CN108494780A - A kind of method for secure storing based on cloud computing - Google Patents
A kind of method for secure storing based on cloud computing Download PDFInfo
- Publication number
- CN108494780A CN108494780A CN201810261742.8A CN201810261742A CN108494780A CN 108494780 A CN108494780 A CN 108494780A CN 201810261742 A CN201810261742 A CN 201810261742A CN 108494780 A CN108494780 A CN 108494780A
- Authority
- CN
- China
- Prior art keywords
- data
- pas
- application server
- tue
- payment application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1458—Management of the backup or restore process
- G06F11/1464—Management of the backup or restore process for networked environments
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/561—Adding application-functional data or data for application control, e.g. adding metadata
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Finance (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Library & Information Science (AREA)
- Quality & Reliability (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Technology Law (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The present invention provides a kind of method for secure storing based on cloud computing, this method includes:The payment application server PAS and financial transaction terminal TUE of cloud platform transmit financial events data E_DATA by safety communicating method;Payment application server PAS stores the financial events data E_DATA on foreground into the finance data storage server MS of cloud platform.The present invention proposes a kind of method for secure storing based on cloud computing, improves the safety and reliability of financial transaction data management system.
Description
Technical field
The present invention relates to cloud storage, more particularly to a kind of method for secure storing based on cloud computing.
Background technology
For real-time financial events data are handled and stored, most enterprises take high in the clouds storage/access technology, will
The distribution of real time financial event data is stored in cloud storage cluster, is avoided the operation bottleneck for reading I/O, is more met enterprise's short time
Handle the demand of a large amount of real time financial event datas.However, with the continuous increase of processing financial events data volume, cloud storage is given
The memory space of cluster brings immense pressure.When data occur backup or replicate beyond the clouds, the storage location of high in the clouds data is all
It can change, need to carry out large-scale data reloading, until after data backup process in high in the clouds is completed, could provide just
Informal dress be engaged in, be easy to cause loss of data in this way, affect system external provide service ability, reduce system safety and
Reliability.
Invention content
To solve the problems of above-mentioned prior art, the present invention proposes a kind of secure storage side based on cloud computing
Method, including:
The payment application server PAS and financial transaction terminal TUE of cloud platform transmit finance by safety communicating method
Event data E_DATA;
Payment application server PAS stores the financial events data E_DATA on foreground to the finance data storage of cloud platform
In server MS.
Preferably, the financial transaction terminal TUE to payment application server PAS send financial events data E_DATA it
Before, further include:
Financial transaction terminal TUE sends the data encapsulation version itself used to payment application server PAS and encryption is calculated
The configuration parameter of method.
Preferably, the payment application server PAS feed back to financial transaction terminal TUE oneself data encapsulation version,
The heartbeat message of the configuration parameter of Encryption Algorithm and the private key encryption with oneself.
Preferably, the certificate of oneself is transmitted to financial transaction terminal TUE by payment application server PAS;And ask finance
Transaction terminal TUE sends the certificate of oneself;
Financial transaction terminal TUE passes over certification authentication payment application server PAS's with payment application server PAS
Identity terminates data communication if identity is not verified;
Certification authentication is attempted to decrypt the heart crossed with private key encryption by it after passing through using the public key of payment application server PAS
Hop-information terminates to communicate if decrypting failure;
Financial transaction terminal TUE generates random floating point, and this random floating point payment application server PAS
The public key encryption sended over, this ciphering process generate the random floating point ciphertext in this heartbeat signal, then will be random
Floating number ciphertext sends back to payment application server PAS;
When the PAS requests of payment application server need to verify financial transaction terminal TUE, financial transaction terminal TUE is oneself
Certificate be transmitted to payment application server PAS together;
After the identity for having verified financial transaction terminal TUE, then pays application server PAS and decrypted with the private key of oneself
Random floating point ciphertext and then both sides are obtained using this random floating point ciphertext come joint consultation, obtain session key to transmit
Data;
Both sides exchange ending message again, and heartbeat signal terminates;The following both sides session key consulted, using AES
It encrypts to communicate.
The present invention compared with prior art, has the following advantages:
The present invention proposes a kind of method for secure storing based on cloud computing, improves financial transaction data management system
Safety and reliability.
Description of the drawings
Fig. 1 is the flow chart of the method for secure storing according to the ... of the embodiment of the present invention based on cloud computing.
Specific implementation mode
Retouching in detail to one or more embodiment of the invention is hereafter provided together with the attached drawing of the diagram principle of the invention
It states.The present invention is described in conjunction with such embodiment, but the present invention is not limited to any embodiments.The scope of the present invention is only by right
Claim limits, and the present invention covers many replacements, modification and equivalent.Illustrate in the following description many details with
Just it provides a thorough understanding of the present invention.These details are provided for exemplary purposes, and without in these details
Some or all details can also realize the present invention according to claims.
An aspect of of the present present invention provides a kind of method for secure storing based on cloud computing.Fig. 1 is implemented according to the present invention
The method for secure storing flow chart based on cloud computing of example.
The highly reliable storage system of cloud platform financial events data of the present invention is based on block chain technology, is stored in finance data
Cheng Zhong selects a copy node to record while data generate by associated multiple copy node joint consultations
The data label of foundation so that each copy node is involved in the storage competition and selection of data, improves the confidence level of storage data;
When any one follow-up copy node is needed using the financial events data generated, high confidence level is directly obtained according to data label
Data.
The highly reliable storage system of cloud platform financial events data includes coordination service device CS, payment application server PAS, deposits
Store up server MS.Wherein, payment application server PAS and coordination service device CS is communicated, the event data for receiving foreground
E_DATA, and these event datas E_DATA is stored in buffer queue, sequence is sent to coordination service device CS successively;Or to
Coordination service device CS transmission data read requests, and corresponding financial events number is read from finance data storage server MS in real time
According to.
Data label is stored into the corresponding block of block chain by storage server MS;Often storing a data label should
Increase a block in block chain, which is made of multiple data storage area blocks, and each data storage area block has recorded
The data label that one copy node is established so that the data pointed by data label recorded can not distort.
The finance data storage server includes N number of finance data storage server MS, receives coordination service device CS hairs
The financial events data E_DATA received from payment application server PAS sent, the number of each finance data storage server MS
It is according to storage format<Hashed value, E_DATA>;The memory space surplus of each finance data storage server MS is supplied to
Coordination service device CS;After coordination service device CS completes high in the clouds data backup, the high in the clouds data that coordination service device CS is sent are received
Information is completed in backup, it would be desirable to the event data E_DATA of backup be completed on the finance data storage server MS that data remove
It deletes.
The payment application server PAS and financial transaction terminal TUE transmits financial events by safety communicating method
Data E_DATA.Before financial transaction terminal TUE sends financial events data E_DATA to payment application server PAS, gold
Melt the configuration ginseng that transaction terminal TUE sends the data encapsulation version and Encryption Algorithm that itself use to payment application server PAS
Number.The configuration that payment application server PAS feeds back to data the encapsulation version, Encryption Algorithm of financial transaction terminal TUE oneself is joined
The heartbeat message of private key encryption several and with oneself.And then the certificate of oneself is transmitted to gold by payment application server PAS
Melt transaction terminal TUE.And financial transaction terminal TUE is asked to send the certificate of oneself.Financial transaction terminal TUE payment application clothes
The identity that business device PAS passes over certification authentication payment application server PAS terminates data if identity is not verified
Communication.Certification authentication is attempted to decrypt the heartbeat crossed with private key encryption by it after passing through using the public key of payment application server PAS
Information terminates to communicate if decrypting failure.Financial transaction terminal TUE generates random floating point, and this random floating-point
The public key encryption that number is sended over payment application server PAS, this ciphering process generate random in this heartbeat signal
Then random floating point ciphertext is sent back to payment application server PAS by floating number ciphertext.Pay application server PAS requests
When needing to verify financial transaction terminal TUE, the certificate of oneself is transmitted to payment application server by financial transaction terminal TUE together
PAS。
After the identity for having verified financial transaction terminal TUE, then pays application server PAS and decrypted with the private key of oneself
Random floating point ciphertext and then both sides are obtained using this random floating point ciphertext come joint consultation, obtain session key to transmit
Data.Both sides exchange ending message again, and heartbeat signal terminates.The following both sides session key consulted, using AES encryption
To communicate.
The decentralization memory mechanism based on block chain of storage server MS includes:
1) financial transaction terminal TUE generates one group of financial events data, this group of data are passed through storage server block chain
The remote procedure call protocol interface of network is sent in financial events storage server block chain network, what calling had been disposed
Intelligent contract come complete digital label write-in, retrieval or more new function.
Intelligent contract is used as logical layer in the model, receives the request of three types:Digital label write request, is denoted as
Τα;Digital label update request, is denoted as Τβ;Digital label retrieval request, is denoted as Τγ。
By calling the intelligent contract being deployed on financial events data block chain, the digital label information of oneself is written
New block is simultaneously linked on block chain.The data stored on block chain have the characteristic that can not be distorted, and each group of finance
Event data all includes timestamp, so proof can be provided for the ownership of digital label.
2) after the host node in mine machine network receives event request data, pass through financial events storage server block
The common recognition mechanism of chain network generates new financial events block locally carrying out operation, which propagates between mine machine, when super
After more than half nodes confirmed the validity of the block, this digital label information can just be written to the storage of block chain.Newly
Block through verification its legitimacy after, by record father's block HASH be linked on financial events data block chain.
Financial events storage server block chain network is built jointly end to end by each copy node being added
Distributed network.When creating financial events, the client call RPC interfaces in block chain network generate affairs.Affairs include
Two major classes:First, a intelligence and about S are disposed under given conditions, the second is passing through the contract disposed generates message tune
With the serializing of affairs T indicates such as:
T=RLP (Tn, Tt, Ts, Tc, Td)
Wherein:RLP is recursion length prefix code, and financial events are serialized and are indicated;TtIndicate financial transaction recipient
Account address HASH values, type of transaction is represented when it is empty to create contract;TcRepresent the byte number of the code of new contract
Group;TnRepresent total number of transactions that the founder of contract initiates;TsIt is initiator to the signature of financial transaction information.Work as TtIndicate gold
When the account address for melting transaction acceptance side is not empty, show that the type of transaction is to generate message tune by the intelligent contract disposed
With TdTo call the byte arrays of intelligent contract-defined interface data.
Mine mechanism in financial events storage server block chain network makes block and is divided into synchronous block chain, construction new block
Intact block step is given birth to mineral products are dug.When constructing new block, the mine machine in financial events storage server block chain network passes through
The book keeping operation power that newest block chain obtains next block is synchronized, to unacknowledged financial events data T in network in a period of time
={ T1, T2..., TnBe collected.Financial events block difficulty value setting function is called to obtain the difficulty value H of new block headd,
Digging mine target for setting next step.In transaction execution and Qualify Phase, the financial events data being collected into are verified
The legitimacy of legitimacy and account including trading signature.It merchandises to execute and completes to return setting block transaction root.According to financial thing
Calculating and collection of the included information of part block into row information.The financial events block B not comprising random number is constructed as a result,n。
Mine algorithm is dug according to BnBlock head difficulty value Hd, the degree-of-difficulty factor for defining the block is Hdco, Hdco=2256/
Hd, generate random number rad values, input service amount prove function FinalHash is calculated, if its be less than Hdco, dig mine at
Work(.
Mine machine is after constructing new financial events block, and in the Web broadcast block, other nodes close block
Method is verified, if in the legal i.e. synchronous new block to financial events data block chain of the block.Wherein, financial events data block
The formalization statement of link is such as:αt+1=ζ (... γ (γ (αt, T0), T1)…)
Wherein:The transaction of the new block B that t+1 is generated, confirmation include { T1, T2..., Tn, ζ indicates the gold through block B links
Melt event data block chain state transition function, γ indicates financial events data block chain caused by single effectively financial events
State changes function, αtIndicate the financial events data block chain state of t moment, αt+1Indicate the financial thing after addition new block B
Part data block chain state.By link, transaction is just recorded by real confirmation and permanently on financial events data block chain, this
When other nodes synchronize new block obtain book keeping operation power.
Digital label write-in contract is used to be written the copyright of terminal.User can be simultaneously in block chain when login account
Contract is written in a digital label of upper deployment, and contract owner is initialized by constructed fuction.It is write in user's call number label
When entering contract, which can detect the information of initiator in advance, if the caller of contract is not the owner of this part of contract, nothing
The copyright of oneself is written on normal direction block chain;If being successfully written after new financial events, digital label write-in contract can return
Digital label of the hash value extracted by file characteristic value as the financial events.Digital label retrieves contract and provides rights management
Approach and other users are to operations such as the retrievals of the financial events digital label.Data owner retrieves contract pipe by calling
User's grant column list is managed, the user being only in list just has the permission for checking data.It stores to be authorized in grant column list and use
The public key at family, when other users call contract to retrieve a certain financial events, retrieval contract first checks whether the user has permission
The public key for accessing the i.e. user whether there is in grant column list, and if it exists, the financial events data being retrieved can first pass through inspection
It being returned again to after the public key encryption of rope user to user, user can get digital label information using the private key decryption of oneself,
Ensure that the financial events in transmission process will not be intercepted and captured by other people.Digital label update contract exchanges oneself by between terminal
The digital label of financial events.After two sides consult transaction, the purchaser of digital label initiates digital label update request, number
After word label owner receives request, the digital label update agreement of update contract is called to trigger update event.If digital label
Owner agrees to this time merchandise, and update contract will carry out digital label transfer and execute transfer operation;If digital label possesses
Person disagrees, this group of financial events data are directly popped up from queue.
The coordination service device CS is for initializing the communication between control table, each server of coordination, management high in the clouds data
Backup.Coordination service device CS includes:Receiving node, starter node and copy node.Wherein, receiving node receives each finance
The memory space surplus of data storage server MS;Starter node is deposited when at least one of storage server MS finance datas
When the memory space surplus of storage server MS is more than memory space using threshold value, log-on data backup process;Determine backup member
Data, the backup metadata include the position for the finance data storage server MS for needing data to remove, event to be backed up
The position of the hashed value of data E_DATA, the size and target storage server MS of event data E_DATA to be backed up;Copy
The event data E_DATA to be backed up of storage is backuped to target storage server MS, wherein mesh by node according to backup metadata
Mark storage server MS is the finance data storage server MS increased newly.
Coordination service device CS preferably further includes storage monitoring node, and memory space surplus is received in receiving node
Afterwards, memory space surplus is recorded in data backup global listings, real time monitoring finance data storage server MS's deposits
Space hold state is stored up, the parameter in data backup global listings includes the ID of each finance data storage server MS, storage
Spatial Residual amount and each storage server MS data backup status;Data backup status includes not starting state, beginning state
And completion status.
The starter node, which is specifically used for working as, monitors at least one of storage server MS finance data storage services
The memory space surplus of device MS is more than predefined memory space and uses threshold value, and all finance data storage server MS
Status of Backups be trigger data backup process when not starting state.
Coordination service device CS is additionally operable to after data backup process triggers, and modification data backup global listings need to count
According to the data backup status of the finance data storage server MS of removal.Specifically, the change procedure of data backup global listings
It is as follows:
In the initial phase of monitoring data backup process, by the data backup shape of all finance data storage server MS
State is set as not starting state;After trigger data backup process, the finance data that data remove is deposited according to backup first storage pool
The data backup status of storage server MS is set as beginning state.When to complete data standby by some finance data storage server MS
Part, then the Status of Backups of finance data storage server MS is set as completion status;When all participate in backing up needs data to move
When the Status of Backups of the finance data storage server MS removed is all completion status, indicate that this high in the clouds data backup is complete
At the Status of Backups of all finance data storage server MS is all reduced to not start.
Receiving node is used to receive the event data E_DATA that payment application server PAS is sent;Determine the event data
The hashed value of E_DATA;Copy node is additionally operable to the hashed value according to addressing concordance list and event data E_DATA, by event number
It is sent to corresponding finance data storage server MS in storage server MS according to E_DATA.Receiving node receives payment application clothes
The data read request that business device PAS is sent;It is corresponding according to being obtained in data read request to corresponding finance data storage server MS
Event data E_DATA;Corresponding event data E_DATA is sent to payment application server PAS by copy node.Wherein institute
State the pre-recorded mapping relations of hashed value and finance data storage server MS of addressing concordance list.
Copy node is to judge dissipating for event data E_DATA after the hashed value that event data E_DATA has been calculated
Whether train value is in the range of hashed value in addressing concordance list, when the hashed value of event data E_DATA is indexed between addressing
When in table in the range of hashed value, financial number corresponding with the hashed value of event data E_DATA is found from addressing concordance list
According to the position of storage server MS, event data E_DATA is sent to the corresponding finance data storage server in the position
MS。
After the completion of data backup, parameter update also is carried out to addressing concordance list by coordination service device CS;Work as finance data
When the event data E_DATA stored on storage server MS changes, according to the position of finance data storage server MS, update
The hashed value of corresponding event data E_DATA;When increasing finance data storage server MS, increase new finance data
The position of storage server MS, and increase the hashed value of corresponding event data E_DATA.
It copies node and carries out persistent storage, storage by the event data E_DATA that application server PAS is sent is paid
Format is:<Storage server position, hashed value, E_DATA>;According to backup metadata, the parameter to the backup table being locally stored
It is updated;The parameter of backup table includes the position for the finance data storage server MS for needing data to remove, thing to be backed up
Number of packages according to the hashed value and target storage server MS of E_DATA position;According to updated backup table, will wait in order standby
The event data E_DATA of part backups to target storage server MS.Node is copied after the completion of data backup, to needing data
The finance data storage server MS of removal sends high in the clouds data backup and completes information, and control needs the finance data that data remove
Storage server MS deletes the event data E_DATA that backup is completed.
In addition to coordination service device, the highly reliable storage system of cloud platform financial events data of the invention further includes spare coordination
Server CS0.When coordination service device CS exceptions, spare coordination service device CS0 can start the service function of coordination service device CS,
As current coordination service device CS;And select a storage server MS as spare from all storage server MS at this time
Coordination service device CS0.Coordination service device CS and spare coordination service device CS0 stores identical metadata;Wherein, metadata includes
The ID of the ID of storage server MS, the event data E_DATA blocks of storage server MS storages.
When receiving event data E_DATA requests, depositing for processing event data E_DATA requests is determined according to metadata
Store up server MS.If event data E_DATA requests are write request, determined according to the metadata stored on coordination service device CS
The ID of the corresponding storage server MS of free block of writable pending financial events data E_DATA, by pending financial thing
Number of packages is written according to E_DATA to the corresponding storage server MS of free block, obtains the pending financial events data E_DATA
ID and the pending financial events data E_DATA of the write-in free block ID correspondence and the pending gold of the write-in
Melt the ID of the free block of event data E_DATA and depositing where the free block of the pending financial events data E_DATA of the write-in
Store up the correspondence of the ID of server MS.If event data E_DATA requests is read file request, according on coordination service device CS
The file ID of the metadata of storage and pending financial events data E_DATA determines and stores pending financial events data E_
Storage server MS where the data block of the ID of the data block of DATA and the pending financial events data E_DATA of the storage
ID;Then corresponding event is read in the storage server MS where the data block for storing pending financial events data E_DATA
Data E_DATA.
Wherein, after using spare coordination service device CS0 as current coordination service device CS, the multiple of cloud platform are determined
The weights of each storage server MS in finance data storage server MS;According to the weights of each storage server MS, to
A storage server MS is selected in a few storage server MS as current spare coordination service device CS0;It will be current
Metadata on coordination service device CS is synchronized on current spare coordination service device CS0.On the one hand, current coordination service device CS
By the way that heartbeat signal, the state of detection storage server MS occurs to storage server MS:If by coordination service device CS to depositing
Each storage server MS in storage server MS sends heartbeat signal and receives the storage server in predefined duration
The corresponding response of the heartbeat signal that MS is returned, it is determined that storage server MS is in normal operating conditions;If predefined
The corresponding response of the heartbeat signal that storage server MS is returned is not received in duration, it is determined that storage server MS is different
Often.Coordination service device CS can also detect spare coordination service device by sending heartbeat signal to spare coordination service device CS0
The state of CS0.
On the other hand, each storage server MS in storage server MS sends heartbeat letter to the coordination service device CS
Number, the state of detection coordination service device CS:By each storage server MS in the storage server MS to the association
It adjusts server CS to send heartbeat signal and the heartbeat signal for receiving the CS transmissions of coordination service device in predefined duration is corresponding
In the case of response, determine that the coordination service device CS is in normal operating conditions;And determine that coordination service device CS includes extremely:
Heartbeat signal is being sent to coordination service device CS and by each storage server MS in storage server MS when predefined
In the case of not receiving the corresponding response of the heartbeat signal that coordination service device CS is sent in long, determine that coordination service device CS is different
Often.
Wherein it is determined that the weights of each storage server MS include in storage server MS:According to appointing in the following contents
One or the weights of appointing multinomial content to determine:CPU core number, the CPU number of concurrent, storage space volume.
After data backup process triggers, the present invention includes following backup policy in a preferred embodiment:
1:N groups event data E_DATA to be backed up is determined from least one source storage pool according to rule is actually backed up;
Wherein, every group of event data E_DATA to be backed up in N groups event data E_DATA to be backed up is deposited according to predefined backup rules
In storage to the corresponding source storage pools of group event data E_DATA to be backed up, and every group of event data E_DATA to be backed up corresponds to one
A major key;N is positive integer;
2:For every group of event data E_DATA to be backed up in N groups event data E_DATA to be backed up, according to practical standby
Part rule determines the corresponding purpose storage pools of group event data E_DATA to be backed up;And the group is generated in purpose storage pool and is waited for
The event data E_DATA copies to be backed up of backup event data E_DATA;
3:If it is determined that generating in N groups event data E_DATA to be backed up the to be backed up of every group of event data E_DATA to be backed up
Event data E_DATA copies then delete N groups event data E_DATA to be backed up from least one source storage pool.
When the present invention carries out data conversion storage, operating unit is N groups event data E_DATA to be backed up, shortens event data E_
The time of DATA unloading process access interrupts, and then reduce data conversion storage and cloud platform finance is accessed for financial transaction terminal TUE
The influence of the highly reliable storage system of event data.
Before at least one source storage pool is progress data conversion storage in the highly reliable storage system of cloud platform financial events data
Including the source position that is stored according to predefined backup rules of all storage pools and every group of event data E_DATA to be backed up.
Purpose storage pool is the target location that every group of event data E_DATA to be backed up is stored according to rule is actually backed up,
Source storage pool includes at least one set of event data of at least one KEYID stored according to predefined backup rules
E_DATA;Each KEYID identifies one group of data;Predefined backup rules preferably include:If one group of event data E_DATA packet
In the first predefined scope of the corresponding value of predefined field included in the first aggregate, then this group of event data E_DATA is deposited
Storage is in the corresponding position of the first predefined scope;Wherein, first set includes at least one first predefined scope.
In specific implementation, each storage server may include one in the highly reliable storage system of cloud platform financial events data
A storage pool can also include multiple storage pools.Based on described above, according to being actually backed up rule from least one source storage pool
In determine N groups event data E_DATA to be backed up before, further include:
Determine that the data backup rule in the highly reliable storage system of cloud platform financial events data needs to update, including from pre-
Backup rules are defined to be updated to be actually backed up rule;Wherein, being actually backed up rule includes:If one group of event data E_DATA includes
Corresponding second predefined scope of the value in second set of predefined field in, then by this group of event data E_DATA
It is stored in the corresponding position of the second predefined scope;Second set includes at least one second predefined scope.
Below to how to determine that N groups event data E_DATA to be backed up is introduced.For source storage pool include to
Every group of event data E_DATA in few one group of event data E_DATA, executes following steps:Determine this group of event data E_
DATA is according to the position for being actually backed up rule storage;If this group of event data E_DATA of the KEYID is according to predefined backup
The position of rule storage is differed with this group of event data E_DATA according to the position for being actually backed up rule storage, then this group of event
Data E_DATA is one group of data to be backed up.In this way, according to predefined backup rules and being pressed according to every group of event data E_DATA
The according to the facts position of border backup rules storage, determines the event data E_DATA to be backed up after data backup Policy Updates, into
And it treats backup event data E_DATA and carries out data movement.
After the data backup rule for determining the highly reliable storage system of cloud platform financial events data needs to update, need
Data conversion storage is carried out to the event data E_DATA stored in the highly reliable storage system of cloud platform financial events data.Actual
During data conversion storage, for the thing of at least one KEYID stored in the highly reliable storage system of cloud platform financial events data
Number of packages can be divided into two kinds of situations according to the storage location of E_DATA:The first, one group of event data E_DATA is according to predefined standby
Part rule is identical with regular storage location is actually backed up, this group of event data E_DATA need not be synchronized;Second, one group of event
Data E_DATA is according to predefined backup rules and is actually backed up regular storage location variation, this group of data need to synchronize.
Optionally, the event data E_ to be backed up of group event data E_DATA to be backed up is generated in purpose storage pool
DATA copies, including:For every group of event data E_DATA to be backed up in N groups event data E_DATA to be backed up, in purpose
The event data E_DATA copies to be backed up of group event data E_DATA to be backed up are generated in storage pool;And it is to be backed up in the group
In the corresponding source storage pools of event data E_DATA label to be removed is added for group event data E_DATA to be backed up;And at this
It is that event data E_DATA copies to be backed up add and wait enabling in the corresponding purpose storage pools of group event data E_DATA to be backed up
Label.If one group of event data E_DATA according to predefined backup rules and be actually backed up rule storage location it is constant, for
Label is not changed in this group of event data E_DATA addition.
The data of the data backup Policy Updates used below the highly reliable storage system of cloud platform financial events data are moved
Label during dynamic carries out citing introduction.When first time data backup rule changes, if predefined backup rules are rule
Then one, rule is actually backed up as rule two, then the rule one used the highly reliable storage system of cloud platform financial events data is more
It is new that label to be removed is set as -1 during data conversion storage for rule two, wait that enabling label is set as 1, does not change label and is set as
0;After data conversion storage completion, the highly reliable storage system of cloud platform financial events data using rule two includes that band needs
It enables label 1 and does not change the event data E_DATA of label 0;When second of data backup rule changes, if predefined
Backup rules are rule two, are actually backed up rule as rule three;The highly reliable storage system of cloud platform financial events data is used
Rule two be updated to rule three, event data E_DATA to be backed up is redefined out during data conversion storage, will be to be removed
Label is set as -1, waits that enabling label is set as 2, the constant event data E_DATA of storage location remains on first time data backup
The corresponding value of label when rule changes, for example use 0 and 1.
The deletion N groups event data E_DATA to be backed up from least one source storage pool, including:
For each source storage pool, every group of event data E_ to be backed up of label to be removed will be added in the storage pool of source
DATA is deleted.At this point, data conversion storage terminates, the event data E_DATA in the highly reliable storage system of cloud platform financial events data
Including the event data E_DATA for waiting enabling label and the event data E_DATA for not changing label.Data conversion storage is waited in addition to movement
Backup event data E_DATA further includes the update to backup rules.Before data conversion storage, cloud platform financial events data are high
All event data E_DATA are stored according to predefined backup rules in reliable memory system.During data conversion storage, to
Before deleting N groups event data E_DATA to be backed up in a few source storage pool, further include:If it is determined that basis is needed to be actually backed up
Rule event data E_DATA to be backed up to N groups is backed up, then every group be directed in N groups event data E_DATA to be backed up waits for
Backup event data E_DATA, by the backup rules of group event data E_DATA to be backed up be updated to predefined backup rules and
It is actually backed up rule.Before completing data conversion storage, there is the event to be backed up stored according to predefined backup rules in system
Data E_DATA and the event data E_DATA copies to be backed up stored according to rule is actually backed up, so avoidable data movement
The problem of data caused by malfunctioning in the process can not access.
When data conversion storage is completed, there are a backup rules in the highly reliable storage system of cloud platform financial events data.
After deleting N groups event data E_DATA to be backed up at least one source storage pool, further include:For N groups event to be backed up
Every group of event data E_DATA to be backed up in data E_DATA, more by the backup rules of group event data E_DATA to be backed up
New is to be actually backed up rule.It, can be directly according to being actually backed up regular Access Events data E_ after completing data conversion storage
DATA。
The to be backed up of group event data E_DATA to be backed up is generated in the embodiment of the present invention in the purpose storage pool
The realization method of event data E_DATA copies can be:
Event data E_DATA to be backed up is synchronized in purpose storage pool from the storage pool of source, is claimed in purpose storage pool
For event data E_DATA copies to be backed up.The process of purpose storage pool is synchronized to below for event data E_DATA to be backed up
In, how to realize that the influence reduced to access is introduced.If in the N groups event data E_DATA to be backed up of N number of KEYID
Any group of event data E_DATA to be backed up starts after synchronizing, and in the N groups of N number of KEYID event data E_DATA to be backed up
It is fully synchronized to before target location, receive the data retrieval request of financial transaction terminal TUE, then allow financial transaction terminal
TUE is accessed in the highly reliable storage system of cloud platform financial events data with the event data to be removed marked and do not change label
E_DATA.By all event data E_DATA in synchronizing process are marked, financial transaction terminal TUE is allowed to access band
There is the event data E_DATA to be backed up for not changing label and label to be removed, the access of financial transaction terminal TUE is not caused
It influences.If fully synchronized to after target location in the N groups event data E_DATA to be backed up of N number of KEYID, financial friendship is received
The data retrieval request of easy terminal TUE, then allow financial transaction terminal TUE to access the highly reliable storage of cloud platform financial events data
Band needs to be enabled label and does not change the event data E_DATA of label in system.To avoid Data duplication from accessing, allow to access
Band needs to be enabled label and does not change the event data E_DATA of label;In this way, financial transaction terminal TUE can be accessed it is all
The constant event data E_DATA and N group event data E_DATA to be backed up in position in any group of event data E_DATA.
Optionally, fully synchronized to after target location in the N groups of N number of KEYID event data E_DATA to be backed up, also wrap
It includes:
For each major key of N number of major key, if the event data E_DATA to be backed up of the KEYID in the storage pool of source is generated
The corresponding new operation note of major key is then synchronized to the corresponding target location of major key by new operation note;It is corresponded to by major key
New operation note be synchronized to before the corresponding target location of major key, stop data write-in.It ensure that every after data move
The integrality of the data to be backed up of a KEYID.
The coordination service device CS is additionally operable to be managed the space of each storage control.Specifically, the coordination
The size for the event data to be stored that server CS is received according to current payment application server, judges currently stored server section
Whether the free space of point is sufficient.If sufficient, financial transaction terminal TUE directly corresponds to current event data write-in to be stored
Finance data storage server MS node in;If insufficient, judge to execute whether more than one of backup process for writing data
Process sends the request of application object space to coordination service device CS if being no more than;It, will be multiple using process lock if being more than
Write process is encapsulated as a primitive operation, so that first object process sends asking for application object space to coordination service device CS
It asks.Specifically, apply for that the calculating process of object space is:
When obtaining last multi-process while writing data, first backup process is successfully written finance data storage server
In MS node after data, the size of data in remaining each backup process finance data storage server MS node to be written;Meter
After the size for calculating size of data event data to be stored corresponding with first object process, using as object space size
Value.
The real space that coordination service device CS is returned is received, and according to finance data storage server MS node current residual
The free space of free space sizes values and real space update finance data storage server MS node.Coordination service device CS exists
After the space request for receiving financial transaction terminal TUE, feeds back to financial transaction terminal TUE real spaces and be more than financial transaction terminal
The spatial value of TUE applications, that is to say, that real space includes object space sizes values and predefined telescopic space value.It is predefined
Choosing for telescopic space value can use shape according to the active volume of the highly reliable storage system of cloud platform financial events data, capacity
Condition and the operation conditions of the financial transaction terminal TUE in present application space are determined.
According to finance data storage server MS node current residual free space sizes values and real space update finance
The free space of data storage server MS node.Event number to be stored is written into finance data storage server MS node
According to, and obtain in write-in finance data storage server MS node and increase size of data newly, calculate finance data storage server MS
The difference of the current space available sizes values and newly-increased size of data of node.
According to difference update finance data storage server MS node can backup space, and can backup space be sent to
Coordination service device CS.By can backup space, the size newly increased, metadata feedback real space be sent to coordination service device
CS can be used for the capacity service condition of the coordination service device CS statistics highly reliable storage systems of cloud platform financial events data.
Judge for by can backup space be sent to coordination service device CS backup process number it is whether more than one;If
It is then to report backup process to be encapsulated as a primitive operation by multiple using process lock, so that the second target process can back up
Space is sent to coordination service device CS.
In view of financial transaction terminal TUE not only writes data into the highly reliable storage system of cloud platform financial events data,
Data deletion can be also carried out, in consideration of it, the invention also includes:
It determines whether to remove data from finance data storage server MS node, when from finance data storage server
When removing data in MS node, the size of data to be removed is obtained.It ought detect from finance data storage server MS node
Middle removal data, obtain the size of data to be removed.Calculate the current free space of finance data storage server MS node with
The difference of the size of data to be removed.The available backup space of finance data storage server MS node is updated according to difference, and
Available backup space is sent to coordination service device CS.
Judge for by can backup space be sent to coordination service device CS backup process number it is whether more than one;If
It is then to report backup process to be encapsulated as a primitive operation by multiple using process lock, so that the second target process can back up
Space is sent to coordination service device CS.In order to which storage system more accurately counts capacity information, by available backup space with wait for
The size for removing data is sent to coordination service device CS, can for coordination service device CS statistics cloud platform financial events data height
By the service condition of storage system.
In conclusion the present invention proposes a kind of method for secure storing based on cloud computing, financial transaction data is improved
The safety and reliability of management system.
Obviously, it should be appreciated by those skilled in the art, each module of the above invention or each steps can be with general
Computing system realize that they can be concentrated in single computing system, or be distributed in multiple computing systems and formed
Network on, optionally, they can be realized with the program code that computing system can perform, it is thus possible to they are stored
It is executed within the storage system by computing system.In this way, the present invention is not limited to any specific hardware and softwares to combine.
It should be understood that the above-mentioned specific implementation mode of the present invention is used only for exemplary illustration or explains the present invention's
Principle, but not to limit the present invention.Therefore, that is done without departing from the spirit and scope of the present invention is any
Modification, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.In addition, appended claims purport of the present invention
Covering the whole variations fallen into attached claim scope and boundary or this range and the equivalent form on boundary and is repairing
Change example.
Claims (4)
1. a kind of method for secure storing based on cloud computing, which is characterized in that including:
The payment application server PAS and financial transaction terminal TUE of cloud platform transmit financial events by safety communicating method
Data E_DATA;
Payment application server PAS stores the financial events data E_DATA on foreground to the finance data storage service of cloud platform
In device MS.
2. according to the method described in claim 1, it is characterized in that, the financial transaction terminal TUE to payment application server
Before PAS sends financial events data E_DATA, further include:
Financial transaction terminal TUE sends the data encapsulation version and Encryption Algorithm itself used to payment application server PAS
Configure parameter.
3. according to the method described in claim 1, it is characterized in that, the payment application server PAS feeds back to financial transaction
The heartbeat message of the data encapsulation version of terminal TUE oneself, the configuration parameter of Encryption Algorithm and the private key encryption with oneself.
4. according to the method described in claim 3, it is characterized in that, further comprising:
The certificate of oneself is transmitted to financial transaction terminal TUE by payment application server PAS;And ask financial transaction terminal TUE
Send the certificate of oneself;
Financial transaction terminal TUE passes over the body of certification authentication payment application server PAS with payment application server PAS
Part, if identity is not verified, terminate data communication;
Certification authentication is attempted decryption using the public key of payment application server PAS after passing through and is believed with the heartbeat that private key encryption is crossed by it
Breath terminates to communicate if decrypting failure;
Financial transaction terminal TUE generates random floating point, and this random floating point payment application server PAS is sent
The public key encryption to come over, this ciphering process generates the random floating point ciphertext in this heartbeat signal, then by random floating-point
Number ciphertext sends back to payment application server PAS;
When the PAS requests of payment application server need to verify financial transaction terminal TUE, cards of the financial transaction terminal TUE oneself
Book is transmitted to payment application server PAS together;
After the identity for having verified financial transaction terminal TUE, then pays application server PAS and decrypt to obtain with the private key of oneself
Random floating point ciphertext then both sides using this random floating point ciphertext come joint consultation, obtain session key to transmit number
According to;
Both sides exchange ending message again, and heartbeat signal terminates;The following both sides session key consulted, using AES encryption
To communicate.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810261742.8A CN108494780A (en) | 2018-03-28 | 2018-03-28 | A kind of method for secure storing based on cloud computing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810261742.8A CN108494780A (en) | 2018-03-28 | 2018-03-28 | A kind of method for secure storing based on cloud computing |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108494780A true CN108494780A (en) | 2018-09-04 |
Family
ID=63316870
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810261742.8A Withdrawn CN108494780A (en) | 2018-03-28 | 2018-03-28 | A kind of method for secure storing based on cloud computing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108494780A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109583899A (en) * | 2018-12-20 | 2019-04-05 | 鸿秦(北京)科技有限公司 | Data storage and management method and system based on cloud storage service device |
CN109933626A (en) * | 2019-02-12 | 2019-06-25 | 平安科技(深圳)有限公司 | Data processing method, device and the financial transaction terminal of financial business |
CN110647558A (en) * | 2019-09-17 | 2020-01-03 | 顾博航 | Financial information statistics management system |
-
2018
- 2018-03-28 CN CN201810261742.8A patent/CN108494780A/en not_active Withdrawn
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109583899A (en) * | 2018-12-20 | 2019-04-05 | 鸿秦(北京)科技有限公司 | Data storage and management method and system based on cloud storage service device |
CN109933626A (en) * | 2019-02-12 | 2019-06-25 | 平安科技(深圳)有限公司 | Data processing method, device and the financial transaction terminal of financial business |
CN109933626B (en) * | 2019-02-12 | 2024-01-30 | 平安科技(深圳)有限公司 | Financial business data processing method and device and financial transaction terminal |
CN110647558A (en) * | 2019-09-17 | 2020-01-03 | 顾博航 | Financial information statistics management system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP7351591B2 (en) | Multi-authorization system that uses M out of N keys to restore customer wallets | |
CN110535833B (en) | Data sharing control method based on block chain | |
US8966288B2 (en) | System and method for providing encryption in storage operations in a storage network, such as for use by application service providers that provide data storage services | |
CN108459929A (en) | A kind of data back up method based on cloud computing | |
US7277941B2 (en) | System and method for providing encryption in a storage network by storing a secured encryption key with encrypted archive data in an archive storage device | |
US11093558B2 (en) | Providing accountability of blockchain queries | |
CN110032545A (en) | File memory method, system and electronic equipment based on block chain | |
CN105210062B (en) | System scope checkpoint for distributed data base system avoids | |
US7975138B2 (en) | Systems and methods for mutually authenticated transaction coordination messages over insecure connections | |
CN108076148A (en) | Storage system based on block chain | |
CN108111585A (en) | Distributed storage method based on block chain | |
CN112835612A (en) | Electronic document version management method and device based on block chain | |
JP2001516913A (en) | Encrypted file system and method | |
CN107710215A (en) | The method and apparatus of mobile computing device safety in test facilities | |
CN108494780A (en) | A kind of method for secure storing based on cloud computing | |
CN106815528B (en) | A kind of file management method and device, storage equipment | |
CN101647006A (en) | Be used for method of data backup and system | |
WO2017206754A1 (en) | Storage method and storage device for distributed file system | |
CN110060161A (en) | It trades anti-heavy client service implementation method and serviced component for block chain | |
CN1787432B (en) | Method and system for authenticating a node requesting another node to perform work | |
CN110880113A (en) | Authentication server and authentication method for block chain transaction | |
CN109951490A (en) | Webpage integrity assurance, system and electronic equipment based on block chain | |
CN112988073A (en) | Stepped data storage method and system capable of reducing block chain storage overhead | |
WO2022206453A1 (en) | Method and apparatus for providing cross-chain private data | |
CN108134822A (en) | The method for down loading of storage system based on block chain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20180904 |
|
WW01 | Invention patent application withdrawn after publication |