CN104836816B - A kind of mobile device data storage method - Google Patents
A kind of mobile device data storage method Download PDFInfo
- Publication number
- CN104836816B CN104836816B CN201510304404.4A CN201510304404A CN104836816B CN 104836816 B CN104836816 B CN 104836816B CN 201510304404 A CN201510304404 A CN 201510304404A CN 104836816 B CN104836816 B CN 104836816B
- Authority
- CN
- China
- Prior art keywords
- user
- cloud storage
- service device
- storage service
- registration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 70
- 238000013500 data storage Methods 0.000 title claims abstract description 10
- 238000003860 storage Methods 0.000 claims abstract description 182
- 230000005540 biological transmission Effects 0.000 claims description 9
- 238000012795 verification Methods 0.000 claims description 9
- 238000004364 calculation method Methods 0.000 claims description 5
- 238000012360 testing method Methods 0.000 claims description 3
- 230000008878 coupling Effects 0.000 abstract description 2
- 238000010168 coupling process Methods 0.000 abstract description 2
- 238000005859 coupling reaction Methods 0.000 abstract description 2
- 238000005096 rolling process Methods 0.000 description 14
- 230000008569 process Effects 0.000 description 10
- 230000007246 mechanism Effects 0.000 description 6
- 238000004380 ashing Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 230000001360 synchronised effect Effects 0.000 description 5
- 230000003139 buffering effect Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 238000009826 distribution Methods 0.000 description 3
- 238000005457 optimization Methods 0.000 description 3
- 238000005192 partition Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 238000011282 treatment Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 239000012634 fragment Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001502 supplementing effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a kind of mobile device data storage method, this method includes:Storage control centre determines the legitimacy of mobile device by the mobile device information after encryption, user terminal obtains identity license from the registration of storage control centre, with identity allowed registration cloud storage service device secure account, stored and shared using cloud storage service device by secure account.The present invention proposes a kind of mobile device storage method, can mitigate the pressure of server, reduces the degree of coupling of smart mobile phone and cloud storage cluster, strengthens the flexibility of data synchronization applications.
Description
Technical field
The present invention relates to the storage of cell phone internet information, more particularly to a kind of mobile device data storage method.
Background technology
Cell phone internet and the popularization and application of cloud computing, are provided a great convenience for people.Data on smart mobile phone
And the storage in cloud storage service device, it is related to data synchronization problems.Some data need stringent synchronization, could be brought for user
The facility used, such as address list information;And some data need general synchronous, such as photo in smart mobile phone, video etc., need
To retain historical data in cloud storage service device, to realize increment synchronization.Existing method of data synchronization is not suitable for big data quantity
Application, reduce the data volume of network transmission, it is necessary to which mobile phone terminal and server end are common by detecting and transmitting variance data
Participation could be realized.
The content of the invention
To solve the problems of above-mentioned prior art, the present invention proposes a kind of mobile device data storage method,
Including:
Storage control centre determines the legitimacy of mobile device by the mobile device information after encryption, user terminal from
Store control centre's registration and obtain identity license, with identity allowed registration cloud storage service device secure account, pass through secure account
Stored and shared using cloud storage service device.
Preferably, the user terminal obtains identity license from the registration of storage control centre, further comprises:
1) registration request, mobile phone relevant information are sent to storage control centre by user;
2) storage control centre compares this cellphone information, if times of registration exceedes number upper limit r, returns to failure;
3) store control centre and return to user's verification information, verify whether this cellphone information is effective, if authentication failed,
Return to failure;
4) legal identity that control centre confirms user is stored;User performs digital signature protocol with storage control centre,
Define public key group (Ai, b, c, n), calculate Q values:
Wherein sk is private key for user, and λ is private key for user number, Ai, b, c are user
The order interception value of private key, n is total number of users;
During user's registration cloud storage service device secure account, mobile phone terminal proves that user possesses legal identity and permitted using Q values
Can;
5) mobile phone terminal preserves random parameter e and result of calculation Q value.
Preferably, the registration cloud storage service device secure account, further comprises:
According to user and the safe coefficient demand of cloud storage service device, following two different registration cloud storage services are selected
Device mode:
The first:User is sent to cloud storage service device device information needed and identity license to complete to register, and is obtained in user
After obtaining identity license, storage control centre is at off-state;
Second:Cloud storage service device address and cloud storage service device are issued and deposited by user to the demand of personally identifiable information
Control centre is stored up, the registration of cloud storage service device is completed by storing control centre, it is private to encrypt user using homomorphic cryptography method
Information;
If the first described registration cloud storage service device mode of selection, this method further comprise:
User terminal logs in cloud storage service device registration security account using identity license, further comprises:
1) user sends registering account request to cloud storage service device;
2) cloud storage service device returns to times of registration upper limit k and address parameter a;
3) mobile device performs checking, and the result and times of registration j are sent into cloud storage service device;
4) cloud storage service device verifies the result and j value, wherein 1≤j≤k, if checking is invalid, is terminated
Agreement returns to user's failure;
5) mobile device creates token account T, creates successfully rear to cloud storage service device end transmission T and alias;
6) it whether there is same token T in cloud storage service device Test database, fail if being returned in the presence of if;Otherwise will
T and random number e adds database and binds the alias, returns to user's registration account success.
The present invention compared with prior art, has advantages below:
The present invention proposes a kind of mobile device storage method, can mitigate the pressure of server, reduce smart mobile phone with
The degree of coupling of cloud storage cluster, strengthen the flexibility of data synchronization applications.
Brief description of the drawings
Fig. 1 is the flow chart of mobile device data storage method according to embodiments of the present invention.
Embodiment
Retouching in detail to one or more embodiment of the invention is hereafter provided together with the accompanying drawing for illustrating the principle of the invention
State.The present invention is described with reference to such embodiment, but the invention is not restricted to any embodiment.The scope of the present invention is only by right
Claim limits, and the present invention covers many replacements, modification and equivalent.Illustrate in the following description many details with
Thorough understanding of the present invention is just provided.These details are provided for exemplary purposes, and without in these details
Some or all details can also realize the present invention according to claims.
An aspect of of the present present invention provides a kind of mobile device data storage method.Fig. 1 is according to embodiments of the present invention
Mobile device data storage method flow chart.The present invention merges a variety of data synchronization mechanisms according to the characteristic value information of data
Together, and synchronization policy can flexibly be selected.The selection of synchronization mechanism can be specified by user, can also be by application program
To select, the synchronizing information of data is separately positioned in characteristic value information file, makes the applicable surface of method wider.
, it is necessary to detect the redundancy condition and deletion condition of data before data syn-chronization, and then carried out according to these situations
Data syn-chronization operates.User's smart mobile phone is connected with cloud storage service device by network.The inventive method uses hashed value conduct
The characteristic value information of data, according to the data cases of synchronization, different characteristic value informations is generated using individual quick ashing technique, with
Prevent from colliding;It is independent in itself with method using the quantity and type of ashing technique, enhance adaptation of methods.
Characteristic value information is made up of " filename characteristic value information " and " file content characteristic value information ", and both combine, can
With the routing information and content information of one file of unique mark.
(1) calculating of filename characteristic value information.Method considers two kinds of conventional situations:1. the text of flattening storage
Part, such as the All Files (not including subdirectory) under a catalogue, then only need calculation document name characteristic value information.2. tree-shaped deposit
The catalogue and file of storage structure, such as the file in multi-level bibliographic structure, then need to calculate complete trails filename characteristic value information.
(2) characteristic value information of file content calculates.The data type of user's smart mobile phone is various, there is the chis such as text
Very little less file, also there is the bigger file data such as photo, video segment.For the different data of document size this two class
Situation, following two calculative strategies can be used:1. using associated person information as the small data quantity information of representative, total data is calculated
Characteristic value information.2. being the big data quantity information of representative with photo, video etc., whole calculations can be used.But in order to
The use of smart mobile phone electric power is saved, on the premise of Hash collision is prevented, the calculating for choosing several file fragments can be used
Mode.Because the file synchronization of the inventive method depends on file name information, same file is in the amended spy of content
Value indicative information collision probability is very low.
According to the application characteristic based on cloud storage service device, characteristic value information is individually packed and is stored as file, be stored in
Cloud storage service device.The advantages of this method is:When terminal carries out Data duplication inspection, only download features value information file, save
Network bandwidth, without repeating the characteristic value information for calculating cloud storage service device and preserving data, improve data and check efficiency.
The characteristic value information logical organization of the inventive method design is as follows:Characteristic value information file is by 3 class data blocks
Composition:File header information block, filename characteristic value information block and file content characteristic value information block.
File header information block is defined as follows field name, is respectively:
ARYSIZE:Indicate the size of filename hash code mapping array
FNHTYPE:Indicate to calculate the ashing technique type that filename hashed value uses
HDCOUNT:File content uses the number of ashing technique
HDTYPE:Ashing technique type
Filename characteristic value information block is defined as follows field name, is respectively:
FNNOFFSET:0 indicates without next characteristic value information;The non-zero offset for representing next filename hash information
FLAG:0 represents local without this file;1 represents that local file and cloud storage service device are completely the same;2 represent local
File content and cloud storage service device file content are inconsistent;3, which represent local, this file, and cloud storage service device does not have;
HDOFFSET represents file content hash information offset;
OFFSETFLAG:Represent whether HDOFFSET is effective.
Filename characteristic value information block tissue by the way of array linked list is hashed:Filename characteristic value information block, which is formed, to be dissipated
Row array linked list, array size are determined by ARYSIZE fields;Filename hash array linked list passes through FNNOFFSET document misregistrations
Field is measured to realize;Corresponding document content information is searched in file name information block by HDOFFSET offset fields
Block.By such a mode, the physical mappings that hash information logical organization stores to file are realized.
In the reading writing working mechanism of features described above value information file, to be written as example, to information in characteristic value information file
The write operation of block, if realize that the atomic operation expense based on affairs is bigger, and characteristic value information file will not occur simultaneously
Send out read-write operation.Accordingly, the inventive method writing using write-back method, i.e., first write information block content to newly-added information block, then it is right
The critical field of flag information block is updated, and on the premise of ensuring method correctness, write error is taken to give up and accordingly deposited
Store up the strategy in space.Modification operation of the write-back method to block of information is equally applicable, it is only necessary to before a modification, first by corresponding flag bit
It is invalid to put.Writing for newly-added information block is write including distributing the renewal write and to HDOFFSET fields.It is as follows to write flow:
(1) distribution of fresh information block is write.Only in both cases just can be to characteristic value information tail of file write information:Point
With file name information block and distribution document content information block.During data supplementing using write-back method processing tail of file,
The information inconsistence problems caused by accident, specific strategy is first write information block, then updates offset field above.
It is assumed that offset is OFFSET, write information block is WDATA, and it is WOFFSET to write offset, and write-back method writes process such as
Under:
1. OFFSET is recorded in program.
2. perform WDATA operations in end-of-file, if the step occur it is unexpected, again from 1. opening during next write information
Begin.
3. perform WOFFSET operations, if the step occur it is unexpected, during next write information again since 1..
Write-back method WOFFSET is finally performed, and ensure that the correctness of block of information.
(2) HDOFFSET fields are write, also using write-back method:It is 0 first to ensure OFFSETFLAG fields, is represented
HDOFFSET fields are invalid, then perform distribution and the write operation of fresh information block, after fresh information block is write as work(, then update
HDOFFSET fields, OFFSETFLAG fields are finally put 1, represent that HDOFFSET fields are effective.So far, it ensure that characteristic value is believed
Cease the correctness of Documents Logical.
User is in Smartphone device is actually used, it is possible that situations below:(1) lost devices, more exchange device.
(2) equipment is reset completely, such as factory reset, formats storage.(3) file is deleted by mistake.The inventive method is in reality
On the premise of existing file data stringent synchronization, consider actual conditions, file synchronization flow is optimized, to these fortuitous events
Carry out fault-tolerant processing.
File synchronization mechanism, using characteristic value information file to rely on, pass through the FNHASHCODE fields of file name information block
CODE fields are hashed to be compared, to determine that file whether there is, whether file content has with the HD of document content information block
Change, and using OFLAG fields as auxiliary, determine to participate in plus user is necessary, realize file data synchronizing function.File is same
The design of step mechanism includes the following aspects.
Under normal circumstances:
(1) no matter whether terminal device needs to reinitialize, will be first from cloud storage service device download features value information
File, using characteristic value information file as synchronous foundation.
(2) if cloud storage service device does not have characteristic value information file, the storage of cloud storage service device is emptied, local first
Beginningization characteristic value information file, and local file and characteristic value information file are sent to cloud storage service device.Realize cloud storage
Server and the uniformity of local file data.
(3) when cloud storage service device has characteristic value information file, by the way that local file and characteristic value information file are carried out
Compare, cloud is arrived into the file storage that OFLAG fields are 2 (representing that file content changes) and 3 (representing locally generated new file)
Storage server;The file that OFLAG fields are 0 (representing local to have deleted this document) is deleted from cloud storage service device;
OFLAG fields are file corresponding to 1 expression without renewal.This step also achieves cloud storage service device and local file data
Uniformity.
In file processes are transmitted in batches, it may occur that failure, so that characteristic value information file fails to be sent to cloud
Storage server, make the file that cloud storage service device stores and the characteristic value information file that cloud storage service device stores inconsistent.
To file data, synchronous solution has 2 kinds.
Scheme 1:In the case where local file does not change, a synchronizing process is restarted, and selects not deposit from cloud
Store up server and recover file, you can reach the synchronous target of file strict conformance.Assuming that user's text of cloud storage service device storage
Part collection is combined into U, and the user file information aggregate recorded in the characteristic value information file of cloud storage service device storage is UH, U-UH=
Un, set UnIt is the information for the n file that cloud storage service device hash information file is lost, is this n file the reason for loss
After being sent to cloud storage service device, corresponding characteristic value information file fails to be sent to cloud storage service device.In local number
In the case of not changing, locally possess the complete information of this n file, as long as a successful synchronization, cloud storage clothes
Business device and local, cloud storage service device characteristic value information file and user file, it is possible to reach strict conformance.
The local file of scheme 2 has increasing, delete in the case of, restart a synchronizing process, select not from cloud storage service
Device recovers file, deleted from cloud storage service device with the inconsistent file of local file, by filename verification mode from cloud storage
Server deletes 3 options with the inconsistent file of local file, you can reaches the synchronous target of file strict conformance.Assuming that cloud
The user file collection of storage server storage is combined into U, the user recorded in the characteristic value information file of cloud storage service device storage
Fileinfo collection is combined into UH, U-UH=Un, UnIt is the information for the n file that cloud storage service device characteristic value information file is lost,
Local file collection is combined into UL, then UL∩Un≤Un, no matter UnSet sizes a, as long as successful synchronization, so that it may so that U=UL,
Cloud storage service device and local, cloud storage service device characteristic value information file and user file is set to reach strict conformance.
By introduce prevent because these surprisingly caused by user data loss mechanism, allow user to participate in necessary decision, protect
The practicality of the inventive method is demonstrate,proved.Before file synchronization, first from cloud storage service device download features value information file, then allow
User decides whether to recover file from cloud storage service device.After the completion of these steps, smart mobile phone and cloud storage clothes are just carried out
The file synchronization of business device.The file that this method can effectively solve to occur in actual use loses problem, can be again in specific implementation
Refine the overlay strategy of file of the same name.
Auxiliary expansion, such as the letter such as add file modification time stamp, source file terminal identity can be carried out to core methed
Breath, to improve the degree of intelligence of method and efficiency, and by classifying to data syn-chronization situation, the unnecessary participation of user is reduced,
The Consumer's Experience of raising method.
According to further embodiment of the present invention, in the data synchronization process of cloud storage service, for security requirement,
Third-party storage control centre is introduced, is responsible for giving user one legitimate anonymous identity by verifying the cellphone information of user.
User is before registering using cloud storage service device, it is necessary first to obtains identity license in storage control centre, uses identity afterwards
Cloud storage service device registration security account is gone in license.Except user oneself registers during registration security account, can also select to access
Control the mode of server registration.
User of the present invention directly cannot permit to log in cloud storage service device with identity, but utilize an identity license pair
The modes of multiple secure accounts is answered to use cloud storage service device, user's registration secure account had both protected privacy of user or can allowed
Attacker loses the target of attack.User can create multiple tokens on demand after obtaining identity license from storage control centre and carry out table
Show different accounts.The token parameter of each user is different from, even the parameter of the different accounts of same user is also to differ
Sample, so ensure that cloud storage service device end can not connect the different accounts of same user, be merely able to limitation one
Individual user creates the maximum quantity of account.Here is that (H () is hash function, and a is that cloud is deposited for secure account token T generation method
Server address is stored up, j is same user's registration account number, and sk is private key for user, and n is total number of users, and e is random number):
ρ=H (a ‖ j)(n-1)/α;
T=ρsk·e mod n
The method of this generation secure account and common identity anonymous verification method are completely similar above, and the present invention will
Parameter disclosed in above-mentioned ρ conducts, user only needs to input private key sk when logging in cloud storage service device, private without forwarding
Key.
Embodiments of the invention method is divided into registration, login and data storage and shared.Registration mainly storage control
The identity allowed registration at center and the secure account registration at cloud storage service device end.User obtains body from the registration of storage control centre
Part license, next with identity allowed registration cloud storage service device secure account, user's can uses cloud storage service afterwards
The storage of device and sharing functionality.
User and storage control centre complete identity Licensing Authority agreement in this process, and storage control centre, which returns, to be used
Family credential parameter value (cloud storage service device end is not involved in wherein).First, control centre is stored it needs to be determined that user is legal use
Family rather than one section of malicious attack program, this user of the present invention by the private essential information of other of cellphone information and user together on
It is transmitted to storage control centre.Here cellphone information passes through return as the foundation for confirming user's necessary being, storage control centre
Short message judges whether this application comes from validated user., can using storage control centre as half in identity allowed registration framework
Letter state, user need to be stored in storage control centre after mobile phone terminal is by other personal informations encryption of oneself.Here is
The specific steps of identity allowed registration:
1) other essential informations after registration request, cellphone information and encryption are sent to storage control centre by user.
2) storage control centre compares this cellphone information, if times of registration exceedes number upper limit r, returns to user's failure.
3) store control centre and return to user's verification information, verify whether this cellphone information is effective, if authentication failed,
Return to user's failure.
4) storage control centre confirms the legal identity of user.User performs digital signature association with storage control centre
View:
Define public key group (Ai, b, c, n), calculate Q values:
Wherein sk is private key for user, and λ is private key for user number, and Ai, b, c is use
The order interception value of family private key, n is total number of users.
Afterwards during user's registration cloud storage service device secure account, mobile phone terminal proves that user possesses legal body using Q values
Part license.
5) mobile phone terminal preserves random parameter e and result of calculation Q value.
User can rely on the license of this identity to be taken in cloud storage after obtaining legal identity license from storage control centre
Register multiple secure accounts in business device end.According to user and cloud storage service device to the height of safe coefficient demand, two can be selected
The different registration cloud storage service device mode of kind:
1) user is sent to cloud storage service device device information needed and identity license to complete to register.Under this mode,
After user obtains identity license, storage control centre is at off-state, is not involved in ensuing any flow completely.
The mode of user's registration is adapted to the higher user of level of security and cloud storage service device, is assisted with the tripartite of generally protection privacy of user
View is compared, and control centre is stored in this flow can not obtain any privacy of user and cloud storage service device.
2) cloud registration goes to realize by storing control centre.User issues storage control centre cloud storage service device address and cloud
Storage server goes to complete the registration of cloud storage service device to the demand of personally identifiable information by storing control centre.Here by
Control centre will be stored as half trusted status in the present invention, in order that the personal information of user's storage is to storing control centre not
It can be seen that the present invention, using other personal informations of homomorphic cryptography method encryption user, storage control centre can be from the information of encryption
In retrieve the required personal information of cloud storage service device, be unable to know the particular content of information.
The step of flow of two kinds of logon modes is similar, and here is by user's registration:
1) user sends registering account request to cloud storage service device.
2) cloud storage service device returns to times of registration upper limit k and address parameter a.
3) mobile phone terminal performs checking, and the result and times of registration j are sent into cloud storage service device.
4) cloud storage service device verifies the result and j value (1≤j≤k), if checking is invalid, terminates association
View returns to user's failure.
5) mobile phone terminal creates token account T, creates successfully rear to cloud storage service device end transmission T and alias.
6) it whether there is same T in cloud storage service device Test database, fail if being returned in the presence of if;Otherwise by T and
Random number e adds database and binds this alias, returns to user's registration account success.
User is after cloud storage service device register account number is obtained, it is possible to stores oneself at cloud storage service device end
Data.Storage control centre is also no longer participate in wherein.The present invention is also done on the basis of security privacy is considered by user's request
The processing of some safety classifications, the expense of mobile phone terminal can be saved and do not influence the basic security of user.
Mobile phone terminal first verifies that secure account, and cloud storage service device is logged in after being proved to be successful.The data that user uploads can
To carry out multidomain treat-ment according to content type etc., data are divided into (D1, D2..., DN) N number of subregion, then do not sympathized with according to user
Condition (whether content needs to maintain secrecy to cloud storage service device end) selection cipher mode:
1) cloud storage service device end will be uploaded to after data encryption.This method decoding key only in mobile phone terminal, is fitted
Close the higher storage file of safety requirements and the not high cloud storage service device end of confidence level.
2) user directly uploads data, and data encryption is carried out by cloud storage service device end.In this manner, user this
Data message is visible to cloud storage service device end.The method is adapted to user to be used when storing insignificant information, mainly for
Reduce the computing cost at cell phone end.
Due to the demand with household co-operation finished item or processing data, user is stored in the number at cloud storage service device end
Shared away according to needs, and the file generally uploaded has multiple sharers and existed.User can be right when storing oneself data
Data carry out multidomain treat-ment.User is needed according to oneself and data are divided into N number of subregion by shared consideration, and sharer accesses user's
During shared data, particular zones can only be accessed and be unable to download access other parts data.
Here is the detailed process that sharer obtains Share Permissions:
1) sharer sends sharing request and the address of oneself to data host;
2) after data host agrees to, the number of partitions β of sharer's demand data is sent to cloud storage service device end;
3) it is below shared key km βGeneration, wherein (u, v) is random parameter pair, t is current time;
km β=uH (β ‖ m ‖ t)2+v
4) cloud storage service device end is by shared the number m and shared key k of this number of partitionsm βData host is returned to (if β areas
It is the shared data encrypted by cloud storage service device, then takes decoding key);
5) data host is transmitted to sharer's shared key km βAnd the decoding key of this shared partition;
6) sharer is according to shared key km βWith the public key T of secure account, complete shared key checking is formed:G=H
(km β‖T)(n-1)/α
Afterwards, cloud storage service device end storage of public keys G and parameter be to (n, α), and returns to sharer β areas and can share confirmation;
After flow above, when sharer needs to access the data in β areas, it is only necessary to log in cloud storage service device, input
km β, the token account public key T of cloud storage service device end extraction sharer, if shared key checking formula is set up, sharer can
With accessing shared data area β.
Further, in data synchronization process, the present invention preferably improves existing incremental transmission method, to be deposited in cloud
The optimization carried out in storage system.Exemplified by uploading new edition file process.Originally, have one on cloud storage service device and mobile phone terminal
Part file OLD identical copies.Subsequent user have modified mobile phone terminal OLD copies, form NEW.Then, it is necessary to by mobile phone terminal
NEW is uploaded on cloud storage service device and is formed redaction.It is sender that then the present invention, which defines mobile phone terminal, and Cloud Server is reception
Side.Incremental transmission can be divided into four steps:
1. mobile phone terminal initiates NEW upload requests to Cloud Server.
2. OLD is divided into block by Cloud Server by fixed size, the rolling check code and AES check codes of each block are calculated, and
Each piece of rolling check code set CHECHSET is transferred to mobile phone terminal.
After 3. Cloud Server receives CHECHSET, rolling verification is carried out to an equal amount of rolling window of NEW file openings.
The rolling of sliding window is verified using byte as single rolling distance rolls forward, often roll 1 byte once roll verification with
AES is verified., can be to orient the position of all identical blocks of NEW and OLD after method of calibration verification travels through whole file
Put, remaining is exactly the data block information for needing incremental transmission to the NEW of Cloud Server.So last mobile phone terminal needs to transmit
Data be:The data block differed in NEW with OLD, and redaction NEW piecemeal metadata information.
After 4. Cloud Server receives the content of mobile phone terminal incremental transmission, file data blocks and NEW piecemeal metadata are entered
Row association, forms new edition file.The blocks of files for needing to associate is made up of two parts, blocks of files exclusive NEW and NEW with
Blocks of files public OLD.Therefore need to do the operation of two steps:1. NEW delta files block and NEW piecemeal member that mobile phone terminal is transmitted
Data are associated;2. public documents block will be oriented in the existing OLD files of server end, and by itself and NEW file member numbers
According to being associated.So far, complete NEW files are formed in Cloud Server.Increment, which uploads file processes, to be terminated.
Wherein, 3. in the rolling method of calibration mentioned be time overhead main in transmitting procedure, method is specific as follows:Rolling
Dynamic check code rolls check code using multinomial, by the way that first character section is removed into check code, adds last byte
Check code mode, renewal calculate examine code value.The present invention judges whether two data segments are identical, and verification is rolled by calculating
Code come guess the two may it is identical, with AES check codes determine the two certainly it is identical.
See that specific sliding window rolls method of calibration again, in two steps:
1. first calculating the rolling hashed value of data in sliding window, and search its value in CHECHSET and whether there is.
If 2. do not find, the byte of sliding window rolls forward 1.If it is found, then further calculate sliding window
The ASE values of intraoral data.If ASE values exist in CHECHSET, then it is assumed that data are duplicate data in sliding window at present,
In the absence of the then byte of sliding window rolls forward 1.
It is different from end-to-end application scenarios, there is the characteristic of high concurrent, under cloud storage environment under cloud storage environment
Incremental transmission, server end transmits central point in topological structure, it is necessary to tackle the scene of high concurrent as star, system
Concurrency is limited by memory size, network bandwidth, magnetic disc i/o read or write speed.Therefore, performance of the present invention to rolling check code
It is optimized.
The present invention mentions Rsync rolling check code, and with the thought of increment, each only needs are calculated between window twice
Different byte values.Therefore magnetic disc i/o only needs to pay close attention to the data of first the two bytes of tail of sliding window one.Therefore,
Calculate when rolling check code every time from disk read sliding window after next byte enter internal memory, with sliding window first
Byte data is replaced, and realizes the rolling information of check code of incremental update sliding window.Performance boost is done for magnetic disc i/o operation.
Read in advance by the way of several bytes come optimization method using the thought of buffering area.Specific buffer data update method is such as
Under:
Two buffering areas, head and tail are opened up, size is all bSize, and wherein bsize is much smaller than rolling window size.
Sliding window removes Head [i] and is a window sliding comprising tail [i]., will after sliding window reading (Size-1) is secondary
The Size buffer data moves to the 1st position of buffering area, then reads in (Size-1) individual byte, completes buffering area forward
Slide.
The optimization method can effectively optimize disk access.It is sliding window content all storage internal memory and full content
The compromise for the mode that disk is read every time is deposited, the limitation of memory size and disk read-write speed has been taken into account, has been more suitable for method
Concurrent actual motion environment.
Obviously, can be with general it should be appreciated by those skilled in the art, above-mentioned each module of the invention or each step
Computing system realize that they can be concentrated in single computing system, or be distributed in multiple computing systems and formed
Network on, alternatively, they can be realized with the program code that computing system can perform, it is thus possible to they are stored
Performed within the storage system by computing system.So, the present invention is not restricted to any specific hardware and software combination.
It should be appreciated that the above-mentioned embodiment of the present invention is used only for exemplary illustration or explains the present invention's
Principle, without being construed as limiting the invention.Therefore, that is done without departing from the spirit and scope of the present invention is any
Modification, equivalent substitution, improvement etc., should be included in the scope of the protection.In addition, appended claims purport of the present invention
Covering the whole changes fallen into scope and border or this scope and the equivalents on border and repairing
Change example.
Claims (1)
- A kind of 1. mobile device data storage method, it is characterised in that including:Storage control centre determines the legitimacy of mobile device by the mobile device information after encryption, and user terminal is from storage Control centre's registration obtains identity license, with identity allowed registration cloud storage service device secure account, is used by secure account Cloud storage service device is stored and shared;The user terminal obtains identity license from the registration of storage control centre, further comprises:1) registration request, mobile phone relevant information are sent to storage control centre by user;2) storage control centre compares this cellphone information, if times of registration exceedes number upper limit r, returns to failure;3) store control centre and return to user's verification information, verify whether this cellphone information is effective, if authentication failed, return Failure;4) legal identity that control centre confirms user is stored;User performs digital signature protocol, definition with storage control centre Public key group (Ai, b, c, n), calculate Q values:Wherein sk is private key for user, and λ is private key for user number, Ai, b, c are private key for user Order interception value, n is total number of users;During user's registration cloud storage service device secure account, mobile phone terminal proves that user possesses legal identity and permitted using Q values;5) mobile phone terminal preserves random parameter e and result of calculation Q value;The registration cloud storage service device secure account, further comprises:According to user and the safe coefficient demand of cloud storage service device, following two different registration cloud storage service device sides are selected Formula:The first:User is sent to cloud storage service device device information needed and identity license to complete to register, and is obtained in user After identity license, storage control centre is at off-state;Second:Cloud storage service device address and cloud storage service device are issued storage control to the demand of personally identifiable information by user Center processed, the registration of cloud storage service device is completed by storing control centre, user's personal information is encrypted using homomorphic cryptography method;If the first described registration cloud storage service device mode of selection, this method further comprise:User terminal logs in cloud storage service device registration security account using identity license, further comprises:1) user sends registering account request to cloud storage service device;2) cloud storage service device returns to times of registration upper limit k and address parameter a;3) mobile device performs checking, and the result and times of registration j are sent into cloud storage service device;4) cloud storage service device verifies the result and j value, wherein 1≤j≤k, if checking is invalid, termination protocol Return to user's failure;5) mobile device creates token account T, creates successfully rear to cloud storage service device end transmission T and alias;6) it whether there is same token T in cloud storage service device Test database, fail if being returned in the presence of if;Otherwise by T and Random number e adds database and binds the alias, returns to user's registration account success.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510304404.4A CN104836816B (en) | 2015-06-04 | 2015-06-04 | A kind of mobile device data storage method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510304404.4A CN104836816B (en) | 2015-06-04 | 2015-06-04 | A kind of mobile device data storage method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104836816A CN104836816A (en) | 2015-08-12 |
| CN104836816B true CN104836816B (en) | 2018-03-06 |
Family
ID=53814452
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510304404.4A Active CN104836816B (en) | 2015-06-04 | 2015-06-04 | A kind of mobile device data storage method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104836816B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109788060B (en) * | 2019-01-22 | 2021-05-07 | 曲阜师范大学 | Cloud data sharing and updating method based on block chain |
| CN111782633B (en) * | 2020-06-29 | 2024-04-30 | 北京百度网讯科技有限公司 | Data processing method and device and electronic equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103986734A (en) * | 2014-06-05 | 2014-08-13 | 东信和平科技股份有限公司 | Authentication management method and authentication management system applicable to high-security service system |
| CN104158819A (en) * | 2014-08-27 | 2014-11-19 | 重庆长安汽车股份有限公司 | Safety authentication method of vehicle-mounted information entertainment terminal |
-
2015
- 2015-06-04 CN CN201510304404.4A patent/CN104836816B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103986734A (en) * | 2014-06-05 | 2014-08-13 | 东信和平科技股份有限公司 | Authentication management method and authentication management system applicable to high-security service system |
| CN104158819A (en) * | 2014-08-27 | 2014-11-19 | 重庆长安汽车股份有限公司 | Safety authentication method of vehicle-mounted information entertainment terminal |
Non-Patent Citations (1)
| Title |
|---|
| 无线网络可信认证技术研究;杨力;《中国优秀硕士学位论文全文数据库 信息科技辑》;20120615;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104836816A (en) | 2015-08-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105007302B (en) | A kind of mobile terminal data storage method | |
| CN104836862B (en) | A kind of Intelligent terminal data storage method | |
| US11496310B2 (en) | Methods and systems for universal storage and access to user-owned credentials for trans-institutional digital authentication | |
| US10673626B2 (en) | Threshold secret share authentication proof and secure blockchain voting with hardware security modules | |
| CN109327481B (en) | Block chain-based unified online authentication method and system for whole network | |
| US7428751B2 (en) | Secure recovery in a serverless distributed file system | |
| CN105516110B (en) | Mobile device security data transmission method | |
| US11943350B2 (en) | Systems and methods for re-using cold storage keys | |
| US8997198B1 (en) | Techniques for securing a centralized metadata distributed filesystem | |
| KR102152360B1 (en) | System and method for providing data reliability based on blockchain for iot services | |
| CN111523133B (en) | Block chain and cloud data collaborative sharing method | |
| JP6543743B1 (en) | Management program | |
| EP3777022B1 (en) | Distributed access control | |
| CN106131048A (en) | A kind of non-trusted remote transaction file security for block chain stores system | |
| KR20160044022A (en) | Enabling access to data | |
| CN101540755A (en) | Method, system and device for recovering data | |
| CN107147498B (en) | Authentication method and encryption method for transmitting information in RFID authentication process | |
| US20220058283A1 (en) | Digital Storage and Data Transport System | |
| US20190288833A1 (en) | System and Method for Securing Private Keys Behind a Biometric Authentication Gateway | |
| CN103973698B (en) | User access right revoking method in cloud storage environment | |
| CN107347073B (en) | A kind of resource information processing method | |
| JPH11265349A (en) | Computer system and secret protection method, transmitting/receiving log management method, mutual checking method, and a disclosed key generation management method to be applied to its system | |
| CN104836816B (en) | A kind of mobile device data storage method | |
| JP2002529778A (en) | Incorporating shared randomness into distributed encryption | |
| KR102271201B1 (en) | Method for maintaining private information on blockchain network and device thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20180102 Address after: 400000 2-2-1-61, No. 319, Haier Road, Jiangbei District, Chongqing. Applicant after: Chongqing steady Technology Co., Ltd. Address before: West high tech Zone Fucheng Road in Chengdu city of Sichuan province 610041 399 No. 9 Building 2 unit 15 Floor No. 5 Applicant before: CHENGDU GUODOU DIGITAL ENTERTAINMENT CO., LTD. |
|
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Sun Qing Inventor after: Jin Xiaxia Inventor after: Song Xin Inventor before: Yao Yuan |
|
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20180112 Address after: 030006 Shanxi Province, Taiyuan city Yingze District Yingze Street No. 27, building 5, No. 2118, Wanbang International (Youth Park Business Secretary No. 001) Applicant after: Shanxi ZHONG CHUANG era Intellectual Property Agency Co., Ltd. Address before: 400000 2-2-1-61, No. 319, Haier Road, Jiangbei District, Chongqing. Applicant before: Chongqing steady Technology Co., Ltd. |
|
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20180123 Address after: 030006 electronic road, No. 3 (seat N, M) of Taiyuan Xuefu Park in Taiyuan City, Shanxi Province Applicant after: Shanxi Chen culvert digital media Limited by Share Ltd Address before: 030006 Shanxi Province, Taiyuan city Yingze District Yingze Street No. 27, building 5, No. 2118, Wanbang International (Youth Park Business Secretary No. 001) Applicant before: Shanxi ZHONG CHUANG era Intellectual Property Agency Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 030006 No.3, electronic road, Taiyuan Xuefu Park, Shanxi comprehensive reform demonstration zone, Taiyuan City, Shanxi Province (block n, m) Patentee after: Shanxi Chenhan Digital Technology Co., Ltd Address before: No. 3, electronic road, Taiyuan Xuefu Park, comprehensive reform demonstration zone (block n, m) Patentee before: SHANXI CHENHAN DIGITAL MEDIA Co.,Ltd. |