The content of the invention
For this reason, it may be necessary to provide a kind of remote data storage system, solve available data and store unsafe problem.
For achieving the above object, a kind of remote data storage system is inventor provided, mobile phone, server, electricity is includedBrain and removable storage device, mobile phone includes mobile phone radio frequency module, fingerprint module and the first near-field communication module, and movable type is depositedStorage equipment includes USB interface and the second near-field communication module, and computer includes fingerprint equipment cryptographic initialization module, calibration modeBlock, user name crypto module and data memory module, wherein:
Computer is used to detect whether removable storage device inserts the USB interface of computer, detects and judge after insertion movementWhether formula storage device is stored with finger print data;If not storing finger print data, fingerprint equipment cryptographic initialization mould is enabledBlock, fingerprint equipment cryptographic initialization module is used to initialize fingerprint and device password and enable correction verification module after initialization;Such asReally be stored with finger print data, then directly enable correction verification module;
Correction verification module is used to obtain user input device code data and is dealt into removable storage device, and mobile phone is used to pass throughFingerprint module obtains finger print data and is dealt into removable storage device by the first near-field communication module, and removable storage device is usedIn getting after finger print data and device password data, and it is compared with the data in removable storage device, if all led toCross then enable user name crypto module, otherwise user name crypto module;
User name crypto module is used to judge whether removable storage device has username and password information;Movable type is depositedStorage equipment does not have username and password information, carries out username and password initialization, treats that user name and cryptographic initialization are completedAfterwards, data memory module is enabled;Removable storage device has username and password information, enables data memory module;
Data memory module is used to send file reading instruction;Removable storage device is used to receive file reading instructionAfterwards, username and password is encrypted, the user name and close after near-field communication module file to be read instruction and encryptedCode is sent to mobile phone;Mobile phone be used for by mobile phone radio frequency module send encryption after user name, password and file reading instruction toServer;After server is used to be verified, the fileinfo to reading is encrypted, and the fileinfo returned after encryption is arrivedMobile phone;Mobile phone is used to send the information after encryption to removable storage device, removable storage device by near-field communication moduleFor being decrypted to fileinfo and it is sent to computer, computer is used to show the fileinfo for reading;
Data memory module is additionally operable to detect after files passe operation, sends the fileinfo for uploading to portable storageEquipment;Removable storage device is used to obtain time of computer, and the time and fileinfo to computer is encrypted, and toName in an account book and password are encrypted, and the username and password after encryption, fileinfo are sent to into mobile phone by near-field communication module;Mobile phone is used to send the user name after encryption, password and fileinfo to server by mobile phone radio frequency module;Server is used forRecord user name, password and fileinfo start the time for receiving, and server is used to decrypt and verify that username and password passes throughAfterwards, decryption obtains time and the fileinfo of computer, and one is less than with the time difference for starting to receive of record when the time of computerDuring individual preset value, under storage file information to the corresponding file of user name, storage file information is otherwise abandoned.
Further, fingerprint equipment cryptographic initialization module is used to send acquisition fingerprint prompting, waits fingerprint module to obtainTo finger print data, get and send after finger print data acquisition device password prompting, the keyboard for waiting computer gets device passwordAfter data, storage finger print data and device password data enable correction verification module in removable storage device.
Further, user name crypto module carry out username and password it is initialized when, user name crypto module useUser input username and password, computer is pointed out to get after user name password, by near-field communication module in pop-up dialogue boxUser name, password and finger print data are sent to into mobile phone, mobile phone is used to send user name, close by the mobile phone radio frequency module of mobile phone, to server, whether server is used to detect user name, password and finger print data by checking, and will verify for code and finger print dataAs a result mobile phone is dealt into, mobile phone is used to be forwarded to computer by near-field communication module, and it is right after the result is received that computer is used forAs a result judged, judged result enables data by then in user name password storage to removable storage deviceMemory module, judged result by then pointing out user the username and password mistake of its input, does not enable data memory module.
Prior art is different from, above-mentioned technical proposal 1. is associated by fingerprint with username and password, and user is not required toTo input user name password again, it is to avoid the problem that user name password is revealed.2. by server by username and passwordAssociate with fileinfo, and do not associate finger print data, it is to avoid the file that the finger print data that finger print data is caused repeats and occursThe problem of information leakage.3. what communication of the computer with server was walked is the passage of mobile phone radio frequency, reduce network it is monitored canCan, it is to avoid leaking data.4. pair fileinfo adopts each user name cryptographic check, while fileinfo and user name passwordIn the case of being all encryption.5. the cipher mode of the time of computer is used so that the file after encryption has more confusion, it is to avoidPacket problem decrypted after being trapped, also avoids packet from being submitted to server by disabled user's repetition and causes server to depositThe situation stored up a large amount of same files and affect user normally to use.6th, portable storage is also reduced using the fingerprint module of mobile phoneThe cost of equipment.
Specific embodiment
To describe the technology contents of technical scheme, structural features in detail, purpose and effect being realized, below in conjunction with concrete realityApply example and coordinate accompanying drawing to be explained in detail.
Fig. 1 to Fig. 2 is referred to, the present embodiment provides a kind of remote data storage system, including mobile phone 205, server207th, computer 201 and removable storage device 203, specifically, system architecture diagram can be such as the system 200 of Fig. 2.Mobile phone is includedMobile phone radio frequency module, fingerprint module and the first near-field communication module, mobile phone can be connected by mobile phone radio frequency module with base stationConnect, be connected such that it is able to surf the Net and with server.Movable type storage includes the second near-field communication module, specifically, portableStorage device also includes processing module and memory module, processing module respectively with processing module respectively with memory module, second nearField communication module and USB interface connection, removable storage device is connected by USB interface with computer, and processing module can be to realityNow the hardware of memory module data is encrypted, it is to avoid directly read the data of memory module.Removable storage device only hasTwo near-field communication modules, memory module and processing module, cost can be very low, and head can be made thin little, without the need for power supply, its electricitySource has USB interface to power, and can carry with, easy to carry.The system is said below by the handling process of the systemIt is bright.
This flow process comprises the steps:Whether step S101 computer detection removable storage device inserts USB interface, S102Detect and judge after insertion whether removable storage device is stored with finger print data;Here judgement can be that computer sends an inquiryInstruction is asked to removable storage device, removable storage device reads memory module, judges whether the finger print data that is stored with, thenBy result feedback to the computer, it is to avoid computer directly reads the finger print data and causes the problem that data may reveal.
If not storing finger print data, into S103 fingerprints and device password initialization step, step to be initiated is completeInto laggard checking procedure S104;If being stored with finger print data, checking procedure S104 is directly entered.Fingerprint and device password are allIt is used to the essential condition of removable storage device.Fingerprint and device password initialization step are exactly by fingerprint and device passwordIn being placed into the memory module of removable storage device.
When there is fingerprint memory module the inside, need to use removable storage device, then to be verified.Verification stepSuddenly comprise the steps:S104 computers obtain user input device code data and are dealt into removable storage device, and mobile phone passes throughFingerprint module obtains finger print data and is dealt into removable storage device by the first near-field communication module, and removable storage device is obtainedAfter getting finger print data and device password data, and it is compared with the data in removable storage device, i.e. step S105, such asFruit is all by then continuing below step.Otherwise terminate into step S106 this method.Here checking is carried out to receive simultaneously afterChecking, rather than verified one by one, it thus is avoided that disabled user is cracked one by one.As long as simultaneously checking has oneMistake is exactly not all right, and disabled user does not know that error, increased and cracks difficulty, simultaneously because proof procedure is being movedCarry out inside formula storage device, this equipment does not have autgmentability, and for computer, this equipment is difficult to invade and breaksSolution.
It is verified, represents user and there is the right for using the removable storage device, then into step S107,Step S107 computer judges whether removable storage device has username and password information;Here computer why is needed to sentenceIt is disconnected, be because computer could be interacted with people, but computer only obtains a result, the process of judgement also needs to movingIn dynamic formula storage device.
Removable storage device does not have username and password information, walks into the initialization of step S108 username and passwordSuddenly, after the completion for the treatment of user name and cryptographic initialization step, into data storing steps S109 and S110;Removable storage device is depositedThere are user name and encrypted message, be directly put into data storing steps S109 and step S110.Username and password is logged onThe key of server, because user name password can be unique, but finger print data is according to the difference of sampled point, it is likely that noIt is unique.If sampled point is little, then it is identical that the finger print data of different fingerprints is possible to appearance.If using fingerprint numberAccording to directly logging in, then when user radix is very big, it is likely that have one or two finger print data be it is the same, soData obfuscation can be caused.This is absolutely not allowed in data security arts.After user name cryptographic initialization, movable type storageJust be stored with username and password in equipment.But during use below, avoid the need for inputing again user name andPassword, it is to avoid the leakage of username and password.
Data storing steps comprise the steps:Including the step of reading service device file and uploading files to serverStep.Before upload should first reading service device file file directory, so under the catalogue specified, i.e., file can be storedThe fileinfo of the application can be file directory information, it is also possible to be directly file, be so equal to and download from a server textPart.Wherein, the step of reading service device file includes:Computer sends file and reads instruction, and removable storage device receives textPart is read after instruction, and username and password is encrypted, after near-field communication module file to be read instruction and encryptedUsername and password is sent to mobile phone, and mobile phone is sent the user name after encryption, password and file by mobile phone radio frequency module and readAfter instructing server, server authentication to pass through, the fileinfo to reading is encrypted, and returns the fileinfo after encryptionTo mobile phone, information of the mobile phone after near-field communication module transmission encryption is to removable storage device, removable storage device pairFileinfo is decrypted and is sent to computer, and computer shows the fileinfo for reading.
Here the encryption to username and password can adopt default first encryption rule, and this first encryption rule canTo be stored in removable storage device, then corresponding first decryption rule storage is on the server.The file of serverThe encryption of information can adopt the second encryption rule, and then corresponding second decryption is stored in removable storage device and can be rightFileinfo is decrypted.I.e. these information are not transmission in plain text, thus considerably increase safety.
The step of uploading files to server includes:Computer detection is to after files passe operation.Upload operation can be inspectionThe file for surveying user drags to upload frame operation, the fileinfo of the file that user drags is detected, as the fileinfo for uploading.Then computer sends the fileinfo for uploading to removable storage device, the time of removable storage device acquisition computer, and rightThe time of computer and fileinfo are encrypted.The encryption of file can be adopted advises with the encryption of user name password identical firstThen, and to username and password it is encrypted.The username and password after encryption, file are believed by the second near-field communication moduleBreath is sent to mobile phone, and mobile phone sends the user name after encryption, password and fileinfo by mobile phone radio frequency module to server, clothesBusiness device is used to record the time that user name, password and fileinfo start to receive, and username and password is decrypted and verified to serverBy rear, decryption obtains the time of computer and fileinfo, when the time of computer and the time difference for starting reception of record it is littleWhen a preset value, under storage file information to the corresponding file of user name, storage file information is otherwise abandoned.
Here the transmission of data is carried out using the time of computer, the fileinfo that can be allowed after encrypting is more chaotic, becauseFor computer time with the difference of uplink time, be different, and be to change always.Accordingly even when being identicalFile, the data after its encryption are also different, it is to avoid disabled user is by constantly using the file of variable quantity very little come anti-To encryption rule is decrypted, increase cracks difficulty, it is ensured that safety.While server was judged this time, can keep awayExempt from disabled user and be truncated to after packet to submit a large amount of identical packets to, so can cause to store substantial amounts of repetition on serverFile, it is easy to normally using for user is had influence on, so as to avoid normal operation of the disabled user to server from constituting a threat to.Simultaneously because the passage of this programme data transfer is not through computer, so, computer need not network, in the computer of some concerning security mattersOn, just there is no the possibility for being cracked and shooting, it is ensured that the safety of computer data.By mobile phone radio frequency module directly and base stationConnected, also there is no the possibility of monitoring.Mobile phone does not have data storage yet, and removable storage device does not have data storage yet,The two all lost, and also not result in the problem of loss of data.Even if removable storage device lost, without fingerprint and rightThe device password answered, also has no idea to use removable storage device.And be also nothing even with removable storage deviceMethod gets the username and password of inside, because to use username and password, removable storage device to enter to itRow encryption.User has found that removable storage device lost, it is only necessary to the password of user name is changed on server just,Because crack removable storage device to need certainly a period of time, even and if cracked removable storage device, due toUsername and password cannot be also otiose by checking.Information Security is so substantially increased, is lost without concern of dataThe problem of mistake.
The change of password can also be like above step carry out, user first goes to buy the portable storage of a blank and setsIt is standby, finger print data and device password are then initialized, then initialising subscriber name and password, then can be carried out more to passwordChange, computer sends the password after a change directive, user name before, password and change, issues removable storage device,Removable storage device after the user name, password before server verification passes through, will take to being sent to server after these encryptionsAfter the password modification of business device storage, then the password after changing is returned to removable storage device, removable storage device by mobile phoneMore new password.Certainly, in order to prevent Brute Force password, what the intensity of password can be required, such as want upper and lower case letter to addUpper numeral, digit can be more than 10 etc..And if username and password checking is not by default number of times in one day,Just no longer by the checking of the user name, it is to avoid Brute Force.
Specifically, the fingerprint and device password initialization step include:Computer sends acquisition fingerprint prompting, and movable type is depositedStorage equipment waits fingerprint module to get finger print data, gets removable storage device after finger print data and informs computer, computerAcquisition device password prompting is sent, the keyboard for waiting computer is got after device password data, and computer sends device password to shiftingDynamic formula storage device, such removable storage device just stores finger print data and device password data in, and enters verification stepSuddenly.
User name cryptographic initialization is similar with stricture of vagina and device password initialization, username and password initialization step include asLower step:Computer pop-up dialogue box points out user input username and password, computer to get after user name password, by near fieldUser name, password and finger print data are sent to mobile phone by communication module, then are sent to server by the mobile phone radio frequency module of mobile phone,Whether the result is dealt into mobile phone by checking by server detection user name, password and finger print data, and mobile phone passes through near fieldCommunication module is forwarded to computer, and computer is judged result after the result is received, judged result by thenUser name password storage enters data storing steps in removable storage device, and judged result is not by then pointing out userThe username and password mistake of its input, this method terminates.
Further, data storing steps include following delete step:Computer detection to file is deleted after instruction, portableStorage device receives file and deletes after instruction, and username and password is encrypted, and is deleted file by near-field communication moduleExcept the username and password after instruction and encryption is sent to mobile phone, mobile phone sends the user after encryption by mobile phone radio frequency moduleName, password and file delete instruction to server, after server authentication passes through, delete file and delete the corresponding file of instruction.FromAnd the browsing and download of file are realized, upload and delete.
It is similar with said method embodiment, the invention provides a kind of remote data storage system, include mobile phone,Server, computer and removable storage device, mobile phone includes mobile phone radio frequency module, fingerprint module and the first near-field communication mouldBlock, removable storage device includes USB interface and the second near-field communication module, and computer includes fingerprint equipment cryptographic initialization mouldBlock, correction verification module, user name crypto module and data memory module, wherein:
Computer is used to detect whether removable storage device inserts the USB interface of computer, detects and judge after insertion movementWhether formula storage device is stored with finger print data;If not storing finger print data, fingerprint equipment cryptographic initialization mould is enabledBlock, fingerprint equipment cryptographic initialization module is used to initialize fingerprint and device password and enable correction verification module after initialization;Such asReally be stored with finger print data, then directly enable correction verification module;
Correction verification module is used to obtain user input device code data and is dealt into removable storage device, and mobile phone is used to pass throughFingerprint module obtains finger print data and is dealt into removable storage device by the first near-field communication module, and removable storage device is usedIn getting after finger print data and device password data, and it is compared with the data in removable storage device, if all led toCross then enable user name crypto module, otherwise user name crypto module;
User name crypto module is used to judge whether removable storage device has username and password information;Movable type is depositedStorage equipment does not have username and password information, carries out username and password initialization, treats that user name and cryptographic initialization are completedAfterwards, data memory module is enabled;Removable storage device has username and password information, enables data memory module;
Data memory module is used to send file reading instruction;Removable storage device is used to receive file reading instructionAfterwards, username and password is encrypted, the user name and close after near-field communication module file to be read instruction and encryptedCode is sent to mobile phone;Mobile phone be used for by mobile phone radio frequency module send encryption after user name, password and file reading instruction toServer;After server is used to be verified, the fileinfo to reading is encrypted, and the fileinfo returned after encryption is arrivedMobile phone;Mobile phone is used to send the information after encryption to removable storage device, removable storage device by near-field communication moduleFor being decrypted to fileinfo and it is sent to computer, computer is used to show the fileinfo for reading;
Data memory module is additionally operable to detect after files passe operation, sends the fileinfo for uploading to portable storageEquipment;Removable storage device is used to obtain time of computer, and the time and fileinfo to computer is encrypted, and toName in an account book and password are encrypted, and the username and password after encryption, fileinfo are sent to into mobile phone by near-field communication module;Mobile phone is used to send the user name after encryption, password and fileinfo to server by mobile phone radio frequency module;Server is used forAfter decrypting and verifying that username and password passes through, decryption obtains the time of computer and fileinfo, when time and the record of computerStart receive time difference be less than a preset value when, under storage file information to the corresponding file of user name, otherwiseAbandon storage file information.
Further, fingerprint equipment cryptographic initialization module is used to send acquisition fingerprint prompting, waits fingerprint module to obtainTo finger print data, get and send after finger print data acquisition device password prompting, the keyboard for waiting computer gets device passwordAfter data, storage finger print data and device password data enable correction verification module in removable storage device.
Further, user name crypto module carry out username and password it is initialized when, user name crypto module useUser input username and password, computer is pointed out to get after user name password, by near-field communication module in pop-up dialogue boxUser name, password and finger print data are sent to into mobile phone, mobile phone is used to send user name, close by the mobile phone radio frequency module of mobile phone, to server, whether server is used to detect user name, password and finger print data by checking, and will verify for code and finger print dataAs a result mobile phone is dealt into, mobile phone is used to be forwarded to computer by near-field communication module, and it is right after the result is received that computer is used forAs a result judged, judged result enables data by then in user name password storage to removable storage deviceMemory module, judged result by then pointing out user the username and password mistake of its input, does not enable data memory module.
Although being described to the various embodiments described above, those skilled in the art once know basic woundThe property made concept, then can make other change and modification to these embodiments, so embodiments of the invention are the foregoing is only,Not thereby the scope of patent protection of the present invention, the equivalent structure that every utilization description of the invention and accompanying drawing content are made are limitedOr equivalent flow conversion, or other related technical fields are directly or indirectly used in, the patent of the present invention is included in the same mannerWithin protection domain.