[go: up one dir, main page]

TWI585608B - Keyword searching method applied to cloud storage service - Google Patents

Keyword searching method applied to cloud storage service Download PDF

Info

Publication number
TWI585608B
TWI585608B TW104136433A TW104136433A TWI585608B TW I585608 B TWI585608 B TW I585608B TW 104136433 A TW104136433 A TW 104136433A TW 104136433 A TW104136433 A TW 104136433A TW I585608 B TWI585608 B TW I585608B
Authority
TW
Taiwan
Prior art keywords
data
cloud storage
storage platform
value
verification
Prior art date
Application number
TW104136433A
Other languages
Chinese (zh)
Other versions
TW201717091A (en
Inventor
李俊達
李欽文
Original Assignee
台南家專學校財團法人台南應用科技大學
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 台南家專學校財團法人台南應用科技大學 filed Critical 台南家專學校財團法人台南應用科技大學
Priority to TW104136433A priority Critical patent/TWI585608B/en
Publication of TW201717091A publication Critical patent/TW201717091A/en
Application granted granted Critical
Publication of TWI585608B publication Critical patent/TWI585608B/en

Links

Landscapes

  • Storage Device Security (AREA)

Description

應用於雲端儲存服務之關鍵字搜尋方法 Keyword search method applied to cloud storage service

本發明係為一種應用於雲端儲存服務之關鍵字搜尋方法,尤指一種透過多個驗證程序後,開啟特定的資料接收端接收資料的權限以及根據資料接收端傳輸的關鍵字迅速的搜尋出所需的資料。 The present invention relates to a keyword search method applied to a cloud storage service, in particular, a method for opening a specific data receiving end to receive data through multiple verification programs, and quickly searching for a location according to keywords transmitted by the data receiving end. Information required.

中華民國發明專利公報第I474189號「雲端檔案自動加解密系統」,主要係在雲端服務平台系統中直接加入資訊安全模組,利用攔截系統指令的方式,當虛擬主機進行開啟、關閉、系統操作等具變更資料之動作時,資訊安全模組會對系統的操作行為進行驗證,並在讀寫儲存設備或檔案的過程中進行即時的資料加解密。 The Republic of China Invention Patent Gazette No. I474189 "Cloud File Automatic Encryption and Decryption System" mainly includes the information security module directly in the cloud service platform system, and uses the interception system command to enable the virtual host to be turned on, off, and operated. When the action of changing data is performed, the information security module verifies the operation behavior of the system and performs instant data encryption and decryption in the process of reading and writing the storage device or file.

上述前案雖提供在資料變更時驗證上述操作行為以及即時的加密/解密資料,但上述操作行為僅用攔截系統I/O的方式來判斷是否執行資料加密,若非合法授權的使用者擷取授權者在不使用I/O的情況下(閒置狀態下)透過網路傳輸的資料,上述前案則無法有效的執行資料加密。 Although the above predecessor provides the verification of the above operation behavior and the instant encryption/decryption data when the data is changed, the above operation behavior only uses the method of intercepting the system I/O to judge whether to perform data encryption, and if the unauthorized authorized user obtains the authorization. In the case of data transmitted through the network without using I/O (in an idle state), the above case cannot effectively perform data encryption.

為了解決前述專利之缺失,本發明提供一種應用於雲端儲存服務之關鍵字搜尋方法,係包含下列步驟:A.一資料傳輸端上傳一傳輸金鑰至一雲端儲存平台進行一第一驗證程序,該第一驗證程序為正確時,該資料傳輸端上傳透過一第一加密程序加密的至少一第一資料至該雲端儲存平台儲存。B.一資料接收端上傳一接收金鑰至該雲端儲存平台進行一第二驗證程序。C.該第二驗 證程序為正確時,該資料接收端上傳一安全接收值經由該雲端儲存平台傳輸至該資料傳輸端,進行該資料傳輸端的一安全傳輸值與該安全接收值之一第三驗證程序。D.該第三驗證程序為正確時,該資料傳輸端係透過該雲端儲存平台開啟該資料接收端接收該第一資料之權限。E.該資料接收端係傳輸一關鍵字至該雲端儲存平台,該雲端儲存平台係根據該關鍵字在該第一資料中搜尋出一第二資料,並將該第二資料傳輸至該資料接收端。 In order to solve the deficiencies of the foregoing patents, the present invention provides a keyword search method applied to a cloud storage service, which includes the following steps: A. A data transmission end uploads a transmission key to a cloud storage platform for performing a first verification procedure, When the first verification procedure is correct, the data transmission end uploads at least one first data encrypted by a first encryption program to the cloud storage platform for storage. B. A data receiving end uploads a receiving key to the cloud storage platform for performing a second verification process. C. The second test When the verification procedure is correct, the data receiving end uploads a secure receiving value to the data transmission end via the cloud storage platform, and performs a third verification procedure of a secure transmission value of the data transmission end and the secure receiving value. D. When the third verification procedure is correct, the data transmission end opens the permission of the data receiving end to receive the first data through the cloud storage platform. E. The data receiving end transmits a keyword to the cloud storage platform, and the cloud storage platform searches for a second data in the first data according to the keyword, and transmits the second data to the data receiving end.

進一步,該安全傳輸值及安全接收值係為彼此對應之一數值,該數值每經一亂數演算法加密後,均改變該數值之內容。 Further, the secure transmission value and the secure reception value are one value corresponding to each other, and the value changes the content of the value after being encrypted by a random number algorithm.

前述步驟A中,該第一驗證程序為不正確時,該雲端儲存平台係拒絕該資料傳輸端之資料傳輸。 In the foregoing step A, when the first verification procedure is incorrect, the cloud storage platform rejects the data transmission of the data transmission end.

前述步驟B中,該第二驗證程序為不正確時,該雲端儲存平台係拒絕該資料接收端的資料接收。 In the foregoing step B, when the second verification procedure is incorrect, the cloud storage platform rejects the data receiving of the data receiving end.

其中,該雲端儲存平台具有一雲端金鑰,用以進行該第一驗證程序及該第二驗證程序之依據。 The cloud storage platform has a cloud key for performing the first verification procedure and the second verification procedure.

進一步,該關鍵字係可透過一第二加密程序加密成一關鍵字加密檔,該雲端儲存平台係根據該關鍵字加密檔之內容執行步驟E。 Further, the keyword is encrypted into a keyword encryption file by a second encryption program, and the cloud storage platform performs step E according to the content of the keyword encryption file.

進一步,包含步驟F.該第三驗證程序為不正確時,該資料傳輸端係透過該雲端儲存平台拒絕該資料接收端接收該第一資料之權限。 Further, if the step F is included, the data transmission end rejects the permission of the data receiving end to receive the first data through the cloud storage platform.

根據上述技術特徵可達成以下功效: According to the above technical features, the following effects can be achieved:

1.透過該第一加密程序加密後的該第一資料與該亂數演算法計算後的該數值,即達成資料加密的功能,非合法授權的使用者沒有取得與該雲端儲存平台授權的接收金鑰,非合法授權的使用者就無法進入該雲端儲存平台擷取所需的資料。 1. The first data encrypted by the first encryption program and the value calculated by the random number algorithm, that is, the function of data encryption is achieved, and the non-legally authorized user does not obtain the authorization authorized by the cloud storage platform. The key, the non-legally authorized user can not enter the cloud storage platform to retrieve the required data.

2.若非合法授權的使用者能下載該的該第一資料或該數值,但沒有能解開該第一資料或該數值的安全接收值,非合法授權的使用者就無法得知該第一資料或該數值的內容。 2. If the non-legally authorized user can download the first data or the value but fails to unlock the first data or the secure receiving value of the value, the unauthorized authorized user cannot know the first The data or the content of the value.

3.該安全傳輸值及該安全接收值內的該數值經過該亂數演算法計算後,均會改變該數值之內容,非合法授權的使用者無法得知該資料傳輸端或該資料接收端在傳輸/接收資料是否為同一份資料,使得非合法授權的使用者僅能得到零碎的資訊,更難破解本發明的加密程序。 3. After the safe transmission value and the value in the security reception value are calculated by the random number algorithm, the content of the value is changed, and the non-legally authorized user cannot know the data transmission end or the data receiving end. Whether the data transmitted/received is the same data enables the non-legally authorized user to obtain only the piecemeal information, and it is more difficult to crack the encryption program of the present invention.

4.該安全傳輸值及該安全接收值的數值內容僅有彼此授權的該資料傳輸端及該資料接收端得知,且在網路傳輸的過程中,該安全傳輸值及該安全接收值的數值透過該亂數演算法計算後,每次都會產生不同的數值,非合法授權的使用者無法得知網路上傳輸的數值是否正確及完整,故非合法授權的使用者無法透過合法授權的該資料接收端下載資料。 4. The secure transmission value and the numerical content of the secure reception value are only known to the data transmission end and the data receiving end authorized by each other, and in the process of network transmission, the secure transmission value and the secure reception value are After the value is calculated by the random number algorithm, each time a different value is generated. The user who is not legally authorized cannot know whether the value transmitted on the network is correct and complete, so the non-legally authorized user cannot pass the legal authorization. The data receiving end downloads the data.

5.授權的該資料傳輸端在上傳資料時,只需要選擇所欲上傳的資料以及填入該傳輸金鑰與該安全傳輸值的數值後,即可上傳該資料至該雲端儲存平台,在使用上十分方便。 5. When the authorized data transmission terminal only needs to select the data to be uploaded and fill in the value of the transmission key and the security transmission value, the data transmission terminal can upload the data to the cloud storage platform, and use it. Very convenient.

6.授權的該資料接收端在接收資料前,須通過第二驗證程序以及第三驗證程序,在安全使用上達到完整的保護。 6. The authorized receiving end of the data must pass the second verification procedure and the third verification procedure to obtain complete protection in safe use before receiving the data.

(1)‧‧‧”連接至上傳加密檔案頁面”按鈕 (1)‧‧‧"Connect to upload encrypted file page" button

(1A)‧‧‧”連接至上傳加密檔案頁面”按鈕 (1A)‧‧‧"Connect to upload encrypted file page" button

(11)‧‧‧”選擇檔案”按鈕 (11)‧‧‧"Select File" button

(12)‧‧‧”上傳檔案”按鈕 (12)‧‧‧"Upload File" button

(2)‧‧‧”連接至下載加密檔案頁面”按鈕 (2) ‧‧‧"Connect to download encrypted file page" button

(2A)‧‧‧”連接至下載加密檔案頁面”按鈕 (2A)‧‧‧"Connect to download encrypted file page" button

(21A)‧‧‧“發送下載請求”按鈕 (21A)‧‧‧"Send Download Request" button

[第一圖]係為本發明之流程示意圖,說明該資料傳輸端、該雲端儲存平台以及資料接收端之間的驗證程序。 [First figure] is a schematic flowchart of the present invention, illustrating a verification procedure between the data transmission end, the cloud storage platform, and the data receiving end.

[第二圖]係為本發明第一實施例之操作使用示意圖一,使用者登入本發明之系統時,可選擇要上傳資料。 [Second figure] is a schematic diagram 1 used for the operation of the first embodiment of the present invention, and when the user logs in to the system of the present invention, the data to be uploaded can be selected.

[第三圖]係為本發明第一實施例之操作使用示意圖二,說明該資料傳輸端的使用者選擇上傳資料後的系統頁面。 [Third Figure] is a schematic diagram 2 of the operation of the first embodiment of the present invention, illustrating a system page after the user of the data transmission end selects to upload the data.

[第四圖]係為本發明第一實施例之操作使用示意圖三,說明該資料傳輸端的使用者在選擇上傳哪份檔案(本發明係以TR檔名的檔案為上傳的檔案)。 [Fourth figure] is a schematic diagram 3 for the operation of the first embodiment of the present invention, which illustrates which file the user of the data transmission end selects to upload (the file of the TR file name is uploaded file).

[第五圖]係為本發明第一實施例之操作使用示意圖四,說明該資料傳輸端的使用者選取檔案及輸入傳輸金鑰及安全傳輸值完畢後,按下檔案上傳的按鈕。 [Fifth Figure] is a schematic diagram of the operation of the first embodiment of the present invention. The user of the data transmission end selects the file and inputs the transmission key and the security transmission value is completed, and then presses the file upload button.

[第六圖]係為本發明第一實施例之操作使用示意圖五,說明TR檔案上傳到該雲端儲存平台。 [Sixth Diagram] FIG. 5 is a schematic diagram of the operation of the first embodiment of the present invention, illustrating that the TR file is uploaded to the cloud storage platform.

[第七圖]係為本發明另一之操作使用示意圖一,使用者登入本發明之系統時,可選擇要下載資料。 [Seventh figure] is a schematic diagram of another operation of the present invention. When the user logs in to the system of the present invention, the data can be downloaded.

[第八圖]係為本發明另一之操作使用示意圖二,說明該資料接收端的使用者輸入接收金鑰及安全接收值。 [Eighth figure] is another operation of the present invention. FIG. 2 illustrates the user input receiving key and the secure receiving value of the data receiving end.

[第九圖]係為本發明另一之操作使用示意圖三,說明該資料接收端的使用者進入該雲端儲存平台內,選擇所欲下載的檔案(本發明係以TR檔名的檔案為下載的檔案)。 [Ninth aspect] is another operation of the present invention. FIG. 3 illustrates that the user at the receiving end of the data enters the cloud storage platform and selects the file to be downloaded (the present invention downloads the file with the TR file name). file).

綜合上述技術特徵,本發明一種應用於雲端儲存服務之關鍵字搜尋方法的主要功效將可於下述實施例清楚呈現。 In summary of the above technical features, the main functions of the keyword search method applied to the cloud storage service of the present invention will be clearly shown in the following embodiments.

請參閱第一圖,首先透過一資料傳輸端的使用者上傳一傳輸金鑰至一雲端儲存平台進行一第一驗證程序,其中該第一驗證程序係將該雲端儲存平台內的一雲端金鑰與該傳輸金鑰進行比對。 Referring to the first figure, first, a user of a data transmission terminal uploads a transmission key to a cloud storage platform to perform a first verification process, wherein the first verification program is a cloud key in the cloud storage platform. The transfer key is compared.

如果該第一驗證程序的驗證結果為不正確時,該雲端儲存平台會將該資料傳輸端的使用者視為非合法授權的使用者,且該雲端儲存平台係拒絕該資料傳輸端之資料傳輸。 If the verification result of the first verification program is incorrect, the cloud storage platform regards the user of the data transmission end as a non-legally authorized user, and the cloud storage platform rejects the data transmission of the data transmission end.

該第一驗證程序的驗證結果為正確時,該雲端儲存平台將該資料傳輸端的使用者視為合法授權的使用者,該資料傳輸端使用一第一加密程序加密至少一第一資料,並把加密後的該第一資料上傳到該雲端儲存平台進行儲存。 When the verification result of the first verification program is correct, the cloud storage platform regards the user of the data transmission end as a legally authorized user, and the data transmission end encrypts at least one first data by using a first encryption program, and The encrypted first data is uploaded to the cloud storage platform for storage.

其中該第一加密程序係根據下列演算法得知。 The first encryption program is known according to the following algorithm.

其中,加密後的該第一資料上傳到該雲端儲存平台進行儲存係根據下列演算法得知。 The encrypted first data is uploaded to the cloud storage platform for storage, and is learned according to the following algorithm.

一資料接收端的使用者要下載該資料傳輸端使用者上傳的該第一資料時,該資料接收端上傳一接收金鑰至該雲端儲存平台進行一第二驗證程 序,其中該第二驗證程序係將該雲端儲存平台內的該雲端金鑰與該接收金鑰進行比對。 When the user of the data receiving end downloads the first data uploaded by the data transmission end user, the data receiving end uploads a receiving key to the cloud storage platform for a second verification process. The second verification program compares the cloud key in the cloud storage platform with the receiving key.

其中,該傳輸金鑰、該雲端金鑰及該接收金鑰係依據下列演算法計算得知,SKD係為該傳輸金鑰、SKS係為該雲端金鑰、SKR係為該接收金鑰。 The transmission key, the cloud key, and the receiving key are calculated according to the following algorithm: S K D is the transmission key, S K S is the cloud key, and S K R is The receiving key.

若該第二驗證程序的驗證結果為不正確時,該雲端儲存平台會將該資料接收端的使用者視為非合法授權的使用者,且該雲端儲存平台係拒絕該資料接收端的資料接收。故上述說明已達成下列功效:1.非合法授權的使用者就無法進入該雲端儲存平台擷取所需的資料。2.非合法授權的使用者也無法得知該第一資料或該數值的內容。3.非合法授權的使用者無法得知該資料傳輸端或該資料接收端在傳輸/接收資料是否為同一份資料。4.非合法授權的使用者無法得知網路上傳輸的數值是否正確及完整,故非合法授權的使用者無法透過合法授權的該資料接收端下載資料。 If the verification result of the second verification program is incorrect, the cloud storage platform regards the user of the data receiving end as a non-legally authorized user, and the cloud storage platform rejects the data receiving of the data receiving end. Therefore, the above description has achieved the following effects: 1. Unauthorized authorized users cannot access the cloud storage platform to retrieve the required information. 2. The user who is not legally authorized cannot know the content of the first data or the value. 3. A user who is not legally authorized cannot know whether the data transmission end or the data receiving end is transmitting/receiving data for the same data. 4. A user who is not legally authorized cannot know whether the value transmitted on the network is correct or complete. Therefore, a user who is not legally authorized cannot download the data through the legally authorized data receiving end.

該第二驗證程序的驗證結果為正確時,該資料接收端與該資料傳輸端進行一第三驗證程序。 When the verification result of the second verification program is correct, the data receiving end performs a third verification procedure with the data transmission end.

該第三驗證程序係由該資料傳輸端的一安全傳輸值再與該安全接收值進行比對,首先透過該資料接收端上傳一安全接收值至該雲端儲存平台,該雲端儲存平台再將該安全接收值傳輸至該資料傳輸端,在該雲端儲存平台中不會儲存該安全傳輸值或該安全接收值。且該安全傳輸值及該安全接收值 係為彼此對應之一數值,該數值每經一亂數演算法加密後,均改變該數值之內容。 The third verification program compares a secure transmission value of the data transmission end with the security reception value, and first uploads a secure reception value to the cloud storage platform through the data receiving end, and the cloud storage platform performs the security again. The received value is transmitted to the data transmission end, and the secure transmission value or the secure reception value is not stored in the cloud storage platform. And the secure transmission value and the secure reception value The values are corresponding to each other, and the value changes the content of the value after being encrypted by a random number algorithm.

該第三驗證程序為不正確時,該資料傳輸端係透過該雲端儲存平台拒絕該資料接收端接收該第一資料之權限。 When the third verification procedure is incorrect, the data transmission end rejects the permission of the data receiving end to receive the first data through the cloud storage platform.

該第三驗證程序為正確時,該資料傳輸端係透過該雲端儲存平台開啟該資料接收端接收該第一資料之權限,該資料接收端係可透過一第二加密程序將一關鍵字加密成一關鍵字加密檔後,該資料接收端傳輸一關鍵字加密檔至該雲端儲存平台,該雲端儲存平台係根據該關鍵字加密檔在該第一資料中搜尋出一第二資料,並將該第二資料傳輸至該資料接收端。故此段說明了授權的該資料接收端在接收資料前,須通過第二驗證程序以及第三驗證程序,在使用上達到安全且完整的保護。 When the third verification program is correct, the data transmission end opens the permission of the data receiving end to receive the first data through the cloud storage platform, and the data receiving end can encrypt a keyword into a second through a second encryption program. After the keyword encryption file is transmitted, the data receiving end transmits a keyword encryption file to the cloud storage platform, and the cloud storage platform searches for a second data in the first data according to the keyword encryption file, and the first data is The second data is transmitted to the data receiving end. Therefore, this paragraph indicates that the authorized data receiving end must pass the second verification procedure and the third verification procedure to obtain safe and complete protection in use before receiving the data.

其中,該雲端儲存平台與該資料接收端所使用的該第二驗證程序及該第三驗證程序,係運用下列演算法來進行。 The second verification program and the third verification program used by the cloud storage platform and the data receiving end are performed by using the following algorithm.

若上述第二驗證程序及第三驗證程序驗證為正確,且該資料接收端的使用者開始下載第二資料時,該第二資料的下載加密演算法如下所示。 If the second verification program and the third verification program are verified to be correct, and the user of the data receiving end starts to download the second data, the download encryption algorithm of the second data is as follows.

Cloud server Data receiver Cloud server Data receiver

Send specify encerypted dataSend specify encerypted data

請參閱第二圖至第六圖所示之實施例,本實施例係說明該資料傳輸端的使用者如何上傳加密後的該第一資料,首先第二圖係該資料傳輸端使用者使用本發明之系統的頁面,可選擇上傳資料至該雲端儲存平台/從該雲端儲存平台下載資料,只需要點選個別的按鈕[”連接至上傳加密檔案頁面”按鈕(1)或”連接至下載加密檔案頁面”按鈕(2)],即可進入個別的操作頁面。 Referring to the embodiments shown in FIG. 2 to FIG. 6 , this embodiment describes how the user of the data transmission end uploads the encrypted first data. First, the second figure is that the data transmission end user uses the present invention. The page of the system, you can choose to upload data to the cloud storage platform / download data from the cloud storage platform, just select the individual button ["Connect to upload encrypted file page" button (1) or "Connect to download encrypted file" Page "Button (2)], you can enter the individual operation page.

使用者點選”連接至上傳加密檔案頁面”按鈕(1)後,本發明之系統則連接進入第三圖所示之頁面,該資料傳輸端的使用者即可點選”選擇檔案”按鈕(11)選擇欲上傳的該第一資料。 After the user clicks the "Connect to upload encrypted file page" button (1), the system of the present invention is connected to the page shown in the third figure, and the user of the data transmission end can click the "Select File" button (11). ) Select the first data you want to upload.

第四圖係為該資料傳輸端的使用者選擇欲上傳的該第一資料,本實施例係以名稱為TR的檔案為上傳的該第一資料。其中,選擇完該第一資料後,該第一加密程序立即將TR檔案的該第一資料進行加密,此時加密後的該第一資料仍在該資料傳輸端使用者的電腦上,尚未透過網路傳輸到該雲端儲存平台(本實施例雖先將該第一資料再進行該第一認證程序,但僅為本發明所能涵蓋的實施例之一)。 The fourth figure is that the user of the data transmission end selects the first data to be uploaded. In this embodiment, the file named TR is the uploaded first data. After the first data is selected, the first encryption program immediately encrypts the first data of the TR file, and the encrypted first data is still on the user's computer of the data transmission end. The network is transmitted to the cloud storage platform (this embodiment first performs the first authentication procedure for the first data, but is only one of the embodiments that can be covered by the present invention).

第五圖係該資料傳輸端使用者選擇上傳加密後的該TR檔案,並相對的輸入該傳輸金鑰及該安全傳輸值的密碼後,按下”上傳檔案”按鈕(12) 後,本發明之系統則連接至如第六圖所示的頁面,顯示該資料傳輸端使用者上傳的該TR檔案已上傳完畢。 The fifth picture is that the data transmission end user selects to upload the encrypted TR file, and relatively inputs the transmission key and the password of the security transmission value, and then presses the "Upload File" button (12) Thereafter, the system of the present invention is connected to the page as shown in FIG. 6, and the TR file uploaded by the user of the data transmission end has been uploaded.

由上述說明得知,該資料傳輸端使用者只須選擇欲上傳的檔案及輸入該傳輸金鑰及該安全傳輸值的密碼後,即可上傳該資料至該雲端儲存平台,在使用上十分方便。 According to the above description, the data transmission end user only needs to select the file to be uploaded and input the transmission key and the password of the security transmission value, and then upload the data to the cloud storage platform, which is convenient in use. .

續請參考本發明之另一實施例,本實施例係說明該資料接收端的使用者如何下載加密後的該第一資料,如第七圖至第九圖所示,首先該資料接收端的使用者點選”連接至下載加密檔案頁面”按鈕(2A)之後,本發明之系統連接到至如第八圖所示之頁面,該資料接收端的使用者再輸入相對的該接收金鑰及該安全傳輸值的密碼後,點選“發送下載請求”按鈕(21A),本發明會執行該第二驗證程序及該第三驗證程序。 Continuing to refer to another embodiment of the present invention, this embodiment describes how the user of the data receiving end downloads the encrypted first data, as shown in the seventh to ninth figures, firstly, the user of the data receiving end After clicking the "Connect to Download Encrypted Archive Page" button (2A), the system of the present invention is connected to the page as shown in the eighth figure, and the user of the data receiving end inputs the corresponding receiving key and the secure transmission. After the password of the value, click the "send download request" button (21A), and the present invention executes the second verification program and the third verification program.

如第九圖所示,本圖係已通過該第二驗證程序及該第三驗證程序之驗證後,該資料接收端的使用者選擇從該雲端儲存平台內下載該TR檔案,再案存檔,將檔案儲存到該資料接收端的使用者欲儲存的位置。 As shown in the ninth figure, after the figure has been verified by the second verification process and the third verification process, the user of the data receiving end selects to download the TR file from the cloud storage platform, and then archives the file. The file is stored to the location where the user at the receiving end of the data wants to store.

綜合上述實施例之說明,當可充分瞭解本發明之操作、使用及本發明產生之功效。惟以上所述實施例僅係為本發明之較佳實施例,當不能以此限定本發明實施之範圍,即依本發明申請專利範圍及發明說明內容所作簡單的等效變化與修飾,皆屬本發明涵蓋之範圍內。 In view of the above description of the embodiments, the operation, use, and effects of the present invention can be fully understood. However, the above-mentioned embodiments are merely preferred embodiments of the present invention, and are not intended to limit the scope of the present invention, that is, simple equivalent changes and modifications according to the scope of the present invention and the description of the invention are It is within the scope of the invention.

Claims (7)

一種應用於雲端儲存服務之關鍵字搜尋方法,係包含下列步驟:A.一資料傳輸端上傳一傳輸金鑰至一雲端儲存平台進行一第一驗證程序,該第一驗證程序為正確時,該資料傳輸端上傳透過一第一加密程序加密的至少一第一資料至該雲端儲存平台儲存;若該第一驗證程序為不正確時,該雲端儲存平台將該資料傳輸端視為非合法授權的使用端,該雲端儲存平台關閉該使用端之權限,避免該雲端儲存平台遭受非合法授權的該使用端下載該傳輸金鑰及該第一資料;B.一資料接收端上傳一接收金鑰至該雲端儲存平台進行一第二驗證程序;C.該第二驗證程序為正確時,該資料接收端上傳一安全接收值經由該雲端儲存平台傳輸至該資料傳輸端,進行該資料傳輸端的一安全傳輸值與該安全接收值之一第三驗證程序;若該第二驗證程序為不正確時,該雲端儲存平台將該資料接收端視為非合法授權的使用端,該雲端儲存平台關閉該使用端之權限,避免該雲端儲存平台遭受非合法授權的該使用端下載該安全接收值;D.該第三驗證程序為正確時,該資料傳輸端係透過該雲端儲存平台開啟該資料接收端接收該第一資料之權限;若該第三驗證程序為不正確時,該雲端儲存平台關閉該使用端接收該第一資料之權限;E.該資料接收端係傳輸一關鍵字至該雲端儲存平台,該雲端儲存平台係根據該關鍵字在該第一資料中搜尋出一第二資料,並將該第二資料傳輸至該資料接收端;F.若上述第一驗證程序、第二驗證程序或第三驗證程序其中一個以上的驗證程序為不正確時,該雲端儲存平台關閉該使用端的權限,且該使用端無法得知該第一資料與該第二資料是否為同一份資料,僅能獲取零碎的資訊。 A keyword search method applied to a cloud storage service includes the following steps: A. A data transmission terminal uploads a transmission key to a cloud storage platform for performing a first verification procedure, and when the first verification program is correct, the The data transmission end uploads at least one first data encrypted by a first encryption program to the cloud storage platform for storage; if the first verification program is incorrect, the cloud storage platform regards the data transmission end as non-legally authorized The usage end, the cloud storage platform closes the permission of the user end, and prevents the cloud storage platform from being subjected to the non-legally authorized user to download the transmission key and the first data; B. a data receiving end uploads a receiving key to The cloud storage platform performs a second verification process; C. when the second verification program is correct, the data receiving end uploads a secure receiving value to the data transmission end via the cloud storage platform, and performs a security of the data transmission end. a third verification program of the transmission value and the security reception value; if the second verification program is incorrect, the cloud storage platform will The receiving end is regarded as a non-legally authorized user, and the cloud storage platform closes the right of the user to prevent the cloud storage platform from being illegally authorized by the user to download the secure receiving value; D. the third verification program is When the data transmission end is correct, the data transmission end enables the data receiving end to receive the first data permission; if the third verification program is incorrect, the cloud storage platform closes the usage end to receive the first data. E. The data receiving end transmits a keyword to the cloud storage platform, and the cloud storage platform searches for a second data in the first data according to the keyword, and transmits the second data to The data receiving end; F. if one or more of the first verification program, the second verification program, or the third verification program is incorrect, the cloud storage platform closes the permission of the user terminal, and the user terminal cannot obtain the Knowing whether the first data and the second data are the same information, only the piecemeal information can be obtained. 如申請專利範圍第1項所述之應用於雲端儲存服務之關鍵字搜尋方法,該安全傳輸值及安全接收值係為彼此對應之一數值,該數值每經一亂數演算法加密後,均改變該數值之內容。 For example, in the keyword search method applied to the cloud storage service according to claim 1, the secure transmission value and the secure reception value are one value corresponding to each other, and the value is encrypted after each random number algorithm. Change the content of this value. 如申請專利範圍第1項所述之應用於雲端儲存服務之關鍵字搜尋方法,前述步驟A中,該第一驗證程序為不正確時,該雲端儲存平台係拒絕該資料傳輸端之資料傳輸。 The keyword search method applied to the cloud storage service according to the first aspect of the patent application, in the foregoing step A, when the first verification program is incorrect, the cloud storage platform rejects the data transmission of the data transmission end. 如申請專利範圍第1項所述之應用於雲端儲存服務之關鍵字搜尋方法,前述步驟B中,該第二驗證程序為不正確時,該雲端儲存平台係拒絕該資料接收端的資料接收。 The keyword search method applied to the cloud storage service according to the first aspect of the patent application, in the foregoing step B, when the second verification program is incorrect, the cloud storage platform rejects the data receiving of the data receiving end. 如申請專利範圍第1項所述之應用於雲端儲存服務之關鍵字搜尋方法,其中,該雲端儲存平台具有一雲端金鑰,用以進行該第一驗證程序及該第二驗證程序之依據。 The keyword search method for the cloud storage service, as described in claim 1, wherein the cloud storage platform has a cloud key for performing the first verification procedure and the second verification procedure. 如申請專利範圍第1項所述之應用於雲端儲存服務之關鍵字搜尋方法,該關鍵字係可透過一第二加密程序加密成一關鍵字加密檔,該雲端儲存平台係根據該關鍵字加密檔之內容執行步驟E。 The keyword search method applied to the cloud storage service according to claim 1, wherein the keyword is encrypted into a keyword encrypted file by a second encryption program, and the cloud storage platform encrypts the file according to the keyword. The content is performed in step E. 如申請專利範圍第1項所述之應用於雲端儲存服務之關鍵字搜尋方法,進一步包含步驟F.該第三驗證程序為不正確時,該資料傳輸端係透過該雲端儲存平台拒絕該資料接收端接收該第一資料之權限。 The keyword search method applied to the cloud storage service according to claim 1 further includes the step F. when the third verification program is incorrect, the data transmission end rejects the data receiving through the cloud storage platform. The terminal receives the permission of the first data.
TW104136433A 2015-11-05 2015-11-05 Keyword searching method applied to cloud storage service TWI585608B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW104136433A TWI585608B (en) 2015-11-05 2015-11-05 Keyword searching method applied to cloud storage service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW104136433A TWI585608B (en) 2015-11-05 2015-11-05 Keyword searching method applied to cloud storage service

Publications (2)

Publication Number Publication Date
TW201717091A TW201717091A (en) 2017-05-16
TWI585608B true TWI585608B (en) 2017-06-01

Family

ID=59366887

Family Applications (1)

Application Number Title Priority Date Filing Date
TW104136433A TWI585608B (en) 2015-11-05 2015-11-05 Keyword searching method applied to cloud storage service

Country Status (1)

Country Link
TW (1) TWI585608B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100211781A1 (en) * 2009-02-16 2010-08-19 Microsoft Corporation Trusted cloud computing and services framework
US20100318782A1 (en) * 2009-06-12 2010-12-16 Microsoft Corporation Secure and private backup storage and processing for trusted computing and data services
US20100332479A1 (en) * 2009-06-30 2010-12-30 Anand Prahlad Performing data storage operations in a cloud storage environment, including searching, encryption and indexing
TW201132097A (en) * 2009-12-15 2011-09-16 Microsoft Corp Trustworthy extensible markup language for trustworthy computing and data services

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100211781A1 (en) * 2009-02-16 2010-08-19 Microsoft Corporation Trusted cloud computing and services framework
US20100318782A1 (en) * 2009-06-12 2010-12-16 Microsoft Corporation Secure and private backup storage and processing for trusted computing and data services
US20100332479A1 (en) * 2009-06-30 2010-12-30 Anand Prahlad Performing data storage operations in a cloud storage environment, including searching, encryption and indexing
TW201132097A (en) * 2009-12-15 2011-09-16 Microsoft Corp Trustworthy extensible markup language for trustworthy computing and data services

Also Published As

Publication number Publication date
TW201717091A (en) 2017-05-16

Similar Documents

Publication Publication Date Title
JP6941146B2 (en) Data security service
CN109474606B (en) File transmission method and device, computer equipment and storage medium
US8640261B2 (en) Method and client agent for monitoring the use of protected content
CN103828293B (en) System and method for user authentication
US9430211B2 (en) System and method for sharing information in a private ecosystem
JP6678457B2 (en) Data security services
CN109409045B (en) Safety protection method and device for automatic login account of browser
US20040177248A1 (en) Network connection system
CN110651261A (en) Secure memory device with unique identifier for authentication
CN105827574B (en) A kind of file access system, method and device
US10630722B2 (en) System and method for sharing information in a private ecosystem
CN110889131B (en) File sharing system
CN110311895B (en) Session permission verification method and system based on identity authentication and electronic equipment
KR102137122B1 (en) Security check method, device, terminal and server
US20180137300A1 (en) Method and apparatus for document preview and delivery with password protection
US20150047053A1 (en) Server, terminal, and transfer method for digital content under copyright protection
US20230342756A1 (en) Method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission
CN104573493B (en) A kind of method for protecting software and system
CN106411884A (en) Method and device for data storage and encryption
CN110324283B (en) Licensing method, device and system based on asymmetric encryption
US9025770B1 (en) Dynamic encryption arrangement with a wireless device and methods therefor
US9882879B1 (en) Using steganography to protect cryptographic information on a mobile device
KR20130085537A (en) System and method for accessing to encoded files
TWI585608B (en) Keyword searching method applied to cloud storage service
CN106453335B (en) Data transmission method and device

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees