CN110798478B - Data processing method and device - Google Patents
Data processing method and device Download PDFInfo
- Publication number
- CN110798478B CN110798478B CN201911076651.8A CN201911076651A CN110798478B CN 110798478 B CN110798478 B CN 110798478B CN 201911076651 A CN201911076651 A CN 201911076651A CN 110798478 B CN110798478 B CN 110798478B
- Authority
- CN
- China
- Prior art keywords
- data
- css
- user side
- request
- sending
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 20
- 238000012545 processing Methods 0.000 claims abstract description 62
- 238000000034 method Methods 0.000 claims abstract description 49
- 238000012217 deletion Methods 0.000 claims description 34
- 230000037430 deletion Effects 0.000 claims description 34
- 230000008569 process Effects 0.000 abstract description 28
- 238000013461 design Methods 0.000 description 29
- 238000010586 diagram Methods 0.000 description 10
- 238000005192 partition Methods 0.000 description 10
- 230000011218 segmentation Effects 0.000 description 10
- 238000012550 audit Methods 0.000 description 8
- 230000006399 behavior Effects 0.000 description 8
- 238000012795 verification Methods 0.000 description 8
- 238000000638 solvent extraction Methods 0.000 description 6
- 238000004364 calculation method Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000005215 recombination Methods 0.000 description 3
- 230000006798 recombination Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000009825 accumulation Methods 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000001066 destructive effect Effects 0.000 description 1
- 239000002360 explosive Substances 0.000 description 1
- 238000013467 fragmentation Methods 0.000 description 1
- 238000006062 fragmentation reaction Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides a data processing method and equipment, the method receives an authentication request sent by a user side through TTP, performs user authentication based on the authentication request, after the authentication is passed, if a data request sent by the user side is received, sends corresponding data to CSS according to the data request, performs corresponding recording according to the sent data, receives information fed back by the CSS, sends corresponding data to the user side according to the received information, and performs corresponding recording according to the sent data, namely, TTP is introduced to complete authentication of a user and the CSS, only the authenticated user can operate, and only the CSS passing the authentication can provide cloud storage service; a certain data processing process is carried out between the user and the storage server, so that the safety of the user data is further enhanced; the recording of the user and the CSS behavior can provide evidence when a problem occurs between the user and the CSS, and solve the problem of \35820; "sink" between the user and the storage server in the conventional situation.
Description
Technical Field
The embodiment of the application relates to the technical field of data storage, in particular to a data processing method and device.
Background
With the maturity of Cloud computing Service model and the explosive increase of data volume of users, more and more users store a large amount of data on a Cloud Storage Service (CSS). The CSS solves the problem of limited user storage and insufficient resources.
Over time and the accumulation of data volume, users have stored a large amount of data above the CSS. One potential risk to the user is that the user may forget the data stored on the CSS or be unsure whether the data is stored on the CSS, and the user can only view through the list of data provided by the CSS. On the other hand, there may be errors in the user's memory, and the user does not store or has performed a delete operation but still asks for return data to the CSS. For CSS, there is no guarantee that it is authentic.
Thus, under the traditional system architecture, the two parties have various situations of \ 35820and declaration mutually. How to provide evidence, perform arbitration, etc. becomes an urgent problem to be solved.
Disclosure of Invention
The embodiment of the application provides a data processing method and equipment, which are used for overcoming the problem that a user and a CSS have a mutual notification of 35820 under the existing system architecture.
In a first aspect, an embodiment of the present application provides a data processing method, including:
receiving an authentication request sent by a user side, and performing user authentication based on the authentication request;
after the authentication is passed, if a data request sent by the user side is received, sending corresponding data to the CSS according to the data request, and carrying out corresponding recording according to the sent data;
and receiving the information fed back by the CSS, sending corresponding data to the user side according to the received information, and carrying out corresponding recording according to the sent data.
In one possible design, the data request is a data upload request, the data upload request carries upload data, the upload data includes a data tag, complete data, and a hash value, wherein the hash value is determined according to the complete data;
the sending of corresponding data to the CSS according to the data request and the corresponding recording according to the sent data includes:
dividing the complete data, and calculating the hash value of each divided data block;
judging whether the complete data is correct or not according to the hash value in the uploaded data and the calculated hash value;
and if the complete data is correct, performing data processing according to the data mark, sending the processed data to the CSS for storage, and performing corresponding recording according to the sent data.
In a possible design, the receiving the information fed back by the CSS, sending corresponding data to the user side according to the information, and performing corresponding recording according to the sent data includes:
and receiving a storage result fed back by the CSS, generating a data list according to the storage result, sending the data list to the user side, and correspondingly recording the data list.
In a possible design, the processing data according to the data mark, and sending the processed data to the CSS for storage includes:
judging whether data encryption is needed or not according to the data mark;
if the data encryption is needed, respectively generating random numbers corresponding to each divided data block;
encrypting each segmented data block according to the generated random number, and obtaining ciphertext data according to an encryption result;
and sending the obtained ciphertext data to the CSS for storage.
In one possible design, the data request is a data download request, the data download request is determined by the user side according to a data list, and the data list is generated by a Trusted Third party (Trusted Third Part, TTP for short) according to data stored in the CSS;
the receiving the information fed back by the CSS, sending corresponding data to the user side according to the information, and performing corresponding recording according to the sent data, includes:
receiving the data to be downloaded fed back by the CSS, wherein the data to be downloaded is determined by the CSS according to the data downloading request;
dividing the data to be downloaded, and calculating the hash value of each divided data block;
judging whether the data to be downloaded is correct or not according to the hash value corresponding to the stored data to be downloaded and the calculated hash value;
and if the data to be downloaded is correct, performing data processing according to the data marks corresponding to the data to be downloaded, sending the processed data to the user side, and performing corresponding recording according to the sent data.
In a possible design, the processing data according to the data mark corresponding to the data to be downloaded, and sending the processed data to the user side includes:
judging whether data encryption is needed or not according to the data mark;
if the data encryption is needed, acquiring a random number corresponding to each divided data block;
encrypting each segmented data block according to the acquired random number, and acquiring ciphertext data according to an encryption result;
and sending the obtained ciphertext data to the user side.
In one possible design, the data request is a data deletion request, the data deletion request is determined by the user side according to a data list, and the data list is generated by the TTP according to the data stored in the CSS;
the receiving the information fed back by the CSS, sending corresponding data to the user side according to the information, and performing corresponding recording according to the sent data, includes:
receiving a deleted certification fed back by the CSS, wherein the deleted certification is generated by the CSS after deleting the data corresponding to the data deletion request;
and storing the deleted certification, feeding back information of successful deletion to the user side, updating the data list according to the deleted certification, sending the updated data list to the user side, and carrying out corresponding recording on the updated data list.
In one possible design, after the authentication is passed, the method further includes:
if receiving a query request sent by the user side, recording the query request, and determining a target data list from a data list according to the query request, wherein the data list is generated by TTP according to the data stored in the CSS;
and sending the target data list to the user side.
In a second aspect, an embodiment of the present application provides a data processing apparatus, including a memory, a processor, and computer executable instructions stored in the memory and executable on the processor, where the processor executes the computer executable instructions to implement the following steps:
receiving an authentication request sent by a user side, and performing user authentication based on the authentication request;
after the authentication is passed, if a data request sent by the user side is received, sending corresponding data to the CSS according to the data request, and carrying out corresponding recording according to the sent data;
and receiving the information fed back by the CSS, sending corresponding data to the user side according to the received information, and carrying out corresponding recording according to the sent data.
In one possible design, the data request is a data upload request, the data upload request carries upload data, the upload data includes a data tag, complete data, and a hash value, wherein the hash value is determined according to the complete data;
the sending of corresponding data to the CSS according to the data request and the corresponding recording according to the sent data includes:
dividing the complete data, and calculating the hash value of each divided data block;
judging whether the complete data is correct or not according to the hash value in the uploaded data and the calculated hash value;
and if the complete data is correct, performing data processing according to the data mark, sending the processed data to the CSS for storage, and performing corresponding recording according to the sent data.
In a possible design, the receiving the information fed back by the CSS, sending corresponding data to the user side according to the information, and performing corresponding recording according to the sent data includes:
and receiving a storage result fed back by the CSS, generating a data list according to the storage result, sending the data list to the user side, and correspondingly recording the data list.
In a possible design, the processing data according to the data mark, and sending the processed data to the CSS for storage includes:
judging whether data encryption is needed or not according to the data mark;
if the data encryption is needed, respectively generating random numbers corresponding to each divided data block;
encrypting each segmented data block according to the generated random number, and obtaining ciphertext data according to an encryption result;
and sending the obtained ciphertext data to the CSS for storage.
In one possible design, the data request is a data download request, the data download request is determined by the user side according to a data list, and the data list is generated by the TTP according to the data stored in the CSS;
the receiving the information fed back by the CSS, sending corresponding data to the user side according to the information, and performing corresponding recording according to the sent data, includes:
receiving the data to be downloaded fed back by the CSS, wherein the data to be downloaded is determined by the CSS according to the data downloading request;
dividing the data to be downloaded, and calculating the hash value of each divided data block;
judging whether the data to be downloaded is correct or not according to the hash value corresponding to the stored data to be downloaded and the calculated hash value;
and if the data to be downloaded is correct, performing data processing according to the data marks corresponding to the data to be downloaded, sending the processed data to the user side, and performing corresponding recording according to the sent data.
In a possible design, the processing data according to the data mark corresponding to the data to be downloaded, and sending the processed data to the user side includes:
judging whether data encryption is needed or not according to the data mark;
if the data encryption is needed, acquiring a random number corresponding to each divided data block;
encrypting each segmented data block according to the acquired random number, and acquiring ciphertext data according to an encryption result;
and sending the obtained ciphertext data to the user side.
In one possible design, the data request is a data deletion request, the data deletion request is determined by the user side according to a data list, and the data list is generated by the TTP according to the data stored in the CSS;
the receiving the information fed back by the CSS, sending corresponding data to the user side according to the information, and performing corresponding recording according to the sent data, includes:
receiving a deleted certification fed back by the CSS, wherein the deleted certification is generated by the CSS after deleting the data corresponding to the data deletion request;
and storing the deleted certification, feeding back information of successful deletion to the user side, updating the data list according to the deleted certification, sending the updated data list to the user side, and carrying out corresponding recording on the updated data list.
In one possible design, after the authentication is passed, the method further includes:
if receiving a query request sent by the user side, recording the query request, and determining a target data list from a data list according to the query request, wherein the data list is generated by TTP according to the data stored in the CSS;
and sending the target data list to the user side.
In a third aspect, an embodiment of the present application provides a computer-readable storage medium, where computer-executable instructions are stored, and when a processor executes the computer-executable instructions, the data processing method according to the first aspect and various possible designs of the first aspect are implemented.
The data processing method and the data processing equipment provided by the embodiment of the application receive an authentication request sent by a user side through TTP, perform user authentication based on the authentication request, after the authentication is passed, if a data request sent by the user side is received, send corresponding data to CSS according to the data request, perform corresponding recording according to the sent data, receive information fed back by the CSS, send corresponding data to the user side according to the received information, and perform corresponding recording according to the sent data, namely, the TTP is introduced to complete the authentication of the user and the CSS, only the authenticated user can operate, and only the authenticated CSS can provide cloud storage service; a certain data processing process is carried out between the user and the storage server, so that the safety of the user data is further enhanced; the recording of the user and the CSS behavior can provide evidence when a problem occurs between the user and the CSS, and solve the problem of \35820; "sink" between the user and the storage server in the conventional situation.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to these drawings without inventive exercise.
FIG. 1 is a block diagram of a data processing system according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a user side according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a TTP according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a CSS provided in an embodiment of the present application;
fig. 5 is a schematic flowchart of a data processing method according to an embodiment of the present application;
fig. 6 is a schematic flowchart of another data processing method according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present application;
fig. 8 is a schematic hardware structure diagram of a data processing device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Existing users have stored large amounts of data on top of the CSS. One potential risk to the user is that the user may forget the data stored on the CSS or be unsure whether the data is stored on the CSS, and the user can only view through the list of data provided by the CSS. On the other hand, there may be errors in the user's memory, and the user does not store or has performed a delete operation but still asks for return data to the CSS. For CSS, there is no guarantee that it is authentic. Thus, under the traditional system architecture, the two parties have various situations of \ 35820and declaration mutually.
Therefore, in view of the above problems, the present application provides a data processing method, where a TTP is introduced to complete authentication of a user and a CSS, only the authenticated user may operate, and only the authenticated CSS may provide a cloud storage service; a certain data processing process is carried out between the user and the storage server, so that the safety of the user data is further enhanced; the recording of the user and the CSS behavior can provide evidence when a problem occurs between the user and the CSS, and solve the problem of \35820; "sink" between the user and the storage server in the conventional situation.
The data processing method provided by the present application may be applied to the data processing system architecture diagram shown in fig. 1, as shown in fig. 1, including: the system comprises a user side 101, a TTP102 and a CSS103, wherein the TTP102 can receive an authentication request sent by the user side 101, perform user authentication based on the authentication request, and after the authentication is passed, if a data request sent by the user side 101 is received, send corresponding data to the CSS103 according to the data request, perform corresponding recording according to the sent data, receive information fed back by the CSS103, send corresponding data to the user side 101 according to the received information, and perform corresponding recording according to the sent data.
Here, the user side: data owner, actual user of CSS. The user side can use the CSS service to upload, view, download, update, delete and the like to manage the data of the user side. As shown in fig. 2, it includes a data dividing and recombining module, a random number module, a data encryption and decryption module, an integrity verification module, and the like, specifically:
the data segmentation and recombination module: in the data uploading process, the partitioning of the plaintext data can be completed according to the block size, the original data is divided into N blocks with the same size, and the blocks with insufficient size are filled with 0. And in the data downloading process, the data after decryption of each block is recombined, and the complete data is recovered.
A random number module: a random number equal to the block size may be generated for the encryption process.
The data encryption and decryption module: the file blocks may be subjected to a corresponding operation, such as a bit exclusive or operation, with the random number to generate ciphertext data.
An integrity verification module: for plaintext or ciphertext data, a message digest may be calculated using a corresponding algorithm, such as a hash algorithm, with the message digest value serving as an integrity certification for the data.
TTP: the third-party system with the trusted user side and the CSS is an authority mechanism with higher security level, and can finish authentication of the user and the CSS, intermediate processing of user data, auditing and arbitration of the user and the CSS and the like. As shown in fig. 3, it includes an authentication module, a storage module, a verification module, a data segmentation and reassembly module, a random number generation module, an encryption/decryption module, a data list module, an audit module, etc. Specifically, the method comprises the following steps:
an authentication module: the request from the user may be authenticated and the user may be provided with the service after the authentication is passed. Authentication is not passed and service is denied. On the other hand, the accessed CSS is also authenticated, and the authentication allows the CSS to be externally provided with CSS service.
A storage module: the method can temporarily store the file uploaded by the receiving user, and store file metadata information, random numbers, integrity certification, audit information and the like in the data uploading process. And in the data downloading process, temporarily storing the data returned by the CSS, storing the decrypted data and the like.
A verification module: the integrity certification of the data can be generated by using a corresponding algorithm, such as a hash algorithm, whether the received file is complete or not can be verified, and if the received file is incomplete, the file can be requested to be retransmitted.
The data segmentation and recombination module: in the data uploading process, the partitioning of the plaintext data can be completed according to the block size, the original data is divided into N blocks with the same size, and the blocks with insufficient size are filled with 0. And in the data downloading process, the data after decryption of each block is recombined, and the complete data is recovered.
A random number generation module: a random number equal to the block size may be generated for the encryption process.
An encryption and decryption module: the encryption operation can be carried out on the data uploaded by the user in the data uploading process. And in the data downloading process, the encrypted text data from the CSS is decrypted.
A data list module: a data list may be maintained regarding the user data. It is a trusted list that users can query even for a long time to get their own list of files on the CSS.
An auditing module: the user operation and the CSS operation can be recorded to form an audit log.
CSS: distributed storage can be completed for the files uploaded by the TTP, such as hadoop hdfs, openstack swift, ceph FS, and the like. As shown in fig. 4, it typically comprises a storage control center and a plurality of data storage servers. The storage control center manages data block mapping, receives data uploading and downloading requests from the TTP, and performs access scheduling on the storage server according to a certain scheduling algorithm. In the uploading process, the received data are scheduled to different storage servers for storage, a plurality of copies are stored in different servers, and the scheduling result is recorded in a database. In the downloading process, the database is inquired, the storage position of the file is obtained, and then the storage server is scheduled to return the corresponding file.
It should be understood that the above system is only an exemplary system, and when implemented, may be configured according to application requirements.
The following describes the technical solutions of the present application and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
Fig. 5 is a flowchart illustrating a data processing method according to an embodiment of the present application, where an execution subject according to the embodiment of the present application may be the TTP in the embodiment shown in fig. 1. As shown in fig. 5, the method may include:
s501: receiving an authentication request sent by a user side, and performing user authentication based on the authentication request.
Here, the user terminal transmits an authentication request to the TTP. The TTP can audit the authentication behavior of the user side and write the authentication behavior into an audit module. The TTP can also authenticate the user and return an authentication result. If authentication fails, service is denied. And if the authentication is passed, continuing the subsequent steps.
S502: after the authentication is passed, if a data request sent by the user side is received, sending corresponding data to the CSS according to the data request, and carrying out corresponding recording according to the sent data.
S503: and receiving the information fed back by the CSS, sending corresponding data to the user side according to the received information, and carrying out corresponding recording according to the sent data.
Optionally, the data request is a data upload request, the data upload request carries upload data, and the upload data includes a data tag, complete data, and a hash value, where the hash value is determined according to the complete data.
Here, the data upload refers to a process in which the user side stores local data in the CSS through the TTP.
Specifically, the user side selects a file to be uploaded, and records the file as M, and further, the user side can determine the privacy level of the file and determine whether the file needs to be encrypted according to the privacy level.
If encryption is required, the data flag is set to 1. The mark value is uploaded together when the file is uploaded, and the TTP carries out different processing processes on the file according to different mark values. The file can be cut into N blocks of fixed size by using a data segmentation and reassembly module, and the nth block is filled with 0 when the length is insufficient. The block number starts from 1, and the block data of the file is denoted as (B1_1, B1_2, B1_3.. B1_ N). A random number R1 equal to the block size is generated using a random number module. The data encryption and decryption module performs exclusive-or operation with R1 respectively with corresponding blocks (B1_1, B1_2, B1_3.. B1_ N) of a file, and here, the results are (C1_1, C1_2, C1_3.. C1_ N) and the like, where C1_ i ═ B _ i · R1, C1 denotes first encryption, i denotes a block number, and · denotes exclusive-or operation. The integrity verification module calculates a hash value of the ciphertext (H1_1, H1_2, H1_3.. H1_ N), H1_ i ═ hash (C1_ i), H1 denotes a first hash, the hash denotes a hash algorithm, and i denotes a sequence number of a block. The user side may recombine the (C1_1, C1_2, C1_3.... C1_ N) to form a complete file C2. After the TTP receives the file, the file may be divided into corresponding blocks using a segmentation algorithm. The user side can also recombine the (H1_1, H1_2, H1_3.... H1_ N) to form a complete file H2. The user side uploads to the TTP [1, C2, H2], that is, the user side uploads the data tag, the complete data and the hash value to the TTP. The user side can locally store R1, the hash value of the file H2.
If encryption is not needed, the data flag is set to 0, and encryption processing is not performed in the uploading process. The file can be cut into N blocks of fixed size by using a data segmentation and reassembly module, and the nth block is filled with 0 when the length is insufficient. The block number starts from 1, and the block data of the file is denoted as (B1_1, B1_2, B1_3.. B1_ N). The integrity verification module calculates a hash value (H1_1, H1_2, H1_3.. H1_ N) for each partition, H1_ i ═ hash (B1_ i), the hash represents a hash algorithm, and i represents a sequence number of the partition. The user side can recombine the (H1_1, H1_2, H1_3.... H1_ N) to form a complete file H2. The client uploads to TTP [0, M, H2 ]. Namely, the user end uploads the data mark, the complete data and the hash value to the TTP. The ue can locally store the block number and the corresponding hash value H2, [0, H2 ].
Optionally, the sending, according to the data request, corresponding data to the CSS, and performing corresponding recording according to the sent data includes:
dividing the complete data, and calculating the hash value of each divided data block;
judging whether the complete data is correct or not according to the hash value in the uploaded data and the calculated hash value;
and if the complete data is correct, performing data processing according to the data mark, sending the processed data to the CSS for storage, and performing corresponding recording according to the sent data.
Optionally, the performing data processing according to the data mark, and sending the processed data to the CSS for storage includes:
judging whether data encryption is needed or not according to the data mark;
if the data encryption is needed, respectively generating random numbers corresponding to each divided data block;
encrypting each segmented data block according to the generated random number, and obtaining ciphertext data according to an encryption result;
and sending the obtained ciphertext data to the CSS for storage.
Specifically, the TTP logs the uploading behavior of the user side into the auditing module. The TTP may store the client upload data. The TTP may perform local temporary storage of the received data. The received data can be represented in a list form and divided into three parts. And the first part data mark indicates whether the data is encrypted or not. The second part represents the complete data (plaintext or ciphertext data). The third part represents the recombination result of the N hash values of the second part.
After the TTP is received, the file may be re-segmented by the data segmentation and reassembly module, where the segmentation algorithm is consistent with the foregoing, the result of this segmentation is recorded as (B2_1, B2_2, B2_3.... B2_ N), and the segments are temporarily stored. A hash value (H3_1, H3_2, H3_3.. once.h 3_ N), H3_ i ═ hash (B2_ i), hash represents a hash algorithm, and i represents a sequence number of the partition block, is calculated for the partitions in sequence by using the verification module (B2_1, B2_2, B2_3.. once.b 2_ N). The received H2 is segmented by the data segmentation and reassembly module, and the result is recorded as (H2_1, H2_2, H2_3.. H2_ N). Compare (H3_1, H3_2, H3_3.... H3_ N) with (H2_1, H2_2, H2_3.. H2_ N). If the two results are consistent, the data is correct, and the following steps can be continued. If the two are not consistent, the data is damaged, and the user side is required to upload the complete data or the data of a certain block again. Here, it is easy to know which block has incomplete data by the hash value of the block.
The TTP performs data processing on the received data. And judging whether the data needs to be encrypted according to the received data mark. 1 indicates encrypted and 0 indicates not encrypted.
If encryption is required, the TTP generates a random number R2 equal to the block size. R2 is used to perform exclusive or operation with corresponding blocks (B2_1, B2_2, B2_3.... No. B2_ N) of the file, and here, the results are described as (C2_1, C2_2, C2_3.. No. C2_ N), and so on, where C2_ i ═ B2_ i &. R2, and i denotes a block number, and x denotes an exclusive or operation. Further, the TTP may calculate a hash value of the ciphertext (H2_1, H2_2, H2_3.. H2_ N), H2_ i ═ hash (C2_ i), the hash represents a hash algorithm, and i denotes a sequence number of the block. The TTP recombines (C2_1, C2_2, C2_3.... C2_ N) to form a complete file C3, and then uploads the file to the CSS. The TTP will recombine (H2_1, H2_2, H2_3.. H2_ N) to form the integrity certification of the file H3. The TTP may store R2, data flags and corresponding hash values H3, [ R2,1, H3] locally.
If encryption is not required, the TTP may upload the received plaintext data M to the CSS. The TTP stores the data token locally and the file integrity certification H3, [0, H3 ].
The TTP may log the upload activity to the CSS to an audit module. And the CSS receives the data uploaded by the TTP and stores the data in a distributed manner.
Optionally, the receiving the information fed back by the CSS, sending corresponding data to the user side according to the information, and performing corresponding recording according to the sent data includes:
and receiving a storage result fed back by the CSS, generating a data list according to the storage result, sending the data list to the user side, and correspondingly recording the data list.
Here, the CSS returns a response to the TTP that the storage is successful after receiving the data uploaded by the TTP and storing the data in a distributed manner. The TTP generates a data list, such as a user name, a file type, a data mark, modification time, a file size, a file integrity certificate and the like, sends the generated data list to the user side, and records the generated data list correspondingly.
Optionally, the data request is a data download request, the data download request is determined by the user side according to a data list, and the data list is generated by the TTP according to the data stored in the CSS.
Here, the data downloading refers to a process in which a user terminal requests a TTP to download data, the TTP downloads the data to process the data, and a result is returned to the user terminal.
Specifically, the TTP may provide the data list to the user terminal. The user side can select the data to be downloaded through the data list and send a data downloading request to the TTP. The TTP receives the download request and writes the download request information into an auditing module. Further, the TTP may forward the download request to the CSS.
Optionally, the receiving the information fed back by the CSS, sending corresponding data to the user side according to the information, and performing corresponding recording according to the sent data includes:
receiving the data to be downloaded fed back by the CSS, wherein the data to be downloaded is determined by the CSS according to the data downloading request;
dividing the data to be downloaded, and calculating the hash value of each divided data block;
judging whether the data to be downloaded is correct or not according to the hash value corresponding to the stored data to be downloaded and the calculated hash value;
and if the data to be downloaded is correct, performing data processing according to the data marks corresponding to the data to be downloaded, sending the processed data to the user side, and performing corresponding recording according to the sent data.
Optionally, the processing the data according to the data mark corresponding to the data to be downloaded, and sending the processed data to the user side includes:
judging whether data encryption is needed or not according to the data mark;
if the data encryption is needed, acquiring a random number corresponding to each divided data block;
encrypting each segmented data block according to the acquired random number, and acquiring ciphertext data according to an encryption result;
and sending the obtained ciphertext data to the user side.
Here, the CSS receives a TTP forwarded request. The CSS returns the corresponding request data to the TTP. The TTP may buffer the received data as M3. The TTP queries the stored information to determine the data token. After receiving, the TTP re-partitions the file M3 by using the data partitioning and reassembling module, records the result of this partitioning as (B3_1, B3_2, B3_3.. No. B3_ N), and temporarily stores the partitions. The TTP calculates a hash value (H4_1, H4_2, H4_3.. H4_ N), H4_ i ═ hash (B3_ i), which represents a hash algorithm, and i represents a sequence number of the partition block, for the partitions in turn (B3_1, B3_2, B3_3.. B3_ N) by using the verification module. The TTP segments the hash value of the already stored data. Obtain (H5_1, H5_2, H5_3.. H5_ N). TTP compares (H4_1, H4_2, H4_3.... H4_ N) with (H5_1, H5_2, H5_3.. H5_ N). If the two results are consistent, the data is correct, and the following steps can be continued. If the two are not consistent, the TTP requires the CSS to return data again.
And the TTP processes the data and returns the data to the user side according to the data mark.
If encryption is required, the TTP obtains the corresponding random number, here denoted R3, for encryption. The TTP sequentially performs exclusive or operation with the data blocks (B3_1, B3_2, B3_3.... B3_ N) by using the random number R3, and sequentially obtains (C3_1, C3_2, C3_3.... C3_ N). The TTP recombines (C3_1, C3_2, C3_3.... C3_ N) to obtain a file C4. The TTP may return the data flag and C4 to the user side, [1, C4 ]. The TTP may also perform corresponding recording according to the transmitted data.
If encryption is not required, the TTP directly sends the verified data M3 and the data token to the user, [0, M3 ]. The TTP may also perform corresponding recording according to the transmitted data.
And the user side receives and stores the data returned by the TTP. The user side re-partitions the received data by using the data partitioning and reassembling module, records the partitioning result as (B4_1, B4_2, B4_3.. B4_ N), and stores the partitions. The ue calculates hash values (H6_1, H6_2, H6_3.. H6_ N) for the blocks in sequence (B4_1, B4_2, B4_3.... B4_ N), H6_ i ═ hash (B4_ i), where the hash represents a hash algorithm, and i represents sequence numbers of the blocks. And the user terminal divides the stored hash value. Obtain (H7_1, H7_2, H7_3.. H7_ N). The user side compares H7_1, H7_2, H7_3.. H7_ N) with (H6_1, H6_2, H6_3.. H6_ N). If the two results are consistent, the following steps are continued. And if the two are not consistent, the user terminal requests the TTP to return the data again. And the user side processes the data according to the received data marks and restores the original data.
If encrypted, the user terminal queries the corresponding random number, here denoted as R4, for the encryption. The user side sequentially performs exclusive or operation on the random number R4 and the data blocks (B4_1, B4_2, B4_3.... B4_ N), decrypts the corresponding original data of each block, and sequentially obtains (C4_1, C4_2, C4_3...... C4_ N). The user side reassembles the (C4_1, C4_2, C4_3.. C4_ N) to obtain the original data.
If not, the user end can directly obtain the original data from the data returned by the TTP.
Optionally, after the authentication passes, the method further includes:
if receiving a query request sent by the user side, recording the query request, and determining a target data list from a data list according to the query request, wherein the data list is generated by TTP according to the data stored in the CSS;
and sending the target data list to the user side.
Here, the data query refers to a process in which the user terminal requests the TTP to return a data list satisfying a condition. Specifically, the user side sends a query request to the TTP. The TTP receives the request and writes the query request information into the auditing module. And the TTP queries to obtain a data list meeting the query conditions. And the TTP returns the data list meeting the query condition to the user side.
Optionally, the data request is a data deletion request, the data deletion request is determined by the user side according to a data list, and the data list is generated by the TTP according to the data stored in the CSS.
Here, data deletion refers to a process from when a user side requests a TTP to delete data to when a CSS completely deletes data.
Specifically, the TTP may provide the data list to the user terminal. And the user side selects the file to be deleted through the data list and sends a data deletion request. The TTP receives the delete request and writes the delete action to the audit module. The TTP sends the above-described deletion request to the CSS.
Optionally, the receiving the information fed back by the CSS, sending corresponding data to the user side according to the information, and performing corresponding recording according to the sent data includes:
receiving a deleted certification fed back by the CSS, wherein the deleted certification is generated by the CSS after deleting the data corresponding to the data deletion request;
and storing the deleted certification, feeding back information of successful deletion to the user side, updating the data list according to the deleted certification, sending the updated data list to the user side, and carrying out corresponding recording on the updated data list.
Here, the CSS receives a request for a TTP and deletes corresponding data. The CSS sends the deleted certification to the TTP. The TTP saves the deleted proof. The TTP writes the action and result of the CSS into an auditing module. And the TTP sends the information of successful deletion to the user side. And the TTP deletes the record in the data list and updates the data list. The TTP provides the updated data list to the user side.
As can be seen from the above description, the TTP is introduced in the embodiment of the present application to complete the authentication of the user and the CSS, and only the authenticated user can operate and only the authenticated CSS can provide the cloud storage service; the TTP performs a certain data processing process between the user and the storage server, so that the security of the user data is further enhanced; the TTP records and audits the behaviors of the user and the CSS, and provides evidence when a problem occurs between the user and the CSS; TTP is used as an arbitrator between the user and the storage server, verifies the data in the process, and makes sanction on the destructive behavior of the server, so that the problem of mutual operation of 35820 and sink between the user and the storage server in the traditional situation is solved.
The security level (encrypted and not encrypted) is defined by user for the data, and the two levels correspond to different processing procedures.
The problem of slow reading and writing of large files is solved by blocking operation of data. In addition, the data are partitioned, and calculation is carried out on the blocks, so that the calculation efficiency is effectively improved.
The encryption operation of the data is carried out by adopting simple XOR operation, the confidentiality requirement of the data can be realized, the calculation amount is reduced, and the calculation speed is improved.
The decryption operation of the data can be realized through simple XOR operation, the calculated amount is small, and the operation speed is high;
the times of the exclusive-or operation can be expanded, and the safety can be improved by the times and the mode of adjusting the size of the blocks.
The TTP provides a list of users to resolve the situation where users forget due to long time.
TTP requires CSS to provide file existence proof and file deletion proof, and effectively prevents CSS from maliciously deleting user files.
The CSS stores different segments of data in a distributed manner, and a fragmentation mode and a multi-copy mode are adopted, so that the problem that the data cannot be recovered after one or more servers have problems is solved.
Fig. 6 is a schematic flow chart of another data processing method according to an embodiment of the present application, where an execution subject according to the embodiment of the present application may be the TTP in the embodiment shown in fig. 1. As shown in fig. 6, the method includes:
s601: and receiving an authentication request sent by the user side, and authenticating the user based on the authentication request.
S602: after the authentication is passed, if a data uploading request sent by a user side is received, the data uploading request carries uploading data, the uploading data comprises a data mark, complete data and a hash value, wherein the hash value is determined according to the complete data, the complete data is divided, and the hash value of each divided data block is calculated.
S603: and judging whether the complete data is correct or not according to the hash value in the uploaded data and the calculated hash value.
S604: and if the complete data is correct, performing data processing according to the data mark, transmitting the processed data to the CSS for storage, and performing corresponding recording according to the transmitted data.
S605: and receiving a storage result fed back by the CSS, generating a data list according to the storage result, sending the data list to the user side, and correspondingly recording the data list.
S606: after the authentication is passed, if a data downloading request sent by the user side is received, the data downloading request is determined by the user side according to a data list, and the data list is generated by TTP according to data stored in the CSS, corresponding data is sent to the CSS according to the data downloading request, and corresponding recording is carried out according to the sent data.
S607: and receiving the data to be downloaded fed back by the CSS, determining the data to be downloaded by the CSS according to the data downloading request, segmenting the data to be downloaded, and calculating the hash value of each segmented data block.
S608: judging whether the data to be downloaded is correct or not according to the hash value corresponding to the stored data to be downloaded and the calculated hash value;
s609: and if the data to be downloaded is correct, performing data processing according to the data marks corresponding to the data to be downloaded, sending the processed data to the user side, and performing corresponding recording according to the sent data.
S610: after the authentication is passed, if a data deletion request sent by the user side is received, the data deletion request is determined by the user side according to a data list, and the data list is generated by the TTP according to the data stored in the CSS, corresponding data is sent to the CSS according to the data deletion request, and corresponding recording is carried out according to the sent data.
S611: and receiving a deleted certificate fed back by the CSS, wherein the deleted certificate is generated after the CSS deletes the data corresponding to the data deletion request, storing the deleted certificate, feeding back information of successful deletion to the user side, updating the data list according to the deleted certificate, sending the updated data list to the user side, and correspondingly recording the updated data list.
S612: after the authentication is passed, if an inquiry request sent by a user side is received, recording the inquiry request, and determining a target data list from the data list according to the inquiry request, wherein the data list is generated by TTP according to data stored in CSS.
S613: and sending the target data list to a user side.
According to the data processing method provided by the embodiment of the application, the TTP is introduced to finish the authentication of the user and the CSS, only the authenticated user can operate, and only the authenticated CSS can provide the cloud storage service; a certain data processing process is carried out between the user and the storage server, so that the safety of the user data is further enhanced; the recording of the user and the CSS behavior can provide evidence when a problem occurs between the user and the CSS, and solve the problem of \35820; "sink" between the user and the storage server in the conventional situation.
Fig. 7 is a schematic structural diagram of a data processing device according to an embodiment of the present application, corresponding to the data processing method according to the foregoing embodiment. For convenience of explanation, only portions related to the embodiments of the present application are shown. Fig. 7 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present application. As shown in fig. 7, the data processing apparatus 70 includes: a receiving module 701, a first processing module 702, and a second processing module 703.
The receiving module 701 is configured to receive an authentication request sent by a user side, and perform user authentication based on the authentication request.
The first processing module 702 is configured to, after the authentication is passed, if a data request sent by the user side is received, send corresponding data to the CSS according to the data request, and perform corresponding recording according to the sent data.
The second processing module 703 is configured to receive the information fed back by the CSS, send corresponding data to the user side according to the received information, and perform corresponding recording according to the sent data.
In one possible design, the data request is a data upload request, the data upload request carries upload data, the upload data includes a data tag, complete data, and a hash value, and the hash value is determined according to the complete data.
The first processing module 702 sends corresponding data to the CSS according to the data request, and performs corresponding recording according to the sent data, including:
dividing the complete data, and calculating the hash value of each divided data block;
judging whether the complete data is correct or not according to the hash value in the uploaded data and the calculated hash value;
and if the complete data is correct, performing data processing according to the data mark, sending the processed data to the CSS for storage, and performing corresponding recording according to the sent data.
In a possible design, the second processing module 703 receives the information fed back by the CSS, sends corresponding data to the user side according to the information, and performs corresponding recording according to the sent data, including:
and receiving a storage result fed back by the CSS, generating a data list according to the storage result, sending the data list to the user side, and correspondingly recording the data list.
In a possible design, the first processing module 702 performs data processing according to the data flag, and sends the processed data to the CSS for storage, including:
judging whether data encryption is needed or not according to the data mark;
if the data encryption is needed, respectively generating random numbers corresponding to each divided data block;
encrypting each segmented data block according to the generated random number, and obtaining ciphertext data according to an encryption result;
and sending the obtained ciphertext data to the CSS for storage.
In one possible design, the data request is a data download request, and the data download request is determined by the user side according to a data list generated by the TTP according to the data stored in the CSS.
The second processing module 703 receives the information fed back by the CSS, sends corresponding data to the user side according to the information, and performs corresponding recording according to the sent data, including:
receiving the data to be downloaded fed back by the CSS, wherein the data to be downloaded is determined by the CSS according to the data downloading request;
dividing the data to be downloaded, and calculating the hash value of each divided data block;
judging whether the data to be downloaded is correct or not according to the hash value corresponding to the stored data to be downloaded and the calculated hash value;
and if the data to be downloaded is correct, performing data processing according to the data marks corresponding to the data to be downloaded, sending the processed data to the user side, and performing corresponding recording according to the sent data.
In a possible design, the second processing module 703 performs data processing according to the data mark corresponding to the data to be downloaded, and sends the processed data to the user side, including:
judging whether data encryption is needed or not according to the data mark;
if the data encryption is needed, acquiring a random number corresponding to each divided data block;
encrypting each segmented data block according to the acquired random number, and acquiring ciphertext data according to an encryption result;
and sending the obtained ciphertext data to the user side.
In one possible design, the data request is a data deletion request, and the data deletion request is determined by the user side according to a data list generated by the TTP according to the data stored in the CSS.
The second processing module 703 receives the information fed back by the CSS, sends corresponding data to the user side according to the information, and performs corresponding recording according to the sent data, including:
receiving a deleted certification fed back by the CSS, wherein the deleted certification is generated by the CSS after deleting the data corresponding to the data deletion request;
and storing the deleted certification, feeding back information of successful deletion to the user side, updating the data list according to the deleted certification, sending the updated data list to the user side, and carrying out corresponding recording on the updated data list.
In one possible design, the first processing module 702 is further configured to, after passing the authentication:
if receiving a query request sent by the user side, recording the query request, and determining a target data list from a data list according to the query request, wherein the data list is generated by TTP according to the data stored in the CSS;
and sending the target data list to the user side.
The device provided by the embodiment of the present application may be used to implement the technical solution of the method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 8 is a schematic diagram of a hardware structure of a data processing device according to an embodiment of the present invention. As shown in fig. 8, the data processing apparatus 80 of the present embodiment includes: a processor 801 and a memory 802; wherein
A memory 802 for storing computer-executable instructions;
a processor 801 for executing the memory-stored computer-executable instructions to implement the steps of:
receiving an authentication request sent by a user side, and performing user authentication based on the authentication request;
after the authentication is passed, if a data request sent by the user side is received, sending corresponding data to the CSS according to the data request, and carrying out corresponding recording according to the sent data;
and receiving the information fed back by the CSS, sending corresponding data to the user side according to the received information, and carrying out corresponding recording according to the sent data.
In one possible design, the data request is a data upload request, the data upload request carries upload data, the upload data includes a data tag, complete data, and a hash value, wherein the hash value is determined according to the complete data;
the sending of corresponding data to the CSS according to the data request and the corresponding recording according to the sent data includes:
dividing the complete data, and calculating the hash value of each divided data block;
judging whether the complete data is correct or not according to the hash value in the uploaded data and the calculated hash value;
and if the complete data is correct, performing data processing according to the data mark, sending the processed data to the CSS for storage, and performing corresponding recording according to the sent data.
In a possible design, the receiving the information fed back by the CSS, sending corresponding data to the user side according to the information, and performing corresponding recording according to the sent data includes:
and receiving a storage result fed back by the CSS, generating a data list according to the storage result, sending the data list to the user side, and correspondingly recording the data list.
In a possible design, the processing data according to the data mark, and sending the processed data to the CSS for storage includes:
judging whether data encryption is needed or not according to the data mark;
if the data encryption is needed, respectively generating random numbers corresponding to each divided data block;
encrypting each segmented data block according to the generated random number, and obtaining ciphertext data according to an encryption result;
and sending the obtained ciphertext data to the CSS for storage.
In one possible design, the data request is a data download request, the data download request is determined by the user side according to a data list, and the data list is generated by the TTP according to the data stored in the CSS;
the receiving the information fed back by the CSS, sending corresponding data to the user side according to the information, and performing corresponding recording according to the sent data, includes:
receiving the data to be downloaded fed back by the CSS, wherein the data to be downloaded is determined by the CSS according to the data downloading request;
dividing the data to be downloaded, and calculating the hash value of each divided data block;
judging whether the data to be downloaded is correct or not according to the hash value corresponding to the stored data to be downloaded and the calculated hash value;
and if the data to be downloaded is correct, performing data processing according to the data marks corresponding to the data to be downloaded, sending the processed data to the user side, and performing corresponding recording according to the sent data.
In a possible design, the processing data according to the data mark corresponding to the data to be downloaded, and sending the processed data to the user side includes:
judging whether data encryption is needed or not according to the data mark;
if the data encryption is needed, acquiring a random number corresponding to each divided data block;
encrypting each segmented data block according to the acquired random number, and acquiring ciphertext data according to an encryption result;
and sending the obtained ciphertext data to the user side.
In one possible design, the data request is a data deletion request, the data deletion request is determined by the user side according to a data list, and the data list is generated by the TTP according to the data stored in the CSS;
the receiving the information fed back by the CSS, sending corresponding data to the user side according to the information, and performing corresponding recording according to the sent data, includes:
receiving a deleted certification fed back by the CSS, wherein the deleted certification is generated by the CSS after deleting the data corresponding to the data deletion request;
and storing the deleted certification, feeding back information of successful deletion to the user side, updating the data list according to the deleted certification, sending the updated data list to the user side, and carrying out corresponding recording on the updated data list.
In one possible design, after the authentication is passed, the method further includes:
if receiving a query request sent by the user side, recording the query request, and determining a target data list from a data list according to the query request, wherein the data list is generated by TTP according to the data stored in the CSS; and sending the target data list to the user side.
Alternatively, the memory 802 may be separate or integrated with the processor 801.
When the memory 802 is provided separately, the data processing apparatus further includes a bus 803 for connecting the memory 802 and the processor 801.
An embodiment of the present invention provides a computer-readable storage medium, where a computer execution instruction is stored in the computer-readable storage medium, and when a processor executes the computer execution instruction, the data processing method as described above is implemented.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described device embodiments are merely illustrative, and for example, the division of the modules is only one logical division, and other divisions may be realized in practice, for example, a plurality of modules may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or modules, and may be in an electrical, mechanical or other form.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each module may exist alone physically, or two or more modules are integrated into one unit. The unit formed by the modules can be realized in a hardware form, and can also be realized in a form of hardware and a software functional unit.
The integrated module implemented in the form of a software functional module may be stored in a computer-readable storage medium. The software functional module is stored in a storage medium and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present application.
It should be understood that the Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor.
The memory may comprise a high-speed RAM memory, and may further comprise a non-volatile storage NVM, such as at least one disk memory, and may also be a usb disk, a removable hard disk, a read-only memory, a magnetic or optical disk, etc. The bus may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, the buses in the figures of the present application are not limited to only one bus or one type of bus.
The storage medium may be implemented by any type or combination of volatile or non-volatile memory devices, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be integral to the processor. The processor and the storage medium may reside in an Application Specific Integrated Circuits (ASIC). Of course, the processor and the storage medium may reside as discrete components in an electronic device or host device.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (7)
1. A data processing method, comprising:
receiving an authentication request sent by a user side, and performing user authentication based on the authentication request;
after the authentication is passed, if a data request sent by the user side is received, sending corresponding data to a Cloud Storage Service (CSS) according to the data request, and carrying out corresponding recording according to the sent data;
receiving the information fed back by the CSS, sending corresponding data to the user side according to the received information, and carrying out corresponding recording according to the sent data;
the data request is a data uploading request, the data uploading request carries uploading data, the uploading data comprises a data mark, complete data and a hash value, and the hash value is determined according to the complete data;
the sending of corresponding data to the CSS according to the data request and the corresponding recording according to the sent data includes:
dividing the complete data, and calculating the hash value of each divided data block;
judging whether the complete data is correct or not according to the hash value in the uploaded data and the calculated hash value;
if the complete data is correct, data processing is carried out according to the data marks, the processed data are sent to the CSS to be stored, and corresponding recording is carried out according to the sent data;
the data processing according to the data mark and the processed data are sent to the CSS for storage, and the method comprises the following steps:
judging whether data encryption is needed or not according to the data mark;
if the data encryption is needed, respectively generating random numbers corresponding to each divided data block;
encrypting each divided data block by adopting an exclusive-or operation according to the generated random number, and obtaining ciphertext data according to an encryption result;
sending the obtained ciphertext data to the CSS for storage, wherein the CSS stores different sections of the data in a distributed manner;
the data request is a data deletion request, the data deletion request is determined by the user side according to a data list, and the data list is generated by the TTP according to the data stored in the CSS;
the receiving the information fed back by the CSS, sending corresponding data to the user side according to the information, and performing corresponding recording according to the sent data, includes:
receiving a storage result fed back by the CSS, generating a data list according to the storage result, sending the data list to the user side, and correspondingly recording the data list;
receiving a deleted certification fed back by the CSS, wherein the deleted certification is generated by the CSS after deleting the data corresponding to the data deletion request;
and storing the deleted certification, feeding back information of successful deletion to the user side, updating the data list according to the deleted certification, sending the updated data list to the user side, and carrying out corresponding recording on the updated data list.
2. The method of claim 1, wherein the receiving the information fed back by the CSS, sending corresponding data to the user side according to the information, and performing corresponding recording according to the sent data comprises:
and receiving a storage result fed back by the CSS, generating a data list according to the storage result, sending the data list to the user side, and correspondingly recording the data list.
3. The method of claim 1, wherein the data request is a data download request, the data download request is determined by the user side according to a data list generated by a trusted third party TTP according to the data stored by the CSS;
the receiving the information fed back by the CSS, sending corresponding data to the user side according to the information, and performing corresponding recording according to the sent data, includes:
receiving the data to be downloaded fed back by the CSS, wherein the data to be downloaded is determined by the CSS according to the data downloading request;
dividing the data to be downloaded, and calculating the hash value of each divided data block;
judging whether the data to be downloaded is correct or not according to the hash value corresponding to the stored data to be downloaded and the calculated hash value;
and if the data to be downloaded is correct, performing data processing according to the data marks corresponding to the data to be downloaded, sending the processed data to the user side, and performing corresponding recording according to the sent data.
4. The method according to claim 3, wherein the processing the data according to the data mark corresponding to the data to be downloaded, and sending the processed data to the user side comprises:
judging whether data encryption is needed or not according to the data mark;
if the data encryption is needed, acquiring a random number corresponding to each divided data block;
encrypting each segmented data block according to the acquired random number, and acquiring ciphertext data according to an encryption result;
and sending the obtained ciphertext data to the user side.
5. The method according to claim 1, wherein after the authentication is passed, further comprising:
if receiving a query request sent by the user side, recording the query request, and determining a target data list from a data list according to the query request, wherein the data list is generated by TTP according to the data stored in the CSS;
and sending the target data list to the user side.
6. A data processing apparatus comprising a memory, a processor and computer executable instructions stored in the memory and operable on the processor, the processor implementing the data processing method of any one of claims 1 to 5 when executing the computer executable instructions.
7. A computer-readable storage medium having stored thereon computer-executable instructions which, when executed by a processor, implement a data processing method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911076651.8A CN110798478B (en) | 2019-11-06 | 2019-11-06 | Data processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911076651.8A CN110798478B (en) | 2019-11-06 | 2019-11-06 | Data processing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110798478A CN110798478A (en) | 2020-02-14 |
| CN110798478B true CN110798478B (en) | 2022-04-15 |
Family
ID=69443166
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911076651.8A Active CN110798478B (en) | 2019-11-06 | 2019-11-06 | Data processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110798478B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113792345A (en) * | 2021-09-18 | 2021-12-14 | 国网电子商务有限公司 | Data access control method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104184740A (en) * | 2014-09-04 | 2014-12-03 | 中电长城网际系统应用有限公司 | Credible transmission method, credible third party and credible transmission system |
| CN105516110A (en) * | 2015-12-01 | 2016-04-20 | 成都汇合乾元科技有限公司 | Mobile equipment secure data transmission method |
| CN106790311A (en) * | 2017-03-31 | 2017-05-31 | 青岛大学 | Cloud Server stores integrality detection method and system |
| CN109190410A (en) * | 2018-09-26 | 2019-01-11 | 华中科技大学 | A kind of log behavior auditing method based on block chain under cloud storage environment |
| CN109981736A (en) * | 2019-02-22 | 2019-07-05 | 南京理工大学 | A kind of dynamic public audit method for supporting user and Cloud Server to trust each other |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130212487A1 (en) * | 2012-01-09 | 2013-08-15 | Visa International Service Association | Dynamic Page Content and Layouts Apparatuses, Methods and Systems |
| CN103107985B (en) * | 2012-12-04 | 2016-01-20 | 百度在线网络技术(北京)有限公司 | A kind of cloud terminal authentication, system and device |
| CN106130721B (en) * | 2016-08-14 | 2019-08-23 | 北京数盾信息科技有限公司 | A kind of high speed network storage encryption equipment |
| US11068606B2 (en) * | 2017-09-20 | 2021-07-20 | Citrix Systems, Inc. | Secured encrypted shared cloud storage |
| CN110224838B (en) * | 2019-06-11 | 2022-04-15 | 中国联合网络通信集团有限公司 | Data management method and device based on block chain and storage medium |
-
2019
- 2019-11-06 CN CN201911076651.8A patent/CN110798478B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104184740A (en) * | 2014-09-04 | 2014-12-03 | 中电长城网际系统应用有限公司 | Credible transmission method, credible third party and credible transmission system |
| CN105516110A (en) * | 2015-12-01 | 2016-04-20 | 成都汇合乾元科技有限公司 | Mobile equipment secure data transmission method |
| CN106790311A (en) * | 2017-03-31 | 2017-05-31 | 青岛大学 | Cloud Server stores integrality detection method and system |
| CN109190410A (en) * | 2018-09-26 | 2019-01-11 | 华中科技大学 | A kind of log behavior auditing method based on block chain under cloud storage environment |
| CN109981736A (en) * | 2019-02-22 | 2019-07-05 | 南京理工大学 | A kind of dynamic public audit method for supporting user and Cloud Server to trust each other |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110798478A (en) | 2020-02-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2019218717A1 (en) | Distributed storage method and apparatus, computer device, and storage medium | |
| EP2172868B1 (en) | Information security device and information security system | |
| US7320076B2 (en) | Method and apparatus for a transaction-based secure storage file system | |
| US9521001B2 (en) | Privacy preserving electronic document signature service | |
| US8527769B2 (en) | Secure messaging with read-undeniability and deletion-verifiability | |
| US11943350B2 (en) | Systems and methods for re-using cold storage keys | |
| JPWO2009004732A1 (en) | Encryption and decryption processing method for shared encryption file | |
| CN111047324A (en) | Method and apparatus for updating a set of public keys at a blockchain node | |
| US9824231B2 (en) | Retention management in a facility with multiple trust zones and encryption based secure deletion | |
| CN110059084B (en) | Data storage method, device and equipment | |
| US8631235B2 (en) | System and method for storing data using a virtual worm file system | |
| CN115225409B (en) | Cloud data safety duplicate removal method based on multi-backup joint verification | |
| US11604740B2 (en) | Obfuscating cryptographic material in memory | |
| KR20220144810A (en) | Secret partitioning and metadata storage | |
| JP2019079280A (en) | File verification device, file transfer system and program | |
| CN110046281B (en) | Data adding method, device and equipment | |
| CN110798478B (en) | Data processing method and device | |
| CN110851851B (en) | Authority management method, device and equipment in block chain type account book | |
| US20210035018A1 (en) | Apparatus for verifying integrity of AI learning data and method therefor | |
| KR102501004B1 (en) | Method and apparatus for managing data based on blockchain | |
| KR101593675B1 (en) | User data integrity verification method and apparatus | |
| CN115828290A (en) | Encryption and decryption method and device based on distributed object storage | |
| US11626982B1 (en) | Systems and methods for maintaining confidentiality, integrity, and authenticity of the last secret | |
| CN110781511A (en) | Transaction information storage method and device, computer equipment and storage medium | |
| CN110611674A (en) | Protocol interaction method, system and storage medium between different computer systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |