CN113378242A - Data verification method and system - Google Patents

Data verification method and system Download PDF

Info

Publication number
CN113378242A
CN113378242A CN202110717561.3A CN202110717561A CN113378242A CN 113378242 A CN113378242 A CN 113378242A CN 202110717561 A CN202110717561 A CN 202110717561A CN 113378242 A CN113378242 A CN 113378242A
Authority
CN
China
Prior art keywords
data
verification
verified
certificate
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110717561.3A
Other languages
Chinese (zh)
Inventor
代小龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Wodong Tianjun Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Wodong Tianjun Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Wodong Tianjun Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN202110717561.3A priority Critical patent/CN113378242A/en
Publication of CN113378242A publication Critical patent/CN113378242A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Abstract

The invention discloses a method and a system for data verification, and relates to the technical field of computers. One embodiment of the method comprises: according to the received data verification request, aiming at the data type of the data to be verified as static data, performing data integrity verification on the data to be verified by using a first verification model to generate a static verification certificate; performing data integrity verification on the data to be verified by using the second verification model to generate a dynamic verification certificate; generating an integrity verification result according to the static verification certificate or the dynamic verification certificate; and the corresponding verification model is adopted for data integrity verification aiming at the data type, so that the data verification efficiency is improved, and the problems of higher computing resource consumption and larger memory occupation caused by using a single verification scheme are solved.

Description

Data verification method and system
Technical Field
The invention relates to the technical field of computers, in particular to a method and a system for data verification.
Background
Today, internet technologies are widely used, requirements on accuracy, security and consistency of internet data are higher and higher, and therefore verification of data integrity is more and more important.
At present, in a scheme for verifying data integrity, a verification scheme for dynamic data is generally used, but data types of internet data include other types of data (for example, static data) in addition to the dynamic data, and data of each data type needs to be verified, so that the problem that computing resource consumption is high and memory occupation is large due to over-verification when a verification scheme for single dynamic data is used for verifying static data exists.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and a system for data verification, which can perform data integrity verification on static data based on a first verification model according to a received data verification request, and generate a static verification certificate; performing data integrity verification on the dynamic data based on the second verification model to generate a dynamic verification certificate; generating an integrity verification result by using a verification server according to the static verification certificate or the dynamic verification certificate; and the corresponding verification model is adopted for data integrity verification aiming at the data type, so that the data verification efficiency is improved, and the problems of higher computing resource consumption and larger memory occupation caused by using a single verification scheme are solved.
In order to achieve the above object, according to an aspect of the embodiments of the present invention, there is provided a method for data verification, applied to a server, including: receiving a data verification request, wherein the data verification request indicates the data type of data to be verified; aiming at the data type of static data, a first verification model is utilized to carry out data integrity verification on the data to be verified, a static verification certificate is generated, and the static verification certificate is sent to a verification server; aiming at the data type of the dynamic data, a second verification model is utilized to carry out data integrity verification on the data to be verified, a dynamic verification certificate is generated, and the dynamic verification certificate is sent to a verification server; and the verification server generates an integrity verification result according to the static verification certificate or the dynamic verification certificate.
Optionally, the method for data verification is characterized in that the data verification request further indicates information of one or more encrypted data blocks included in the data to be verified; the method further comprises: and searching one or more encrypted data blocks according to the information of one or more encrypted data blocks, and taking one or more encrypted data blocks as the data to be verified.
Optionally, the data verification method is characterized in that the data integrity verification of the data to be verified by using a first verification model to generate a static verification certificate, and includes: inputting one or more encrypted data blocks, a public key corresponding to the encrypted data blocks, a verification identifier indicated by the data verification request and a signature tag set generated by a client into the first verification model; and acquiring the static verification certificate output by the first verification model.
Optionally, the data verification method is characterized in that the integrity of the data to be verified is verified by using a second verification model to generate a dynamic verification certificate, and the method includes: inputting one or more encrypted data blocks, a public key corresponding to the encrypted data blocks, a verification identifier indicated by the data verification request and a signature tag set generated by a client into the second verification model; and acquiring the dynamic verification certificate output by the second verification model.
Optionally, the method of data verification is further characterized by:
further receiving an update request aiming at the data to be verified under the condition that the data type of the data to be verified is the dynamic data; inputting the data to be verified, the updating information indicated by the updating request, the auxiliary information of the data to be verified and a public key into a preset verification updating model, acquiring version information and an updating certificate output by the verification updating model, and sending the updating certificate to the verification server; the verification server verifies the validity of the update certificate according to the received update certificate aiming at the data to be verified and the public key; and if the verification result indicates that the update proof is valid, performing the step of verifying the integrity of the data to be verified by using a second verification model aiming at the updated data to be verified.
Optionally, the method of data validation, wherein,
the first verification model is a data integrity certification model based on a BLS signature algorithm.
Optionally, the method of data validation, wherein,
the second verification model is a data integrity certification model based on a multi-branch tree structure.
In order to achieve the above object, according to a second aspect of the embodiments of the present invention, there is provided a method for data verification, applied to a client, the method including: determining data to be verified and a data type of the data to be verified, wherein the data type is static data or dynamic data; generating identification information for indicating the data type for the data to be verified; and sending a data verification request including the identification information to a server, so that the server performs data integrity verification on the data to be verified based on the identification information.
Optionally, the method of data verification is further characterized by:
dividing the data to be verified into one or more data blocks; performing an encryption operation on the one or more data blocks; adding information of the encrypted data block to the data verification request.
Optionally, the method of data verification is further characterized by:
and signing the one or more data blocks, generating a signature tag set, and sending the signature tag set to the server so that the server performs data integrity verification on the data blocks based on the signature tag set.
To achieve the above object, according to a third aspect of the embodiments of the present invention, there is provided a system for data verification, including: an authentication server and a storage server; receiving a data verification request by using the storage server, wherein the data verification request indicates the data type of data to be verified; aiming at the data type is static data, the storage server utilizes a first verification model to carry out data integrity verification on the data to be verified, a static verification certificate is generated, and the static verification certificate is sent to the verification server; aiming at the data type of the dynamic data, the storage server utilizes a second verification model to carry out data integrity verification on the data to be verified, a dynamic verification certificate is generated, and the dynamic verification certificate is sent to the verification server; and the verification server generates an integrity verification result according to the static verification certificate or the dynamic verification certificate.
Optionally, the system for data verification further includes: one or more clients; determining data to be verified and a data type of the data to be verified by using the client, wherein the data type is static data or dynamic data; generating identification information for indicating the data type for the data to be verified; and sending a data verification request comprising the identification information by using the client, so that the storage server and the verification server verify the data integrity of the data to be verified based on the identification information.
To achieve the above object, according to a fourth aspect of the embodiments of the present invention, there is provided an electronic device for data verification, including: one or more processors; storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to carry out a method as claimed in any one of the methods of data validation described above.
To achieve the above object, according to a fifth aspect of the embodiments of the present invention, there is provided a computer readable medium having a computer program stored thereon, wherein the program is configured to implement, when executed by a processor, any one of the above methods for data verification.
One embodiment of the above invention has the following advantages or benefits: the data integrity verification can be performed on the static data based on the first verification model according to the received data verification request, and a static verification certificate is generated; performing data integrity verification on the dynamic data based on the second verification model to generate a dynamic verification certificate; generating an integrity verification result by using a verification server according to the static verification certificate or the dynamic verification certificate; the data integrity is verified by adopting the corresponding verification model aiming at the data type, so that the data verification efficiency is improved; the problem of resource consumption of verifying various data types by using a single dynamic verification scheme (for example, the dynamic verification scheme is a verification scheme based on a binary tree data integrity certification model) in the prior art is solved; specifically, the problems of unnecessary computing resource consumption and memory occupation caused by establishing a binary tree structure for static data under the condition of verifying the static data by using a dynamic verification scheme are solved; and the problems of computing resource consumption and memory occupation caused by higher complexity of a binary tree structure under the condition of verifying dynamic data by using a dynamic verification scheme are solved.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
fig. 1 is a flowchart illustrating a method for data verification applied to a server according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of data verification applied to a client according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart for data verification according to an embodiment of the present invention;
FIG. 4 is a flow diagram of a data verification system provided by an embodiment of the present invention;
FIG. 5 is a diagram of a multi-branch tree structure according to an embodiment of the present invention;
FIG. 6 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;
fig. 7 is a schematic block diagram of a computer system suitable for use in implementing a terminal device or server of an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
As shown in fig. 1, an embodiment of the present invention provides a method for data verification, which may include the following steps:
step S101: receiving a data verification request, wherein the data verification request indicates the data type of data to be verified.
The invention takes a storage server as a server for receiving a data verification request as an example for explanation, and particularly, the storage server is a storage service provider and is used for managing data uploaded by one or more clients or servers, wherein the data comprises data to be verified; the data to be verified can be stored in the storage medium of the storage server, and it can be understood that the data to be verified can be located through the stored address (e.g. disk partition identifier, directory identifier, file identifier); the data to be verified may be one or more database files, or one or more other types of files, and the specific data type and content of the data to be verified are not limited in the present invention.
Further, the storage server receives the data verification request to perform data integrity verification of the stored data to be verified based on the data verification request, wherein the party sending the data verification request may be the verification server: the method comprises the steps that after receiving a data verification request sent by a client, a verification server forwards the request to a storage server so as to trigger the storage server to execute data integrity verification of stored data to be verified; or the verification server sends a data verification request to the storage server according to a data verification strategy set by the client (for example, sending the data verification request at set time) so as to trigger the storage server to execute data integrity verification on the stored data to be verified; the party sending the data verification request can also be the client: the client sends a data verification request to the storage server to trigger the storage server to execute data integrity verification of the stored data to be verified.
Further, the data verification request indicates the data type of the data to be verified; the data type is dynamic data or static data, wherein the dynamic data or the static data is determined by the client, and the server can acquire the data type of the data to be verified from the data verification request as the static data and the dynamic data; in the storage server, the data may be distinguished as static data or dynamic data by using the data flag, or the static data may be stored in a specified static data storage address, and similarly, the dynamic data is stored in a dynamic data storage address of the instruction, so that the storage server indicates the data type of the data to be verified according to the data verification request, and performs data integrity verification by using a verification model (a first verification model or a second verification model) corresponding to the data type.
Step S102: aiming at the data type of static data, a first verification model is utilized to carry out data integrity verification on the data to be verified, a static verification certificate is generated, and the static verification certificate is sent to a verification server; and aiming at the data type being dynamic data, performing data integrity verification on the data to be verified by using a second verification model to generate a dynamic verification certificate, and sending the dynamic verification certificate to a verification server.
The present invention is described by taking a storage server as an example of a server that performs data integrity verification and generates a corresponding verification certificate, and specifically, the first verification model is a data integrity verification model based on a BLS signature algorithm. The BLS is a Boneh-Lynn-Shacham signature algorithm, the invention takes a data possession certification PDP (PDP) as an example to explain data integrity certification, the invention takes the BLS-PDP as a static data possession certification algorithm based on the BLS, and the BLS-PDP is a data integrity certification model based on the BLS signature algorithm, namely a first verification model.
Further, for static data, since there is no dynamic change of data, the use of the first verification model (BLS-PDP) can reduce the consumption of computing resources and communication resources of the system, and improve the performance of data integrity verification. Compared with the RSA signature algorithm, the BLS signature algorithm has the advantage of less signature bits, for example, the signature bits of the BLS signature algorithm are 160bits, and the signature bits of the RSA signature algorithm are 1024bits, so that compared with the RSA signature algorithm, the BLS signature algorithm reduces the consumption of computing resources to a great extent. And according to the homomorphic characteristic of the BLS signature algorithm, a plurality of signatures can be aggregated into one signature. The first verification model (BLS-PDP) may thus make the verification process relatively less computationally resource consuming, thereby reducing the consumption of computational resources. Preferably, the BLS signature algorithm can also effectively defend against indexing algorithms.
Further, for static data, a first verification model is used for carrying out data integrity verification on the data to be verified, a static verification certificate is generated, and the static verification certificate is sent to a verification server. Therefore, the resource consumption problem of the existing method for verifying multiple data types by using a single dynamic verification scheme (for example, the dynamic verification scheme is a verification scheme based on a binary tree data integrity certification model) is solved; specifically, the problems of unnecessary computing resource consumption and memory occupation caused by establishing a binary tree structure for static data under the condition of verifying the static data by using a dynamic verification scheme are solved.
The second verification model is a data integrity certification model based on a multi-branch tree structure. Wherein, the multi-branch tree structure can be LBT (large branching tree); in the invention, dynamic Data Persistent Data (DPDP) is taken as an example to explain data integrity certification, and LBT-DPDP is taken as a data integrity certification model based on a multi-branch tree structure, namely a second verification model.
Further, aiming at dynamic data, in order to improve the efficiency of data integrity verification, the invention takes a data integrity certification model (LBT-DPDP) based on a multi-branch tree structure as a second verification model; currently, the most common DPDP scheme is usually implemented based on a merkel tree (e.g., binary tree), and data to be verified is reorganized through a tree structure to further implement the operation of the data, but the merkel tree (e.g., binary tree) structure may result in too large depth of the built tree structure in the case of large data size, so that too much auxiliary information is required to traverse an authentication path of the data when verifying the integrity of the data. Therefore, the present invention replaces the merkel tree with LBT, and improves the data verification performance of dynamic data by reducing the depth of the tree structure, thereby improving the efficiency of data verification.
The LBT multi-branch tree structure is a novel tree structure proposed to solve the efficiency problem of the Mercker tree. The LBT may construct the number of branches corresponding to the tree structure according to actual scene requirements. By increasing the number of branches and reducing the depth of the tree, the auxiliary information required by data verification is reduced, and therefore the consumption of computing resources and communication resources required by the whole data verification process is reduced to a great extent. Illustratively, N data blocks (e.g., inserted data blocks) may be processed using one LBT, which is more efficient than a Mercker tree (e.g., binary tree) processing 2 data blocks at a time, and thus more efficient in processing large-scale data (e.g., inserted data) using LBT than a Mercker tree. Therefore, by using the second verification model (LBT-DPDP), the communication resource consumption and the computing resource consumption in the dynamic data integrity verification process are reduced.
Specifically, data is processed based on a tree structure, such as: the time complexity (denoted as O (h)) consumed by inserting or deleting data is the height of the tree structureIs proportional. Where h is the longest path (number of edges) from the root node to the leaf node. LBT has a number of sibling nodes per node except the root node compared to the mercker tree, so the depth of LBT is much less than the mercker tree, with the same number of data blocks building a tree structure. Fig. 5 shows an example of a tree structure based on LBT, as shown in fig. 5, when data is processed based on the tree structure, one data block corresponds to one node, in the process of verifying integrity of dynamic data, hash values of each data block need to be calculated from bottom to top based on the tree structure to form a hash chain, hash values h (b) calculated from bottom to top of each data block in the LBT structure are stored in leaf nodes, and hash values of associated nodes are calculated from bottom to top to obtain hash values of parent nodes. Assuming that the number of child nodes associated with each hierarchical parent node is n and the depth is 2 (as shown in the schematic diagram in fig. 5), the number of corresponding nodes is n2Can store n2Hash values of the data blocks; as an example shown in FIG. 5, the root node is given by x0Representing, root node associated child node x1The values of (d) are expressed as: h (H (b)1)||H(b2)||…||H(bk) ); therefore, under the condition of the same tree depth, the LBT can process more data blocks, so that the length of a data verification path is reduced, the auxiliary information is greatly reduced, and the data integrity verification efficiency is improved.
Specifically, for dynamic data, the storage server performs data integrity verification on the data to be verified by using a second verification model, and generates a dynamic verification certificate.
The specific description about generating the static verification proof is consistent with the description of step S302, and is not repeated here; the detailed description about the generation of the dynamic verification certification is consistent with the description of step S307, and is not repeated here.
Step S103: and the verification server generates an integrity verification result according to the static verification certificate or the dynamic verification certificate.
Specifically, the verification server may be a server provided by a third party and used for verifying data integrity, and the verification server may determine whether a static verification certificate generated by performing data integrity verification on static data and sent by the storage server or a dynamic verification certificate generated by performing data integrity verification on dynamic data is correct, that is, the verification server is used to generate an integrity verification result; for example: the integrity verification result can be 1, which indicates that the data is kept in integrity through the integrity verification; the integrity verification result is 0, which indicates that the integrity verification is not passed, which indicates that the data does not maintain integrity, i.e. there is a data exception. The invention does not limit the specific format and content of the integrity verification result; further, the integrity verification result may be sent to the client.
As shown in fig. 2, an embodiment of the present invention provides a method for data verification, which is applied to a client, and the method may include the following steps:
step S201: determining data to be verified and a data type of the data to be verified, wherein the data type is static data or dynamic data; and generating identification information for indicating the data type for the data to be verified.
Specifically, the client may belong to a service party that initiates the authentication request, and the service party determines, by using the client, to-be-authenticated data that needs to be subjected to data integrity authentication, determines that the to-be-authenticated data is static data or dynamic data, and generates identification information for indicating a data type for the to-be-authenticated data, so that a server (e.g., a storage server) distinguishes, by the identification information, the to-be-authenticated data received from the client as the static data or the dynamic data.
Step S202: and sending a data verification request comprising the identification information so that the server performs data integrity verification on the data to be verified based on the identification information.
Specifically, after determining that the content of the data to be verified and the data type of the data to be verified are static data or dynamic data, the client sends a data verification request containing identification information indicating the data type, and when sending the data verification request to the verification server, the verification server sends the data verification request to a server (for example, a storage server) according to a preset strategy of the client so that the server (the storage server and the verification server) performs data integrity verification on the data to be verified; optionally, in a case of sending a data verification request to the storage server, the data verification request including the identification information is sent so that the storage server performs data integrity verification on the data to be verified.
Performing data integrity verification on the data to be verified by using a first verification model to generate a static verification certificate; the description that the data integrity verification is performed on the data to be verified by using the second verification model to generate the dynamic verification certificate and the description that the verification server performs the data integrity verification based on the static verification certificate or the dynamic verification certificate are consistent with the description of the step S102 to the step S103, and are not described herein again.
Further, the client pre-processes the data to be verified, for example: dividing the data to be verified into one or more data blocks; performing an encryption operation on the one or more data blocks; adding information of the encrypted data block to the data verification request.
In particular, the client may utilize KeyGen (1)k) The → (pk, sk) algorithm performs encryption operations for one or more blocks of data, where 1kAnd outputting a pair of private key sk and public key pk as a safety parameter.
Further, the client pre-processes the data to be verified, for example: the one or more data blocks are signed, a signature tag set is generated, and the signature tag set is sent to a server (such as a storage server) so that the server (such as the storage server and a verification server) can perform data integrity verification on the data blocks based on the signature tag set.
Specifically, the client may sign the one or more data blocks using a TagBlock (sk, F) → { T } algorithm, which is run by the client to generate metadata T corresponding to the data to be verified, i.e., a homomorphic signature tag set, and generate a signature tag set. The algorithm inputs a private key sk and data F, the output result is metadata T (namely a signature tag set), and the output result can enable the storage server to carry out data integrity verification on the data block based on the signature tag set.
As shown in fig. 3, an embodiment of the present invention provides a data verification process, which may include the following steps;
step S301: receiving a data verification request, wherein the data verification request indicates the data type of data to be verified.
Specifically, when the data type is static data, the flow of performing data integrity verification on the static data in steps S302 to S303 is executed; in the case that the data type is dynamic data, the flow of performing data integrity verification on the dynamic data of steps S304 to S308 is performed. Regarding receiving the data verification request, the description of the data type of the data to be verified indicated by the data verification request is consistent with the description of step S101, and is not described herein again.
Step S302: inputting one or more encrypted data blocks, a public key corresponding to the encrypted data blocks, a verification identifier indicated by the data verification request and a signature tag set generated by a client into the first verification model; and acquiring the static verification certificate output by the first verification model.
Specifically, the static verification certificate may be generated by the storage server using an algorithm GenProof (pk, F ', T, chat) → P corresponding to the first verification model (BLS-PDP), where the GenProof includes specific model information of the first verification model (BLS-PDP), where inputs of the algorithm are pk, F ', T, chat, F ' represent one or more of the encrypted data blocks, pk represents a public key corresponding to the encrypted data block, chat represents a verification identifier (e.g., a verification request) indicated by the data verification request and a signature tag set T generated by the client, and an output result is the static verification certificate P; wherein, the letter can be a verification identifier which is started by the verification server by using a Challenge (·) → { letter } algorithm and is sent to the storage server; inputting one or more encrypted data blocks, a public key corresponding to the encrypted data blocks, a verification identifier indicated by the data verification request and a signature tag set generated by a client into the first verification model; and acquiring the static verification certificate output by the first verification model.
Step S303: and the verification server generates an integrity verification result according to the static verification certificate.
Specifically, after generating a static verification certificate (for example, denoted as P), the storage server sends the static verification certificate to the verification server, and the verification server further generates an integrity verification result according to the static verification certificate; for example: the verification server may verify the static proof of verification P returned by the storage server using the CheckProof (pk, chal, P) → (1,0) algorithm. The input parameters are a public key pk corresponding to the encrypted data block, a verification identifier chal (for example, a verification request) indicated by the data verification request, and a static verification certificate P; the output of the algorithm is an integrity verification result of "1" or "0", wherein "1" indicates that the data is complete, and "0" indicates that the data is corrupted. The detailed description of the integrity verification result is consistent with the description of step S103, and is not repeated here.
Step S304: judging whether the verification aiming at the dynamic data is the first verification, if so, executing the step S307; otherwise, step S305 is performed.
Specifically, for the data verification of the dynamic data, it is determined whether the verification for the dynamic data is the first verification, and if the verification is the first execution, the validity of the update certification corresponding to the data update is not verified, and the step S307 is directly executed; otherwise, the validity of the update proof is verified, and step S305 is executed.
Step S305: further receiving an update request for the data to be verified; inputting the data to be verified, the updating information indicated by the updating request, the auxiliary information of the data to be verified and a public key into a preset verification updating model, acquiring version information and an updating certificate output by the verification updating model, and sending the updating certificate to the verification server; and the verification server verifies the validity of the update certificate according to the received update certificate aiming at the data to be verified and the public key.
Specifically, the storage server is used as a server description for verifying the update data, and when the data to be verified has data update, the storage server inputs the data to be verified, the update information indicated by the update request, the auxiliary information of the data to be verified, and the public key into a preset verification update model, and obtains version information and an update certificate output by the verification update model, for example: the storage server may utilize Update (F, Info, Ω, pk) → { F', P } as a preset verification Update model to process the received Update request of the data to be verified. Wherein the input parameters are: the verification method includes inputting each piece of information into a preset verification update model, acquiring version information F' (for example, an updated latest version) and an update proof P output by the verification update model, and further sending the update proof to a verification server by using a storage server.
Further, the verification server may verify the validity of the update proof by using verifydupdate (P, pk) → {1,0} algorithm, where the verification server verifies the validity of the update proof according to the received update proof P for the data to be verified and the public key pk, and outputs a verification result, for example: 1 represents valid and 0 represents invalid. The invention does not limit the specific content and the specific format of the update proof.
Step S306: and if the verification result indicates that the update proof is valid, performing a step of verifying the integrity of the data to be verified by using a second verification model for the updated data to be verified (step S307).
Step S307: inputting one or more encrypted data blocks, a public key corresponding to the encrypted data blocks, a verification identifier indicated by the data verification request and a signature tag set generated by a client into the second verification model; and acquiring the dynamic verification certificate output by the second verification model.
Specifically, under the condition that the verification result indicates that the update proof is valid, further performing data integrity verification, and generating a dynamic verification proof by using an algorithm GenProof (pk, F', T, chal) → P corresponding to the second verification model (LBT-DPDP) through a storage server; wherein, the GenProof contains specific model information of the second verification model (LBT-DPDP); the input parameters of the Genproof algorithm include one or more encrypted data blocks F', public keys pk corresponding to the encrypted data blocks, a verification identifier chal (for example, a verification request) indicated by a data verification request and a signature tag set T generated by a client, and the output result is a dynamic verification certificate P; wherein, the letter can be an authentication request initiated by the authentication server by using a Challenge (·) → { letter } algorithm and sent to the storage server; inputting one or more encrypted data blocks, a public key corresponding to the encrypted data blocks, a verification identifier indicated by the data verification request and a signature tag set generated by a client into the second verification model; and acquiring the dynamic verification certificate output by the second verification model.
Step S308: and the verification server generates an integrity verification result according to the dynamic verification certificate.
Specifically, after acquiring the dynamic verification certificate P, the storage server sends the dynamic verification certificate P to the verification server, and the verification server generates an integrity verification result according to the dynamic verification certificate; for example: the verification server can verify the dynamic verification certificate P returned by the storage server by using a Checkproof (pk, chal, P) → (1,0) algorithm; the input parameters are a public key pk corresponding to the encrypted data block, a verification identifier chal (e.g., a verification request) indicated by the data verification request, and a certificate P. An integrity verification result is returned, for example, as "1" or "0", where "1" indicates that the data is complete and "0" indicates that the data is corrupted. The detailed description of the integrity verification result is consistent with the description of step S103, and is not repeated here.
As shown in fig. 4, an embodiment of the present invention provides a system for data verification, including: a storage server 401 and an authentication server 402; wherein the content of the first and second substances,
receiving a data verification request by using the storage server 401, where the data verification request indicates a data type of data to be verified;
for the data type is static data, the storage server 401 performs data integrity verification on the data to be verified by using a first verification model to generate a static verification certificate, and sends the static verification certificate to the verification server 402;
for the data type of the dynamic data, the storage server 401 performs data integrity verification on the data to be verified by using a second verification model to generate a dynamic verification certificate, and sends the dynamic verification certificate to the verification server 402;
the verification server 402 generates an integrity verification result according to the static verification certificate or the dynamic verification certificate.
Optionally, the system for data verification further includes: one or more clients 403; determining data to be verified and a data type of the data to be verified by using the client 403, wherein the data type is static data or dynamic data; generating identification information for indicating the data type for the data to be verified; sending a data verification request including the identification information by using the client 403, so that the storage server 401 and the verification server 402 perform data integrity verification on the data to be verified based on the identification information.
In the example shown in fig. 4, the client sends the data verification request to the verification server, and the verification server sends the data verification request to the storage server to trigger the data verification process, it is understood that the data verification process may also be triggered by the verification server, and the specific description about sending the data verification request is consistent with the description in step S101, and is not described again here.
An embodiment of the present invention further provides an electronic device for data verification, including: one or more processors; the storage device is used for storing one or more programs, and when the one or more programs are executed by the one or more processors, the one or more processors are enabled to realize the method provided by any one of the above embodiments.
Embodiments of the present invention further provide a computer-readable medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the method provided in any of the above embodiments.
Fig. 6 illustrates an exemplary system architecture 600 of a data verification apparatus or method to which embodiments of the invention may be applied.
As shown in fig. 6, the system architecture 600 may include terminal devices 601, 602, 603, a network 604, and a server 605. The network 604 serves to provide a medium for communication links between the terminal devices 601, 602, 603 and the server 605. Network 604 may include various types of connections, such as wire, wireless communication links, or fiber optic cables, to name a few.
A user may use the terminal devices 601, 602, 603 to interact with the server 605 via the network 604 to receive or send messages or the like. The terminal devices 601, 602, 603 may have various client applications installed thereon, such as an e-mall client application, a web browser application, a search-type application, and the like.
The terminal devices 601, 602, 603 may be various electronic devices having display screens and supporting various client applications, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 605 may be a server that provides various services, such as a background management server (storage server, authentication server) that provides support for clients used by users with the terminal devices 601, 602, 603. The background management server can process the received data verification request and feed back the data integrity verification result to the terminal equipment.
It should be noted that the method for data verification applied to the client provided by the embodiment of the present invention is generally executed by the terminal devices 601, 602, and 603, the method for data verification applied to the server provided by the embodiment of the present invention is generally executed by the server 605, and accordingly, the client for data verification is generally disposed in the terminal devices 601, 602, and 603; the storage server and the authentication server for data authentication are generally provided in the plurality of servers 605.
It should be understood that the number of terminal devices, networks, and servers in fig. 6 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 7, shown is a block diagram of a computer system 700 suitable for use with a terminal device implementing an embodiment of the present invention. The terminal device shown in fig. 7 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 7, the computer system 700 includes a Central Processing Unit (CPU)701, which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data necessary for the operation of the system 700 are also stored. The CPU 701, the ROM 702, and the RAM 703 are connected to each other via a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input portion 706 including a keyboard, a mouse, and the like; an output section 707 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 708 including a hard disk and the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. A drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read out therefrom is mounted into the storage section 708 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 709, and/or installed from the removable medium 711. The computer program performs the above-described functions defined in the system of the present invention when executed by the Central Processing Unit (CPU) 701.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules and/or units described in the embodiments of the present invention may be implemented by software, and may also be implemented by hardware. The described modules and/or units may also be provided in a processor.
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise: receiving a data verification request, wherein the data verification request indicates the data type of data to be verified; aiming at the data type of static data, a first verification model is utilized to carry out data integrity verification on the data to be verified, a static verification certificate is generated, and the static verification certificate is sent to a verification server; aiming at the data type of the dynamic data, a second verification model is utilized to carry out data integrity verification on the data to be verified, a dynamic verification certificate is generated, and the dynamic verification certificate is sent to a verification server; and the verification server generates an integrity verification result according to the static verification certificate or the dynamic verification certificate.
According to the embodiment of the invention, data integrity verification can be performed on the static data based on the first verification model according to the received data verification request, and a static verification certificate is generated; performing data integrity verification on the dynamic data based on the second verification model to generate a dynamic verification certificate; generating an integrity verification result by using a verification server according to the static verification certificate or the dynamic verification certificate; the data integrity is verified by adopting the corresponding verification model aiming at the data type, so that the data verification efficiency is improved; the problem of resource consumption of verifying various data types by using a single dynamic verification scheme (for example, the dynamic verification scheme is verified by a data integrity certification model based on a binary tree) in the prior art is solved; specifically, the problems of unnecessary computing resource consumption and memory occupation caused by establishing a binary tree structure for static data under the condition of verifying the static data by using a dynamic verification scheme are solved; and the problems of computing resource consumption and memory occupation caused by higher complexity of a binary tree structure under the condition of verifying dynamic data by using a dynamic verification scheme are solved.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (14)

1. A method of data verification, comprising:
receiving a data verification request, wherein the data verification request indicates the data type of data to be verified;
aiming at the data type of static data, a first verification model is utilized to carry out data integrity verification on the data to be verified, a static verification certificate is generated, and the static verification certificate is sent to a verification server;
aiming at the data type of the dynamic data, a second verification model is utilized to carry out data integrity verification on the data to be verified, a dynamic verification certificate is generated, and the dynamic verification certificate is sent to a verification server;
and the verification server generates an integrity verification result according to the static verification certificate or the dynamic verification certificate.
2. The method of claim 1,
the data verification request further indicates information of one or more encrypted data blocks included in the data to be verified;
the method further comprises: and searching one or more encrypted data blocks according to the information of one or more encrypted data blocks, and taking one or more encrypted data blocks as the data to be verified.
3. The method of claim 2, wherein the generating a static verification certificate by verifying the integrity of the data to be verified by using a first verification model comprises:
inputting one or more encrypted data blocks, a public key corresponding to the encrypted data blocks, a verification identifier indicated by the data verification request and a signature tag set generated by a client into the first verification model;
and acquiring the static verification certificate output by the first verification model.
4. The method of claim 2, wherein the generating a dynamic verification certificate by verifying the integrity of the data to be verified by using a second verification model comprises:
inputting one or more encrypted data blocks, a public key corresponding to the encrypted data blocks, a verification identifier indicated by the data verification request and a signature tag set generated by a client into the second verification model;
and acquiring the dynamic verification certificate output by the second verification model.
5. The method of claim 4, further comprising:
for the case that the data type of the data to be verified is the dynamic data,
further receiving an update request for the data to be verified;
inputting the data to be verified, the updating information indicated by the updating request, the auxiliary information of the data to be verified and a public key into a preset verification updating model, acquiring version information and an updating certificate output by the verification updating model, and sending the updating certificate to the verification server;
the verification server verifies the validity of the update certificate according to the received update certificate aiming at the data to be verified and the public key;
and if the verification result indicates that the update proof is valid, performing the step of verifying the integrity of the data to be verified by using a second verification model aiming at the updated data to be verified.
6. The method of claim 1,
the first verification model is a data integrity certification model based on a BLS signature algorithm.
7. The method of claim 1,
the second verification model is a data integrity certification model based on a multi-branch tree structure.
8. A method for data verification is applied to a client and comprises the following steps:
determining data to be verified and a data type of the data to be verified, wherein the data type is static data or dynamic data;
generating identification information for indicating the data type for the data to be verified;
and sending a data verification request including the identification information to a server, so that the server performs data integrity verification on the data to be verified based on the identification information.
9. The method of claim 8, further comprising:
dividing the data to be verified into one or more data blocks; performing an encryption operation on the one or more data blocks;
adding information of the encrypted data block to the data verification request.
10. The method of claim 9, further comprising:
and signing the one or more data blocks, generating a signature tag set, and sending the signature tag set to the server so that the server performs data integrity verification on the data blocks based on the signature tag set.
11. A system for data verification, comprising: an authentication server and a storage server; wherein the content of the first and second substances,
receiving a data verification request by using the storage server, wherein the data verification request indicates the data type of data to be verified;
aiming at the data type is static data, the storage server utilizes a first verification model to carry out data integrity verification on the data to be verified, a static verification certificate is generated, and the static verification certificate is sent to the verification server;
aiming at the data type of the dynamic data, the storage server utilizes a second verification model to carry out data integrity verification on the data to be verified, a dynamic verification certificate is generated, and the dynamic verification certificate is sent to the verification server;
and the verification server generates an integrity verification result according to the static verification certificate or the dynamic verification certificate.
12. The system of claim 11, further comprising: one or more clients; wherein the content of the first and second substances,
determining data to be verified and a data type of the data to be verified by using the client, wherein the data type is static data or dynamic data; generating identification information for indicating the data type for the data to be verified;
and sending a data verification request comprising the identification information by using the client, so that the storage server and the verification server verify the data integrity of the data to be verified based on the identification information.
13. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-10.
14. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-10.
CN202110717561.3A 2021-06-28 2021-06-28 Data verification method and system Pending CN113378242A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110717561.3A CN113378242A (en) 2021-06-28 2021-06-28 Data verification method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110717561.3A CN113378242A (en) 2021-06-28 2021-06-28 Data verification method and system

Publications (1)

Publication Number Publication Date
CN113378242A true CN113378242A (en) 2021-09-10

Family

ID=77579575

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110717561.3A Pending CN113378242A (en) 2021-06-28 2021-06-28 Data verification method and system

Country Status (1)

Country Link
CN (1) CN113378242A (en)

Similar Documents

Publication Publication Date Title
CN108900364B (en) Block chain network management method, block chain network management device, block chain network management medium and electronic equipment
CN108390872B (en) Certificate management method, device, medium and electronic equipment
KR20220006623A (en) Blockchain consensus method, device and system
CN113657900B (en) Cross-chain transaction verification method and system and cross-chain transaction system
US20210377048A1 (en) Digital Signature Method, Signature Information Verification Method, Related Apparatus and Electronic Device
CN109413084B (en) Password updating method, device and system
EP4350556A1 (en) Information verification method and apparatus
CN111950032A (en) Block chain-based data storage method, terminal device and storage medium
CN112541775A (en) Transaction tracing method based on block chain, electronic device and computer storage medium
CN113206746B (en) Digital certificate management method and device
CN113765968A (en) File transmission method, device and system
CN113206738B (en) Digital certificate management method and device
CN113242132B (en) Digital certificate management method and device
CN113179169B (en) Digital certificate management method and device
CN113206745B (en) Digital certificate management method and device
CN112966286B (en) Method, system, device and computer readable medium for user login
CN113378242A (en) Data verification method and system
CN111984616B (en) Method, device and system for updating shared file
CN111355584B (en) Method and apparatus for generating blockchain multi-signatures
CN113873004A (en) Task execution method and device and distributed computing system
CN111949738A (en) Block chain-based data storage deduplication method, terminal device and storage medium
CN113761585A (en) Data processing method, device and system
CN111931204A (en) Encryption and de-duplication storage method and terminal equipment for distributed system
CN113626873B (en) Authentication method, device, electronic equipment and computer readable medium
CN110611656B (en) Identity management method, device and system based on master identity multiple mapping

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination