TWM465608U - Portable cloud file security and encryption system - Google Patents
Portable cloud file security and encryption system Download PDFInfo
- Publication number
- TWM465608U TWM465608U TW102210383U TW102210383U TWM465608U TW M465608 U TWM465608 U TW M465608U TW 102210383 U TW102210383 U TW 102210383U TW 102210383 U TW102210383 U TW 102210383U TW M465608 U TWM465608 U TW M465608U
- Authority
- TW
- Taiwan
- Prior art keywords
- file
- key
- cloud
- hash
- data storage
- Prior art date
Links
- 238000013500 data storage Methods 0.000 claims description 26
- 238000006243 chemical reaction Methods 0.000 claims description 19
- 238000010586 diagram Methods 0.000 description 6
- 238000000034 method Methods 0.000 description 5
- 150000003839 salts Chemical class 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000009938 salting Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Description
本創作係有關於在雲端主機上針對上傳檔案時將檔案加以加密,且該檔案可被備份至其他儲存裝置(如:資料儲存裝置、磁帶...等資料儲存裝置上),而使用者在下載回自己的檔案時系統會自動解密This creation is about encrypting a file on a cloud host for uploading a file, and the file can be backed up to other storage devices (such as data storage devices, tapes, etc.), and the user is The system will automatically decrypt when downloading back to your own file.
隨著電腦科技愈趨進步,幾乎所有的資料皆依賴電腦系統的操作、以及將資料儲放在資料儲存裝置中。因此,如何確保儲存在資料儲存裝置中的資料的安全性,乃成為重要的課題。As computer technology progresses, almost all data relies on the operation of computer systems and the storage of data in data storage devices. Therefore, how to ensure the security of data stored in the data storage device has become an important issue.
傳統資料儲存裝置加密只用一把金鑰作加解密,當此把金鑰被取得時,所有該金鑰的檔案或資料儲存裝置都可以被解密,而且該資料儲存裝置系統若產生毀損,即使之前的該資料儲存裝置中的檔案已經備份至其他資料儲存裝置,會因為資料儲存裝置毀損以致無法找回金鑰,所以檔案內容也無法被解密,讓使用者即使有權限讀取也無法再閱讀該檔案。The traditional data storage device encryption uses only one key for encryption and decryption. When the key is obtained, all the files or data storage devices of the key can be decrypted, and if the data storage device system is damaged, even if The files in the previous data storage device have been backed up to other data storage devices. The data storage device is damaged and the key cannot be retrieved. Therefore, the file contents cannot be decrypted, so that the user can not read even if they have permission to read. The file.
緣此,鑑於傳統技術之缺失,本創作之主要目的即是提供一種雲端檔案安全加密裝置,用以將一使用者端電子裝置欲上傳至雲端系統的至少一標的檔案予以轉換加密後上傳至該雲端系統的資料儲存裝置。Therefore, in view of the lack of the conventional technology, the main purpose of the present invention is to provide a cloud file security encryption device for converting at least one target file of a user-side electronic device to the cloud system, converting and encrypting the file. Data storage device for the cloud system.
本創作所採用之技術手段係以一鍵值對應位址轉換模組接收一欲傳送至雲端系統的標的檔案,並將該標的檔案之原始檔名以一預設的轉換函數轉換產生一對應的目標位址碼;一種子數列產生模組,連接於該鍵值對應位址轉換模組,該種子數列產生模組接收該鍵 值對應位址轉換模組所產生的該目標位址碼,再以一預設的雜湊函數產生一種子數列;一散列產生模組,接收該種子數列產生模組產生之該種子數列,再將該種子數列轉換為一英數字散列,並以該英數字散列作為該檔案唯一的金鑰;一金鑰加密模組,以該散列產生模組所產生之該金鑰對該標的檔案之內容執行金鑰加密,再將該經過金鑰加密的該標的檔案同時儲存在兩個資料儲存裝置中。The technical means adopted by the present invention is to receive a target file to be transmitted to the cloud system by using a key-value corresponding address conversion module, and convert the original file name of the target file into a corresponding conversion function to generate a corresponding file. a target address code; a sub-column generation module connected to the key-value corresponding address conversion module, the seed sequence generation module receiving the key The value corresponds to the target address code generated by the address conversion module, and then generates a sub-column by a preset hash function; a hash generation module receives the seed sequence generated by the seed sequence generation module, and then Converting the seed sequence into an alphanumeric hash, and using the alphanumeric hash as the unique key of the file; a key encryption module, the key generated by the hash generation module is the target The content of the file is encrypted by the key, and the subject file encrypted by the key is stored in two data storage devices at the same time.
經由本創作所採用之技術手段,在檔案上傳雲端儲存空間時,將檔案內容加密並存放在兩個不同資料儲存裝置上,以確保檔案不會遺失以及被盜取時該檔案內容不會被解讀;而在使用者下載該檔案時自動解密;而加解密的金鑰為即時算出且每個檔案擁有自己的金鑰,避免一把金鑰流出即可破解所有檔案內容的問題。Through the technical means adopted by this creation, when the file is uploaded to the cloud storage space, the file content is encrypted and stored on two different data storage devices to ensure that the file will not be lost and the file content will not be interpreted when stolen. And when the user downloads the file, it is automatically decrypted; and the encryption and decryption key is calculated in real time and each file has its own key, avoiding the problem that all the file contents can be cracked by one key.
再者,透過此一機制,該檔案可被備份至其他資料儲存裝置,而在使用者需要閱讀該檔案時,將檔名透過解密模組依照目標位址碼(Object ID)重新計算出金鑰並將檔案內容解密並透過資料庫取得原始檔名儲存後回傳給使用者。Moreover, through this mechanism, the file can be backed up to other data storage devices, and when the user needs to read the file, the file name is recalculated according to the target address code (Object ID) through the decryption module. The file content is decrypted and the original file name is stored in the database and then returned to the user.
再者,金鑰並不存於任何儲存裝置或資料庫內,每次都需要目標位址碼重新計算後取得。目標位址碼產生後便不會再更改,該目標位址碼在整個系統內亦是唯一且不重複使用的值。若目標位址碼被取得,但因沒有在加密時所預設的雜湊法模組及加鹽(Salt)值,非授權者便無法被計算出金鑰數值。如此可以確保檔案的高度安全性。Furthermore, the key is not stored in any storage device or database, and is required to be recalculated each time the target address code is recalculated. Once the target address code is generated, it will not be changed. The target address code is also unique and not reused throughout the system. If the target address code is obtained, but because there is no hash module and salt value preset at the time of encryption, the unauthorized person cannot calculate the key value. This ensures a high level of security for the file.
本創作所採用的具體技術,將藉由以下之實施例及附呈圖式作進一步之說明。The specific techniques used in this creation will be further illustrated by the following examples and accompanying drawings.
1‧‧‧使用者端電子裝置1‧‧‧User-side electronic device
2‧‧‧網路連接介面2‧‧‧Network connection interface
2a‧‧‧無線式網路連接介面2a‧‧‧Wireless internet connection interface
2b‧‧‧無線收發裝置2b‧‧‧Wireless transceiver
3‧‧‧互聯網3‧‧‧Internet
4‧‧‧雲端系統4‧‧‧Cloud System
41‧‧‧雲端伺服器41‧‧‧Cloud Server
42、43‧‧‧資料儲存裝置42, 43‧‧‧ data storage device
5‧‧‧雲端檔案安全加密裝置5‧‧‧Cloud file security encryption device
51‧‧‧鍵值對應位址轉換模組51‧‧‧Key-value corresponding address conversion module
52‧‧‧種子數列產生模組52‧‧‧ Seed Sequence Generation Module
53‧‧‧散列產生模組53‧‧‧Hash generation module
54‧‧‧金鑰加密模組54‧‧‧Key encryption module
D1‧‧‧目標位址碼D1‧‧‧target address code
D2‧‧‧種子數列D2‧‧‧ seed series
D3‧‧‧英數字散列D3‧‧‧English digital hash
F‧‧‧標的檔案F‧‧‧Target file
F1‧‧‧檔案之原始檔名Original file name of F1‧‧‧ file
F2‧‧‧標的檔案之內容Content of the F2‧‧‧ target file
FK‧‧‧金鑰加密後的檔案FK‧‧‧ key encrypted file
f(x)1‧‧‧第一轉換函數f(x)1‧‧‧ first transfer function
f(x)2‧‧‧第二轉換函數f(x)2‧‧‧second transfer function
K1‧‧‧金鑰K1‧‧‧ key
N1‧‧‧互聯網節點N1‧‧‧ Internet node
第1圖係顯示本創作第一實施例之系統架構示意圖。Figure 1 is a schematic diagram showing the system architecture of the first embodiment of the present creation.
第2圖顯示第1圖中雲端檔案安全加密裝置之示意圖。Figure 2 shows a schematic diagram of the cloud file security encryption device in Figure 1.
第3圖係顯示本創作第二實施例之系統架構示意圖。Figure 3 is a schematic diagram showing the system architecture of the second embodiment of the present creation.
請參閱第1圖,其顯示本創作第一實施例之系統示意圖。一使用者端電子裝置1經由一網路連接介面2及一互聯網節點N1連接至一互聯網3,再由該互聯網3連接至雲端系統4。在雲端系統4中包括有一雲端伺服器41以及建置在該雲端伺服器41的資料儲存裝置42、43。Please refer to FIG. 1, which shows a schematic diagram of the system of the first embodiment of the present creation. A user-side electronic device 1 is connected to an Internet 3 via a network connection interface 2 and an Internet node N1, and is connected to the cloud system 4 by the Internet 3. The cloud system 4 includes a cloud server 41 and data storage devices 42, 43 built on the cloud server 41.
本創作在雲端系統4中建置一雲端檔案安全加密裝置5。藉由該雲端檔案安全加密裝置5可以將使用者端電子裝置1欲上傳至雲端系統4的至少一標的檔案F予以轉換加密後產生金鑰加密後的檔案FK,儲存在該雲端系統4的資料儲存裝置42、43中。This creation creates a cloud file security encryption device 5 in the cloud system 4. The cloud file security encryption device 5 can upload the at least one target file F of the user terminal electronic device 1 to the cloud system 4 to be converted and encrypted to generate the key encrypted file FK, and the data stored in the cloud system 4 is stored. In the storage devices 42, 43.
請參閱第2圖,其顯示第1圖中雲端檔案安全加密裝置5之示意圖。本創作的雲端檔案安全加密裝置5包括有一鍵值對應位址轉換模組51,接收該標的檔案F,並將該標的檔案F之原始檔名F1以一預設的第一轉換函數f(x)1轉換產生一對應的目標位址碼D1(Object ID)。前述之第一轉換函數f(x)1係可使用例如雜湊函數(Hash)技術將標的檔案F之原始檔名F1轉換產生一對應的目標位址碼D1。Please refer to FIG. 2, which shows a schematic diagram of the cloud file security encryption device 5 in FIG. The cloud file security encryption device 5 of the present invention includes a key value corresponding address conversion module 51, receives the target file F, and uses the original file name F1 of the target file F as a preset first conversion function f(x). The 1 conversion produces a corresponding target address code D1 (Object ID). The first conversion function f(x)1 described above can convert the original file name F1 of the target file F to generate a corresponding target address code D1 using, for example, a hash function (Hash) technique.
一種子數列產生模組52,連接於該鍵值對應位址轉換模組51,該種子數列產生模組52接收該鍵值對應位址轉換模組51所產生的該目標位址碼D1,再以一預設的第二轉換函數f(x)2產生一種子數列D2。前述之第二轉換函數f(x)2亦可使用雜湊函數技術產生該種子數列D2。A sub-column generation module 52 is connected to the key-value corresponding address conversion module 51. The seed sequence generation module 52 receives the target address code D1 generated by the key-value corresponding address conversion module 51, and then A sub-column D2 is generated with a predetermined second conversion function f(x)2. The aforementioned second transfer function f(x)2 can also generate the seed sequence D2 using a hash function technique.
一散列產生模組53,接收該種子數列產生模組52產生之該種子數列D2,再將該種子數列D2透過先前技術中的加鹽(salt)的過程 轉換為一英數字散列D3,並以該英數字散列D3作為該檔案F唯一的金鑰K1;一金鑰加密模組54,以該散列產生模組53所產生之該金鑰K1對該標的檔案F之內容F2執行金鑰加密。經過金鑰加密後的檔案FK會被同時儲存在第一資料儲存裝置42及第二資料儲存裝置43中。A hash generation module 53 receives the seed sequence D2 generated by the seed sequence generation module 52, and then passes the seed sequence D2 through the salting process in the prior art. Converting to an alphanumeric hash D3, and using the alphanumeric hash D3 as the unique key K1 of the file F; a key encryption module 54 to generate the key K1 generated by the hash module 53 Key encryption is performed on the content F2 of the target file F. The file FK encrypted by the key is stored in the first data storage device 42 and the second data storage device 43 at the same time.
綜上所述可知,本創作係將每個上傳至雲端的檔案透過雜湊法將原始檔名轉變成目標位址碼,再透過加密模組把目標位址碼透過雜湊函數(Hash)產生種子數列後透過加鹽(salt)的過程產生不容易被破解或被輕易還原成原始金鑰的英數字散列,該散列即為該檔案唯一的金鑰,同時利用該金鑰將檔案內容加密後,同時寫兩份檔案至不同的資料儲存裝置上儲存。In summary, the author finds that each file uploaded to the cloud converts the original file name into the target address code by hashing, and then uses the encryption module to generate the seed sequence through the hash function (Hash). After the salt process, the English digital hash that is not easily cracked or easily restored to the original key is generated. The hash is the unique key of the file, and the file content is encrypted by using the key. At the same time, write two files to different data storage devices for storage.
透過此一機制,該檔案可被備份至其他資料儲存裝置,而在使用者需要閱讀該檔案時,將檔名透過解密模組依照目標位址碼重新計算出金鑰並將檔案內容解密並透過資料庫取得原始檔名儲存後回傳給使用者。Through this mechanism, the file can be backed up to other data storage devices. When the user needs to read the file, the file name is recalculated by the decryption module according to the target address code and the file content is decrypted and transmitted. The database obtains the original file name and stores it back to the user.
再者,金鑰並不存於任何儲存裝置或資料庫內,每次都需要目標位址碼重新計算後取得。目標位址碼產生後便不會再更改,該目標位址碼在整個系統內亦是唯一且不重複使用的值。若目標位址碼被取得,但因沒有在加密時所預設的雜湊法模組及加鹽(Salt)值,非授權者便無法被計算出金鑰數值。如此可以確保檔案的高度安全性。Furthermore, the key is not stored in any storage device or database, and is required to be recalculated each time the target address code is recalculated. Once the target address code is generated, it will not be changed. The target address code is also unique and not reused throughout the system. If the target address code is obtained, but because there is no hash module and salt value preset at the time of encryption, the unauthorized person cannot calculate the key value. This ensures a high level of security for the file.
請參閱第3圖,其顯示本創作第二實施例雲端檔案安全加密裝置之系統架構示意圖。如圖所示,本實施例與第一實施例相比較,其大抵架構皆相似,所不同者在於網路連接介面改為無線式介面。亦即,使用者端電子裝置1經由一無線式網路連接介面2a及無線收發裝置2b作為資料傳輸及網路鏈結的介面,經互聯網節點N1後連接至互聯網3,再由該互聯網3連接至雲端系統4。在雲端系統4中包括有一 雲端伺服器41以及建置在該雲端伺服器41的資料儲存裝置42、43。在檔案安全加密的操作則與前一實施例相同。Please refer to FIG. 3, which shows a system architecture diagram of the cloud file security encryption device in the second embodiment of the present invention. As shown in the figure, compared with the first embodiment, the embodiment has similar architectures, and the difference is that the network connection interface is changed to a wireless interface. That is, the user-side electronic device 1 is connected to the Internet 3 via the Internet node N1 via a wireless network connection interface 2a and the wireless transceiver 2b as an interface for data transmission and network link, and then connected by the Internet 3. To the cloud system 4. Included in the cloud system 4 The cloud server 41 and the data storage devices 42, 43 built in the cloud server 41. The operation of file security encryption is the same as in the previous embodiment.
以上所舉實施例僅係用以說明本創作,並非用以限制本創作之範圍,凡其他未脫離本創作所揭示之精神下而完成的等效修飾或置換,均應包含於後述申請專利範圍內。The above-mentioned embodiments are only intended to illustrate the present invention and are not intended to limit the scope of the present invention. All other equivalent modifications or substitutions that have been made without departing from the spirit of the present invention should be included in the scope of the following claims. Inside.
1‧‧‧使用者端電子裝置1‧‧‧User-side electronic device
2‧‧‧網路連接介面2‧‧‧Network connection interface
3‧‧‧互聯網3‧‧‧Internet
4‧‧‧雲端系統4‧‧‧Cloud System
41‧‧‧雲端伺服器41‧‧‧Cloud Server
42、43‧‧‧資料儲存裝置42, 43‧‧‧ data storage device
5‧‧‧雲端檔案安全加密裝置5‧‧‧Cloud file security encryption device
F‧‧‧標的檔案F‧‧‧Target file
FK‧‧‧金鑰加密後的檔案FK‧‧‧ key encrypted file
N1‧‧‧互聯網節點N1‧‧‧ Internet node
Claims (6)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW102210383U TWM465608U (en) | 2013-06-03 | 2013-06-03 | Portable cloud file security and encryption system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW102210383U TWM465608U (en) | 2013-06-03 | 2013-06-03 | Portable cloud file security and encryption system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| TWM465608U true TWM465608U (en) | 2013-11-11 |
Family
ID=49992468
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW102210383U TWM465608U (en) | 2013-06-03 | 2013-06-03 | Portable cloud file security and encryption system |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWM465608U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI561046B (en) * | 2015-05-22 | 2016-12-01 | Mstar Semiconductor Inc | Key protecting device and key protecting method |
-
2013
- 2013-06-03 TW TW102210383U patent/TWM465608U/en not_active IP Right Cessation
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI561046B (en) * | 2015-05-22 | 2016-12-01 | Mstar Semiconductor Inc | Key protecting device and key protecting method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102821784B1 (en) | Self-encryption drive (sed) | |
| JP6306077B2 (en) | Community-based deduplication of encrypted data | |
| US10594495B2 (en) | Verifying authenticity of computer readable information using the blockchain | |
| US9137222B2 (en) | Crypto proxy for cloud storage services | |
| US9773118B1 (en) | Data deduplication with encryption | |
| CN105245328B (en) | It is a kind of that management method is generated based on the key of third-party user and file | |
| US10044703B2 (en) | User device performing password based authentication and password registration and authentication methods thereof | |
| US11228444B2 (en) | Tracking provenance of digital data | |
| US9602280B2 (en) | System and method for content encryption in a key/value store | |
| US9703973B2 (en) | Customer load of field programmable gate arrays | |
| CN109522328B (en) | Data processing method and device, medium and terminal thereof | |
| US9246890B2 (en) | PGP encrypted data transfer | |
| CN116340897A (en) | A blockchain-based digital asset processing method and device | |
| US9356782B2 (en) | Block encryption | |
| WO2023216987A1 (en) | Container image construction method and apparatus | |
| US10244391B2 (en) | Secure computer file storage system and method | |
| Vashistha et al. | Document management system using blockchain and inter planetary file system | |
| TWM465608U (en) | Portable cloud file security and encryption system | |
| US9734154B2 (en) | Method and apparatus for storing a data file | |
| CN105159919A (en) | Data multi-copy correlation method and system | |
| CN111949606B (en) | File shredding encryption engine and technology thereof | |
| JP2009207061A (en) | Removable device, log collection method, program and recording medium | |
| CN103136456A (en) | Data encrypted storage system and method | |
| KR101492328B1 (en) | Method and system for providing incentive service | |
| TWI509459B (en) | Cloud electronic notary service method and system thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MK4K | Expiration of patent term of a granted utility model |