CN112615720B - Cloud data encryption storage system based on block chain - Google Patents
Cloud data encryption storage system based on block chain Download PDFInfo
- Publication number
- CN112615720B CN112615720B CN202011487774.3A CN202011487774A CN112615720B CN 112615720 B CN112615720 B CN 112615720B CN 202011487774 A CN202011487774 A CN 202011487774A CN 112615720 B CN112615720 B CN 112615720B
- Authority
- CN
- China
- Prior art keywords
- data
- ciphertext
- time code
- symmetric key
- space
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses high in clouds data encryption memory system based on block chain includes: the system comprises a block chain, a cloud server and a client side, wherein the cloud server and the client side are connected to the block chain. The problem that the storage security of the existing cloud data needs to depend on a cloud server, and the stored data is easy to leak is solved; data downloading or access records are managed by the cloud server, and a client cannot inquire the data or access records and is difficult to ensure the authenticity of the data; and the data stored on the cloud server cannot prove ownership of the data.
Description
Technical Field
The application relates to the technical field of data storage, in particular to a cloud data encryption storage system based on a block chain.
Background
At present, cloud data is stored in a plaintext form or in an encrypted space of a cloud server, but the stored data is transparent to the cloud server, and the security of the stored data needs to depend on the security of the cloud server. Since the cloud server is used as a third party, leakage of stored data is easy to occur, especially the private data of the client is involved, and the leakage of the private data causes irreparable loss to the client. And the downloading or access record of the data is managed by the cloud server, and the client cannot inquire the data and is difficult to ensure the authenticity of the data. In addition, data stored by the cloud server cannot prove that the data is a client or a cloud server in ownership.
Disclosure of Invention
The application provides a cloud data encryption storage system based on a block chain, which aims to solve the problem that the storage security of the existing cloud data needs to depend on a cloud server, so that the stored data is easy to leak; data downloading or access records are managed by the cloud server, and a client cannot inquire the data or access records and is difficult to ensure the authenticity of the data; and the data stored on the cloud server cannot prove ownership of the data.
A cloud data encryption storage system based on a blockchain comprises: the system comprises a block chain, a cloud server and a client, wherein the cloud server and the client are connected to the block chain;
the client is configured to perform:
a data selection step, selecting stored data according to the cloud storage path; the cloud storage path comprises a first cloud storage path and a second cloud storage path;
a data hash uploading step of calculating a data hash value of the stored data and uploading the data hash value to the block chain;
a security level determining step, namely determining the security level of the stored data according to the cloud storage path; the security level comprises a security level and a security level, the first cloud storage path corresponds to the security level, and the second cloud storage path corresponds to the security level;
a secret level storage step, namely if the secret level of the storage data is the secret level, encrypting the storage data by using a first symmetric key to obtain a first data ciphertext, sending the first data ciphertext to the cloud server, and deleting the first data ciphertext stored on the client;
a security level storage step, wherein if the security level of the stored data is the security level, a space-time code is generated according to a random password, the equipment fingerprint of the client and the current timestamp; encrypting a second symmetric key by using the space-time code to obtain a space-time code ciphertext, and sending the random password, the space-time code ciphertext and the stored data in a plaintext form to the cloud server;
the cloud server is configured to perform:
a first data ciphertext storage step of storing the first data ciphertext in the first cloud storage path;
a second data ciphertext storage step, namely reading the equipment fingerprint of the current communication, and generating a matching space-time code by combining the random password and a matching timestamp obtained after time collision; decrypting the space-time code ciphertext by using the matched space-time code to obtain the second symmetric key; encrypting the stored data in a plaintext form by using the second symmetric key to obtain a second data ciphertext; storing the second data ciphertext in the second cloud storage path; deleting the random password, the space-time code ciphertext, the stored data in a plaintext form and the second symmetric key stored on the client;
the blockchain is configured to perform:
and a data hash cochain storage step, wherein the data hash value is stored.
The utility model provides a pair of high in clouds data encryption storage system based on block chain adopts the mode of local encryption to private data, and the data after will encrypting is stored on cloud ware with the form of ciphertext, and ordinary data then encrypts the storage on cloud service, and cloud ware can't visit the data of the ciphertext form of storage, so the privacy nature of maximum assurance stored data can improve the security of high in the clouds data, reduces the risk that data leakage. If any client wants to access the cloud server, the client needs to be downloaded to the local part of the client after being decrypted by the authorization of the cloud server, and the security of data downloading is further ensured. In addition, by adopting a block chain technology, a data hash value obtained by carrying out hash operation on data is stored in a block chain, the ownership of the stored data uploaded to the cloud server can be recorded, the encryption and decryption processes of the stored data are recorded while the encryption and decryption processes of the data by the cloud server are recorded, and the authenticity and traceability of the cloud server to the stored data can be ensured.
Drawings
In order to more clearly explain the technical solution of the present application, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious to those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a topological diagram of a first block chain-based cloud data encryption storage system according to an embodiment of the present application;
fig. 2 is a schematic diagram of a data storage configuration corresponding to a cloud data encryption storage system based on a block chain according to an embodiment of the present disclosure;
fig. 3 is S4 shown in fig. 2: a detailed flow chart of the confidential storage step;
fig. 4 is a topological diagram of a second block chain-based cloud data encryption storage system according to an embodiment of the present application;
fig. 5 is S5 shown in fig. 2: a detailed flow chart of the secure storage step;
fig. 6 is a schematic view of a data download configuration corresponding to a cloud data encryption storage system based on a block chain according to an embodiment of the present application;
fig. 7 is M03 shown in fig. 6: a detailed flow chart of the data confidentiality step;
fig. 8 is S02 shown in fig. 6: detailed flow chart of local decryption step.
Detailed Description
The technical solutions in the embodiments of the present application will be described clearly and completely with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Fig. 1 is a topological diagram of a first block chain-based cloud data encryption storage system according to an embodiment of the present application; fig. 2 is a schematic view of a data storage configuration corresponding to a cloud data encryption storage system based on a block chain according to an embodiment of the present application. With reference to fig. 1 and fig. 2, the cloud data encryption storage system based on the block chain according to the embodiment of the present application includes: the system comprises a block chain, a cloud server and a client connected to the block chain. The blockchain shown in fig. 1 is formed by connecting a plurality of nodes (hollow circles), the number of cloud servers, the number of clients, and the number of nodes on the blockchain shown in fig. 1 are all schematic, and this application is not limited in particular. The client is connected with the cloud server and the block chain, the cloud server is also connected with the block chain, in addition, the cloud server can be used as a certain node of the block chain, or connected with the node of the block chain in a node device mode, and the application is not limited specifically.
As shown in fig. 2, in the cloud data encryption storage system based on the block chain provided in the embodiment of the present application, a client is configured to execute:
s1: a data selection step, selecting stored data according to the cloud storage path; the cloud storage path comprises a first cloud storage path and a second cloud storage path. The stored data may include private data and general data; the first cloud storage path corresponds to private data, and the second cloud storage path corresponds to common data. The private data is typically user identity information stored on the client, such as a certificate photo, an identity card file, or a private photograph. The normal data is data other than the private data.
S2: and a data hash uploading step, namely calculating a data hash value of the stored data and uploading the data hash value to the block chain. The storage data is converted into the data hash value, the data hash value is stored in the block chain, and the storage data can be authenticated and the ownership of the storage data can be recorded by utilizing the characteristics of block chain such as zone centralization, credibility and traceability.
S3: a security level determining step, namely determining the security level of the stored data according to the cloud storage path; the security level may include a privacy level and a security level, where the first cloud storage path corresponds to the privacy level and the second cloud storage path corresponds to the security level.
S4: and a secret level storage step, namely if the secret level of the stored data is the secret level, encrypting the private data by using the first symmetric key to obtain a first data ciphertext, sending the first data ciphertext to the cloud server, and deleting the first data ciphertext stored on the client.
Fig. 3 is S4 shown in fig. 2: detailed flow chart of the absolute storage step. As shown in fig. 3, step S4 further includes the following sub-steps:
s41: if the security level of the stored data is the absolute security level, the stored data is private data, and at the moment, a first symmetric key needs to be generated; when the private data are stored in a secret-less level each time, the first symmetric key is regenerated, so that the first symmetric key is not repeatedly used, the security of the stored private data can be ensured, and the risk of data leakage can be greatly reduced.
S42: and encrypting the first symmetric key by using the client public key to obtain a first key ciphertext.
S43: and storing the first key ciphertext in the client. The newly generated first symmetric key is encrypted, and the encrypted first symmetric key is stored in the client, so that the first symmetric key can be prevented from being leaked or forged in the process of storing the first symmetric key in the client, the safety of the first symmetric key stored in the client can be further ensured, the first symmetric key can be conveniently used for decrypting the encrypted and stored private data subsequently, and the safety and the reliability of the private data can also be ensured.
S44: and encrypting the private data by using the first symmetric key to obtain a first data ciphertext.
S45: and carrying out Hash operation on the first data ciphertext to obtain a first ciphertext Hash value.
S46: and uploading the first ciphertext hash value to the block chain.
S47: and sending the first data ciphertext to the cloud server.
S48: and deleting the first data ciphertext stored on the client. The storage of the private data is completed.
The secret-level storage mode is that local encryption is carried out by a client, and an encrypted first data ciphertext is sent to the cloud server for storage, so that the private data can be ensured to be in an encrypted state in the transmission process, the safety of data transmission can be improved, and data leakage caused by malicious attack can be avoided; in addition, the first data ciphertext is converted into the hash value to be stored on the block chain, the encrypted summary of the private data can be stored by utilizing the high credibility of the block chain, the data storage has traceability, and the data loss can be further prevented.
S5: a security level storage step, if the security level of the stored data is the security level, generating a space-time code according to the random password, the equipment fingerprint of the client and the current timestamp; and encrypting the second symmetric key by using the space-time code to obtain a space-time code ciphertext, and sending the random password, the space-time code ciphertext and common data in a plaintext form to the cloud server.
Fig. 4 is a topological diagram of a second block chain-based cloud data encryption storage system according to an embodiment of the present application. As shown in fig. 4, the second cloud data encryption storage system based on a block chain provided in the embodiment of the present application may further include a database server, where the database server is connected to the cloud server. Fig. 5 is S5 shown in fig. 2: detailed flow chart of the secure storage step. As shown in fig. 5, step S5 further includes the following sub-steps:
s51: if the security level of the stored data is the security level, the stored data is corresponding to the common data, and whether the second symmetric key exists needs to be checked.
S52: if the second symmetric key exists, the second symmetric key is read.
S53: a random password is generated. The random password may be a password in the form of a random number, and the present application is not particularly limited.
S54: and generating a space-time code according to the random password, the equipment fingerprint of the client and the current timestamp. The device fingerprint is generally device identity information on the client, or a digest of the device identity information, or a signature of the device identity information, and the application is not limited in particular. The current timestamp represents the current time information.
S55: and encrypting the second symmetric key by using the space-time code to obtain a space-time code ciphertext corresponding to the second symmetric key. And the space-time code with the equipment information, the time information and the random password is used for encrypting the second symmetric key, so that the obtained space-time code ciphertext is not easy to be decoded, and the attack resistance of the second symmetric key can be improved to a greater extent.
S56: and sending the random password, the space-time code ciphertext and the plain text type common data to the cloud server.
S57: and deleting the random password, the space-time code ciphertext, the plain text type common data and the second symmetric key which are stored on the client. The storage mode of the common data is that the common data is uploaded to the cloud server in a plaintext form, the attached secret key encryption information is uploaded at the same time, and after the data is uploaded, the common data in the plaintext form stored in the client side is deleted, so that data leakage can be avoided.
S58: if the second symmetric key does not exist, the second symmetric key is regenerated.
S59: and carrying out hash operation on the regenerated second symmetric key to obtain a secret key hash value, and uploading the secret key hash value to the block chain for storage. The second symmetric key can be reused, and can be protected because the space-time code is a key form with randomness. Uploading the secret key hash value to the blockchain may make the secret key traceable.
In conjunction with fig. 2, 3 and 4, the blockchain is configured to perform:
p1: and a data hash cochain storage step, namely storing the data hash value.
P2: the first ciphertext hash value is stored.
P3: the secret key hash value is stored uplink.
The cloud server is configured to perform:
m1: and a first data ciphertext storage step, namely storing the first data ciphertext in a first cloud storage path.
M2: a second data ciphertext storage step, namely reading the fingerprint of the current communication equipment, and generating a matching space-time code by combining the random password and a matching timestamp obtained after time collision; decrypting the space-time code ciphertext by using the matched space-time code to obtain a second symmetric key; encrypting the common data in the form of plaintext by using a second symmetric key to obtain a second data ciphertext; storing the second data ciphertext in a second cloud storage path; and deleting the random password, the space-time code ciphertext, the plain text type common data and the second symmetric key which are stored on the client.
Step M2 further includes:
m21: and receiving the random password, the space-time code ciphertext and the plain text type common data.
M22: reading the fingerprint of the current communication equipment, and performing time collision by combining a random password and a space-time code ciphertext to obtain a matching timestamp; the matching timestamp is the same as the timestamp. Time collision is to test each time point within a reasonable time range, and when a certain time point can be correctly the same as the current time stamp, the time point is the correct time stamp, namely the matching time stamp.
M23: generating a matching space-time code according to the equipment fingerprint, the random password and the matching timestamp; the matching space-time code is the same as the space-time code.
M24: and decrypting the space-time code ciphertext by using the matched space-time code to obtain a second symmetric key.
M25: and encrypting the common data in the plaintext form by using the second symmetric key to obtain a second data ciphertext.
M26: and storing the second data ciphertext in a second cloud storage path.
M27: and carrying out Hash operation on the second data ciphertext to obtain a second ciphertext Hash value.
M28: and uploading the second ciphertext hash value to the blockchain.
M29: and deleting the common data in the form of plaintext, the random password, the space-time code ciphertext and a second symmetric key obtained by decryption.
The cloud server receives common data and a random password in a plaintext form, can automatically collect device fingerprints on a client end communicated with the cloud server, tries out a matching time stamp with the same time information as the time stamp in a time collision mode, combines the received random password with the device fingerprints and the matching time stamp collected by the cloud server, regenerates a matching space-time code which is the same as the space-time code, decrypts a space-time code ciphertext by using the matching space-time code to obtain a second symmetric key, and continuously encrypts the common data in the plaintext form by using the decrypted second symmetric key to obtain a second data ciphertext. And storing the second data ciphertext on the cloud server to finish the storage of the common data. The second symmetric key is encrypted and decrypted by adopting the space-time code and the matched space-time code, so that the transmission safety of the second symmetric key can be ensured, and the common data is encrypted by using the safe second symmetric key, so that the safety protection can be provided for the common data.
The blockchain is further configured to perform:
p4: and the second ciphertext hash value is subjected to chain storage.
P5: and sending the uplink record of the second ciphertext hash value on the block chain to a database server.
The database server is configured to perform:
t1: the uplink record is stored. And storing the uplink record of the second ciphertext hash value on the blockchain in a database server, so that the stored record on the blockchain also has traceability, and the traceability of data storage is further enhanced.
Fig. 6 is a schematic view of data downloading configuration corresponding to a cloud data encryption storage system based on a block chain according to an embodiment of the present application. As shown in fig. 6, the client may be configured to perform:
s01: a data downloading request sending step of sending a data downloading request to a cloud server; the data downloading request comprises a first data downloading request and a second data downloading request; the first data downloading request comprises a first cloud storage path corresponding to the private data; the second data downloading request comprises a downloading request random password, a new space-time code ciphertext corresponding to the second symmetric key and a second cloud storage path corresponding to the common data; the new space-time code ciphertext is obtained by encrypting the second symmetric key by the new space-time code; the new space-time code is generated from the download request random password, the device fingerprint of the client, and the matching timestamp.
The downloading of private data and the downloading of general data may be understood as the reverse process of the private data storage and the general data storage.
The cloud server is further configured to perform:
m01: a data calling step, in which corresponding data is called according to a data downloading request; if the cloud storage path corresponding to the first data downloading request is the first cloud storage path, calling a first data ciphertext; and if the cloud storage path corresponding to the second data downloading request is the second cloud storage path, calling a second data ciphertext.
M02: and a first data transmission step, if the first data ciphertext is called, transmitting the first data ciphertext to the client sending the first data downloading request.
M03: and a data decryption step, if the called second data ciphertext is the second data ciphertext, decrypting the second data ciphertext by using the second symmetric key to obtain the common data in the plaintext form.
M04: a second data transfer step: and sending the plain text form common data to the client sending the second data downloading request, and deleting the plain text form common data.
The client is further configured to perform:
s02: and a local decryption step, namely decrypting the received first data ciphertext by using the first symmetric key to obtain the private data.
Fig. 7 is M03 shown in fig. 6: detailed flow chart of data confidentiality step. As shown in fig. 7, step M03 further includes the following sub-steps:
m031: and if the second data ciphertext is called, reading the fingerprint of the current communication equipment, and performing time collision according to the fingerprint of the equipment, the random password of the download request and the new space-time code ciphertext to obtain a matching timestamp.
M032: and generating a new space-time code by combining the device fingerprint, the random password of the download request and the matching timestamp.
M033: and decrypting the new space-time code ciphertext by using the new space-time code to obtain a second symmetric key.
M034: and decrypting the second data ciphertext by using the second symmetric key to obtain the common data in a plaintext form.
M035: and sending the plain data in a plain text form to the client sending the second data downloading request.
M036: and deleting the random password of the download request, the ciphertext of the new space-time code, the common data in the form of plaintext and the second symmetric key obtained by decryption.
Fig. 8 is S02 shown in fig. 6: detailed flow chart of local decryption step. As shown in fig. 8, step S02 further includes the following sub-steps:
s021: and calling the first key ciphertext, and decrypting the first key ciphertext by using the client private key to obtain a first symmetric key.
S022: and decrypting the received first data ciphertext by using the first symmetric key to obtain the private data.
S023: and deleting the first data ciphertext.
The utility model provides a high in clouds data encryption storage system based on block chain adopts the mode of local encryption to the privacy data, and the data after will encrypting is stored on cloud ware with the form of ciphertext, and ordinary data then encrypts the storage on cloud service, and cloud ware can't visit the data of the ciphertext form of storage, so the privacy nature of maximum assurance stored data can improve the security of high in the clouds data, reduces the risk of data leakage. If any client wants to access the cloud server, the client needs to be downloaded to the local part of the client after being decrypted by the authorization of the cloud server, and the security of data downloading is further ensured. In addition, by adopting a block chain technology, a data hash value obtained by carrying out hash operation on data is stored in a block chain, the ownership of the stored data uploaded to the cloud server can be recorded, the encryption and decryption processes of the stored data are recorded while the encryption and decryption processes of the data by the cloud server are recorded, and the authenticity and traceability of the cloud server to the stored data can be ensured.
The same and similar parts in the various embodiments in this specification may be referred to each other.
Claims (10)
1. The utility model provides a high in clouds data encryption memory system based on block chain which characterized in that includes: the system comprises a block chain, a cloud server and a client which are connected to the block chain;
the client is configured to perform:
a data selection step, selecting stored data according to the cloud storage path; the cloud storage path comprises a first cloud storage path and a second cloud storage path;
a data hash uploading step of calculating a data hash value of the stored data and uploading the data hash value to the block chain;
a security level determining step, namely determining the security level of the stored data according to the cloud storage path; the security level comprises a security level and a security level, the first cloud storage path corresponds to the security level, and the second cloud storage path corresponds to the security level;
a secret level storage step, namely if the secret level of the storage data is the secret level, encrypting the storage data by using a first symmetric key to obtain a first data ciphertext, sending the first data ciphertext to the cloud server, and deleting the first data ciphertext stored on the client;
a security level storage step, wherein if the security level of the stored data is the security level, a space-time code is generated according to a random password, the equipment fingerprint of the client and the current timestamp; encrypting a second symmetric key by using the space-time code to obtain a space-time code ciphertext, and sending the random password, the space-time code ciphertext and the stored data in a plaintext form to the cloud server;
the cloud server is configured to perform:
a first data ciphertext storage step of storing the first data ciphertext in the first cloud storage path;
a second data ciphertext storage step, namely reading the equipment fingerprint of the current communication, and generating a matching space-time code by combining the random password and a matching timestamp obtained after time collision; decrypting the space-time code ciphertext by using the matched space-time code to obtain the second symmetric key; encrypting the stored data in a plaintext form by using the second symmetric key to obtain a second data ciphertext; storing the second data ciphertext in the second cloud storage path; deleting the random password, the space-time code ciphertext, the stored data in a plaintext form and the second symmetric key stored on the client;
the blockchain is configured to perform:
and a data hash cochain storage step, wherein the data hash value is stored.
2. The blockchain-based cloud data encryption storage system according to claim 1, wherein the storage data includes private data and general data; the first cloud storage path corresponds to the private data, and the second cloud storage path corresponds to the common data.
3. The blockchain-based cloud data encryption storage system according to claim 2, wherein the absolute security level storage step further comprises:
if the security level of the stored data is the absolute security level, generating a first symmetric key;
encrypting the first symmetric key by using a client public key to obtain a first key ciphertext;
storing the first key ciphertext in the client to which the first key ciphertext belongs;
encrypting the private data by using the first symmetric key to obtain a first data ciphertext;
performing hash operation on the first data ciphertext to obtain a first ciphertext hash value;
uploading the first ciphertext hash value to the blockchain;
sending the first data ciphertext to the cloud server;
deleting the first data ciphertext stored on the client;
the blockchain is further configured to perform:
and storing the first ciphertext hash value.
4. The blockchain-based cloud data encryption storage system of claim 3, wherein the first symmetric key for each of the first data ciphertexts is regenerated.
5. The blockchain-based cloud data encryption storage system according to claim 3, further comprising a database server, the database server being connected to the cloud server;
the security level storing step further comprises:
if the security level of the stored data is the security level, checking whether a second symmetric key exists;
if the second symmetric key exists, reading the second symmetric key;
generating a random password;
generating a space-time code according to the random password, the equipment fingerprint of the client and the current timestamp;
encrypting the second symmetric key by using the space-time code to obtain a space-time code ciphertext corresponding to the second symmetric key;
sending the random password, the space-time code ciphertext and the common data in a plaintext form to the cloud server;
deleting the random password, the space-time code ciphertext, the plain text form of the common data and the second symmetric key stored on the client;
the cloud server is further configured to perform:
receiving the random password, the space-time code ciphertext and the common data in a plaintext form;
reading the equipment fingerprint of the current communication, and performing time collision by combining the random password and the space-time code ciphertext to obtain a matching timestamp; the matching timestamp is the same as the timestamp;
generating a matching space-time code according to the equipment fingerprint, the random password and the matching timestamp; the matching space-time code is the same as the space-time code;
decrypting the space-time code ciphertext by using the matched space-time code to obtain the second symmetric key;
encrypting the common data in a plaintext form by using the second symmetric key to obtain a second data ciphertext;
storing the second data ciphertext in the second cloud storage path;
performing hash operation on the second data ciphertext to obtain a second ciphertext hash value;
uploading the second ciphertext hash value to the blockchain;
the blockchain is further configured to perform:
uplink storing the second ciphertext hash value;
sending the uplink record of the second ciphertext hash value on the blockchain to the database server;
the database server is configured to perform:
and storing the uplink record.
6. The blockchain-based cloud data encryption storage system of claim 5, wherein if the second symmetric key does not exist, the second symmetric key is regenerated;
carrying out Hash operation on the second symmetric key to obtain a secret key Hash value, and uploading the secret key Hash value to the block chain;
the blockchain is further configured to perform:
and the secret key hash value is stored in an uplink way.
7. The blockchain-based cloud data encryption storage system according to claim 5, wherein the cloud server is further configured to perform:
and deleting the common data, the random password, the space-time code ciphertext and the second symmetric key obtained by decryption in a plaintext form.
8. The blockchain-based cloud data encryption storage system according to claim 7, wherein the client is further configured to perform:
a data downloading request sending step of sending a data downloading request to the cloud server; the data downloading request comprises a first data downloading request and a second data downloading request; the first data downloading request comprises the first cloud storage path corresponding to the private data; the second data downloading request comprises a downloading request random password, a new space-time code ciphertext corresponding to the second symmetric key and the second cloud storage path corresponding to the common data; the new space-time code ciphertext is obtained by encrypting the second symmetric key by a new space-time code; the new space-time code is generated by the download request random password, the device fingerprint of the client and the matching timestamp;
the cloud server is further configured to perform:
a data calling step, in which corresponding data is called according to the data downloading request; the first data downloading request corresponding to the cloud storage path is the first cloud storage path, and the first data ciphertext is called; the second data downloading request corresponding to the cloud storage path is the second cloud storage path, and the second data ciphertext is called;
a first data transmission step of transmitting the first data ciphertext to the client side which sends the first data downloading request if the first data ciphertext is called;
a data decryption step, if the called second data ciphertext is the second data ciphertext, decrypting the second data ciphertext by using the second symmetric key to obtain the common data in a plaintext form;
a second data transfer step: sending the common data in a plaintext form to the client sending the second data downloading request, and deleting the common data in the plaintext form;
the client is further configured to perform:
and a local decryption step, namely decrypting the received first data ciphertext by using the first symmetric key to obtain the private data.
9. The blockchain-based cloud data encryption storage system according to claim 8, wherein the data decryption step further comprises:
if the second data ciphertext is called, reading the equipment fingerprint of the current communication, and performing time collision according to the equipment fingerprint, the download request random password and the new space-time code ciphertext to obtain the matching timestamp;
generating a new space-time code in combination with the device fingerprint, the random password and the matching timestamp;
decrypting the new space-time code ciphertext by using the new space-time code to obtain the second symmetric key;
decrypting the second data ciphertext by using the second symmetric key to obtain the common data in a plaintext form;
sending the common data in a plaintext form to the client sending the second data downloading request;
and deleting the random password of the download request, the ciphertext of the new space-time code, the common data in a plaintext form and the second symmetric key.
10. The blockchain-based cloud data encryption storage system of claim 8, wherein the local decryption step further comprises:
calling the first key ciphertext, and decrypting the first key ciphertext by using a client private key to obtain the first symmetric key;
decrypting the received first data ciphertext by using the first symmetric key to obtain the private data;
and deleting the first data ciphertext.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011487774.3A CN112615720B (en) | 2020-12-16 | 2020-12-16 | Cloud data encryption storage system based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011487774.3A CN112615720B (en) | 2020-12-16 | 2020-12-16 | Cloud data encryption storage system based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112615720A CN112615720A (en) | 2021-04-06 |
| CN112615720B true CN112615720B (en) | 2022-07-08 |
Family
ID=75240050
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011487774.3A Active CN112615720B (en) | 2020-12-16 | 2020-12-16 | Cloud data encryption storage system based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112615720B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113449014B (en) * | 2021-06-28 | 2022-10-14 | 电子科技大学 | Selective cloud data query system based on block chain |
| CN114885918B (en) * | 2022-06-01 | 2023-03-03 | 安徽科技学院 | Agricultural product data protection system based on block chain |
| CN116702216B (en) * | 2023-08-07 | 2023-11-03 | 菏泽市自然资源和规划局 | Multi-level access control method and device for real estate data |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107580034A (en) * | 2017-08-25 | 2018-01-12 | 厦门易功成信息技术有限公司 | A kind of intelligence engineering internet business system using partitioned storage data technique |
| CN108462568A (en) * | 2018-02-11 | 2018-08-28 | 西安电子科技大学 | A kind of secure file storage and sharing method based on block chain |
| CN109768987A (en) * | 2019-02-26 | 2019-05-17 | 重庆邮电大学 | A kind of storage of data file security privacy and sharing method based on block chain |
-
2020
- 2020-12-16 CN CN202011487774.3A patent/CN112615720B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107580034A (en) * | 2017-08-25 | 2018-01-12 | 厦门易功成信息技术有限公司 | A kind of intelligence engineering internet business system using partitioned storage data technique |
| CN108462568A (en) * | 2018-02-11 | 2018-08-28 | 西安电子科技大学 | A kind of secure file storage and sharing method based on block chain |
| CN109768987A (en) * | 2019-02-26 | 2019-05-17 | 重庆邮电大学 | A kind of storage of data file security privacy and sharing method based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112615720A (en) | 2021-04-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11647007B2 (en) | Systems and methods for smartkey information management | |
| CN112615720B (en) | Cloud data encryption storage system based on block chain | |
| CN107888560B (en) | Mail safe transmission system and method for mobile intelligent terminal | |
| CN113783836B (en) | Internet of things data access control method and system based on block chain and IBE algorithm | |
| CN106104562B (en) | System and method for securely storing and recovering confidential data | |
| CN109040139B (en) | Identity authentication system and method based on block chain and intelligent contract | |
| US9887976B2 (en) | Multi-factor authentication using quantum communication | |
| EP0962070B1 (en) | Administration and utilization of secret fresh random numbers in a networked environment | |
| WO2019110574A1 (en) | Methods of secure communication | |
| CN109543443A (en) | User data management, device, equipment and storage medium based on block chain | |
| CN110535626B (en) | Secret communication method and system for identity-based quantum communication service station | |
| CN112671735B (en) | Data encryption sharing system and method based on block chain and re-encryption | |
| CN109981255A (en) | The update method and system of pool of keys | |
| Chen et al. | An approach to verifying data integrity for cloud storage | |
| CN109495251A (en) | Anti- quantum calculation wired home cloud storage method and system based on key card | |
| GB2584455A (en) | An encryption process | |
| CN113779619A (en) | Encryption and decryption method for ceph distributed object storage system based on state cryptographic algorithm | |
| US20160080336A1 (en) | Key Usage Detection | |
| US20210144002A1 (en) | Secondary Channel Authentication of Public Keys | |
| CN106257859A (en) | A kind of password using method | |
| KR20070035342A (en) | Method for mutual authentication based on the user's password | |
| RU2707398C1 (en) | Method and system for secure storage of information in file storages of data | |
| Hughes et al. | Multi-factor authentication using quantum communication | |
| EP3073407B1 (en) | Method and system for searching for at least a specific datum in a user unit | |
| CN112163171B (en) | Data chaining method based on terminal signature |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |