CN103379133A - Safe and reliable cloud storage system - Google Patents
Safe and reliable cloud storage system Download PDFInfo
- Publication number
- CN103379133A CN103379133A CN 201210109368 CN201210109368A CN103379133A CN 103379133 A CN103379133 A CN 103379133A CN 201210109368 CN201210109368 CN 201210109368 CN 201210109368 A CN201210109368 A CN 201210109368A CN 103379133 A CN103379133 A CN 103379133A
- Authority
- CN
- China
- Prior art keywords
- data
- cloud storage
- service
- cloud
- safe
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012545 processing Methods 0.000 claims abstract description 18
- 239000012634 fragment Substances 0.000 claims description 15
- 238000005520 cutting process Methods 0.000 claims description 7
- 230000000007 visual effect Effects 0.000 claims description 7
- 238000000034 method Methods 0.000 claims description 5
- 230000008569 process Effects 0.000 claims description 5
- 238000013496 data integrity verification Methods 0.000 abstract 1
- 238000012800 visualization Methods 0.000 abstract 1
- 238000013523 data management Methods 0.000 description 3
- 238000012217 deletion Methods 0.000 description 3
- 230000037430 deletion Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000013500 data storage Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 244000097202 Rathbunia alamosensis Species 0.000 description 1
- 235000009776 Rathbunia alamosensis Nutrition 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000001186 cumulative effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000916 dilatatory effect Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 210000000056 organ Anatomy 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The application is designed to protect a safe and reliable cloud storage system and intellectual property of related technology. The safe and reliable cloud storage system includes a local user terminal (1), an encryption key service (2), a data cloud storage service (3) and an encryption key service (2). A local user is connected with a cloud storage service and the encryption key service via a safe cloud storage data processing module in the local terminal. Further, the cloud storage data processing module specifically comprises a key service interface, a cloud storage service interface, an encryption and decryption module, a data integrity verification module, a data cut-merge module and a visualization user interface. The user in the local terminal, via the safe cloud storage data processing module, uses the encryption key service to generate and store keys, cuts and encrypts the data needed to be uploaded to the cloud storage service, then uploads the cut and encrypted ciphertext to the cloud storage service. Thus, data security and integrity stored in the cloud storage service is significantly improved.
Description
Technical field
The present invention relates to data security, refer to especially the fail safe in the data of cloud stores service storage, for data security and the data integrity of secure data area.
Background technology
Along with the continuous progress of information technology, people's daily routines more and more launch round electronic data, for example send and receive e-mail, and appreciate electronic audio frequency or video, write work report with computer, record sale and customer data etc.Become the inevitable and very important thing of individual and enterprise for this a series of data storage and management.But along with the amount of the data that need storage administration is day by day cumulative, slowly, individual or enterprise with tired in or unable going bear for huge data storage and management.Still more, many data of storing can need and can be accessed to anywhere or anytime.Under such background, the cloud storage forms an important technological trend, it provides very huge memory space to allow the user use as required, pay as required, the user can store data in the server in long-range high in the clouds by the Internet, then just can come the data of storage are carried out long-range controlling by the Internet anywhere or anytime, such as access, copy the operations such as deletion.Now at home with the company that the cloud storage occurred in the world much providing, such as Sina, Kingsoft, 115 net dishes, Amazon, IBM, Microsoft etc.
But, clearly, in case local data are transferred to long-range high in the clouds, also just having lost for the control of data, the supplier that any protection for data must depend on the cloud storage fully provides, and this has inevitably brought a lot of potential safety hazards.In the data of storage, it can be the important sensitive information of individual or enterprise even country that a lot of data are arranged, can attract unavoidably the artificial attack of each side, leakage of information for example, steal, distort, delete and add etc., the loss that this a series of attack can allow involved individual or enterprise and even country suffer very large economy and an aspect.Exist the data of cloud stores service all to be faced with the while from the outside of cloud and inner potential threat, outside threat refers to attack from computer hacker's intrusion, and inner threat refers to that the supplier's of cloud stores service internal work personnel utilize the facility of position to visit or revise user's data to obtain interests.In fact, leakage that there are some researches show most significant data is finished or is cooperated by the internal staff and finishes.
Because this a series of potential safety hazard, the user group is difficult to trust cloud stores service provider can actively effectively protect the significant data that is stored in high in the clouds.In fact, there are some researches show that the provider of a lot of cloud stores service comprises the major company that some are well-known, is very limited for the safeguard measure of user data.If the user thinks initiatively protection and is stored in the data in high in the clouds; only have with the manual data that need protection of encrypting of encryption software and then be sent to high in the clouds; the technological know-how that this action need is relevant; and need the user properly to manage the secret key that is used for encrypting, because in a single day secret key is leaked or is lost all and will cause very large loss to the user.This problem has had a strong impact on individual or enterprise for the admittance degree of cloud stores service, is also suppressing the fast development of this technology of cloud stores service simultaneously.
Summary of the invention
Purpose of the present invention is exactly in order to solve the safety problem of above-mentioned existing significant data in cloud stores service storage, and provides a kind of conveniently secure cloud storage system that the user can effectively be protected for the significant data that is stored on the cloud stores service.
Realize that technical measures of the present invention are: the cryptographic keys that the cryptographic keys service that utilizes a side to provide generates and stores, encrypt that needs on the local terminal are uploaded the significant data that is stored in the cloud stores service that the opposing party provides and for the ciphertext after encrypting generates signature, then ciphertext is stored in the cloud stores service together with corresponding signature.The processing mutual and data encryption of all of user and secret key service and cloud stores service can easily be finished by the secure cloud data memory module on the local terminal.
The secure cloud data memory module only needs the user that the password of logining of itself and cryptographic keys service and the registration of cloud stores service is provided, and just can finish for the user:
1) upload file: cutting data is part size fragment file at random extremely at random, the index information of mapping original and fragment file can be integrated and write an index file, then the different secret key that generates from the cryptographic keys service acquisition is encrypted every part of fragment file and index file generating ciphertext file, come for cryptograph files produces digital signature with different secret keys, last secret key is stored in the cryptographic keys service end and cryptograph files can be transferred into cloud stores service end with corresponding digital signature again.
2) download file: the ciphertext of index file is downloaded from the cloud stores service first, thereby find and download the cryptograph files of the fragment file that needs download file and the digital signature of their correspondence, whether examine cryptograph files with digital signature first is tampered, decipher and go back the primary fragment file, the last integrated original that is reduced into of fragment file by asking for corresponding cryptographic keys from the cryptographic keys service after examining.
The invention has the advantages that data are after being cut at random fragment and encrypting with different secret keys, cloud stores service end can't be from the size of the file stored, kind, and name and content go to understand the data of storing.Also mean simultaneously if the attacker attempts to reduce a piece of data; he can need to crack a plurality of cryptograph files; moreover which cryptograph files belongs to a certain divided data and does not also know; this will improve the protection to data greatly, and the possibility that the cryptograph files of decoding all fragments by violence obtains former data is very little.The password of logining that relies on cryptographic keys service and cloud stores service fully comes protected data to mean that the user not be used in the local storage any enciphered message of keeping or secret key; the restriction of logining the number of attempt of password can substantially be stopped the attacker and be learnt password by the mode that makes repeated attempts; the hacker also will need to break through simultaneously two or more service side (cryptographic keys service; the cloud stores service) restoring data smoothly, effective so fully or the containment of absolutely large degree a series of attack pattern.The user can pass through the simple upload and download data of visual user interface, and complicated data are processed and all carried out on the backstage by system with the data interaction of individual service end.
Description of drawings
Fig. 1 is structural representation of the present invention
Fig. 2 is mounted in the structural representation of the secure cloud storage data processing module on the LUT
Reference numeral: LUT 1, cryptographic keys service 2, cloud stores service 3, secure cloud storage data processing module 4, secret key service interface 5, cloud stores service interface 6, data integrity validating module 7, encryption and decryption module 8, the data cutting merges module 9, visual user interface 10.
Embodiment
The present invention is described in detail below in conjunction with specific embodiment
Embodiment: the personal user protects the private data that has the cloud stores service with the present invention on PC
LUT (1) is PC, and the user need install on computers secure cloud storage data processing module (4) and come to carry out data interaction with cryptographic keys service (2) and cloud stores service (3).
The user need to be provided by his selected cryptographic keys service (2) and the cloud stores service (3) that is provided by difference side, this process comprises: arrange and login password, provide required personal information to be used for recovering the later on password of losing, select way of paying etc.
In the present embodiment, cryptographic keys service (2) provides the generation of secret key and basic secret key management service, and management service comprises the storage of secret key, inquiry, backup and deletion.Cloud stores service (3) provides basic data management service, and management service comprises the storage of data, downloads backup and deletion.Need provide correct separately for these two kinds of service-users and login the operation that password just can carry out a class, the service side can limit the number of attempt that the user logins, repeatedly can freeze this user account in the failed situation, the personal information that provides when then initiatively the contact user inquiry is registered is come again open-minded.
The user can login this two sides service at the password of logining of visual user interface (10) input cryptographic keys service (2) and cloud stores service (3).In case login, the cryptograph files of index file and the corresponding digital signature of this cryptograph files can be downloaded from the cloud stores service, after examining its integrality, secure cloud storage data processing module (4) can obtain corresponding cryptographic keys from cryptographic keys service (2) and reduce index file.Come to show that at visual user interface (10) user is stored in the data file of cloud stores service by resolving the user data that records in the index file.
In the present embodiment, the operating process of user's upload file comprises:
The user dilatory or copy need be uploaded to the cloud stores service file to visual user interface (10), this document can be merged module (9) by the data cutting at once and cut into the at random size fragment file at random of part, then can come to obtain newly-generated different secret keys from cryptographic keys service (2) by secret key service interface (5), a part is used for encrypting these fragment files and generates cryptograph files, and remaining part is used for generating the digital signature of these cryptograph files.The filename of cryptograph files generates at random, the filename of the cryptograph files after the information of original and its fragment are encrypted and the digital signature of these cryptograph files can together be kept in the index file (or to be replaced existing, if the original of same filename exists), this index file is recording the source file of other all files of uploading and the information of cryptograph files and cryptograph files digital signature simultaneously, then this index file also can be encrypted in the same way is uploaded to the cloud stores service and replaces original out-of-date index file, and the cryptograph files of index file has specific filename so that convenient inquiry.At last, the cryptograph files of fragment file can be uploaded to cloud stores service (3), and simultaneously, the secret key that uses in the said process all has been stored in cryptographic keys service (2).
In the present embodiment, the operating process of user's download file comprises:
The file that has cloud stores service (3) that the user need to download in visual user interface (10) selection, secure cloud storage data processing module (4) can find the filename of the corresponding cryptograph files of this document then to download from cloud stores service (3) from index file.After cryptograph files is downloaded to this locality, data integrity validating module (7) is used the integrality that the digital signature to should cryptograph files in the index file is examined this cryptograph files, can decipher from the cryptographic keys that this cryptograph files is asked in cryptographic keys service (2) by examining rear encryption and decryption module (8), then data cuttings merges modules (10) and can merge the fragment file that generates after the deciphering and reduce original, original after the reduction can be stored in local position by user's appointment, and corresponding application can be unlocked to open this document (for example open text edit software and come editing text file).
The present invention can be by the individual, and enterprise and government organs are applied in the significant data that the cloud stores service that is provided by other party is provided the various needs of protection widely.The invention has the advantages that, support various cryptographic algorithm, encrypt same piece of data with a plurality of cryptographic keys at random, greatly strengthened the protection of employed cryptographic algorithm.And the present invention is easy to use, and the user need not manage any cryptographic keys or initiatively carry out the operation of any encryption and decryption.The user can obtain to be stored in any place that the Internet arranged the data of cloud stores service (3), has been stored in the cloud stores service (3) but these data all are forms with ciphertext.
Claims (9)
- We specifically apply for protecting following innovation:1. the cloud storage system of a safety, it comprises data cloud stores service (3), cryptographic keys service (2) and LUT (1), wherein, the local user is connected with cloud stores service and cryptographic keys service by the storage data processing module of the secure cloud in the local terminal (4), concrete also the comprising of this secure cloud storage data processing module (4), secret key service interface (5), cloud stores service interface (6), encryption and decryption module (8), data integrity validating module (7), the data cutting merges module (9) and visible user interface (10).
- 2. safe cloud storage system as claimed in claim 1, it is characterized in that, utilize unallied two sides or the cryptographic keys service (2) that in many ways provides and cloud stores service (3) are separated the secret key of storing enciphered data and the ciphertext after the data encryption.
- 3. safe cloud storage system as claimed in claim 2, it is characterized in that, the secret key of utilizing cryptographic keys service (2) to generate and store is encrypted the data that this locality need be uploaded to cloud stores service (3), does not need to keep on LUT (1) or manage any secret key of using in ciphering process.
- 4. safe cloud storage system as claimed in claim 3, it is characterized in that, the data that need to be uploaded to the cloud stores service can merge module (9) in the data cutting and be cut at random a plurality of sizes fragment file at random, and then each fragment file can use different secret keys to be encrypted processing in encryption and decryption module (8).
- 5. safe cloud storage system as claimed in claim 4, it is characterized in that, for each cryptograph files that generates after the data encryption, the capital produces digital signature with the secret key that the cryptographic keys service provides, this Autograph Session is stored in the cloud stores service with cryptograph files, the corresponding digital signature of this document can be downloaded together when downloading cryptograph files, examines the integrality of downloading data in data integrity validating module (7).
- 6. safe cloud storage system as claimed in claim 2; it is characterized in that; utilize the encryption cutting process of safety to protect the data of storing in cloud stores service (3), rely on secret key service (2) and cloud stores service (3) password of logining separately fully and protect cryptographic keys and the ciphertext of in this two side, storing.
- 7. safe cloud storage system as claimed in claim 1, it is characterized in that, visual user interface (10) in the secure cloud storage data processing module (4) can be able to be used with the form of independent interface program, also can be combined with the file system of this LUT (1), directly in original file system, use secure cloud storage data processing module (4) that data are processed.
- 8. safe cloud storage system as claimed in claim 1, it is characterized in that, can apply to multiple user terminal, can according to processing environment and the capacity adjusting secure cloud storage data processing module of target terminal, can apply to fixed terminal, such as desktop computer, and portable terminal, such as smart mobile phone, notebook computer, and panel computer.
- 9. safe cloud storage system as claimed in claim 2, it is characterized in that, secure cloud storage data processing module (4) can provide secret key service interface (5) and the cloud memory interface (6) of the different service providers of a plurality of correspondences, and new interface can be loaded into the form of plug-in unit in the secure cloud storage data processing module (4).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201210109368 CN103379133A (en) | 2012-04-16 | 2012-04-16 | Safe and reliable cloud storage system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201210109368 CN103379133A (en) | 2012-04-16 | 2012-04-16 | Safe and reliable cloud storage system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103379133A true CN103379133A (en) | 2013-10-30 |
Family
ID=49463691
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201210109368 Pending CN103379133A (en) | 2012-04-16 | 2012-04-16 | Safe and reliable cloud storage system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103379133A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104270465A (en) * | 2014-10-23 | 2015-01-07 | 成都双奥阳科技有限公司 | Cloud storage protection system |
| CN104615551A (en) * | 2015-02-09 | 2015-05-13 | 联想(北京)有限公司 | Information processing method and electronic device |
| CN105357202A (en) * | 2015-11-12 | 2016-02-24 | 中国电子科技网络信息安全有限公司 | Cloud platform user key management device and management method |
| WO2017113088A1 (en) * | 2015-12-29 | 2017-07-06 | 深圳大学 | Cloud service-based data storage method, integrity detection method and apparatus, and terminal device |
| WO2020113371A1 (en) * | 2018-12-03 | 2020-06-11 | 刘国斌 | Implementation method of domestic-abroad integrated services |
| CN118571394A (en) * | 2024-05-14 | 2024-08-30 | 北京远盟普惠健康科技有限公司 | A secure management method and system for medical data storage |
-
2012
- 2012-04-16 CN CN 201210109368 patent/CN103379133A/en active Pending
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104270465A (en) * | 2014-10-23 | 2015-01-07 | 成都双奥阳科技有限公司 | Cloud storage protection system |
| CN104615551A (en) * | 2015-02-09 | 2015-05-13 | 联想(北京)有限公司 | Information processing method and electronic device |
| CN105357202A (en) * | 2015-11-12 | 2016-02-24 | 中国电子科技网络信息安全有限公司 | Cloud platform user key management device and management method |
| WO2017113088A1 (en) * | 2015-12-29 | 2017-07-06 | 深圳大学 | Cloud service-based data storage method, integrity detection method and apparatus, and terminal device |
| CN107251523A (en) * | 2015-12-29 | 2017-10-13 | 深圳大学 | Date storage method, integrality detection method and device, terminal device based on cloud service |
| CN107251523B (en) * | 2015-12-29 | 2020-03-27 | 深圳大学 | Data storage method based on cloud service, integrity detection method and device and terminal equipment |
| WO2020113371A1 (en) * | 2018-12-03 | 2020-06-11 | 刘国斌 | Implementation method of domestic-abroad integrated services |
| CN118571394A (en) * | 2024-05-14 | 2024-08-30 | 北京远盟普惠健康科技有限公司 | A secure management method and system for medical data storage |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7104248B2 (en) | An encrypted asset encryption key part that allows the assembly of an asset encryption key using a subset of the encrypted asset encryption key parts | |
| JP6609010B2 (en) | Multiple permission data security and access | |
| US9070112B2 (en) | Method and system for securing documents on a remote shared storage resource | |
| US10762229B2 (en) | Secure searchable and shareable remote storage system and method | |
| US20130254536A1 (en) | Secure server side encryption for online file sharing and collaboration | |
| JP5362114B2 (en) | Secure USB storage medium generation and decoding method, and medium on which a program for generating a secure USB storage medium is recorded | |
| CN101925913A (en) | Method and system for encrypted file access | |
| CN104995633A (en) | Achieving storage efficiency in presence of end-to-end encryption using downstream decrypters | |
| CN105117635A (en) | Local data security protection system and method | |
| CN107370595A (en) | One kind is based on fine-grained ciphertext access control method | |
| CN110430192A (en) | A kind of method of file encryption-decryption, system, controller and storage medium | |
| CN103379133A (en) | Safe and reliable cloud storage system | |
| US8972747B2 (en) | Managing information in a document serialization | |
| CN105827574A (en) | File access system, file access method and file access device | |
| CN105072134A (en) | Cloud disk system file secure transmission method based on three-level key | |
| CN111709047B (en) | Information management system and method | |
| Belenko et al. | “Secure Password Managers” and “Military-Grade Encryption” on Smartphones: Oh, Really? | |
| US10380353B2 (en) | Document security in enterprise content management systems | |
| US20190012435A1 (en) | Secure Document Management | |
| Virvilis et al. | A cloud provider-agnostic secure storage protocol | |
| Mandhare et al. | A Proposal on Protecting Data Leakages In Cloud Computing | |
| JP4338185B2 (en) | How to encrypt / decrypt files | |
| KR101635005B1 (en) | Method for managing metadata in a digital data safe system based on cloud | |
| Ahmed et al. | Cloud Computing Security: Assured Deletion | |
| Coles et al. | Expert SQL server 2008 encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20131030 |