CN109302442A - A kind of data storage method of proof and relevant device - Google Patents

A kind of data storage method of proof and relevant device Download PDF

Info

Publication number
CN109302442A
CN109302442A CN201810834885.3A CN201810834885A CN109302442A CN 109302442 A CN109302442 A CN 109302442A CN 201810834885 A CN201810834885 A CN 201810834885A CN 109302442 A CN109302442 A CN 109302442A
Authority
CN
China
Prior art keywords
data
verified
check information
storage
back end
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810834885.3A
Other languages
Chinese (zh)
Other versions
CN109302442B (en
Inventor
刘均
龙德帆
刘新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Launch Technology Co Ltd
Original Assignee
Shenzhen Launch Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Launch Technology Co Ltd filed Critical Shenzhen Launch Technology Co Ltd
Priority to CN201810834885.3A priority Critical patent/CN109302442B/en
Publication of CN109302442A publication Critical patent/CN109302442A/en
Application granted granted Critical
Publication of CN109302442B publication Critical patent/CN109302442B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

This application discloses a kind of data storage method of proof and relevant devices, it include: the data to be verified that safety element receives back end transmission first, the data to be verified are what the checking request that the back end is sent according to server was read from the memory space of the back end;Then determine whether the data to be verified are encryption data;Secondly when the data to be verified are the encryption data, the first check information of the data to be verified is generated;Then the second check information of the data to be verified is searched from pre-generated check information library;First check information is matched with second check information finally, determines the storage state of the data to be verified.Using the embodiment of the present application, validity, the complexity of reduction data storage proof that data storage proves can be improved.

Description

A kind of data storage method of proof and relevant device
Technical field
This application involves file management field more particularly to a kind of data storage method of proof and relevant devices.
Background technique
The continuous improvement of requirement with user to message transmission rate, distributed file system receive significant attention.Point Cloth file system refers to that the physical memory resources of file system management are not necessarily directly connected on the local node, but passes through Computer network is connected with node.Wherein, interspace document storage system (Inter-Planetary File System, IPFS) It is the distributed file system of a point-to-point, it is intended to which creation is persistently and the network transmission of distributed storage and shared file is assisted View.In order to encourage user using the system in IPFS, the designer of the system provides reward mechanism, that is, stores data User's (node) can obtain corresponding reward.It just needs to verify whether user really stores its institute under the reward mechanism The data of statement, i.e. storage prove.However, bad node often in the checking request of response server, replicates other nodes The data stored prove to generate storage, and node itself does not store any data.Or bad node can also store Multiple identity recognition numbers are created while a data, obtain more parts of rewards using multiple identity recognition numbers.Currently, for bad The countermeasure that the behavior of node uses stores proof mechanism for FileCoin, which thinks that node is completely insincere, cause The computationally intensive of realization, complexity are high.
Summary of the invention
The embodiment of the present application provides a kind of data storage method of proof and relevant device.It can be improved what data storage proved Validity reduces the complexity that data storage proves.
The application first aspect provides a kind of data storage method of proof, comprising:
The data to be verified that back end is sent are received, the data to be verified are that the back end is sent out according to server What the checking request sent was read from the memory space of the back end;
Determine whether the data to be verified are encryption data;
When the data to be verified are the encryption data, the first check information of the data to be verified is generated;
The second check information of the data to be verified is searched from pre-generated check information library;
First check information is matched with second check information, determines the storage of the data to be verified State.
Wherein, described to match first check information with second check information, it determines described to be verified The storage state of data includes:
When first check information is identical with second check information, determine that the storage state is effectively to deposit Storage;Or
When first check information and not identical second check information, determine that the storage state is to deposit in vain Storage.
Wherein, the determination storage state is after effectively storing, further includes:
According to default signature private key, generating storage proves information;
Sending storage to the server proves information, and the storage proves that information is used to indicate the server and determines institute State whether back end stores the data to be verified.
Wherein, the checking request includes the identification information of the data to be verified;
Second check information that the data to be verified are searched from pre-generated check information library includes:
Receive the identification information that the back end is sent;
Second check information corresponding with the identification information is searched from the pre-generated check information library, It include the corresponding relationship of the identification information and second check information in the pre-generated check information library.
Wherein, before the data to be verified for receiving back end transmission, further includes:
Receive the data to be stored that the back end is sent;
The data to be stored is encrypted;
Second check information of the encrypted data to be stored is generated, and second check information is stored in In the pre-generated check information library;
The encrypted storing data is sent to the back end, the encrypted data to be stored is stored in For being deposited when the back end receives the checking request as the data receiving to be verified in the memory space Storage verifying.
Wherein, it is described to the data to be stored carry out encryption include:
According to predetermined encryption key, the data to be stored is encrypted.
Wherein, before the data to be verified for receiving back end transmission, further includes:
The lock instruction that the server is sent is received, the lock instruction is for forbidding to the predetermined encryption key It uses.
Correspondingly, the application second aspect provides a kind of safety element, comprising:
Receiving module, the data to be verified that node is sent for receiving data, the data to be verified are the data section What the checking request that point is sent according to server was read from the memory space of the back end;
Determining module, for determining whether the data to be verified are encryption data;
The determining module is also used to generate the number to be verified when the data to be verified are the encryption data According to the first check information;
Searching module, for searching the second verification letter of the data to be verified from pre-generated check information library Breath;
The determining module is also used to match first check information with second check information, determines The storage state of the data to be verified.
Wherein, the determining module, is also used to:
When first check information is identical with second check information, determine that the storage state is effectively to deposit Storage;Or
When first check information and not identical second check information, determine that the storage state is to deposit in vain Storage.
Wherein, the safety element further includes sending module, is used for:
According to default signature private key, generating storage proves information;
Sending storage to the server proves information, and the storage proves that information is used to indicate the server and determines institute State whether back end stores the data to be verified.
Wherein, the checking request includes the identification information of the data to be verified;
The receiving module is also used to:
Receive the identification information that the back end is sent;
The searching module is also used to:
Second check information corresponding with the identification information is searched from the pre-generated check information library, It include the corresponding relationship of the identification information and second check information in the pre-generated check information library.
Wherein, the receiving module is also used to:
Receive the data to be stored that the back end is sent;
The data to be stored is encrypted;
Second check information of the encrypted data to be stored is generated, and second check information is stored in In the pre-generated check information library;
The sending module is also used to:
The encrypted storing data is sent to the back end, the encrypted data to be stored is stored in For being deposited when the back end receives the checking request as the data receiving to be verified in the memory space Storage verifying.
Wherein, the receiving module is also used to:
According to predetermined encryption key, the data to be stored is encrypted.
Wherein, the receiving module is also used to:
The lock instruction that the server is sent is received, the lock instruction is for forbidding to the predetermined encryption key It uses.
Correspondingly, this application provides a kind of storage mediums, wherein the storage medium is for storing application program, institute Application program is stated for executing a kind of data storage method of proof disclosed in the embodiment of the present application first aspect at runtime.
Correspondingly, this application provides a kind of application programs, wherein the application program for executing this Shen at runtime A kind of data method of proof please be stored disclosed in embodiment first aspect.
Implement the embodiment of the present application, safety element receives the data to be verified of back end transmission first, described to be verified Data are what the checking request that the back end is sent according to server was read from the memory space of the back end;It connects Determine whether the data to be verified are encryption data;Secondly it when the data to be verified are the encryption data, generates First check information of the data to be verified;Then the data to be verified are searched from pre-generated check information library Second check information;First check information is matched with second check information finally, is determined described to be verified Validity, the complexity of reduction data storage proof that data storage proves can be improved in the storage state of data.
Detailed description of the invention
Technical solution in ord to more clearly illustrate embodiments of the present application, below will be to required use in embodiment description Attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is some embodiments of the present application, for this field For those of ordinary skill, without creative efforts, it is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of structural schematic diagram of data storage proof system provided by the embodiments of the present application;
Fig. 2 is a kind of flow diagram of data storage method of proof provided by the embodiments of the present application;
Fig. 3 is the flow diagram of another data storage method of proof provided by the embodiments of the present application;
Fig. 4 is a kind of structural schematic diagram of safety element provided by the embodiments of the present application;
Fig. 5 is the structural schematic diagram of another safety element provided by the embodiments of the present application.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete Site preparation description, it is clear that described embodiment is some embodiments of the present application, instead of all the embodiments.Based on this Shen Please in embodiment, every other implementation obtained by those of ordinary skill in the art without making creative efforts Example, shall fall in the protection scope of this application.
Referring to FIG. 1, Fig. 1 is a kind of structural schematic diagram of data storage proof system provided by the embodiments of the present application.Such as Shown in figure, the system in the embodiment of the present application includes server, back end and safety element.Wherein, server can be text Part server.Back end can be the data terminal equipment using distributed system, such as digital mobile phone, personal computer, The system may include the back end of multiple pars, and each back end can store the transmission data in network, Data can be read from other back end, wherein data can be piecemeal and be stored in back end.Safety element can To be the chip with encryption and decryption logic that can prevent external malice parsing attack, protection data safety, wherein The corresponding safety element of each back end.It, can be to storing data in order to encourage the positive storing data of back end Back end granting reward.For example, providing token (such as bit coin) conduct to the back end for storing data by server Reward.Wherein, back end can first download data to be stored, then using safety element to the data to be stored It is encrypted, the data of back end actual storage are encrypted data to be stored.After safety element generates the encryption simultaneously Data to be stored check information and store the check information.Back end can be stated to store on this node to server Which data, server then regularly sends checking request to back end, to verify whether the back end is really deposited Its data stated is stored up.Wherein, back end is sent according to checking request to safety element after receiving checking request The data to be verified of server requirement verifying;Safety element determines whether the data to be verified are encryption data first;Then When the data to be verified are the encryption data, the first check information of the data to be verified is generated;Then from preparatory The second check information of the data to be verified is searched in the check information library of generation;Finally by first check information and institute It states the second check information to be matched, determines the storage state of the data to be verified.Safety element is according to storage state to clothes Business device, which sends storage, proves information, so that server determines whether the back end stores the data to be verified.It is based on Above system, the embodiment of the present application provide following data storage method of proof.
Referring to FIG. 2, Fig. 2 is a kind of structural schematic diagram of data storage method of proof provided by the embodiments of the present application.Such as Shown in figure, the method in the embodiment of the present application includes:
S201, safety element receive the data to be verified that back end is sent, and the data to be verified are the data section What the checking request that point is sent according to server was read from the memory space of the back end.
In the specific implementation, back end can state which data this node stores to server, wherein bad node The data for not having storage on the node can be stated to server.Therefore, server periodically can send verifying to back end and ask It asks, to carry out storage verifying.It, can be according to the checking request when back end receives the checking request of server transmission Data to be verified are read from memory space, wherein data are that piecemeal is stored on back end, be can wrap in checking request The identification information for including data to be verified, such as the title of data block.Therefore, back end can be empty from storage according to the identification information Between it is middle lookup and read data to be verified.
S202, safety element determine whether the data to be verified are encryption data.If not, it is determined that the data to be verified Storage state be invalid storage, therefore end at this step, and no longer execute following step.If so, executing S203.
It should be noted that safety element can receive service before receiving the data to be verified that back end is sent The lock instruction that device is sent, the lock instruction are used to forbid the use to predetermined encryption key.Wherein, predetermined encryption key is What safety element was used to encrypt data.Server, can be first to safety before sending checking request to back end Element sends the lock instruction, so that safety element locks predetermined encryption key, it is ensured that carry out storage card treating verify data Back end is not available the predetermined encryption key in bright process.In addition, the storage proof procedure when data to be verified terminates When, lock instruction failure.
In the specific implementation, if the data to be verified are not encryption data, it may be considered that the data to be verified are data Node is got from the back end for really storing the data to be verified when receiving checking request, the back end The data to be verified are not stored really, and reason is that the data really stored on the back end are close by predetermined encryption The data of key encryption, and the back end can only get the plaintext of data from other nodes, and predetermined encryption is close at this time Key has been locked, therefore the back end can not encrypt the plaintext of the data obtained from other back end.
S203, safety element generate the first check information of the data to be verified.
In the specific implementation, first check information can be, but not limited to as Hash (Hash) value.Wherein it is possible to utilize Hash Algorithm calculates the hash value of the data to be verified.
S204, safety element search the second verification letter of the data to be verified from pre-generated check information library Breath.
In the specific implementation, that the second check information for including in pre-generated check information library generates for safety element, The check information for the encryption data that the back end really stores.It wherein, include to be tested in the checking request that server is sent Demonstrate,prove the identification information of data.Therefore, the identification information that the back end is sent can be received first;Then from described pre- Second check information corresponding with the identification information, the pre-generated school are searched in the check information library first generated Test the corresponding relationship in information bank including the identification information and second check information.Wherein, only safety element can be with The pre-generated check information library is accessed, the second check information in the pre-generated check information library can be, but not limited to For hash value.
First check information is matched with second check information, determines the data to be verified by S205 Storage state.
In the specific implementation, can be deposited described in determination when first check information is identical with second check information Storage state is effectively storage, and effectively storage indicates that data to be verified are really stored on the back end;When first verification When information and not identical second check information, determine that the storage state is invalid storage, invalid storage indicates the data Node has only got the data to be verified by " illegal " means in the checking request for answering pay server, and does not deposit really Store up the data to be verified.Such as: in the checking request for receiving server, from the data section for really storing data to be verified The data to be verified are replicated on point.For another example: for a data of node actual storage, but simultaneously using multiple identity to Server statement stores the data block, to obtain the case where more parts of data storage of server issues is rewarded, due to each The corresponding predetermined encryption key of identity is different, different to same part data ciphertext generated, the second school of every part of ciphertext Testing information also will be different, and the check information library in safety element can only store a kind of the second verification letter of ciphertext of the data Breath, this will imply that the first check information of only one identity and the second check information can be with successful match, to have The case where effect prevents bad data node to steal reward using multiple identity.Meanwhile even if there are multiple safety elements A variety of second check informations that number to be verified can be stored also are needed to successfully obtain more parts of rewards using multiple identity It wants back end to open up multiple memory spaces and stores more parts of ciphertexts.
Optionally, after determining that the storage state is effectively storage, storage proves to be replicated and distort in order to prevent Can be first according to signature private key be preset, generating storage proves information, wherein may include muti-piece number to be verified in checking request According to identification information, therefore storage state can be confirmed as to the identification information of the data to be verified effectively stored and random raw At a random number synthesize a data packet, and demonstrate,prove as storing after signing using default signature private key to the data packet Bright information.Then safety element, which sends storage to the server, proves information, and it is described that the storage proves that information is used to indicate Service determines whether the back end stores the data to be verified.Wherein, server is receiving storage proof information After can first with the corresponding public signature key of the back end to storage prove information be decrypted, if successful decryption, really The fixed storage proves that information is that the safety element for the back end currently verified generates;Then identification information is extracted And random number, storage is proved that random number is matched with the random number that safety element is individually sent is received in information, when With result be it is identical when, determine the storage prove information be not tampered with, thus server determine storage prove information in wrapped The data to be verified that the identification information included is referred to are the data being really stored in the back end.
In the embodiment of the present application, safety element receives the data to be verified of back end transmission first, described to be verified Data are what the checking request that the back end is sent according to server was read from the memory space of the back end;It connects Determine whether the data to be verified are encryption data;Secondly it when the data to be verified are the encryption data, generates First check information of the data to be verified;Then the data to be verified are searched from pre-generated check information library Second check information;First check information is matched with second check information finally, is determined described to be verified Validity, the complexity of reduction data storage proof that data storage proves can be improved in the storage state of data.
Please refer to the flow diagram that 3, Fig. 3 is another data storage method of proof provided by the embodiments of the present application.Such as Shown in figure, the method in the embodiment of the present application includes:
S301, back end obtain data to be stored.
In the specific implementation, back end can store in the whole network the data of any required storage, wherein back end can be with Download data to be stored.
S302, back end send the data to be stored to safety element.
S303, safety element encrypt the data to be stored.
In the specific implementation, storing predetermined encryption key in safety element.Safety element can be close according to the predetermined encryption Key encrypts data to be stored.
S304, safety element generate the second check information of the encrypted data to be stored, and by second school Information is tested to be stored in the pre-generated check information library.
In the specific implementation, safety element can divide in advance a special storage region for as check information library with Just the second check information of all encrypted data to be stored is stored, and limits and there was only the accessible verification of safety element Information bank.Wherein, the second check information can be, but not limited to as hash value, safety element can be calculated according to hash algorithm plus The hash value of data to be stored after close.
S305, safety element send the encrypted data to be stored to back end.
The encrypted data to be stored is stored in the memory space of the back end and uses by S306, back end It is verified in receiving storage as data to be verified when the back end receives the checking request.
S307, server send checking request to back end.
In the specific implementation, back end can state the data that this node is stored to server, wherein bad node meeting The data for not having storage on the node are stated to server.Therefore server periodically can send checking request to back end, To carry out storage proof.It wherein, may include the identification information of data to be verified in checking request.
S308, back end read the data to be verified according to the checking request from memory space.
In the specific implementation, may include the identification information of data to be verified in checking request.Back end can be according to this Identification information is searched from the memory space of the back end and reads data to be verified.
S309, back end send the data to be verified to safety element.
S310, safety element determine whether described verify data is encryption data.If not, it is determined that the data to be verified Storage state be invalid storage, therefore end at this step, and no longer execute following step, if so, executing S311.This step Suddenly identical as the S202 in a upper embodiment, this step repeats no more.
S311 generates the first verification letter of the data to be verified when the data to be verified are the encryption data Breath.This step is identical as the S203 in a upper embodiment, this step repeats no more.
S312 searches the second check information of the data to be verified from pre-generated check information library.This step Identical as the step S204 in a upper embodiment, this step repeats no more.
First check information is matched with second check information, determines the data to be verified by S313 Storage state.The S205 that this step is met in an embodiment is identical, this step repeats no more.
S314, when the storage state is effectively storage, generate storage according to default signature private key proves safety element Information.
In the specific implementation, storage proves to be replicated and distort in order to prevent, storage state can be confirmed as effectively depositing The identification information of the data to be verified of storage synthesizes a data packet with the random number generated at random, and private using default signature Key is used as storage to prove information after signing to the data packet.
S315, safety element, which sends storage to server, proves information.
S316, server prove information according to storage, determine back end belonging to data to be verified.
In the specific implementation, server can be first with the corresponding label of the back end after receiving storage to prove information Name public key proves that information is decrypted to storage, if successful decryption, it is determined that the storage proves that information is currently to be tested What the safety element of the back end of card generated;Then identification information and random number are extracted, storage is proved into random number in information It is matched with the random number that safety element is individually sent is received, when matching result is identical, can determine that the storage is demonstrate,proved Bright information is not tampered with, so that server determines the number to be verified that storage proves that identification information included in information is referred to According to being the data being really stored in the back end.
In the embodiment of the present application, safety element receives the data to be verified of back end transmission first, described to be verified Data are what the checking request that the back end is sent according to server was read from the memory space of the back end;It connects Determine whether the data to be verified are encryption data;Secondly it when the data to be verified are the encryption data, generates First check information of the data to be verified;Then the data to be verified are searched from pre-generated check information library Second check information;First check information is matched with second check information finally, is determined described to be verified Validity, the complexity of reduction data storage proof that data storage proves can be improved in the storage state of data.
Please refer to the structural schematic diagram that 4, Fig. 4 is a kind of safety element provided by the embodiments of the present application.As shown, this Shen Please the safety element in embodiment include:
Receiving module 401, the data to be verified that node is sent for receiving data, the data to be verified are the data What the checking request that node is sent according to server was read from the memory space of the back end.
In the specific implementation, back end can state which data this node stores to server, wherein bad node The data for not having storage on the node can be stated to server.Therefore, server periodically can send verifying to back end and ask It asks, to carry out storage verifying.It, can be according to the checking request when back end receives the checking request of server transmission Data to be verified are read from memory space, wherein data are that piecemeal is stored on back end, be can wrap in checking request The identification information for including data to be verified, such as the title of data block.Therefore, back end can be empty from storage according to the identification information Between it is middle lookup and read data to be verified.
Determining module 402, for determining whether the data to be verified are encryption data.
It should be noted that safety element, before receiving the data to be verified that back end is sent, receiving module 401 is also For receiving the lock instruction of server transmission, the lock instruction is used to forbid the use to predetermined encryption key.Wherein, in advance If encryption key is safety element for encrypting to data.Server to back end send checking request before, The lock instruction first can be sent to safety element, so that safety element locks predetermined encryption key, it is ensured that number to be verified Back end is not available the predetermined encryption key during according to storage proof is carried out.In addition, working as the storage of data to be verified At the end of proof procedure, lock instruction failure.
In the specific implementation, if the data to be verified are not encryption data, it may be considered that the data to be verified are data Node is got from the back end for really storing the data to be verified when receiving checking request, the back end The data to be verified are not stored really, and reason is that the data really stored on the back end are close by predetermined encryption The data of key encryption, and the back end can only get the plaintext of data from other nodes, and predetermined encryption is close at this time Key has been locked, therefore the back end can not encrypt the plaintext of the data obtained from other back end.
Determining module 401 is also used to generate the data to be verified when the data to be verified are the encryption data The first check information.
In the specific implementation, first check information can be, but not limited to as Hash (Hash) value.Wherein it is possible to utilize Hash Algorithm calculates the hash value of the data to be verified.
Searching module 403, for searching the second verification of the data to be verified from pre-generated check information library Information.
In the specific implementation, that the second check information for including in pre-generated check information library generates for safety element, The check information for the encryption data that the back end really stores.It wherein, include to be tested in the checking request that server is sent Demonstrate,prove the identification information of data.Therefore, the identification information that the back end is sent can be received first;Then from described pre- Second check information corresponding with the identification information, the pre-generated school are searched in the check information library first generated Test the corresponding relationship in information bank including the identification information and second check information.Wherein, only safety element can be with The pre-generated check information library is accessed, the second check information in the pre-generated check information library can be, but not limited to For hash value.
Determining module 401 is also used to match first check information with second check information, determines institute State the storage state of data to be verified.
In the specific implementation, can be deposited described in determination when first check information is identical with second check information Storage state is effectively storage, and effectively storage indicates that data to be verified are really stored on the back end;When first verification When information and not identical second check information, determine that the storage state is invalid storage, invalid storage indicates the data Node has only got the data to be verified by " illegal " means in the checking request for answering pay server, and does not deposit really Store up the data to be verified.Such as: in the checking request for receiving server, from the data section for really storing data to be verified The data to be verified are replicated on point.For another example: for a data of node actual storage, but simultaneously using multiple identity to Server statement stores the data block, to obtain the case where more parts of data storage of server issues is rewarded, due to each The corresponding predetermined encryption key of identity is different, different to same part data ciphertext generated, the second school of every part of ciphertext Testing information also will be different, and the check information library in safety element can only store a kind of the second verification letter of ciphertext of the data Breath, this will imply that the first check information of only one identity and the second check information can be with successful match, to have The case where effect prevents bad data node to steal reward using multiple identity.Meanwhile even if there are multiple safety elements A variety of second check informations that number to be verified can be stored also are needed to successfully obtain more parts of rewards using multiple identity It wants back end to open up multiple memory spaces and stores more parts of ciphertexts.
Optionally, node can arbitrarily generate storage and prove that the safety element further includes sending module in order to prevent, use In after determining the storage state is effectively storage, basis signature private key can be preset first, generating storage proves information, Wherein, it may include the identification information of muti-piece data to be verified in checking request, therefore storage state can be confirmed as having The identification information for imitating the data to be verified of storage synthesizes a data packet with the random number generated at random, and utilizes default label Name private key is used as storage to prove information after signing to the data packet.Then safety element sends storage card to the server Bright information, the storage prove that information is used to indicate the service and determines whether the back end stores the number to be verified According to.Wherein, server can be first with the corresponding public signature key of the back end to depositing after receiving storage to prove information Storage proves that information is decrypted, if successful decryption, it is determined that the storage proves that information is the data section currently verified What the safety element of point generated;Then identification information and random number are extracted, storage is proved into random number in information and receives peace The random number that full element is individually sent is matched, and when matching result is identical, determines that the storage proves that information is not usurped Change, so that the data to be verified that server determines that storage proves that identification information included in information is referred to are really to be stored in Data in the back end.
Optionally, before receiving the data to be verified that back end is sent, receiving module 401 is also used to receive number first The data to be stored sent according to node;Then the data to be stored is encrypted, wherein can be according to predetermined encryption key Data to be stored is encrypted;Then the second check information of the encrypted data to be stored is generated, and by described Two check informations are stored in the pre-generated check information library;The last sending module is also used to send to back end The encrypted data to be stored.The memory space of the back end is stored in the encrypted data to be stored In for when the back end receives the checking request as data to be verified receive storage verifying.
In the embodiment of the present application, safety element receives the data to be verified of back end transmission first, described to be verified Data are what the checking request that the back end is sent according to server was read from the memory space of the back end;It connects Determine whether the data to be verified are encryption data;Secondly it when the data to be verified are the encryption data, generates First check information of the data to be verified;Then the data to be verified are searched from pre-generated check information library Second check information;First check information is matched with second check information finally, is determined described to be verified Validity, the complexity of reduction data storage proof that data storage proves can be improved in the storage state of data.
Referring to FIG. 5, Fig. 5 is the structural schematic diagram for another safety element that the embodiment of the present application proposes.As shown, The safety element may include: at least one processor 501, such as CPU, at least one communication interface 502, at least one storage Device 503, at least one bus 504.Wherein, bus 504 is for realizing the connection communication between these components.Wherein, the application The communication interface 502 of electronic equipment is wired sending port in embodiment, or wireless device, for example including antenna safety Element, for carrying out the communication of signaling or data with other node devices.Memory 503 can be high speed RAM memory, can also To be non-labile memory (non-volatile memory), for example, at least a magnetic disk storage.Memory 503 can Choosing can also be that at least one is located remotely from the storage safety element of aforementioned processor 501.One group of journey is stored in memory 503 Sequence code, and processor 501 is used to call the program code stored in memory, for performing the following operations:
The data to be verified that back end is sent are received, the data to be verified are that the back end is sent out according to server What the checking request sent was read from the memory space of the back end;
Determine whether the data to be verified are encryption data;
When the data to be verified are the encryption data, the first check information of the data to be verified is generated;
The second check information of the data to be verified is searched from pre-generated check information library;
First check information is matched with second check information, determines the storage of the data to be verified State.
Wherein, processor 501 is also used to perform the following operations step:
When first check information is identical with second check information, determine that the storage state is effectively to deposit Storage;Or
When first check information and not identical second check information, determine that the storage state is to deposit in vain Storage.
Wherein, processor 501 is also used to perform the following operations step:
According to default signature private key, generating storage proves information;
Sending storage to the server proves information, and the storage proves that information is used to indicate the server and determines institute State whether back end stores the data to be verified.
Wherein, processor 501 is also used to perform the following operations step:
The checking request includes the identification information of the data to be verified;
Receive the identification information that the back end is sent;
Second check information corresponding with the identification information is searched from the pre-generated check information library, It include the corresponding relationship of the identification information and second check information in the pre-generated check information library.
Wherein, processor 501 is also used to perform the following operations step:
Receive the data to be stored that the back end is sent;
The data to be stored is encrypted;
Second check information of the encrypted data to be stored is generated, and second check information is stored in In the pre-generated check information library;
The encrypted storing data is sent to the back end, the encrypted data to be stored is stored in For being deposited when the back end receives the checking request as the data receiving to be verified in the memory space Storage verifying.
Wherein, processor 501 is also used to perform the following operations step:
According to predetermined encryption key, the data to be stored is encrypted.
Wherein, processor 501 is also used to perform the following operations step:
The lock instruction that the server is sent is received, the lock instruction is for forbidding to the predetermined encryption key It uses.
It should be noted that the embodiment of the present application also provides a kind of storage medium simultaneously, the storage medium is for storing Application program, the application program for executing safety member in Fig. 2 and a kind of data storage method of proof shown in Fig. 3 at runtime The operation that part executes.
It should be noted that the embodiment of the present application also provides a kind of application program simultaneously, the application program is for transporting The operation that safety element executes in Fig. 2 and a kind of data storage method of proof shown in Fig. 3 is executed when row.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or any combination thereof real It is existing.When implemented in software, it can entirely or partly realize in the form of a computer program product.The computer program Product includes one or more computer instructions.When loading on computers and executing the computer program instructions, all or It partly generates according to process or function described in the embodiment of the present application.The computer can be general purpose computer, dedicated meter Calculation machine, computer network or other programmable safe elements.The computer instruction can store in computer-readable storage In medium, or from a computer readable storage medium to the transmission of another computer readable storage medium, for example, the meter Calculation machine instruction can from a web-site, computer, server or data center by it is wired (such as coaxial cable, optical fiber, Digital Subscriber Line (DSL)) or wireless (such as infrared, wireless, microwave etc.) mode to another web-site, computer, service Device or data center are transmitted.The computer readable storage medium can be any usable medium that computer can access Either comprising data storage devices such as one or more usable mediums integrated server, data centers.The usable medium It can be magnetic medium, (for example, floppy disk, hard disk, tape), optical medium (for example, DVD) or semiconductor medium (such as solid-state Hard disk Solid State Disk (SSD)) etc..Above-described specific embodiment, to the purpose of the application, technical solution and Beneficial effect has been further described.Within the spirit and principles of this application, it is made it is any modification, equally replace It changes, improve, should be included within the scope of protection of this application.

Claims (10)

1. a kind of data store method of proof, which is characterized in that the method is applied to safety element, which comprises
The data to be verified that back end is sent are received, the data to be verified are what the back end was sent according to server What checking request was read from the memory space of the back end;
Determine whether the data to be verified are encryption data;
When the data to be verified are the encryption data, the first check information of the data to be verified is generated;
The second check information of the data to be verified is searched from pre-generated check information library;
First check information is matched with second check information, determines the storage shape of the data to be verified State.
2. the method as described in claim 1, which is characterized in that described to believe first check information with second verification Breath is matched, and determines that the storage state of the data to be verified includes:
When first check information is identical with second check information, determine that the storage state is effectively storage;Or
When first check information and not identical second check information, determine that the storage state is invalid storage.
3. method according to claim 2, which is characterized in that the determination storage state is after effectively storing, also Include:
According to default signature private key, generating storage proves information;
Sending storage to the server proves information, and the storage proves that information is used to indicate the server and determines the number The data to be verified whether are stored according to node.
4. the method as described in claim 1, which is characterized in that the checking request includes the mark letter of the data to be verified Breath;
Second check information that the data to be verified are searched from pre-generated check information library includes:
Receive the identification information that the back end is sent;
Second check information corresponding with the identification information is searched from the pre-generated check information library, it is described It include the corresponding relationship of the identification information and second check information in pre-generated check information library.
5. the method as described in claim 1, which is characterized in that before the data to be verified for receiving back end transmission, Further include:
Receive the data to be stored that the back end is sent;
The data to be stored is encrypted;
Second check information of the encrypted data to be stored is generated, and will be described in second check information deposit In pre-generated check information library;
The encrypted storing data is sent to the back end, the encrypted data to be stored is stored in described It is tested in memory space for receiving storage as the data to be verified when the back end receives the checking request Card.
6. method as claimed in claim 5, which is characterized in that it is described to the data to be stored carry out encryption include:
According to predetermined encryption key, the data to be stored is encrypted.
7. method as claimed in claim 6, which is characterized in that before the data to be verified for receiving back end transmission, Further include:
The lock instruction that the server is sent is received, the lock instruction is for forbidding making the predetermined encryption key With.
8. a kind of safety element, which is characterized in that the safety element includes:
Receiving module, the data to be verified that node is sent for receiving data, the data to be verified are the back end root It is read from the memory space of the back end according to the checking request that server is sent;
Determining module, for determining whether the data to be verified are encryption data;
The determining module is also used to generate the data to be verified when the data to be verified are the encryption data First check information;
Searching module, for searching the second check information of the data to be verified from pre-generated check information library;
The determining module is also used to match first check information with second check information, described in determination The storage state of data to be verified.
9. a kind of safety element characterized by comprising processor, memory, communication interface and bus;
The processor, the memory are connected by the bus with the communication interface and complete mutual communication;
The memory stores executable program code;
The processor is run and the executable program by reading the executable program code stored in the memory The corresponding program of code, to store method of proof for executing the described in any item data of claim 1-7 such as.
10. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has a plurality of finger It enables, described instruction is suitable for being loaded by processor and being executed such as the described in any item data storage methods of proof of claim 1-7.
CN201810834885.3A 2018-07-26 2018-07-26 Data storage proving method and related equipment Active CN109302442B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810834885.3A CN109302442B (en) 2018-07-26 2018-07-26 Data storage proving method and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810834885.3A CN109302442B (en) 2018-07-26 2018-07-26 Data storage proving method and related equipment

Publications (2)

Publication Number Publication Date
CN109302442A true CN109302442A (en) 2019-02-01
CN109302442B CN109302442B (en) 2022-02-22

Family

ID=65172649

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810834885.3A Active CN109302442B (en) 2018-07-26 2018-07-26 Data storage proving method and related equipment

Country Status (1)

Country Link
CN (1) CN109302442B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110020844A (en) * 2019-04-17 2019-07-16 深圳市先河系统技术有限公司 Control method, system and the relevant device of decentralization storage
CN113378242A (en) * 2021-06-28 2021-09-10 北京沃东天骏信息技术有限公司 Data verification method and system
CN113885797A (en) * 2021-09-24 2022-01-04 济南浪潮数据技术有限公司 Data storage method, device, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102045356A (en) * 2010-12-14 2011-05-04 中国科学院软件研究所 Cloud-storage-oriented trusted storage verification method and system
US20120230337A1 (en) * 2011-03-09 2012-09-13 Electronics And Telecommunications Research Insitute Method and apparatus for packet call setup
CN107219997A (en) * 2016-03-21 2017-09-29 阿里巴巴集团控股有限公司 A kind of method and device for being used to verify data consistency
CN107516180A (en) * 2017-08-25 2017-12-26 迅鳐成都科技有限公司 A kind of system and method that storage transaction security and operating efficiency are improved based on block chain

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102045356A (en) * 2010-12-14 2011-05-04 中国科学院软件研究所 Cloud-storage-oriented trusted storage verification method and system
US20120230337A1 (en) * 2011-03-09 2012-09-13 Electronics And Telecommunications Research Insitute Method and apparatus for packet call setup
CN107219997A (en) * 2016-03-21 2017-09-29 阿里巴巴集团控股有限公司 A kind of method and device for being used to verify data consistency
CN107516180A (en) * 2017-08-25 2017-12-26 迅鳐成都科技有限公司 A kind of system and method that storage transaction security and operating efficiency are improved based on block chain

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
CHENGJUN CAI ET AL: "Towards trustworthy and private keyword search in encrypted decentralized storage", 《2017 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS》 *
付艳艳等: "面向云存储的多副本文件完整性验证方案", 《计算机研究与发展》 *
郝琨: "去中心化的分布式存储模型", 《计算机工程与应用》 *
韩德志等: "云存储中数据持有性证明方法研究", 《计算机研究与发展》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110020844A (en) * 2019-04-17 2019-07-16 深圳市先河系统技术有限公司 Control method, system and the relevant device of decentralization storage
CN113378242A (en) * 2021-06-28 2021-09-10 北京沃东天骏信息技术有限公司 Data verification method and system
CN113885797A (en) * 2021-09-24 2022-01-04 济南浪潮数据技术有限公司 Data storage method, device, equipment and storage medium
CN113885797B (en) * 2021-09-24 2023-12-22 济南浪潮数据技术有限公司 Data storage method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN109302442B (en) 2022-02-22

Similar Documents

Publication Publication Date Title
US10790976B1 (en) System and method of blockchain wallet recovery
CN110324146B (en) Mitigation of offline ciphertext-only attacks
JP4216475B2 (en) Cryptographic indexed key update method and device having leakage resistance
CN109740384A (en) Data based on block chain deposit card method and apparatus
US20190165947A1 (en) Signatures for near field communications
CN113240519A (en) Intelligent contract management method and device based on block chain and electronic equipment
CN112215608A (en) Data processing method and device
CN110417750A (en) File based on block chain technology is read and method, terminal device and the storage medium of storage
CN110492990A (en) Private key management method, apparatus and system under block chain scene
CN109474420A (en) A kind of private key backup method and relevant device
US11102006B2 (en) Blockchain intelligent security implementation
CN111342963A (en) Data uplink method, data storage method and device
CN108768963A (en) The communication means and system of trusted application and safety element
CN110716728B (en) Credible updating method and device for FPGA (field programmable Gate array) logic
CN106789024A (en) A kind of remote de-locking method, device and system
CN109302442A (en) A kind of data storage method of proof and relevant device
CN108335105A (en) Data processing method and relevant device
CN109067544A (en) A kind of private key verification method, the apparatus and system of soft or hard combination
JP2003535497A (en) Cryptographically checkable identification method of physical units in public wireless telecommunications networks
CN110365472A (en) Quantum communications service station digital signature method based on unsymmetrical key pond pair, system
CN116455572B (en) Data encryption method, device and equipment
CN109474431A (en) Client certificate method and computer readable storage medium
CN113302876A (en) Offline non-interception interaction with cryptocurrency network using network-disabled devices
Rezaeighaleh Improving security of crypto wallets in blockchain technologies
CN110750303B (en) Pipelined instruction reading method and device based on FPGA

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant