The content of the invention
Instant invention overcomes the deficiencies in the prior art, there is provided a kind of System and method for for realizing network disk data safety, it is intended toTo be stored in the sensitive data in Dropbox, there is provided a kind of security mechanism and service.
In view of the above mentioned problem of prior art, according to one side disclosed by the invention, the present invention uses following technologyScheme:
A kind of method for realizing network disk data safety, its ciphering process include:
According to the cipher mode that User Defined selects to being used to be uploaded to before third party's Dropbox on application terminalFile is encrypted, and generates encryption and decryption key at random by server;
Server preserves encryption and decryption key and recording of encrypted fileinfo;
Encryption file on application terminal after the completion of encryption is used to be uploaded in third party's Dropbox to preserve.
In order to which the present invention is better achieved, further technical scheme is:
According to one embodiment of the invention, before to file encryption, the file for bytecode format is translated the file into.
According to another embodiment of the invention, the symmetric encipherment algorithm of the User Defined selection encryption file.
According to another embodiment of the invention, after file encryption, the encryption file of .rar forms is generated.
According to another embodiment of the invention, the title or terminal applies of User Defined encryption file are ordered automaticallyName.
According to another embodiment of the invention, the encryption fileinfo includes the filename and original text of encryption filePart name.
According to another embodiment of the invention, the cipher mode of the User Defined selection is calculated using symmetric cryptographyMethod.
According to another embodiment of the invention, in addition to:
Terminal applies carry out Hash operation to encryption file, and server obtains and preserves Hash operation value.
According to another embodiment of the invention, decrypting process includes:
It is close to obtain the encryption and decryption for encrypting file according to the encryption file to be decrypted of selection from server for application terminalKey, Hash operation value and encryption fileinfo;
The Hash operation value of file to be decrypted on application terminal is contrasted with the Hash operation value obtained from server,It is determined that in the case that the two is consistent, then the file of explanation preservation third party's Dropbox is not modified;
Corresponding AES and key are called in application terminal, and encryption file is decrypted.
The present invention can also be:
A kind of system for realizing network disk data safety, including:
It is corresponding for realizing the cipher mode selected according to User Defined and generating encryption and decryption key at random by serverWith the device being encrypted for the file before being uploaded to third party's Dropbox in terminal;And
Realize by encryption situation of the described device to server feedback, encryption and decryption key and recording of encrypted are preserved by serverFileinfo;Encryption file on application terminal after the completion of encryption is used to be uploaded in third party's Dropbox to preserve.
Compared with prior art, one of beneficial effects of the present invention are:
A kind of System and method for for realizing network disk data safety of the present invention, server download terminal of the user from the systemUsing, you can the file for preparing encryption is encrypted.Then the file after encryption is uploaded into Dropbox to be preserved.So protectHaving demonstrate,proved after the file being stored in Dropbox is stolen to be read, while key is not together preservation with encryption file, ensure thatEncryption file is not easy to be cracked.The server of the system provides download terminal application, preserves the function such as key, user's login.WithFamily changes terminal or when being in strange land, can also obtain the encryption file for uploading or downloading Dropbox, and encryption and decryption file.So makeThe system of obtaining has good applicability and versatility.
Embodiment
The present invention is described in further detail with reference to embodiment, but the implementation of the present invention is not limited to this.
The system of this Dropbox data safety is mainly made up of server and the part of application terminal two, and its major function includes:
Server is responsible for downloading application terminal, manages user data, enciphering and deciphering algorithm, the file name of recording of encrypted, lifeDeposit and preserve the functions such as encryption and decryption key.
Application terminal need to be arranged in the terminal that user uses, such as PC, smart mobile phone etc..Major function is responsible forEncryption and decryption file, encryption and decryption key is obtained to server, managing encrypted algorithm, obtains the functions such as user data.
As shown in figure 1, Fig. 1 shows the file encryption stream of network disk data encryption system according to an embodiment of the inventionJourney, its idiographic flow are:
1st, user accesses network disk data encryption system server, downloads and installs network disk data encryption system terminal.
2nd, user starts installation network disk data encryption system terminal, is registered by terminal interface and is passed to user to serverThe information such as name, password, E-mail address, phone.
3rd, the file that user need to be encrypted by the selection of terminal applies dialog box, such as text, audio file, video textPart, picture file, compressed file etc., translate the file into the file for bytecode format.
4th, user can customize the symmetric encipherment algorithm of selection encryption file, and algorithm is supplied to from small to large by Cipher StrengthUser, symmetric encipherment algorithm include TEA, BLOWFISH, AES.Default encryption algorithm is BLOWFISH.Encryption key is by serverRandom generation, and preserve in the server.There are 32 according to customer option key length, 64,128, default key lengthFor 64.When User Defined selects AES, intensity is stronger, and corresponding key is also longer.
5th, after file encryption, the encryption file of .rar forms is generated.Encrypt file filename user can oneself definition orNamed automatically by terminal applies.Terminal applies carry out MD5 Hash operations to encryption file again, obtain the MD5 cryptographic Hash of ciphertext withFilename, the old file name of encryption file together preserve in the server.After the filename preservation for completing MD5 and encryption file,Application terminal can prompt the filename that user not change encryption file arbitrarily again.Such as need to change, need to be by terminal applies, will be newThe filename of change is updated into server.
6th, user is obtained after encrypting file, and encryption file is uploaded in third party's Dropbox and preserved.
As shown in Fig. 2 Fig. 2 shows the file decryption stream of network disk data encryption system according to an embodiment of the inventionJourney, its idiographic flow are:
1st, user logs in third party's Dropbox by encryption file download to user terminal, such as PC, intelligent terminal etc..
2nd, the application terminal of network disk data encryption system is started on the subscriber terminal, such as user leads in other place reasonsChanges terminal is caused, then needs to access network disk data encryption system server download application terminal, in new terminal.
3rd, user logs in application terminal, starts application terminal decryption dialog box, selects the encryption file that need to be decrypted.Using endEnd obtains the letter such as AES and key, MD5 values, old file name of the encryption file according to user name, filename from serverBreath.
4th, application terminal obtains the MD5 values contrast that the MD5 values of file to be decrypted obtain with server first, it is determined that unanimously,The file for illustrating to have third party's Dropbox is without any change.
5th, corresponding AES and key are finally called in application terminal, and encryption file is decrypted.Obtained after decryptionThe file of bytecode format.
6th, the file of bytecode format is finally converted to by original according to the suffix of old file name.
To sum up, the present invention can protect network disk data, the safety of information and privacy, and user in terminal by installing the systemTerminal applies, the sensitive data that need to be passed to Dropbox preservation is encrypted terminal applies, and after the completion of encryption, then incoming Dropbox is carried outPreserve.When user needs to extract data, former encryption data is first downloaded from Dropbox, then by terminal applies to encrypting numberFormer data file is reduced to according to being decrypted, so as to be the sensitive data being stored in Dropbox, there is provided a kind of safe and secret machineSystem and service.
Scheme disclosed by the invention can be applied to 360 cloud disks, Baidu's cloud Dropbox, 115 Dropbox, association's enterprise disk,MediaFire etc., preserve sensitive data and sensitive document.To preserving secret privacy information, prevent third party, hacker from obtaining, usurpingChange and play good safeguard protection effect.
Each embodiment is described by the way of progressive in this specification, what each embodiment stressed be with it is otherThe difference of embodiment, identical similar portion cross-reference between each embodiment.
" one embodiment " for being spoken of in this manual, " another embodiment ", " embodiment ", etc., refer to tyingSpecific features, structure or the feature for closing embodiment description are included at least one embodiment of the application generality descriptionIn.It is not necessarily to refer to same embodiment that statement of the same race, which occur, in multiple places in the description.Appoint furthermore, it is understood that combiningWhen one embodiment describes a specific features, structure or feature, what is advocated is this to realize with reference to other embodimentFeature, structure or feature are also fallen within the scope of the present invention.
Although reference be made herein to invention has been described for multiple explanatory embodiments of the invention, however, it is to be understood thatThose skilled in the art can be designed that a lot of other modifications and embodiment, and these modifications and embodiment will fall in this ShenPlease be within disclosed spirit and spirit.More specifically, can be to master in the range of disclosure and claimThe building block and/or layout for inscribing composite configuration carry out a variety of variations and modifications.Except what is carried out to building block and/or layoutOutside variations and modifications, to those skilled in the art, other purposes also will be apparent.