CN103139149A - Method and system for accessing data in cloud storage - Google Patents
Method and system for accessing data in cloud storage Download PDFInfo
- Publication number
- CN103139149A CN103139149A CN2011103805102A CN201110380510A CN103139149A CN 103139149 A CN103139149 A CN 103139149A CN 2011103805102 A CN2011103805102 A CN 2011103805102A CN 201110380510 A CN201110380510 A CN 201110380510A CN 103139149 A CN103139149 A CN 103139149A
- Authority
- CN
- China
- Prior art keywords
- data
- hash
- computing
- cloud
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a system for accessing data in cloud storage. The method comprises the following steps of: performing hash algorithm on data, which is currently needed to be stored by a user, in a cloud terminal to obtain a hash algorithm result; safely storing the hash algorithm result and a structural body of the hash algorithm; and uploading the data to be currently stored to a cloud storage server for storage. Therefore, after the user downloads the data from the cloud storage server, the hash algorithm can be executed by using the structural body of the hash algorithm saved in the data storing process, so that a hash algorithm verification result can be obtained; and by comparing the hash algorithm verification result with the hash algorithm result saved in the data storing process, and whether the data is tampered can be known, namely data integrity can be verified. As long as the data is tampered, the obtained hash algorithm verification result and the saved hash algorithm result are inconsistent. Therefore, by the method for accessing the data, the integrity of the accessed data can be verified, the security of the data in the cloud storage is improved, and the satisfaction degree of user experience can be improved.
Description
Technical field
The present invention relates to the communications field, be specifically related to a kind of data access method and system of cloud storage.
Background technology
The core concept of cloud computing is computational resource unified management and the scheduling that connect with network in a large number, consists of a computational resource pond to user's on-demand service.Provide the network of resource to be called as in " cloud ".Resource in " cloud " can infinite expanding In the view of the user, and can obtain at any time, uses as required, and expansion is at any time paid by using.Industry three stage layereds of cloud computing: cloud software, cloud platform, cloud equipment.
The cloud storage is in cloud computing (cloud computing) conceptive extension and a development new concept out, refer to by functions such as cluster application, grid or distributed file systems, a large amount of various dissimilar memory devices in network are gathered collaborative work by application software, a system of data storage and Operational Visit function externally is provided jointly.When the core of cloud computing system computing and processing is the store and management of mass data, just need a large amount of memory device of configuration in cloud computing system, cloud computing system just is transformed into a cloud storage system so, so the cloud storage is a cloud computing system take the data store and management as core.
The cloud terminal is based on the client product of network environment, the cloud terminal adopts the integrated integrated design of software and hardware height, have the high-speed low-power-consumption flush bonding processor, though fuselage is small and exquisite, but interface is various, and is the same with other network equipments, by netting twine and the network interconnection, terminal data is stored in central host (cloud storage server), data storage safety and reliability.
As from the foregoing, the cloud storage is the important component part of cloud computing, especially along with the rapid growth of data, makes increasing enterprise or personal user consider private data, information etc. is stored on the cloud storage server.But existing cloud storage means just directly directly uploads to user's data on the cloud storage server and stores, and when the user needs, directly downloads corresponding data from the cloud storage server and get final product, and is machine-processed without any safety verification.The user does not know whether the data of oneself storing are peeped, also and the data of not knowing oneself storage whether be tampered (such as the partial data that injects wooden horse, deletion user etc.), therefore the data storage mechanism of existing cloud storage can not make the user relieved private data, information etc. is stored in cloud storage server end, greatly reduce the satisfaction that the user experiences.
Summary of the invention
The main technical problem to be solved in the present invention is to provide a kind of data access method and system of cloud storage, the fail safe of raising cloud storage, and then the satisfaction of raising user experience.
For solving the problems of the technologies described above, the invention provides a kind of date storage method of cloud storage, comprising:
The current data that will store of cloud terminal are carried out the hash computing;
The structure of described hash computing and the hash operation result that obtains are carried out safe storage;
The current data that will store of cloud terminal are sent to the cloud storage server stores.
In an embodiment of the present invention, described method also comprises:
A plurality of hash operation results that storage obtains to data repeatedly carry out total hash computing, obtain total hash operation result, and the structure of described total hash operation result and described total hash computing is carried out safe storage.
In an embodiment of the present invention, the structure of described hash computing and the hash operation result that obtains being carried out safe storage comprises: store on described cloud storage server after the structure of described hash computing and the hash operation result that obtains are encrypted and/or on described cloud terminal; Perhaps the structure of described hash computing and the hash operation result that obtains are stored on the credible chip with described cloud terminal cooperating.
In an embodiment of the present invention, the structure of described total hash operation result and described total hash computing being carried out safe storage comprises: store on described cloud storage server after the structure of described total hash operation result and described total hash computing is encrypted and/or on described cloud terminal; Perhaps the structure of described total hash operation result and described total hash computing is stored on the credible chip with described cloud terminal cooperating.
In an embodiment of the present invention, before described data are carried out the hash computing, perhaps after described data are carried out the hash computing, be uploaded to before described cloud storage server stores, also comprise described data are encrypted, and encryption key is carried out safe storage.
In an embodiment of the present invention, utilization is encrypted described data with the credible chip of described cloud terminal cooperating, and encryption key is stored in described credible chip.
The present invention also provides a kind of method for reading data of cloud storage, comprising:
Obtain data from the cloud storage server, according to the structure of hash computing of storage, it is carried out the hash computing, obtain hash computing the result;
The hash computing the result that obtains and the hash operation result of storage are compared, according to the integrality of the described data of comparative result checking.
In an embodiment of the present invention, before obtaining corresponding data from described cloud storage server, also comprise:
According to the structure of total hash computing of storing, a plurality of hash operation results of storing are carried out total hash computing, obtain total hash computing the result, compare according to total hash operation result of the total hash computing the result that obtains and storage, verify the integrality of described a plurality of hash operation results; When the described a plurality of hash operation results of empirical tests are complete, obtain the data corresponding with described a plurality of hash operation results from described cloud storage server.
The present invention also provides a kind of cloud storage system, comprises cloud storage server, at least one cloud terminal, and described cloud terminal comprises:
Processing unit is used for the current data that will store of this cloud terminal are carried out the hash computing; The structure of described hash computing and the hash operation result that obtains are carried out safe storage;
Transmitting element is used for that the current data that will store of cloud terminal are sent to the cloud storage server and stores;
Described cloud storage server is used for storing described data.
In an embodiment of the present invention, the processing unit of described cloud terminal also is used for carrying out total hash computing to repeatedly storing a plurality of hash operation results that data obtain, and total hash operation result of obtaining and the structure of described total hash computing are carried out safe storage.
In an embodiment of the present invention, the processing unit of described cloud terminal is encrypted described data, and encryption key is carried out safe storage before also being used for the current data that will store in this terminal are carried out the hash computing.
In an embodiment of the present invention, described system also comprises the credible chip that matches with described cloud terminal, and the processing unit of described cloud terminal utilizes described credible chip that described data are encrypted.
In an embodiment of the present invention, the processing unit of institute's cloud terminal comprises relatively subelement of data acquisition subelement, data verification subelement and data, described data acquisition subelement is used for obtaining data from the cloud storage server, described data verification subelement is used for according to the structure of the described hash computing of storage, the data that described data acquisition subelement obtains being carried out the hash computing, obtains hash computing the result; Described data comparison subelement compares for the described hash computing the result that will obtain and the corresponding hash operation result of storage, the integrality of the described data that checking is obtained according to comparative result.
In an embodiment of the present invention, before the data verification subelement of described processing unit also is used for obtaining corresponding data from described cloud storage server, according to the structure of described total hash computing of storing, a plurality of hash operation results of storing are carried out total hash computing, obtain total hash computing the result; Described data comparison subelement also is used for comparing according to the described total hash computing the result that obtains and total hash operation result of storage, verifies the integrality of described a plurality of hash operation results; When the described a plurality of hash operation results of empirical tests are complete, notify described data acquisition subelement to obtain the data corresponding with described a plurality of hash operation results from described cloud storage server.
The invention has the beneficial effects as follows: the date storage method of cloud storage provided by the invention is by carrying out the hash computing with the current data that will store of user in the cloud terminal, the hash operation result that obtains and the structure of this hash computing are carried out safe storage, and the current data upload that will store of cloud terminal is stored to the cloud storage server.Therefore as the user after cloud storage server downloading data, the structure of the hash computing of preserving in the time of can utilizing these data of storage carries out the hash computing, and then obtain hash computing the result, with the hash computing the result that obtains and the hash operation result of storing this data preservation, can learn whether these data are tampered, can verify the integrality of these data, as long as these data are tampered, the hash computing the result that obtains and the hash operation result of preservation are inconsistent.Therefore data access method provided by the invention can be verified the integrality of the data of access, improves the fail safe of cloud storage data, and then improves the satisfaction that the user experiences.
In addition, in the present invention, also can carry out before the hash computing, it being encrypted in the data that will store the user, can not peeped by the people, divulge a secret to guarantee these data, further improve the fail safe of data storage.
Description of drawings
Fig. 1 is the date storage method flow chart of the cloud storage of an embodiment of the present invention;
Fig. 2 is the method for reading data flow chart of the cloud storage of an embodiment of the present invention;
Fig. 3 is the cloud storage system block diagram of an embodiment of the present invention;
Fig. 4 is the date storage method flow chart of the cloud storage of the another kind of embodiment of the present invention;
Fig. 5 is the method for reading data flow chart of the cloud storage of the another kind of embodiment of the present invention.
Embodiment
By reference to the accompanying drawings the present invention is described in further detail below by embodiment.
Embodiment one:
Please refer to Fig. 1 and Fig. 2, the date storage method of this routine medium cloud storage comprises the following steps:
The current data that will store in the cloud terminal are carried out the hash computing;
The structure of hash computing and the hash operation result that obtains are carried out safe storage, store on the cloud storage server after specifically can being encrypted (can utilize credible calculating to be encrypted) to the structure of described hash computing and the hash operation result that obtains, also can be stored on the cloud terminal, perhaps be stored in simultaneously on cloud storage server and cloud terminal; Perhaps the structure of hash computing and the hash operation result that obtains are stored on other safe storage devices with cloud terminal cooperating, for example are stored on credible chip;
The current data that will store of cloud terminal are sent to the cloud storage server stores.
Accordingly, the method for reading data of this routine medium cloud storage comprises the following steps:
Obtain corresponding data from the cloud storage server;
According to the structure (structure of the hash computing of storing when namely storing these data) of the corresponding hash computing of storing, it is carried out the hash computing, obtain hash computing the result;
the hash computing the result that obtains and the corresponding hash operation result (the hash operation result that obtains when namely storing these data) of storage are compared, integrality according to the described data of comparative result checking, if it is inconsistent to be specially the corresponding hash budget result of the hash computing the result that obtains and storage, show that these data are tampered, for example may be injected into extra information (for example virus), perhaps wherein some data are deleted etc., these data of prompting user are imperfect, open and have certain risk, therefore can improve the fail safe of the data access of cloud storage, improve the satisfaction that the user experiences.
When the cloud terminal is carried out repeatedly the data storage as stated above, can obtain a plurality of hash operation results and corresponding a plurality of hash operating structure bodies; Certainly, when carrying out repeatedly hash computing in this example, selected hash operating structure body can be identical, although carry out repeatedly hash computing this moment, but the structure that needs to preserve only has one, also can select according to actual needs different hash operating structure bodies to carry out the hash computing, the structure that need to preserve this moment just exists a plurality of.Concrete selection mode can be selected according to actual conditions.
but no matter select an identical hash operating structure body to carry out repeatedly hash computing, still select a plurality of different hash operating structure bodies to carry out repeatedly hash computing, resulting hash operation result has a plurality of, a plurality of hash operation results for the ease of the management preservation, all hash operation results can be stored in the integrality description list in this example, the integrality description list is stored by above-mentioned safe storage mode, then reading out data and when carrying out integrity verification as stated above on the stores service, the corresponding hash operation result that can read successively storage from the integrality description list compares checking.
because the hash operation result of storing in the integrality description list includes a plurality of, for can not being tampered, the hash operation result that guarantees to store in the integrality description list (for example do not deleted partial data, perhaps added partial data or injected Virus Info etc.), can comprise also in this example that a plurality of hash operation results to being obtained by the storage of data repeatedly in the integrality description list carry out total hash computing, and then obtain total hash operation result, then the structure with total hash operation result and total hash computing carries out safe storage, concrete store on described cloud storage server after also the structure of total hash operation result and described total hash computing can being encrypted and/or on described cloud terminal, perhaps the structure of total hash operation result and described total hash computing is stored on the credible chip with described cloud terminal cooperating.
It should be noted that, the structure that in this example, total hash computing is adopted can be identical with the structure that above-mentioned hash computing is adopted, also can select the structure different from above-mentioned hash computing to carry out total hash computing to obtain total hash result, and total hash result store that preferably will obtain in this example is on the credible chip that matches with the cloud terminal, to guarantee the fail safe of its storage.
When adopting above-mentioned total hash computing to protect to the hash operation result in the integrality description list (comprising the situation of only having a hash operation result in the integrality description list) in this example, also comprise before reading out data from the cloud storage server:
According to the structure of total hash computing of storing, the hash operation result of storing in the integrality description list is carried out total hash computing, obtain total hash computing the result, compare the integrality of storage hash operation result in checking integrality description list according to total hash operation result of the total hash computing the result that obtains and storage; If total hash computing the result is consistent with total hash operation result, show that storage hash operation result is not tampered in the integrality description list, can be used as the foundation of verification of data integrity; Otherwise, showing that at least one the storage hash operation result in the integrality description list is tampered, this integrality description list can not be as the foundation of data integrity.Therefore can avoid utilizing the integrality of the hash operation result verification msg that was tampered in this example, can further improve the fail safe of data storage.And being tampered for fear of the hash operation result causes it not occur as this situation of the foundation of the integrality of verification msg, be preferably in this example the integrality table is all preserved on cloud terminal and cloud storage server, even also can preserve on other third party's secure storage mediums, when a copy of it integrality description list of empirical tests preservation is tampered, also can call from other Protectors the integrality description list of backup.
said process has specifically described the process of carrying out the data of storage are carried out integrity verification when the data of cloud storage are carried out access, can check the integrality of the data of storage, and then the fail safe of raising data storage, for the further fail safe of data storage and the satisfaction that the user experiences of improving, also can comprise the step that the data of storing are encrypted in this example, specifically can be the data of storage are being carried out being encrypted before the hash computing, also can according to actual conditions be chosen in to the storage data carry out the hash computing after, carry out it is encrypted before the data storage, this moment is when the integrality of verification msg, need first it to be decrypted, then just carry out the hash computing and carry out integrity verification, then encryption key is carried out safe storage, can not peeped by the people, divulge a secret to guarantee the data that are stored on the cloud storage server.Preferably, select to utilize the credible chip with cloud terminal cooperating that it is encrypted when in this example, the data of storing being encrypted, and encryption key is stored in credible chip, to guarantee the fail safe of encryption key.
When reading out data, after the data of obtaining from the cloud storage server are carried out integrity verification or before integrity verification, can read encryption key from credible chip and be decrypted.
See also Fig. 3, a kind of cloud storage system also is provided in this example, comprise cloud storage server and at least one cloud terminal, the cloud terminal in this example comprises processing unit, memory cell and transmitting element, and memory cell is used for the storage data:
Wherein, the data that the processing unit of at least one cloud terminal is used for will storing the user are as stated above carried out the hash computing, and as stated above related data are carried out safe storage; The transmitting element of this cloud terminal is used for that the current data that will store of cloud terminal are sent to the cloud storage server and stores.
Processing unit in this example also is used for carrying out as stated above total hash computing to repeatedly storing a plurality of hash operation results that data obtain, and total hash operation result of obtaining and the structure of described total hash computing are carried out safe storage; And before also being used for the current data that will store in this terminal are carried out the hash computing, as stated above described data being encrypted, and encryption key is carried out safe storage.
The processing unit of this routine medium cloud terminal also comprises relatively subelement of data acquisition subelement, data verification subelement and data; The data acquisition subelement is used for reading the data of storing from storage server as stated above; The data verification subelement is used for as stated above according to the structure of the hash computing of storage, data being obtained the data that subelement obtains and carries out the hash computing, obtains hash computing the result; Data comparison subelement compares for the hash computing the result that will obtain and the corresponding hash operation result of storage, the integrality of the described data that checking is obtained according to comparative result.
And before in this example, the data verification subelement of processing unit also is used for obtaining corresponding data from the cloud storage server, according to the structure of total hash computing of storing, a plurality of hash operation results of storing are carried out total hash computing, obtain total hash computing the result; Data comparison subelement also is used for comparing according to the total hash computing the result that obtains and total hash operation result of storage, verifies the integrality of described a plurality of hash operation results; When the described a plurality of hash operation results of empirical tests were complete, just notification data obtained subelement and downloads the data corresponding with described a plurality of hash operation results from the cloud storage server.
Cloud storage server in this example is used for the data that the storage user will store, and stores relevant hash operating structure body, hash operation result etc.
It should be noted that the credible chip that matches with the cloud terminal in this example can arrange with the cloud terminal in, perhaps be external on the cloud terminal, for example can be connected with trusted terminal by USB, this fit system is more flexible, and is more susceptible to user acceptance.Cloud terminal in this example can be mobile phone, IPAD, computer, intelligent appliance etc.
Embodiment two:
For a better understanding of the present invention, be encrypted below in conjunction with complete data to storage and integrity verification procedures the present invention will be further described:
Be chosen in this example the data of storage are carried out before the hash computing, it being encrypted; And select and to be stored in the integrality description list by a plurality of hash operation results that hash computing repeatedly obtains, integrality description list in this example also can comprise the recorded information of storing data, be used for editor that record does the data of storage, editor time, etc. information.
Cloud terminal in this example is chosen as net book, credible chip selection TCM chip, the TCM chip is connected with net book by USB, encryption method adopts the SM4 method to carry out encryption and decryption, adopt SM3 to carry out the hash computing to the data of storage, and all hash computings all adopt the computing of SM3 hash to carry out, and detailed process sees also Fig. 4 and Fig. 5:
See also Fig. 4, the storing process of data comprises:
401: the current data that will store in the cloud terminal are encrypted, specifically adopt the SM4 method to carry out encryption and decryption;
402: encrypted result is stored in credible chip, specifically is stored in the internal non-volatile memory space (NV) of TCM chip;
403: the data after encrypting are carried out the hash computing, specifically adopt SM3 to carry out the hash computing to it;
404: structure and the hash operation result of hash computing are carried out safe storage, be stored on cloud terminal and cloud storage server after specifically it being encrypted, wherein the hash operation result is stored in the integrality description list; Repeat above-mentioned storing process;
405: the hash result in the integrality description list is carried out total hash computing, specifically also select SM3 to carry out total hash computing;
406: total hash operation result that will obtain is stored in the internal non-volatile memory space (NV) of CM chip, and the structure of total hash computing is carried out safe storage, also can select to be stored in simultaneously on cloud storage server and cloud terminal.
After having stored data by above-mentioned storage means, data structure summary table and the integrality description list of memory contents on a cloud storage server arranged in local cloud terminal; There is a final total hash result and encryption key in TCM NV space; Data structure summary table and integrality description list after portion is encrypted are arranged on the cloud storage server.
By above-mentioned storing process as can be known, used SM4 to encrypt before to storage of subscriber data, encryption key is saved in TCM internal non-volatile memory space (NV).Because the user data in cloud storage is that form with ciphertext exists, and key information is by the TCM hardware protection, so the user do not worry divulging a secret of data, improved the fail safe of data storages.
See also Fig. 5, the process that reads of data comprises:
501: log in cloud terminal (the cloud terminal in this example need comprise above-mentioned TCM chip);
502: read the integrality description list of the local storage of cloud terminal, and according to the structure of the SM3 hash computing of storing, it is carried out total hash computing, obtain total hash computing the result;
503: total hash operation result of storing in total hash computing the result and TCM chip is compared, judge both whether consistent; As no, go to step 504; Otherwise, go to step 507;
504: again read the integrality description list from the cloud storage server, carry out total hash computing by step 502;
Whether 505: total hash computing the result that will obtain compares by the described mode of step 503, judge both unanimously, as no, goes to step 506; Otherwise, go to step 507;
506: reminding user integrality description list is tampered.
507: download user data from the cloud storage server, and read encryption key from the TCM chip it is decrypted;
508: the user data after deciphering is carried out respectively the computing of SM3 hash, obtain hash computing the result, the result of storing in the result that obtains and integrality description list is compared, whether the user data of storing with judgement is tampered.
By above-mentioned access procedure as can be known, in this example when data are stored, data to storage have been carried out the hash computing, and a plurality of hash operation results in the integrality description list have been carried out the computing of secondary hash, with the integrality of the hash operation result that guarantees to obtain, and then guarantee that the hash operation result in the integrality description list can be used as effective foundation of the integrality of authentication of users data.Therefore utilize the access method in this example, can effectively verify the integrality of the user data of storage, avoid the user not know that the data of its storage are tampered and the risk of opening, adopt these data to bring, the fail safe that has improved storage of subscriber data.
It should be noted that, encryption method in the present invention is not to be only limited to the SM4 encryption method, the hash operation method is not to be only limited to above-mentioned SM3 hash operation method yet, credible chip is not tightly to be limited to above-mentioned TCM chip yet, and concrete credible chip type and encipher-decipher method and hash operation method can be selected according to actual conditions by the user.
Above content is in conjunction with concrete execution mode further description made for the present invention, can not assert that concrete enforcement of the present invention is confined to these explanations.For the general technical staff of the technical field of the invention, without departing from the inventive concept of the premise, can also make some simple deduction or replace, all should be considered as belonging to protection scope of the present invention.
Claims (14)
1. the date storage method of cloud storage is characterized in that comprising:
The current data that will store of cloud terminal are carried out the hash computing;
The structure of described hash computing and the hash operation result that obtains are carried out safe storage;
The current data that will store of cloud terminal are sent to the cloud storage server stores.
2. the method for claim 1, is characterized in that, described method also comprises:
A plurality of hash operation results that storage obtains to data repeatedly carry out total hash computing, obtain total hash operation result, and the structure of described total hash operation result and described total hash computing is carried out safe storage.
3. method as claimed in claim 2, it is characterized in that, the structure of described hash computing and the hash operation result that obtains are carried out safe storage comprise: store on described cloud storage server after the structure of described hash computing and the hash operation result that obtains are encrypted and/or on described cloud terminal; Perhaps the structure of described hash computing and the hash operation result that obtains are stored on the credible chip with described cloud terminal cooperating.
4. method as claimed in claim 3, it is characterized in that, the structure of described total hash operation result and described total hash computing is carried out safe storage comprise: store on described cloud storage server after the structure of described total hash operation result and described total hash computing is encrypted and/or on described cloud terminal; Perhaps the structure of described total hash operation result and described total hash computing is stored on the credible chip with described cloud terminal cooperating.
5. as the described method of claim 1-4 any one, it is characterized in that, before described data are carried out the hash computing, perhaps after described data are carried out the hash computing, be uploaded to before described cloud storage server stores, also comprise described data are encrypted, and encryption key is carried out safe storage.
6. method as claimed in claim 5, is characterized in that, utilization is encrypted described data with the credible chip of described cloud terminal cooperating, and encryption key is stored in described credible chip.
7. the method for reading data of cloud storage is characterized in that comprising:
Obtain data from the cloud storage server, according to the structure of hash computing of storage, it is carried out the hash computing, obtain hash computing the result;
The hash computing the result that obtains and the hash operation result of storage are compared, according to the integrality of the described data of comparative result checking.
8. method as claimed in claim 7, is characterized in that, before obtaining corresponding data from described cloud storage server, also comprises:
According to the structure of total hash computing of storing, a plurality of hash operation results of storing are carried out total hash computing, obtain total hash computing the result, compare according to total hash operation result of the total hash computing the result that obtains and storage, verify the integrality of described a plurality of hash operation results; When the described a plurality of hash operation results of empirical tests are complete, obtain the data corresponding with described a plurality of hash operation results from described cloud storage server.
9. a cloud storage system, is characterized in that, comprises cloud storage server, at least one cloud terminal, and described cloud terminal comprises:
Processing unit is used for the current data that will store of this cloud terminal are carried out the hash computing; The structure of described hash computing and the hash operation result that obtains are carried out safe storage;
Transmitting element is used for that the current data that will store of cloud terminal are sent to the cloud storage server and stores;
Described cloud storage server is used for storing described data.
10. system as claimed in claim 9, it is characterized in that, the processing unit of described cloud terminal also is used for carrying out total hash computing to repeatedly storing a plurality of hash operation results that data obtain, and total hash operation result of obtaining and the structure of described total hash computing are carried out safe storage.
11. system as described in claim 9 or 10 is characterized in that, the processing unit of described cloud terminal is encrypted described data, and encryption key is carried out safe storage before also being used for the current data that will store in this terminal are carried out the hash computing.
12. system as claimed in claim 11 is characterized in that, described system also comprises the credible chip that matches with described cloud terminal, and the processing unit of described cloud terminal utilizes described credible chip that described data are encrypted.
13. system as claimed in claim 10, it is characterized in that, the processing unit of institute's cloud terminal comprises relatively subelement of data acquisition subelement, data verification subelement and data, described data acquisition subelement is used for obtaining data from the cloud storage server, described data verification subelement is used for according to the structure of the described hash computing of storage, the data that described data acquisition subelement obtains being carried out the hash computing, obtains hash computing the result; Described data comparison subelement compares for the described hash computing the result that will obtain and the corresponding hash operation result of storage, the integrality of the described data that checking is obtained according to comparative result.
14. system as claimed in claim 13, it is characterized in that, before the data verification subelement of described processing unit also is used for obtaining corresponding data from described cloud storage server, according to the structure of described total hash computing of storing, a plurality of hash operation results of storing are carried out total hash computing, obtain total hash computing the result; Described data comparison subelement also is used for comparing according to the described total hash computing the result that obtains and total hash operation result of storage, verifies the integrality of described a plurality of hash operation results; When the described a plurality of hash operation results of empirical tests are complete, notify described data acquisition subelement to obtain the data corresponding with described a plurality of hash operation results from described cloud storage server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011103805102A CN103139149A (en) | 2011-11-25 | 2011-11-25 | Method and system for accessing data in cloud storage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011103805102A CN103139149A (en) | 2011-11-25 | 2011-11-25 | Method and system for accessing data in cloud storage |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103139149A true CN103139149A (en) | 2013-06-05 |
Family
ID=48498460
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011103805102A Pending CN103139149A (en) | 2011-11-25 | 2011-11-25 | Method and system for accessing data in cloud storage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103139149A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103442059A (en) * | 2013-08-27 | 2013-12-11 | 华为终端有限公司 | File sharing method and device |
| CN104408381A (en) * | 2014-11-27 | 2015-03-11 | 大连理工大学 | Protection method of data integrity in cloud storage |
| CN105159847A (en) * | 2015-08-12 | 2015-12-16 | 北京因特信安软件科技有限公司 | Disk change record method based on trusted chip |
| CN106355088A (en) * | 2015-07-15 | 2017-01-25 | 纬创资通股份有限公司 | Account management application strengthening method and device using same |
| CN106612272A (en) * | 2016-07-12 | 2017-05-03 | 四川用联信息技术有限公司 | Verification and recovery algorithm for data tampering in cloud storage |
| CN106656915A (en) * | 2015-10-30 | 2017-05-10 | 深圳市中电智慧信息安全技术有限公司 | Cloud security server based on trusted computing |
| CN107920130A (en) * | 2017-12-07 | 2018-04-17 | 北京书生电子技术有限公司 | The method and apparatus of inside and outside network data synchronization |
| CN108920971A (en) * | 2018-07-06 | 2018-11-30 | 北京京东金融科技控股有限公司 | The method of data encryption, the method for verification, the device of encryption and verification device |
| CN109040080A (en) * | 2018-08-10 | 2018-12-18 | 中央电视台 | File distorts processing method, device, cloud service platform and storage medium |
| CN109977665A (en) * | 2019-03-22 | 2019-07-05 | 北京工业大学 | Cloud Server start-up course Anti-theft and tamper resistant method based on TPCM |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102014133A (en) * | 2010-11-26 | 2011-04-13 | 清华大学 | Method for implementing safe storage system in cloud storage environment |
| CN102075542A (en) * | 2011-01-26 | 2011-05-25 | 中国科学院软件研究所 | Cloud computing data security supporting platform |
| US20110246433A1 (en) * | 2010-03-31 | 2011-10-06 | Xerox Corporation. | Random number based data integrity verification method and system for distributed cloud storage |
-
2011
- 2011-11-25 CN CN2011103805102A patent/CN103139149A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110246433A1 (en) * | 2010-03-31 | 2011-10-06 | Xerox Corporation. | Random number based data integrity verification method and system for distributed cloud storage |
| CN102014133A (en) * | 2010-11-26 | 2011-04-13 | 清华大学 | Method for implementing safe storage system in cloud storage environment |
| CN102075542A (en) * | 2011-01-26 | 2011-05-25 | 中国科学院软件研究所 | Cloud computing data security supporting platform |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9825924B2 (en) | 2013-08-27 | 2017-11-21 | Huawei Device (Dongguan) Co., Ltd. | File sharing method and apparatus |
| CN103442059A (en) * | 2013-08-27 | 2013-12-11 | 华为终端有限公司 | File sharing method and device |
| CN104408381A (en) * | 2014-11-27 | 2015-03-11 | 大连理工大学 | Protection method of data integrity in cloud storage |
| CN104408381B (en) * | 2014-11-27 | 2017-04-12 | 大连理工大学 | Protection method of data integrity in cloud storage |
| CN106355088A (en) * | 2015-07-15 | 2017-01-25 | 纬创资通股份有限公司 | Account management application strengthening method and device using same |
| CN106355088B (en) * | 2015-07-15 | 2019-10-18 | 纬创资通股份有限公司 | Account management application strengthening method and device using same |
| CN105159847A (en) * | 2015-08-12 | 2015-12-16 | 北京因特信安软件科技有限公司 | Disk change record method based on trusted chip |
| CN106656915A (en) * | 2015-10-30 | 2017-05-10 | 深圳市中电智慧信息安全技术有限公司 | Cloud security server based on trusted computing |
| CN106612272A (en) * | 2016-07-12 | 2017-05-03 | 四川用联信息技术有限公司 | Verification and recovery algorithm for data tampering in cloud storage |
| CN107920130A (en) * | 2017-12-07 | 2018-04-17 | 北京书生电子技术有限公司 | The method and apparatus of inside and outside network data synchronization |
| CN108920971A (en) * | 2018-07-06 | 2018-11-30 | 北京京东金融科技控股有限公司 | The method of data encryption, the method for verification, the device of encryption and verification device |
| CN109040080A (en) * | 2018-08-10 | 2018-12-18 | 中央电视台 | File distorts processing method, device, cloud service platform and storage medium |
| CN109040080B (en) * | 2018-08-10 | 2020-12-15 | 中央电视台 | File tampering processing method and device, cloud service platform and storage medium |
| CN109977665A (en) * | 2019-03-22 | 2019-07-05 | 北京工业大学 | Cloud Server start-up course Anti-theft and tamper resistant method based on TPCM |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103139149A (en) | Method and system for accessing data in cloud storage | |
| US20240126895A1 (en) | Data security using request-supplied keys | |
| US9767299B2 (en) | Secure cloud data sharing | |
| Skillen et al. | On implementing deniable storage encryption for mobile devices | |
| US9448949B2 (en) | Mobile data vault | |
| CN104852925A (en) | Method for leakproof, secure storage and backup of data of mobile smart terminal | |
| CN103731475B (en) | A kind of data protection system | |
| Leom et al. | Remote wiping and secure deletion on mobile devices: A review | |
| CN104079568A (en) | Method and system for preventing file leakage based on cloud storage technology | |
| CN102629926A (en) | Encrypting cloud storage method based on intelligent mobile terminal | |
| WO2020123926A1 (en) | Decentralized computing systems and methods for performing actions using stored private data | |
| CN104967591A (en) | Cloud storage data read-write method and device, and read-write control method and device | |
| CN104035891A (en) | Android mobile terminal data security protection system | |
| CN102457561B (en) | Data access method and equipment adopting same | |
| CN105072134A (en) | Cloud disk system file secure transmission method based on three-level key | |
| CN104462998A (en) | Domestic commercial cryptography algorithm based cloud storage encryption system and implementation method thereof | |
| CN102801728B (en) | The management method of automatic login of client side and system | |
| CN105553661B (en) | Key management method and device | |
| CN109697194A (en) | A kind of file service method and system based on micro services | |
| CN103379133A (en) | Safe and reliable cloud storage system | |
| CN108900510A (en) | Off-line data storage method, device, computer equipment and storage medium | |
| CN105208017B (en) | A kind of memorizer information acquisition methods | |
| CN106503529A (en) | A kind of cloud storage system based on fingerprint | |
| CN105187379A (en) | Multi-party distrust-based password split managing method | |
| Mar et al. | Secure personal cloud storage |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130605 |
|
| RJ01 | Rejection of invention patent application after publication |