CN108494780A - A kind of method for secure storing based on cloud computing - Google Patents

A kind of method for secure storing based on cloud computing Download PDF

Info

Publication number
CN108494780A
CN108494780A CN201810261742.8A CN201810261742A CN108494780A CN 108494780 A CN108494780 A CN 108494780A CN 201810261742 A CN201810261742 A CN 201810261742A CN 108494780 A CN108494780 A CN 108494780A
Authority
CN
China
Prior art keywords
data
pas
application server
tue
payment application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201810261742.8A
Other languages
Chinese (zh)
Inventor
刘颖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Hui Zhi Distant View Science And Technology Ltd
Original Assignee
Chengdu Hui Zhi Distant View Science And Technology Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Hui Zhi Distant View Science And Technology Ltd filed Critical Chengdu Hui Zhi Distant View Science And Technology Ltd
Priority to CN201810261742.8A priority Critical patent/CN108494780A/en
Publication of CN108494780A publication Critical patent/CN108494780A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1458Management of the backup or restore process
    • G06F11/1464Management of the backup or restore process for networked environments
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/561Adding application-functional data or data for application control, e.g. adding metadata
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Finance (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Library & Information Science (AREA)
  • Quality & Reliability (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present invention provides a kind of method for secure storing based on cloud computing, this method includes:The payment application server PAS and financial transaction terminal TUE of cloud platform transmit financial events data E_DATA by safety communicating method;Payment application server PAS stores the financial events data E_DATA on foreground into the finance data storage server MS of cloud platform.The present invention proposes a kind of method for secure storing based on cloud computing, improves the safety and reliability of financial transaction data management system.

Description

A kind of method for secure storing based on cloud computing
Technical field
The present invention relates to cloud storage, more particularly to a kind of method for secure storing based on cloud computing.
Background technology
For real-time financial events data are handled and stored, most enterprises take high in the clouds storage/access technology, will The distribution of real time financial event data is stored in cloud storage cluster, is avoided the operation bottleneck for reading I/O, is more met enterprise's short time Handle the demand of a large amount of real time financial event datas.However, with the continuous increase of processing financial events data volume, cloud storage is given The memory space of cluster brings immense pressure.When data occur backup or replicate beyond the clouds, the storage location of high in the clouds data is all It can change, need to carry out large-scale data reloading, until after data backup process in high in the clouds is completed, could provide just Informal dress be engaged in, be easy to cause loss of data in this way, affect system external provide service ability, reduce system safety and Reliability.
Invention content
To solve the problems of above-mentioned prior art, the present invention proposes a kind of secure storage side based on cloud computing Method, including:
The payment application server PAS and financial transaction terminal TUE of cloud platform transmit finance by safety communicating method Event data E_DATA;
Payment application server PAS stores the financial events data E_DATA on foreground to the finance data storage of cloud platform In server MS.
Preferably, the financial transaction terminal TUE to payment application server PAS send financial events data E_DATA it Before, further include:
Financial transaction terminal TUE sends the data encapsulation version itself used to payment application server PAS and encryption is calculated The configuration parameter of method.
Preferably, the payment application server PAS feed back to financial transaction terminal TUE oneself data encapsulation version, The heartbeat message of the configuration parameter of Encryption Algorithm and the private key encryption with oneself.
Preferably, the certificate of oneself is transmitted to financial transaction terminal TUE by payment application server PAS;And ask finance Transaction terminal TUE sends the certificate of oneself;
Financial transaction terminal TUE passes over certification authentication payment application server PAS's with payment application server PAS Identity terminates data communication if identity is not verified;
Certification authentication is attempted to decrypt the heart crossed with private key encryption by it after passing through using the public key of payment application server PAS Hop-information terminates to communicate if decrypting failure;
Financial transaction terminal TUE generates random floating point, and this random floating point payment application server PAS The public key encryption sended over, this ciphering process generate the random floating point ciphertext in this heartbeat signal, then will be random Floating number ciphertext sends back to payment application server PAS;
When the PAS requests of payment application server need to verify financial transaction terminal TUE, financial transaction terminal TUE is oneself Certificate be transmitted to payment application server PAS together;
After the identity for having verified financial transaction terminal TUE, then pays application server PAS and decrypted with the private key of oneself Random floating point ciphertext and then both sides are obtained using this random floating point ciphertext come joint consultation, obtain session key to transmit Data;
Both sides exchange ending message again, and heartbeat signal terminates;The following both sides session key consulted, using AES It encrypts to communicate.
The present invention compared with prior art, has the following advantages:
The present invention proposes a kind of method for secure storing based on cloud computing, improves financial transaction data management system Safety and reliability.
Description of the drawings
Fig. 1 is the flow chart of the method for secure storing according to the ... of the embodiment of the present invention based on cloud computing.
Specific implementation mode
Retouching in detail to one or more embodiment of the invention is hereafter provided together with the attached drawing of the diagram principle of the invention It states.The present invention is described in conjunction with such embodiment, but the present invention is not limited to any embodiments.The scope of the present invention is only by right Claim limits, and the present invention covers many replacements, modification and equivalent.Illustrate in the following description many details with Just it provides a thorough understanding of the present invention.These details are provided for exemplary purposes, and without in these details Some or all details can also realize the present invention according to claims.
An aspect of of the present present invention provides a kind of method for secure storing based on cloud computing.Fig. 1 is implemented according to the present invention The method for secure storing flow chart based on cloud computing of example.
The highly reliable storage system of cloud platform financial events data of the present invention is based on block chain technology, is stored in finance data Cheng Zhong selects a copy node to record while data generate by associated multiple copy node joint consultations The data label of foundation so that each copy node is involved in the storage competition and selection of data, improves the confidence level of storage data; When any one follow-up copy node is needed using the financial events data generated, high confidence level is directly obtained according to data label Data.
The highly reliable storage system of cloud platform financial events data includes coordination service device CS, payment application server PAS, deposits Store up server MS.Wherein, payment application server PAS and coordination service device CS is communicated, the event data for receiving foreground E_DATA, and these event datas E_DATA is stored in buffer queue, sequence is sent to coordination service device CS successively;Or to Coordination service device CS transmission data read requests, and corresponding financial events number is read from finance data storage server MS in real time According to.
Data label is stored into the corresponding block of block chain by storage server MS;Often storing a data label should Increase a block in block chain, which is made of multiple data storage area blocks, and each data storage area block has recorded The data label that one copy node is established so that the data pointed by data label recorded can not distort.
The finance data storage server includes N number of finance data storage server MS, receives coordination service device CS hairs The financial events data E_DATA received from payment application server PAS sent, the number of each finance data storage server MS It is according to storage format<Hashed value, E_DATA>;The memory space surplus of each finance data storage server MS is supplied to Coordination service device CS;After coordination service device CS completes high in the clouds data backup, the high in the clouds data that coordination service device CS is sent are received Information is completed in backup, it would be desirable to the event data E_DATA of backup be completed on the finance data storage server MS that data remove It deletes.
The payment application server PAS and financial transaction terminal TUE transmits financial events by safety communicating method Data E_DATA.Before financial transaction terminal TUE sends financial events data E_DATA to payment application server PAS, gold Melt the configuration ginseng that transaction terminal TUE sends the data encapsulation version and Encryption Algorithm that itself use to payment application server PAS Number.The configuration that payment application server PAS feeds back to data the encapsulation version, Encryption Algorithm of financial transaction terminal TUE oneself is joined The heartbeat message of private key encryption several and with oneself.And then the certificate of oneself is transmitted to gold by payment application server PAS Melt transaction terminal TUE.And financial transaction terminal TUE is asked to send the certificate of oneself.Financial transaction terminal TUE payment application clothes The identity that business device PAS passes over certification authentication payment application server PAS terminates data if identity is not verified Communication.Certification authentication is attempted to decrypt the heartbeat crossed with private key encryption by it after passing through using the public key of payment application server PAS Information terminates to communicate if decrypting failure.Financial transaction terminal TUE generates random floating point, and this random floating-point The public key encryption that number is sended over payment application server PAS, this ciphering process generate random in this heartbeat signal Then random floating point ciphertext is sent back to payment application server PAS by floating number ciphertext.Pay application server PAS requests When needing to verify financial transaction terminal TUE, the certificate of oneself is transmitted to payment application server by financial transaction terminal TUE together PAS。
After the identity for having verified financial transaction terminal TUE, then pays application server PAS and decrypted with the private key of oneself Random floating point ciphertext and then both sides are obtained using this random floating point ciphertext come joint consultation, obtain session key to transmit Data.Both sides exchange ending message again, and heartbeat signal terminates.The following both sides session key consulted, using AES encryption To communicate.
The decentralization memory mechanism based on block chain of storage server MS includes:
1) financial transaction terminal TUE generates one group of financial events data, this group of data are passed through storage server block chain The remote procedure call protocol interface of network is sent in financial events storage server block chain network, what calling had been disposed Intelligent contract come complete digital label write-in, retrieval or more new function.
Intelligent contract is used as logical layer in the model, receives the request of three types:Digital label write request, is denoted as Τα;Digital label update request, is denoted as Τβ;Digital label retrieval request, is denoted as Τγ
By calling the intelligent contract being deployed on financial events data block chain, the digital label information of oneself is written New block is simultaneously linked on block chain.The data stored on block chain have the characteristic that can not be distorted, and each group of finance Event data all includes timestamp, so proof can be provided for the ownership of digital label.
2) after the host node in mine machine network receives event request data, pass through financial events storage server block The common recognition mechanism of chain network generates new financial events block locally carrying out operation, which propagates between mine machine, when super After more than half nodes confirmed the validity of the block, this digital label information can just be written to the storage of block chain.Newly Block through verification its legitimacy after, by record father's block HASH be linked on financial events data block chain.
Financial events storage server block chain network is built jointly end to end by each copy node being added Distributed network.When creating financial events, the client call RPC interfaces in block chain network generate affairs.Affairs include Two major classes:First, a intelligence and about S are disposed under given conditions, the second is passing through the contract disposed generates message tune With the serializing of affairs T indicates such as:
T=RLP (Tn, Tt, Ts, Tc, Td)
Wherein:RLP is recursion length prefix code, and financial events are serialized and are indicated;TtIndicate financial transaction recipient Account address HASH values, type of transaction is represented when it is empty to create contract;TcRepresent the byte number of the code of new contract Group;TnRepresent total number of transactions that the founder of contract initiates;TsIt is initiator to the signature of financial transaction information.Work as TtIndicate gold When the account address for melting transaction acceptance side is not empty, show that the type of transaction is to generate message tune by the intelligent contract disposed With TdTo call the byte arrays of intelligent contract-defined interface data.
Mine mechanism in financial events storage server block chain network makes block and is divided into synchronous block chain, construction new block Intact block step is given birth to mineral products are dug.When constructing new block, the mine machine in financial events storage server block chain network passes through The book keeping operation power that newest block chain obtains next block is synchronized, to unacknowledged financial events data T in network in a period of time ={ T1, T2..., TnBe collected.Financial events block difficulty value setting function is called to obtain the difficulty value H of new block headd, Digging mine target for setting next step.In transaction execution and Qualify Phase, the financial events data being collected into are verified The legitimacy of legitimacy and account including trading signature.It merchandises to execute and completes to return setting block transaction root.According to financial thing Calculating and collection of the included information of part block into row information.The financial events block B not comprising random number is constructed as a result,n
Mine algorithm is dug according to BnBlock head difficulty value Hd, the degree-of-difficulty factor for defining the block is Hdco, Hdco=2256/ Hd, generate random number rad values, input service amount prove function FinalHash is calculated, if its be less than Hdco, dig mine at Work(.
Mine machine is after constructing new financial events block, and in the Web broadcast block, other nodes close block Method is verified, if in the legal i.e. synchronous new block to financial events data block chain of the block.Wherein, financial events data block The formalization statement of link is such as:αt+1=ζ (... γ (γ (αt, T0), T1)…)
Wherein:The transaction of the new block B that t+1 is generated, confirmation include { T1, T2..., Tn, ζ indicates the gold through block B links Melt event data block chain state transition function, γ indicates financial events data block chain caused by single effectively financial events State changes function, αtIndicate the financial events data block chain state of t moment, αt+1Indicate the financial thing after addition new block B Part data block chain state.By link, transaction is just recorded by real confirmation and permanently on financial events data block chain, this When other nodes synchronize new block obtain book keeping operation power.
Digital label write-in contract is used to be written the copyright of terminal.User can be simultaneously in block chain when login account Contract is written in a digital label of upper deployment, and contract owner is initialized by constructed fuction.It is write in user's call number label When entering contract, which can detect the information of initiator in advance, if the caller of contract is not the owner of this part of contract, nothing The copyright of oneself is written on normal direction block chain;If being successfully written after new financial events, digital label write-in contract can return Digital label of the hash value extracted by file characteristic value as the financial events.Digital label retrieves contract and provides rights management Approach and other users are to operations such as the retrievals of the financial events digital label.Data owner retrieves contract pipe by calling User's grant column list is managed, the user being only in list just has the permission for checking data.It stores to be authorized in grant column list and use The public key at family, when other users call contract to retrieve a certain financial events, retrieval contract first checks whether the user has permission The public key for accessing the i.e. user whether there is in grant column list, and if it exists, the financial events data being retrieved can first pass through inspection It being returned again to after the public key encryption of rope user to user, user can get digital label information using the private key decryption of oneself, Ensure that the financial events in transmission process will not be intercepted and captured by other people.Digital label update contract exchanges oneself by between terminal The digital label of financial events.After two sides consult transaction, the purchaser of digital label initiates digital label update request, number After word label owner receives request, the digital label update agreement of update contract is called to trigger update event.If digital label Owner agrees to this time merchandise, and update contract will carry out digital label transfer and execute transfer operation;If digital label possesses Person disagrees, this group of financial events data are directly popped up from queue.
The coordination service device CS is for initializing the communication between control table, each server of coordination, management high in the clouds data Backup.Coordination service device CS includes:Receiving node, starter node and copy node.Wherein, receiving node receives each finance The memory space surplus of data storage server MS;Starter node is deposited when at least one of storage server MS finance datas When the memory space surplus of storage server MS is more than memory space using threshold value, log-on data backup process;Determine backup member Data, the backup metadata include the position for the finance data storage server MS for needing data to remove, event to be backed up The position of the hashed value of data E_DATA, the size and target storage server MS of event data E_DATA to be backed up;Copy The event data E_DATA to be backed up of storage is backuped to target storage server MS, wherein mesh by node according to backup metadata Mark storage server MS is the finance data storage server MS increased newly.
Coordination service device CS preferably further includes storage monitoring node, and memory space surplus is received in receiving node Afterwards, memory space surplus is recorded in data backup global listings, real time monitoring finance data storage server MS's deposits Space hold state is stored up, the parameter in data backup global listings includes the ID of each finance data storage server MS, storage Spatial Residual amount and each storage server MS data backup status;Data backup status includes not starting state, beginning state And completion status.
The starter node, which is specifically used for working as, monitors at least one of storage server MS finance data storage services The memory space surplus of device MS is more than predefined memory space and uses threshold value, and all finance data storage server MS Status of Backups be trigger data backup process when not starting state.
Coordination service device CS is additionally operable to after data backup process triggers, and modification data backup global listings need to count According to the data backup status of the finance data storage server MS of removal.Specifically, the change procedure of data backup global listings It is as follows:
In the initial phase of monitoring data backup process, by the data backup shape of all finance data storage server MS State is set as not starting state;After trigger data backup process, the finance data that data remove is deposited according to backup first storage pool The data backup status of storage server MS is set as beginning state.When to complete data standby by some finance data storage server MS Part, then the Status of Backups of finance data storage server MS is set as completion status;When all participate in backing up needs data to move When the Status of Backups of the finance data storage server MS removed is all completion status, indicate that this high in the clouds data backup is complete At the Status of Backups of all finance data storage server MS is all reduced to not start.
Receiving node is used to receive the event data E_DATA that payment application server PAS is sent;Determine the event data The hashed value of E_DATA;Copy node is additionally operable to the hashed value according to addressing concordance list and event data E_DATA, by event number It is sent to corresponding finance data storage server MS in storage server MS according to E_DATA.Receiving node receives payment application clothes The data read request that business device PAS is sent;It is corresponding according to being obtained in data read request to corresponding finance data storage server MS Event data E_DATA;Corresponding event data E_DATA is sent to payment application server PAS by copy node.Wherein institute State the pre-recorded mapping relations of hashed value and finance data storage server MS of addressing concordance list.
Copy node is to judge dissipating for event data E_DATA after the hashed value that event data E_DATA has been calculated Whether train value is in the range of hashed value in addressing concordance list, when the hashed value of event data E_DATA is indexed between addressing When in table in the range of hashed value, financial number corresponding with the hashed value of event data E_DATA is found from addressing concordance list According to the position of storage server MS, event data E_DATA is sent to the corresponding finance data storage server in the position MS。
After the completion of data backup, parameter update also is carried out to addressing concordance list by coordination service device CS;Work as finance data When the event data E_DATA stored on storage server MS changes, according to the position of finance data storage server MS, update The hashed value of corresponding event data E_DATA;When increasing finance data storage server MS, increase new finance data The position of storage server MS, and increase the hashed value of corresponding event data E_DATA.
It copies node and carries out persistent storage, storage by the event data E_DATA that application server PAS is sent is paid Format is:<Storage server position, hashed value, E_DATA>;According to backup metadata, the parameter to the backup table being locally stored It is updated;The parameter of backup table includes the position for the finance data storage server MS for needing data to remove, thing to be backed up Number of packages according to the hashed value and target storage server MS of E_DATA position;According to updated backup table, will wait in order standby The event data E_DATA of part backups to target storage server MS.Node is copied after the completion of data backup, to needing data The finance data storage server MS of removal sends high in the clouds data backup and completes information, and control needs the finance data that data remove Storage server MS deletes the event data E_DATA that backup is completed.
In addition to coordination service device, the highly reliable storage system of cloud platform financial events data of the invention further includes spare coordination Server CS0.When coordination service device CS exceptions, spare coordination service device CS0 can start the service function of coordination service device CS, As current coordination service device CS;And select a storage server MS as spare from all storage server MS at this time Coordination service device CS0.Coordination service device CS and spare coordination service device CS0 stores identical metadata;Wherein, metadata includes The ID of the ID of storage server MS, the event data E_DATA blocks of storage server MS storages.
When receiving event data E_DATA requests, depositing for processing event data E_DATA requests is determined according to metadata Store up server MS.If event data E_DATA requests are write request, determined according to the metadata stored on coordination service device CS The ID of the corresponding storage server MS of free block of writable pending financial events data E_DATA, by pending financial thing Number of packages is written according to E_DATA to the corresponding storage server MS of free block, obtains the pending financial events data E_DATA ID and the pending financial events data E_DATA of the write-in free block ID correspondence and the pending gold of the write-in Melt the ID of the free block of event data E_DATA and depositing where the free block of the pending financial events data E_DATA of the write-in Store up the correspondence of the ID of server MS.If event data E_DATA requests is read file request, according on coordination service device CS The file ID of the metadata of storage and pending financial events data E_DATA determines and stores pending financial events data E_ Storage server MS where the data block of the ID of the data block of DATA and the pending financial events data E_DATA of the storage ID;Then corresponding event is read in the storage server MS where the data block for storing pending financial events data E_DATA Data E_DATA.
Wherein, after using spare coordination service device CS0 as current coordination service device CS, the multiple of cloud platform are determined The weights of each storage server MS in finance data storage server MS;According to the weights of each storage server MS, to A storage server MS is selected in a few storage server MS as current spare coordination service device CS0;It will be current Metadata on coordination service device CS is synchronized on current spare coordination service device CS0.On the one hand, current coordination service device CS By the way that heartbeat signal, the state of detection storage server MS occurs to storage server MS:If by coordination service device CS to depositing Each storage server MS in storage server MS sends heartbeat signal and receives the storage server in predefined duration The corresponding response of the heartbeat signal that MS is returned, it is determined that storage server MS is in normal operating conditions;If predefined The corresponding response of the heartbeat signal that storage server MS is returned is not received in duration, it is determined that storage server MS is different Often.Coordination service device CS can also detect spare coordination service device by sending heartbeat signal to spare coordination service device CS0 The state of CS0.
On the other hand, each storage server MS in storage server MS sends heartbeat letter to the coordination service device CS Number, the state of detection coordination service device CS:By each storage server MS in the storage server MS to the association It adjusts server CS to send heartbeat signal and the heartbeat signal for receiving the CS transmissions of coordination service device in predefined duration is corresponding In the case of response, determine that the coordination service device CS is in normal operating conditions;And determine that coordination service device CS includes extremely: Heartbeat signal is being sent to coordination service device CS and by each storage server MS in storage server MS when predefined In the case of not receiving the corresponding response of the heartbeat signal that coordination service device CS is sent in long, determine that coordination service device CS is different Often.
Wherein it is determined that the weights of each storage server MS include in storage server MS:According to appointing in the following contents One or the weights of appointing multinomial content to determine:CPU core number, the CPU number of concurrent, storage space volume.
After data backup process triggers, the present invention includes following backup policy in a preferred embodiment:
1:N groups event data E_DATA to be backed up is determined from least one source storage pool according to rule is actually backed up; Wherein, every group of event data E_DATA to be backed up in N groups event data E_DATA to be backed up is deposited according to predefined backup rules In storage to the corresponding source storage pools of group event data E_DATA to be backed up, and every group of event data E_DATA to be backed up corresponds to one A major key;N is positive integer;
2:For every group of event data E_DATA to be backed up in N groups event data E_DATA to be backed up, according to practical standby Part rule determines the corresponding purpose storage pools of group event data E_DATA to be backed up;And the group is generated in purpose storage pool and is waited for The event data E_DATA copies to be backed up of backup event data E_DATA;
3:If it is determined that generating in N groups event data E_DATA to be backed up the to be backed up of every group of event data E_DATA to be backed up Event data E_DATA copies then delete N groups event data E_DATA to be backed up from least one source storage pool.
When the present invention carries out data conversion storage, operating unit is N groups event data E_DATA to be backed up, shortens event data E_ The time of DATA unloading process access interrupts, and then reduce data conversion storage and cloud platform finance is accessed for financial transaction terminal TUE The influence of the highly reliable storage system of event data.
Before at least one source storage pool is progress data conversion storage in the highly reliable storage system of cloud platform financial events data Including the source position that is stored according to predefined backup rules of all storage pools and every group of event data E_DATA to be backed up. Purpose storage pool is the target location that every group of event data E_DATA to be backed up is stored according to rule is actually backed up,
Source storage pool includes at least one set of event data of at least one KEYID stored according to predefined backup rules E_DATA;Each KEYID identifies one group of data;Predefined backup rules preferably include:If one group of event data E_DATA packet In the first predefined scope of the corresponding value of predefined field included in the first aggregate, then this group of event data E_DATA is deposited Storage is in the corresponding position of the first predefined scope;Wherein, first set includes at least one first predefined scope.
In specific implementation, each storage server may include one in the highly reliable storage system of cloud platform financial events data A storage pool can also include multiple storage pools.Based on described above, according to being actually backed up rule from least one source storage pool In determine N groups event data E_DATA to be backed up before, further include:
Determine that the data backup rule in the highly reliable storage system of cloud platform financial events data needs to update, including from pre- Backup rules are defined to be updated to be actually backed up rule;Wherein, being actually backed up rule includes:If one group of event data E_DATA includes Corresponding second predefined scope of the value in second set of predefined field in, then by this group of event data E_DATA It is stored in the corresponding position of the second predefined scope;Second set includes at least one second predefined scope.
Below to how to determine that N groups event data E_DATA to be backed up is introduced.For source storage pool include to Every group of event data E_DATA in few one group of event data E_DATA, executes following steps:Determine this group of event data E_ DATA is according to the position for being actually backed up rule storage;If this group of event data E_DATA of the KEYID is according to predefined backup The position of rule storage is differed with this group of event data E_DATA according to the position for being actually backed up rule storage, then this group of event Data E_DATA is one group of data to be backed up.In this way, according to predefined backup rules and being pressed according to every group of event data E_DATA The according to the facts position of border backup rules storage, determines the event data E_DATA to be backed up after data backup Policy Updates, into And it treats backup event data E_DATA and carries out data movement.
After the data backup rule for determining the highly reliable storage system of cloud platform financial events data needs to update, need Data conversion storage is carried out to the event data E_DATA stored in the highly reliable storage system of cloud platform financial events data.Actual During data conversion storage, for the thing of at least one KEYID stored in the highly reliable storage system of cloud platform financial events data Number of packages can be divided into two kinds of situations according to the storage location of E_DATA:The first, one group of event data E_DATA is according to predefined standby Part rule is identical with regular storage location is actually backed up, this group of event data E_DATA need not be synchronized;Second, one group of event Data E_DATA is according to predefined backup rules and is actually backed up regular storage location variation, this group of data need to synchronize.
Optionally, the event data E_ to be backed up of group event data E_DATA to be backed up is generated in purpose storage pool DATA copies, including:For every group of event data E_DATA to be backed up in N groups event data E_DATA to be backed up, in purpose The event data E_DATA copies to be backed up of group event data E_DATA to be backed up are generated in storage pool;And it is to be backed up in the group In the corresponding source storage pools of event data E_DATA label to be removed is added for group event data E_DATA to be backed up;And at this It is that event data E_DATA copies to be backed up add and wait enabling in the corresponding purpose storage pools of group event data E_DATA to be backed up Label.If one group of event data E_DATA according to predefined backup rules and be actually backed up rule storage location it is constant, for Label is not changed in this group of event data E_DATA addition.
The data of the data backup Policy Updates used below the highly reliable storage system of cloud platform financial events data are moved Label during dynamic carries out citing introduction.When first time data backup rule changes, if predefined backup rules are rule Then one, rule is actually backed up as rule two, then the rule one used the highly reliable storage system of cloud platform financial events data is more It is new that label to be removed is set as -1 during data conversion storage for rule two, wait that enabling label is set as 1, does not change label and is set as 0;After data conversion storage completion, the highly reliable storage system of cloud platform financial events data using rule two includes that band needs It enables label 1 and does not change the event data E_DATA of label 0;When second of data backup rule changes, if predefined Backup rules are rule two, are actually backed up rule as rule three;The highly reliable storage system of cloud platform financial events data is used Rule two be updated to rule three, event data E_DATA to be backed up is redefined out during data conversion storage, will be to be removed Label is set as -1, waits that enabling label is set as 2, the constant event data E_DATA of storage location remains on first time data backup The corresponding value of label when rule changes, for example use 0 and 1.
The deletion N groups event data E_DATA to be backed up from least one source storage pool, including:
For each source storage pool, every group of event data E_ to be backed up of label to be removed will be added in the storage pool of source DATA is deleted.At this point, data conversion storage terminates, the event data E_DATA in the highly reliable storage system of cloud platform financial events data Including the event data E_DATA for waiting enabling label and the event data E_DATA for not changing label.Data conversion storage is waited in addition to movement Backup event data E_DATA further includes the update to backup rules.Before data conversion storage, cloud platform financial events data are high All event data E_DATA are stored according to predefined backup rules in reliable memory system.During data conversion storage, to Before deleting N groups event data E_DATA to be backed up in a few source storage pool, further include:If it is determined that basis is needed to be actually backed up Rule event data E_DATA to be backed up to N groups is backed up, then every group be directed in N groups event data E_DATA to be backed up waits for Backup event data E_DATA, by the backup rules of group event data E_DATA to be backed up be updated to predefined backup rules and It is actually backed up rule.Before completing data conversion storage, there is the event to be backed up stored according to predefined backup rules in system Data E_DATA and the event data E_DATA copies to be backed up stored according to rule is actually backed up, so avoidable data movement The problem of data caused by malfunctioning in the process can not access.
When data conversion storage is completed, there are a backup rules in the highly reliable storage system of cloud platform financial events data. After deleting N groups event data E_DATA to be backed up at least one source storage pool, further include:For N groups event to be backed up Every group of event data E_DATA to be backed up in data E_DATA, more by the backup rules of group event data E_DATA to be backed up New is to be actually backed up rule.It, can be directly according to being actually backed up regular Access Events data E_ after completing data conversion storage DATA。
The to be backed up of group event data E_DATA to be backed up is generated in the embodiment of the present invention in the purpose storage pool The realization method of event data E_DATA copies can be:
Event data E_DATA to be backed up is synchronized in purpose storage pool from the storage pool of source, is claimed in purpose storage pool For event data E_DATA copies to be backed up.The process of purpose storage pool is synchronized to below for event data E_DATA to be backed up In, how to realize that the influence reduced to access is introduced.If in the N groups event data E_DATA to be backed up of N number of KEYID Any group of event data E_DATA to be backed up starts after synchronizing, and in the N groups of N number of KEYID event data E_DATA to be backed up It is fully synchronized to before target location, receive the data retrieval request of financial transaction terminal TUE, then allow financial transaction terminal TUE is accessed in the highly reliable storage system of cloud platform financial events data with the event data to be removed marked and do not change label E_DATA.By all event data E_DATA in synchronizing process are marked, financial transaction terminal TUE is allowed to access band There is the event data E_DATA to be backed up for not changing label and label to be removed, the access of financial transaction terminal TUE is not caused It influences.If fully synchronized to after target location in the N groups event data E_DATA to be backed up of N number of KEYID, financial friendship is received The data retrieval request of easy terminal TUE, then allow financial transaction terminal TUE to access the highly reliable storage of cloud platform financial events data Band needs to be enabled label and does not change the event data E_DATA of label in system.To avoid Data duplication from accessing, allow to access Band needs to be enabled label and does not change the event data E_DATA of label;In this way, financial transaction terminal TUE can be accessed it is all The constant event data E_DATA and N group event data E_DATA to be backed up in position in any group of event data E_DATA.
Optionally, fully synchronized to after target location in the N groups of N number of KEYID event data E_DATA to be backed up, also wrap It includes:
For each major key of N number of major key, if the event data E_DATA to be backed up of the KEYID in the storage pool of source is generated The corresponding new operation note of major key is then synchronized to the corresponding target location of major key by new operation note;It is corresponded to by major key New operation note be synchronized to before the corresponding target location of major key, stop data write-in.It ensure that every after data move The integrality of the data to be backed up of a KEYID.
The coordination service device CS is additionally operable to be managed the space of each storage control.Specifically, the coordination The size for the event data to be stored that server CS is received according to current payment application server, judges currently stored server section Whether the free space of point is sufficient.If sufficient, financial transaction terminal TUE directly corresponds to current event data write-in to be stored Finance data storage server MS node in;If insufficient, judge to execute whether more than one of backup process for writing data Process sends the request of application object space to coordination service device CS if being no more than;It, will be multiple using process lock if being more than Write process is encapsulated as a primitive operation, so that first object process sends asking for application object space to coordination service device CS It asks.Specifically, apply for that the calculating process of object space is:
When obtaining last multi-process while writing data, first backup process is successfully written finance data storage server In MS node after data, the size of data in remaining each backup process finance data storage server MS node to be written;Meter After the size for calculating size of data event data to be stored corresponding with first object process, using as object space size Value.
The real space that coordination service device CS is returned is received, and according to finance data storage server MS node current residual The free space of free space sizes values and real space update finance data storage server MS node.Coordination service device CS exists After the space request for receiving financial transaction terminal TUE, feeds back to financial transaction terminal TUE real spaces and be more than financial transaction terminal The spatial value of TUE applications, that is to say, that real space includes object space sizes values and predefined telescopic space value.It is predefined Choosing for telescopic space value can use shape according to the active volume of the highly reliable storage system of cloud platform financial events data, capacity Condition and the operation conditions of the financial transaction terminal TUE in present application space are determined.
According to finance data storage server MS node current residual free space sizes values and real space update finance The free space of data storage server MS node.Event number to be stored is written into finance data storage server MS node According to, and obtain in write-in finance data storage server MS node and increase size of data newly, calculate finance data storage server MS The difference of the current space available sizes values and newly-increased size of data of node.
According to difference update finance data storage server MS node can backup space, and can backup space be sent to Coordination service device CS.By can backup space, the size newly increased, metadata feedback real space be sent to coordination service device CS can be used for the capacity service condition of the coordination service device CS statistics highly reliable storage systems of cloud platform financial events data.
Judge for by can backup space be sent to coordination service device CS backup process number it is whether more than one;If It is then to report backup process to be encapsulated as a primitive operation by multiple using process lock, so that the second target process can back up Space is sent to coordination service device CS.
In view of financial transaction terminal TUE not only writes data into the highly reliable storage system of cloud platform financial events data, Data deletion can be also carried out, in consideration of it, the invention also includes:
It determines whether to remove data from finance data storage server MS node, when from finance data storage server When removing data in MS node, the size of data to be removed is obtained.It ought detect from finance data storage server MS node Middle removal data, obtain the size of data to be removed.Calculate the current free space of finance data storage server MS node with The difference of the size of data to be removed.The available backup space of finance data storage server MS node is updated according to difference, and Available backup space is sent to coordination service device CS.
Judge for by can backup space be sent to coordination service device CS backup process number it is whether more than one;If It is then to report backup process to be encapsulated as a primitive operation by multiple using process lock, so that the second target process can back up Space is sent to coordination service device CS.In order to which storage system more accurately counts capacity information, by available backup space with wait for The size for removing data is sent to coordination service device CS, can for coordination service device CS statistics cloud platform financial events data height By the service condition of storage system.
In conclusion the present invention proposes a kind of method for secure storing based on cloud computing, financial transaction data is improved The safety and reliability of management system.
Obviously, it should be appreciated by those skilled in the art, each module of the above invention or each steps can be with general Computing system realize that they can be concentrated in single computing system, or be distributed in multiple computing systems and formed Network on, optionally, they can be realized with the program code that computing system can perform, it is thus possible to they are stored It is executed within the storage system by computing system.In this way, the present invention is not limited to any specific hardware and softwares to combine.
It should be understood that the above-mentioned specific implementation mode of the present invention is used only for exemplary illustration or explains the present invention's Principle, but not to limit the present invention.Therefore, that is done without departing from the spirit and scope of the present invention is any Modification, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.In addition, appended claims purport of the present invention Covering the whole variations fallen into attached claim scope and boundary or this range and the equivalent form on boundary and is repairing Change example.

Claims (4)

1. a kind of method for secure storing based on cloud computing, which is characterized in that including:
The payment application server PAS and financial transaction terminal TUE of cloud platform transmit financial events by safety communicating method Data E_DATA;
Payment application server PAS stores the financial events data E_DATA on foreground to the finance data storage service of cloud platform In device MS.
2. according to the method described in claim 1, it is characterized in that, the financial transaction terminal TUE to payment application server Before PAS sends financial events data E_DATA, further include:
Financial transaction terminal TUE sends the data encapsulation version and Encryption Algorithm itself used to payment application server PAS Configure parameter.
3. according to the method described in claim 1, it is characterized in that, the payment application server PAS feeds back to financial transaction The heartbeat message of the data encapsulation version of terminal TUE oneself, the configuration parameter of Encryption Algorithm and the private key encryption with oneself.
4. according to the method described in claim 3, it is characterized in that, further comprising:
The certificate of oneself is transmitted to financial transaction terminal TUE by payment application server PAS;And ask financial transaction terminal TUE Send the certificate of oneself;
Financial transaction terminal TUE passes over the body of certification authentication payment application server PAS with payment application server PAS Part, if identity is not verified, terminate data communication;
Certification authentication is attempted decryption using the public key of payment application server PAS after passing through and is believed with the heartbeat that private key encryption is crossed by it Breath terminates to communicate if decrypting failure;
Financial transaction terminal TUE generates random floating point, and this random floating point payment application server PAS is sent The public key encryption to come over, this ciphering process generates the random floating point ciphertext in this heartbeat signal, then by random floating-point Number ciphertext sends back to payment application server PAS;
When the PAS requests of payment application server need to verify financial transaction terminal TUE, cards of the financial transaction terminal TUE oneself Book is transmitted to payment application server PAS together;
After the identity for having verified financial transaction terminal TUE, then pays application server PAS and decrypt to obtain with the private key of oneself Random floating point ciphertext then both sides using this random floating point ciphertext come joint consultation, obtain session key to transmit number According to;
Both sides exchange ending message again, and heartbeat signal terminates;The following both sides session key consulted, using AES encryption To communicate.
CN201810261742.8A 2018-03-28 2018-03-28 A kind of method for secure storing based on cloud computing Withdrawn CN108494780A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810261742.8A CN108494780A (en) 2018-03-28 2018-03-28 A kind of method for secure storing based on cloud computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810261742.8A CN108494780A (en) 2018-03-28 2018-03-28 A kind of method for secure storing based on cloud computing

Publications (1)

Publication Number Publication Date
CN108494780A true CN108494780A (en) 2018-09-04

Family

ID=63316870

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810261742.8A Withdrawn CN108494780A (en) 2018-03-28 2018-03-28 A kind of method for secure storing based on cloud computing

Country Status (1)

Country Link
CN (1) CN108494780A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109583899A (en) * 2018-12-20 2019-04-05 鸿秦(北京)科技有限公司 Data storage and management method and system based on cloud storage service device
CN109933626A (en) * 2019-02-12 2019-06-25 平安科技(深圳)有限公司 Data processing method, device and the financial transaction terminal of financial business
CN110647558A (en) * 2019-09-17 2020-01-03 顾博航 Financial information statistics management system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109583899A (en) * 2018-12-20 2019-04-05 鸿秦(北京)科技有限公司 Data storage and management method and system based on cloud storage service device
CN109933626A (en) * 2019-02-12 2019-06-25 平安科技(深圳)有限公司 Data processing method, device and the financial transaction terminal of financial business
CN109933626B (en) * 2019-02-12 2024-01-30 平安科技(深圳)有限公司 Financial business data processing method and device and financial transaction terminal
CN110647558A (en) * 2019-09-17 2020-01-03 顾博航 Financial information statistics management system

Similar Documents

Publication Publication Date Title
JP7351591B2 (en) Multi-authorization system that uses M out of N keys to restore customer wallets
CN110535833B (en) Data sharing control method based on block chain
US8966288B2 (en) System and method for providing encryption in storage operations in a storage network, such as for use by application service providers that provide data storage services
CN108459929A (en) A kind of data back up method based on cloud computing
US7277941B2 (en) System and method for providing encryption in a storage network by storing a secured encryption key with encrypted archive data in an archive storage device
US11093558B2 (en) Providing accountability of blockchain queries
CN110032545A (en) File memory method, system and electronic equipment based on block chain
CN105210062B (en) System scope checkpoint for distributed data base system avoids
US7975138B2 (en) Systems and methods for mutually authenticated transaction coordination messages over insecure connections
CN108076148A (en) Storage system based on block chain
CN108111585A (en) Distributed storage method based on block chain
CN112835612A (en) Electronic document version management method and device based on block chain
JP2001516913A (en) Encrypted file system and method
CN107710215A (en) The method and apparatus of mobile computing device safety in test facilities
CN108494780A (en) A kind of method for secure storing based on cloud computing
CN106815528B (en) A kind of file management method and device, storage equipment
CN101647006A (en) Be used for method of data backup and system
WO2017206754A1 (en) Storage method and storage device for distributed file system
CN110060161A (en) It trades anti-heavy client service implementation method and serviced component for block chain
CN1787432B (en) Method and system for authenticating a node requesting another node to perform work
CN110880113A (en) Authentication server and authentication method for block chain transaction
CN109951490A (en) Webpage integrity assurance, system and electronic equipment based on block chain
CN112988073A (en) Stepped data storage method and system capable of reducing block chain storage overhead
WO2022206453A1 (en) Method and apparatus for providing cross-chain private data
CN108134822A (en) The method for down loading of storage system based on block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20180904

WW01 Invention patent application withdrawn after publication