according to the private key;
Execution module executes in the computer equipment if having the setting operation permission for the user Operation corresponding with the setting operation permission.
Optionally, the determining module is specifically used for:
The private key is encrypted using preset algorithm, obtains encrypted private key;
If the encrypted private key is identical as setting private key, it is determined that the user has the operating right;
If the encrypted private key and setting private key be not identical, it is determined that the user does not have the operating right.
Optionally, the module that obtains is also used to: obtaining the data sharing request of the user, the data sharing request In carry shared user identifier and shared file mark;
Described device further include:
Encrypting module, for using public key corresponding with the shared user identifier, to shared file mark pair The file code key answered is encrypted, and data sharing code key is obtained;
Sending module, for the data sharing password to be sent to the shared user.
The third aspect, the embodiment of the present application provide a kind of computer equipment and include memory, processor and be stored in institute The computer program that can be run on memory and on the processor is stated, the processor executes real when the computer program The step of showing above-mentioned method.
Fourth aspect, the embodiment of the present application provide a kind of computer readable storage medium, the computer-readable storage Computer program is stored on medium, the computer program executes above-mentioned method when being run by processor the step of.
Secure data operation method provided by the embodiments of the present application, according to private key in the operation requests of the user of acquisition, really Whether the fixed user there is setting operation permission to allow user to calculate only after determining that user has setting operation permission Operation corresponding with setting operation permission is executed in machine equipment.In this way, only data owner has the operating right to data, The safety for being stored in number in cloud storage system is improved, the safety of data is preferably ensured, not to the behaviour of user Under the premise of making and increasing any burden, reduce security risk, prevents data from arbitrarily being distorted, being propagated.
To enable the above objects, features, and advantages of the application to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate Appended attached drawing, is described in detail below.
Detailed description of the invention
Technical solution in ord to more clearly illustrate embodiments of the present application, below will be to needed in the embodiment attached Figure is briefly described, it should be understood that the following drawings illustrates only some embodiments of the application, therefore is not construed as pair The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this A little attached drawings obtain other relevant attached drawings.
Fig. 1 is a kind of flow diagram of secure data operation method provided by the embodiments of the present application;
Fig. 2 is a kind of the first structural schematic diagram of data safety operating device provided by the embodiments of the present application;
Fig. 3 is a kind of second of structural schematic diagram of data safety operating device provided by the embodiments of the present application;
Fig. 4 is a kind of structural schematic diagram of computer equipment provided by the embodiments of the present application.
Specific embodiment
To keep the purposes, technical schemes and advantages of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application Middle attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only It is some embodiments of the present application, instead of all the embodiments.The application being usually described and illustrated herein in the accompanying drawings is real The component for applying example can be arranged and be designed with a variety of different configurations.Therefore, below to the application's provided in the accompanying drawings The detailed description of embodiment is not intended to limit claimed scope of the present application, but is merely representative of the selected reality of the application Apply example.Based on embodiments herein, those skilled in the art institute obtained without making creative work There are other embodiments, shall fall in the protection scope of this application.
The embodiment of the present application provides a kind of secure data operation method, as shown in Figure 1, being applied to computer equipment or cloud It stores in equipment, operation has a cloud storage system in computer equipment (e.g., server, cloud storage equipment), and cloud storage equipment can be with It is but not limited to virtual machine, server etc., this method uses distributed data storage architecture, and data storage section is established In Hadoop cluster environment, upper layer is using the design method being layered.Top layer is provided by a kind of shared service to client Calling interface is the secondary development of client and enterprise-level, provides unified API Calls.Top layer is divided into index service (Index service) and message distribution services (Message service);Middle layer is the core business of whole system, is led to It crosses cipher key management services (Key Management service) and entire file storage and shared safety is provided, realize data Safety is shared, and file-management services (File Management service) realize the storage and backup of data, the version of file This control and block management;Character management service (Role Management service) provides the management of role for system, packet Include user, group, group membership, the function allocation of the different roles such as administrator and rights management;Bottom is the distributed storage of data Unit provides reliable memory space for data.This method specifically includes the following steps:
S101 obtains the operation requests of user, the private key of the user is carried in the operation requests;
Here, operation requests include but is not limited to that virtual disk carry asks summed data operation requests, data operation request Requested including data storage request, data sharing etc., the format of operation requests can be hypertext transfer protocol (HyperText Transfer Protocol, HTTP), transmission control protocol (Transmission Control Protocol, TCP) etc., this Application not limits this;It is user's distribution that private key, which is generally cloud storage system, and cloud storage system is distributing private key for user While, it also is assigned with public key for user, cloud storage system can use the calculation of MD5 eap-message digest after user is assigned with private key Method encrypts the username and password of user to obtain secret value, is further added using obtained secret value to private key It is close, encrypted private key is obtained, and the private key after storing user encryption, computer equipment only store encrypted private key, i.e., Computer equipment is invaded, the private key safety of user will not be influenced, and uses public key encryption, the side of private key decryption On the one hand method ensure that the safety of data, on the other hand, even if device losses or hacker steal data, as long as the private of user Key does not leak, and data are secrecy forever.
S102 determines whether the user has setting operation permission according to the private key;
Here, setting operation permission includes but is not limited to read right, write permission, sharing permission, download permission etc., Ke Yigen It is determined according to actual conditions, the application not limits this.
S103 is executed and the behaviour in the computer equipment if the user has the setting operation permission Make the corresponding operation of permission.
Here, the operation of execution is corresponding with setting operation permission.
Described according to the private key, when determining whether the user has setting operation permission to the file, including Following steps:
The private key is encrypted using preset algorithm, obtains encrypted private key;
If the encrypted private key is identical as setting private key, it is determined that the user has the setting operation permission;
If the encrypted private key and setting private key be not identical, it is determined that the user, which does not have, sets the operating rights Limit.
Here, setting private key is generally the private key in cloud storage system after pre-stored each user encryption, cloud storage system It is stored with user identifier in system, sets the mapping table between private key, setting operation permission;Preset algorithm includes but is not limited to Rivest, shamir, adelman, hash algorithm etc., it is preferable that preset algorithm is rivest, shamir, adelman, and the application not limits this.
In specific implementation, after the operation requests for receiving user, using MD5 Message Digest 5 to the user name of user It is encrypted with password, obtains the first secret value (e.g., MD5 value), further using rivest, shamir, adelman to the first secret value Encrypted with private key, obtain encrypted private key, judge encrypted private key with the user is corresponding in mapping table sets Whether consistent private key is determined, if encrypted private key setting private key corresponding with the user in mapping table is consistent, it is determined that use Family has setting operation permission corresponding with the user in mapping table, if the use in encrypted private key and mapping table The corresponding setting private key in family is inconsistent, it is determined that user does not have setting operation power corresponding with the user in mapping table Limit.
For example, the public key of user A is Public-Key-A, the private key of user A is Private-Key-A, when user A is created One virtual disk disk-a, system are that disk distributes a key disk-a-Key, utilize the public key Public-Key- of user A store again after asymmetric encryption obtains En-disk-a-Key to disk-a-Key.When user A needs carry and opens void When quasi- disk disk-a, user solves the private key Private-Key-A of oneself to disk encryption key En-disk-a-Key It is close, the key disk-a-Key of virtual disk is then obtained, then be decrypted with the image file of the key pair disk, Jin Ergen According to setting operation permission corresponding with the user in corresponding table, it is mounted on driver to disk file is opened.
For another example, continue a upper example, after user A creates a file f ile-a, system distributes file automatically A file private key file-a-key of file-a, system do not store file-a-key itself, but by the public key of user A Public-Key-A obtains En-A-file-a-key through row asymmetric encryption to file-a-key, and by En-A-file-a-key It is stored in file key administrative unit.While file is written, memory realizes encryption storage in real time, by the number of file A It is encrypted according to file-a-key.In this way, not obtaining the private of file even if although other users obtain file itself yet Key can not still operate file, and only user A passes through the private key private-Key-A of itself, asymmetricly decrypt The file encryption code key En-A-file-a-key of storage, could open file after obtaining the encryption key file-a-key of file, And file is operated according to the operating right in mapping table.
In the application other than the operation requests of available user, the data sharing of user described in user can also be obtained It requests, carries shared user identifier and shared file mark in the data sharing request;
Using public key corresponding with the shared user identifier, to file code key corresponding with shared file mark into Row encryption, obtains data sharing code key;
The data sharing code key is sent to the shared user.
Here, the user that user identifier characterization needs to share file is shared, shared file mark characterization needs to be shared File;It can use rivest, shamir, adelman and encrypted to the corresponding file code key of my file identification is shared.
It is a in specific implementation, after user identifier and shared file mark are shared in getting data sharing request, benefit With rivest, shamir, adelman to enjoying the corresponding public key of user identifier together and file code key corresponding with shared file identification carries out Encryption, obtains data sharing code key, and data sharing password is sent to enjoys the corresponding shared user of user identifier together, so that shared User is decrypted by itself private key to data sharing code key is received, and then according to being shared user in mapping table The sharing operation permission of setting executes corresponding operation to shared file.
For example, when user A wants file f ile-a being shared with user B, user A is sent out to server by taking user A as an example The data sharing request for being shared with user B is acted, the public key Public-Key-B of user B is issued into A after server response, A obtains B Public key after, in client by the certification of A, the file f ile-a for belonging to A is carried out that key is counter to solve operation by server, in memory The middle file private key file-a-key for obtaining file f ile-a, then uses Public-Key-B as key, to file key again File-a-key carries out asymmetric encryption and obtains En-B-file-a-key, is then stored in file key administrative unit.Work as text The user B that is shared with of part file-a utilizes the private key of user B after user gets good acquisition En-B-file-a-key The encryption key En-B-file-a-key that private-Key-B corresponds to user B to file is decrypted, so that text be decrypted Part, user B operate data according to the sharing operation permission that user A in mapping table is user B setting, and for it His user, due to not corresponding permission, therefore, it is impossible to be operated to file.
When user A is not desired to file f ile-a being shared with user B, user's A request server obtains it and possesses file The data sharing code key of the shared user of file-a, if user B is to the encryption key En-B-file-a-key of file-a.Service Device can verifying user A request legitimacy (0 whether be legal file owner user, it is forbidden whether be legal Sharing user) after, after being verified, user A will by share user B data sharing code key En-B-file-a-key set It is set to invalid state, after server receives such request, the data sharing code key of user B is purged processing, it is, Delete the data sharing code key that user A in mapping table is user B setting.Hereafter, user B is not again to file f ile-a's Any access authority.
Secure data operation method provided by the embodiments of the present application, according to private key in the operation requests of the user of acquisition, really Whether the fixed user there is setting operation permission to allow user to calculate only after determining that user has setting operation permission Operation corresponding with setting operation permission is executed in machine equipment.In this way, only data owner has the operating right to data, The safety for being stored in number in cloud storage system is improved, the safety of data is preferably ensured, not to the behaviour of user Under the premise of making and increasing any burden, reduce security risk, prevents data from arbitrarily being distorted, being propagated.
A kind of data safety operating device of the embodiment of the present application, as shown in Fig. 2, being applied in computer equipment, alternatively, answering For in cloud storage equipment, which includes:
It obtains module 21 and carries the private key of the user in the operation requests for obtaining the operation requests of user;
Determining module 22, for determining whether the user has operating right according to the private key;
Execution module 23, if for the user have the operating right, in the computer equipment execute with The corresponding operation of the operating right.
Optionally, the determining module 22 is specifically used for:
The private key is encrypted using preset algorithm, obtains encrypted private key;
If the encrypted private key is identical as setting private key, it is determined that the user has the operating right;
If the encrypted private key and setting private key be not identical, it is determined that the user does not have the operating right.
Optionally, the operation requests include that virtual disk carry asks summed data operation requests.
Optionally, the preset algorithm is rivest, shamir, adelman.
The embodiment of the present application provides another data safety operating device, as shown in figure 3, the dress in the device and Fig. 2 It sets and compares, further includes: encrypting module 24 and sending module 25.
The module 21 that obtains is also used to: being obtained the data sharing request of the user, is taken in the data sharing request It is identified with shared user identifier and shared file;
Described device further include:
Encrypting module 24, for being identified to the shared file using private key corresponding with the shared user identifier Corresponding file code key is encrypted, and data sharing code key is obtained;
Sending module 25, for the data sharing password to be sent to the shared user.
Corresponding to the secure data operation method in Fig. 1, the embodiment of the present application also provides a kind of computer equipments, such as scheme Shown in 4, which includes memory 1000, processor 2000 and is stored on the memory 1000 and can be in the processor 2000 The computer program of upper operation, wherein above-mentioned processor 2000 realizes above-mentioned data safety behaviour when executing above-mentioned computer program The step of making method.
Specifically, above-mentioned memory 1000 and processor 2000 can be general memory and processor, not do here It is specific to limit, when the computer program of 2000 run memory 1000 of processor storage, it is able to carry out above-mentioned data safety behaviour Make method, for solving the problems, such as that data are not controlled in operation by data owner in the prior art, the application is implemented The secure data operation method that example provides determines whether the user has according to private key in the operation requests of the user of acquisition Setting operation permission allows to execute and set in user computer equipment only after determining that user has setting operation permission The corresponding operation of operating right.In this way, only data owner has the operating right to data, improves and be stored in cloud storage The safety of number in system, the safety of data preferably ensured, not to the operation of user and is increasing any burden Under the premise of, reduce security risk, prevents data from arbitrarily being distorted, being propagated.
Corresponding to the secure data operation method in Fig. 1, the embodiment of the present application also provides a kind of computer-readable storages Medium is stored with computer program on the computer readable storage medium, executes when which is run by processor The step of stating secure data operation method.
Specifically, which can be general storage medium, such as mobile disk, hard disk, on the storage medium Computer program when being run, be able to carry out above-mentioned secure data operation method, grasped for solving data in the prior art The problem of not controlled by data owner during making, secure data operation method provided by the embodiments of the present application, according to acquisition User operation requests in private key, determine whether the user has a setting operation permission, only set determining that user has After determining operating right, allow to execute operation corresponding with setting operation permission in user computer equipment.In this way, only data are gathered around The person of having has the operating right to data, improves the safety for being stored in number in cloud storage system, and the safety of data obtains Preferably ensure, not to the operation of user and under the premise of increase any burden, reduce security risk, prevent data by with Meaning is distorted, is propagated.
In embodiment provided herein, it should be understood that disclosed device and method, it can be by others side Formula is realized.The apparatus embodiments described above are merely exemplary, for example, the division of the unit, only one kind are patrolled Function division is collected, there may be another division manner in actual implementation, in another example, multiple units or components can combine or can To be integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual Coupling, direct-coupling or communication connection can be INDIRECT COUPLING or communication link by some communication interfaces, device or unit It connects, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
In addition, each functional unit in embodiment provided by the present application can integrate in one processing unit, it can also To be that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially in other words The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a People's computer, server or network equipment etc.) execute each embodiment the method for the application all or part of the steps. And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing, in addition, term " the One ", " second ", " third " etc. are only used for distinguishing description, are not understood to indicate or imply relative importance.
Finally, it should be noted that embodiment described above, the only specific embodiment of the application, to illustrate the application Technical solution, rather than its limitations, the protection scope of the application is not limited thereto, although with reference to the foregoing embodiments to this Shen It please be described in detail, those skilled in the art should understand that: anyone skilled in the art Within the technical scope of the present application, it can still modify to technical solution documented by previous embodiment or can be light It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make The essence of corresponding technical solution is detached from the spirit and scope of the embodiment of the present application technical solution.The protection in the application should all be covered Within the scope of.Therefore, the protection scope of the application shall be subject to the protection scope of the claim.

Claims (10)

1. a kind of secure data operation method, which is characterized in that it is applied in computer equipment, this method comprises:
The operation requests of user are obtained, the private key of the user is carried in the operation requests;
According to the private key, determine whether the user has setting operation permission;
If the user has the setting operation permission, executed and the setting operation permission in the computer equipment Corresponding operation.
2. the method as described in claim 1, which is characterized in that it is described according to the private key, determine the user to the text Whether part has operating right, comprising:
The private key is encrypted using preset algorithm, obtains encrypted private key;
If the encrypted private key is identical as setting private key, it is determined that the user has the setting operation permission;
If the encrypted private key and setting private key be not identical, it is determined that the user does not have the setting operation permission.
3. the method as described in claim 1, which is characterized in that the method also includes:
The data sharing request of the user is obtained, carries shared user identifier and shared file in the data sharing request Mark;
Using public key corresponding with the shared user identifier, file code key corresponding with shared file mark is added It is close, obtain data sharing code key;
The data sharing password is sent to the shared user.
4. the method as described in claim 1, which is characterized in that the operation requests include that virtual disk carry asks summed data Operation requests.
5. method according to claim 2, which is characterized in that the preset algorithm is rivest, shamir, adelman.
6. a kind of data safety operating device, which is characterized in that be applied in computer equipment, which includes:
It obtains module and carries the private key of the user in the operation requests for obtaining the operation requests of user;
Determining module, for determining whether the user has setting operation permission according to the private key;
Execution module, if there is the setting operation permission for the user, execution and institute in the computer equipment State the corresponding operation of setting operation permission.
7. device as claimed in claim 6, which is characterized in that the determining module is specifically used for:
The private key is encrypted using preset algorithm, obtains encrypted private key;
If the encrypted private key is identical as setting private key, it is determined that the user has the setting operation permission;
If the encrypted private key and setting private key be not identical, it is determined that the user does not have the setting operation permission.
8. device as claimed in claim 6, which is characterized in that the acquisition module is also used to: obtaining the data of the user Sharing request carries shared user identifier and shared file mark in data sharing request;
Described device further include:
Encrypting module, for using public key corresponding with the shared user identifier, to corresponding with shared file mark File code key is encrypted, and data sharing code key is obtained;
Sending module, for the data sharing password to be sent to the shared user.
9. a kind of computer equipment, including memory, processor and it is stored on the memory and can be on the processor The computer program of operation, which is characterized in that the processor realized when executing the computer program the claims 1 to The step of 5 described in any item methods.
10. a kind of computer readable storage medium, computer program, feature are stored on the computer readable storage medium The step of being, the described in any item methods of the claims 1 to 5 executed when the computer program is run by processor.
CN201811624996.8A 2018-12-28 2018-12-28 A kind of secure data operation method, device, equipment and medium Pending CN109614779A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811624996.8A CN109614779A (en) 2018-12-28 2018-12-28 A kind of secure data operation method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811624996.8A CN109614779A (en) 2018-12-28 2018-12-28 A kind of secure data operation method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN109614779A true CN109614779A (en) 2019-04-12

Family

ID=66010955

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811624996.8A Pending CN109614779A (en) 2018-12-28 2018-12-28 A kind of secure data operation method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN109614779A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112115492A (en) * 2020-08-21 2020-12-22 麒麟软件有限公司 User data encryption and isolation method and system based on Linux operating system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100153713A1 (en) * 2008-12-15 2010-06-17 Sap Ag Systems and methods for detecting exposure of private keys
CN102819760A (en) * 2012-07-20 2012-12-12 陈平 Data storage device, medical information card, and information safety processing method of medical information card
CN103227789A (en) * 2013-04-19 2013-07-31 武汉大学 Lightweight fine-grained access control method in cloud environment
CN105072134A (en) * 2015-08-31 2015-11-18 成都卫士通信息产业股份有限公司 Cloud disk system file secure transmission method based on three-level key
CN105743903A (en) * 2016-03-07 2016-07-06 读者出版传媒股份有限公司 Audio digital rights management method and system, intelligent terminal and authentication server
CN106911702A (en) * 2017-03-08 2017-06-30 福建师范大学 Based on the cloud storage block encryption access control method for improving CP ABE
CN106973036A (en) * 2017-02-07 2017-07-21 杭州云象网络技术有限公司 A kind of block chain method for secret protection based on asymmetric encryption
CN107113315A (en) * 2016-04-15 2017-08-29 深圳前海达闼云端智能科技有限公司 Identity authentication method, terminal and server
CN109088866A (en) * 2018-08-02 2018-12-25 北京百悟科技有限公司 Cloudy platform unified identity authentication method and device based on alliance's chain

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100153713A1 (en) * 2008-12-15 2010-06-17 Sap Ag Systems and methods for detecting exposure of private keys
CN102819760A (en) * 2012-07-20 2012-12-12 陈平 Data storage device, medical information card, and information safety processing method of medical information card
CN103227789A (en) * 2013-04-19 2013-07-31 武汉大学 Lightweight fine-grained access control method in cloud environment
CN105072134A (en) * 2015-08-31 2015-11-18 成都卫士通信息产业股份有限公司 Cloud disk system file secure transmission method based on three-level key
CN105743903A (en) * 2016-03-07 2016-07-06 读者出版传媒股份有限公司 Audio digital rights management method and system, intelligent terminal and authentication server
CN107113315A (en) * 2016-04-15 2017-08-29 深圳前海达闼云端智能科技有限公司 Identity authentication method, terminal and server
CN106973036A (en) * 2017-02-07 2017-07-21 杭州云象网络技术有限公司 A kind of block chain method for secret protection based on asymmetric encryption
CN106911702A (en) * 2017-03-08 2017-06-30 福建师范大学 Based on the cloud storage block encryption access control method for improving CP ABE
CN109088866A (en) * 2018-08-02 2018-12-25 北京百悟科技有限公司 Cloudy platform unified identity authentication method and device based on alliance's chain

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112115492A (en) * 2020-08-21 2020-12-22 麒麟软件有限公司 User data encryption and isolation method and system based on Linux operating system
CN112115492B (en) * 2020-08-21 2024-06-11 麒麟软件有限公司 User data encryption and isolation method and system based on Linux operating system

Similar Documents

Publication Publication Date Title
CN108418784B (en) Distributed cross-domain authorization and access control method based on attribute password
Krämer et al. Implementing secure applications in smart city clouds using microservices
Zhao et al. A security framework in G-Hadoop for big data computing across distributed Cloud data centres
CN109768987A (en) A kind of storage of data file security privacy and sharing method based on block chain
US8745384B2 (en) Security management in a group based environment
CN102761521B (en) Cloud security storage and sharing service platform
CN109558721A (en) The Secure Single Sign-on and conditional access of client application
WO2018183307A1 (en) Method and system for identity and access management for blockchain interoperability
CN109144961A (en) Authority sharing method and device
CN109525570B (en) Group client-oriented data layered security access control method
Seiger et al. SecCSIE: a secure cloud storage integrator for enterprises
EP2702744B1 (en) Method for securely creating a new user identity within an existing cloud account in a cloud system
Pradeep et al. An efficient framework for sharing a file in a secure manner using asymmetric key distribution management in cloud environment
CN108696520A (en) More permissions data safety and access
CN109067528A (en) Crypto-operation, method, cryptographic service platform and the equipment for creating working key
CN108701094A (en) The safely storage and distribution sensitive data in application based on cloud
CN106254342A (en) The secure cloud storage method of file encryption is supported under Android platform
US20150026474A1 (en) Managed authentication on a distributed network
KR101615137B1 (en) Data access method based on attributed
JP2021500782A (en) Secure access control methods, computer programs, and systems for tools in a secure environment
CN104331329A (en) Mobile office security system and method supporting domain management
KR101701304B1 (en) Method and system for managing medical data using attribute-based encryption in cloud environment
CN103475474B (en) Method for providing and acquiring shared enciphered data and identity authentication equipment
CN102255971A (en) Dynamic load redistribution among distributed servers
CN107295018A (en) A kind of safety storage of cloud disc file and sharing method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190412