CN103731423A - Safe method for repeated data deleting - Google Patents
Safe method for repeated data deleting Download PDFInfo
- Publication number
- CN103731423A CN103731423A CN201310736892.7A CN201310736892A CN103731423A CN 103731423 A CN103731423 A CN 103731423A CN 201310736892 A CN201310736892 A CN 201310736892A CN 103731423 A CN103731423 A CN 103731423A
- Authority
- CN
- China
- Prior art keywords
- file
- server
- client
- hash
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a safe method for repeated data deleting. The method comprises the steps that a client side encrypts files which need to be stored through the same secret key with different encryption algorithms; a server judges whether the files are stored through the Hash values of the files first; the client side decrypts a secret key through a ciphertext returned by the server, and then encryption is carried out with another encryption algorithm; and the server carries out two-time encryption with the same encryption algorithm by comparing the files to judge whether repeated date deleting is carried out. The advantage of a repeated data deleting technology is guaranteed, user data privacy is guaranteed, and an external attacker and an unreliable cloud storage serve provider are prevented.
Description
Technical field
The invention belongs to data security technical field of memory, particularly the client data de-duplication method of enciphered data in a kind of cloud storage.
Background technology
In recent years, cloud stores service becomes and becomes more and more popular.In order to reduce the consumption of network broadband resource and storage resources, many cloud stores service business (as Dropbox) bring into use client data de-duplication technology, when user attempts upload file to server, cloud storage server will check whether there is beyond the clouds this document (other users once uploaded file), if this document exists, allow user to download high in the clouds file and do not upload whole file.In this way, every part of file has all only retained a copy beyond the clouds.White paper by SNIA points out, uses that this data de-duplication technology is the highest can save 90% memory space.
At present, the client data de-duplication technology of application is: when user attempts to before cloud storage server upload file F, client software will calculating and sending send the cryptographic Hash hash (F) of file to Cloud Server, and cloud storage server checks in database, whether there is this cryptographic Hash.If there is no the cryptographic Hash of coupling, file F is not stored in high in the clouds, and client software will require user's upload file F to store to cloud storage server; If there is the cryptographic Hash of coupling, file F has existed in cloud storage, and server can upload file, and can allow this user's download file F.
But, if for judging whether user uploaded the cryptographic Hash loss of file, can make user data reveal, although there is certain methods can solve leakage partial information, can not make whole file reveal, appoint and so can not prevent that cloud stores service business from revealing file.
In sum, this method has adopted in client file encryption, and then client and server be by interactive information, thereby in the situation that server is not known file content, carry out data de-duplication.
Summary of the invention
In view of above problem, the client data de-duplication method of safety in a kind of cloud storage that the embodiment of the present invention provides, in order to guarantee the fail safe of private data, prevent external attack and fly-by-night cloud storage service provider, therefore, guarantee to carry out under the crypticity of user data the object of data de-duplication simultaneously.
The client data de-duplication method of safety in the disclosed cloud storage of the present invention, comprises following two stages:
Stage one: upload for the first time storage file F.Client uses two kinds of different cryptographic algorithm that file F is encrypted to two different cryptograph files, and wherein file F adopts aes algorithm to be encrypted to ciphertext C with key τ
f, then using τ as clear text file, F is that secret key encryption obtains ciphertext C
τ; Again the cryptographic Hash hash (F) of two cryptograph files and file F is sent on server and is stored.
Stage two: upload for the second time same file F.The cryptographic Hash hash (F) of client calculation document F, and upload onto the server, server mates according to Hash file in database;
If server Hash file coupling, by the C of server stores
τsend to client, client is by the ciphertext C receiving
τdecrypt key τ with plaintext F, then with aes algorithm, be encrypted to new C
f, and send to server coupling, if the same carry out data de-duplication.
Safe data de-duplication method of the present invention can be by original document F is encrypted in client, so no matter file is revealed in transport process or on server, assailant can not obtain expressly, has therefore guaranteed the fail safe of user data.
Below in conjunction with the drawings and specific embodiments, describe the present invention, but not as a limitation of the invention.
Accompanying drawing explanation
Fig. 1 is that the present invention executes the concise and to the point step of example;
Fig. 2 is that the present invention executes routine client to file encrypting method;
Fig. 3 is that the present invention executes routine user upload file flow chart for the first time;
Fig. 4 is that the present invention executes routine data de-duplication fail safe decision flow chart.
Embodiment
Below in conjunction with accompanying drawing and execute example technical scheme of the present invention is described in further detail.
As shown in Figure 1, the present invention includes: client uses the different cryptographic algorithm of same key to be encrypted to ciphertext the file of needs storage; First server judges whether to store this document by the cryptographic Hash of file; The decrypt ciphertext that client is returned by server goes out key, then encrypts by another cryptographic algorithm; Server uses twice encryption of same cryptographic algorithm to judge whether to carry out data de-duplication by documents.
As shown in Figure 2, the present invention is encrypted file in client.When user thinks server up transfer file for the first time, client is selected an AES key τ first at random, then generates two cryptograph files.First cryptograph files C
fby AES cryptographic algorithm, by key τ, file F is encrypted and formed, second cryptograph files C
τwith SHA256 algorithm, by key τ, file F is encrypted and formed.
As shown in Figure 3, it is the schematic flow sheet of the present invention to user's upload file for the first time, mainly comprises the following steps:
Step 1: client 1 accepted data file F, chooses AES key τ at random;
Step 2: client 1 is utilized aes algorithm, is encrypted to the isometric encrypt file C with file F with key τ data file F
f; Recycle common cryptographic algorithm, with data file F, as key, τ is encrypted, obtain ciphertext C
τ, C wherein
τsize much smaller than C
f;
Step 3: the cryptographic Hash hash (F) of client calculated data file F, and cryptographic Hash key and two cryptograph files (C
f, C
τ) send to cloud storage server;
Step 4: cloud storage server calculates cryptographic Hash hash (C
f), and kev=hash (F), value=(hash (C
f), C
τ) be added in database, and storage cryptograph files C
f;
When having another user to upload unified file F, server judges and carries out data de-duplication, as described in Figure 4, mainly comprises the following steps:
Step 1: client 2 is uploaded same file F, client 2 is calculated hash (F), and occurs to cloud storage server;
Step 2: cloud storage server is selected match information key=hash (F) from database
If coupling, 1) cloud storage server transmission ciphertext C
τgive client 2; 2) client 2 is utilized file F and decruption key declassified document C
τ, obtain AES key τ; 3) client 2 recalculates cryptographic Hash hash (C
f); 4) client compares two cryptographic Hash, if identical, carries out data de-duplication, and allows client 2 from cloud storage server downloading files C
f; If different, carry out user's upload file process for the first time, as shown in Figure 3.
Claims (3)
1. a data de-duplication method for safety, is characterized in that, the method comprised with the next stage:
Stage one: upload for the first time storage file F.Client uses two kinds of different cryptographic algorithm that file F is encrypted to two different cryptograph files, and wherein file F adopts aes algorithm to be encrypted to ciphertext C with key τ
f, then using τ as clear text file, F is that secret key encryption obtains ciphertext C
τ; Again the cryptographic Hash hash (F) of two cryptograph files and file F is sent on server and is stored.
Stage two: upload for the second time same file F.The cryptographic Hash hash (F) of client calculation document F, and upload onto the server, server mates according to Hash file in database;
If server Hash file coupling, by the C of server stores
τsend to client, client is by the ciphertext C receiving
τdecrypt key τ with plaintext F, then with aes algorithm, be encrypted to new C
f, and send to server coupling, if the same carry out data de-duplication.
2. the method as described in right 1, is characterized in that, client generates two two different ciphertexts with a random key, and one of them ciphertext adopts aes algorithm to generate, and another ciphertext adopts common crypto algorithm to generate;
3. the method for claim 1, is characterized in that, this common crypto algorithm can be selected RSA, DES, 3DES, SHA256.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310736892.7A CN103731423A (en) | 2013-12-25 | 2013-12-25 | Safe method for repeated data deleting |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310736892.7A CN103731423A (en) | 2013-12-25 | 2013-12-25 | Safe method for repeated data deleting |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103731423A true CN103731423A (en) | 2014-04-16 |
Family
ID=50455350
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310736892.7A Pending CN103731423A (en) | 2013-12-25 | 2013-12-25 | Safe method for repeated data deleting |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103731423A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016101153A1 (en) * | 2014-12-23 | 2016-06-30 | Nokia Technologies Oy | Method and apparatus for duplicated data management in cloud computing |
| CN105915332A (en) * | 2016-07-04 | 2016-08-31 | 广东工业大学 | Cloud storage encryption and dereplication method and cloud storage encryption and dereplication system |
| CN106790311A (en) * | 2017-03-31 | 2017-05-31 | 青岛大学 | Cloud Server stores integrality detection method and system |
| CN107113164A (en) * | 2014-12-18 | 2017-08-29 | 诺基亚技术有限公司 | The deduplication of encryption data |
| CN108200172A (en) * | 2018-01-03 | 2018-06-22 | 西安电子科技大学 | A kind of cloud storage system and method supported secure data duplicate removal and deleted |
| CN111600720A (en) * | 2020-05-20 | 2020-08-28 | 腾讯科技(深圳)有限公司 | Data processing method, device and equipment based on block chain and readable storage medium |
| CN111756617A (en) * | 2020-05-15 | 2020-10-09 | 广东理工学院 | Communication method and communication device integrating instant communication and mailbox communication |
| WO2021033072A1 (en) * | 2019-08-19 | 2021-02-25 | International Business Machines Corporation | Opaque encryption for data deduplication |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050160269A1 (en) * | 2004-01-20 | 2005-07-21 | Matsushita Electric Works, Ltd. | Common security key generation apparatus |
| CN101908077A (en) * | 2010-08-27 | 2010-12-08 | 华中科技大学 | Duplicated data deleting method applicable to cloud backup |
| CN102629940A (en) * | 2012-03-19 | 2012-08-08 | 天津书生投资有限公司 | Storage method, system and device |
| CN103051671A (en) * | 2012-11-22 | 2013-04-17 | 浪潮电子信息产业股份有限公司 | Repeating data deletion method for cluster file system |
-
2013
- 2013-12-25 CN CN201310736892.7A patent/CN103731423A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050160269A1 (en) * | 2004-01-20 | 2005-07-21 | Matsushita Electric Works, Ltd. | Common security key generation apparatus |
| CN101908077A (en) * | 2010-08-27 | 2010-12-08 | 华中科技大学 | Duplicated data deleting method applicable to cloud backup |
| CN102629940A (en) * | 2012-03-19 | 2012-08-08 | 天津书生投资有限公司 | Storage method, system and device |
| CN103051671A (en) * | 2012-11-22 | 2013-04-17 | 浪潮电子信息产业股份有限公司 | Repeating data deletion method for cluster file system |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107113164A (en) * | 2014-12-18 | 2017-08-29 | 诺基亚技术有限公司 | The deduplication of encryption data |
| CN107113164B (en) * | 2014-12-18 | 2021-07-06 | 诺基亚技术有限公司 | Method, apparatus and computer readable medium for deduplication of encrypted data |
| US10764037B2 (en) | 2014-12-23 | 2020-09-01 | Nokia Technologies Oy | Method and apparatus for duplicated data management in cloud computing |
| WO2016101153A1 (en) * | 2014-12-23 | 2016-06-30 | Nokia Technologies Oy | Method and apparatus for duplicated data management in cloud computing |
| CN107113165A (en) * | 2014-12-23 | 2017-08-29 | 诺基亚技术有限公司 | It is used for the method and apparatus that repeated data is managed in cloud computing |
| CN107113165B (en) * | 2014-12-23 | 2020-11-17 | 诺基亚技术有限公司 | Method and device for managing repeated data in cloud computing |
| CN105915332B (en) * | 2016-07-04 | 2019-02-05 | 广东工业大学 | A kind of encryption of cloud storage and deduplication method and its system |
| CN105915332A (en) * | 2016-07-04 | 2016-08-31 | 广东工业大学 | Cloud storage encryption and dereplication method and cloud storage encryption and dereplication system |
| CN106790311A (en) * | 2017-03-31 | 2017-05-31 | 青岛大学 | Cloud Server stores integrality detection method and system |
| CN108200172B (en) * | 2018-01-03 | 2020-12-08 | 西安电子科技大学 | Cloud storage system and method supporting safe data deduplication and deletion |
| CN108200172A (en) * | 2018-01-03 | 2018-06-22 | 西安电子科技大学 | A kind of cloud storage system and method supported secure data duplicate removal and deleted |
| WO2021033072A1 (en) * | 2019-08-19 | 2021-02-25 | International Business Machines Corporation | Opaque encryption for data deduplication |
| GB2602216A (en) * | 2019-08-19 | 2022-06-22 | Ibm | Opaque encryption for data deduplication |
| GB2602216B (en) * | 2019-08-19 | 2022-11-02 | Ibm | Opaque encryption for data deduplication |
| US11836267B2 (en) | 2019-08-19 | 2023-12-05 | International Business Machines Corporation | Opaque encryption for data deduplication |
| CN111756617A (en) * | 2020-05-15 | 2020-10-09 | 广东理工学院 | Communication method and communication device integrating instant communication and mailbox communication |
| CN111600720A (en) * | 2020-05-20 | 2020-08-28 | 腾讯科技(深圳)有限公司 | Data processing method, device and equipment based on block chain and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11381398B2 (en) | Method for re-keying an encrypted data file | |
| US11748492B1 (en) | Secure initialization vector generation | |
| WO2022252632A1 (en) | Data encryption processing method and apparatus, computer device, and storage medium | |
| US9379891B2 (en) | Method and system for ID-based encryption and decryption | |
| CN103731423A (en) | Safe method for repeated data deleting | |
| US20140195804A1 (en) | Techniques for secure data exchange | |
| US9608822B2 (en) | Method for generating an HTML document that contains encrypted files and the code necessary for decrypting them when a valid passphrase is provided | |
| US11316671B2 (en) | Accelerated encryption and decryption of files with shared secret and method therefor | |
| WO2013178019A1 (en) | Method, device and system for implementing media data processing | |
| CN112738051B (en) | Data information encryption method, system and computer readable storage medium | |
| GB2531113A (en) | Network address-based encryption | |
| CN104967693A (en) | Document similarity calculation method facing cloud storage based on fully homomorphic password technology | |
| CN107533613B (en) | Storage medium product, cloud printing system and PDF file access method | |
| US20140237252A1 (en) | Techniques for validating data exchange | |
| US10063655B2 (en) | Information processing method, trusted server, and cloud server | |
| CN111970114A (en) | File encryption method, system, server and storage medium | |
| US20130198513A1 (en) | Encryption method and system for network communication | |
| WO2014106149A1 (en) | Techniques for validating cryptographic applications | |
| CN103607273A (en) | Data file encryption and decryption method based on time limit control | |
| Sivasakthi et al. | Applying digital signature with encryption algorithm of user authentication for data security in cloud computing | |
| Lai et al. | Secure file storage on cloud using hybrid cryptography | |
| Uddin et al. | Developing a cryptographic algorithm based on ASCII conversions and a cyclic mathematical function | |
| US11671251B1 (en) | Application programming interface to generate data key pairs | |
| CN103532958A (en) | Method for encrypting website resources | |
| CN104796254A (en) | ECC-based official document transferring method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C53 | Correction of patent of invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Wang Lijin Inventor after: Xu Qin Inventor after: Li Rong Inventor after: Zhu Yantao Inventor after: Feng Guiyong Inventor after: Zhou Yunlong Inventor before: Zhang Bitao Inventor before: Cha Yaxing Inventor before: Wang Lijin Inventor before: Xu Qin Inventor before: Li Zhengwen Inventor before: Li Wei Inventor before: Zhong Jingxue |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: ZHANG BITAO CHA YAXING WANG LIJIN XU QIN LI ZHENGWEN LI WEI ZHONG JINGXUE TO: WANG LIJIN XU QIN LI RONG ZHU YANTAO FENG GUIYONG ZHOU YUNLONG |
|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140416 |