[go: up one dir, main page]

CN115396185A - Scientific research data sharing system, method and medium based on encryption - Google Patents

Scientific research data sharing system, method and medium based on encryption Download PDF

Info

Publication number
CN115396185A
CN115396185A CN202211016637.0A CN202211016637A CN115396185A CN 115396185 A CN115396185 A CN 115396185A CN 202211016637 A CN202211016637 A CN 202211016637A CN 115396185 A CN115396185 A CN 115396185A
Authority
CN
China
Prior art keywords
data
secret key
server
encryption
local
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202211016637.0A
Other languages
Chinese (zh)
Inventor
李辉
兰小云
张迎春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Technical Institute of Electronics and Information
Original Assignee
Shanghai Technical Institute of Electronics and Information
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Technical Institute of Electronics and Information filed Critical Shanghai Technical Institute of Electronics and Information
Priority to CN202211016637.0A priority Critical patent/CN115396185A/en
Publication of CN115396185A publication Critical patent/CN115396185A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present disclosure relates to an encryption-based scientific research data sharing system, method, and medium. The system comprises local equipment and a server, wherein the local equipment comprises an encryption algorithm module and a server software module, the encryption algorithm module is used for encrypting a data plaintext of a first local fixed path to generate a data ciphertext and storing the data ciphertext to a second local fixed path, and storing a first secret key used for encryption to a local third fixed path; the server software module is used for uploading the data ciphertext in the second local fixed path to the server within the set fixed time; the server is used for acquiring the data ciphertext in the second local fixed path; the login request of the appointed user of the assigned account is received, and the access of the fourth storage position is allowed according to the account authority.

Description

一种基于加密的科研数据共享系统、方法和介质An encryption-based scientific research data sharing system, method and medium

技术领域technical field

本公开涉及科研数据管理领域,具体涉及一种基于加密的科研数据共享系统、方法和介质。The present disclosure relates to the field of scientific research data management, in particular to an encryption-based scientific research data sharing system, method and medium.

背景技术Background technique

现有的科研管理系统通常采用开放式或者本地局域网本地式的系统实现管理,比如大型公司通常拥有自己的服务器来实现科研进程的全过程管理,而且与外网是隔离的以便实现研发过程和结果的保密,而高校的科研过程以及科研结果一般是保存在本地,共享比较困难,而且也存在安全隐患,比如计算机硬件发生无法修复的损坏或者被无关人员泄密等,而且再加上参与科研的人员不稳定,如离职等造成的流动,使得项目的跟踪管理松弛、科研信息以及成果难以管理,现有的科研管理系统更多的是过程管理,但是对于成果的推广和应用没有太多的用处,不能为单位提供决策依据。Existing scientific research management systems usually use open or local LAN systems for management. For example, large companies usually have their own servers to manage the entire process of scientific research, and are isolated from the external network in order to realize the research and development process and results. However, the scientific research process and scientific research results of universities are generally stored locally, which is difficult to share, and there are also security risks, such as irreparable damage to computer hardware or leaks by unrelated personnel, etc., and the personnel involved in scientific research Instability, such as turnover caused by resignation, makes project tracking management slack, and scientific research information and results are difficult to manage. The existing scientific research management system is more about process management, but it is not very useful for the promotion and application of results. Can not provide decision-making basis for the unit.

为此,现有技术中出现了一些第三方的科研管理系统,如高校采购的嵌入高校管理系统的全方位科研管理的信息化系统,这种信息化系统通常为各级领导或者管理人员分配账号,而科研人员需要将科研进度或者成果上传至信息化系统,各级领导或者管理人员登录账号即可实现对科研进度或者成果的查看或管理,然而账号一旦分配就会有不同的人有权限对数据进行操作,甚至账号的安全使用也无法保障,这样就显得难以管理,尽管有登录浏览记录,但是关键的数据、信息或成果的安全性还是难以保障。科研人员将科研成果或者过程上传信息化系统的动力也不强。For this reason, some third-party scientific research management systems have appeared in the existing technology, such as the all-round scientific research management information system purchased by universities and embedded in the university management system. This information system usually assigns accounts to leaders or managers at all levels. , and scientific researchers need to upload scientific research progress or results to the information system, and leaders or managers at all levels can log in to the account to view or manage the scientific research progress or results. However, once the account is assigned, different people will have the authority to Data operations, and even the safe use of accounts cannot be guaranteed, which makes it difficult to manage. Although there are login and browsing records, the security of key data, information or results is still difficult to guarantee. The motivation of scientific researchers to upload scientific research results or processes to the information system is not strong.

发明内容Contents of the invention

为此,本公开提供一种基于加密的科研数据共享系统、方法和介质,在保障数据安全的情况下,利用服务器实现对科研过程、阶段性成果或最终成果的跟踪和评估,让科研人员能够对数据安全的把控更强,方便授权第三方管理人员的查看,而且也利于科研参与者在保证数据安全的情况下实现数据共享。本公开提供以下技术方案来解决上述技术问题:To this end, this disclosure provides an encryption-based scientific research data sharing system, method, and medium. Under the condition of ensuring data security, the server is used to track and evaluate the scientific research process, phased results or final results, so that scientific researchers can The control of data security is stronger, which is convenient for authorized third-party managers to view, and it is also beneficial for scientific research participants to realize data sharing while ensuring data security. The present disclosure provides the following technical solutions to solve the above technical problems:

作为本公开实施例的一个方面,提供一种基于加密的科研数据共享系统,包括:As an aspect of the embodiments of the present disclosure, an encryption-based scientific research data sharing system is provided, including:

本地设备,包括加密算法模块和服务器软件模块,所述加密算法模块用于将第一本地固定路径的数据明文进行加密产生数据密文保存到第二本地固定路径,将加密所用到的第一秘钥保存到本地第三固定路径;所述服务器软件模块用于将第二本地固定路径中的数据密文在设置的固定时间内将所述数据密文上传到服务器;The local device includes an encryption algorithm module and a server software module, the encryption algorithm module is used to encrypt the data plaintext of the first local fixed path to generate data ciphertext and save it to the second local fixed path, and store the first secret used for encryption The key is saved to the local third fixed path; the server software module is used to upload the data ciphertext in the second local fixed path to the server within the set fixed time;

服务器,用于获取所述第二本地固定路径中的数据密文;并将所述数据密文保存至第四存储位置,并将第四存储位置反馈到本地设备;所述服务器为指定用户分配多个不同权限的账号,分为可读写权限账号、可写权限账号和可读权限账号,其中,可读写权限账号在登录后能够实现对保存在服务器中的数据密文进行读取和写入,可写权限账号能够将所述数据密文写入但是不需要读取和修改,所述可读权限账号能够实现对数据的读取查看但是不允许复制、修改和写入;接收被分配账号的指定用户的登录请求并允许根据账号权限进行第四存储位置的访问。The server is configured to obtain the data ciphertext in the second local fixed path; save the data ciphertext to the fourth storage location, and feed back the fourth storage location to the local device; the server assigns the specified user Accounts with different permissions are divided into accounts with read-write permissions, accounts with writable permissions, and accounts with readable permissions. Among them, accounts with read-write permissions can read and write data ciphertext stored in the server after logging in. Write, the writable permission account can write the data ciphertext but does not need to read and modify, the readable permission account can realize the reading and viewing of data but does not allow copying, modification and writing; Assigning a login request to the designated user of the account and allowing access to the fourth storage location according to the account authority.

可选地,所述本地设备还包括授权定期删除模块,所述授权定期删除模块用于将所述服务器中存储的第四存储位置的数据密文和第一秘钥进行对应,并将所述第一秘钥进行非对称加密得到第二秘钥,根据申请审批情况将第二秘钥发送至服务器的第四存储位置,并将解密所述第二秘钥的非对称加密的第三秘钥授权给指定用户限定时间内使用。Optionally, the local device further includes an authorized periodic deletion module, configured to associate the data ciphertext in the fourth storage location stored in the server with the first secret key, and store the Asymmetrically encrypt the first secret key to obtain the second secret key, send the second secret key to the fourth storage location of the server according to the application approval status, and decrypt the asymmetrically encrypted third secret key of the second secret key Authorized to a designated user for a limited time.

可选地,所述指定用户在限定时间内登录访问服务器,根据第三秘钥解密第二秘钥得到第一秘钥以解密相对应的数据密文得到数据明文,并将解密所述数据密文的数据明文暂存到服务器中以供访问,在限定时间结束后或者指定用户发出访问结束指令后将所述第二秘钥和暂存在服务器中的数据明文删除。Optionally, the specified user logs in to the access server within a limited time, decrypts the second key according to the third key to obtain the first key to decrypt the corresponding data ciphertext to obtain the data plaintext, and decrypts the data ciphertext The plaintext data of the text is temporarily stored in the server for access, and the second key and the plaintext data temporarily stored in the server are deleted after the specified time expires or after the specified user issues an instruction to end the access.

作为本公开实施例的另一方面,提供一种基于加密的科研数据共享方法,应用于本地设备,其特征在于,包括如下步骤:As another aspect of the embodiments of the present disclosure, an encryption-based scientific research data sharing method is provided, which is applied to a local device, and is characterized in that it includes the following steps:

将第一本地固定路径的数据明文进行加密产生数据密文保存到第二本地固定路径,将加密所用到的第一秘钥保存到本地第三固定路径;Encrypting the data plaintext of the first local fixed path to generate the data ciphertext is saved to the second local fixed path, and the first secret key used for encryption is saved to the third local fixed path;

将第二本地固定路径中的数据密文在设置的固定时间内将所述数据密文上传到服务器;uploading the data ciphertext in the second local fixed path to the server within the set fixed time;

接收所述服务器反馈回来的数据密文存储路径与所述第一秘钥相对应后存储至本地第三固定路径。The data ciphertext storage path fed back by the server is corresponding to the first secret key and then stored in a local third fixed path.

可选地,接收所述服务器反馈回来的数据密文存储路径与所述第一秘钥相对应后存储至本地第三固定路径后,还包括如下步骤:Optionally, after receiving the data ciphertext storage path fed back by the server corresponding to the first secret key and storing it in the local third fixed path, the following steps are further included:

对所述第一秘钥进行非对称加密得到第二秘钥;performing asymmetric encryption on the first secret key to obtain a second secret key;

根据申请审批情况将第二秘钥发送至服务器的第四存储位置;Sending the second secret key to the fourth storage location of the server according to the application approval status;

将解密所述第二秘钥的非对称加密第三秘钥授权给指定用户限定时间内使用;Authorize the asymmetrically encrypted third key for decrypting the second key to a designated user for use within a limited time;

在限定时间结束后或接收到指定用户查看结束的指令后发出删除服务器中的数据明文和第二秘钥的指令。After the end of the limited time or after receiving an instruction from the specified user to view the end, issue an instruction to delete the data plaintext and the second secret key in the server.

可选地,将第一本地固定路径的数据明文进行加密产生数据密文的加密采用对称加密算法。Optionally, encrypting the data plaintext of the first local fixed path to generate the data ciphertext adopts a symmetric encryption algorithm.

作为本公开实施例的另一方面,提供一种基于加密的科研数据共享方法,应用于服务器,包括如下步骤:As another aspect of the embodiments of the present disclosure, an encryption-based scientific research data sharing method is provided, which is applied to a server and includes the following steps:

接收本地设备通过加密的数据密文,并将所述数据密文存储到第四存储位置,并将第四存储位置的数据密文存储路径发送至本地设备;Receiving the data ciphertext encrypted by the local device, storing the data ciphertext in a fourth storage location, and sending the data ciphertext storage path of the fourth storage location to the local device;

根据申请审批情况为指定用户分配多个不同权限的账号,分为可读写权限账号、可写权限账号和可读权限账号,其中,可读写权限账号在登录后能够实现对保存在服务器中的数据密文进行读取和写入,可写权限账号能够将所述数据密文写入但是不需要读取和修改,所述可读权限账号能够实现对数据的读取查看但是不允许复制、修改和写入;According to the approval status of the application, multiple accounts with different permissions are assigned to designated users, which are divided into accounts with read-write permissions, accounts with write permissions, and accounts with read permissions. Among them, accounts with read-write permissions can be saved in the server after logging in. The ciphertext of the data can be read and written. The writable permission account can write the data ciphertext but does not need to read and modify it. The readable permission account can realize the reading and viewing of the data but does not allow copying , modification and writing;

接收本地设备发送来的第二秘钥和数据密文存储路径,授权指定用户登录后的访问权限并允许访问与所述数据密文存储路径一致的存储路径;Receive the second secret key and the data ciphertext storage path sent by the local device, authorize the access right of the specified user after logging in and allow access to the storage path consistent with the data ciphertext storage path;

根据第三秘钥解密所述第二秘钥为第一秘钥,并根据第一秘钥将所述数据密文解密为数据明文,并将所述数据明文缓存以供指定用户查看。Decrypting the second key into the first key according to the third key, decrypting the data ciphertext into data plaintext according to the first key, and caching the data plaintext for viewing by a designated user.

可选地,在根据第一秘钥将所述数据密文解密为数据明文,并将所述数据明文缓存以供指定用户查看之后,还包括如下步骤:Optionally, after decrypting the data ciphertext into data plaintext according to the first secret key, and caching the data plaintext for viewing by a specified user, the following steps are further included:

接收来自本地设备的删除数据明文和第二秘钥的指令;Receive an instruction to delete the data plaintext and the second secret key from the local device;

根据所述删除数据明文和秘钥的指令删除数据明文和秘钥。The data plaintext and the secret key are deleted according to the instruction for deleting the data plaintext and the secret key.

可选地,根据申请审批情况为指定用户分配多个不同权限的账号后,还包括如下步骤:Optionally, after assigning multiple accounts with different permissions to the designated user according to the application approval status, the following steps are also included:

根据分配的不同权限的账号的登录情况分配访问权限以及访问位置;所述访问位置由接收的本地设备发送的数据密文存储路径确定。Assign access rights and access locations according to the login status of assigned accounts with different permissions; the access location is determined by the received data ciphertext storage path sent by the local device.

作为本公开实施例的另一方面,提供一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述程序被处理器执行时实现上述的基于加密的科研数据共享方法的步骤。As another aspect of the embodiments of the present disclosure, there is provided a computer-readable storage medium on which a computer program is stored, wherein when the program is executed by a processor, the steps of the above encryption-based scientific research data sharing method are implemented .

本公开的有益效果为:本公开采用本地设备根据加密算法对固定路径中的科研数据进行加密并上传到服务器,在指定用户想要访问科研数据时,需要本地设备的用户将加密科研数据的秘钥发送至指定用户登录后可见的服务器的存储位置,在设定时间内指定用户才能查看解密后的科研数据。通过本公开中的系统或者方法能够对成果进行共享后由科研人员授权在特定权限内查看科研数据。也可以通过有限授权的方式共享到公共领域,在保障科研成果的安全的情况下,为管理层或研究者的决策做好辅助,也为行业发展方向做好指引。The beneficial effects of the present disclosure are as follows: the present disclosure adopts the local device to encrypt the scientific research data in the fixed path according to the encryption algorithm and uploads it to the server. The key is sent to the storage location of the server visible to the designated user after logging in, and the designated user can view the decrypted scientific research data within the set time. Through the system or method in the present disclosure, scientific research personnel can be authorized to view scientific research data within a specific authority after the results are shared. It can also be shared in the public domain through limited authorization. Under the condition of ensuring the safety of scientific research results, it can assist the decision-making of management or researchers, and also guide the development direction of the industry.

附图说明Description of drawings

图1为本公开实施例中的基于加密的科研数据共享系统工作流程图;FIG. 1 is a workflow diagram of an encryption-based scientific research data sharing system in an embodiment of the present disclosure;

图2为本公开实施例2中应用到本地设备的基于加密的科研数据共享方法流程图;FIG. 2 is a flowchart of an encryption-based scientific research data sharing method applied to a local device in Embodiment 2 of the present disclosure;

图3为本公开实施例3中应用到服务器的基于加密的科研数据共享方法流程图;FIG. 3 is a flowchart of an encryption-based scientific research data sharing method applied to a server in Embodiment 3 of the present disclosure;

具体实施方式Detailed ways

下面将结合本公开实施例中的附图,对本公开实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本公开一部分实施例,而不是全部的实施例。基于本公开中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本公开保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present disclosure with reference to the accompanying drawings in the embodiments of the present disclosure. Apparently, the described embodiments are only some of the embodiments of the present disclosure, not all of them. Based on the embodiments in the present disclosure, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present disclosure.

实施例1Example 1

作为本公开实施例的一个方面,提供一种基于加密的科研数据共享系统,如图1所示,包括本地设备和服务器,其中本地设备包括加密算法模块和服务器软件模块和授权定期删除模块,所述加密算法模块用于将第一本地固定路径的数据明文进行加密产生数据密文保存到第二本地固定路径,将加密所用到的第一秘钥保存到本地第三固定路径;所述服务器软件模块用于将第二本地固定路径中的数据密文在设置的固定时间内将所述数据密文上传到服务器;所述本地设备还包括授权定期删除模块,所述授权定期删除模块用于将所述服务器中存储的第四存储位置的数据密文和第一秘钥进行对应,并将所述第一秘钥进行非对称加密得到第二秘钥,根据申请审批情况将第二秘钥发送至服务器的第四存储位置,并将解密所述第二秘钥的非对称加密的第三秘钥授权给指定用户限定时间内使用。As an aspect of the embodiments of the present disclosure, an encryption-based scientific research data sharing system is provided, as shown in Figure 1, including a local device and a server, wherein the local device includes an encryption algorithm module, a server software module and an authorized periodic deletion module, so The encryption algorithm module is used to encrypt the data plaintext of the first local fixed path to generate data ciphertext and save it to the second local fixed path, and save the first secret key used for encryption to the local third fixed path; the server software The module is used to upload the data ciphertext in the second local fixed path to the server within the set fixed time; the local device also includes an authorized periodical deletion module, and the authorized periodical deletion module is used to The data ciphertext in the fourth storage location stored in the server corresponds to the first secret key, asymmetrically encrypts the first secret key to obtain a second secret key, and sends the second secret key according to the application approval status to the fourth storage location of the server, and authorize the designated user to use the asymmetrically encrypted third key for decrypting the second key for a limited time.

在一些实施例中,所述本地设备可为台式机、笔记本或者本地服务器等计算设备。所述加密算法模块可为实现对称加密算法的软件模块或者硬件加密模块,所述对称加密算法可为DES(Data Encryption Standard)加密算法,也即把64位明文作为DES的输入,产生64位密文输出,也可为AES(Advanced Encryption Standard)加密算法、SM1对称加密算法(调用该算法时需要通过加密芯片的接口进行调用)等对称加密算法,数据明文使用对称加密算法能够使得加密速度快。In some embodiments, the local device may be a computing device such as a desktop computer, a notebook, or a local server. The encryption algorithm module can be a software module or a hardware encryption module that realizes a symmetric encryption algorithm, and the symmetric encryption algorithm can be a DES (Data Encryption Standard) encryption algorithm, that is, 64-bit plaintext is used as the input of DES to generate a 64-bit encryption algorithm. Text output can also be symmetric encryption algorithms such as AES (Advanced Encryption Standard) encryption algorithm, SM1 symmetric encryption algorithm (this algorithm needs to be called through the interface of the encryption chip) and other symmetric encryption algorithms. The use of symmetric encryption algorithms for data plaintext can make the encryption speed fast.

在一些实施例中,所述服务器软件模块是与所述服务器相适配的软件,能够运行在所述本地设备中,根据服务器运营商的不同,均可设置在固定时间内将存储在固定路径中的数据传输/备份到服务器。例如,百度网盘可实现将固定路径的文件定时备份到百度云盘的设定位置。In some embodiments, the server software module is software that is compatible with the server and can run on the local device. According to different server operators, it can be set to store in a fixed path within a fixed time. Data transfer/backup to the server. For example, Baidu Netdisk can back up files with a fixed path to the set location of Baidu Cloud Disk at regular intervals.

在一些实施例中,所述授权定期删除模块至少能够实现如下功能:In some embodiments, the authorized periodical deletion module can at least realize the following functions:

(1)作为主设备(Master)控制完成服务器中的账号分配;(1) as the master device (Master) to control and complete the account allocation in the server;

(2)将本地第三固定路径中的第一秘钥通过非对称加密算法加密为第二秘钥,第二秘钥的解密秘钥(非对称加密算法用到的)为第三秘钥;采用的非对称加密算法可为RSA算法、ECC算法或者SM2算法;(2) Encrypt the first secret key in the local third fixed path into a second secret key through an asymmetric encryption algorithm, and the decryption key of the second secret key (used by the asymmetric encryption algorithm) is the third secret key; The asymmetric encryption algorithm used can be RSA algorithm, ECC algorithm or SM2 algorithm;

(3)向指定用户分配服务器访问账号以及第三秘钥;(3) Assigning server access accounts and third secret keys to designated users;

(4)将第二秘钥发送至与其相对应的数据密文的存储位置也就是第四存储位置;(4) Send the second secret key to the storage location of the data ciphertext corresponding to it, that is, the fourth storage location;

(5)监控并记录指定用户的访问记录,并且在限定时间内或者接收指定用户查看结束的指令后删除数据明文和第二秘钥。(5) Monitor and record the access records of the designated user, and delete the data plaintext and the second secret key within a limited time or after receiving an instruction from the designated user to view the end.

其中,服务器用于获取所述第二本地固定路径中的数据密文;并将所述数据密文保存至第四存储位置,并将第四存储位置反馈到本地设备;所述服务器为指定用户分配多个不同权限的账号,分为可读写权限账号、可写权限账号和可读权限账号,其中,可读写权限账号在登录后能够实现对保存在服务器中的数据密文进行读取和写入,可写权限账号能够将所述数据密文写入但是不需要读取和修改,所述可读权限账号能够实现对数据的读取查看但是不允许复制、修改和写入;接收被分配账号的指定用户的登录请求并允许根据账号权限进行第四存储位置的访问。Wherein, the server is used to obtain the data ciphertext in the second local fixed path; and save the data ciphertext to the fourth storage location, and feed back the fourth storage location to the local device; the server is a designated user Assign multiple accounts with different permissions, which are divided into accounts with read-write permissions, accounts with writable permissions, and accounts with readable permissions. Among them, accounts with read-write permissions can read the data ciphertext stored in the server after logging in. and write, the writable permission account can write the data ciphertext but does not need to read and modify, the readable permission account can realize the reading and viewing of data but does not allow copying, modification and writing; receive The designated user who is assigned an account requests to log in and allows access to the fourth storage location according to the account authority.

在一些实施例中,所述服务器为第三方服务器,比如百度云、腾讯云等云盘,账号的分配、采用秘钥解密密文的操作等功能需要开通相应的权限才可实现。In some embodiments, the server is a third-party server, such as cloud disks such as Baidu Cloud and Tencent Cloud, and functions such as account allocation and operation of decrypting ciphertext using a secret key need to be opened for corresponding permissions.

在本实施例中,数据密文存储在第三方服务器中,可通过账号功能设置实现数据密文不可复制不可编辑的功能,同样的,在数据密文被第三秘钥解密后的第一秘钥解密数据密文得到数据明文存储在服务器中时也是不可复制不可编辑的。In this embodiment, the data ciphertext is stored in the third-party server, and the function that the data ciphertext cannot be copied and edited can be realized through the account function setting. Similarly, after the data ciphertext is decrypted by the third key, the first key When the key decrypts the data ciphertext and the plaintext of the data is stored in the server, it is also non-copyable and non-editable.

在一些实施例中,所述服务器能够接受指定用户的账号登录并自动跳转到数据密文所存储的第四存储位置,指定用户可根据本地设备预先存储的第二秘钥使用从本地设备获取的第三秘钥进行解密,得到第一秘钥后即可解密数据密文以便得到可查看的数据明文。本公开实施例先利用对称加密算法对数据明文进行加密得到第一秘钥,再对解密数据密文的第一秘钥进行加密,这种加解密方式既能够保证解密速度,又能够保证秘钥的破解难度较大,保证数据的安全性。In some embodiments, the server can accept the account login of the designated user and automatically jump to the fourth storage location where the data ciphertext is stored. The third secret key is used for decryption. After obtaining the first secret key, the ciphertext of the data can be decrypted to obtain the plaintext of the data that can be viewed. In the embodiment of the present disclosure, a symmetric encryption algorithm is used to encrypt the data plaintext to obtain the first secret key, and then the first secret key to decrypt the data ciphertext is encrypted. This encryption and decryption method can not only ensure the decryption speed, but also ensure the key It is more difficult to crack, ensuring data security.

在一些实施例中,所述指定用户在限定时间内登录访问服务器,根据第三秘钥解密第二秘钥得到第一秘钥以解密相对应的数据密文得到数据明文,并将解密所述数据密文的数据明文暂存到服务器中以供访问,在限定时间结束后或者指定用户发出访问结束指令后将所述第二秘钥和暂存在服务器中的数据明文删除。In some embodiments, the specified user logs in to the access server within a limited time, decrypts the second key according to the third key to obtain the first key to decrypt the corresponding data ciphertext to obtain the data plaintext, and decrypts the The data plaintext of the data ciphertext is temporarily stored in the server for access, and the second key and the data plaintext temporarily stored in the server are deleted after the specified time expires or after the specified user issues an instruction to end the access.

实施例2Example 2

作为本公开实施例的另一方面,提供一种基于加密的科研数据共享方法,应用于本地设备,如图2所示,包括如下步骤:As another aspect of the embodiments of the present disclosure, an encryption-based scientific research data sharing method is provided, which is applied to a local device, as shown in FIG. 2 , including the following steps:

S110、将第一本地固定路径的数据明文进行加密产生数据密文保存到第二本地固定路径,将加密所用到的第一秘钥保存到本地第三固定路径;S110. Encrypt the data plaintext of the first local fixed path to generate data ciphertext and store it in the second local fixed path, and save the first secret key used for encryption in the local third fixed path;

S120、将第二本地固定路径中的数据密文在设置的固定时间内将所述数据密文上传到服务器;S120. Upload the data ciphertext in the second local fixed path to the server within a set fixed time;

S130、接收所述服务器反馈回来的数据密文存储路径与所述第一秘钥相对应后存储至本地第三固定路径。S130. Receive the data ciphertext storage path fed back by the server corresponding to the first key and store it in a third local fixed path.

在一些实施例中,接收所述服务器反馈回来的数据密文存储路径与所述第一秘钥相对应后存储至本地第三固定路径后,还包括如下步骤:In some embodiments, after receiving the data ciphertext storage path fed back by the server corresponding to the first secret key and storing it in the local third fixed path, the following steps are further included:

S140、对所述第一秘钥进行非对称加密得到第二秘钥;S140. Perform asymmetric encryption on the first secret key to obtain a second secret key;

S150、根据申请审批情况将第二秘钥发送至服务器的第四存储位置;S150. Send the second secret key to the fourth storage location of the server according to the application approval status;

S160、将解密所述第二秘钥的非对称加密第三秘钥授权给指定用户限定时间内使用;S160. Authorize the asymmetrically encrypted third key for decrypting the second key to a designated user for use within a limited time;

S170、在限定时间结束后或接收到指定用户查看结束的指令后发出删除服务器中的数据明文和第二秘钥的指令。S170. Send an instruction to delete the data plaintext and the second secret key in the server after the end of the limited time or after receiving an instruction from the designated user to end viewing.

在一些实施例中,将第一本地固定路径的数据明文进行加密产生数据密文的加密采用对称加密算法。本公开实施例先利用对称加密算法对数据明文进行加密得到第一秘钥,再对解密数据密文的第一秘钥进行加密,这种加解密方式既能够保证解密速度,又能够保证秘钥的破解难度较大,保证数据的安全性。In some embodiments, encrypting the data plaintext of the first local fixed path to generate the data ciphertext adopts a symmetric encryption algorithm. In the embodiment of the present disclosure, a symmetric encryption algorithm is used to encrypt the data plaintext to obtain the first secret key, and then the first secret key to decrypt the data ciphertext is encrypted. This encryption and decryption method can not only ensure the decryption speed, but also ensure the key It is more difficult to crack, ensuring data security.

实施例3Example 3

作为本公开实施例的另一方面,提供一种基于加密的科研数据共享方法,应用于服务器,如图3所示,包括如下步骤:As another aspect of the embodiments of the present disclosure, an encryption-based scientific research data sharing method is provided, which is applied to a server, as shown in FIG. 3 , including the following steps:

S210、接收本地设备通过加密的数据密文,并将所述数据密文存储到第四存储位置,并将第四存储位置的数据密文存储路径发送至本地设备;S210. Receive the data ciphertext encrypted by the local device, store the data ciphertext in a fourth storage location, and send the data ciphertext storage path of the fourth storage location to the local device;

S220、根据申请审批情况为指定用户分配多个不同权限的账号,分为可读写权限账号、可写权限账号和可读权限账号,其中,可读写权限账号在登录后能够实现对保存在服务器中的数据密文进行读取和写入,可写权限账号能够将所述数据密文写入但是不需要读取和修改,所述可读权限账号能够实现对数据的读取查看但是不允许复制、修改和写入;S220. Assign multiple accounts with different permissions to the designated user according to the application approval situation, which are divided into accounts with readable and writable permissions, accounts with writable permissions, and accounts with readable permissions. The data ciphertext in the server is read and written. The writable account can write the data ciphertext but does not need to read and modify it. The readable account can read and view the data but not Copying, modification and writing are permitted;

S230、接收本地设备发送来的第二秘钥和数据密文存储路径,授权指定用户登录后的访问权限并允许访问与所述数据密文存储路径一致的存储路径;S230. Receive the second secret key and the data ciphertext storage path sent by the local device, authorize the access right of the designated user after logging in and allow access to the storage path consistent with the data ciphertext storage path;

S240、根据第三秘钥解密所述第二秘钥为第一秘钥,并根据第一秘钥将所述数据密文解密为数据明文,并将所述数据明文缓存以供指定用户查看。S240. Decrypt the second key into the first key according to the third key, decrypt the data ciphertext into data plaintext according to the first key, and cache the data plaintext for viewing by a specified user.

在一些实施例中,在根据第一秘钥将所述数据密文解密为数据明文,并将所述数据明文缓存以供指定用户查看之后,还包括如下步骤:In some embodiments, after decrypting the data ciphertext into data plaintext according to the first secret key, and caching the data plaintext for viewing by a specified user, the following steps are further included:

S250、接收来自本地设备的删除数据明文和第二秘钥的指令;S250. Receive an instruction from the local device to delete the data plaintext and the second secret key;

S260、根据所述删除数据明文和秘钥的指令删除数据明文和秘钥。S260. Delete the data plaintext and the secret key according to the instruction for deleting the data plaintext and the secret key.

在一些实施例中,根据申请审批情况为指定用户分配多个不同权限的账号后,还包括如下步骤:In some embodiments, after assigning multiple accounts with different permissions to the designated user according to the application approval situation, the following steps are further included:

根据分配的不同权限的账号的登录情况分配访问权限以及访问位置;所述访问位置由接收的本地设备发送的数据密文存储路径确定。Assign access rights and access locations according to the login status of assigned accounts with different permissions; the access location is determined by the received data ciphertext storage path sent by the local device.

实施例4Example 4

作为本公开实施例的另一方面,提供一种基于加密的科研数据共享方法,应用于本地设备和服务器,如图1所示,包括如下步骤:As another aspect of the embodiments of the present disclosure, an encryption-based scientific research data sharing method is provided, which is applied to local devices and servers, as shown in FIG. 1 , including the following steps:

S1、获取数据明文并将所述数据明文进行加密;S1. Obtain the plaintext of the data and encrypt the plaintext of the data;

S2、将第一本地固定路径的数据明文进行加密产生数据密文保存到第二本地固定路径,将加密所用到的第一秘钥保存到本地第三固定路径;S2. Encrypt the data plaintext of the first local fixed path to generate data ciphertext and store it in the second local fixed path, and save the first secret key used for encryption in the local third fixed path;

S3、将第二本地固定路径中的数据密文在设置的固定时间内将所述数据密文上传到服务器;S3. Upload the data ciphertext in the second local fixed path to the server within a set fixed time;

S4、接收本地设备通过加密的数据密文,并将所述数据密文存储到第四存储位置,并将第四存储位置的数据密文存储路径发送至本地设备;S4. Receive the data ciphertext encrypted by the local device, store the data ciphertext in a fourth storage location, and send the data ciphertext storage path of the fourth storage location to the local device;

S5、获取第一秘钥并使用非对称加密算法对第一秘钥进行加密得到第二秘钥,并保存所述非对称加密算法在加密第一秘钥时用到的第三秘钥;给指定用户分配登录服务器的账号以及第三秘钥;S5. Obtain the first secret key and use an asymmetric encryption algorithm to encrypt the first secret key to obtain a second secret key, and save the third secret key used by the asymmetric encryption algorithm when encrypting the first secret key; Designate the user to assign the account number and the third secret key for logging in to the server;

S6、将第二秘钥上传至第四存储位置;S6. Upload the second secret key to the fourth storage location;

S7、指定用户登录服务器账号,并访问第四存储位置,其中第四存储位置是在分配账号时已经与账号相关联的,也即分配的账号只能够访问服务器的第四存储位置;S7. The designated user logs in to the server account, and accesses the fourth storage location, wherein the fourth storage location has been associated with the account when the account is assigned, that is, the assigned account can only access the fourth storage location of the server;

S8、指定用户根据本地设备分配的第三秘钥解密已经在S6中上传的第二秘钥得到第一秘钥;S8. The designated user decrypts the second secret key uploaded in S6 according to the third secret key distributed by the local device to obtain the first secret key;

S9、根据第一秘钥解密数据密文为数据明文;S9. Decrypt the data ciphertext according to the first secret key into data plaintext;

S10、指定用户根据用户权限在服务器中查看数据明文;S10. The specified user checks the data plaintext in the server according to the user authority;

S11、在限定时间结束或者指定用户查看结束指令发出时,服务器接收到后删除指令后,执行数据明文和第二秘钥的删除。S11. When the limited time expires or the designated user sends an end-of-view instruction, the server executes the deletion of the data plaintext and the second secret key after receiving the post-deletion instruction.

通过上述步骤,即可实现对数据明文的加密以及授权指定用户在服务器中查看数据密文的解密和数据明文的查看,实现科研数据的安全管理和跟踪;另外,作为本公开实施例的另外一种实现方式,也可以将所述账号的权限设置为可读写,则可实现对数据明文的本地存储,以及更新,再通过本地设备进行数据明文的加密和上传,这样即可实现科研数据的补充和更新,利用该系统还能够实现科研数据也就是数据明文的自动备份和更新,而在第三方服务器中则保持有权限的查看和读写,查看时的数据明文也能根据查看时间或者是否结束而将数据明文和秘钥执行删除操作,这样能够实现科研数据的自动化管理。Through the above steps, the encryption of the data plaintext and the decryption of the data ciphertext and the viewing of the data plaintext authorized to a designated user in the server can be realized, so as to realize the security management and tracking of scientific research data; in addition, as another embodiment of the present disclosure In this way, the authority of the account can also be set to read and write, then the local storage and update of the data plaintext can be realized, and then the data plaintext can be encrypted and uploaded through the local device, so that the scientific research data can be realized. Supplement and update, using this system can also realize the automatic backup and update of scientific research data, that is, the data plaintext, while in the third-party server, it maintains authorized viewing and reading and writing, and the plaintext of the data when viewing can also be based on the viewing time or whether it is At the end, the data plaintext and secret key are deleted, which can realize the automatic management of scientific research data.

实施例5Example 5

本实施例提供一种计算机可读存储介质,所述可读存储介质存储有计算机程序,所述程序被处理器执行时实现实施例1-3任一项中的基于加密的科研数据共享方法的步骤。This embodiment provides a computer-readable storage medium, the readable storage medium stores a computer program, and when the program is executed by a processor, the encryption-based scientific research data sharing method in any one of embodiments 1-3 is implemented. step.

其中,可读存储介质可以采用的更具体可以包括但不限于:便携式盘、硬盘、随机存取存储器、只读存储器、可擦拭可编程只读存储器、光存储器件、磁存储器件或上述的任意合适的组合。Wherein, the readable storage medium may more specifically include but not limited to: portable disk, hard disk, random access memory, read-only memory, erasable programmable read-only memory, optical storage device, magnetic storage device or any of the above-mentioned the right combination.

在可能的实施方式中,本公开还可以实现为一种程序产品的形式,其包括程序代码,当所述程序产品在终端设备上运行时,所述程序代码用于使所述终端设备执行实现实施例1-3任一项中的基于加密的科研数据共享方法的步骤。In a possible implementation manner, the present disclosure may also be implemented in the form of a program product, which includes program code, and when the program product is run on a terminal device, the program code is used to make the terminal device execute The steps of the encryption-based scientific research data sharing method in any one of Embodiments 1-3.

其中,可以以一种或多种程序设计语言的任意组合来编写用于执行本公开的程序代码,所述程序代码可以完全地在用户设备上执行、部分地在用户设备上执行、作为一个独立的软件包执行、部分在用户设备上部分在远程设备上执行或完全在远程设备上执行。Wherein, the program code for executing the present disclosure may be written in any combination of one or more programming languages, and the program code may be completely executed on the user equipment, partially executed on the user equipment, or used as an independent The package executes, partly on the user device and partly on the remote device, or entirely on the remote device.

尽管已经示出和描述了本公开的实施例,对于本领域的普通技术人员而言,可以理解在不脱离本公开的原理和精神的情况下可以对这些实施例进行多种变化、修改、替换和变型,本公开的范围由所附权利要求及其等同物限定。Although the embodiments of the present disclosure have been shown and described, those skilled in the art can understand that various changes, modifications and substitutions can be made to these embodiments without departing from the principle and spirit of the present disclosure. and modifications, the scope of the present disclosure is defined by the appended claims and their equivalents.

Claims (10)

1. An encryption-based scientific research data sharing system, comprising:
the local equipment comprises an encryption algorithm module and a server software module, wherein the encryption algorithm module is used for encrypting a data plaintext of a first local fixed path to generate a data ciphertext and storing the data ciphertext to a second local fixed path, and storing a first secret key used for encryption to a local third fixed path; the server software module is used for uploading the data ciphertext in the second local fixed path to the server within the set fixed time;
the server is used for acquiring a data ciphertext in the second local fixed path; storing the data ciphertext to a fourth storage position, and feeding the fourth storage position back to the local equipment; the server allocates a plurality of accounts with different permissions for a designated user, and the accounts are divided into a readable and writable permission account, a writable permission account and a readable permission account, wherein the readable and writable permission account can read and write a data ciphertext stored in the server after logging in, the writable permission account can write the data ciphertext without reading and modifying, and the readable permission account can read and view data but does not allow copying, modifying and writing; and receiving a login request of a specified user of the assigned account and allowing access to the fourth storage position according to the account authority.
2. The encryption-based scientific research data sharing system according to claim 1, wherein the local device further comprises an authorized periodic deletion module, the authorized periodic deletion module is configured to correspond a data cipher text stored in the server at a fourth storage location with the first secret key, asymmetrically encrypt the first secret key to obtain a second secret key, send the second secret key to the fourth storage location of the server according to an application approval condition, and authorize a third secret key used for decrypting the asymmetric encryption of the second secret key to a specified user within a limited time.
3. The encryption-based scientific research data sharing system according to claim 2, wherein the designated user logs in to the access server within a limited time, decrypts the second secret key according to the third secret key to obtain the first secret key, decrypts the corresponding data ciphertext to obtain the data plaintext, temporarily stores the data plaintext decrypted by the data ciphertext into the server for access, and deletes the second secret key and the data plaintext temporarily stored in the server after the limited time is over or after the designated user issues an access end instruction.
4. A scientific research data sharing method based on encryption is applied to local equipment and is characterized by comprising the following steps:
encrypting a data plaintext of the first local fixed path to generate a data ciphertext, storing the data ciphertext to a second local fixed path, and storing a first secret key used for encryption to a local third fixed path;
uploading the data ciphertext in the second local fixed path to a server within a set fixed time;
and receiving a data ciphertext storage path fed back by the server, corresponding to the first secret key, and storing the data ciphertext storage path to a local third fixed path.
5. The encryption-based scientific research data sharing method according to claim 4, wherein after receiving the data ciphertext storage path fed back by the server, the data ciphertext storage path corresponds to the first secret key and is stored in a local third fixed path, the method further comprises the following steps:
carrying out asymmetric encryption on the first secret key to obtain a second secret key;
sending the second secret key to a fourth storage position of the server according to the application approval condition;
authorizing a third asymmetric encryption secret key for decrypting the second secret key to a specified user within a limited time;
and sending an instruction for deleting the data plaintext and the second secret key in the server after the limited time is over or after an instruction for appointing the user to finish the viewing is received.
6. The encryption-based scientific data sharing method according to claim 4 or 5, wherein the encryption for encrypting the data plaintext of the first local fixed path to generate the data ciphertext uses a symmetric encryption algorithm.
7. A scientific research data sharing method based on encryption is applied to a server and is characterized by comprising the following steps:
receiving a data ciphertext encrypted by the local equipment, storing the data ciphertext to a fourth storage position, and sending a data ciphertext storage path of the fourth storage position to the local equipment;
distributing a plurality of accounts with different permissions to a specified user according to the application approval condition, wherein the accounts are divided into a readable and writable permission account, a writable permission account and a readable permission account, the readable and writable permission account can read and write a data ciphertext stored in a server after logging in, the writable permission account can write the data ciphertext without reading and modifying, and the readable permission account can read and view data but does not allow copying, modifying and writing;
receiving a second secret key and a data ciphertext storage path sent by local equipment, authorizing an access right after a specified user logs in and allowing access to the storage path consistent with the data ciphertext storage path;
and decrypting the second secret key into a first secret key according to the third secret key, decrypting the data ciphertext into a data plaintext according to the first secret key, and caching the data plaintext for a specified user to view.
8. The encryption-based scientific data sharing method according to claim 7, wherein after decrypting the data cipher text into data plaintext according to a first key and buffering the data plaintext for viewing by a specified user, further comprising the steps of:
receiving an instruction from the local device to delete the data plaintext and the second key;
and deleting the data plain text and the key according to the instruction for deleting the data plain text and the key.
9. The scientific research data sharing method based on encryption as claimed in claim 7 or 8, wherein after a plurality of accounts with different permissions are allocated to a specified user according to the application approval condition, the method further comprises the following steps:
distributing access authority and access position according to the login conditions of the distributed accounts with different authorities; the access position is determined by the received data ciphertext storage path sent by the local equipment.
10. A computer-readable storage medium on which a computer program is stored, the program, when executed by a processor, implementing the steps of the encryption-based scientific data sharing method according to any one of claims 4 to 9.
CN202211016637.0A 2022-08-24 2022-08-24 Scientific research data sharing system, method and medium based on encryption Withdrawn CN115396185A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211016637.0A CN115396185A (en) 2022-08-24 2022-08-24 Scientific research data sharing system, method and medium based on encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211016637.0A CN115396185A (en) 2022-08-24 2022-08-24 Scientific research data sharing system, method and medium based on encryption

Publications (1)

Publication Number Publication Date
CN115396185A true CN115396185A (en) 2022-11-25

Family

ID=84120167

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211016637.0A Withdrawn CN115396185A (en) 2022-08-24 2022-08-24 Scientific research data sharing system, method and medium based on encryption

Country Status (1)

Country Link
CN (1) CN115396185A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117540395A (en) * 2023-10-19 2024-02-09 黑塔之契科技(上海)有限公司 Data encryption and decryption methods, encryption and decryption systems, electronic equipment and media
CN117540395B (en) * 2023-10-19 2025-04-18 黑塔之契科技(上海)有限公司 Data encryption and decryption method, encryption and decryption system, electronic equipment and medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117540395A (en) * 2023-10-19 2024-02-09 黑塔之契科技(上海)有限公司 Data encryption and decryption methods, encryption and decryption systems, electronic equipment and media
CN117540395B (en) * 2023-10-19 2025-04-18 黑塔之契科技(上海)有限公司 Data encryption and decryption method, encryption and decryption system, electronic equipment and medium

Similar Documents

Publication Publication Date Title
US7171557B2 (en) System for optimized key management with file groups
US6615349B1 (en) System and method for manipulating a computer file and/or program
US7596695B2 (en) Application-based data encryption system and method thereof
US7200747B2 (en) System for ensuring data privacy and user differentiation in a distributed file system
US8064604B2 (en) Method and apparatus for facilitating role-based cryptographic key management for a database
JP4759513B2 (en) Data object management in dynamic, distributed and collaborative environments
CN101944168B (en) Electronic file authority control and management system
US20030210790A1 (en) Optimizing costs associated with managing encrypted data
US8750519B2 (en) Data protection system, data protection method, and memory card
CN103530570A (en) Electronic document safety management system and method
CN101729550A (en) Digital content safeguard system based on transparent encryption and decryption method thereof
US8656159B1 (en) Versioning of modifiable encrypted documents
KR20230041971A (en) Method, apparatus and computer readable medium for secure data transfer over a distributed computer network
CN114175580B (en) Enhanced secure encryption and decryption system
CN116090000A (en) File security management method, system, device, medium and program product
US10248808B2 (en) File sharing and policy control based on file link mechanism
US10726104B2 (en) Secure document management
US20240403449A1 (en) Remote ownership and content control of media files on untrusted systems
CN115544530A (en) Key management system and method and computing node for realizing key management
TWI381285B (en) Rights management system for electronic files
CN115396185A (en) Scientific research data sharing system, method and medium based on encryption
WO2022001878A1 (en) System generated data set encryption key
CN113626149B (en) Business secret protection method and system based on terminal virtualization
EP3754531B1 (en) Virtualization for privacy control
JP2016111420A (en) Data use control system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20221125