CN107295002B - Cloud data storage method and server - Google Patents
Cloud data storage method and server Download PDFInfo
- Publication number
- CN107295002B CN107295002B CN201710567313.9A CN201710567313A CN107295002B CN 107295002 B CN107295002 B CN 107295002B CN 201710567313 A CN201710567313 A CN 201710567313A CN 107295002 B CN107295002 B CN 107295002B
- Authority
- CN
- China
- Prior art keywords
- file
- server
- digital fingerprint
- cloud storage
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Abstract
The embodiment of the invention discloses a method for storing data at a cloud end, which comprises the steps that a first server receives a file uploading request sent by a client end, calculates a second digital fingerprint of a first file according to a first digital fingerprint in the file, inquires a block chain database according to the second digital fingerprint, and directly records ownership of the first file by a user and indicates that the client end does not upload the first file if the second digital fingerprint of the first file is determined to be stored in the block chain database. The second digital fingerprints of the files in the plurality of servers can be stored in the blockchain database, so that whether the first files are stored in the plurality of servers or not can be determined by inquiring the blockchain database, if the first files are stored, the user does not need to upload the files again, repeated files cannot be stored in the plurality of servers, the problem that the calculated amount is large when the data stored in the cloud storage is subjected to deduplication processing by adopting the prior art is effectively solved, and meanwhile, the uploading bandwidth and the uploading time of the user are saved.
Description
Technical Field
The invention relates to the technical field of computer cloud storage, in particular to a method and a server for cloud storage of data.
Background
At present, various cloud storage products are more and more on the market, many technology companies launch their own cloud storage products, and more users and enterprises tend to store data on cloud storage. As the number of users and the amount of data on the cloud storage continue to increase, the overhead of data storage and management on the cloud storage also increases. Since many data in the data that is suddenly increased every year are duplicated, such as system images, movies or songs, etc., the cloud storage usually takes some deduplication processing on the data it stores to reduce the amount of data in the cloud storage, thereby saving the storage and management overhead of the cloud storage.
Because each user uploads data to the cloud storage, in the prior art, the cloud storage can generally arrange the stored data once at intervals, and only one copy of repeated data is reserved, so that the amount of stored data is reduced, and the data storage and management overhead is saved. On the one hand, however, for cloud storage, this method requires storage of duplicate files before deduplication of data, which wastes storage space, and also consumes a large amount of computing power for performing timing scanning and deduplication processing, so that data deduplication efficiency is low; on the other hand, for a user, the user needs to upload the whole file every time the file is uploaded, and for a large file existing in the cloud storage, the uploading bandwidth and the uploading time of the user are wasted by the uploading mode.
In summary, there is a need for a method for cloud-side data storage to solve the technical problems of low data deduplication efficiency, large computation amount, and waste of user upload bandwidth and upload time in the prior art.
Disclosure of Invention
The invention provides a method for storing data in a cloud end, which is used for solving the technical problems that the data deduplication efficiency is low, the calculated amount is large, and the uploading bandwidth and the uploading time of a user are wasted in the prior art.
The embodiment of the invention provides a method for storing data at a cloud end, which comprises the following steps:
the method comprises the steps that a first server receives a file uploading request which is sent by a client and used for uploading a first file; the file uploading request is sent after the client receives a file uploading instruction of a user, and the file uploading request comprises a first digital fingerprint calculated by the client according to the first file;
the first server calculates to obtain a second digital fingerprint of the first file according to the first digital fingerprint, and queries a block chain database according to the second digital fingerprint of the first file;
if the first server determines that the second digital fingerprint of the first file is stored in the block chain database, recording ownership of the first file by the user, and sending first indication information to the client; the first indication information is used for indicating that the client does not upload the first file any more; the blockchain database has stored therein second digital fingerprints for files stored in a plurality of servers, the first server being any one of the plurality of servers.
Optionally, the method further comprises:
if the first server determines that the second digital fingerprint of the first file is not stored in the block chain database, sending second indication information to the client, and writing the second digital fingerprint of the first file into the block chain database; the second indication information is used for indicating the client to upload the first file.
Optionally, the file upload request further includes an encryption processing instruction for the first file;
after the first server determines that the second digital fingerprint of the first file is stored in the blockchain database, the method further includes:
the first server records ownership of the user to a first encrypted file and sends first indication information to the client; the first encrypted file is obtained by encrypting the first file according to the encryption processing instruction by the client, and the first instruction information is used for indicating that the client does not upload the first encrypted file any more.
Optionally, the method further comprises:
the first server receives a file downloading request which is sent by the client and used for downloading a second file; the file downloading request comprises a first digital fingerprint of the second file;
the first server calculates a second digital fingerprint of the second file according to the first digital fingerprint of the second file, and sends the second file stored by the first server to the client if the identifier of the server corresponding to the second digital fingerprint of the second file is determined to be the identifier of the first server according to the second digital fingerprint of the second file and the corresponding relation between the second digital fingerprint of the file and the identifier of the server; and if the identifier of the server corresponding to the second digital fingerprint of the second file is determined to be the identifier of the second server, indicating the second server to send the second file to the client, wherein the second server is another server in the plurality of servers.
Optionally, the instructing, by the first server, the second server to send the second file to the client includes:
the first server calculates a first digital signature of random information according to a private key;
the first server sends a redirection request to the second server, wherein the redirection request comprises the first digital signature, the random information and a public key; and the redirection request is used for sending the second file to the client after the second server verifies that the first digital signature is legal according to the first digital signature, the random information and a public key.
The embodiment of the invention also provides another method for storing data at the cloud end, which comprises the following steps:
the method comprises the steps that a client receives a file uploading instruction of a user, and determines a first file to be uploaded according to the file uploading instruction;
the client calculates to obtain a first digital fingerprint according to the first file;
the client sends a file uploading request to a server according to the first digital fingerprint; the file uploading request comprises the first digital fingerprint;
the client receives indication information sent by the server, and if the indication information is determined to be first indication information, the first file is not uploaded; and if the indication information is determined to be the second indication information, uploading the first file.
Optionally, the file uploading instruction further includes an encryption processing instruction for the first file;
the client calculates to obtain a first digital fingerprint according to the first file to be uploaded, and the method comprises the following steps:
the client calculates the digital fingerprint of the first file according to the encryption processing instruction;
the client encrypts the first file according to the digital fingerprint of the first file to obtain a first encrypted file;
and the client calculates the digital fingerprint of the first encrypted file to obtain the first digital fingerprint.
Optionally, the method further comprises:
the client receives a file downloading instruction of a user and determines a second file to be downloaded according to the file downloading instruction;
the client determines a first digital fingerprint of the second file according to the corresponding relation between the file in the client and the first digital fingerprint of the file;
and the client sends a file downloading request to the server according to the first digital fingerprint of the second file.
Based on the same inventive concept, the invention provides a server, which comprises:
the receiving and sending module is used for receiving a file uploading request which is sent by a client and used for uploading a first file; the file uploading request is sent after the client receives a file uploading instruction of a user, and the file uploading request comprises a first digital fingerprint calculated by the client according to the first file;
the query module is used for calculating to obtain a second digital fingerprint of the first file according to the first digital fingerprint and querying a block chain database according to the second digital fingerprint of the first file;
the processing module is used for recording the ownership of the first file by the user and sending first indication information to the client through the transceiving module if the second digital fingerprint of the first file is determined to be stored in the block chain database; the first indication information is used for indicating that the client does not upload the first file any more; the blockchain database has stored therein second digital fingerprints for files stored in a plurality of servers, the first server being any one of the plurality of servers.
Optionally, the processing module is further configured to:
if the second digital fingerprint of the first file is determined not to be stored in the block chain database, sending second indication information to the client through the transceiver module, and writing the second digital fingerprint of the first file into the block chain database; the second indication information is used for indicating the client to upload the first file.
Optionally, the file upload request further includes an encryption processing instruction for the first file;
the processing module is further configured to:
recording ownership of the user to a first encrypted file, and sending first indication information to the client; the first encrypted file is obtained by encrypting the first file according to the encryption processing instruction by the client, and the first instruction information is used for indicating that the client does not upload the first encrypted file any more.
Optionally, the transceiver module is further configured to:
receiving a file downloading request which is sent by the client and used for downloading a second file; the file downloading request comprises a first digital fingerprint of the second file;
the processing module is further configured to:
according to the first digital fingerprint of the second file, calculating a second digital fingerprint of the second file, and according to the second digital fingerprint of the second file and the corresponding relation between the second digital fingerprint of the file and the identifier of the server, if the identifier of the server corresponding to the second digital fingerprint of the second file is determined to be the identifier of the first server, sending the second file stored by the server to the client through the transceiver module; and if the identifier of the server corresponding to the second digital fingerprint of the second file is determined to be the identifier of the second server, the transceiver module instructs the second server to send the second file to the client, and the second server is another server in the plurality of servers.
Optionally, the processing module is further configured to:
calculating a first digital signature of the random information according to the private key;
the transceiver module is further configured to:
sending a redirection request to the second server, wherein the redirection request comprises the first digital signature, the random information and a public key; and the redirection request is used for sending the second file to the client after the second server verifies that the first digital signature is legal according to the first digital signature, the random number and the public key.
The invention provides a client, which comprises:
the receiving and sending module is used for receiving a file uploading instruction of a user;
the processing module is used for determining a first file to be uploaded according to the file uploading instruction; calculating to obtain a first digital fingerprint according to the first file;
the transceiver module is further used for sending a file uploading request to a server according to the first digital fingerprint; the file uploading request comprises the first digital fingerprint; receiving indication information sent by the server;
the processing module is further configured to determine not to upload the first file if it is determined that the indication information is first indication information; and if the indication information is determined to be the second indication information, uploading the first file through the transceiver module.
Optionally, the file uploading instruction further includes an encryption processing instruction for the first file;
the processing module is further configured to:
calculating a digital fingerprint of the first file according to the encryption processing instruction;
encrypting the first file according to the digital fingerprint of the first file to obtain a first encrypted file;
and calculating the digital fingerprint of the first encrypted file to obtain the first digital fingerprint.
Optionally, the transceiver module is further configured to:
receiving a file downloading instruction of a user;
the processing module is further configured to:
determining a second file to be downloaded according to the file downloading instruction;
determining a first digital fingerprint of the second file according to the corresponding relation between the file in the client and the first digital fingerprint of the file;
the transceiver module is further configured to:
and sending a file downloading request to the server according to the first digital fingerprint of the second file. In the embodiment of the invention, a first server receives a file uploading request sent by a client, calculates a second digital fingerprint of a first file according to a first digital fingerprint in the file uploading request, inquires a block chain database according to the second digital fingerprint, directly records ownership of the first file by a user if the second digital fingerprint of the first file is determined to be stored in the block chain database, and sends first indication information to the client to indicate that the client does not upload the first file any more. The second digital fingerprints of the files stored in the servers can be stored in the blockchain database, so that the first server can determine whether any server in the servers stores the first file by querying the blockchain database, and if the first file exists, the user does not need to upload the first file again, so that repeated files cannot be stored in the servers, the problem of large calculation amount caused by deduplication processing of the data stored in the servers in the cloud storage in the prior art is effectively solved, and meanwhile, the uploading bandwidth and the uploading time of the user are saved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
FIG. 1 is a system architecture diagram of a cloud storage federation in an embodiment of the present invention;
FIG. 2 is a schematic diagram of a system architecture of a first cloud storage according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of a file uploading process in the method for cloud-side data storage according to the embodiment of the present invention;
fig. 4 is a schematic flowchart of a file downloading process in the method for cloud-side data storage according to the embodiment of the present invention;
fig. 5 is a schematic structural diagram of a cloud storage server in an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a cloud storage client according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiments of the present invention will be described in further detail with reference to the drawings attached hereto.
The method for cloud storage of data in the embodiment of the invention is particularly suitable for a cloud storage alliance. Fig. 1 is a system architecture diagram of a cloud storage federation according to an embodiment of the present invention, as shown in fig. 1, the cloud storage federation 100 includes a plurality of cloud storages (e.g., a first cloud storage 1011, a second cloud storage 1012 …, and an nth cloud storage 101N in fig. 1), one blockchain database 102 commonly maintained by the plurality of cloud storages, and a respective user (e.g., 1031, 1032 … 103N in fig. 1) stored in each cloud of the plurality of cloud storages.
Any cloud storage in the cloud storage alliance can provide file uploading and downloading services for users of the cloud storage alliance, each cloud storage in the cloud storage alliance can be a cloud storage product developed by the same or different cloud storage manufacturers, and any cloud storage can also provide storage hosting services for other cloud storages, which is not limited in the invention.
In the embodiment of the present invention, the block chain database is also known as Blockchain, any cloud storage in a cloud storage alliance may write data into the block chain database, and specifically, the block chain database is configured to store a second digital fingerprint of a file stored in each cloud storage in the cloud storage alliance, and information such as an identity of cloud storage of each file and a digital signature of the cloud storage on the file.
It should be noted that, in the embodiment of the present invention, the second digital fingerprint of the file stored in the blockchain database, specifically, the second digital fingerprint of the file calculated according to the first digital fingerprint of the file stored in the cloud storage, because the digital fingerprint of a certain file has uniqueness, both the digital fingerprint of the file and the second digital fingerprint of the file can be used as identifiers of the file.
Because the data stored in the blockchain database can be quickly synchronized and cannot be tampered, the blockchain database can be used for sharing storage resources with each cloud storage in the cloud storage alliance, so that the storage and management expenses of the cloud storage can be saved, and the security of files stored in the cloud storage alliance by users can be guaranteed.
Specifically, each cloud storage in the cloud storage federation uses a Client-Server (Client-Server) system architecture. Taking any cloud storage in a cloud storage alliance, that is, a first cloud storage as an example, fig. 2 is a system architecture of the first cloud storage in the embodiment of the present invention, and as shown in fig. 2, the first cloud storage includes a server 201 and a client 202, a file uploaded by a user is stored in the server, and in addition, the user 203 may upload a file to the server 201 or download a file uploaded in the first cloud storage in a manner of sending a file upload instruction or a file download instruction to the client 202.
Based on the system architecture described above, the method for cloud-side data storage in the embodiment of the present invention will be described below by taking the first cloud storage as an example. Fig. 3 is a schematic flowchart corresponding to a file uploading process in the method for cloud-side data storage according to the embodiment of the present invention, and as shown in fig. 3, the file uploading process includes the following steps S301 to S305:
step S301: the method comprises the steps that a client receives a file uploading instruction of a user, and determines a first file to be uploaded according to the file uploading instruction;
step S302: the client calculates to obtain a first digital fingerprint according to the first file;
step S303: the client sends a file uploading request to a server according to the first digital fingerprint; the file uploading request comprises the first digital fingerprint;
step S304: the method comprises the steps that a first server receives a file uploading request which is sent by a client and used for uploading a first file;
step S305: the first server calculates to obtain a second digital fingerprint of the first file according to the first digital fingerprint, and queries a block chain database according to the second digital fingerprint of the first file;
step S306: if the first server determines that the second digital fingerprint of the first file is stored in the block chain database, recording ownership of the first file by the user, and sending first indication information to the client;
step S307: if the server determines that the second digital fingerprint of the first file is not stored in the block chain database, sending second indication information to the client, and writing the second digital fingerprint of the first file into the block chain database;
step S308: the client receives indication information sent by the server, and if the indication information is determined to be first indication information, the first file is not uploaded; and if the indication information is determined to be the second indication information, uploading the first file.
It should be noted that, in the above steps S301 to S308, the client is specifically a client of the first cloud storage, the first server refers to a server of the first cloud storage, and accordingly, the user is specifically a user of the first cloud storage.
The blockchain database is commonly maintained by a plurality of cloud storages in a cloud storage alliance, so that the blockchain database stores second digital fingerprints of files stored in the plurality of cloud storages, the first server can determine whether the first file is stored in the server of the cloud storage alliance or not by inquiring the blockchain database, and if the first file is stored, the user does not need to upload the first file again, so that the repeated files cannot be stored in the plurality of cloud storages, the problem that in the prior art, the calculation amount is large due to the fact that the data stored in the server of the cloud storage are subjected to deduplication processing is effectively solved, and meanwhile uploading bandwidth and uploading time of the user are saved.
Specifically, in step S301, the client receives a file upload instruction of the user for uploading the first file. For example, in a specific application scenario, a user may click an upload button in a graphical interaction interface of a client, select a first file to be uploaded in a local disk, and click the upload button to trigger the file.
In step S302 and step S303, the client obtains a first digital fingerprint through analysis and calculation according to a first file to be uploaded selected by a user, and sends a file upload request to the first server according to the first digital fingerprint. The first digital fingerprint may be obtained by the client through calculating a file Hash value of the first file, or may also be obtained through other calculation methods such as CRC (cyclic Redundancy Check), SHA256(Secure Hash Algorithm), and the like, which is not limited herein.
In the embodiment of the invention, the digital fingerprint of a certain file has uniqueness, and taking the digital fingerprint as the file hash value as an example, the file hash values calculated by different files are different, so that each file can be uniquely identified by the digital fingerprint.
In step S304, the first server receives a file upload request sent by the client for uploading the first file, and performs further calculation processing according to the first digital fingerprint in the file upload request to obtain a second digital fingerprint of the first file.
Specifically, the first server may obtain the second digital fingerprint of the first file by calculating the digital fingerprint of the first digital fingerprint, (for example, the second digital fingerprint may be a hash value of the digital fingerprint of the first file), or may also obtain the second digital fingerprint of the first file by calculating in other manners, which is not limited herein.
It should be noted that, since the digital fingerprint of the file has uniqueness, the second digital fingerprint of the first file obtained by recalculating the digital fingerprint on the first digital fingerprint also has uniqueness, and can be used as an identifier of the file to uniquely identify each file in the cloud storage.
In step S305, the first server accesses the blockchain database to detect whether the second digital fingerprint of the first file is stored in the blockchain database. In the embodiment of the present invention, the second digital fingerprints of the files stored in all cloud storages in the cloud storage federation are actually stored in the blockchain database.
In step S306, if it is detected that the second digital fingerprint of the first file is stored in the blockchain database, it indicates that the first file is stored in a server of one cloud storage of the cloud storages of the cloud storage federation, specifically, the first file may be stored in the first server, or the first file may be stored in a server of another cloud storage (for example, a second cloud storage) other than the first cloud storage. Since the sharing of the storage resources is realized through the blockchain database in the cloud storage alliance, no matter which cloud storage server actually stores the first file, the user does not need to upload the first file again, the first server only needs to record the ownership of the first file by the user, and send first indication information to the client to indicate that the client does not need to upload the first file any more.
For example, if a user uploads a file W to a first server through a client, the client first sends a first digital fingerprint of the file W, that is, a Hash value Hash of the file W is H (W), to the first server, and since a secondary Hash value of the file, that is, a Hash value of the file W, is stored in a block chain database, the first server, upon receiving the first digital fingerprint of the file W, first calculates a second digital fingerprint of the file W, that is, a secondary Hash value of the file W, that is, a Hash value of the file W, that is, H (W), according to the first digital fingerprint, and if the calculated secondary Hash value of the file W is the same as the secondary Hash value stored in the block chain database, it is determined that the same file has been stored in a cloud storage federation, and the user does not need to upload the file again.
Indeed, certain popular files (e.g., movies, music, etc.) may be common to many users, and in the prior art, such files have a high probability of being duplicated across multiple cloud stores. Therefore, in the embodiment of the invention, when any one of the cloud storages in the cloud storage alliance stores a certain file, the user does not need to upload the complete file again, and only the ownership of the file by the user needs to be recorded, so that the uploading time and the bandwidth overhead of the user can be effectively saved.
In a specific application scenario, the first server may record file information of each file stored by its user in a local data record. The file information of a certain file may be obtained and recorded in the data record of the first server after the user uploads the file to the first cloud storage.
In the embodiment of the present invention, the data record in the server may be recorded in a database, for example, various relational databases (e.g., mySQL) or non-relational databases (e.g., NoSQL), or may be recorded in other manners such as a file, and is not limited herein.
Specifically, table 1 is an example of file information recorded in a data record in the first server in the embodiment of the present invention, and as shown in table 1, for any file, the file information includes a file identifier, an identifier of a cloud storage holding the file, and a list of users who have ownership rights of the file. The file identifier may be a digital fingerprint of the file or a second digital fingerprint of the file calculated according to the digital fingerprint of the file, the cloud storage that owns the file may be an identity identifier of any cloud storage in a cloud storage federation, the user list that owns the file includes identifiers of users who have ownership of the file, the identifier of the user may specifically be an ID of the user, and the users that have ownership of the file may be one or more.
Table 1 example of file information described in data record in server of first cloud storage
In this case, the first server detects that the second digital fingerprint of the first file is stored in the blockchain database, records the ownership of the first file by the user, and specifically, may add the identifier of the user to the user list corresponding to the second digital fingerprint of the file.
In step S307, if it is detected that the second digital fingerprint of the first file is not stored in the blockchain database, it indicates that the first file is not stored in any of the plurality of cloud storages in the cloud storage federation, and therefore, the user is required to upload the first file, that is, the first server sends second indication information to the client to indicate the client to upload the first file, and after the client successfully uploads the first file, the second digital fingerprint of the first file and the identity of the first cloud storage are written into the blockchain database. Meanwhile, the first server records the digital fingerprint of the successfully uploaded first file or a second digital fingerprint of the first file calculated according to the digital fingerprint of the first file, the identity of the first server, and the ownership of the first file by the user (i.e. adding the user to the user list of the file) in the data record of the first server in the format, so that the first server can perform corresponding query when another user requests the first file.
In this case, the first cloud storage is the cloud storage that really holds the first file, and the first cloud storage digitally signs the second digital fingerprint of the first file to indicate to the blockchain database that the data written by the first cloud storage is authentic and reliable.
In the process of uploading a file, the first digital fingerprint sent by the client to the server is generally obtained by the client through analyzing a first file selected by the user and calculating (for example, calculating a hash value of the first file), that is, when the user uploads a file through the client, the user really holds the first file to be uploaded. But in some extreme cases, if the digital fingerprint of the user file is leaked, an illegal user can also obtain the ownership of the file under the condition of not holding the file. For example, if the file a is stored in the cloud storage of the user a, but the digital fingerprint of the file a is leaked to the internet, after the user B obtains the digital fingerprint of the file a through the internet, the process of calculating the digital fingerprint by the client may be simulated through software, and the digital fingerprint is sent to the server. The server then computes a second digital fingerprint for file a from the digital fingerprint and queries the blockchain database. Because the file A is stored in the cloud storage, the server directly records the ownership of the file A by the user B after determining that the second digital fingerprint of the file A is stored in the block chain database, so that the user B obtains the file A of the user A by adopting an illegal way.
Therefore, in order to enhance the security of the file stored in the cloud storage, the first server may further perform encryption processing on the first file uploaded by the user. Specifically, when the user uploads the first file through the client, the user may further specify a processing mode of the first file, that is, whether to encrypt the first file.
In step S301, the file upload instruction sent by the user and received by the client includes an instruction for encrypting the first file, in addition to the selected first file to be uploaded.
If the file uploading instruction does not include the encryption processing instruction, it indicates that the user determines not to encrypt the first file, and in this case, the file to be uploaded by the user is the first file itself, so that the client may directly calculate the digital fingerprint of the first file (e.g., the file hash value of the first file) and send the digital fingerprint as the first digital fingerprint to the server in the file uploading request, and then the server may perform subsequent processing by executing the above steps S305 to S308, which is not described herein again.
If the processing instruction is an encryption processing instruction, the user determines to encrypt the first file, and the file to be uploaded by the user is actually the encrypted first file, so that the first digital fingerprint sent to the server by the client in the file uploading request is the digital fingerprint obtained by calculating the encrypted first file.
Taking the digital fingerprint of the file as the hash value of the file as an example, the process of calculating the first digital fingerprint specifically includes that the client calculates the digital fingerprint of the first file, encrypts the first file according to the obtained digital fingerprint of the first file to obtain a first encrypted file, then calculates the digital fingerprint of the first encrypted file again, and sends the obtained digital fingerprint of the first encrypted file as the first digital fingerprint to the server in the file uploading request together with the encryption processing instruction.
Since the same file uploaded by the user is also the same as the encrypted file obtained after the encryption process, the digital fingerprint of the encrypted file and the second digital fingerprint further calculated from the data fingerprint are also the same. Therefore, if the second digital fingerprint of the first encrypted file is stored in the blockchain database, it indicates that one cloud storage server of the plurality of cloud storages in the cloud storage federation stores the same first encrypted file, and the first server can directly record ownership of the first encrypted file by the user; otherwise, the first encrypted file is still uploaded through the client.
It can be seen that, when the user instructs the client to encrypt the first file to be uploaded, the client sends the first digital fingerprint to the server in the file upload request, and actually encrypts the first file according to the digital fingerprint of the first file to obtain the digital fingerprint of the first encrypted file. That is, the user can obtain the digital fingerprint of the first encrypted file only under the condition of actually holding the first file, and take ownership of the first file; and an illegal user can not obtain the encrypted first encrypted file under the condition that the illegal user only obtains the digital fingerprint of the first file but does not hold the first file, so that the first digital fingerprint of the first encrypted file can not be obtained, the ownership of the first file can be obtained, and the possibility of leakage of the digital fingerprint of the file encrypted by the user is very little, so that the security of the file stored in the cloud storage can be effectively ensured by encrypting the first file to be uploaded.
In addition, in the prior art, if the cloud storage is lost or the file uploaded by the user is modified without permission, the user cannot find and prove the file in time, so that the integrity of the file uploaded to the cloud storage by the user cannot be guaranteed, and certain carelessness is brought to the data rights of the user.
In the embodiment of the invention, the storage resource sharing of each cloud storage in the cloud storage alliance is realized through the block chain database, the second digital fingerprint of the file stored in each cloud storage in the cloud storage alliance is stored in the block chain database, and due to the characteristic that the block chain database can be quickly synchronized and cannot be tampered, if the file uploaded by a user is tampered in the cloud storage, the second digital fingerprint of the file obtained by calculation according to the file in the cloud storage is different from the second digital fingerprint of the file stored in the block chain database certainly, and the user can obtain the original second digital fingerprint of the file by applying for checking the block chain database, so that the behavior of tampering the user data by a cloud storage service provider can be proved, and the integrity and consistency of the user data are ensured.
Since the block chain database in the embodiment of the present invention specifically refers to a federation chain, that is, only a structure or an individual joining the federation has a right to write or read data in the block chain database, in the embodiment of the present invention, a user may access the block chain database through other cloud storage in a cloud storage federation, or may access the block chain database through a specially authorized authority, which is not limited herein.
It should be noted that, as a simple and convenient way, in the embodiment of the present invention, after receiving the first digital fingerprint of the first file sent by the client, the first server may not calculate the second digital fingerprint of the file for the first digital fingerprint, and accordingly, in this case, the identifier of the file in the local data record of the first server is the first digital fingerprint of the file, the first digital fingerprints of all files in each cloud storage stored in the blockchain database are queried by the first server directly according to the first digital fingerprint of the file, to determine whether the same first digital fingerprint is stored in the blockchain database, so as to determine whether the cloud storage already stores the file,
fig. 4 is a schematic flowchart corresponding to a file downloading process in the method for cloud-side data storage according to the embodiment of the present invention, and as shown in fig. 4, the file downloading process includes the following steps S401 to S406:
step S401: the client receives a file downloading instruction of a user and determines a second file to be downloaded according to the file downloading instruction;
step S402: the client determines a first digital fingerprint of the second file according to the corresponding relation between the files in the client and the digital fingerprints of the files;
step S403: the client sends a file downloading request to the server according to the first digital fingerprint of the second file;
step S404: the first server receives a file downloading request which is sent by the client and used for downloading a second file, wherein the file downloading request comprises a first digital fingerprint of the second file;
step S405: the first server calculates a second digital fingerprint of the second file according to the digital fingerprint of the second file, and according to the corresponding relation among the second digital fingerprint of the second file, the second digital fingerprint of the file and the identifier of the server, if the identifier of the server corresponding to the second digital fingerprint of the second file is determined to be the identifier of the first server, the second file stored by the first server is sent to the client;
step S406: and if the identifier of the server corresponding to the first digital fingerprint of the second file is determined to be the identifier of the second server, indicating the second server to send the second file to the client, wherein the second server is another server in the plurality of servers.
In the embodiment of the invention, because the plurality of cloud storages realize the sharing of storage resources through the blockchain database, the file uploaded by the user through the first cloud storage may be actually stored in the first cloud storage, and may also be stored in a second cloud storage in the cloud storage alliance except the first cloud storage. When a user downloads a file from the first cloud storage, the cloud storage which really holds the file can be quickly found through the block chain database, and the file is sent to the client through the cloud storage which really holds the file.
It should be noted that, in the above steps S401 to S406, the multiple servers specifically refer to multiple cloud storage servers in one cloud storage federation, specifically, the first server specifically refers to a first cloud storage server, the second server specifically refers to a second cloud storage server, and the user is a user of the first cloud storage.
The client and the first server may provide a file downloading service for the user by performing the method steps in S401 to S406, and the file may be downloaded through the server and the client of the first cloud storage only after the user obtains ownership of the file by uploading the file in the first cloud storage.
Specifically, in step S401, the client receives a file downloading instruction of the user, and determines a second file to be downloaded according to the file downloading instruction; the second file is any file which is in the first cloud storage and the user has ownership. In a specific application scenario, the user may select a second file to be downloaded in a user interface of the client, and send a file downloading instruction to the client by clicking a download button, or may send the file downloading instruction to the client by other manners, which is not limited herein.
In step S402 and step S403, if the user uploads a file to the first cloud storage, the data record of the client of the user stores the files uploaded to the first cloud storage by the user and the corresponding relationship between the first digital fingerprints of the files.
Therefore, the client can acquire the first digital fingerprint of the second file to be downloaded by inquiring the data record in the client, and send a file downloading request to the first server according to the first digital fingerprint of the second file.
In step S404, the first server receives a file download request sent by the client for downloading a second file, where the file download request includes a first digital fingerprint of the second file.
In step S405, the first server calculates a second digital fingerprint of the second file according to the first digital fingerprint of the second file, for example, the first digital fingerprint of the second file may be calculated again to obtain the second digital fingerprint of the second file;
and then, determining the identifier of the server corresponding to the digital fingerprint of the second file according to the second digital fingerprint of the second file and the corresponding relation between the second digital fingerprint of the file and the identifier of the server.
And if the identifier of the server corresponding to the second digital fingerprint of the second file is determined to be the identifier of the first server, namely the second file is stored in the first cloud storage, the first server sends the second file stored by the first server to the client.
In this embodiment of the present invention, the correspondence between the second digital fingerprint and the identifier of the server may specifically refer to a data record stored in the server, as shown in table 1 above, the data record includes file information of each file uploaded to the first cloud storage by the user, and includes a file identifier, an identifier of cloud storage holding the file, and a user list having ownership over the file, the second digital fingerprint of the file specifically refers to an identifier of the file in the data record, and the identifier of the server specifically refers to an identifier of cloud storage that actually stores the file.
The file information of a certain file is obtained and recorded in the first server in the process of uploading the file to the first cloud storage by the user through the method steps in S301 to S308, and details are not repeated.
Thus, the first server may query the data record of the first server based on the second digital fingerprint of the second file to determine the identity of the cloud storage storing the second file. If the cloud storage storing the second file is determined to be the first cloud storage, the first cloud storage can directly provide the service of downloading the second file for the user, and the second file is sent to the client.
On the contrary, in step S406, if the first server determines that the identifier of the server corresponding to the second digital fingerprint of the second file is the identifier of the second server, that is, the second file is stored in the second cloud storage, the first server instructs the second server to send the second file to the client, and the second server is another server in the plurality of servers, that is, another cloud storage in the cloud storage federation except the first cloud storage.
That is, if the first server determines that the cloud storage holding the second file is the second cloud storage in the cloud storage federation, the first server provides a file downloading service for the user through the second server, and sends the second file to the client.
Specifically, the first cloud storage calculates service evidence for assisting in retrieving the second file by the following method:
evidence (sign (priv, R) formula one
Wherein, evidence is a service evidence for assisting to retrieve the second file, sign (priv, R) is a digital signature function, which has two parameters, i.e. priv and R, specifically, priv refers to a private key stored by the first cloud (i.e. a private key of a signer), R refers to random information, i.e. a message to be signed, which is a value changed each time, and may be a separate random number or timestamp, or, in order to facilitate the second server to identify the second file to be downloaded, the random information may also be a combination of a second digital fingerprint of the second file and a random number or timestamp, wherein the second digital fingerprint of the second file may be directly concatenated with the random number or timestamp, or may be encapsulated in random information in other manners, which is not limited herein. Therefore, the result returned by the digital signature function is the first digital signature of the first cloud storage on the random information R by using the private key of the first cloud storage.
Furthermore, after the first digital signature is obtained through the calculation of the first cloud storage, a redirection request can be sent to the second cloud storage, that is, the request of the user for downloading the file is redirected and linked to the cloud storage storing the second file. The redirection request includes a first digital signature (i.e., service evidence) obtained through calculation, the random information R, and a public key pub stored in the first cloud.
After receiving the redirection request, the second cloud storage extracts and stores the service evidence in the redirection request, and verifies the validity of the first digital signature according to the service evidence, the random information R and the public key of the first cloud storage in the following way:
f is vertical (pub, R, evidence) formula two
Wherein, F is a return result of the data signature verification function, which may be a numerical quantity or a logical quantity; verify (pub, R, evidence) is a digital signature verification function with 3 parameters, pub, R, evidence; specifically, pub refers to a public key (namely, a public key of a signer) stored in the first cloud, R is the same as that in formula one and refers to random information (namely, a message signed by the signer), and evidency refers to a digital signature of the random information R stored in the first cloud, namely, a first digital signature; if the result returned by the digital signature verification function is true (namely the value of F is not 0), the first digital signature is proved to be signed by the first cloud storage, and the verification is passed, otherwise, if the result returned by the digital signature verification function is false (the value of F is 0), the first digital signature is proved not to be signed by the first cloud storage, and the verification is not passed.
And if the second cloud storage verifies that the first digital signature is legal, the second cloud storage further determines a second file to be downloaded by acquiring the digital fingerprint of the second file in the random information R, so that the service of downloading the second file can be provided for the user, and the second file is sent to the client.
In addition, if the second cloud storage determines that the first digital signature has appeared once according to the first digital signature, the first cloud storage requests the second cloud storage to download the file by adopting the first digital signature for multiple times, and in this case, the second cloud storage may reject the download request.
It should be noted that, in the embodiment of the present invention, since the file downloaded by the user through the client is always uploaded to the first server through the client before the user uploads the file, if the second file downloaded by the user through the client is an encrypted file, the digital fingerprint of the file stored in the client is a key for decrypting the downloaded second file, and after the first server or the second server sends the second file to the client, the client can decrypt the downloaded second file according to the stored digital fingerprint of the file.
It can be seen that, in the downloading process of the above file, if a second file downloaded by the user through the first cloud storage is stored on the second cloud storage, the redirection link of the first cloud storage to the second cloud storage also generates a service evidence (i.e. a digital signature of the random information R by the first cloud storage), and if there are other contracts established between the first cloud storage and the second cloud storage, such as a storage hosting service, etc., the second cloud storage may execute some clearing protocols to the first cloud storage later by means of the service evidence, for example, request a commission and the like, which is not limited herein.
In the embodiment of the invention, the block chain database and the digital signature technology are introduced to achieve the cloud storage alliance, so that the storage space of a plurality of cloud storages can be fully utilized, each cloud storage in the cloud storage alliance does not need to store all files, but shows the effect of holding all files in the cloud storage alliance, the storage and management overhead of each cloud storage in the cloud storage alliance is greatly reduced, the integrity of user data is protected, and meanwhile, the data sharing, the user sharing and the income sharing among the plurality of cloud storages are realized.
Based on the same inventive concept, the embodiment of the invention further provides a server, wherein the server is a server in cloud storage, and the server can provide a service for storing data in the cloud storage for a user by referring to the method. As shown in fig. 5, the server 500 includes:
the client-side comprises a transceiver module 501, wherein the transceiver module 501 is used for receiving a file uploading request which is sent by a client side and used for uploading a first file; the file uploading request is sent after the client receives a file uploading instruction of a user, and the file uploading request comprises a first digital fingerprint calculated by the client according to the first file;
a query module 502, where the query module 502 is configured to calculate a second digital fingerprint of the first file according to the first digital fingerprint, and query a block chain database according to the second digital fingerprint of the first file;
a processing module 503, where the processing module 503 is configured to record the ownership of the first file by the user and send first indication information to the client through the transceiving module 501 if it is determined that the second digital fingerprint of the first file is stored in the blockchain database; the first indication information is used for indicating that the client does not upload the first file any more, the blockchain database stores second digital fingerprints of files stored in a plurality of servers, and the first server is any one of the plurality of servers.
Optionally, the processing module 503 is further configured to:
if it is determined that the second digital fingerprint of the first file is not stored in the blockchain database, sending second indication information to the client through the transceiver module 501, and writing the second digital fingerprint of the first file into the blockchain database; the second indication information is used for indicating the client to upload the first file.
Optionally, the file upload request further includes an encryption processing instruction for the first file;
the processing module 503 is further configured to:
recording ownership of the user to a first encrypted file, and sending first indication information to the client; the first encrypted file is obtained by encrypting the first file according to the encryption processing instruction by the client, and the first instruction information is used for indicating that the client does not upload the first encrypted file any more.
Optionally, the transceiver module 501 is further configured to:
receiving a file downloading request which is sent by the client and used for downloading a second file; the file downloading request comprises a first digital fingerprint of the second file;
the processing module 503 is further configured to:
according to the first digital fingerprint of the second file, calculating a second digital fingerprint of the second file, and according to the second digital fingerprint of the second file and the corresponding relationship between the second digital fingerprint of the file and the identifier of the server, if the identifier of the server corresponding to the second digital fingerprint of the second file is determined to be the identifier of the first server, sending the second file stored by the receiving and sending module 501 to the client; if it is determined that the identifier of the server corresponding to the second digital fingerprint of the second file is the identifier of the second server, the transceiver module 501 instructs the second server to send the second file to the client, where the second server is another server in the servers.
Optionally, the processing module 503 is further configured to:
calculating a first digital signature of the random information according to the private key;
the transceiver module 501 is further configured to:
sending a redirection request to the second server, wherein the redirection request comprises the first digital signature, the random information and a public key; and the redirection request is used for sending the second file to the client after the second server verifies that the first digital signature is legal according to the first digital signature, the random information and a public key.
Based on the same inventive concept, the embodiment of the invention further provides a client, specifically, the client is a cloud storage client, and the client can provide a service for uploading files to the cloud storage or downloading files from the cloud storage for a user by referring to the method. As shown in fig. 6, the client 600 includes:
the system comprises a transceiver module 601, a file uploading module and a file uploading module, wherein the transceiver module 601 is used for receiving a file uploading instruction of a user;
the processing module 602, the processing module 602 is configured to determine, according to the file uploading instruction, a first file to be uploaded; calculating to obtain a first digital fingerprint according to the first file;
the transceiver module 601 is further configured to send a file upload request to a server according to the first digital fingerprint; the file uploading request comprises the first digital fingerprint; receiving indication information sent by the server;
the processing module 602 is further configured to determine not to upload the first file if it is determined that the indication information is first indication information; if the indication information is determined to be the second indication information, the first file is uploaded through the transceiver module 601.
Optionally, the file uploading instruction further includes an encryption processing instruction for the first file;
the processing module 602 is further configured to:
calculating a digital fingerprint of the first file according to the encryption processing instruction;
encrypting the first file according to the digital fingerprint of the first file to obtain a first encrypted file;
and calculating the digital fingerprint of the first encrypted file to obtain the first digital fingerprint.
Optionally, the processing module 602 is further configured to:
receiving a file downloading instruction of a user;
the processing module 602 is further configured to:
determining a second file to be downloaded according to the file downloading instruction;
determining a first digital fingerprint of the second file according to the corresponding relation between the files in the client and the digital fingerprints of the files;
the transceiver module 601 is further configured to:
and sending a file downloading request to the server according to the first digital fingerprint of the second file.
From the above, it can be seen that:
in the embodiment of the invention, a first server receives a file uploading request sent by a client, calculates a second digital fingerprint of a first file according to a first digital fingerprint in the file uploading request, inquires a block chain database according to the second digital fingerprint, directly records ownership of the first file by a user if the second digital fingerprint of the first file is determined to be stored in the block chain database, and sends first indication information to the client to indicate that the client does not upload the first file any more. The second digital fingerprints of the files stored in the servers can be stored in the blockchain database, so that the first server can determine whether any server in the servers stores the first file by querying the blockchain database, and if the first file exists, the user does not need to upload the first file again, so that repeated files cannot be stored in the servers, the problem of large calculation amount caused by deduplication processing of the data stored in the servers in the cloud storage in the prior art is effectively solved, and meanwhile, the uploading bandwidth and the uploading time of the user are saved.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart block or blocks and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (12)
1. A method for cloud storage of data is applied to a cloud storage alliance, wherein the cloud storage alliance comprises a plurality of cloud storages, and the method comprises the following steps:
the method comprises the steps that a first server receives a file uploading request sent by a client, wherein the file uploading request is sent by the client after receiving a file uploading instruction of a user, the file uploading request comprises a first digital fingerprint of a first encrypted file and an encryption processing instruction, the encryption processing instruction is used for indicating the first encrypted file obtained after the first file is requested to be uploaded and encrypted, the first digital fingerprint of the first encrypted file is a hash value of the first encrypted file, the first server is a server of a first cloud storage, and the first cloud storage is one of a plurality of cloud storages included in a cloud storage alliance;
the first server calculates a second digital fingerprint of the first encrypted file according to the first digital fingerprint, wherein the second digital fingerprint of the first encrypted file is a hash value of the first digital fingerprint;
the first server queries a blockchain database according to the second digital fingerprint, wherein the blockchain database stores second digital fingerprints of files stored by servers of all cloud storage in the cloud storage alliance, and the blockchain database is commonly maintained by all cloud storage in the cloud storage alliance;
if the first server determines that the second digital fingerprint is stored in the blockchain database, recording ownership of the first encrypted file by the user, and sending first indication information to the client, wherein the first indication information is used for indicating that the client does not upload the first encrypted file any more.
2. The method of claim 1, wherein the method further comprises:
and if the first server determines that the second digital fingerprint of the first encrypted file is not stored in the blockchain database, sending second indication information to the client, and writing the second digital fingerprint into the blockchain database, wherein the second indication information is used for indicating the client to upload the first encrypted file.
3. The method of claim 1 or 2, wherein the method further comprises:
the first server receives a file downloading request which is sent by the client and used for downloading a second file, wherein the file downloading request comprises a first digital fingerprint of the second file, the first digital fingerprint of the second file is a hash value of the second file, and the second file is an encrypted or unencrypted file;
the first server calculates a second digital fingerprint of the second file according to the first digital fingerprint of the second file;
the first server determines the identifier of the server corresponding to the second digital fingerprint of the second file according to the second digital fingerprint of the second file and the corresponding relation between the second digital fingerprint of the file and the identifier of the server;
if the identifier of the server corresponding to the second digital fingerprint of the second file is the identifier of the first server, the first server sends the second file stored by the first server to the client;
if the identifier of the server corresponding to the second digital fingerprint of the second file is the identifier of the second server, the first server instructs the second server to send the second file to the client, the second server is a server of a second cloud storage, and the second cloud storage is another cloud storage in the cloud storage alliance, which is different from the first cloud storage.
4. The method of claim 3, wherein the first server instructing the second server to send the second file to the client comprises:
the first server calculates a first digital signature of random information according to a private key;
and the first server sends a redirection request to the second server, wherein the redirection request comprises the first digital signature, the random information and a public key, and the redirection request is used for sending the second file to the client after the second server verifies that the first digital signature is legal according to the first digital signature, the random information and the public key.
5. A method for cloud storage of data is applied to a cloud storage alliance, wherein the cloud storage alliance comprises a plurality of cloud storages, and the method comprises the following steps:
a client receives a file uploading instruction of a user, wherein the file uploading instruction comprises an identifier of a first file and an encryption processing instruction, the encryption processing instruction is used for indicating a request to upload a first encrypted file obtained by encrypting the first file, the client is a client of a first cloud storage, and the first cloud storage is one of a plurality of cloud storages included in a cloud storage alliance;
the client determines a first file according to the file uploading instruction, calculates a first digital fingerprint of the first file, and encrypts the first file according to the first digital fingerprint of the first file to obtain a first encrypted file, wherein the first digital fingerprint of the first file is a hash value of the first file;
the client calculates a first digital fingerprint of the first encrypted file, wherein the first digital fingerprint of the first encrypted file is a hash value of the first encrypted file;
the client sends a file uploading request to a first server, wherein the file uploading request comprises a first digital fingerprint of the first encrypted file and the encryption processing instruction, and the first server is a server of the first cloud storage;
the client receives indication information sent by the first server, and if the indication information is determined to be first indication information, the first encrypted file is not uploaded; if the indication information is determined to be second indication information, uploading the first encrypted file; wherein the first indication information is sent by the first server upon determining that a second digital fingerprint of the first encrypted file is stored in a blockchain database, and the second indication information is sent by the first server upon determining that the second digital fingerprint of the first encrypted file is not stored in the blockchain database; the second digital fingerprint of the first encrypted file is a hash value of the first digital fingerprint, the blockchain database stores the second digital fingerprints of files stored by servers of all cloud storage in the cloud storage federation, and the blockchain database is commonly maintained by all cloud storage in the cloud storage federation.
6. The method of claim 5, wherein the method further comprises:
the client receives a file downloading instruction of a user, and determines a second file to be downloaded according to the file downloading instruction, wherein the second file is an encrypted file or an unencrypted file;
the client determines the first digital fingerprint of the second file according to the corresponding relation between the file in the client and the first digital fingerprint of the file;
and the client sends a file downloading request to the server according to the first digital fingerprint of the second file, wherein the file downloading request comprises the first digital fingerprint of the second file.
7. A server, wherein the server is a server of a first cloud storage, and the first cloud storage is one of a plurality of cloud storages included in a cloud storage federation, and the server comprises:
the file uploading method comprises the steps that a transceiving module is used for receiving a file uploading request sent by a client, wherein the file uploading request is sent by the client after a file uploading instruction of a user is received, the file uploading request comprises a first digital fingerprint of a first encrypted file and an encryption processing instruction, the encryption processing instruction is used for instructing the request to upload the first encrypted file obtained by encrypting the first file, and the first digital fingerprint is a hash value of the first encrypted file;
the processing module is used for calculating a second digital fingerprint of the first encrypted file according to the first digital fingerprint, wherein the second digital fingerprint is a hash value of the first digital fingerprint;
the query module is used for querying a block chain database according to the second digital fingerprint, the block chain database stores the second digital fingerprint of the file stored by the server of all cloud storage in the cloud storage alliance, and the block chain database is commonly maintained by all cloud storage in the cloud storage alliance;
the processing module is further configured to, if it is determined that the second digital fingerprint is stored in the blockchain database, record ownership of the first encrypted file by the user, and send first indication information to the client through the transceiver module, where the first indication information is used to indicate that the client does not upload the first encrypted file any more.
8. The server of claim 7, wherein the processing module is further to:
and if the second digital fingerprint is determined not to be stored in the block chain database, sending second indication information to the client through the transceiver module, and writing the second digital fingerprint into the block chain database, wherein the second indication information is used for indicating the client to upload the first encrypted file.
9. The server according to claim 7 or 8, wherein the transceiver module is further configured to receive a file download request sent by the client for downloading a second file, where the file download request includes a first digital fingerprint of the second file, the first digital fingerprint of the second file is a hash value of the second file, and the second file is an encrypted or unencrypted file;
the processing module is further configured to calculate a second digital fingerprint of the second file according to the first digital fingerprint of the second file, and determine an identifier of the server corresponding to the second digital fingerprint of the second file according to the second digital fingerprint of the second file and a correspondence between the second digital fingerprint of the file and the identifier of the server;
if the identifier of the server corresponding to the second digital fingerprint of the second file is the identifier of the server stored in the first cloud, the processing module sends the second file stored in the processing module to the client through the transceiver module;
if the identifier of the server corresponding to the second digital fingerprint of the second file is the identifier of the second server, the processing module instructs, through the transceiver module, the second server to send the second file to the client, where the second server is a server stored in a second cloud, and the second cloud is another cloud storage in the cloud storage federation that is different from the first cloud storage.
10. The server according to claim 9, wherein the processing module is further configured to compute a first digital signature over the random information based on a private key;
the transceiver module is further configured to send a redirection request to the second server, where the redirection request includes the first digital signature, the random information, and a public key, and the redirection request is used by the second server to send the second file to the client after verifying that the first digital signature is legal according to the first digital signature, the random number, and the public key.
11. A client, wherein the client is a client of a first cloud storage, and the first cloud storage is one of a plurality of cloud storages included in a cloud storage federation, and the client comprises:
the file uploading module is used for uploading a first file to obtain a first encrypted file;
the processing module is used for determining a first file according to the file uploading instruction, calculating a first digital fingerprint of the first file, and encrypting the first file according to the first digital fingerprint of the first file to obtain a first encrypted file, wherein the first digital fingerprint of the first file is a hash value of the first file;
the processing module is further configured to calculate a first digital fingerprint of the first encrypted file, where the first digital fingerprint of the first encrypted file is a hash value of the first encrypted file;
the transceiver module is further configured to send a file upload request to a first server, where the file upload request includes the first digital fingerprint of the first encrypted file and the encryption processing instruction; receiving indication information sent by the first server, wherein the first server is a server stored by the first cloud;
the processing module is further configured to determine not to upload the first encrypted file if it is determined that the indication information is first indication information; if the indication information is determined to be second indication information, uploading the first encrypted file through the transceiver module; wherein the first indication information is sent by the first server upon determining that a second digital fingerprint of the first encrypted file is stored in a blockchain database, and the second indication information is sent by the first server upon determining that the second digital fingerprint of the first encrypted file is not stored in the blockchain database; the second digital fingerprint of the first encrypted file is a hash value of the first digital fingerprint, the blockchain database stores the second digital fingerprints of files stored by servers of all cloud storage in the cloud storage federation, and the blockchain database is commonly maintained by all cloud storage in the cloud storage federation.
12. The client of claim 11, wherein the transceiver module is further configured to receive a file download instruction of a user;
the processing module is further configured to determine a second file to be downloaded according to the file downloading instruction, and determine a first digital fingerprint of the second file according to a corresponding relationship between a file in the client and the first digital fingerprint of the file, where the first digital fingerprint of the second file is a hash value of the second file, and the second file is an encrypted or unencrypted file;
the transceiver module is further configured to send a file download request to the server according to the first digital fingerprint of the second file, where the file download request includes the first digital fingerprint of the second file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710567313.9A CN107295002B (en) | 2017-07-12 | 2017-07-12 | Cloud data storage method and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710567313.9A CN107295002B (en) | 2017-07-12 | 2017-07-12 | Cloud data storage method and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107295002A CN107295002A (en) | 2017-10-24 |
| CN107295002B true CN107295002B (en) | 2020-06-19 |
Family
ID=60100731
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710567313.9A Active CN107295002B (en) | 2017-07-12 | 2017-07-12 | Cloud data storage method and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107295002B (en) |
Families Citing this family (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108111585B (en) * | 2017-12-15 | 2021-08-31 | 成都波霎科技有限公司 | Distributed storage method based on block chain |
| CN108256327B (en) * | 2017-12-22 | 2020-12-29 | 新华三信息安全技术有限公司 | File detection method and device |
| CN110019347B (en) * | 2018-01-02 | 2021-05-25 | 中国移动通信有限公司研究院 | Data processing method and device of block chain and terminal equipment |
| CN110109883B (en) * | 2018-01-25 | 2023-06-27 | 卓望数码技术(深圳)有限公司 | File filtering and storing method and device |
| CN108280628A (en) * | 2018-02-01 | 2018-07-13 | 泰康保险集团股份有限公司 | Core based on block chain technology pays for method, apparatus, medium and electronic equipment |
| CN108809932B (en) * | 2018-04-09 | 2021-11-02 | 杭州拾贝知识产权服务有限公司 | Block chain-based deposit certificate system, method and readable medium |
| CN108833460B (en) * | 2018-04-10 | 2021-05-25 | 平安科技(深圳)有限公司 | Music release method and device based on block chain and terminal equipment |
| CN108664623A (en) * | 2018-05-14 | 2018-10-16 | 中钞信用卡产业发展有限公司杭州区块链技术研究院 | A kind of date storage method, device, equipment and medium |
| CN108765683A (en) * | 2018-05-23 | 2018-11-06 | 栾友祥 | A kind of ballot system based on block chain technology |
| CN108932297B (en) * | 2018-06-01 | 2022-03-22 | 创新先进技术有限公司 | Data query method, data sharing method, device and equipment |
| CN108920966A (en) * | 2018-06-25 | 2018-11-30 | 北京奇虎科技有限公司 | A kind of block chain deposits card, evidence collecting method and device |
| CN109088720B (en) * | 2018-08-14 | 2021-08-13 | 广东工业大学 | Encrypted file duplicate removal method and device based on hybrid cloud storage |
| CN109241754B (en) * | 2018-08-14 | 2021-08-03 | 广东工业大学 | Cloud file repeated data deleting method based on block chain |
| CN109214933A (en) * | 2018-08-22 | 2019-01-15 | 泰康保险集团股份有限公司 | Approaches to IM, device, medium and electronic equipment based on block chain |
| CN109409122B (en) * | 2018-09-13 | 2022-08-16 | 远光软件股份有限公司 | File storage method, electronic device and storage medium |
| CN109302491A (en) * | 2018-11-13 | 2019-02-01 | 爱普(福建)科技有限公司 | A kind of industry internet framework and its operation method based on block chain |
| CN111324902A (en) * | 2018-12-14 | 2020-06-23 | 航天信息股份有限公司 | Data access method, device and system based on block chain |
| CN109768987B (en) * | 2019-02-26 | 2022-01-28 | 重庆邮电大学 | Block chain-based data file safe and private storage and sharing method |
| CN110099108B (en) * | 2019-04-26 | 2022-04-01 | 深圳前海微众银行股份有限公司 | Block chain event duplicate removal method and device, computer equipment and storage medium |
| CN110719163B (en) * | 2019-09-29 | 2022-09-23 | 联想(北京)有限公司 | Information processing method, device and storage medium |
| CN110768979B (en) * | 2019-10-22 | 2021-12-24 | 吕春芳 | Formica algorithm-based block chain big data processing method and system |
| CN111078649A (en) * | 2019-12-12 | 2020-04-28 | 中国建设银行股份有限公司 | Block chain-based on-cloud file storage method and device and electronic equipment |
| JP2021158536A (en) * | 2020-03-27 | 2021-10-07 | 本田技研工業株式会社 | Communication system and control method therefor |
| CN111339536B (en) * | 2020-05-15 | 2020-11-24 | 支付宝(杭州)信息技术有限公司 | Data verification method and device based on secure execution environment |
| CN111831743B (en) * | 2020-06-05 | 2023-11-14 | 广东科学技术职业学院 | Block chain data storage system and method based on cloud storage |
| CN111832069B (en) * | 2020-06-05 | 2023-08-29 | 广东科学技术职业学院 | Multi-block chain on-chain data storage system and method based on cloud computing |
| CN114244855B (en) * | 2020-09-08 | 2024-01-02 | 腾讯科技(深圳)有限公司 | Fingerprint file storage method, device, equipment and readable storage medium |
| CN112700800A (en) * | 2021-02-18 | 2021-04-23 | 深圳星算科技有限公司 | Distributed storage device of block chain |
| CN112926091B (en) * | 2021-03-26 | 2022-08-12 | 支付宝(杭州)信息技术有限公司 | Block chain-based data ownership recording and data transaction verification method and device |
| CN115118446A (en) * | 2022-01-22 | 2022-09-27 | 南方电网数字电网研究院有限公司 | Data security control method and system |
| CN115988002B (en) * | 2023-02-16 | 2023-08-15 | 荣耀终端有限公司 | Data transmission method and electronic equipment |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103002029A (en) * | 2012-11-26 | 2013-03-27 | 北京百度网讯科技有限公司 | Management method, system and client for uploaded files |
| CN103595696A (en) * | 2012-08-15 | 2014-02-19 | 中兴通讯股份有限公司 | Method and device for file ownership certification |
| CN103780607A (en) * | 2014-01-13 | 2014-05-07 | 西安电子科技大学 | Repeating-data deleting method based on different permissions and system thereof |
| CN103944988A (en) * | 2014-04-22 | 2014-07-23 | 南京邮电大学 | Repeating data deleting system and method applicable to cloud storage |
| CN104917609A (en) * | 2015-05-19 | 2015-09-16 | 华中科技大学 | Efficient and safe data deduplication method and efficient and safe data deduplication system based on user perception |
| CN105141602A (en) * | 2015-08-18 | 2015-12-09 | 西安电子科技大学 | File ownership proof method based on convergence encryption |
| CN105681273A (en) * | 2015-12-17 | 2016-06-15 | 西安电子科技大学 | Client data deduplication method |
| CN105868305A (en) * | 2016-03-25 | 2016-08-17 | 西安电子科技大学 | A fuzzy matching-supporting cloud storage data dereplication method |
| CN105915332A (en) * | 2016-07-04 | 2016-08-31 | 广东工业大学 | Cloud storage encryption and dereplication method and cloud storage encryption and dereplication system |
| CN105939191A (en) * | 2016-07-08 | 2016-09-14 | 南京理工大学 | Client secure deduplication method of ciphertext data in cloud storage |
| CN106100832A (en) * | 2016-06-12 | 2016-11-09 | 广东工业大学 | Key management method based on convergent encryption in a kind of cloud storage data deduplication |
| CN106101257A (en) * | 2016-07-07 | 2016-11-09 | 广东工业大学 | A kind of cloud storage data managing method based on Bloom filter and device |
| CN106412087A (en) * | 2016-10-25 | 2017-02-15 | 福建师范大学 | Method and system for sharing ownership proofs |
| CN106685977A (en) * | 2017-01-03 | 2017-05-17 | 武汉虹信技术服务有限责任公司 | Account system construction method based on intelligent community cloud platform |
| CN106878318A (en) * | 2017-03-03 | 2017-06-20 | 钱德君 | A kind of block chain real time polling cloud system |
| CN106888087A (en) * | 2017-03-15 | 2017-06-23 | 腾讯科技(深圳)有限公司 | A kind of method and apparatus for managing certificate |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11036392B2 (en) * | 2013-02-26 | 2021-06-15 | Pure Storage, Inc. | Determining when to use convergent encryption |
-
2017
- 2017-07-12 CN CN201710567313.9A patent/CN107295002B/en active Active
Patent Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103595696A (en) * | 2012-08-15 | 2014-02-19 | 中兴通讯股份有限公司 | Method and device for file ownership certification |
| CN103002029A (en) * | 2012-11-26 | 2013-03-27 | 北京百度网讯科技有限公司 | Management method, system and client for uploaded files |
| CN103780607A (en) * | 2014-01-13 | 2014-05-07 | 西安电子科技大学 | Repeating-data deleting method based on different permissions and system thereof |
| CN103944988A (en) * | 2014-04-22 | 2014-07-23 | 南京邮电大学 | Repeating data deleting system and method applicable to cloud storage |
| CN104917609A (en) * | 2015-05-19 | 2015-09-16 | 华中科技大学 | Efficient and safe data deduplication method and efficient and safe data deduplication system based on user perception |
| CN105141602A (en) * | 2015-08-18 | 2015-12-09 | 西安电子科技大学 | File ownership proof method based on convergence encryption |
| CN105681273A (en) * | 2015-12-17 | 2016-06-15 | 西安电子科技大学 | Client data deduplication method |
| CN105868305A (en) * | 2016-03-25 | 2016-08-17 | 西安电子科技大学 | A fuzzy matching-supporting cloud storage data dereplication method |
| CN106100832A (en) * | 2016-06-12 | 2016-11-09 | 广东工业大学 | Key management method based on convergent encryption in a kind of cloud storage data deduplication |
| CN105915332A (en) * | 2016-07-04 | 2016-08-31 | 广东工业大学 | Cloud storage encryption and dereplication method and cloud storage encryption and dereplication system |
| CN106101257A (en) * | 2016-07-07 | 2016-11-09 | 广东工业大学 | A kind of cloud storage data managing method based on Bloom filter and device |
| CN105939191A (en) * | 2016-07-08 | 2016-09-14 | 南京理工大学 | Client secure deduplication method of ciphertext data in cloud storage |
| CN106412087A (en) * | 2016-10-25 | 2017-02-15 | 福建师范大学 | Method and system for sharing ownership proofs |
| CN106685977A (en) * | 2017-01-03 | 2017-05-17 | 武汉虹信技术服务有限责任公司 | Account system construction method based on intelligent community cloud platform |
| CN106878318A (en) * | 2017-03-03 | 2017-06-20 | 钱德君 | A kind of block chain real time polling cloud system |
| CN106888087A (en) * | 2017-03-15 | 2017-06-23 | 腾讯科技(深圳)有限公司 | A kind of method and apparatus for managing certificate |
Non-Patent Citations (2)
| Title |
|---|
| 《区块链技术与应用前瞻综述》;何蒲等;《计算机科学》;20170430;第44卷(第4期);全文 * |
| 《面向数据去重的基于二次哈希的收敛加密策略》;周玉坤等;《计算机工程与科学》;20160930;第38卷(第9期);第4节、图3 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107295002A (en) | 2017-10-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107295002B (en) | Cloud data storage method and server | |
| CN109409122B (en) | File storage method, electronic device and storage medium | |
| CN108076057B (en) | Data security system and method based on block chain | |
| Zafar et al. | A survey of cloud computing data integrity schemes: Design challenges, taxonomy and future trends | |
| CN102170440B (en) | Method suitable for safely migrating data between storage clouds | |
| US8997198B1 (en) | Techniques for securing a centralized metadata distributed filesystem | |
| KR101531450B1 (en) | Improvements in watermark extraction efficiency | |
| CN111355705A (en) | Data auditing and safety duplicate removal cloud storage system and method based on block chain | |
| CN113742782A (en) | Block chain access authority control method based on privacy protection and block chain system | |
| CN109242404B (en) | Resume information management method, resume information management device, computer equipment and readable storage medium | |
| US20220329446A1 (en) | Enhanced asset management using an electronic ledger | |
| US11917088B2 (en) | Integrating device identity into a permissioning framework of a blockchain | |
| JP2023504492A (en) | Efficient threshold storage of data objects | |
| US8972732B2 (en) | Offline data access using trusted hardware | |
| Priyadharshini et al. | Data integrity in cloud storage | |
| Albeshri et al. | Enhanced geoproof: improved geographic assurance for data in the cloud | |
| Sevis et al. | Survey on data integrity in cloud | |
| Yoosuf | Lightweight fog‐centric auditing scheme to verify integrity of IoT healthcare data in the cloud environment | |
| KR102501004B1 (en) | Method and apparatus for managing data based on blockchain | |
| Saxena et al. | Collaborative approach for data integrity verification in cloud computing | |
| CN110807640A (en) | Method and device for recording copyright information | |
| US20210365341A1 (en) | Ledger-based device health data sharing | |
| Hwang et al. | Fulfilling mutual nonrepudiation for cloud storage | |
| Vasilopoulos et al. | POROS: proof of data reliability for outsourced storage | |
| Kavya et al. | A survey on data auditing approaches to preserve privacy and data integrity in cloud computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |