CN107277054A - A kind of method and system of data integrity validation - Google Patents
A kind of method and system of data integrity validation Download PDFInfo
- Publication number
- CN107277054A CN107277054A CN201710656121.5A CN201710656121A CN107277054A CN 107277054 A CN107277054 A CN 107277054A CN 201710656121 A CN201710656121 A CN 201710656121A CN 107277054 A CN107277054 A CN 107277054A
- Authority
- CN
- China
- Prior art keywords
- data
- checking
- key
- label
- response message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Abstract
This application discloses a kind of method of data integrity validation, methods described includes:According to the integrality verification request of reception, checking information is sent to cloud storage server;Wherein, the integrality verification request is generated and sent to verifying end at random by data terminal;After the cloud storage server is received to the response message of the checking information, verify whether the response message is effective, and obtain the result;The result is sent to the data terminal;This method can both verify the integrality of data, and the confidentiality and reliability of verification process can be improved again, third party is effectively prevent and steals data message;Disclosed herein as well is a kind of system of data integrity validation, with above beneficial effect.
Description
Technical field
The present invention relates to data security arts, more particularly to a kind of method and system of data integrity validation.
Background technology
Cloud storage be in cloud computing (cloud computing) conceptive extension and the new concept that developed,
It is a kind of emerging Network storage technology, can be by functions such as cluster application, network technology or distributed file systems, by net
A large amount of various types of storage devices gather collaborative work by application software in network, and the common data that externally provide are deposited
Storage and the system of Operational Visit function.
Cloud storage data integrity validation technology be it is a kind of be used for verifying ensure in cloud storage the integrality of data and available
The technology of property.Under current cloud storage condition, it is limited due to calculating with storage resources, user downloads whole data file, then right
The method that whole data file is verified is worthless.Cloud stores data integrity validation technology and solved this problem in that, i.e.,
It need not know that whole data file just can realize the integrality and availability of detection data.
In the prior art, it is mostly based on public-key cipher technology, although can efficiently detect whether data are complete,
But it can not safely recover original data, the dishonest management staff in part may replicate secret key decryption data, obtain
Take related content.Therefore, prior art can not provide safeguard for the reliability of confidentiality and cloud the storage data verification of key.
Therefore, how to be guaranteed data security during verification of data integrity, be that those skilled in the art need at present
The technical problem to be solved.
The content of the invention
The purpose of the application is to provide a kind of method and system of data integrity validation, can be in verification of data integrity
During guarantee data security.
In order to solve the above technical problems, the application provides a kind of method and system of data integrity validation, this method bag
Include:
According to the integrality verification request of reception, checking information is sent to cloud storage server;Wherein, the integrality is tested
Card request is generated and sent to verifying end at random by data terminal;
After the cloud storage server is received to the response message of the checking information, whether the response message is verified
Effectively, and the result is obtained;
The result is sent to the data terminal.
Optionally, before the checking information is sent, this method also includes:
The data terminal is pre-processed to data, obtains pre-processed results;
Function is calculated according to pre-processed results selection safety;
Function generation private cipher key is calculated according to the safety.
Optionally, this method also includes:
Data terminal generates key-label according to the private cipher key, and by the key-label and the data storage to institute
State in cloud storage server, for verifying the integrality of the data.
Optionally, the integrality verification request according to reception, sending checking information to cloud storage server includes:
The integrality verification request is received, and random number is selected according to the integrality verification request;
The checking information according to the generating random number, and send the checking information to the cloud storage server.
Optionally, described after the cloud storage server is received to the response message of the checking information, checking is described
Whether response message is effective, and obtains the result and include:
Receive the response message of the cloud storage server to the checking information;Wherein, in the response message
Include key-label and checking formula;
Judge whether the key-label is effective;
If the key-label is invalid, the result of authentication failed is obtained;
If the key-label effectively, judges whether the checking formula is set up;
If the checking formula is invalid, the result of authentication failed is obtained;
If the checking formula is set up, the result being proved to be successful is obtained.
Optionally, the key-label is specially MAC (r | | name);Wherein, r=gη, η is pseudo-random generator generation
Random number η ∈ Zp, Zp=0,1 ... and .p-1 }, g is the group G that rank is prime number p1And G2Generation member, name is data file
Mark, MAC is message authentication code.
Optionally, the checking formula is speciallyWherein,
H2, H3For hash function, name | | i is data file identifier, and m ', m '=H are included in the response message3(e(σ,c1)·
c2U),vi∈Zp, c1=gρ, c2=ZρWith Z=e (sk, gα), mi∈Zp, Zp=0,
1,....p-1};ρ is the random number, ρ ∈ Zp。
Present invention also provides a kind of system of data integrity validation, the system includes:
Sending module, the integrality verification request sent for verifying end according to data terminal is sent to cloud storage server
Checking information;Wherein, the integrality verification request is randomly generated;
Authentication module, for after the cloud storage server is received to the response message of the checking information, verifying institute
Whether effective state response message, and obtain the result;
Reporting module, for the result to be sent to the data terminal.
Optionally, the sending module includes:
Receiving unit, the request for receiving the data integrity validation that the data terminal is sent;
Parameter generating unit, for selecting random number according to the integrality verification request;
Checking information generation unit, for the checking information according to the generating random number.
Optionally, the authentication module includes:
Response message receiving unit, believes for receiving the response of the cloud storage server to the checking information
Breath;Wherein, key-label and checking formula are included in the response message;
Label judging unit, for judging whether the key-label is effective;
Tag deactivation generation unit, for when the key-label is invalid, obtaining the result of authentication failed;
Formula judging unit, for judging whether the checking formula is set up;
The invalid generation unit of formula, for when the checking formula is invalid, then obtaining the result of authentication failed;
Formula efficiently generates unit, for when the checking formula is set up, then obtaining the result being proved to be successful.
The invention provides a kind of method of data integrity validation, according to the integrality verification request of reception, stored up to cloud
Deposit server and send checking information;Wherein, the integrality verification request is generated and sent to verifying end at random by data terminal;When
After the cloud storage server is received to the response message of the checking information, verify whether the response message is effective, and obtain
Obtain the result;The result is sent to the data terminal.
This method reference validation end as verification of data integrity third party, it is to avoid data terminal serves as the feelings of verifier
Condition.It is randomly generated due to the integrality verification request that data terminal is transferred to verifying end, and without any relevant with data
Information, therefore verifying end can not obtain the content of data.That is, this method demonstrates data using zero-knowledge proof
Integrality, i.e., not the leakage of content of data to verifying end.The method of this use verifying end zero-knowledge proof, both can be with
The integrality of data is verified, the confidentiality and reliability of verification process can be improved again, third party is effectively prevent and steals
Data message.The application additionally provides a kind of system of data integrity validation simultaneously, with above-mentioned beneficial effect, herein no longer
Repeat.
Brief description of the drawings
In order to illustrate more clearly of the embodiment of the present application, the required accompanying drawing used in embodiment will be done simply below
Introduce, it should be apparent that, drawings in the following description are only some embodiments of the present application, for ordinary skill people
For member, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is the hardware environment schematic diagram at a kind of method of data integrity validation provided herein;
The flow chart of the method for another data integrity validation that Fig. 2 is provided by the embodiment of the present application;
The flow chart of the method for another data integrity validation that Fig. 3 is provided by the embodiment of the present application;
Fig. 4 transmits the schematic diagram of data for data terminal in embodiment illustrated in fig. 3 to cloud storage server;
Fig. 5 provides a kind of schematic diagram of the method for data integrity validation in actual applications for the embodiment of the present application;
A kind of structural representation of the system for data integrity validation that Fig. 6 provides for the application.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application
In accompanying drawing, the technical scheme in the embodiment of the present application is clearly and completely described, it is clear that described embodiment is
Some embodiments of the present application, rather than whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art
The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of the application protection.
A kind of method and system of data integrity validation provided herein, can apply to following hardware scene
In:
Fig. 1 is refer to, Fig. 1 is the hardware environment at a kind of method of data integrity validation provided herein
Schematic diagram, including data terminal, cloud storage server, verifying end.
Wherein, data terminal is also known as data owner (Data Owner), is the entity enjoyed data right He undertaken obligations,
The device of data is locally stored, the data that data terminal can be stored are transferred to cloud server, so as in other equipment
Check, downloading data.Data terminal can be personal computer or the server for data storage, herein not to data terminal
Model, brand are defined, as long as cloud server can be sent data to and the dress of checking request is sent to verifying end
Put.Cloud storage server is the storage problem for solving the growth of inactive data and bringing, i.e. deposit local data
Storage is into cloud storage server to save local spatial, and user can also check in other-end equipment, download the number uploaded
According to.Verifying end is the third-party authentication person that data terminal is introduced, and is for detecting that data terminal transmits the data for storing end to cloud
It is no complete, realize inspection of the data terminal to cloud storage server.
Fig. 2, a kind of flow of the method for data integrity validation that Fig. 2 is provided by the embodiment of the present application are referred to below
Figure;
Specific steps can include:
Step S101:According to the integrality verification request of reception, checking information is sent to cloud storage server;Wherein, institute
Integrality verification request is stated to be generated and sent at random to verifying end by data terminal;
Wherein, the subject of implementation of this method is that verifying end is third-party authentication person, integrality verification request be data terminal to
What verifying end was sent.This step is that default data is transmitted into cloud storage server via data terminal, and data terminal is in order to verify
Whether the data of transmission are complete to be stored in cloud storage server, introduces third-party authentication person --- and verifying end is to data
Integrality is detected.Generated at random it is understood that integrality verification request information is data terminal, that is, be sent to checking
It is the information not comprising data in the integrality verification request at end, that is to say, that verifying end can not be from integrality verification request
Any information about data is obtained, verifying end is entered in the case where not obtaining any content of data come the integrality to data
Row checking.
Certainly, any information relevant with data is not included in integrality verification request, verifying end is not represented and does not utilize
Any information in the solicited message of integrity verification.It there are in integrity verification information and be randomly assigned relevant parameter, test
Card end can be according to parameter generation checking information be changed, and form, content for checking information are not especially limited, can be according to file
The method and file type encrypted during storage are set, if can be used for obtain cloud holder in response message i.e.
Can.
It is understood that in normal network, before this step also there is data terminal, data are encrypted simultaneously
The step of being transmitted to cloud storage server.Data terminal has much to the method that data are encrypted, can using private cipher key or
The method of public-key cryptography, it is preferable to employ only using the method for private cipher key, it is possible to reduce a large amount of memory spaces and key are let out
The leaks such as dew, reduce the complexity of key management.
Step S102:After the cloud storage server is received to the response message of the checking information, the sound is verified
Answer information whether effective, and obtain the result;
Wherein, checking information is sent in cloud storage server by verifying end in step S101, and this step is acquiescence cloud
Storage server is received after checking information to verifying end return response message.Certainly, a verifying end may be simultaneously to be multiple
Data terminal verifies the integrality of data, if receiving many response messages simultaneously, correlation number can be set to carry out authentication response information,
The situation for preventing many response message checkings chaotic occurs.Sent out of course for the situation for avoiding many response message checkings chaotic
It is raw, or each data terminal sets a unique corresponding verifying end, the dedicated Authentication data terminal data transfer it is complete
Whole sex chromosome mosaicism.Can be each data when the data terminal in network is less it is understood that considering for actual demand
One unique verifying end of end configuration, and can be to specify number a data terminal configuration one to test when data terminal is more in network
End is demonstrate,proved, the selection not to verifying end herein is specifically limited.
Response message can be generated according to the content of checking information after cloud storage server receives checking information, can also
The transmission for being interpreted as checking information is the process of an inquiry, and response message is that the result of inquiry is sent back into verifying end.Can
With understanding, checking information, which is that all data of acquiescence are all complete, to be stored in cloud storage server, i.e., in checking information
The content of specific authentication is all present in theory;And response message is according to the number being actually stored in cloud storage server
According to the feedback information of progress, that is to say, that response message reflects the actual storage state of data to a certain extent;At that time only
It is that can not judge data whether full storage is in cloud storage server to receive response message, in addition it is also necessary to it is carried out certain
Parsing.
The information of some non-data contents of data, i.e., some unique features can be included in response message, but are somebody's turn to do
Feature is not related to the content of data, and verifying end can judge whether data are stored in cloud storage server according to these information
In.Illustrate that data transfer is complete if features described above is by checking, if on the contrary, not illustrating that data transfer is endless by checking
It is whole, it is to be understood that the result of checking only data are complete and are imperfect two kinds.
Step S103:The result is sent to the data terminal;
Wherein, no matter the result is that data are complete or data are imperfect, and verifying end is all issued data terminal.Testing
Card end is transmitted verification result to after data terminal, and the data that uploaded can be further processed for data terminal.Also
It is to say, when data complete transmission to cloud storage server, data terminal can delete the data transmitted;When data not
When having complete transmission to cloud storage server, data terminal can transmit data to cloud storage server again, until transmission is complete
Local data is deleted again.
Fig. 3, Fig. 4, the method for another data integrity validation that Fig. 3 is provided by the embodiment of the present application are referred to below
Flow chart;Fig. 4 transmits the schematic diagram of data for data terminal in embodiment illustrated in fig. 3 to cloud storage server;This embodiment is
On the basis of above-described embodiment, to sending the step of checking information and authentication response information are associated and distributing virtual machine
Method is defined.
Specific steps can include:
Step S201:The data terminal is pre-processed to data, obtains pre-processed results;
Wherein, data prediction refers to some processing carried out before main processing to data, after pretreatment
It is convenient that data are encrypted.Certainly, the method for pretreatment has a lot, and such as tomb is in the theoretical yojan of rough set (Rough Set)
Method, the data enrichment method based on conceptional tree, information theory thought and generalization Knowledge Discovery, the attribute based on statistical analysis are chosen
Method, genetic algorithm etc., can select suitable preprocess method, herein not according to the actual conditions of this method concrete application
Method to pretreatment is specifically limited.
Step S202:Function is calculated according to pre-processed results selection safety;
Wherein, the purpose of this step is to calculate function for generation private cipher key selection safety, and safety calculating function, which has, to be needed
Want sufficiently high security.Have much it is appreciated that safety calculates function, can both use safety calculating general at present
Function, can also voluntarily write safety and calculate function, herein without specific restriction.Certainly, in one network, select as far as possible
Same safety calculates function, system resource can be so saved, while the security to data does not have any impact.
Step S203:Function generation private cipher key is calculated according to the safety;
Wherein, both can be reversible or not using the method being encrypted of generation private cipher key pair data
Reversible, reversible commonly referred to as symmetric encipherment algorithm, it is irreversible to be typically referred to as rivest, shamir, adelman.It is such as right
Login password, general preferable mode is to use irreversible AES, such as MD5, SHA256, Hash value, certainly
The better cipher mode of the reversible intensity of some uses, when encryption key is selected, selects reversible cipher mode to have
Beneficial to protection data.Therefore use the method being encrypted of generation private cipher key pair data can be true according to specific actual conditions
It is fixed, specific method is not defined herein.
Step S204:Data terminal generates key-label according to the private cipher key, and by the key-label and the number
According to storing into the cloud storage server, for verifying the integrality of the data;
Wherein, key-label is that one kind represents symbol, that is to say, that as long as key-label is present, key-label is corresponding
Data also there is, it is to be understood that data are complete in the presence of data are not represented, if also needing to the integrality to data
Checking is carried out to also need to use other method.
If, can be by fixed byte it is understood that the data that data terminal is transmitted to cloud storage server are very big
Size is divided into some, is that each section generates different key-labels and is encrypted and transmits to cloud store-service
Device.Certainly, if the data that data terminal is transmitted to cloud storage server are not very big, whole data can be encrypted and is passed
It is defeated.
After data transfer to cloud storage end server, data terminal can delete local data to save space, still
The situation that data are omitted imperfect may can be caused in view of data transfer, can also be after verification of data integrity be verified
Local data is deleted again.
Step S205:The integrality verification request is received, and random number is selected according to the integrality verification request;
Wherein, this step is default data end after data are sent to cloud storage end server, can have been sent to data terminal
Integrity verification is asked, and the executive agent of this step is verifying end.In order that verifying end is right in the case where not obtaining data content
The integrality of data is verified that verifying end generates a random number according to the integrality verification request generated at random and used at random again
In generation checking information, to ensure the randomness of checking information.
Step S206:The checking information according to the generating random number, and send described to the cloud storage server
Checking information;
Wherein, the checking information in this step is that one kind can throw down the gauntlet to cloud storage server and obtain response message
A kind of information, because checking information is random, therefore checking information can be for detecting that it is complete that any segment data is uploaded
Property.
Step S207:Receive the response message of the cloud storage server to the checking information;Wherein, the sound
Answer in information comprising key-label and checking formula;
Wherein, key-label is used to verify whether there are the data to be stored in cloud storage server, and checking formula is used
In checking, whether the data are complete.
Step S208:Judge whether the key-label is effective, if the key-label is effectively, into step S209;
If the key-label is invalid, into step S210.
Step S209:Judge whether the checking formula is set up;If the checking formula is invalid, into step
S210;If the checking formula is set up, into step S211;
Wherein checking formula is a kind of formula related to safety calculating function, checking request, is counted according to the safety of use
Calculate function and checking request and draw, that is to say, that checking formula is not unique, can there is a variety of, as long as data can be verified
The formula of integrality, herein not to verifying that the particular content of formula is defined.
Step S210:The result of authentication failed is obtained, and enters step S212.
Step S211:Obtain the result being proved to be successful.
Step S212:The result is sent to the data terminal.
Refer to Fig. 5, Fig. 5 provides a kind of method of data integrity validation in actual applications for the embodiment of the present application
Schematic diagram.
This embodiment is applied particularly to actual scene, and selection hash function calculates function as safety, according to hash function
Private cipher key and key-label are generated, verifying end verifies the integrality of data by authentication secret label and checking formula.
Specific steps can include:
Step S301:Data terminal sends data file to before cloud storage server, first carries out data prediction.Selection safety
Calculating function:It is prime number p group G to select rank1And G2, its generation member is g, and meets bilinear map e:G1×G1→G2, choosing
Select three hash function H1, H2, H3, H is met respectively1,H2:{0,1}*→G1, H3:G2→{0,1}*;
Wherein, " → " represents mapping, { 0,1 }*Represent a set for including 0 and 1 combination numeral.
Step S302:Data terminal selects a random symmetric encryption key kmac←KmacIf,
f:{0,1}*×Kmac→ZpFor one random number of pseudo-random function and selectionAnd generate the privately owned of the system
Key sk, i.e. sk=H1(α,kmac);
Wherein, " ← " represents mapping.
Step S303:For given data file M, data terminal first obtains M ' using erasure codes processing data file M, and
M ' is divided into n block data blocks, every piece of length is s, is designated as mi (1≤i≤n);mi∈Zp, Zp=0,1 ... and .p-1 }, use
Pseudo-random generator generates a random number η ∈ Zp, and calculate r=gη, therefore for each piece of data block mi, its label is σi,
WhereinName | | i is the data file identifier, MAC (r | | name) as key-label,
Treated file M ' can be by { miAnd { σi(1≤i≤n) parsing, by ({ mi, { σ } r) is sent in cloud storage server
Store and delete local data backup.
Wherein, MAC is message authentication code.In cryptography, the short message of checking information integrality is used to.Name is suitable
In filename, data file M mark, r are used as | | name is an entirety, is a kind of representation of label, represents data
The label of block, the design of label contains two values:R values and filename name.
Step S304:Data terminal introduces verifying end to verify, data terminal random selection one from set [1, n] includes 1
The subset I, each element vi ∈ Z of individual elementp, make Q represent to gather { (i, vi) }, and Q is sent into verifying end.Verifying end is selected
One random number ρ ∈ Zp, calculate c1=gρ, c2=ZρWith Z=e (sk, gα) generation challenge chal, wherein challenge chal is exactly a kind of
Checking information, and chal=(Q, c1,c2), it is sent to cloud storage server.
Step S305:Cloud storage server receives challenge chal, calculatesWith m '=
H3(e(σ,c1)·c2U), it is sent to verifying end using m ' as corresponding response.
Step S306:Verifying end receives response m ', first first checking key-label MAC (r | | name), if MAC (r | |
Name it is) invalid, refuses and termination protocol, output 0 is sent to data terminal;Otherwise, verifying end then verifies formulaWhether set up, if equation is invalid, output 0 is refused and terminates association
View, is sent to data terminal;Otherwise, verifying end receives the response, illustrates that data file M is intactly preserved on the server.It is defeated
Go out 1 and parse M ' for { miAnd { σi(1≤i≤n) be sent to data terminal.
Because the embodiment of components of system as directed and the embodiment of method part are mutually corresponding, therefore the embodiment of components of system as directed please
Referring to the description of the embodiment of method part, it wouldn't repeat here.
Refer to Fig. 6, a kind of structural representation of the system for data integrity validation that Fig. 6 provides for the application;
The system can include:
Sending module 100, the integrality verification request sent for verifying end according to data terminal is sent out to cloud storage server
Send checking information;Wherein, the integrality verification request is randomly generated;
Authentication module 200, for after the cloud storage server is received to the response message of the checking information, checking
Whether the response message is effective, and obtains the result;
Reporting module 300, for the result to be sent to the data terminal.
In the embodiment of the system for another data integrity validation that the application is provided, the system includes:
Further, the sending module 100 includes:
Receiving unit, the request for receiving the data integrity validation that the data terminal is sent;
Parameter generating unit, for selecting random number according to the integrality verification request;
Checking information generation unit, for the checking information according to the generating random number.
Further, the authentication module 200 includes:
Response message receiving unit, believes for receiving the response of the cloud storage server to the checking information
Breath;Wherein, key-label and checking formula are included in the response message;
Label judging unit, for judging whether the key-label is effective;
Tag deactivation generation unit, for when the key-label is invalid, obtaining the result of authentication failed;
Formula judging unit, for judging whether the checking formula is set up;
The invalid generation unit of formula, for when the checking formula is invalid, then obtaining the result of authentication failed;
Formula efficiently generates unit, for when the checking formula is set up, then obtaining the result being proved to be successful.
The method and system to a kind of data integrity validation provided herein are described in detail above.Explanation
The embodiment of each in book is described by the way of progressive, what each embodiment was stressed be it is different from other embodiment it
Place, between each embodiment identical similar portion mutually referring to.For system disclosed in embodiment, due to itself and reality
Apply that method disclosed in example is corresponding, so description is fairly simple, related part is referring to method part illustration.It should refer to
Go out, for those skilled in the art, can also be to the application on the premise of the application principle is not departed from
Some improvement and modification are carried out, these are improved and modification is also fallen into the application scope of the claims.
It should also be noted that, in this manual, such as first and second or the like relational terms be used merely to by
One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or operation
Between there is any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant meaning
Covering including for nonexcludability, so that process, method, article or equipment including a series of key elements not only include that
A little key elements, but also other key elements including being not expressly set out, or also include be this process, method, article or
The intrinsic key element of equipment.Under the situation of not more limitations, the key element limited by sentence "including a ..." is not arranged
Except also there is other identical element in the process including the key element, method, article or equipment.
Claims (10)
1. a kind of method of data integrity validation, it is characterised in that methods described includes:
According to the integrality verification request of reception, checking information is sent to cloud storage server;Wherein, the integrity verification please
Ask and generated and sent at random to verifying end by data terminal;
After the cloud storage server is received to the response message of the checking information, verify whether the response message has
Effect, and obtain the result;
The result is sent to the data terminal.
2. method according to claim 1, it is characterised in that before the checking information is sent, in addition to:
The data terminal is pre-processed to data, obtains pre-processed results;
Function is calculated according to pre-processed results selection safety;
Function generation private cipher key is calculated according to the safety.
3. method according to claim 2, it is characterised in that also include:
The data terminal generates key-label according to the private cipher key, and by the key-label and the data storage to institute
State in cloud storage server, for verifying the integrality of the data.
4. method according to claim 1, it is characterised in that the integrality verification request according to reception, is stored to cloud
Server, which sends checking information, to be included:
The integrality verification request is received, and random number is selected according to the integrality verification request;
The checking information according to the generating random number, and send the checking information to the cloud storage server.
5. method according to claim 4, it is characterised in that described the checking to be believed when receiving the cloud storage server
After the response message of breath, verifying whether the response message is effective, and obtain the result includes:
Receive the response message of the cloud storage server to the checking information;Wherein, included in the response message
Key-label and checking formula;
Judge whether the key-label is effective;
If the key-label is invalid, the result of authentication failed is obtained;
If the key-label effectively, judges whether the checking formula is set up;
If the checking formula is invalid, the result of authentication failed is obtained;
If the checking formula is set up, the result being proved to be successful is obtained.
6. method according to claim 5, it is characterised in that the key-label is specially MAC (r | | name);Wherein, r
=gη, η is the random number η ∈ Z that pseudo-random generator is generatedp, Zp=0,1 ... and .p-1 }, g is the group G that rank is prime number p1And G2
Generation member, name is data file identification, and MAC is message authentication code.
7. method according to claim 5, it is characterised in that the checking formula is speciallyWherein, H2, H3For hash function, name | | i is data file mark
Know and m ', m '=H are included in symbol, the response message3(e(σ,c1)·c2U),vi∈
Zp, c1=gρ, c2=ZρWith Z=e (sk, gα), mi∈Zp, Zp=0,1 ... .p-1 };ρ is the random number, ρ ∈ Zp。
8. a kind of system of data integrity validation, it is characterised in that the system includes:
Sending module, the integrality verification request sent for verifying end according to data terminal sends to cloud storage server and verified
Information;Wherein, the integrality verification request is randomly generated;
Authentication module, for after the cloud storage server is received to the response message of the checking information, verifying the sound
Answer information whether effective, and obtain the result;
Reporting module, for the result to be sent to the data terminal.
9. system according to claim 8, it is characterised in that the sending module includes:
Receiving unit, the request for receiving the data integrity validation that the data terminal is sent;
Parameter generating unit, for selecting random number according to the integrality verification request;
Checking information generation unit, for the checking information according to the generating random number.
10. system according to claim 9, it is characterised in that the authentication module includes:
Response message receiving unit, for receiving the response message of the cloud storage server to the checking information;Its
In, key-label and checking formula are included in the response message;
Label judging unit, for judging whether the key-label is effective;
Tag deactivation generation unit, for when the key-label is invalid, obtaining the result of authentication failed;
Formula judging unit, for judging whether the checking formula is set up;
The invalid generation unit of formula, for when the checking formula is invalid, then obtaining the result of authentication failed;
Formula efficiently generates unit, for when the checking formula is set up, then obtaining the result being proved to be successful.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710656121.5A CN107277054A (en) | 2017-08-03 | 2017-08-03 | A kind of method and system of data integrity validation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710656121.5A CN107277054A (en) | 2017-08-03 | 2017-08-03 | A kind of method and system of data integrity validation |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107277054A true CN107277054A (en) | 2017-10-20 |
Family
ID=60075796
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710656121.5A Pending CN107277054A (en) | 2017-08-03 | 2017-08-03 | A kind of method and system of data integrity validation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107277054A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111460523A (en) * | 2020-03-27 | 2020-07-28 | 鹏城实验室 | Data integrity verification method and device and computer-readable storage medium |
| CN114826619A (en) * | 2022-05-11 | 2022-07-29 | 北京工业大学 | Data integrity verification method of streaming system, electronic device and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104735163A (en) * | 2015-04-10 | 2015-06-24 | 重庆邮电大学 | Multi-user data integrity verification method for hybrid cloud storage environment |
| CN104811450A (en) * | 2015-04-22 | 2015-07-29 | 电子科技大学 | Data storage method based on identity in cloud computing and integrity verification method based on identity in cloud computing |
| CN105227317A (en) * | 2015-09-02 | 2016-01-06 | 青岛大学 | A kind of cloud data integrity detection method and system supporting authenticator privacy |
| US20160267489A1 (en) * | 2015-03-13 | 2016-09-15 | GeoPRI, LLC | Authentication systems and methods |
| US20160366185A1 (en) * | 2015-06-12 | 2016-12-15 | Teleputers, Llc | System and Method for Security Health Monitoring And Attestation Of Virtual Machines In Cloud Computing Systems |
| CN106487786A (en) * | 2016-09-30 | 2017-03-08 | 陕西师范大学 | A kind of cloud data integrity verification method based on biological characteristic and system |
-
2017
- 2017-08-03 CN CN201710656121.5A patent/CN107277054A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160267489A1 (en) * | 2015-03-13 | 2016-09-15 | GeoPRI, LLC | Authentication systems and methods |
| CN104735163A (en) * | 2015-04-10 | 2015-06-24 | 重庆邮电大学 | Multi-user data integrity verification method for hybrid cloud storage environment |
| CN104811450A (en) * | 2015-04-22 | 2015-07-29 | 电子科技大学 | Data storage method based on identity in cloud computing and integrity verification method based on identity in cloud computing |
| US20160366185A1 (en) * | 2015-06-12 | 2016-12-15 | Teleputers, Llc | System and Method for Security Health Monitoring And Attestation Of Virtual Machines In Cloud Computing Systems |
| CN105227317A (en) * | 2015-09-02 | 2016-01-06 | 青岛大学 | A kind of cloud data integrity detection method and system supporting authenticator privacy |
| CN106487786A (en) * | 2016-09-30 | 2017-03-08 | 陕西师范大学 | A kind of cloud data integrity verification method based on biological characteristic and system |
Non-Patent Citations (1)
| Title |
|---|
| YONG YU ET AL.: "Identity-Based Remote Data Integrity Checking With Perfect Data Privacy Preserving for Cloud Storage", 《IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111460523A (en) * | 2020-03-27 | 2020-07-28 | 鹏城实验室 | Data integrity verification method and device and computer-readable storage medium |
| CN114826619A (en) * | 2022-05-11 | 2022-07-29 | 北京工业大学 | Data integrity verification method of streaming system, electronic device and storage medium |
| CN114826619B (en) * | 2022-05-11 | 2024-04-12 | 北京工业大学 | Data integrity verification method for streaming system, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109862041B (en) | Digital identity authentication method, equipment, device, system and storage medium | |
| CN106254374B (en) | A kind of cloud data public audit method having duplicate removal function | |
| CN104811450B (en) | The date storage method and integrity verification method of a kind of identity-based in cloud computing | |
| CN109194466A (en) | A kind of cloud data integrity detection method and system based on block chain | |
| CN111914027B (en) | Block chain transaction keyword searchable encryption method and system | |
| CN105162772B (en) | A kind of internet of things equipment certifiede-mail protocol method and apparatus | |
| CN109728906B (en) | Anti-quantum-computation asymmetric encryption method and system based on asymmetric key pool | |
| CN101815091A (en) | Cipher providing equipment, cipher authentication system and cipher authentication method | |
| CN109286490A (en) | Support close state data deduplication and integrity verification method and system | |
| CN109688098B (en) | Method, device and equipment for secure communication of data and computer readable storage medium | |
| CN110086626A (en) | Quantum secret communication alliance chain method of commerce and system based on unsymmetrical key pond pair | |
| CN106130716A (en) | Cipher key exchange system based on authentication information and method | |
| CN112347508A (en) | Block chain data sharing encryption and decryption method and system | |
| CN112989426B (en) | Authorization authentication method and device, and resource access token acquisition method | |
| CN109921905B (en) | Anti-quantum computation key negotiation method and system based on private key pool | |
| CN110380859B (en) | Quantum communication service station identity authentication method and system based on asymmetric key pool pair and DH protocol | |
| CN109728905B (en) | Anti-quantum computation MQV key negotiation method and system based on asymmetric key pool | |
| CN109905229B (en) | Anti-quantum computing Elgamal encryption and decryption method and system based on group asymmetric key pool | |
| CN106034122A (en) | Information processing method, electronic equipment and server | |
| CN110505067A (en) | Processing method, device, equipment and the readable storage medium storing program for executing of block chain | |
| CN103595696A (en) | Method and device for file ownership certification | |
| US8954728B1 (en) | Generation of exfiltration-resilient cryptographic keys | |
| CN111161075A (en) | Block chain transaction data certification supervision method, system and related equipment | |
| CN110377225A (en) | A method of it supporting the transfer of outsourcing data safety and can verify that deletion | |
| CN107277054A (en) | A kind of method and system of data integrity validation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171020 |
|
| RJ01 | Rejection of invention patent application after publication |