TWI644219B - Method for securing files uploaded to cloud service system - Google Patents

Method for securing files uploaded to cloud service system Download PDF

Info

Publication number
TWI644219B
TWI644219B TW106138167A TW106138167A TWI644219B TW I644219 B TWI644219 B TW I644219B TW 106138167 A TW106138167 A TW 106138167A TW 106138167 A TW106138167 A TW 106138167A TW I644219 B TWI644219 B TW I644219B
Authority
TW
Taiwan
Prior art keywords
original file
management server
processing device
data processing
cloud service
Prior art date
Application number
TW106138167A
Other languages
Chinese (zh)
Other versions
TW201918902A (en
Inventor
陳廷煌
Original Assignee
優碩資訊科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 優碩資訊科技股份有限公司 filed Critical 優碩資訊科技股份有限公司
Priority to TW106138167A priority Critical patent/TWI644219B/en
Application granted granted Critical
Publication of TWI644219B publication Critical patent/TWI644219B/en
Publication of TW201918902A publication Critical patent/TW201918902A/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

本發明提供一種保護上傳原始檔案至雲端服務系統的方法。本發明之方法係於管理伺服器的協助下,將使用者操作的資料處理裝置聯結至雲端服務系統。接著,本發明之方法係經由資料處理裝置於管理伺服器處建立至少一個授權帳號,其中至少一個授權帳號對應原始檔案。接著,本發明之方法係經由資料處理裝置上傳原始檔案至雲端服務系統。接著,本發明之方法係由管理伺服器攔截原始檔案,且由管理伺服器產生對應原始檔案之聯結資訊或經加密的原始檔案。最後,本發明之方法係由管理伺服器傳送聯結資訊或經加密的原始檔案而非原始檔案至雲端服務系統。 The present invention provides a method of protecting an original file uploaded to a cloud service system. The method of the present invention links the data processing device operated by the user to the cloud service system with the assistance of the management server. Next, the method of the present invention establishes at least one authorized account at the management server via the data processing device, wherein at least one authorized account corresponds to the original file. Next, the method of the present invention uploads the original file to the cloud service system via the data processing device. Next, the method of the present invention intercepts the original file by the management server, and the management server generates the link information corresponding to the original file or the encrypted original file. Finally, the method of the present invention transmits the link information or the encrypted original file instead of the original file to the cloud service system by the management server.

Description

保護上傳至雲端服務系統的檔案之方法 Method of protecting files uploaded to the cloud service system

本發明關於一種能保護上傳至雲端服務平台的檔案之方法。 The invention relates to a method for protecting files uploaded to a cloud service platform.

近年來,雲端服務的已廣泛流行。雲端服務商的雲服務系統向使用者端裝置提供例如,檔案存儲及共享、檔案協作、客戶端與客戶管理服務、基於雲端作業系統執行或任何其它可能的服務。知名的雲端服務商包含Facebook、Instagram、LinkedIn、Line、QQ、WeChat、微博等社群平台服務商,還有DROPBOX、SALESFORCE、EVERNOTE,或其他提供的服務軟體即服務(Software as a Service,SaaS)型式服務商、平臺即服務(Platform as a Service,PaaS)型式服務商、基礎設施即服務(Infrastructure as a Service,IaaS)。 In recent years, cloud services have become widespread. The cloud service provider's cloud service system provides, for example, file storage and sharing, file collaboration, client and client management services, cloud-based operating system execution, or any other possible service to the consumer device. Well-known cloud service providers include social networking services such as Facebook, Instagram, LinkedIn, Line, QQ, WeChat, Weibo, DROPBOX, SALESFORCE, EVERNOTE, or other software as a service (SaaS). Type of service provider, Platform as a Service (PaaS) type service provider, Infrastructure as a Service (IaaS).

使用者在使用著雲端服務的過程中,常有機會將個人的檔案上傳至雲端服務系統。目前雲端服務系統對個人上傳的檔案很少提供保護的功能,大多僅是讓使用者設定可觀看個人檔案的朋友帳號。有些雲端服務系統則提供限時觀看的功能。但是,這仍無法確保個人上傳至雲端服務系統上的檔案不會被盜用。 In the process of using the cloud service, the user often has the opportunity to upload the personal file to the cloud service system. At present, the cloud service system rarely provides protection for personally uploaded files, and most of them only allow users to set up a friend account that can view personal files. Some cloud service systems offer limited time viewing. However, this still does not ensure that files uploaded by individuals to the cloud service system will not be stolen.

此外,目前聯結至雲端服務系統的方式,除了透過瀏覽器聯結至雲端服務系統的網頁外,已有雲端服務系統提供可在電腦或行動通訊裝置上執行的應用程式,執行該應用程式即聯結至雲端服務系統。有些雲端服務系統讓使用者 可以透過一種以上的方式聯結至雲端服務系統,進而上傳個人的檔案。這種讓使用者便利聯結至雲端服務系統的作法,卻讓使用者更加難以對其個人的檔案先行做好保護處理,再行上傳至雲端服務系統上。 In addition, the current way of connecting to the cloud service system is that in addition to the webpage connected to the cloud service system through the browser, the cloud service system provides an application that can be executed on a computer or a mobile communication device, and the execution of the application is coupled to Cloud service system. Some cloud service systems let users You can link to the cloud service system in more than one way, and then upload your personal files. This method of allowing users to easily connect to the cloud service system makes it more difficult for users to protect their personal files before uploading them to the cloud service system.

因此,本發明所欲解決的技術問題在於提供一種能保護上傳至雲端服務系統的檔案之方法。 Therefore, the technical problem to be solved by the present invention is to provide a method for protecting an archive uploaded to a cloud service system.

根據本發明之一較佳具體實施例之保護上傳原始檔案至雲端服務系統的方法,首先,係將使用者操作之第一資料處理裝置經由第一網路聯結至管理伺服器。接著,根據本發明之方法係於管理伺服器的協助下,將第一資料處理裝置聯結至雲端服務系統。接著,根據本發明之方法係經由第一資料處理裝置於管理伺服器處建立至少一個授權帳號,其中至少一個授權帳號對應原始檔案。接著,根據本發明之方法係經由第一資料處理裝置上傳原始檔案至雲端服務系統。接著,根據本發明之方法係由管理伺服器攔截原始檔案,且由管理伺服器產生對應原始檔案之聯結資訊或經加密的原始檔案。最後,根據本發明之方法係由管理伺服器傳送聯結資訊或經加密的原始檔案而非原始檔案至雲端服務系統。 According to a preferred embodiment of the present invention, a method for protecting an original file to a cloud service system is as follows: First, the first data processing device operated by the user is coupled to the management server via the first network. Next, in accordance with the method of the present invention, the first data processing device is coupled to the cloud service system with the assistance of a management server. Then, according to the method of the present invention, at least one authorized account is established at the management server via the first data processing device, wherein at least one authorized account corresponds to the original file. Then, according to the method of the present invention, the original file is uploaded to the cloud service system via the first data processing device. Then, according to the method of the present invention, the original file is intercepted by the management server, and the management server generates the link information corresponding to the original file or the encrypted original file. Finally, in accordance with the method of the present invention, the management server transmits the linked information or the encrypted original file instead of the original file to the cloud service system.

於一具體實施例中,使用者操作第一資料處理裝置執行第一瀏覽器以聯結至管理伺服器之第一網頁。第一網頁提供聯結框架。使用者於聯結框架之介面輸入雲端服務系統之網址,進而於聯結框架中執行雲端服務系統之第二網頁。 In one embodiment, the user operates the first data processing device to execute the first browser to link to the first web page of the management server. The first web page provides a link framework. The user inputs the web address of the cloud service system in the interface of the connection framework, and then executes the second webpage of the cloud service system in the connection framework.

於另一具體實施例中,使用者操作第一資料處理裝置執行第二瀏覽器以聯結至雲端服務系統之第二網頁。關於聯結至管理伺服器之第一功能係內建於第二瀏覽器內。 In another embodiment, the user operates the first data processing device to execute the second browser to connect to the second web page of the cloud service system. The first function associated with the management server is built into the second browser.

於另一具體實施例中,使用者操作第一資料處理裝置執行應用程式以聯結至雲端服務系統。關於聯結至管理 伺服器之第二功能係執行成附加於應用程式內之外掛程式。 In another embodiment, the user operates the first data processing device to execute the application to connect to the cloud service system. About connection to management The second function of the server is implemented as an add-on to the application.

進一步,當觀看者操作第二資料裝置經由第二網路聯結至雲端服務系統且執行聯結資訊欲觀看原始檔案時,根據本發明之方法係根據聯結資訊將第二資料處理裝置經由第一網路聯結至管理伺服器,且傳送觀看者登錄該雲端服務系統之觀看者帳號。接著,根據本發明之方法係由管理伺服器將觀看者帳號與至少一個授權帳號做比對,並且若比對結果為肯定者,則由管理伺服器傳送原始檔案至雲端服務系統,進而下載至第二資料處理裝置。 Further, when the viewer operates the second data device to connect to the cloud service system via the second network and executes the link information to view the original file, the method according to the present invention connects the second data processing device to the first network according to the link information. Link to the management server and transfer the viewer to the viewer account of the cloud service system. Then, according to the method of the present invention, the management server compares the viewer account with at least one authorized account, and if the comparison result is affirmative, the management server transmits the original file to the cloud service system, and then downloads to The second data processing device.

於一具體實施例中,使用者操作第一資料處理裝置於管理伺服器處針對每一個授權帳號設定一個別的權限。根據本發明之方法係由管理伺服器根據觀看者帳號所設定之權限選擇性地對原始檔案執行保護處理以產生經保護處理的原始檔案,再行將經保護處理的原始檔案傳送至雲端服務系統。 In one embodiment, the user operates the first data processing device to set a different authority for each authorized account at the management server. According to the method of the present invention, the management server selectively performs protection processing on the original file according to the authority set by the viewer account to generate the protected original file, and then transmits the protected original file to the cloud service system. .

於另一具體實施例中,使用者操作第一資料處理裝置於管理伺服器處針對每一個授權帳號設定一個別的權限。根據本發明之方法係由管理伺服器根據觀看者帳號所設定之權限選擇性地將保護程式與原始檔案傳送至雲端服務系統,進而下載至第二資料處理裝置。保護程式於第二資料處理裝置內被執行進而對原始檔案保護。 In another embodiment, the user operates the first data processing device to set a different authority for each authorized account at the management server. According to the method of the present invention, the management server selectively transmits the protection program and the original file to the cloud service system according to the authority set by the viewer account, and then downloads to the second data processing device. The protection program is executed in the second data processing device to protect the original file.

與先前技術相較,根據本發明之方法可以便利地讓使用者保護其上傳至雲端服務系統的檔案。 In contrast to the prior art, the method according to the present invention can conveniently allow a user to protect their files uploaded to the cloud service system.

關於本發明之優點與精神可以藉由以下的發明詳述及所附圖式得到進一步的瞭解。 The advantages and spirit of the present invention will be further understood from the following detailed description of the invention.

10‧‧‧第一資料處理系統 10‧‧‧First Data Processing System

10a‧‧‧使用者 10a‧‧‧Users

12‧‧‧第一網路 12‧‧‧First network

14‧‧‧管理伺服器 14‧‧‧Management Server

16‧‧‧雲端服務系統 16‧‧‧Cloud Service System

17‧‧‧第二資料裝置 17‧‧‧Second data installation

17a‧‧‧觀看者 17a‧‧‧ Viewers

18‧‧‧第二網路 18‧‧‧Second network

2‧‧‧本發明之方法 2‧‧‧Method of the invention

S20~S25‧‧‧流程步驟 S20~S25‧‧‧ Process steps

S26~S28‧‧‧流程步驟 S26~S28‧‧‧ Process steps

S30~S36‧‧‧流程步驟 S30~S36‧‧‧ Process steps

圖1為實施根據本發明之一較佳具體實施例之保護上傳檔案至雲端服務系統的方法的架構之示意圖。 1 is a schematic diagram of an architecture for implementing a method for protecting an uploaded file to a cloud service system in accordance with a preferred embodiment of the present invention.

圖2為根據本發明之較佳具體實施例的方法的流程圖。 2 is a flow chart of a method in accordance with a preferred embodiment of the present invention.

圖3為觀看者觀看實施本發明之方法所保護的檔案之架構的示意圖。 3 is a schematic diagram of the architecture of a viewer protecting a file protected by the method of the present invention.

圖4為根據本發明之較佳具體實施例的方法進一步的流程圖。 4 is a further flow chart of a method in accordance with a preferred embodiment of the present invention.

圖5為觀看者觀看實施本發明之方法所保護的檔案之另一架構的示意圖。 5 is a schematic diagram of another architecture of a viewer viewing a file protected by the method of the present invention.

圖6為根據本發明之較佳具體實施例的方法進一步的流程圖。 6 is a further flow chart of a method in accordance with a preferred embodiment of the present invention.

請參閱圖1及圖2,圖1係示意地繪示實施根據本發明之一較佳具體實施例之保護上傳檔案至雲端服務系統16的方法2的架構。圖2係繪示根據本發明之較佳具體實施例的方法2的流程圖。 Referring to FIG. 1 and FIG. 2, FIG. 1 is a schematic diagram showing an architecture of a method 2 for protecting an uploaded file to the cloud service system 16 according to a preferred embodiment of the present invention. 2 is a flow chart showing a method 2 in accordance with a preferred embodiment of the present invention.

如圖1及圖2所示,根據本發明之一較佳具體實施例之保護上傳原始檔案至雲端服務系統16的方法2,首先係執行步驟S20,將使用者10a操作之第一資料處理裝置10經由第一網路12聯結至管理伺服器14。 As shown in FIG. 1 and FIG. 2, the method 2 for protecting the uploaded original file to the cloud service system 16 according to a preferred embodiment of the present invention first performs step S20, and the first data processing device operated by the user 10a is performed. 10 is coupled to the management server 14 via the first network 12.

於一具體實施例中,第一資料處理裝置10的型態可以是各式的個人資料處理裝置,例如,桌上型電腦、筆記型電腦、智慧手機、平板電腦、數位照相機、數位攝影機,等。 In one embodiment, the first data processing device 10 can be of various types of personal data processing devices, such as a desktop computer, a notebook computer, a smart phone, a tablet computer, a digital camera, a digital camera, etc. .

於一具體實施例中,第一網路12可以是網際網路(internet)、企業外網路(extranet)、區域網路(local area network)、廣域網路(wide area network)、乙太網路(Ethernet)、 有線電視線路(cable TV network)、無線電信網路(radio telecommunication network)、公眾交換電話網路(public switched telephone network)、3G網路、4G網路、5G網路、HSPA網路、Wi-Fi網路、WiMAX網路、LTE網路,或其他現行商用的網路。 In a specific embodiment, the first network 12 may be an internet, an extranet, a local area network, a wide area network, or an Ethernet network. (Ethernet), Cable TV network, radio telecommunication network, public switched telephone network, 3G network, 4G network, 5G network, HSPA network, Wi-Fi Network, WiMAX network, LTE network, or other currently commercial networks.

接著,根據本發明之方法2係執行步驟S21,於管理伺服器14的協助下,將第一資料處理裝置10聯結至雲端服務系統16。 Next, according to the method 2 of the present invention, the step S21 is executed, and the first data processing device 10 is coupled to the cloud service system 16 with the assistance of the management server 14.

接著,根據本發明之方法2係執行步驟S22,經由第一資料處理裝置10於管理伺服器14處建立至少一個授權帳號,其中至少一個授權帳號對應原始檔案。 Next, in accordance with the method 2 of the present invention, step S22 is performed to establish at least one authorized account at the management server 14 via the first data processing device 10, wherein at least one authorized account corresponds to the original file.

於實際應用中,管理伺服器14可以先行匯入使用者10a在雲端服務系統16內有建立的朋友群帳號,在讓使用者10a經由第一資料處理裝置10於管理伺服器14處從匯入的朋友群帳號選取進而建立至少一個授權帳號。使用者10a也可以經由第一資料處理裝置10於管理伺服器14處重新建立至少一個授權帳號。 In an actual application, the management server 14 may first import the friend group account established by the user 10a in the cloud service system 16, and let the user 10a import from the management server 14 via the first data processing device 10. The friend group account is selected to establish at least one authorized account. The user 10a can also re-establish at least one authorized account at the management server 14 via the first data processing device 10.

接著,根據本發明之方法2係執行步驟S23,經由第一資料處理裝置10上傳原始檔案至雲端服務系統16。 Next, in accordance with the method 2 of the present invention, step S23 is executed to upload the original file to the cloud service system 16 via the first material processing device 10.

於實際應用中,上傳至雲端服務系統16的原始檔案可以是影像檔案、影音檔案、文字檔案等,但並不已此為限。 In the actual application, the original file uploaded to the cloud service system 16 may be an image file, a video file, a text file, etc., but this is not limited thereto.

接著,根據本發明之方法2係執行步驟S24,由管理伺服器14攔截原始檔案,且由管理伺服器14產生對應原始檔案之聯結資訊或經加密的原始檔案。 Next, according to the method 2 of the present invention, step S24 is executed, the original file is intercepted by the management server 14, and the connection information corresponding to the original file or the encrypted original file is generated by the management server 14.

最後,根據本發明之方法2係執行步驟S25,由管理伺服器14傳送聯結資訊或經加密的原始檔案而非原始檔 案至雲端服務系統16。 Finally, according to the method 2 of the present invention, step S25 is executed, and the management server 14 transmits the link information or the encrypted original file instead of the original file. The case to the cloud service system 16.

於一具體實施例中,於步驟S20中,使用者10a操作第一資料處理裝置10執行第一瀏覽器以聯結至管理伺服器14之第一網頁。第一網頁提供聯結框架(linking frame)。於步驟S22中,使用者10a於聯結框架之介面輸入雲端服務系統16之網址,進而於聯結框架中執行雲端服務系統16之第二網頁。 In a specific embodiment, in step S20, the user 10a operates the first data processing device 10 to execute the first browser to link to the first web page of the management server 14. The first web page provides a linking frame. In step S22, the user 10a inputs the web address of the cloud service system 16 in the interface of the connection framework, and then executes the second webpage of the cloud service system 16 in the connection framework.

於另一具體實施例中,於步驟S20中,使用者10a操作第一資料處理裝置10執行第二瀏覽器以聯結至雲端服務系統16之第二網頁。關於聯結至管理伺服器14之第一功能係內建於第二瀏覽器內。使用者10a於第一資料處理裝置10內執行第二瀏覽器,一併執行聯結至管理伺服器14之第一功能。 In another embodiment, in step S20, the user 10a operates the first data processing device 10 to execute a second browser to connect to the second web page of the cloud service system 16. The first function associated with the management server 14 is built into the second browser. The user 10a executes the second browser in the first data processing device 10, and performs the first function of the connection to the management server 14 at the same time.

於另一具體實施例中,於步驟S20中,使用者10a操作第一資料處理裝置10執行應用程式以聯結至雲端服務系統16。關於聯結至管理伺服器14之第二功能係執行成附加於應用程式內之外掛程式。使用者10a於第一資料處理裝置10內執行應用程式,一併執行聯結至管理伺服器14之第二功能。 In another embodiment, in step S20, the user 10a operates the first data processing device 10 to execute an application to be coupled to the cloud service system 16. The second function associated with the management server 14 is implemented as an add-on to the application. The user 10a executes the application in the first data processing device 10 and performs the second function of the connection to the management server 14.

請參閱圖3及圖4,圖3係示意地繪示觀看者17a觀看實施本發明之方法2所保護的檔案之架構。圖4係繪示根據本發明之較佳具體實施例的方法2進一步的流程圖。 Please refer to FIG. 3 and FIG. 4. FIG. 3 is a schematic diagram showing the structure of the viewer 17a viewing the file protected by the method 2 of the present invention. 4 is a further flow chart of a method 2 in accordance with a preferred embodiment of the present invention.

於一具體實施例中,於步驟S24,由管理伺服器14產生對應原始檔案之聯結資訊,並且於步驟S25中,由管理伺服器14傳送聯結資訊至雲端服務系統16。進一步,如圖3及圖4所示,當觀看者17a操作第二資料裝置17經由第二網路18聯結至雲端服務系統16且執行聯結資訊欲觀看原始檔案時,根據本發明之方法2係執行步驟S26,根據聯結資訊 將第二資料裝置17經由第二網路18聯結至管理伺服器14,且傳送觀看者17a登錄該雲端服務系統16之觀看者帳號。 In a specific embodiment, in step S24, the management server 14 generates the association information corresponding to the original file, and in step S25, the connection information is transmitted by the management server 14 to the cloud service system 16. Further, as shown in FIG. 3 and FIG. 4, when the viewer 17a operates the second data device 17 to connect to the cloud service system 16 via the second network 18 and performs the connection information to view the original file, the method 2 according to the present invention Step S26 is performed according to the link information. The second data device 17 is coupled to the management server 14 via the second network 18, and the viewer 17a is transferred to the viewer account of the cloud service system 16.

於一具體實施例中,第二網路18可以是網際網路、企業外網路、區域網路、廣域網路、乙太網路、有線電視線路、無線電信網路、公眾交換電話網路、3G網路、4G網路、5G網路、HSPA網路、Wi-Fi網路、WiMAX網路、LTE網路,或其他現行商用的網路。於實際應用中,第二網路18與第一網路12可以是同一網路,也可以是不同的網路。 In one embodiment, the second network 18 can be an internet, an off-network, a regional network, a wide area network, an Ethernet network, a cable television line, a wireless telecommunications network, a public switched telephone network, 3G network, 4G network, 5G network, HSPA network, Wi-Fi network, WiMAX network, LTE network, or other currently commercial networks. In a practical application, the second network 18 and the first network 12 may be the same network or different networks.

接著,根據本發明之方法2係執行步驟S27,由管理伺服器14將觀看者帳號與至少一個授權帳號做比對。 Next, according to the method 2 of the present invention, step S27 is performed, and the management server 14 compares the viewer account with at least one authorized account.

若步驟S27的比對結果為肯定者,根據本發明之方法2則執行步驟S28,由管理伺服器14傳送該檔案至雲端服務系統16,進而下載至第二資料裝置17以供觀看者17a觀看原始檔案。 If the result of the comparison in step S27 is affirmative, the method 2 according to the present invention performs step S28, and the management server 14 transmits the file to the cloud service system 16, and then downloads to the second material device 17 for viewing by the viewer 17a. Original file.

於一具體實施例中,於步驟S22中,使用者10a操作第一資料處理裝置10於管理伺服器14處針對每一個授權帳號設定一個別的權限。關於權限的設定選項可以包含,例如,保護檔案、解除檔案保護、有限期限等權限選項等,但並不以此為限。於步驟S28中,根據本發明之方法2係由管理伺服器14根據觀看者帳號所設定之權限選擇性地對原始檔案執行保護處理以產生經保護處理的原始檔案,再行將經保護處理的原始檔案傳送至雲端服務系統16。 In a specific embodiment, in step S22, the user 10a operates the first data processing device 10 to set a different authority for each authorized account at the management server 14. The setting options for the rights may include, for example, protection files, file protection, limited time options, etc., but are not limited thereto. In step S28, according to the method 2 of the present invention, the management server 14 selectively performs protection processing on the original file according to the authority set by the viewer account to generate the protected original file, and then the protected processing. The original file is transferred to the cloud service system 16.

於實際應用中,保護處理可以是嵌入浮水印處理或調整灰階處理等,但並不以此為限。調整灰階處理適合應用在影像檔案或影音檔案上。調整灰階處理係調整影像檔案或影音檔案中若干畫素人眼無法辨識的灰階,一旦觀看者17a利用影像擷取裝置翻拍顯示在第二資料裝置17的顯示器上的影像檔案或影音檔案,因為影像擷取裝置的感測元件的靈敏 度高,被擷取的影像檔案或影音檔案中被調整過灰階的畫素會明顯呈現,讓經調整灰階處理的影像檔案或影音檔案與原始影像檔案或原始影音檔案完全不同。避免原始影像檔案或影音檔案被盜用。 In practical applications, the protection process may be embedded in watermark processing or grayscale processing, but is not limited thereto. Adjusting the grayscale processing is suitable for application in image files or audiovisual files. Adjusting the grayscale processing system adjusts the grayscales of the image file or the video file in which the pixels are unrecognizable by the human eye, and once the viewer 17a uses the image capturing device to remake the image file or the video file displayed on the display of the second data device 17, because Sensitive of the sensing element of the image capture device If the degree is high, the grayscale pixels in the captured image file or video file will be clearly displayed, so that the adjusted grayscale processed image file or video file is completely different from the original image file or the original video file. Avoid the theft of original image files or audio and video files.

於另一具體實施例中,於步驟S22中,使用者10a操作第一資料處理裝置10於管理伺服器14處針對每一個授權帳號設定一個別的權限。關於權限的設定選項可以包含,例如,禁止儲存、禁止列印等權限選項等,但並不以此為限。於步驟S28中,根據本發明之方法2係由管理伺服器14根據觀看者帳號所設定之權限選擇性地將保護程式與原始檔案傳送至雲端服務系統16,進而下載至第二資料處理裝置17。保護程式於第二資料處理裝置17內被執行,進而對原始檔案保護。 In another embodiment, in step S22, the user 10a operates the first data processing device 10 to set a different authority for each authorized account at the management server 14. The setting options for the rights may include, for example, prohibiting the storage, prohibiting the printing, and the like, but are not limited thereto. In step S28, according to the method 2 of the present invention, the management server 14 selectively transmits the protection program and the original file to the cloud service system 16 according to the authority set by the viewer account, and then downloads to the second data processing device 17 . . The protection program is executed in the second data processing device 17, thereby protecting the original file.

於實際應用中,保護程式可以是禁止儲存程式或關閉螢幕列印程式,但並不以此為限。須說明的是,由管理伺服器14傳送原始檔案至雲端服務系統16,進而下載至第二資料裝置17以供觀看者17a觀看原始檔案,此時,原始檔案僅是暫存於第二資料裝置17內,隨著第二資料裝置17關閉與雲端服務系統16之間的聯結,暫存於第二資料裝置17內的原始檔案也會隨之清除,所以觀看者17a須另將原始檔案儲存在第二資料裝置17內。若保護程式關閉第二資料裝置17對原始檔案的儲存功能,第二資料裝置17即無法儲存原始檔案。 In practical applications, the protection program may prohibit the storage program or close the screen printing program, but not limited to this. It should be noted that the original file is transmitted by the management server 14 to the cloud service system 16, and then downloaded to the second data device 17 for the viewer 17a to view the original file. At this time, the original file is only temporarily stored in the second data device. 17 , as the second data device 17 closes the connection with the cloud service system 16, the original file temporarily stored in the second data device 17 is also cleared, so the viewer 17a must store the original file in another Within the second data device 17. If the protection program closes the storage function of the original file by the second data device 17, the second data device 17 cannot store the original file.

於另一具體實施例中,於步驟S22中,使用者10a操作該第一資料處理裝置10於管理伺服器14處針對每一個授權帳號設定一個別的權限。於步驟S28中,根據本發明之方法2係由管理伺服器14根據觀看者帳號所設定的權限選擇性地對原始檔案執行保護處理以產生經保護處理的原始檔案並且產生保護程式,再行將經保護處理的原始檔案以及保 護程式傳送至雲端服務系統16,進而下載至第二資料處理裝置17,其中保護程式於第二資料處理裝置17內執行進而對經保護處理的檔案保護。也就是說,下載至第二資料處理裝置17的原始檔案是經保護處理的原始檔案,並且第二資料處理裝置17針對經保護處理的原始檔案的螢幕列印或儲存功能被關閉。 In another embodiment, in step S22, the user 10a operates the first data processing device 10 to set a different authority for each authorized account at the management server 14. In step S28, according to the method 2 of the present invention, the management server 14 selectively performs protection processing on the original file according to the authority set by the viewer account to generate the protected original file and generates a protection program. Protected original file and insurance The program is transmitted to the cloud service system 16 and then downloaded to the second data processing device 17, wherein the protection program is executed in the second data processing device 17 to protect the protected file. That is, the original file downloaded to the second material processing device 17 is the protected original file, and the second data processing device 17 is turned off for the screen printing or storing function of the protected original file.

請參閱圖5及圖6,圖5係示意地繪示觀看者17a觀看實施本發明之方法2所保護的檔案之另一架構。圖6係繪示根據本發明之較佳具體實施例的方法2進一步的流程圖。 Please refer to FIG. 5 and FIG. 6. FIG. 5 is a schematic diagram showing another structure of the viewer 17a viewing the file protected by the method 2 of the present invention. 6 is a further flow chart of a method 2 in accordance with a preferred embodiment of the present invention.

於另一具體實施例中,於步驟S24,由管理伺服器14產生對應原始檔案之經加密的原始檔案,並且於步驟S25中,由管理伺服器14傳送經加密的原始檔案至雲端服務系統16。進一步,如圖5及圖6所示,根據本發明之方法2係執行步驟S30,將觀看者17a操作之第二資料處理裝置17經由第二網路18聯結至管理伺服器14。 In another embodiment, in step S24, the encrypted original file corresponding to the original file is generated by the management server 14, and in step S25, the encrypted original file is transmitted by the management server 14 to the cloud service system 16. . Further, as shown in FIGS. 5 and 6, the method 2 according to the present invention performs step S30, and the second data processing device 17 operated by the viewer 17a is coupled to the management server 14 via the second network 18.

接著,根據本發明之方法2係執行步驟S32,於管理伺服器14的協助下,將第二資料處理裝置17聯結至雲端服務系統16。接著,根據本發明之方法2係執行步驟S34,由管理伺服器14將觀看者17a登錄雲端服務系統16之觀看者帳號與至少一個授權帳號做比對。 Next, in accordance with method 2 of the present invention, step S32 is performed, with the assistance of the management server 14, the second data processing device 17 is coupled to the cloud service system 16. Next, according to the method 2 of the present invention, step S34 is executed, and the management server 14 compares the viewer account of the viewer 17a to the cloud service system 16 with at least one authorized account.

若步驟S34的比對結果為肯定者,根據本發明之方法2則執行步驟S36,則由管理伺服器14將經加密的原始檔案解密成原始檔案,再行傳送原始檔案至雲端服務系統16,進而下載至第二資料裝置17以供觀看者17a觀看原始檔案。 If the result of the comparison in step S34 is affirmative, the method 2 according to the present invention performs step S36, and the encrypted original file is decrypted into the original file by the management server 14, and the original file is transmitted to the cloud service system 16, It is then downloaded to the second data device 17 for the viewer 17a to view the original file.

於一具體實施例中,於步驟S22中,使用者10a操作第一資料處理裝置10於管理伺服器14處針對每一個授權帳號設定一個別的權限。關於權限的設定選項可以包含, 例如,保護檔案、解除檔案保護、有限期限等權限選項等,但並不以此為限。於步驟S36中,根據本發明之方法2係由管理伺服器14根據觀看者帳號所設定之權限選擇性地對原始檔案執行保護處理以產生經保護處理的原始檔案,再行將經保護處理的原始檔案傳送至雲端服務系統16。 In a specific embodiment, in step S22, the user 10a operates the first data processing device 10 to set a different authority for each authorized account at the management server 14. The setting options for permissions can be included, For example, protection of files, removal of file protection, limited time options, etc., but not limited to this. In step S36, according to the method 2 of the present invention, the management server 14 selectively performs protection processing on the original file according to the authority set by the viewer account to generate the protected original file, and then performs the protected processing. The original file is transferred to the cloud service system 16.

於另一具體實施例中,於步驟S22中,使用者10a操作第一資料處理裝置10於管理伺服器14處針對每一個授權帳號設定一個別的權限。關於權限的設定選項可以包含,例如,禁止儲存、禁止列印等權限選項等,但並不以此為限。於步驟S36中,根據本發明之方法2係由管理伺服器14根據觀看者帳號所設定之權限選擇性地將保護程式與原始檔案傳送至雲端服務系統16,進而下載至第二資料處理裝置17。保護程式於第二資料處理裝置17內被執行,進而對原始檔案保護。 In another embodiment, in step S22, the user 10a operates the first data processing device 10 to set a different authority for each authorized account at the management server 14. The setting options for the rights may include, for example, prohibiting the storage, prohibiting the printing, and the like, but are not limited thereto. In step S36, according to the method 2 of the present invention, the management server 14 selectively transmits the protection program and the original file to the cloud service system 16 according to the authority set by the viewer account, and then downloads to the second data processing device 17 . . The protection program is executed in the second data processing device 17, thereby protecting the original file.

於另一具體實施例中,於步驟S22中,使用者10a操作第一資料處理裝置10於管理伺服器14處針對每一個授權帳號設定一個別的權限。於步驟S36中,根據本發明之方法2係由管理伺服器14根據觀看者帳號所設定的權限選擇性地對原始檔案執行保護處理以產生經保護處理的原始檔案並且產生保護程式,再行將經保護處理的原始檔案以及保護程式傳送至雲端服務系統16,進而下載至第二資料處理裝置17,其中保護程式於第二資料處理裝置17內執行進而對經保護處理的檔案保護。也就是說,下載至第二資料處理裝置17的原始檔案是經保護處理的原始檔案,並且第二資料處理裝置17針對經保護處理的原始檔案的螢幕列印或儲存功能被關閉。 In another embodiment, in step S22, the user 10a operates the first data processing device 10 to set a different authority for each authorized account at the management server 14. In step S36, according to the method 2 of the present invention, the management server 14 selectively performs protection processing on the original file according to the authority set by the viewer account to generate the protected original file and generates a protection program. The protected original file and the protection program are transmitted to the cloud service system 16 and then downloaded to the second data processing device 17, wherein the protection program is executed in the second data processing device 17 to protect the protected file. That is, the original file downloaded to the second material processing device 17 is the protected original file, and the second data processing device 17 is turned off for the screen printing or storing function of the protected original file.

藉由以上對本發明之方法的詳細描述,可以清楚地了解使用者可以在本發明之管理伺服器的協助下,便利地保護其上傳至雲端服務系統的檔案,避免他人盜用使用者的 檔案,尤其是牽涉個人隱私或是著作權的影像檔案、影音檔案。 Through the above detailed description of the method of the present invention, it can be clearly understood that the user can conveniently protect the file uploaded to the cloud service system with the assistance of the management server of the present invention, thereby preventing others from stealing the user. Archives, especially video files and audiovisual files that involve personal privacy or copyright.

藉由以上較佳具體實施例之詳述,係希望能更加清楚描述本發明之特徵與精神,而並非以上述所揭露的較佳具體實施例來對本發明之面向加以限制。相反地,其目的是希望能涵蓋各種改變及具相等性的安排於本發明所欲申請之專利範圍的面向內。因此,本發明所申請之專利範圍的面向應該根據上述的說明作最寬廣的解釋,以致使其涵蓋所有可能的改變以及具相等性的安排。 The features and spirit of the present invention are intended to be more apparent from the detailed description of the preferred embodiments. On the contrary, the intention is to cover various modifications and equivalents that are within the scope of the invention as claimed. Therefore, the scope of the patent application of the present invention should be construed broadly in the light of the above description, so that it covers all possible changes and arrangements.

Claims (14)

一種保護上傳一原始檔案至一雲端服務系統之方法,包含下列步驟:(a)將一使用者操作之一第一資料處理裝置經由一第一網路聯結至一管理伺服器;(b)於該管理伺服器的協助下,將該第一資料處理裝置經由該第一網路聯結至該雲端服務系統;(c)經由該第一資料處理裝置於該管理伺服器處建立至少一個授權帳號,其中該至少一個授權帳號對應該原始檔案;(d)經由該第一資料處理裝置上傳該原始檔案至該雲端服務系統;(e)由該管理伺服器攔截該原始檔案,且由該管理伺服器產生對應該原始檔案之一聯結資訊或一經加密的原始檔案;以及(f)由該管理伺服器傳送該聯結資訊或該經加密的原始檔案而非該原始檔案至該雲端服務系統。 A method for protecting an original file to a cloud service system, comprising the steps of: (a) coupling a first data processing device of a user operation to a management server via a first network; (b) With the assistance of the management server, the first data processing device is coupled to the cloud service system via the first network; (c) establishing at least one authorized account at the management server via the first data processing device, The at least one authorized account corresponds to the original file; (d) uploading the original file to the cloud service system via the first data processing device; (e) intercepting the original file by the management server, and the management server is Generating an original file corresponding to one of the original files or encrypting the original file; and (f) transmitting, by the management server, the link information or the encrypted original file instead of the original file to the cloud service system. 如請求項1所述之方法,其中於步驟(a)中,該使用者操作該第一資料處理裝置執行一第一瀏覽器以聯結至該管理伺服器之一第一網頁,該第一網頁提供一聯結框架,於步驟(b)中,該使用者於該聯結框架之一介面輸入該雲端服務系統之一網址,進而於該聯結框架中執行該雲端服務系統之一第二網頁。 The method of claim 1, wherein in step (a), the user operates the first data processing device to execute a first browser to link to a first webpage of the management server, the first webpage Providing a connection framework, in step (b), the user inputs a web address of the cloud service system in one interface of the connection framework, and executes a second webpage of the cloud service system in the connection framework. 如請求項1所述之方法,其中於步驟(a)與步驟(b)中,該使 用者操作該第一資料處理裝置執行一第二瀏覽器以聯結至該雲端服務系統之一第二網頁,關於聯結至該管理伺服器之一第一功能係內建於該第二瀏覽器內。 The method of claim 1, wherein in the steps (a) and (b), the The user operates the first data processing device to execute a second browser to be coupled to the second webpage of the cloud service system, and the first function associated with one of the management servers is built in the second browser. . 如請求項1所述之方法,其中於步驟(a)與步驟(b)中,該使用者操作該第一資料處理裝置執行一應用程式以聯結至該雲端服務系統,關於聯結至該管理伺服器之一第二功能係執行成附加於該應用程式內之一外掛程式。 The method of claim 1, wherein in the steps (a) and (b), the user operates the first data processing device to execute an application to be coupled to the cloud service system, and to the management server One of the second functions is implemented as an add-on program attached to the application. 如請求項1所述之方法,其中於步驟(f)中,由該管理伺服器傳送該聯結資訊至該雲端服務系統,該方法進一步包含下列步驟:(g)當一觀看者操作一第二資料處理裝置經由一第二網路聯結至該雲端服務系統且執行該聯結資訊欲觀看該原始檔案時,根據該聯結資訊將該第二資料處理裝置經由該第二網路聯結至該管理伺服器,且傳送該觀看者登錄該雲端服務系統之一觀看者帳號;(h)由該管理伺服器將該觀看者帳號與該至少一個授權帳號做比對;以及(i)若步驟(h)的比對結果為肯定者,則由該管理伺服器傳送該原始檔案至該雲端服務系統,進而下載至該第二資料處理裝置。 The method of claim 1, wherein in step (f), the connection information is transmitted by the management server to the cloud service system, the method further comprising the following steps: (g) when a viewer operates a second When the data processing device is connected to the cloud service system via a second network and the connection information is executed to view the original file, the second data processing device is coupled to the management server via the second network according to the connection information. And transmitting the viewer to one of the viewer accounts of the cloud service system; (h) comparing, by the management server, the viewer account with the at least one authorized account; and (i) if step (h) If the comparison result is affirmative, the management file transmits the original file to the cloud service system, and then downloads to the second data processing device. 如請求項5所述之方法,其中於步驟(c)中,該使用者操作該第一資料處理裝置於該管理伺服器處針對每一個授權帳號設定一個別的權限,於步驟(i)由該管理伺服器根據該觀看者帳號所設定之該權限選擇性地對該原始檔案執行 一保護處理以產生一經保護處理的原始檔案,再行將該經保護處理的原始檔案傳送至該雲端服務系統。 The method of claim 5, wherein in step (c), the user operates the first data processing device to set a different authority for each authorized account at the management server, in step (i) The management server selectively performs the original file according to the permission set by the viewer account A protection process is performed to generate a protected original file, and the protected original file is transmitted to the cloud service system. 如請求項6所述之方法,其中該保護處理係一嵌入浮水印處理或一調整灰階處理。 The method of claim 6, wherein the protection processing is embedded in a watermarking process or an adjusted grayscale process. 如請求項5所述之方法,其中於步驟(c)中,該使用者操作該第一資料處理裝置於該管理伺服器處針對每一個授權帳號設定一個別的權限,於步驟(i)由該管理伺服器根據該觀看者帳號所設定之該權限選擇性地將一保護程式與該原始檔案傳送至該雲端服務系統,進而下載至該第二資料處理裝置,其中該保護程式於該第二資料處理裝置內被行進而對該原始檔案保護。 The method of claim 5, wherein in step (c), the user operates the first data processing device to set a different authority for each authorized account at the management server, in step (i) The management server selectively transmits a protection program and the original file to the cloud service system according to the permission set by the viewer account, and then downloads the file to the second data processing device, wherein the protection program is in the second The data processing device is traveled to protect the original file. 如請求項8所述之方法,其中該保護程式係一禁止儲存程式或一關閉螢幕列印程式。 The method of claim 8, wherein the protection program prohibits storing the program or closing the screen printing program. 如請求項5所述之方法,其中於步驟(c)中,該使用者操作該第一資料處理裝置於該管理伺服器處針對每一個授權帳號設定一個別的權限,於步驟(i)由該管理伺服器根據該觀看者帳號所設定之該權限選擇性地對該原始檔案執行一保護處理以產生一經保護處理的原始檔案並且產生一保護程式,再行將該經保護處理的原始檔案以及該保護程式傳送至該雲端服務系統,進而下載至該第二資料處理裝置,其中該保護程式於該第二資料處理裝置內執行進而對該經保護處理的原始檔案保護。 The method of claim 5, wherein in step (c), the user operates the first data processing device to set a different authority for each authorized account at the management server, in step (i) The management server selectively performs a protection process on the original file according to the permission set by the viewer account to generate a protected original file and generates a protection program, and then the protected original file and The protection program is transmitted to the cloud service system and then downloaded to the second data processing device, wherein the protection program is executed in the second data processing device to protect the protected original file. 如請求項1所述之方法,其中於步驟(f)中,由該管理伺服器傳送該經加密的原始檔案至該雲端服務系統,該方法進 一步包含下列步驟:(g)將一觀看者操作之一第二資料處理裝置經由一第二網路聯結至該管理伺服器;(h)於該管理伺服器的協助下,將該第二資料處理裝置聯結至該雲端服務系統;(i)由該管理伺服器將該觀看者登錄該雲端服務系統之一觀看者帳號與該至少一個授權帳號做比對;以及(j)若步驟(i)的比對結果為肯定者,則由該管理伺服器將該經加密的原始檔案解密成該原始檔案,再行傳送該原始檔案至該雲端服務系統,進而下載至該第二資料處理裝置。 The method of claim 1, wherein in step (f), the encrypted original file is transmitted by the management server to the cloud service system, the method The step includes the following steps: (g) coupling a second data processing device of a viewer operation to the management server via a second network; (h) assisting the management server with the second data Processing device coupled to the cloud service system; (i) comparing, by the management server, the viewer login to the one of the cloud service system viewer accounts and the at least one authorized account; and (j) if step (i) If the comparison result is affirmative, the management server decrypts the encrypted original file into the original file, and then transmits the original file to the cloud service system, and then downloads to the second data processing device. 如請求項11所述之方法,其中於步驟(c)中,該使用者操作該第一資料處理裝置於該管理伺服器處針對每一個授權帳號設定一個別的權限,於步驟(j)由該管理伺服器根據該觀看者帳號所設定之該權限選擇性地對該原始檔案執行一保護處理以產生一經保護處理的原始檔案,再行將該經保護處理的原始檔案傳送至該雲端服務系統。 The method of claim 11, wherein in step (c), the user operates the first data processing device to set a different authority for each authorized account at the management server, in step (j) The management server selectively performs a protection process on the original file according to the permission set by the viewer account to generate a protected original file, and then transmits the protected original file to the cloud service system. . 如請求項11所述之方法,其中於步驟(c)中,該使用者操作該第一資料處理裝置於該管理伺服器處針對每一個授權帳號設定一個別的權限,於步驟(j)由該管理伺服器根據該觀看者帳號所設定之該權限選擇性地將一保護程式與該原始檔案傳送至該雲端服務系統,進而下載至該第二資料處理裝置,其中該保護程式於該第二資料處理裝置內被行進而對該原始檔案保護。 The method of claim 11, wherein in step (c), the user operates the first data processing device to set a different authority for each authorized account at the management server, in step (j) The management server selectively transmits a protection program and the original file to the cloud service system according to the permission set by the viewer account, and then downloads the file to the second data processing device, wherein the protection program is in the second The data processing device is traveled to protect the original file. 如請求項11所述之方法,其中於步驟(c)中,該使用者操作 該第一資料處理裝置於該管理伺服器處針對每一個授權帳號設定一個別的權限,於步驟(j)由該管理伺服器根據該觀看者帳號所設定之該權限選擇性地對該原始檔案執行一保護處理以產生一經保護處理的原始檔案並且產生一保護程式,再行將該經保護處理的原始檔案以及該保護程式傳送至該雲端服務系統,進而下載至該第二資料處理裝置,其中該保護程式於該第二資料處理裝置內執行進而對該經保護處理的原始檔案保護。 The method of claim 11, wherein in step (c), the user operates The first data processing device sets a different authority for each authorized account at the management server, and selectively accesses the original file by the management server according to the permission set by the viewer account in step (j) Performing a protection process to generate a protected original file and generating a protection program, and transmitting the protected original file and the protection program to the cloud service system, and then downloading to the second data processing device, wherein The protection program is executed in the second data processing device to protect the original file of the protected process.
TW106138167A 2017-11-03 2017-11-03 Method for securing files uploaded to cloud service system TWI644219B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW106138167A TWI644219B (en) 2017-11-03 2017-11-03 Method for securing files uploaded to cloud service system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW106138167A TWI644219B (en) 2017-11-03 2017-11-03 Method for securing files uploaded to cloud service system

Publications (2)

Publication Number Publication Date
TWI644219B true TWI644219B (en) 2018-12-11
TW201918902A TW201918902A (en) 2019-05-16

Family

ID=65431764

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106138167A TWI644219B (en) 2017-11-03 2017-11-03 Method for securing files uploaded to cloud service system

Country Status (1)

Country Link
TW (1) TWI644219B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201524184A (en) * 2013-08-02 2015-06-16 Ben-Chiao Jai Methods, systems and electronic devices for remotely recording and managing associated recorded files
TW201541925A (en) * 2014-04-22 2015-11-01 Trustview Inc System and method for controlling authentication of document

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201524184A (en) * 2013-08-02 2015-06-16 Ben-Chiao Jai Methods, systems and electronic devices for remotely recording and managing associated recorded files
TW201541925A (en) * 2014-04-22 2015-11-01 Trustview Inc System and method for controlling authentication of document

Also Published As

Publication number Publication date
TW201918902A (en) 2019-05-16

Similar Documents

Publication Publication Date Title
US11716356B2 (en) Application gateway architecture with multi-level security policy and rule promulgations
WO2015154457A1 (en) Security control method for user in social network, social application device and terminal
CA3091980C (en) Providing security to mobile devices via image evaluation operations that electronically analyze image data received from cameras of the mobile devices
US20150089224A1 (en) Application Gateway Architecture with Multi-Level Security Policy and Rule Promulgations
WO2016033365A1 (en) Distributing protected content
US10607035B2 (en) Method of displaying content on a screen of an electronic processing device
US10339283B2 (en) System and method for creating, processing, and distributing images that serve as portals enabling communication with persons who have interacted with the images
US9380102B2 (en) Secure management of SIP user credentials
EP3007061A1 (en) Application execution program, application execution method, and information processing terminal device in which application is executed
CA2962573C (en) Retrieving media content
JP6461137B2 (en) Method and device for protecting private data
WO2017026356A1 (en) Image processing device, image restoring device, image processing method, and image restoring method
US20230274012A1 (en) Data sharing and storage control system and method
TWI644219B (en) Method for securing files uploaded to cloud service system
Koh et al. Encrypted cloud photo storage using Google photos
US10318715B2 (en) Information processing device, information processing method, program, and server
Han et al. The privacy protection framework for biometric information in network based CCTV environment
CN112149177B (en) Bidirectional protection method and system for network information security
CN104700008A (en) Image projection privacy protection method and image projection privacy protection device for mobile terminal
GB2566043A (en) A method of displaying content on a screen of an electronic processing device
CN114553594B (en) Method and device for protecting data security
CN113098889B (en) Data processing method and system
EP2827537A1 (en) Filtering messages containing illegally copied content out of a telecommunication network
KR101800442B1 (en) System and method for providing data based on data loss prevention
WO2016195060A1 (en) Image processing system, server device, method for controlling server device, and program