Nothing Special   »   [go: up one dir, main page]

CN108280369B - Cloud document offline access system, intelligent terminal and method - Google Patents

Cloud document offline access system, intelligent terminal and method Download PDF

Info

Publication number
CN108280369B
CN108280369B CN201810178928.7A CN201810178928A CN108280369B CN 108280369 B CN108280369 B CN 108280369B CN 201810178928 A CN201810178928 A CN 201810178928A CN 108280369 B CN108280369 B CN 108280369B
Authority
CN
China
Prior art keywords
information
document
key
target
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810178928.7A
Other languages
Chinese (zh)
Other versions
CN108280369A (en
Inventor
施经纬
王辉
陈锦祥
赵春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN201810178928.7A priority Critical patent/CN108280369B/en
Publication of CN108280369A publication Critical patent/CN108280369A/en
Application granted granted Critical
Publication of CN108280369B publication Critical patent/CN108280369B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a cloud document offline access system, an intelligent terminal and a method, wherein the system comprises: the PC client is used for generating offline access request information when a user accesses the target encrypted cloud document offline; acquiring key information returned by the intelligent terminal, and accessing a target encrypted cloud document according to the key information; the intelligent terminal is used for acquiring the offline access request information from the PC client and sending the offline access request information to the server; acquiring key information from a server, and sending the key information to a PC client; and the server is used for acquiring the off-line access request information from the intelligent terminal, acquiring the key information according to the off-line access request information and sending the key information to the intelligent terminal. The technical scheme realizes off-line access to the cloud document.

Description

Cloud document offline access system, intelligent terminal and method
Technical Field
The invention relates to the technical field of security protection, in particular to a cloud document offline access system, an intelligent terminal and a method.
Background
With the development of information technology, electronic documents gradually replace paper documents and become important carriers of enterprise information. Meanwhile, with the rise of mobile devices such as intelligent terminals and the like, the cross-terminal access requirements of documents are increasingly strong, cloud documents become enterprise-level solutions, and the cloud documents mainly depend on online access using modes, so that the security problem that a user accesses the documents is guaranteed by how to solve the security access requirements of the documents in a network-free and offline state, and a new challenge is provided for each enterprise.
The traditional cloud document security product is concentrated on encryption and authority control of a document entity, and a management mode of key centralized storage is adopted, so that the problem of document security access control in the traditional mode is well solved, but documents are accessed in an online network state, and cannot be accessed when a user is in an offline network state.
Disclosure of Invention
The embodiment of the invention provides a cloud document offline access system, which is used for accessing a cloud document offline and comprises the following components:
the PC client is used for generating offline access request information when a user accesses the target encrypted cloud document offline; acquiring key information returned by the intelligent terminal, and accessing a target encrypted cloud document according to the key information;
the intelligent terminal is used for acquiring the offline access request information from the PC client and sending the offline access request information to the server; acquiring key information from a server, and sending the key information to a PC client;
and the server is used for acquiring the off-line access request information from the intelligent terminal, acquiring the key information according to the off-line access request information and sending the key information to the intelligent terminal.
The embodiment of the invention also provides an intelligent terminal, which is used for accessing the cloud document off line and comprises:
an acquisition unit, configured to acquire the offline access request information from a PC client; acquiring key information from a server;
the sending unit is used for sending the offline access request information to a server; and sending the key information to the PC client.
The embodiment of the invention also provides an off-line access method of the cloud document, which is used for accessing the cloud document off-line and comprises the following steps:
the method comprises the steps that when a user accesses a target encrypted cloud document offline, a PC client generates offline access request information;
the intelligent terminal acquires the offline access request information from the PC client and sends the offline access request information to the server;
the server acquires the off-line access request information from the intelligent terminal, acquires key information according to the off-line access request information, and sends the key information to the intelligent terminal;
the intelligent terminal acquires the key information from the server and sends the key information to the PC client;
and the PC client acquires the key information returned by the intelligent terminal and accesses the target encryption cloud document according to the key information.
The embodiment of the invention also provides computer equipment which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor realizes the cloud document offline access method when executing the computer program.
The embodiment of the invention also provides a computer-readable storage medium, and the computer-readable storage medium stores the cloud document offline access method.
According to the technical scheme provided by the embodiment of the invention, when a user needs to access the encrypted document through the PC client and the PC client does not have a networking condition, the PC client generates offline access request information, the offline access request information is sent to the server through the intelligent terminal, the server acquires the key information according to the offline access request information and sends the key information to the intelligent terminal, the intelligent terminal sends the key information to the PC client, and the PC client accesses the target encrypted cloud document according to the key information, so that the user can access the encrypted cloud document in an offline state.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the principles of the invention. In the drawings:
FIG. 1 is a schematic structural diagram of a cloud document offline access system in an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of a PC client in the embodiment of the present invention;
fig. 3 is a schematic structural diagram of an intelligent terminal in the embodiment of the present invention;
fig. 4 is a schematic structural diagram of an intelligent terminal in another embodiment of the present invention;
FIG. 5 is a schematic structural diagram of information stored in a storage unit in an intelligent terminal according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of a server according to an embodiment of the present invention;
FIG. 7 is a flowchart illustrating an offline cloud document access method according to an embodiment of the present invention;
fig. 8 is a flowchart illustrating an offline cloud document access method according to another embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the following embodiments and accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention.
The invention provides a cloud document offline access scheme, which overcomes the defect of offline function of the traditional document security product, when a PC client is in an offline state and cannot acquire a document decryption key, the PC client forms offline access request information in a specific form according to a document ID (identification information) and a user authentication ID, the offline access request information is identified through an intelligent terminal, and the document key and the authority information are safely transmitted to the offline PC client by means of a special APP program, intelligent terminal user authentication binding, internet encryption transmission key and the like so as to check and edit a document.
The user authentication and binding mode in the embodiment of the invention ensures that the authenticated user authorized by the enterprise has the capacity of checking and editing the document offline and applying or modifying the document authority through the modes of the intelligent terminal number, the enterprise user authentication ID, random short message verification or random information verification and the like. Meanwhile, keys are transmitted in the modes of sound waves, Bluetooth and the like, so that related encrypted documents can be opened by using other transmission modes under the unavailable condition that a PC client is abnormal in network and the like, and the problem that a user cannot access the encrypted documents in an off-line state is solved.
Specifically, in the scheme, an enterprise user triggers an encrypted document offline access request at a PC client, the PC client reads a document, accesses document description, reads information such as a document ID and a user authentication ID, generates offline access request information in a specific form (including but not limited to a two-dimensional code picture, a sound wave signal, a Bluetooth signal and a WIFI signal), an intelligent terminal identifies the offline access request information, analyzes the offline access request information to the document ID and the user authentication ID, transmits the document ID and the user authentication ID to a cloud document management server through a security channel established between the intelligent terminal and the cloud document management server, inquires corresponding persons and authorities, returns a key (key1) to the intelligent terminal, and returns the key information to the PC client through sound waves, Bluetooth and the like for viewing or editing the encrypted document. The cloud document offline access scheme is described in detail below.
Fig. 1 is a schematic structural diagram of a cloud document offline access system in an embodiment of the present invention, and as shown in fig. 1, the system includes:
the PC client 1 is used for generating offline access request information when a user accesses a target encrypted cloud document offline; acquiring key information returned by the intelligent terminal, and accessing a target encrypted cloud document according to the key information;
the intelligent terminal 2 is used for acquiring the offline access request information from the PC client and sending the offline access request information to the server; acquiring key information from a server, and sending the key information to a PC client;
and the server 3 is used for acquiring the off-line access request information from the intelligent terminal, acquiring the key information according to the off-line access request information, and sending the key information to the intelligent terminal.
In specific implementation, in the cloud document offline access system provided in the embodiment of the present invention, the PC client 1 and the intelligent terminal 2 may be connected in a wireless manner, and the intelligent terminal 2 and the server 3 may be connected in a wireless manner, where the wireless manner includes one of the following: two-dimensional code, sound wave, bluetooth, WIFI, RFID etc..
According to the technical scheme provided by the embodiment of the invention, when a user needs to access the encrypted document through the PC client and the PC client does not have a networking condition, the PC client generates offline access request information, the offline access request information is sent to the server through the intelligent terminal, the server acquires the key information according to the offline access request information and sends the key information to the intelligent terminal, the intelligent terminal sends the key information to the PC client, and the PC client accesses the target encrypted cloud document according to the key information, so that the user can access the encrypted cloud document in an offline state.
In specific implementation, the PC client 1 is used for a user to access an encrypted document offline, trigger an offline access request, convert key information returned by the intelligent terminal, and decrypt the encrypted document, and specific functions are described in detail below. The intelligent terminal 2 is configured to identify an offline access request (offline access request information), and wirelessly request and acquire an access key (key information) of an offline encrypted document from the server 3, where specific functions are described in detail below. In the embodiment of the present invention, the server 3 may be referred to as a cloud document management server, and is configured to perform user security authentication, search for document access rights and key information according to an offline access request sent by the intelligent terminal 2, and return the key information to the intelligent terminal 2 after necessary verification, where specific functions are described in detail below. The key information in the embodiment of the present invention may include: access keys and edit keys, and the like.
The following describes each part of the cloud document offline access system provided by the embodiment of the present invention in detail.
First, the PC client 1 will be described with reference to fig. 2. As shown in fig. 2, the PC client 1 may include: request generating unit 11, presentation unit 12, key converting unit 13, decrypting unit 14, wherein:
the request generating unit 11 is responsible for generating offline access request information according to an operation of accessing the encrypted document offline by a user, the offline access request information being triggered when the user needs to access the encrypted document through a PC client, and the PC client does not have a networking condition, the offline request information including an encrypted document ID (identification information), an author ID, a server ID, a user ID (identification information), and the like.
The presentation unit 12 is responsible for presenting offline access request information including an encrypted document ID, an author ID, a server ID, a user ID, and the like in a specific form, including but not limited to a two-dimensional code picture, a sound wave signal, a bluetooth signal, a WIFI signal, and the like.
The key conversion unit 13 is responsible for receiving key information containing a preset form (a specific form) sent by the smart terminal 2, such as two-dimensional code information displayed on a screen of the smart terminal 2 captured and identified by a camera, or audio information input by a microphone into the smart terminal 2, or wireless information sent by the smart terminal 2 received by bluetooth, and converting the received key information into digital information according to different forms of information (such as images, sounds and the like), so as to obtain document key information (a document decryption key) contained in the preset form key information, where the preset form key information includes, but is not limited to, two-dimensional code pictures, sound wave signals, bluetooth signals, WIFI signals and the like.
A decryption unit 14 for decrypting the encrypted document based on the document key information obtained by the key conversion unit 13.
Next, the intelligent terminal 2 will be described with reference to fig. 3. As shown in fig. 3, the smart terminal 2 may include:
an obtaining unit 25, configured to obtain the offline access request information from the PC client; acquiring key information from a server;
a sending unit 26, configured to send the offline access request information to a server; and sending the key information to the PC client.
In one embodiment, the obtaining unit is specifically configured to obtain offline access request information in a preset presentation form from a PC client; receiving key information returned by the server;
as shown in fig. 4, the intelligent terminal may further include:
the request information analysis unit 22 is configured to analyze document description information from offline access request information in a preset presentation form; the document description information may include: identification information of the target encrypted cloud document;
a decryption processing unit 24, configured to convert the key information into a preset form;
the sending unit may be further configured to send the document description information to a server as offline access request information; and sending the key information in a preset form to the PC client in a preset wireless transmission mode.
During specific implementation, the intelligent terminal also converts the key information returned by the server into a preset form through the decryption processing unit, and sends the key information in the preset form to the PC client side through a preset wireless transmission mode. The meaning of the preset form and the preset wireless transmission mode is detailed in the above-mentioned example of the key converting unit 13.
In specific implementation, the request information analyzing unit 22 is configured to identify offline access request information in a specific form displayed by the displaying unit 12 of the PC client 1, and analyze document description information included in the request information, where the document description information includes a user ID, a document ID, an author ID, and a server ID.
In specific implementation, after the intelligent terminal acquires the offline access request information in the preset display form through the acquisition unit, the document description information can be analyzed from the offline access request information in the preset display form through the request information analysis unit, and the subsequent server can match the key information of the target encrypted document according to the document description information and the relationship between the pre-stored identification information of the encrypted cloud document and the key information. The work of analyzing the off-line access request information is completed by the intelligent terminal, so that the pressure of the server is reduced. Of course, the intelligent terminal can send the offline access request information to the server, and the server completes the work of analyzing the offline access request information.
In specific implementation, the decryption processing unit 24 is configured to perform conversion processing on the key information sent by the server 3, and send the converted key information to the PC client 1 in a specific manner (a preset wireless transmission manner), where the conversion processing manner (a preset form) includes, but is not limited to, a two-dimensional code and a sound wave manner, for example, a two-dimensional code and a sound wave that can generate a document key through an encryption algorithm, and the specific manner includes, but is not limited to, playing a key sound wave and displaying the two-dimensional code.
In specific implementation, as shown in fig. 4, the intelligent terminal 2 may further include: the first authentication unit 21 is configured to receive authentication information, which includes a user ID, a user password, a random verification code, and the like, input by a client through a screen or a keyboard of the smart terminal 2, and transmit encrypted client authentication information to the server 3 for verification, where the encrypted client authentication information includes, but is not limited to, the user ID, the user password, the random verification code, a smart terminal number, a smart terminal SN code, SIM card information, and the like. The user authentication and binding mode in the embodiment of the invention ensures that the authenticated user authorized by an enterprise has the capacity of checking and editing the document offline and applying or modifying the document authority by the modes of the intelligent terminal number, the enterprise user authentication ID, the random short message verification or the random information verification and the like, and improves the security of the cloud document offline access.
In specific implementation, as shown in fig. 4, the intelligent terminal 2 may further include: a storage unit 23, configured to store the document description information parsed by the request information analysis unit 22 and the key transformation information generated by the decryption processing unit 24, where a storage structure in the storage unit 23 is shown in fig. 5, as shown in fig. 5, a key storage structure proposed by an embodiment of the present invention is composed of the document description information and a key body, and the document description information includes: document ID, author ID, organization ID, user ID, authority version number, document authority, document encryption key encrypted by using a product public key, document encryption key encrypted by using a server public key, the key body comprising: the document ID, the hash value of the document description content, the protected key and the protected key conversion information are encrypted and stored by adopting a random document encryption key. Wherein:
document ID: the unique identifier is used for identifying the document and ensures the one-to-one correspondence between the document description and the document entity.
Author ID: for identifying the author of the document.
Organization ID: the public key encryption protection system is used for identifying which organization the document encryption key uses for encryption protection, so that the server side adopts a corresponding private key for decryption when decrypting the document encryption key.
User ID: for recording the ID of the user initiating the request.
Permission version number: the version of the document authority information for recording document cache can ensure that the latest authority information is used as the standard during online authentication by verifying the authority version number information.
Document rights information: the method is used for caching all authority information of the current document, effectively reduces the interactive information amount of the client and the server under the scene that the authority of the document is relatively stable, improves the authentication efficiency, and simultaneously ensures that the client can still be opened according to the caching authority under the offline scene.
Document encryption key (encrypted using product public key): for storing the document encryption key encrypted using the product public key.
Document encryption key (encrypted using the institution public key): for storing the document encryption key encrypted using the institution public key.
Hash value of document description content: and the document description content Hash value in the document entity is used for identifying whether the corresponding document description content is tampered.
Key information: for saving the key information returned by the server.
Protected key translation information: the wireless key information generated by using a specific algorithm is stored, and the wireless key information comprises but is not limited to two-dimension code key information and sound wave key information.
In one embodiment, the document description information further includes: identity identification information of the user;
the intelligent terminal further comprises: an authority information determination unit 27 configured to determine access authority information of the user on the target document according to the identification information of the user and the identification information of the target encrypted cloud document, and all authority information of the target encrypted cloud document stored in advance;
the sending unit is further used for sending the access right information of the target document to the server.
In specific implementation, all authority information of a current document can be cached in the intelligent terminal, and the access authority information of the current user to the target document (which will be described in detail in the following embodiment) is determined at the intelligent terminal according to the identity identification information of the user, the identification information of the target encryption cloud document and all the authority information of the target encryption cloud document stored in advance. Of course, the determination of the user's rights information may also be performed by the server.
Finally, the server 3 will be described with reference to fig. 6. As shown in fig. 6, the server 3 may include: a second authentication unit 31, a request information receiving unit 32, a key obtaining unit 33, a notification unit 34, a right applying unit 35, and a right examining and approving unit 36, wherein:
the second authentication unit 31 is configured to receive and analyze the client authentication information sent by the first authentication unit 21, and determine whether information such as a user ID, a user password, a verification code, an intelligent terminal number, an intelligent terminal SN code, and an SIM card included in the client authentication information matches information retained during user registration, so that security of offline access of a cloud document is improved.
And the request information receiving unit 32 is configured to receive the document description information parsed by the request information analyzing unit 22 of the intelligent terminal 2, and query the user document access authority according to the document description information, where the document description information includes, but is not limited to, a user ID, a document ID, an author ID, and a server ID.
And a key obtaining unit 33, configured to search the database according to the document description information sent by the request information receiving unit 32, and find out corresponding document key information through the document ID.
A notification unit 34 for sending the document key information acquired by the key acquisition unit 33 to the decryption processing unit 24 of the smart terminal 2.
And the permission application unit 35 is configured to generate a document access permission application and notify an author or an approver of the document access permission application in a manner of an email, a short message, or the like.
And the permission approval unit 36 is configured to receive an approval result of the author or the approver, and determine whether the approval passes.
Based on the above analysis, the following example schemes can be derived.
In one embodiment, the PC client may be specifically configured to generate offline access request information when a user accesses a target encrypted cloud document offline, and convert the offline access request information into a preset presentation form; converting the key information in the preset form returned by the intelligent terminal to obtain a document decryption key, and accessing a target encryption cloud document according to the document decryption key;
the intelligent terminal can be specifically used for acquiring offline access request information in a preset display form from a PC client, analyzing document description information from the offline access request information in the preset display form, and sending the document description information serving as the offline access request information to a server; receiving key information returned by a server, converting the key information into a preset form, and sending the key information in the preset form to a PC client in a preset wireless transmission mode; the document description information includes: identification information of the target encrypted cloud document;
the server can be specifically configured to obtain key information of the target encrypted cloud document according to the identification information of the target encrypted cloud document and a relationship between the pre-stored identification information of the encrypted cloud document and the key information, and send the key information to the intelligent terminal.
In specific implementation, the offline access request information in the preset display form includes one of the following: the method comprises the following steps of (1) two-dimensional code picture information, sound wave information, Bluetooth information and WIFI information; the preset form of key information includes one of the following: two-dimensional code picture information, sound wave information and Bluetooth information; the preset wireless transmission mode comprises one of the following modes: playing the key sound wave, displaying the two-dimensional code picture information and sending a Bluetooth signal.
In specific implementation, after the off-line access request information is converted into a preset display form, the PC client can also send the off-line access request information in the preset display form to the intelligent terminal in a preset wireless transmission mode. In the embodiment of the present invention, the meaning of the preset display form and the preset form may be the same, for example, both the preset display form and the preset form may be a form for displaying two-dimensional code picture information, or one may be a sound wave form and one may be a two-dimensional code form. The predetermined wireless transmission method may also be referred to as a wireless method.
In one embodiment, the document description information may further include: identity identification information of the user;
the intelligent terminal can be further used for determining the access authority information of the user to the target document according to the identity identification information of the user, the identification information of the target encryption cloud document and all authority information of the target encryption cloud document stored in advance, and sending the access authority information of the user to the target document to the server;
the server can also be used for acquiring the access authority information of the user to the target document and acquiring the key information of the target encrypted document according to the access authority information.
In specific implementation, all authority information of a current document can be cached in the intelligent terminal, and the access authority information of the current user to the target document (which will be described in detail in the following embodiment) is determined at the intelligent terminal according to the identity identification information of the user, the identification information of the target encryption cloud document and all the authority information of the target encryption cloud document stored in advance. Of course, the determination of the user's rights information may also be performed by the server.
In an embodiment, the server may be specifically configured to, when it is determined that the user has access right to the target document, obtain key information of the target encrypted document, and send the key information to the intelligent terminal.
In one embodiment, the server may be specifically configured to generate an access right application when it is determined that the user has no access right to the target document, and send the access right application to a preset approval terminal; and receiving an approval result sent by a preset approval terminal, acquiring key information of the target encrypted document when the approval result is passed, and sending the key information to the intelligent terminal.
When the user has the right, the server can directly send the matched key information to the intelligent terminal, when the user has no right, the user urgently checks the cloud document, the cloud document can also be sent to the preset approval terminal by generating an access right application, when the approval result is passed, the key information of the target encrypted document is obtained, and the key information is sent to the intelligent terminal, so that the setting is flexible and convenient.
The above embodiment describes application of access rights to obtain key information for accessing the encrypted cloud document, and of course, the user may also obtain modification and editing rights, modification and editing key information, and the like according to the above embodiment.
Based on the same inventive concept, the embodiment of the invention also provides an intelligent terminal, such as the following embodiments. Because the principle of solving the problems of the intelligent terminal is similar to that of the cloud document offline access system, the implementation of the intelligent terminal can refer to the implementation of the cloud document offline access system, and repeated parts are not repeated. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 3 is a schematic structural diagram of an intelligent terminal in an embodiment of the present invention, and as shown in fig. 3, the intelligent terminal may include:
an obtaining unit 25, configured to obtain the offline access request information from the PC client; acquiring key information from a server;
a sending unit 26, configured to send the offline access request information to a server; and sending the key information to the PC client.
In an embodiment, the obtaining unit may be specifically configured to obtain offline access request information in a preset presentation form from a PC client; receiving key information returned by the server;
as shown in fig. 4, the intelligent terminal may further include:
the request information analysis unit is used for analyzing the document description information from the offline access request information in a preset display form; the document description information includes: identification information of the target encrypted cloud document;
the decryption processing unit is used for converting the key information into a preset form;
the sending unit may be further configured to send the document description information to a server as offline access request information; and sending the key information in a preset form to the PC client in a preset wireless transmission mode.
In one embodiment, the document description information may further include: identity identification information of the user;
the intelligent terminal may further include: the authority information determining unit is used for determining the access authority information of the user to the target document according to the identity identification information of the user, the identification information of the target encryption cloud document and all the authority information of the pre-stored target encryption cloud document;
the sending unit can also be used for sending the access right information of the user to the target document to the server.
Based on the same inventive concept, the embodiment of the present invention further provides an offline access method for a cloud document, as in the following embodiments. The principle of the cloud document offline access method for solving the problems is similar to that of the cloud document offline access system, so the implementation of the cloud document offline access method can be referred to the implementation of the cloud document offline access system, and repeated parts are not repeated. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 7 is a flowchart illustrating an offline cloud document access method according to an embodiment of the present invention, and as shown in fig. 7, the method includes the following steps:
step 201: the method comprises the steps that when a user accesses a target encrypted cloud document offline, a PC client generates offline access request information;
step 202: the intelligent terminal acquires the offline access request information from the PC client and sends the offline access request information to the server;
step 203: the server acquires the off-line access request information from the intelligent terminal, acquires key information according to the off-line access request information, and sends the key information to the intelligent terminal;
step 204: the intelligent terminal acquires the key information from the server and sends the key information to the PC client;
step 205: and the PC client acquires the key information returned by the intelligent terminal and accesses the target encryption cloud document according to the key information.
In one example, when a user accesses a target encrypted cloud document offline, the PC client generates offline access request information, which may include: when a user accesses a target encrypted cloud document offline, generating offline access request information, and converting the offline access request information into a preset display form;
the acquiring, by the intelligent terminal, the offline access request information from the PC client, and sending the offline access request information to the server may include: acquiring offline access request information in a preset display form from a PC client, analyzing document description information from the offline access request information in the preset display form, and sending the document description information serving as the offline access request information to a server; the document description information includes: identification information of the target encrypted cloud document;
the server obtains the offline access request information from the intelligent terminal, obtains the key information according to the offline access request information, and sends the key information to the intelligent terminal, and the method may include: acquiring key information of the target encrypted document according to the identification information of the target encrypted cloud document and the relationship between the pre-stored identification information of the encrypted cloud document and the key information, and sending the key information to the intelligent terminal;
the intelligent terminal obtains the key information from the server and sends the key information to the PC client, and the method may include: receiving key information returned by a server, converting the key information into a preset form, and sending the key information in the preset form to a PC client in a preset wireless transmission mode;
the method for accessing the target encrypted cloud document by the PC client side includes the following steps that the PC client side obtains key information returned by the intelligent terminal, and accesses the target encrypted cloud document according to the key information: and converting the key information in the preset form returned by the intelligent terminal to obtain a document decryption key, and accessing the target encryption cloud document according to the document decryption key.
In one example, the document description information may further include: identity identification information of the user;
the cloud document offline access method may further include:
the intelligent terminal determines the access authority information of the user to the target document according to the identity identification information of the user, the identification information of the target encryption cloud document and all authority information of the target encryption cloud document stored in advance, and sends the access authority information of the user to the target document to the server;
the server acquires the access authority information of the user to the target document, and acquires the key information of the target encrypted document according to the access authority information.
In one example, the server obtaining the access right information of the user to the target document, and obtaining the key information of the target encrypted document according to the access right information may include:
and when judging that the user has access right to the target document, the server acquires the key information of the target encrypted document and sends the key information to the intelligent terminal.
In one example, the server obtaining the access right information of the user to the target document, and obtaining the key information of the target encrypted document according to the access right information may include:
when judging that the user has no access right to the target document, the server generates an access right application and sends the access right application to a preset approval terminal; and receiving an approval result sent by a preset approval terminal, acquiring key information of the target encrypted document when the approval result is passed, and sending the key information to the intelligent terminal.
The following description is given by way of example with reference to fig. 8 in order to facilitate an understanding of how the invention may be practiced.
Fig. 8 is a schematic flowchart of an offline cloud document access method according to another embodiment of the present invention, as shown in fig. 8, after the intelligent terminal 2 authenticates the user security, the user initiates a request for accessing the document offline at the PC client 1, generates an offline access request, and displays the offline access request in a display unit in the modes of two-dimensional codes, sound wave information and the like, the off-line access request information such as the two-dimensional code, the sound wave and the like generated by the PC client 1 is scanned by the intelligent terminal request information analysis unit 22, the communication is further carried out through a safety channel established with the server 3, the key of the relevant user and the document is requested, the key is converted into the two-dimensional code, the sound wave and the like and is transmitted back to the PC client 1, in the PC client 1, information such as the two-dimensional code and the sound wave is converted into a key (document decryption key) by a key conversion unit, and then decryption and access to the encrypted document are performed, and the specific processing flow may include:
step S101: the first authentication unit 21 of the smart terminal 2 receives user authentication information including a user ID, a user password, and a verification code, which is input by a user through a screen or a keypad of the smart terminal 2.
Step S102: the first authentication unit 21 of the smart terminal 2 encrypts the received user authentication information, and the smart terminal number, the smart terminal SN code, and the SIM card information acquired from the smart terminal 2 itself, and then uploads the encrypted information to the server 3.
Step S103: the second authentication unit 31 of the server 3 receives and analyzes the encrypted user authentication information sent in step S102, and determines whether the user ID, the user password, the verification code, the smart terminal number, the smart terminal SN code, the SIM card, and the like are consistent with the retained information during user registration, if so, step S104 is performed, and if not, a prompt message is sent to the smart terminal to prompt for re-input.
Step S104: the request generating unit 11 of the PC client 1 reads the target encrypted document description information, and generates offline access request information (two-dimensional code, sound wave, etc.) triggered when the user needs to access the encrypted document through the PC client 1 without the PC client 1 having a networking condition, with the file ID, the server ID, the author ID, and the user ID in the document description information.
Step S105: the PC client 1 displaying unit 12 displays the offline access request information generated in step S104, such as displaying a two-dimensional code picture on a screen, playing sound waves through a speaker, and the like.
Step S106: the request information analysis unit 22 of the intelligent terminal 2 identifies the offline access request information displayed in step S105, and the offline access request information is displayed in a form including, but not limited to, a two-dimensional code picture, a sound wave signal, a bluetooth signal, and a WIFI signal.
Step S107: the request information analysis unit 22 of the intelligent terminal 2 parses the offline access request information identified in step S105 to restore document description information including a document ID, a user ID, an author ID, and a server ID.
Step S108: the request information analyzing unit 22 sends the document description information restored in step S107 to the request information receiving unit 32 of the server 3 according to the agreed offline access interface format, where the sent information includes the user ID, the document ID, the author ID, and the server ID.
Step S109: the server 3 request information receiving unit 32 receives the document description information sent in step S108 and searches the database, identifies the current user according to the document ID and the user ID in the information, extracts the access right of the document corresponding to the user request, if the access right exists, then proceeds to step S112, if the access right does not exist, then proceeds to step S110.
Step S110: the authority application unit 35 of the server 3 generates an access authority application and notifies a document author or an approver of the access authority application in the form of an email, a short message, or the like.
Step S111: the authority approval unit 36 of the server 3 determines whether the authority approval is passed, and if the authority approval is passed, the process proceeds to step S112, and if the authority approval is not passed, the process ends.
Step S112: the key obtaining unit 33 of the server 3 searches the database according to the document description information, and finds the corresponding document key information by the document ID.
Step S113: the notification unit 34 of the server 3 transmits the document key acquired in step S112 to the smart terminal 2 by wireless.
Step S114: the decryption processing unit 24 of the smart terminal 2 receives the key information transmitted in step S113 and performs conversion processing, including but not limited to two-dimensional code and sound wave, for example, two-dimensional code and sound wave that can generate a document key by an encryption algorithm, and at the same time, stores the received key information and the key information after the conversion processing into the key storage unit 23.
Step S115: the decryption processing unit 24 of the smart terminal 2 sends the key information in the preset form converted in step S114 to the PC client 1 in a specific manner, such as playing a key sound wave and displaying a two-dimensional code.
Step S116: the key conversion unit 13 of the PC client 1 receives the key information generated in step S115 and containing a preset form, such as starting a microphone MIC to listen to a key sound wave, shooting a two-dimensional code key with a camera, and the like, where the preset form of key information includes, but is not limited to, a two-dimensional code picture, a sound wave signal, a bluetooth signal, and a WIFI signal.
Step S117: the key conversion unit 13 of the PC client 1 converts the key information including the preset form acquired in step S116 in accordance with the different form of the information, and restores the document key information (document decryption key) included in the key information of the preset form.
Step S118: the decryption unit 14 of the PC client 1 decrypts the document using the restored key and opens the document so that the user can access the document in the PC client offline state.
The embodiment of the invention also provides computer equipment which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor realizes the cloud document offline access method when executing the computer program.
The embodiment of the invention also provides a computer-readable storage medium, and the computer-readable storage medium stores the cloud document offline access method.
The technical scheme provided by the embodiment of the invention has the beneficial technical effects that:
the embodiment of the invention is based on means such as user intelligent terminal authentication, two-dimension code identification, sound wave transmission and identification, realizes safe and quick offline document access, improves the usability of a cloud document system, and has the following outstanding advantages:
1. the PC client side does not depend on network connection, information such as a document key and authority is acquired online through the intelligent terminal in an offline state, and the information is encrypted and returned to the PC client side through sound waves, Bluetooth and the like, so that the PC client side can decrypt and access after receiving the information, and the use scene of the PC client side is expanded.
2. Through the linkage of the PC client and the intelligent terminal, the complementation of the access experiences of the two types of terminals is realized, and a user can perform processing such as document authority application and exhibition by self in an off-line state of the PC client, so that the user can conveniently perform operations such as document browsing and editing through the PC client, and the use experience of the user is improved.
It will be apparent to those skilled in the art that the modules or steps of the embodiments of the invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, embodiments of the invention are not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes may be made to the embodiment of the present invention by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (14)

1. A cloud document offline access system, comprising:
the PC client is used for generating offline access request information according to the document description information of the encrypted cloud document when a user accesses a target encrypted cloud document offline, and converting the offline access request information into a preset display form; acquiring key information in a preset form returned by the intelligent terminal, converting the key information in the preset form returned by the intelligent terminal to obtain a document decryption key, and accessing a target encryption cloud document according to the document decryption key;
the intelligent terminal is used for acquiring the offline access request information in a preset display form from the PC client, analyzing document description information from the offline access request information in the preset display form, and sending the document description information serving as the offline access request information to the server; acquiring key information from a server, converting the key information into a preset form, and sending the key information in the preset form to a PC client in a preset wireless transmission mode;
the server is used for acquiring the off-line access request information from the intelligent terminal, acquiring key information according to the off-line access request information and sending the key information to the intelligent terminal; the storage structure of the key information consists of document description information and a key body; the document description information includes: target encryption cloud document identification information, author ID, server ID, user identity identification information, permission version number, document permission information, a document encryption key encrypted by a product public key and a document encryption key encrypted by a server public key; the key body includes: the target encryption cloud document identification information, the hash value of the document description information, the protected key information and the protected key conversion information.
2. The cloud document offline access system of claim 1, wherein the server is specifically configured to obtain key information of the target encrypted cloud document according to the identification information of the target encrypted cloud document and a relationship between the pre-stored identification information of the encrypted cloud document and the key information, and send the key information to the intelligent terminal.
3. The cloud document offline access system of claim 2, wherein the intelligent terminal is further configured to determine access right information of the user to the target document according to the identity identification information of the user, the identification information of the target encryption cloud document, and all pre-stored right information of the target encryption cloud document, and send the access right information of the user to the target document to the server;
the server is also used for acquiring the access authority information of the user to the target document and acquiring the key information of the target encrypted document according to the access authority information.
4. The cloud document offline access system of claim 3, wherein the server is specifically configured to, when it is determined that the user has access right to the target document, obtain key information of the target encrypted document, and send the key information to the smart terminal.
5. The cloud document offline access system of claim 3, wherein the server is specifically configured to generate an access right application and send the access right application to a preset approval terminal when it is determined that the user has no access right to the target document; and receiving an approval result sent by a preset approval terminal, acquiring key information of the target encrypted document when the approval result is passed, and sending the key information to the intelligent terminal.
6. An intelligent terminal, comprising:
the device comprises an acquisition unit, a display unit and a display unit, wherein the acquisition unit is used for acquiring offline access request information in a preset display form from a PC client; acquiring key information from a server;
a sending unit, configured to send the document description information to a server as the offline access request information; sending the key information in a preset form to a PC client in a preset wireless transmission mode;
the request information analysis unit is used for analyzing the document description information from the offline access request information in a preset display form;
the decryption processing unit is used for converting the key information into a preset form; the storage structure of the key information consists of document description information and a key body; the document description information includes: target encryption cloud document identification information, author ID, server ID, user identity identification information, permission version number, document permission information, a document encryption key encrypted by a product public key and a document encryption key encrypted by a server public key; the key body includes: the target encryption cloud document identification information, the hash value of the document description information, the protected key information and the protected key conversion information.
7. The intelligent terminal of claim 6, further comprising: the authority information determining unit is used for determining the access authority information of the user to the target document according to the identity identification information of the user, the identification information of the target encryption cloud document and all the authority information of the pre-stored target encryption cloud document;
the sending unit is also used for sending the access authority information of the user to the target document to the server.
8. A cloud document offline access method is characterized by comprising the following steps:
when a user accesses a target encrypted cloud document offline, a PC client generates offline access request information according to document description information of the encrypted cloud document, and converts the offline access request information into a preset display form;
the intelligent terminal acquires the offline access request information in a preset display form from a PC client, analyzes document description information from the offline access request information in the preset display form, and sends the document description information serving as the offline access request information to a server;
the server acquires the off-line access request information from the intelligent terminal, acquires the key information of the target encrypted document according to the off-line access request information, and sends the key information to the intelligent terminal; the storage structure of the key information consists of document description information and a key body; the document description information includes: target encryption cloud document identification information, author ID, server ID, user identity identification information, permission version number, document permission information, a document encryption key encrypted by a product public key and a document encryption key encrypted by a server public key; the key body includes: target encryption cloud document identification information, a hash value of document description information, protected key information and protected key conversion information;
the intelligent terminal acquires key information from the server, converts the key information into a preset form and sends the key information in the preset form to the PC client in a preset wireless transmission mode;
the PC client side obtains the key information in the preset form returned by the intelligent terminal, converts the key information in the preset form returned by the intelligent terminal to obtain a document decryption key, and accesses the target encryption cloud document according to the document decryption key.
9. The off-line cloud document access method of claim 8, wherein the server acquires the off-line access request information from the smart terminal, acquires the key information according to the off-line access request information, and sends the key information to the smart terminal, and the method includes: and acquiring key information of the target encrypted document according to the identification information of the target encrypted cloud document and the relationship between the pre-stored identification information of the encrypted cloud document and the key information, and sending the key information to the intelligent terminal.
10. The cloud document offline access method of claim 8, further comprising:
the intelligent terminal determines the access authority information of the user to the target document according to the identity identification information of the user, the identification information of the target encryption cloud document and all authority information of the target encryption cloud document stored in advance, and sends the access authority information of the user to the target document to the server;
the server acquires the access authority information of the user to the target document, and acquires the key information of the target encrypted document according to the access authority information.
11. The off-line access method for the cloud document according to claim 10, wherein the server obtains the access right information of the user to the target document, and obtains the key information of the target encrypted document according to the access right information, and the method comprises:
and when judging that the user has access right to the target document, the server acquires the key information of the target encrypted document and sends the key information to the intelligent terminal.
12. The off-line access method for the cloud document according to claim 10, wherein the server obtains the access right information of the user to the target document, and obtains the key information of the target encrypted document according to the access right information, and the method comprises:
when judging that the user has no access right to the target document, the server generates an access right application and sends the access right application to a preset approval terminal; and receiving an approval result sent by a preset approval terminal, acquiring key information of the target encrypted document when the approval result is passed, and sending the key information to the intelligent terminal.
13. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any of claims 8 to 12 when executing the computer program.
14. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program for executing the method of any of claims 9 to 12.
CN201810178928.7A 2018-03-05 2018-03-05 Cloud document offline access system, intelligent terminal and method Active CN108280369B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810178928.7A CN108280369B (en) 2018-03-05 2018-03-05 Cloud document offline access system, intelligent terminal and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810178928.7A CN108280369B (en) 2018-03-05 2018-03-05 Cloud document offline access system, intelligent terminal and method

Publications (2)

Publication Number Publication Date
CN108280369A CN108280369A (en) 2018-07-13
CN108280369B true CN108280369B (en) 2021-11-02

Family

ID=62809121

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810178928.7A Active CN108280369B (en) 2018-03-05 2018-03-05 Cloud document offline access system, intelligent terminal and method

Country Status (1)

Country Link
CN (1) CN108280369B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109359937B (en) * 2018-09-14 2022-02-08 厦门天锐科技股份有限公司 Offline approval method
CN110061983B (en) * 2019-04-09 2020-11-06 苏宁云计算有限公司 Data processing method and system
CN110213248B (en) * 2019-05-20 2022-02-18 武汉市灯塔互动文化传播有限公司 Authorization method and device in offline environment
CN114299636B (en) * 2020-09-22 2023-05-12 云丁网络技术(北京)有限公司 Method and apparatus for processing device offline passwords
CN111897780A (en) * 2020-07-27 2020-11-06 百望股份有限公司 OFD document processing method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101309287A (en) * 2008-07-14 2008-11-19 成都移网传媒科技有限责任公司 Bluetooth wireless on-line interaction system for mobile phone
CN102799807A (en) * 2012-06-15 2012-11-28 华为终端有限公司 Digital rights management content playing method, user equipment and domain manager
CN104160652A (en) * 2011-12-27 2014-11-19 英特尔公司 Method and system for distributed off-line logon using one-time passwords
CN104468615A (en) * 2014-12-25 2015-03-25 西安电子科技大学 Data sharing based file access and permission change control method
CN105337642A (en) * 2014-06-17 2016-02-17 阿里巴巴集团控股有限公司 Method and system for network data access by off-line terminal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101309287A (en) * 2008-07-14 2008-11-19 成都移网传媒科技有限责任公司 Bluetooth wireless on-line interaction system for mobile phone
CN104160652A (en) * 2011-12-27 2014-11-19 英特尔公司 Method and system for distributed off-line logon using one-time passwords
CN102799807A (en) * 2012-06-15 2012-11-28 华为终端有限公司 Digital rights management content playing method, user equipment and domain manager
CN105337642A (en) * 2014-06-17 2016-02-17 阿里巴巴集团控股有限公司 Method and system for network data access by off-line terminal
CN104468615A (en) * 2014-12-25 2015-03-25 西安电子科技大学 Data sharing based file access and permission change control method

Also Published As

Publication number Publication date
CN108280369A (en) 2018-07-13

Similar Documents

Publication Publication Date Title
CN108280369B (en) Cloud document offline access system, intelligent terminal and method
CN108809659B (en) Dynamic password generation method, dynamic password verification method, dynamic password system and dynamic password verification system
CN110049016B (en) Data query method, device, system, equipment and storage medium of block chain
CN106330442B (en) Identity authentication method, device and system
JP6814147B2 (en) Terminals, methods, non-volatile storage media
EP1758294A1 (en) Data communication method and system
CN105099673A (en) Authorization method, authorization requesting method and devices
WO2017206524A1 (en) Electronic device control method, terminal and control system
CN104239815A (en) Electronic document encryption and decryption method and method based on iris identification
CN109995876B (en) File transmission method, device, system and computer storage medium
CN109145628B (en) Data acquisition method and system based on trusted execution environment
CN111723889B (en) Code scanning login method, graphic code display method, device, equipment and storage medium
CN109698935A (en) Monitor video encrypting and decrypting method and device, equipment, storage medium, system
CN105577619B (en) Client login method, client and system
KR20210110597A (en) Digital Identity Management Device
CN108073820A (en) Security processing, device and the mobile terminal of data
CN115186301A (en) Information processing method, information processing device, computer equipment and computer readable storage medium
KR101949934B1 (en) Apparatus and Method for Monitering Equipment Using Augmented Reality Image
CN113240836A (en) Bluetooth lock connection method adopting two-dimensional code and related configuration system
CN113162770A (en) Online signature method and system
CN117375986A (en) Application access method, device and server
KR101971428B1 (en) Contents exchange method based on interaction between users and system performing the same
US20190147186A1 (en) Method to control the display of at least one content on a screen
CN110708302A (en) Dynamic two-dimensional code key manager based on positioning sensing data and method thereof
KR102454862B1 (en) Method of Verifying Partial Data Based On Collective Certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant