CN108182367A - A kind of encrypted data chunk client De-weight method for supporting data update - Google Patents
A kind of encrypted data chunk client De-weight method for supporting data update Download PDFInfo
- Publication number
- CN108182367A CN108182367A CN201711347947.XA CN201711347947A CN108182367A CN 108182367 A CN108182367 A CN 108182367A CN 201711347947 A CN201711347947 A CN 201711347947A CN 108182367 A CN108182367 A CN 108182367A
- Authority
- CN
- China
- Prior art keywords
- node
- clear text
- text file
- block
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a kind of encrypted data chunk client De-weight methods for supporting data update, utilize convergent encryption algorithm, so that identical cryptograph files block is mapped as after identical clear text file block encryption, novel dynamic equilibrium skip list is built as File Ownership authentication structures, it carries out server to interact with the File Ownership certification between the subsequent uploader of file, realizes encrypted data chunk client duplicate removal.The method for proposing dynamic equilibrium skip list self-balancing, the dynamic operation instruction uploaded according to user and the authentication value of clear text file block to be updated, it modifies, be inserted into and delete operation to dynamic equilibrium skip list interior joint, the present invention not only increases server duplicate removal ratio and utilization ratio of storage resources, save user bandwidth and uplink time, and support data block update, realize servers' data elastic management.
Description
Technical field
The invention belongs to field of computer technology, further to a kind of support data in field of information security technology more
New encrypted data chunk client De-weight method.The present invention can be used for supporting encrypted data chunk duplicate removal and newer cloud storage system
System, can not only improve duplicate removal ratio, save the uploading bandwidth of user and the memory space of server, also support user to blocks of files
Update operation, realize data elastic management.
Background technology
Cloud storage data deduplication technology, which is widely used in data backup, reduces network and storage overhead.The technology can be with
Data redundancy is eliminated, leaves behind a physical copy, the data copy without retaining multiple identical contents.Data deduplication technology
Based on different duplicate removal strategies, client server duplicate removal, file-level or blocks of files grade duplicate removal etc. can be divided into.Client is gone
Weight is compared to server end duplicate removal, it is possible to reduce user bandwidth and uplink time are saved in the upload of repeated data, are brought preferably
User experience.Blocks of files grade duplicate removal can realize more fine-grained duplicate removal, improve duplicate removal ratio and deposit compared to file-level duplicate removal
Store up resource utilization.Therefore, encrypted data chunk duplicate removal technology or encryption data client duplicate removal technology obtain cloud storage service
The affirmative of supplier and support.But in actual life, people generally require to propose high in the clouds backup file update request, therefore,
Elastic management of the server to data is realized in update of the data deduplication technical support user to high in the clouds data, has great show
Real demand.
Patent document " a kind of safe data de-duplication method " (Shen that Beijing Safe-Code Technology Co., Ltd. applies at it
Please number:201310736892.7 publication number:CN 103731423A) in disclose a kind of method of data de-duplication.The party
The specific steps of method include:The file that client stores needs is encrypted to ciphertext with the different Encryption Algorithm of same key;
Server judges whether to store this document by the cryptographic Hash of file first;Client is decrypted by the ciphertext that server returns
Go out key, then encrypted with another Encryption Algorithm;Server is encrypted twice by documents with same Encryption Algorithm to be judged whether
Carry out data de-duplication.Shortcoming is existing for this method:Key in this method is randomly generated by user, it is impossible to
The content spoofing attack initiated by file first place uploader is resisted, safety is relatively low, and this method does not support blocks of files grade to go
Weight, duplicate removal granularity is small, and duplicate removal ratio is low.
Paper " the BL-MLE that Chen R, Mu Y and Yang G et al. are delivered at it:Block-Level Message-
Locked Encryption for Secure Large File Deduplication”(IEEE Transactions on
Information Forensics Security,2015,10(12):2643-2652.) a kind of encryption blocks of files is proposed in
De-weight method.This method is encrypted blocks of files based on convergent encryption algorithm, realizes blocks of files grade duplicate removal.This method
Specific steps:Client recycles the cryptographic Hash of file in blocks of files using the cryptographic Hash encryption blocks of files of blocks of files
Hold and carry out exponent arithmetic, generate blocks of files label.Server judges to whether there is phase in different files by Bilinear map equation
Same blocks of files deletes and repeats encryption blocks of files, so as to fulfill blocks of files grade duplicate removal.Shortcoming is existing for this method:It uses
Bilinear algorithm and exponent arithmetic, computation complexity is high, and efficiency is low;User cannot be supported to operate the update of blocks of files, if with
Family is wanted to update high in the clouds backup file, then needs to upload updated entire file, and is not only to need newer blocks of files, from
And waste user's uploading bandwidth and uplink time.
Paper " the DeyPoS that He K, Chen J, Du R et al. is delivered at it:Deduplicatable Dynamic
Proof of Storage for Multi-User Environments”(IEEE Transactions on Computers,
2016,65(12):3631-3645.) it is proposed in and the newer file of dynamic is supported to own under a kind of cloud storage data deduplication environment
The method for weighing certification and integrity verification.This method devises a kind of new File Ownership authentication structures --- homomorphism certification
Tree, it can support three kinds of update operations, can meet user and upgrade demand to blocks of files.The calculating of each node in homomorphism certification tree
Using homomorphic algorithm, certification of the server based on the structure subsequent uploader progress File Ownership to file.The program exists
Shortcoming be:Large-scale be inserted into can lead to the unbalance of homomorphism authentication structures with delete operation, so as to lose binary chop
High efficiency;This method does not support encryption blocks of files duplicate removal, and duplicate removal ratio is low.
Paper " the Updatable Block-Level that Zhao, Yongjun, and S.S.M.Chow are delivered at it
Message-Locked Encryption[C]”(ACM Asia Conference on Computer and
Communications Security.ACM, 2017.) a kind of renewable data based on convergent encryption algorithm are proposed in
Block De-weight method.The specific steps of this method:User encrypts blocks of files using the cryptographic Hash of blocks of files, before blocks of files cryptographic Hash
After be connected to new clear text file block, the cryptographic Hash of new clear text file block is recycled to encrypt corresponding new clear text file block, until
Generate the last one clear text file block, the master key of the cryptographic Hash of the clear text file block as file, for file encryption and
Update;Server establishes Merkle Tree based on above-mentioned encryption blocks of files, for depositing for blocks of files and blocks of files key connection value
Storage and update.Shortcoming is existing for this method:It does not propose safe and efficient File Ownership authentication method, causes a large amount of
The upload of duplicate file block wastes user bandwidth;Using iteration convergence Encryption Algorithm calculation document block ciphertext so that blocks of files is close
The decrypting process efficiency of text is low;Merkle Tree only support the modification update of leaf node, not because the structure of itself limits
Leaf node is supported to be inserted into and delete update, is upgraded demand it is thus impossible to fully meet user to blocks of files.
Invention content
The purpose of the present invention is in view of the above shortcomings of the prior art, propose a kind of encrypted data chunk for supporting data update
Client De-weight method.
In order to which the concrete thought for realizing the object of the invention is:The method that encryption blocks of files is calculated using convergent encryption algorithm,
Identical cryptograph files block is mapped as after ensuring identical clear text file block encryption, realizes going for same file block in different files
Weight protects data privacy, improves the duplicate removal ratio and utilization ratio of storage resources of server end.Based on efficient on skip list probability
It searches and supports the characteristic of update operation, propose that the novel dynamic equilibrium skip list with binary chop advantage owns as file
The authentication structures of power and new authentication method are realized that server is interacted with the File Ownership certification of the subsequent uploader of file, are kept away
Exempt from identical block to repeat to upload, save user bandwidth and uplink time.Finally, it is special to use for reference balanced binary tree constitutional balance
Property, it proposes the method that the update of dynamic equilibrium skip list operates self-balancing, is instructed according to the dynamic operation that user uploads and to be updated
Clear text file block authentication value, realize dynamic equilibrium skip list interior joint modification, insertion and delete operation, to support high in the clouds
Servers' data elastic management is realized in the update of blocks of files.
The specific steps of the present invention include as follows:
(1) data block is encrypted in file first place uploader:
(1a) file first place uploader utilizes 256 secure hash algorithm SHA256, using clear text file as input, calculates
The key of clear text file using the key of clear text file as input, calculates the label of clear text file;
(1b) file first place uploader carries out clear text file the piecemeal that length is 4kb, generates multiple clear text file blocks;
(1c) file first place uploader utilize 256 secure hash algorithm SHA256, using each clear text file block as
Input calculates the key of each clear text file block, is made with being connected before and after each clear text file block and clear text file block key
For input, the authentication value of each clear text file block is calculated;
(1d) file first place uploader uses clear text file using the Encryption Algorithm in 256 Advanced Encryption Standard AES256
The key encrypting plaintext blocks of files of block, obtains cryptograph files block, with the company of the key encrypting plaintext blocks of files key of clear text file
Ad valorem obtains the connection value ciphertext of clear text file block key;
(1e) file first place uploader is by the label of clear text file, the authentication value of clear text file block, cryptograph files block and bright
The connection value ciphertext of literary blocks of files key is uploaded to server;
(2) the novel dynamic equilibrium skip list of server construction:
(2a) is corresponding bright according to clear text file block authentication value by the corresponding base level nodes of each clear text file block authentication value
The tandem of literary blocks of files connects into a single linked list;
(2b) generates father's section since first node on the left of current chained list, using each two node as child node
Point;If current chained list interior joint number is odd number, a father node is generated using remaining last three nodes as child node;
(2c) using 256 secure hash algorithm SHA256, by the cryptographic Hash of child node each in each father node, according to
Child node or so is linked in sequence into Hash connection value as input, the cryptographic Hash of Hash connection value is calculated, by Hash connection value
Cryptographic Hash is assigned to the cryptographic Hash of each father node;
(2d) by child node each in each father node up to base level nodes number and be assigned to the reachable of each father node
Base level nodes number;The number of nodes generated used in each father node is assigned to the son node number of each father node;
(2e) is directed toward the position of first child node on the left of the node with the lower pointer of each father node, and the father of generation is saved
Point is linked into father chain's table according to the sequencing of generation;
(2f) deletes the pointer between different father node child nodes;
Whether (2g) is judged only there are one node in father chain's table, if so, the exclusive node in father chain's table is labeled as root
Node performs step (3) after obtaining dynamic equilibrium skip list;Otherwise, step is performed after using father chain's table of generation as current chained list
Suddenly (2b);
(3) server carries out deduplication operation to encrypted data chunk:
256 secure hash algorithm SHA256 of server by utilizing using cryptograph files block as input, calculate cryptograph files block
Label, delete the repetition cryptograph files block for having identical cryptograph files block label, the encrypted data chunk for completing server end goes
It operates again;
(4) the subsequent uploader of file carries out File Ownership certification interaction with server:
(4a) server by utilizing random function at random generation two positive integers, by two positive integers be sent to file it is subsequent on
Biography person;
The subsequent uploader of (4b) file is using one in two positive integers as random seed, generation and another positive integer
Equal multiple random numbers are as by the index value of challenge blocks of files;
The subsequent uploader of (4c) file carries out clear text file the piecemeal that length is 4kb, generates multiple clear text file blocks;
The subsequent uploader of (4d) file utilizes 256 secure hash algorithm SHA256, calculates by the index of challenge blocks of files
The corresponding authentication value by challenge blocks of files of value, sends it to server;
(5) server determines whether the subsequent uploader is file owner:
(5a) server is using one in two positive integers as random seed, more equal with another positive integer of generation
A random number is as by the index value of challenge blocks of files;
(5b) in dynamic equilibrium skip list, the father of whois lookup base level nodes corresponding to challenge blocks of files index value
The brotgher of node of class node and class node;
(5c) utilizes 256 secure hash algorithm SHA256, the cryptographic Hash of the server brotgher of node and the quilt received
The authentication value of blocks of files is challenged, recalculates the cryptographic Hash of dynamic equilibrium skip list root node;
(5d) judges the cryptographic Hash of dynamic equilibrium skip list root node and the root node cryptographic Hash that server local is stored
Whether equal, if so, File Ownership certification passes through, server performs step after follow-up uploader is labeled as file owner
Suddenly (6);Otherwise, File Ownership authentification failure;
(6) the cryptograph files block at file owner's download server end:
The label of clear text file and download request are sent to server by (6a) file owner;
(6b) server is by the corresponding all cryptograph files blocks of clear text file label and clear text file block key connection value
Ciphertext is sent to file owner;
(7) file owner decrypts the cryptograph files block of server end:
File owner is using the decipherment algorithm in 256 Advanced Encryption Standard AES256, with the key solution of clear text file
The connection value ciphertext of close clear text file block key, obtains the connection value of clear text file block key, with the key solution of clear text file block
Close cryptograph files block, obtains clear text file block;
(8) new clear text file block is encrypted in file owner:
The label of clear text file and update request are sent to server by (8a) file owner;
The ciphertext of blocks of files key connection value is sent to file owner by (8b) server;
(8c) using the decipherment algorithm in 256 Advanced Encryption Standard AES256, file owner's clear text file it is close
The ciphertext of key decrypted plaintext blocks of files key connection value, obtains the connection value of clear text file block key;
(8d) calculates the key of new clear text file respectively using 256 secure hash algorithm SHA256, file owner,
The label of new clear text file, the to be modified or key of clear text file block being inserted into and clear text file that is to be modified or being inserted into
The authentication value of block;
(8e) file owner utilizes the index value of clear text file block to be modified or be inserted into and its clear text file block
The connection value of key updating clear text file block key obtains the connection value of new clear text file block key;
(8f) using the Encryption Algorithm in 256 Advanced Encryption Standard AES256, file owner is with to be modified or to be inserted
The key of the clear text file block entered encrypts corresponding clear text file block, obtains cryptograph files block that is to be modified or being inserted into, with new
The key of clear text file encrypt the connection value of new clear text file block key, obtain the connection value of new clear text file block key
Ciphertext;
(8g) file owner is by the connection value ciphertext, dynamic of the label of new clear text file, new clear text file block key
State operational order, it is to be modified or be inserted into or the index value of blocks of files to be deleted, it is to be modified or be inserted into cryptograph files block, treat
It changes the authentication value of clear text file block being inserted into and is sent to server;
(9) server carries out deduplication operation to new cryptograph files block:
256 secure hash algorithm SHA256 of server by utilizing calculate the mark of cryptograph files block that is to be modified or being inserted into
Label delete the repetition cryptograph files block for having identical cryptograph files block label, complete the encrypted data chunk duplicate removal behaviour of server end
Make;
(10) base level nodes in server modification dynamic equilibrium skip list:
The index value of whois lookup blocks of files to be modified corresponds to the class node of base level nodes and the brother of class node
Node, using 256 secure hash algorithm SHA256, the authentication value of server clear text file block to be modified and the brotgher of node
Authentication value updates the authentication value of class node;
(11) server is inserted into the base level nodes in dynamic equilibrium skip list:
The index value that (11a) whois lookup is inserted into blocks of files corresponds to the class nodes of base level nodes, generates a base
Node layer is assigned to the cryptographic Hash for being inserted into node with the cryptographic Hash for being inserted into clear text file block as node is inserted into, and is inserted into node
1 is assigned a value of up to base level nodes number, the son node number for being inserted into node is assigned a value of 0, and insertion node is inserted into and is inserted into blocks of files
Index value corresponding to base level nodes backpointer position;
The son node number of the class node of lowermost layer is added 1 by (11b), using the class node of lowermost layer as present node;
(11c) judges whether the son node number of present node is equal to 3, if so, performing step (11d);Otherwise, step is performed
Suddenly (11e);
(11d) updates the cryptographic Hash of present node, up to base level nodes numbers using each child node of present node,
Perform step (11f);
(11e) utilizes first, the left side child node of present node and the Hash of second sub- node updates present node
Value, reachable base level nodes number and son node number;It is generated using the left side third child node of present node and the 4th child node
The node of generation is inserted into the backpointer position of present node by another node, by the child node of the father node of present node
Number plus 1;
(11f) judges whether present node is root node, if so, performing step (12);Otherwise, with last layer parent section
Point performs step (11c) as present node;
(12) server deletes the base level nodes in dynamic equilibrium skip list:
The index value of (12a) whois lookup blocks of files to be deleted corresponds to the class node of base level nodes, deletes to be deleted
Base level nodes corresponding to the index value of blocks of files;
The son node number of the class node of lowermost layer is subtracted 1 by (12b), using the class node of lowermost layer as present node;
(12c) judges whether the son node number of present node is equal to 2, if so, performing step (12d);Otherwise, step is performed
Suddenly (12e);
(12d) updates the cryptographic Hash of present node, up to base level nodes numbers using each child node of present node,
Perform step (12l);
(12e) judges whether the backpointer of present node is directed toward a brotgher of node, if so, performing step (12f);It is no
Then, step (12i) is performed;
(12f) judges whether the child node number of the brotgher of node of the backpointer meaning of present node is equal to 3, if so,
Perform step (12g);Otherwise, step (12h) is performed;
(12g) is using first, the left side child node of the backpointer meaning brotgher of node of present node as a left side for present node
The child node of side second, using the cryptographic Hash of two sub- node updates present nodes of present node, up to base level nodes number and
Son node number utilizes the Kazakhstan of the remaining two sub- node updates brotgher of node of the brotgher of node of the backpointer meaning of present node
Uncommon value, reachable base level nodes number and son node number, perform step (12l);
(12h) is using unique child node of present node as first, the left side of the present node backpointer meaning brotgher of node
Child node utilizes the cryptographic Hash of the three sub- node updates brotgher of node of the present node backpointer meaning brotgher of node, reachable
Base level nodes number and son node number delete present node, step are performed after subtracting 1 by the son node number of last layer class node
(12l);
(12i) judges whether the child node number of the previous brotgher of node of present node is equal to 3, if so, performing step
Suddenly (12j);Otherwise, step (12k) is performed;
(12j) is using the left side third child node of the previous brotgher of node as first, the left side son section of present node
Point, using the cryptographic Hash of two sub- node updates present nodes of present node, up to base level nodes number and son node number, utilization
The cryptographic Hash of the remaining two sub- node updates brotgher of node of the previous brotgher of node of present node, reachable base level nodes number
And son node number, perform step (12l);
(12k) is using unique child node of present node as the left side third height of the previous brotgher of node of present node
Node, using the cryptographic Hash of the three sub- node updates brotgher of node of the previous brotgher of node of present node, up to base
Number of nodes and son node number delete present node, subtract 1 by the son node number of last layer class node;
(12l) judges whether present node is root node, if so, performing step (13);Otherwise, with the parent section of last layer
Point performs step (12c) as present node;
(13) dynamic equilibrium skip list update finishes.
Compared with the prior art, the present invention has the following advantages:
First, since the present invention according to the authentication value of clear text file block constructs a novel dynamic equilibrium skip list, and
Using the dynamic equilibrium skip list as the authentication structures for uploading File Ownership, the upper transmitting file between user and server is realized
Ownership certification interacts, and overcomes the prior art in the presence of the defects of cannot supporting blocks of files client duplicate removal so that present invention tool
Identical block is avoided to repeat to upload, saves user bandwidth and uplink time, improves the excellent of server stores resources utilization rate
Point.
Second, since the present invention proposes a kind of method of dynamic equilibrium skip list update self-balancing, uploaded according to user
Dynamic operation instruction and clear text file block to be updated authentication value, changing, inserting for node is carried out to dynamic equilibrium skip list
Enter and delete operation, the defects of user efficiently updates high in the clouds Backup Data cannot be met in the prior art by overcoming so that this hair
It is bright that there is the advantages of supporting data block update, realizing servers' data elastic management.
Description of the drawings
Fig. 1 is the flow chart of the present invention.
Fig. 2 is the schematic diagram of the novel dynamic equilibrium skip list step of server construction of the present invention.
Fig. 3 is the flow chart that new clear text file block is encrypted in the bright file owner of this law;
Fig. 4 is the schematic diagram that the bright server of this law changes base level nodes in dynamic equilibrium skip list;
Fig. 5 is the schematic diagram that the bright server of this law is inserted into base level nodes in dynamic equilibrium skip list;
Fig. 6 is the schematic diagram that the bright server of this law deletes base level nodes in dynamic equilibrium skip list;
Fig. 7 is the flow chart that the bright server of this law deletes the base level nodes in dynamic equilibrium skip list;
Specific embodiment
The present invention is described in further detail below in conjunction with the accompanying drawings.
The step of 1 couple of present invention realizes below in conjunction with the accompanying drawings is described in further detail.
Step 1, data block is encrypted in file first place uploader.
File first place uploader utilizes 256 secure hash algorithm SHA256, using clear text file as input, calculates in plain text
The key of file using the key of clear text file as input, calculates the label of clear text file.
256 secure hash algorithm SHA256 refer to:The federal letter of American National Standard technical research institute publication
256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3 are ceased, suitable for of length no more than 264Two
The message of system position.
File first place uploader carries out clear text file the piecemeal that length is 4kb, generates multiple clear text file blocks.
File first place uploader utilizes 256 secure hash algorithm SHA256, using each clear text file block as input,
The key of each clear text file block is calculated, it is defeated to be connected to before and after each clear text file block and clear text file block key
Enter, calculate the authentication value of each clear text file block.
256 secure hash algorithm SHA256 refer to:The federal letter of American National Standard technical research institute publication
256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3 are ceased, suitable for of length no more than 264Two
The message of system position.
File first place uploader is using the Encryption Algorithm in 256 Advanced Encryption Standard AES256, with clear text file block
Key encrypting plaintext blocks of files, obtains cryptograph files block, with the connection value of the key encrypting plaintext blocks of files key of clear text file,
Obtain the connection value ciphertext of clear text file block key.
256 Advanced Encryption Standard AES256 refer to:A kind of block encryption standard that U.S. Federal Government uses,
Wherein, the length of key is the Advanced Encryption Standard of 256.
File first place uploader is literary by the label of clear text file, the authentication value of clear text file block, cryptograph files block and plaintext
The connection value ciphertext of part block key is uploaded to server.
Step 2, the novel dynamic equilibrium skip list of server construction.
The step of 2 pairs of server construction dynamic equilibrium skip lists are described in further detail below in conjunction with the accompanying drawings.
A, B, C, D represent four base level nodes in Fig. 2, and E represents the father node of node A and node B, and F represents node C and section
The father node of point D, R represent the father node of node E and node F, while also illustrate that the root node of entire dynamic equilibrium skip list.
It is literary according to the corresponding plaintext of clear text file block authentication value by the corresponding base level nodes of each clear text file block authentication value
The tandem of part block connects into a single linked list.
The base level nodes refer to, positioned at the node of dynamic equilibrium skip list bottom.
(2b) generates father's section since first node on the left of current chained list, using each two node as child node
Point;If current chained list interior joint number is odd number, a father node is generated using remaining last three nodes as child node.
The node refers to, forms the basic unit of dynamic equilibrium skip list, and each node is made of a five-tuple,
First group membership is respectively node cryptographic Hash, node up to base level nodes number, son node number, backpointer and lower pointer.
Using 256 secure hash algorithm SHA256, by the cryptographic Hash of child node each in each father node, according to sub- section
Point or so is linked in sequence into Hash connection value as input, the cryptographic Hash of Hash connection value is calculated, by the Hash of Hash connection value
Value is assigned to the cryptographic Hash of each father node.
256 secure hash algorithm SHA256 refer to:The federal letter of American National Standard technical research institute publication
256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3 are ceased, suitable for of length no more than 264Two
The message of system position.
By child node each in each father node up to reachable base that is base level nodes number and being assigned to each father node
Node layer number;The number of nodes generated used in each father node is assigned to the son node number of each father node.
The position of first child node on the left of the node is directed toward with the lower pointer of each father node, the father node of generation is pressed
Father chain's table is linked into according to the sequencing of generation.
Delete the pointer between different father node child nodes.
Judge whether only there are one node in father chain's table, if so, the exclusive node in father chain's table is labeled as root node,
Step 3 is performed after obtaining dynamic equilibrium skip list;Otherwise, step (2b) is performed after using father chain's table of generation as current chained list.
Father chain's table refers to, the single linked list being made of multiple father nodes.
Step 3, server carries out deduplication operation to encrypted data chunk.
256 secure hash algorithm SHA256 of server by utilizing using cryptograph files block as input, calculate cryptograph files block
Label, delete the repetition cryptograph files block for having identical cryptograph files block label, the encrypted data chunk for completing server end goes
It operates again.
256 secure hash algorithm SHA256 refer to:The federal letter of American National Standard technical research institute publication
256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3 are ceased, suitable for of length no more than 264Two
The message of system position.
Step 4, the subsequent uploader of file carries out File Ownership certification interaction with server.
Server by utilizing random function generates two positive integers at random, and two positive integers are sent to the subsequent upload of file
Person.
The subsequent uploader of file generates equal with another positive integer using one in two positive integers as random seed
Multiple random numbers as by the index value of challenge blocks of files.
The subsequent uploader of file carries out clear text file the piecemeal that length is 4kb, generates multiple clear text file blocks.
The subsequent uploader of file utilizes 256 secure hash algorithm SHA256, calculates by the index value institute of challenge blocks of files
The corresponding authentication value by challenge blocks of files sends it to server.
256 secure hash algorithm SHA256 refer to:The federal letter of American National Standard technical research institute publication
256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3 are ceased, suitable for of length no more than 264Two
The message of system position.
Step 5, server determines whether the subsequent uploader is file owner.
Server using one in two positive integers as random seed, generation it is equal with another positive integer it is multiple with
Machine number is as by the index value of challenge blocks of files.
In dynamic equilibrium skip list, the parent section of whois lookup base level nodes corresponding to challenge blocks of files index value
The brotgher of node of point and class node.
The class node refers to, in the node being accessed from root node to the search procedure of some base level nodes
Meet the node for including the base level nodes up to node, not including base level nodes in itself.
The brotgher of node refers to, the general designation of other nodes in same single linked list.
Using 256 secure hash algorithm SHA256, the cryptographic Hash of the server brotgher of node is challenged with what is received
The authentication value of blocks of files recalculates the cryptographic Hash of dynamic equilibrium skip list root node.
256 secure hash algorithm SHA256 refer to:The federal letter of American National Standard technical research institute publication
256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3 are ceased, suitable for of length no more than 264Two
The message of system position.
Judge the cryptographic Hash of dynamic equilibrium skip list root node and whether root node cryptographic Hash that server local is stored
Equal, if so, File Ownership certification passes through, server is by follow-up uploader labeled as execution step 6 after file owner;
Otherwise, File Ownership authentification failure.
Step 6, the cryptograph files block at file owner's download server end.
The label of clear text file and download request are sent to server by file owner.
Server is by the ciphertext of the corresponding all cryptograph files blocks of clear text file label and clear text file block key connection value
It is sent to file owner.
Step 7, file owner decrypts the cryptograph files block of server end.
File owner is using the decipherment algorithm in 256 Advanced Encryption Standard AES256, with the key solution of clear text file
The connection value ciphertext of close clear text file block key, obtains the connection value of clear text file block key, with the key solution of clear text file block
Close cryptograph files block, obtains clear text file block.
256 Advanced Encryption Standard AES256 refer to:A kind of block encryption standard that U.S. Federal Government uses,
Wherein, the length of key is the Advanced Encryption Standard of 256.
Step 8, new clear text file block is encrypted in file owner.
The step of 3 pairs of new clear text file block encryptions are described in further detail below in conjunction with the accompanying drawings.
The label of clear text file and update request are sent to server by file owner.
The ciphertext of blocks of files key connection value is sent to file owner by server.
Using the decipherment algorithm in 256 Advanced Encryption Standard AES256, the key solution of file owner's clear text file
The ciphertext of close clear text file block key connection value, obtains the connection value of clear text file block key.
256 Advanced Encryption Standard AES256 refer to:A kind of block encryption standard that U.S. Federal Government uses,
Wherein, the length of key is the Advanced Encryption Standard of 256.
Using 256 secure hash algorithm SHA256, file owner calculates the key of new clear text file respectively, new
The label of clear text file, the to be modified or key of clear text file block that is inserted into and to be modified or the clear text file block that is inserted into
Authentication value.
256 secure hash algorithm SHA256 refer to:The federal letter of American National Standard technical research institute publication
256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3 are ceased, suitable for of length no more than 264Two
The message of system position.
File owner utilizes the index value of clear text file block that is to be modified or being inserted into and its key of clear text file block
The connection value of clear text file block key is updated, obtains the connection value of new clear text file block key.
Using the Encryption Algorithm in 256 Advanced Encryption Standard AES256, file owner is with to be modified or be inserted into
The key of clear text file block encrypts corresponding clear text file block, obtains cryptograph files block that is to be modified or being inserted into, with new bright
The key of file encrypts the connection value of new clear text file block key, and the connection value for obtaining new clear text file block key is close
Text.
256 Advanced Encryption Standard AES256 refer to:A kind of block encryption standard that U.S. Federal Government uses,
Wherein, the length of key is the Advanced Encryption Standard of 256.
File owner grasps the label of new clear text file, the connection value ciphertext of new clear text file block key, dynamic
It instructs, is to be modified or be inserted into or the index value of blocks of files to be deleted, the to be modified or cryptograph files block, to be modified that is inserted into
The authentication value of clear text file block being inserted into is sent to server.
Step 9, server carries out deduplication operation to new cryptograph files block.
256 secure hash algorithm SHA256 of server by utilizing calculate the mark of cryptograph files block that is to be modified or being inserted into
Label delete the repetition cryptograph files block for having identical cryptograph files block label, complete the encrypted data chunk duplicate removal behaviour of server end
Make.
256 secure hash algorithm SHA256 refer to:The federal letter of American National Standard technical research institute publication
256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3 are ceased, suitable for of length no more than 264Two
The message of system position.
Step 10, the base level nodes in server modification dynamic equilibrium skip list.
4 pairs of servers change the step of base level nodes on some position in dynamic equilibrium skip list bottom below in conjunction with the accompanying drawings
Suddenly it is described in further detail.
Fig. 4 (a) is the dynamic equilibrium skip list of storage before server modification operation, after Fig. 4 (b) is server modification operation
Dynamic equilibrium skip list.
A, B, C, D represent four base level nodes in Fig. 4 (a), and E represents the father node of node A and node B, and F represents node C
With the father node of node D, R represents the father node of node E and node F, while also illustrates that the root section of entire dynamic equilibrium skip list
Point.
C in Fig. 4 (b) represents the base level nodes of modification, and R, F represent the class node of node C, and E, D represent class node
The brotgher of node, wherein E represents the brotgher of node of node F, and D represents the brotgher of node of node C.
The index value of whois lookup blocks of files to be modified corresponds to the class node of base level nodes and the brother of class node
Node, using 256 secure hash algorithm SHA256, the authentication value of server clear text file block to be modified and the brotgher of node
Authentication value updates the authentication value of class node.
256 secure hash algorithm SHA256 refer to:The federal letter of American National Standard technical research institute publication
256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3 are ceased, suitable for of length no more than 264Two
The message of system position.
Step 11, server is inserted into the base level nodes in dynamic equilibrium skip list.
5 pairs of servers are in one base level nodes of some position of dynamic equilibrium skip list bottom insertion below in conjunction with the accompanying drawings
Step is described in further detail.
Fig. 5 (a) is that server is inserted into the dynamic equilibrium skip list stored before node G operations, and (b) is inserted into base for server
Dynamic equilibrium skip list after node G operations, (c) are that server is inserted into the dynamic equilibrium skip list stored before node H operations,
(d) the dynamic equilibrium skip list after base level nodes H operations is inserted into for server;
A, B, C, D represent four base level nodes in Fig. 5 (a), and E represents the father node of node A and node B, and F represents node C
With the father node of node D, R represents the father node of node E and node F, while also illustrates that the root section of entire dynamic equilibrium skip list
Point.
The base level nodes that G expressions are inserted into Fig. 5 (b), R, F represent the class node of node G, and E, C, D represent parent section
The brotgher of node of point, wherein E represent the brotgher of node of node F, and C, D represent the brotgher of node of node G.
A, B, G, C, D represent five base level nodes in Fig. 5 (c), and E represents the father node of node A and node B, and F represents node
G, the father node of node C and node D, R represent the father node of node E and node F, while also illustrate that entire dynamic equilibrium skip list
Root node.
The base level nodes that H expressions are inserted into Fig. 5 (d), R, F represent the class node of node H, and E, G, C, D represent parent
The brotgher of node of node, wherein E represent the brotgher of node of node F, and G, C, D represent the brotgher of node of node H;In renewal process
In, it generates new inode and is inserted into F node backpointers position.
1st step, the index value that whois lookup is inserted into blocks of files correspond to the class nodes of base level nodes, generate a base
Node layer is assigned to the cryptographic Hash for being inserted into node with the cryptographic Hash for being inserted into clear text file block as node is inserted into, and is inserted into node
1 is assigned a value of up to base level nodes number, the son node number for being inserted into node is assigned a value of 0, and insertion node is inserted into and is inserted into blocks of files
Index value corresponding to base level nodes backpointer position.
The son node number of the class node of lowermost layer is added 1, using the class node of lowermost layer as present node by the 2nd step.
3rd step, judges whether the son node number of present node is equal to 3, if so, performing the 4th step;Otherwise, the 5th is performed
Step.
4th step using each child node of present node, updates the cryptographic Hash of present node, reachable base level nodes number,
Perform the 6th step.
5th step utilizes first, the left side child node of present node and the Hash of second sub- node updates present node
Value, reachable base level nodes number and son node number;It is generated using the left side third child node of present node and the 4th child node
The node of generation is inserted into the backpointer position of present node by another node, by the child node of the father node of present node
Number plus 1.
6th step judges whether present node is root node, if so, performing step 12;Otherwise, with last layer parent section
Point performs the 3rd step as present node.
Step 12, server deletes the base level nodes in dynamic equilibrium skip list.
The flow chart of 6 schematic diagram and attached drawing 7 below in conjunction with the accompanying drawings to server in dynamic equilibrium skip list bottom, is deleted
Except being described in further detail the step of base level nodes on some position.
Fig. 6 (a) is that server deletes the dynamic equilibrium skip list stored before base level nodes G operations, and (b) is deleted for server
Dynamic equilibrium skip list after base level nodes G operations, (c) are that server deletes the dynamic equilibrium stored before base level nodes C operations
Skip list, (d) are that server deletes the dynamic equilibrium skip list after base level nodes C operations;
A, B, G, C, D represent five base level nodes in Fig. 6 (a), and E represents the father node of node A and node B, and F represents node
G, the father node of node C and node D, R represent the father node of node E and node F, while also illustrate that entire dynamic equilibrium skip list
Root node.
G represents deleted base level nodes in Fig. 6 (b), and R, F represent the class node of node G, and E, C, D represent parent section
The brotgher of node of point, wherein E represent the brotgher of node of node F, and C, D represent the brotgher of node of node G.
A, B, C, D represent four base level nodes in Fig. 6 (c), and E represents the father node of node A and node B, and F represents node C
With the father node of node D, R represents the father node of node E and node F, while also illustrates that the root section of entire dynamic equilibrium skip list
Point.
C represents deleted base level nodes in Fig. 6 (d), and R, F represent the class node of node C, and E, D represent class node
The brotgher of node, wherein E represents the brotgher of node of node F, and D represents the brotgher of node of node C;At no point in the update process, F nodes quilt
It deletes, D nodes are in the position for being moved to B node backpointer.
1st step, the index value of whois lookup blocks of files to be deleted correspond to the class node of base level nodes, delete to be deleted
Base level nodes corresponding to the index value of blocks of files.
The son node number of the class node of lowermost layer is subtracted 1, using the class node of lowermost layer as present node by the 2nd step.
3rd step, judges whether the son node number of present node is equal to 2, if so, performing the 4th step;Otherwise, the 5th is performed
Step.
4th step using each child node of present node, updates the cryptographic Hash of present node, reachable base level nodes number,
Perform the 12nd step.
5th step, judges whether the backpointer of present node is directed toward a brotgher of node, if so, performing the 6th step;Otherwise,
Perform the 9th step.
6th step, judges whether the child node number of the brotgher of node of the backpointer meaning of present node is equal to 3, if so,
Perform the 7th step;Otherwise, the 8th step is performed.
7th step, using first, the left side child node of the backpointer meaning brotgher of node of present node as present node
Second, left side child node, using the cryptographic Hash of two sub- node updates present nodes of present node, up to base level nodes number
And son node number, utilize remaining two sub- node updates brotghers of node of the brotgher of node of the backpointer meaning of present node
Cryptographic Hash, reachable base level nodes number and son node number, perform the 12nd step.
8th step, using unique child node of present node as the left side first of the present node backpointer meaning brotgher of node
A child node, using the cryptographic Hash of the three sub- node updates brotgher of node of the present node backpointer meaning brotgher of node, can
Up to base level nodes number and son node number, present node is deleted, the 12nd is performed after subtracting 1 by the son node number of last layer class node
Step.
9th step, judges whether the child node number of the previous brotgher of node of present node is equal to 3, if so, performing the
10 steps;Otherwise, the 11st step is performed.
10th step, using the left side third child node of the previous brotgher of node as first, the left side son section of present node
Point, using the cryptographic Hash of two sub- node updates present nodes of present node, up to base level nodes number and son node number, utilization
The cryptographic Hash of the remaining two sub- node updates brotgher of node of the previous brotgher of node of present node, reachable base level nodes number
And son node number, perform the 12nd step.
11st step, using unique child node of present node as the left side third of the previous brotgher of node of present node
Child node, using the cryptographic Hash of the three sub- node updates brotgher of node of the previous brotgher of node of present node, up to base
Node layer number and son node number delete present node, subtract 1 by the son node number of last layer class node.
12nd step judges whether present node is root node, if so, performing step 13;Otherwise, with the parent section of last layer
Point performs the 3rd step as present node.
Step 13, dynamic equilibrium skip list update finishes.
Claims (8)
1. a kind of encrypted data chunk client De-weight method for supporting data update, which is characterized in that include the following steps:
(1) data block is encrypted in file first place uploader:
(1a) file first place uploader utilizes 256 secure hash algorithm SHA256, using clear text file as input, calculates in plain text
The key of file using the key of clear text file as input, calculates the label of clear text file;
(1b) file first place uploader carries out clear text file the piecemeal that length is 4kb, generates multiple clear text file blocks;
(1c) file first place uploader utilizes 256 secure hash algorithm SHA256, using each clear text file block as input,
The key of each clear text file block is calculated, it is defeated to be connected to before and after each clear text file block and clear text file block key
Enter, calculate the authentication value of each clear text file block;
(1d) file first place uploader is using the Encryption Algorithm in 256 Advanced Encryption Standard AES256, with clear text file block
Key encrypting plaintext blocks of files, obtains cryptograph files block, with the connection value of the key encrypting plaintext blocks of files key of clear text file,
Obtain the connection value ciphertext of clear text file block key;
(1e) file first place uploader is literary by the label of clear text file, the authentication value of clear text file block, cryptograph files block and plaintext
The connection value ciphertext of part block key is uploaded to server;
(2) the novel dynamic equilibrium skip list of server construction:
(2a) by the corresponding base level nodes of each clear text file block authentication value, according to the corresponding plaintext text of clear text file block authentication value
The tandem of part block connects into a single linked list;
(2b) generates a father node since first node on the left of current chained list, using each two node as child node;If
When current chained list interior joint number is odd number, a father node is generated using remaining last three nodes as child node;
(2c) using 256 secure hash algorithm SHA256, by the cryptographic Hash of child node each in each father node, according to sub- section
Point or so is linked in sequence into Hash connection value as input, the cryptographic Hash of Hash connection value is calculated, by the Hash of Hash connection value
Value is assigned to the cryptographic Hash of each father node;
(2d) is by child node each in each father node up to reachable base that is base level nodes number and being assigned to each father node
Node layer number;The number of nodes generated used in each father node is assigned to the son node number of each father node;
(2e) is directed toward the position of first child node on the left of the node with the lower pointer of each father node, and the father node of generation is pressed
Father chain's table is linked into according to the sequencing of generation;
(2f) deletes the pointer between different father node child nodes;
Whether (2g) is judged only there are one node in father chain's table, if so, the exclusive node in father chain's table is labeled as root node,
Step (3) is performed after obtaining dynamic equilibrium skip list;Otherwise, step is performed after using father chain's table of generation as current chained list
(2b);
(3) server carries out deduplication operation to encrypted data chunk:
256 secure hash algorithm SHA256 of server by utilizing using cryptograph files block as input, calculate the mark of cryptograph files block
Label delete the repetition cryptograph files block for having identical cryptograph files block label, complete the encrypted data chunk duplicate removal behaviour of server end
Make;
(4) the subsequent uploader of file carries out File Ownership certification interaction with server:
(4a) server by utilizing random function generates two positive integers at random, and two positive integers are sent to the subsequent upload of file
Person;
The subsequent uploader of (4b) file generates equal with another positive integer using one in two positive integers as random seed
Multiple random numbers as by the index value of challenge blocks of files;
The subsequent uploader of (4c) file carries out clear text file the piecemeal that length is 4kb, generates multiple clear text file blocks;
The subsequent uploader of (4d) file utilizes 256 secure hash algorithm SHA256, calculates by the index value institute of challenge blocks of files
The corresponding authentication value by challenge blocks of files sends it to server;
(5) server determines whether the subsequent uploader is file owner:
(5a) server using one in two positive integers as random seed, generation it is equal with another positive integer it is multiple with
Machine number is as by the index value of challenge blocks of files;
(5b) in dynamic equilibrium skip list, the parent section of whois lookup base level nodes corresponding to challenge blocks of files index value
The brotgher of node of point and class node;
(5c) is challenged using 256 secure hash algorithm SHA256, the cryptographic Hash of the server brotgher of node with what is received
The authentication value of blocks of files recalculates the cryptographic Hash of dynamic equilibrium skip list root node;
Whether the root node cryptographic Hash that (5d) judges the cryptographic Hash of dynamic equilibrium skip list root node and server local is stored
Equal, if so, File Ownership certification passes through, server performs step after follow-up uploader is labeled as file owner
(6);Otherwise, File Ownership authentification failure;
(6) the cryptograph files block at file owner's download server end:
The label of clear text file and download request are sent to server by (6a) file owner;
(6b) server is by the ciphertext of the corresponding all cryptograph files blocks of clear text file label and clear text file block key connection value
It is sent to file owner;
(7) file owner decrypts the cryptograph files block of server end:
File owner is bright with the secret key decryption of clear text file using the decipherment algorithm in 256 Advanced Encryption Standard AES256
The connection value ciphertext of literary blocks of files key, obtains the connection value of clear text file block key, and the secret key decryption with clear text file block is close
Literary blocks of files obtains clear text file block;
(8) new clear text file block is encrypted in file owner:
The label of clear text file and update request are sent to server by (8a) file owner;
The ciphertext of blocks of files key connection value is sent to file owner by (8b) server;
(8c) is using the decipherment algorithm in 256 Advanced Encryption Standard AES256, the key solution of file owner's clear text file
The ciphertext of close clear text file block key connection value, obtains the connection value of clear text file block key;
(8d) calculates the key of new clear text file respectively using 256 secure hash algorithm SHA256, file owner, new
The label of clear text file, the to be modified or key of clear text file block that is inserted into and to be modified or the clear text file block that is inserted into
Authentication value;
(8e) file owner utilizes the index value of clear text file block that is to be modified or being inserted into and its key of clear text file block
The connection value of clear text file block key is updated, obtains the connection value of new clear text file block key;
(8f) using the Encryption Algorithm in 256 Advanced Encryption Standard AES256, file owner is with to be modified or be inserted into
The key of clear text file block encrypts corresponding clear text file block, obtains cryptograph files block that is to be modified or being inserted into, with new bright
The key of file encrypts the connection value of new clear text file block key, and the connection value for obtaining new clear text file block key is close
Text;
(8g) file owner grasps the label of new clear text file, the connection value ciphertext of new clear text file block key, dynamic
It instructs, is to be modified or be inserted into or the index value of blocks of files to be deleted, the to be modified or cryptograph files block, to be modified that is inserted into
The authentication value of clear text file block being inserted into is sent to server;
(9) server carries out deduplication operation to new cryptograph files block:
256 secure hash algorithm SHA256 of server by utilizing calculate the label of cryptograph files block that is to be modified or being inserted into, delete
Except the repetition cryptograph files block for having identical cryptograph files block label, the encrypted data chunk deduplication operation of server end is completed;
(10) base level nodes in server modification dynamic equilibrium skip list:
The index value of whois lookup blocks of files to be modified corresponds to the class node of base level nodes and the brotgher of node of class node,
Using 256 secure hash algorithm SHA256, the server authentication value of clear text file block to be modified and the certification of the brotgher of node
Value updates the authentication value of class node;
(11) server is inserted into the base level nodes in dynamic equilibrium skip list:
The index value that (11a) whois lookup is inserted into blocks of files corresponds to the class nodes of base level nodes, generates base's section
Point is assigned to the cryptographic Hash for being inserted into node with the cryptographic Hash for being inserted into clear text file block as node is inserted into, and it is reachable to be inserted into node
Base level nodes number is assigned a value of 1, and the son node number for being inserted into node is assigned a value of 0, and insertion node is inserted into the rope for being inserted into blocks of files
Draw the backpointer position of base level nodes corresponding to value;
The son node number of the class node of lowermost layer is added 1 by (11b), using the class node of lowermost layer as present node;
(11c) judges whether the son node number of present node is equal to 3, if so, performing step (11d);Otherwise, step is performed
(11e);
(11d) is updated the cryptographic Hash of present node, up to base level nodes number, is performed using each child node of present node
Step (11f);
(11e) using first, the left side child node of present node and the cryptographic Hash of second sub- node updates present node, can
Up to base level nodes number and son node number;Another is generated using the left side third child node of present node and the 4th child node
The node of generation, is inserted into the backpointer position of present node by node, and the son node number of the father node of present node is added 1;
(11f) judges whether present node is root node, if so, performing step (12);Otherwise, made with last layer class node
For present node, step (11c) is performed;
(12) server deletes the base level nodes in dynamic equilibrium skip list:
The index value of (12a) whois lookup blocks of files to be deleted corresponds to the class node of base level nodes, deletes file to be deleted
Base level nodes corresponding to the index value of block;
The son node number of the class node of lowermost layer is subtracted 1 by (12b), using the class node of lowermost layer as present node;
(12c) judges whether the son node number of present node is equal to 2, if so, performing step (12d);Otherwise, step is performed
(12e);
(12d) is updated the cryptographic Hash of present node, up to base level nodes number, is performed using each child node of present node
Step (12l);
(12e) judges whether the backpointer of present node is directed toward a brotgher of node, if so, performing step (12f);Otherwise,
Perform step (12i);
(12f) judges whether the child node number of the brotgher of node of the backpointer meaning of present node is equal to 3, if so, performing
Step (12g);Otherwise, step (12h) is performed;
(12g) is using first, the left side child node of the backpointer meaning brotgher of node of present node as the left side of present node
Two child nodes are saved using the cryptographic Hash of two sub- node updates present nodes of present node, up to base level nodes number and son
Points, utilize the Hash of the remaining two sub- node updates brotgher of node of the brotgher of node of the backpointer meaning of present node
Value, reachable base level nodes number and son node number, perform step (12l);
(12h) is using unique child node of present node as first, the left side son section of the present node backpointer meaning brotgher of node
Point, using the cryptographic Hash of the three sub- node updates brotgher of node of the present node backpointer meaning brotgher of node, up to base
Number of nodes and son node number delete present node, and step (12l) is performed after subtracting 1 by the son node number of last layer class node;
(12i) judges whether the child node number of the previous brotgher of node of present node is equal to 3, if so, performing step
(12j);Otherwise, step (12k) is performed;
(12j) is using the left side third child node of the previous brotgher of node as first, the left side child node of present node, profit
With the cryptographic Hash of two sub- node updates present nodes of present node, up to base level nodes number and son node number, using current
The cryptographic Hash of the remaining two sub- node updates brotgher of node of the previous brotgher of node of node, reachable base level nodes number and son
Number of nodes performs step (12l);
(12k) is using unique child node of present node as the left side third height section of the previous brotgher of node of present node
Point is saved using the cryptographic Hash of the three sub- node updates brotgher of node of the previous brotgher of node of present node, up to base
Points and son node number delete present node, subtract 1 by the son node number of last layer class node;
(12l) judges whether present node is root node, if so, performing step (13);Otherwise, made with the class node of last layer
For present node, step (12c) is performed;
(13) dynamic equilibrium skip list update finishes.
2. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature exist
In:Step (1a), step (1c), step (2c), step (3), step (4d), step (5c), step (8d), step (9), step
(10) 256 secure hash algorithm SHA256 described in refer to:The Federal Information of American National Standard technical research institute publication
256 one-way Hash algorithm SHA256 specified in processing standard FIPS PUB 180-3, suitable for of length no more than 264Two into
The message of position processed.
3. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature exist
In:Step (1d), step (7), step (8c), 256 Advanced Encryption Standard AES256 described in step (8f) refer to:The U.S.
A kind of block encryption standard that federal government uses, wherein, the length of key is the Advanced Encryption Standard of 256.
4. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature exist
In:Base level nodes described in step (2a) refer to, positioned at the node of dynamic equilibrium skip list bottom.
5. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature exist
In:Node described in step (2b) refers to, forms the basic unit of dynamic equilibrium skip list, each node is by a five-tuple
It forms, first group membership is respectively node cryptographic Hash, node up to base level nodes number, son node number, backpointer and lower pointer.
6. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature exist
In:Father chain's table described in step (2g) refers to, the single linked list being made of multiple father nodes.
7. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature exist
In:Class node described in step (5b) refers to, is accessed from root node to the search procedure of some base level nodes
Meet the node for including the base level nodes up to node in node, not including base level nodes in itself.
8. a kind of encrypted data chunk client De-weight method for supporting data update according to claim 1, feature exist
In:The brotgher of node described in step (5b) refers to, the general designation of other nodes in same single linked list.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711347947.XA CN108182367B (en) | 2017-12-15 | 2017-12-15 | A kind of encrypted data chunk client De-weight method for supporting data to update |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711347947.XA CN108182367B (en) | 2017-12-15 | 2017-12-15 | A kind of encrypted data chunk client De-weight method for supporting data to update |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108182367A true CN108182367A (en) | 2018-06-19 |
CN108182367B CN108182367B (en) | 2019-11-15 |
Family
ID=62546160
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711347947.XA Active CN108182367B (en) | 2017-12-15 | 2017-12-15 | A kind of encrypted data chunk client De-weight method for supporting data to update |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108182367B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109657497A (en) * | 2018-12-21 | 2019-04-19 | 北京思源互联科技有限公司 | Secure file system and its method |
CN109995505A (en) * | 2019-03-07 | 2019-07-09 | 西安电子科技大学 | A kind of mist calculates data safety machining system and method, cloud storage platform under environment |
CN110677429A (en) * | 2019-10-10 | 2020-01-10 | 青岛大学 | File storage method and system, cloud device and terminal device |
CN111914280A (en) * | 2020-08-17 | 2020-11-10 | 南京珥仁科技有限公司 | File self-encryption and decryption method |
CN112231309A (en) * | 2020-10-14 | 2021-01-15 | 深圳前海微众银行股份有限公司 | Method, device, terminal equipment and medium for removing duplicate of longitudinal federal data statistics |
CN112231308A (en) * | 2020-10-14 | 2021-01-15 | 深圳前海微众银行股份有限公司 | Method, device, equipment and medium for removing weight of horizontal federal modeling sample data |
CN112764783A (en) * | 2021-02-02 | 2021-05-07 | 杭州雅观科技有限公司 | Upgrading method of smart home equipment |
CN113347189A (en) * | 2021-06-09 | 2021-09-03 | 福州大学 | Updatable and data ownership transferable message self-locking encryption system and method |
CN113568571A (en) * | 2021-06-28 | 2021-10-29 | 西安电子科技大学 | Image de-duplication method based on residual error neural network |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140032925A1 (en) * | 2012-07-25 | 2014-01-30 | Ankur Panchbudhe | System and method for combining deduplication and encryption of data |
WO2016101153A1 (en) * | 2014-12-23 | 2016-06-30 | Nokia Technologies Oy | Method and apparatus for duplicated data management in cloud computing |
CN107147615A (en) * | 2017-03-29 | 2017-09-08 | 西安电子科技大学 | Ownership certification and the key transmission method of entropy are not lost under ciphertext duplicate removal scene |
-
2017
- 2017-12-15 CN CN201711347947.XA patent/CN108182367B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140032925A1 (en) * | 2012-07-25 | 2014-01-30 | Ankur Panchbudhe | System and method for combining deduplication and encryption of data |
WO2016101153A1 (en) * | 2014-12-23 | 2016-06-30 | Nokia Technologies Oy | Method and apparatus for duplicated data management in cloud computing |
CN107147615A (en) * | 2017-03-29 | 2017-09-08 | 西安电子科技大学 | Ownership certification and the key transmission method of entropy are not lost under ciphertext duplicate removal scene |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109657497A (en) * | 2018-12-21 | 2019-04-19 | 北京思源互联科技有限公司 | Secure file system and its method |
CN109995505A (en) * | 2019-03-07 | 2019-07-09 | 西安电子科技大学 | A kind of mist calculates data safety machining system and method, cloud storage platform under environment |
CN109995505B (en) * | 2019-03-07 | 2021-08-10 | 西安电子科技大学 | Data security duplicate removal system and method in fog computing environment and cloud storage platform |
CN110677429A (en) * | 2019-10-10 | 2020-01-10 | 青岛大学 | File storage method and system, cloud device and terminal device |
CN111914280A (en) * | 2020-08-17 | 2020-11-10 | 南京珥仁科技有限公司 | File self-encryption and decryption method |
CN111914280B (en) * | 2020-08-17 | 2024-05-17 | 南京珥仁科技有限公司 | File self-encryption and decryption method |
CN112231308B (en) * | 2020-10-14 | 2024-05-03 | 深圳前海微众银行股份有限公司 | Method, device, equipment and medium for de-duplication of transverse federal modeling sample data |
CN112231309A (en) * | 2020-10-14 | 2021-01-15 | 深圳前海微众银行股份有限公司 | Method, device, terminal equipment and medium for removing duplicate of longitudinal federal data statistics |
CN112231308A (en) * | 2020-10-14 | 2021-01-15 | 深圳前海微众银行股份有限公司 | Method, device, equipment and medium for removing weight of horizontal federal modeling sample data |
CN112231309B (en) * | 2020-10-14 | 2024-05-07 | 深圳前海微众银行股份有限公司 | Method, device, terminal equipment and medium for removing duplicate of longitudinal federal data statistics |
CN112764783A (en) * | 2021-02-02 | 2021-05-07 | 杭州雅观科技有限公司 | Upgrading method of smart home equipment |
CN112764783B (en) * | 2021-02-02 | 2022-04-29 | 杭州雅观科技有限公司 | Upgrading method of smart home equipment |
CN113347189A (en) * | 2021-06-09 | 2021-09-03 | 福州大学 | Updatable and data ownership transferable message self-locking encryption system and method |
CN113568571A (en) * | 2021-06-28 | 2021-10-29 | 西安电子科技大学 | Image de-duplication method based on residual error neural network |
CN113568571B (en) * | 2021-06-28 | 2024-06-04 | 西安电子科技大学 | Image de-duplication method based on residual neural network |
Also Published As
Publication number | Publication date |
---|---|
CN108182367B (en) | 2019-11-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108182367B (en) | A kind of encrypted data chunk client De-weight method for supporting data to update | |
Namasudra et al. | Securing multimedia by using DNA-based encryption in the cloud computing environment | |
Itani et al. | Energy-efficient incremental integrity for securing storage in mobile cloud computing | |
CN106254324B (en) | A kind of encryption method and device of storage file | |
Kumar et al. | Data integrity proofs in cloud storage | |
EP3375129B1 (en) | Method for re-keying an encrypted data file | |
CN109379182B (en) | Efficient data re-encryption method and system supporting data deduplication and cloud storage system | |
US8892866B2 (en) | Secure cloud storage and synchronization systems and methods | |
CN106453612B (en) | A kind of storage of data and shared system | |
CN104363215B (en) | A kind of encryption method and system based on attribute | |
CN108377237A (en) | The data deduplication system and its data duplicate removal method with ownership management for the storage of high in the clouds ciphertext | |
CN105320896A (en) | Cloud storage encryption and ciphertext retrieval methods and systems | |
CN106612320A (en) | Encrypted data dereplication method for cloud storage | |
CN109670826B (en) | Anti-quantum computation block chain transaction method based on asymmetric key pool | |
Yan et al. | A scheme to manage encrypted data storage with deduplication in cloud | |
CN104967693A (en) | Document similarity calculation method facing cloud storage based on fully homomorphic password technology | |
CN106452748A (en) | Multiple users-based outsourcing database audit method | |
Khan et al. | A study of incremental cryptography for security schemes in mobile cloud computing environments | |
WO2016132547A1 (en) | Data storage device, data update system, data processing method, and data processing program | |
CN103607278A (en) | Safe data cloud storage method | |
CN110245511A (en) | A kind of file encryption storage method based on block chain | |
CN114036240A (en) | Multi-service provider private data sharing system and method based on block chain | |
CN112732695A (en) | Cloud storage data security deduplication method based on block chain | |
Ma et al. | CP‐ABE‐Based Secure and Verifiable Data Deletion in Cloud | |
CN109670827B (en) | Anti-quantum computation blockchain transaction method based on symmetric key pool |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |