CN109302442A - A kind of data storage method of proof and relevant device - Google Patents
A kind of data storage method of proof and relevant device Download PDFInfo
- Publication number
- CN109302442A CN109302442A CN201810834885.3A CN201810834885A CN109302442A CN 109302442 A CN109302442 A CN 109302442A CN 201810834885 A CN201810834885 A CN 201810834885A CN 109302442 A CN109302442 A CN 109302442A
- Authority
- CN
- China
- Prior art keywords
- data
- verified
- check information
- storage
- back end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
This application discloses a kind of data storage method of proof and relevant devices, it include: the data to be verified that safety element receives back end transmission first, the data to be verified are what the checking request that the back end is sent according to server was read from the memory space of the back end;Then determine whether the data to be verified are encryption data;Secondly when the data to be verified are the encryption data, the first check information of the data to be verified is generated;Then the second check information of the data to be verified is searched from pre-generated check information library;First check information is matched with second check information finally, determines the storage state of the data to be verified.Using the embodiment of the present application, validity, the complexity of reduction data storage proof that data storage proves can be improved.
Description
Technical field
This application involves file management field more particularly to a kind of data storage method of proof and relevant devices.
Background technique
The continuous improvement of requirement with user to message transmission rate, distributed file system receive significant attention.Point
Cloth file system refers to that the physical memory resources of file system management are not necessarily directly connected on the local node, but passes through
Computer network is connected with node.Wherein, interspace document storage system (Inter-Planetary File System, IPFS)
It is the distributed file system of a point-to-point, it is intended to which creation is persistently and the network transmission of distributed storage and shared file is assisted
View.In order to encourage user using the system in IPFS, the designer of the system provides reward mechanism, that is, stores data
User's (node) can obtain corresponding reward.It just needs to verify whether user really stores its institute under the reward mechanism
The data of statement, i.e. storage prove.However, bad node often in the checking request of response server, replicates other nodes
The data stored prove to generate storage, and node itself does not store any data.Or bad node can also store
Multiple identity recognition numbers are created while a data, obtain more parts of rewards using multiple identity recognition numbers.Currently, for bad
The countermeasure that the behavior of node uses stores proof mechanism for FileCoin, which thinks that node is completely insincere, cause
The computationally intensive of realization, complexity are high.
Summary of the invention
The embodiment of the present application provides a kind of data storage method of proof and relevant device.It can be improved what data storage proved
Validity reduces the complexity that data storage proves.
The application first aspect provides a kind of data storage method of proof, comprising:
The data to be verified that back end is sent are received, the data to be verified are that the back end is sent out according to server
What the checking request sent was read from the memory space of the back end;
Determine whether the data to be verified are encryption data;
When the data to be verified are the encryption data, the first check information of the data to be verified is generated;
The second check information of the data to be verified is searched from pre-generated check information library;
First check information is matched with second check information, determines the storage of the data to be verified
State.
Wherein, described to match first check information with second check information, it determines described to be verified
The storage state of data includes:
When first check information is identical with second check information, determine that the storage state is effectively to deposit
Storage;Or
When first check information and not identical second check information, determine that the storage state is to deposit in vain
Storage.
Wherein, the determination storage state is after effectively storing, further includes:
According to default signature private key, generating storage proves information;
Sending storage to the server proves information, and the storage proves that information is used to indicate the server and determines institute
State whether back end stores the data to be verified.
Wherein, the checking request includes the identification information of the data to be verified;
Second check information that the data to be verified are searched from pre-generated check information library includes:
Receive the identification information that the back end is sent;
Second check information corresponding with the identification information is searched from the pre-generated check information library,
It include the corresponding relationship of the identification information and second check information in the pre-generated check information library.
Wherein, before the data to be verified for receiving back end transmission, further includes:
Receive the data to be stored that the back end is sent;
The data to be stored is encrypted;
Second check information of the encrypted data to be stored is generated, and second check information is stored in
In the pre-generated check information library;
The encrypted storing data is sent to the back end, the encrypted data to be stored is stored in
For being deposited when the back end receives the checking request as the data receiving to be verified in the memory space
Storage verifying.
Wherein, it is described to the data to be stored carry out encryption include:
According to predetermined encryption key, the data to be stored is encrypted.
Wherein, before the data to be verified for receiving back end transmission, further includes:
The lock instruction that the server is sent is received, the lock instruction is for forbidding to the predetermined encryption key
It uses.
Correspondingly, the application second aspect provides a kind of safety element, comprising:
Receiving module, the data to be verified that node is sent for receiving data, the data to be verified are the data section
What the checking request that point is sent according to server was read from the memory space of the back end;
Determining module, for determining whether the data to be verified are encryption data;
The determining module is also used to generate the number to be verified when the data to be verified are the encryption data
According to the first check information;
Searching module, for searching the second verification letter of the data to be verified from pre-generated check information library
Breath;
The determining module is also used to match first check information with second check information, determines
The storage state of the data to be verified.
Wherein, the determining module, is also used to:
When first check information is identical with second check information, determine that the storage state is effectively to deposit
Storage;Or
When first check information and not identical second check information, determine that the storage state is to deposit in vain
Storage.
Wherein, the safety element further includes sending module, is used for:
According to default signature private key, generating storage proves information;
Sending storage to the server proves information, and the storage proves that information is used to indicate the server and determines institute
State whether back end stores the data to be verified.
Wherein, the checking request includes the identification information of the data to be verified;
The receiving module is also used to:
Receive the identification information that the back end is sent;
The searching module is also used to:
Second check information corresponding with the identification information is searched from the pre-generated check information library,
It include the corresponding relationship of the identification information and second check information in the pre-generated check information library.
Wherein, the receiving module is also used to:
Receive the data to be stored that the back end is sent;
The data to be stored is encrypted;
Second check information of the encrypted data to be stored is generated, and second check information is stored in
In the pre-generated check information library;
The sending module is also used to:
The encrypted storing data is sent to the back end, the encrypted data to be stored is stored in
For being deposited when the back end receives the checking request as the data receiving to be verified in the memory space
Storage verifying.
Wherein, the receiving module is also used to:
According to predetermined encryption key, the data to be stored is encrypted.
Wherein, the receiving module is also used to:
The lock instruction that the server is sent is received, the lock instruction is for forbidding to the predetermined encryption key
It uses.
Correspondingly, this application provides a kind of storage mediums, wherein the storage medium is for storing application program, institute
Application program is stated for executing a kind of data storage method of proof disclosed in the embodiment of the present application first aspect at runtime.
Correspondingly, this application provides a kind of application programs, wherein the application program for executing this Shen at runtime
A kind of data method of proof please be stored disclosed in embodiment first aspect.
Implement the embodiment of the present application, safety element receives the data to be verified of back end transmission first, described to be verified
Data are what the checking request that the back end is sent according to server was read from the memory space of the back end;It connects
Determine whether the data to be verified are encryption data;Secondly it when the data to be verified are the encryption data, generates
First check information of the data to be verified;Then the data to be verified are searched from pre-generated check information library
Second check information;First check information is matched with second check information finally, is determined described to be verified
Validity, the complexity of reduction data storage proof that data storage proves can be improved in the storage state of data.
Detailed description of the invention
Technical solution in ord to more clearly illustrate embodiments of the present application, below will be to required use in embodiment description
Attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is some embodiments of the present application, for this field
For those of ordinary skill, without creative efforts, it is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of structural schematic diagram of data storage proof system provided by the embodiments of the present application;
Fig. 2 is a kind of flow diagram of data storage method of proof provided by the embodiments of the present application;
Fig. 3 is the flow diagram of another data storage method of proof provided by the embodiments of the present application;
Fig. 4 is a kind of structural schematic diagram of safety element provided by the embodiments of the present application;
Fig. 5 is the structural schematic diagram of another safety element provided by the embodiments of the present application.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete
Site preparation description, it is clear that described embodiment is some embodiments of the present application, instead of all the embodiments.Based on this Shen
Please in embodiment, every other implementation obtained by those of ordinary skill in the art without making creative efforts
Example, shall fall in the protection scope of this application.
Referring to FIG. 1, Fig. 1 is a kind of structural schematic diagram of data storage proof system provided by the embodiments of the present application.Such as
Shown in figure, the system in the embodiment of the present application includes server, back end and safety element.Wherein, server can be text
Part server.Back end can be the data terminal equipment using distributed system, such as digital mobile phone, personal computer,
The system may include the back end of multiple pars, and each back end can store the transmission data in network,
Data can be read from other back end, wherein data can be piecemeal and be stored in back end.Safety element can
To be the chip with encryption and decryption logic that can prevent external malice parsing attack, protection data safety, wherein
The corresponding safety element of each back end.It, can be to storing data in order to encourage the positive storing data of back end
Back end granting reward.For example, providing token (such as bit coin) conduct to the back end for storing data by server
Reward.Wherein, back end can first download data to be stored, then using safety element to the data to be stored
It is encrypted, the data of back end actual storage are encrypted data to be stored.After safety element generates the encryption simultaneously
Data to be stored check information and store the check information.Back end can be stated to store on this node to server
Which data, server then regularly sends checking request to back end, to verify whether the back end is really deposited
Its data stated is stored up.Wherein, back end is sent according to checking request to safety element after receiving checking request
The data to be verified of server requirement verifying;Safety element determines whether the data to be verified are encryption data first;Then
When the data to be verified are the encryption data, the first check information of the data to be verified is generated;Then from preparatory
The second check information of the data to be verified is searched in the check information library of generation;Finally by first check information and institute
It states the second check information to be matched, determines the storage state of the data to be verified.Safety element is according to storage state to clothes
Business device, which sends storage, proves information, so that server determines whether the back end stores the data to be verified.It is based on
Above system, the embodiment of the present application provide following data storage method of proof.
Referring to FIG. 2, Fig. 2 is a kind of structural schematic diagram of data storage method of proof provided by the embodiments of the present application.Such as
Shown in figure, the method in the embodiment of the present application includes:
S201, safety element receive the data to be verified that back end is sent, and the data to be verified are the data section
What the checking request that point is sent according to server was read from the memory space of the back end.
In the specific implementation, back end can state which data this node stores to server, wherein bad node
The data for not having storage on the node can be stated to server.Therefore, server periodically can send verifying to back end and ask
It asks, to carry out storage verifying.It, can be according to the checking request when back end receives the checking request of server transmission
Data to be verified are read from memory space, wherein data are that piecemeal is stored on back end, be can wrap in checking request
The identification information for including data to be verified, such as the title of data block.Therefore, back end can be empty from storage according to the identification information
Between it is middle lookup and read data to be verified.
S202, safety element determine whether the data to be verified are encryption data.If not, it is determined that the data to be verified
Storage state be invalid storage, therefore end at this step, and no longer execute following step.If so, executing S203.
It should be noted that safety element can receive service before receiving the data to be verified that back end is sent
The lock instruction that device is sent, the lock instruction are used to forbid the use to predetermined encryption key.Wherein, predetermined encryption key is
What safety element was used to encrypt data.Server, can be first to safety before sending checking request to back end
Element sends the lock instruction, so that safety element locks predetermined encryption key, it is ensured that carry out storage card treating verify data
Back end is not available the predetermined encryption key in bright process.In addition, the storage proof procedure when data to be verified terminates
When, lock instruction failure.
In the specific implementation, if the data to be verified are not encryption data, it may be considered that the data to be verified are data
Node is got from the back end for really storing the data to be verified when receiving checking request, the back end
The data to be verified are not stored really, and reason is that the data really stored on the back end are close by predetermined encryption
The data of key encryption, and the back end can only get the plaintext of data from other nodes, and predetermined encryption is close at this time
Key has been locked, therefore the back end can not encrypt the plaintext of the data obtained from other back end.
S203, safety element generate the first check information of the data to be verified.
In the specific implementation, first check information can be, but not limited to as Hash (Hash) value.Wherein it is possible to utilize Hash
Algorithm calculates the hash value of the data to be verified.
S204, safety element search the second verification letter of the data to be verified from pre-generated check information library
Breath.
In the specific implementation, that the second check information for including in pre-generated check information library generates for safety element,
The check information for the encryption data that the back end really stores.It wherein, include to be tested in the checking request that server is sent
Demonstrate,prove the identification information of data.Therefore, the identification information that the back end is sent can be received first;Then from described pre-
Second check information corresponding with the identification information, the pre-generated school are searched in the check information library first generated
Test the corresponding relationship in information bank including the identification information and second check information.Wherein, only safety element can be with
The pre-generated check information library is accessed, the second check information in the pre-generated check information library can be, but not limited to
For hash value.
First check information is matched with second check information, determines the data to be verified by S205
Storage state.
In the specific implementation, can be deposited described in determination when first check information is identical with second check information
Storage state is effectively storage, and effectively storage indicates that data to be verified are really stored on the back end;When first verification
When information and not identical second check information, determine that the storage state is invalid storage, invalid storage indicates the data
Node has only got the data to be verified by " illegal " means in the checking request for answering pay server, and does not deposit really
Store up the data to be verified.Such as: in the checking request for receiving server, from the data section for really storing data to be verified
The data to be verified are replicated on point.For another example: for a data of node actual storage, but simultaneously using multiple identity to
Server statement stores the data block, to obtain the case where more parts of data storage of server issues is rewarded, due to each
The corresponding predetermined encryption key of identity is different, different to same part data ciphertext generated, the second school of every part of ciphertext
Testing information also will be different, and the check information library in safety element can only store a kind of the second verification letter of ciphertext of the data
Breath, this will imply that the first check information of only one identity and the second check information can be with successful match, to have
The case where effect prevents bad data node to steal reward using multiple identity.Meanwhile even if there are multiple safety elements
A variety of second check informations that number to be verified can be stored also are needed to successfully obtain more parts of rewards using multiple identity
It wants back end to open up multiple memory spaces and stores more parts of ciphertexts.
Optionally, after determining that the storage state is effectively storage, storage proves to be replicated and distort in order to prevent
Can be first according to signature private key be preset, generating storage proves information, wherein may include muti-piece number to be verified in checking request
According to identification information, therefore storage state can be confirmed as to the identification information of the data to be verified effectively stored and random raw
At a random number synthesize a data packet, and demonstrate,prove as storing after signing using default signature private key to the data packet
Bright information.Then safety element, which sends storage to the server, proves information, and it is described that the storage proves that information is used to indicate
Service determines whether the back end stores the data to be verified.Wherein, server is receiving storage proof information
After can first with the corresponding public signature key of the back end to storage prove information be decrypted, if successful decryption, really
The fixed storage proves that information is that the safety element for the back end currently verified generates;Then identification information is extracted
And random number, storage is proved that random number is matched with the random number that safety element is individually sent is received in information, when
With result be it is identical when, determine the storage prove information be not tampered with, thus server determine storage prove information in wrapped
The data to be verified that the identification information included is referred to are the data being really stored in the back end.
In the embodiment of the present application, safety element receives the data to be verified of back end transmission first, described to be verified
Data are what the checking request that the back end is sent according to server was read from the memory space of the back end;It connects
Determine whether the data to be verified are encryption data;Secondly it when the data to be verified are the encryption data, generates
First check information of the data to be verified;Then the data to be verified are searched from pre-generated check information library
Second check information;First check information is matched with second check information finally, is determined described to be verified
Validity, the complexity of reduction data storage proof that data storage proves can be improved in the storage state of data.
Please refer to the flow diagram that 3, Fig. 3 is another data storage method of proof provided by the embodiments of the present application.Such as
Shown in figure, the method in the embodiment of the present application includes:
S301, back end obtain data to be stored.
In the specific implementation, back end can store in the whole network the data of any required storage, wherein back end can be with
Download data to be stored.
S302, back end send the data to be stored to safety element.
S303, safety element encrypt the data to be stored.
In the specific implementation, storing predetermined encryption key in safety element.Safety element can be close according to the predetermined encryption
Key encrypts data to be stored.
S304, safety element generate the second check information of the encrypted data to be stored, and by second school
Information is tested to be stored in the pre-generated check information library.
In the specific implementation, safety element can divide in advance a special storage region for as check information library with
Just the second check information of all encrypted data to be stored is stored, and limits and there was only the accessible verification of safety element
Information bank.Wherein, the second check information can be, but not limited to as hash value, safety element can be calculated according to hash algorithm plus
The hash value of data to be stored after close.
S305, safety element send the encrypted data to be stored to back end.
The encrypted data to be stored is stored in the memory space of the back end and uses by S306, back end
It is verified in receiving storage as data to be verified when the back end receives the checking request.
S307, server send checking request to back end.
In the specific implementation, back end can state the data that this node is stored to server, wherein bad node meeting
The data for not having storage on the node are stated to server.Therefore server periodically can send checking request to back end,
To carry out storage proof.It wherein, may include the identification information of data to be verified in checking request.
S308, back end read the data to be verified according to the checking request from memory space.
In the specific implementation, may include the identification information of data to be verified in checking request.Back end can be according to this
Identification information is searched from the memory space of the back end and reads data to be verified.
S309, back end send the data to be verified to safety element.
S310, safety element determine whether described verify data is encryption data.If not, it is determined that the data to be verified
Storage state be invalid storage, therefore end at this step, and no longer execute following step, if so, executing S311.This step
Suddenly identical as the S202 in a upper embodiment, this step repeats no more.
S311 generates the first verification letter of the data to be verified when the data to be verified are the encryption data
Breath.This step is identical as the S203 in a upper embodiment, this step repeats no more.
S312 searches the second check information of the data to be verified from pre-generated check information library.This step
Identical as the step S204 in a upper embodiment, this step repeats no more.
First check information is matched with second check information, determines the data to be verified by S313
Storage state.The S205 that this step is met in an embodiment is identical, this step repeats no more.
S314, when the storage state is effectively storage, generate storage according to default signature private key proves safety element
Information.
In the specific implementation, storage proves to be replicated and distort in order to prevent, storage state can be confirmed as effectively depositing
The identification information of the data to be verified of storage synthesizes a data packet with the random number generated at random, and private using default signature
Key is used as storage to prove information after signing to the data packet.
S315, safety element, which sends storage to server, proves information.
S316, server prove information according to storage, determine back end belonging to data to be verified.
In the specific implementation, server can be first with the corresponding label of the back end after receiving storage to prove information
Name public key proves that information is decrypted to storage, if successful decryption, it is determined that the storage proves that information is currently to be tested
What the safety element of the back end of card generated;Then identification information and random number are extracted, storage is proved into random number in information
It is matched with the random number that safety element is individually sent is received, when matching result is identical, can determine that the storage is demonstrate,proved
Bright information is not tampered with, so that server determines the number to be verified that storage proves that identification information included in information is referred to
According to being the data being really stored in the back end.
In the embodiment of the present application, safety element receives the data to be verified of back end transmission first, described to be verified
Data are what the checking request that the back end is sent according to server was read from the memory space of the back end;It connects
Determine whether the data to be verified are encryption data;Secondly it when the data to be verified are the encryption data, generates
First check information of the data to be verified;Then the data to be verified are searched from pre-generated check information library
Second check information;First check information is matched with second check information finally, is determined described to be verified
Validity, the complexity of reduction data storage proof that data storage proves can be improved in the storage state of data.
Please refer to the structural schematic diagram that 4, Fig. 4 is a kind of safety element provided by the embodiments of the present application.As shown, this Shen
Please the safety element in embodiment include:
Receiving module 401, the data to be verified that node is sent for receiving data, the data to be verified are the data
What the checking request that node is sent according to server was read from the memory space of the back end.
In the specific implementation, back end can state which data this node stores to server, wherein bad node
The data for not having storage on the node can be stated to server.Therefore, server periodically can send verifying to back end and ask
It asks, to carry out storage verifying.It, can be according to the checking request when back end receives the checking request of server transmission
Data to be verified are read from memory space, wherein data are that piecemeal is stored on back end, be can wrap in checking request
The identification information for including data to be verified, such as the title of data block.Therefore, back end can be empty from storage according to the identification information
Between it is middle lookup and read data to be verified.
Determining module 402, for determining whether the data to be verified are encryption data.
It should be noted that safety element, before receiving the data to be verified that back end is sent, receiving module 401 is also
For receiving the lock instruction of server transmission, the lock instruction is used to forbid the use to predetermined encryption key.Wherein, in advance
If encryption key is safety element for encrypting to data.Server to back end send checking request before,
The lock instruction first can be sent to safety element, so that safety element locks predetermined encryption key, it is ensured that number to be verified
Back end is not available the predetermined encryption key during according to storage proof is carried out.In addition, working as the storage of data to be verified
At the end of proof procedure, lock instruction failure.
In the specific implementation, if the data to be verified are not encryption data, it may be considered that the data to be verified are data
Node is got from the back end for really storing the data to be verified when receiving checking request, the back end
The data to be verified are not stored really, and reason is that the data really stored on the back end are close by predetermined encryption
The data of key encryption, and the back end can only get the plaintext of data from other nodes, and predetermined encryption is close at this time
Key has been locked, therefore the back end can not encrypt the plaintext of the data obtained from other back end.
Determining module 401 is also used to generate the data to be verified when the data to be verified are the encryption data
The first check information.
In the specific implementation, first check information can be, but not limited to as Hash (Hash) value.Wherein it is possible to utilize Hash
Algorithm calculates the hash value of the data to be verified.
Searching module 403, for searching the second verification of the data to be verified from pre-generated check information library
Information.
In the specific implementation, that the second check information for including in pre-generated check information library generates for safety element,
The check information for the encryption data that the back end really stores.It wherein, include to be tested in the checking request that server is sent
Demonstrate,prove the identification information of data.Therefore, the identification information that the back end is sent can be received first;Then from described pre-
Second check information corresponding with the identification information, the pre-generated school are searched in the check information library first generated
Test the corresponding relationship in information bank including the identification information and second check information.Wherein, only safety element can be with
The pre-generated check information library is accessed, the second check information in the pre-generated check information library can be, but not limited to
For hash value.
Determining module 401 is also used to match first check information with second check information, determines institute
State the storage state of data to be verified.
In the specific implementation, can be deposited described in determination when first check information is identical with second check information
Storage state is effectively storage, and effectively storage indicates that data to be verified are really stored on the back end;When first verification
When information and not identical second check information, determine that the storage state is invalid storage, invalid storage indicates the data
Node has only got the data to be verified by " illegal " means in the checking request for answering pay server, and does not deposit really
Store up the data to be verified.Such as: in the checking request for receiving server, from the data section for really storing data to be verified
The data to be verified are replicated on point.For another example: for a data of node actual storage, but simultaneously using multiple identity to
Server statement stores the data block, to obtain the case where more parts of data storage of server issues is rewarded, due to each
The corresponding predetermined encryption key of identity is different, different to same part data ciphertext generated, the second school of every part of ciphertext
Testing information also will be different, and the check information library in safety element can only store a kind of the second verification letter of ciphertext of the data
Breath, this will imply that the first check information of only one identity and the second check information can be with successful match, to have
The case where effect prevents bad data node to steal reward using multiple identity.Meanwhile even if there are multiple safety elements
A variety of second check informations that number to be verified can be stored also are needed to successfully obtain more parts of rewards using multiple identity
It wants back end to open up multiple memory spaces and stores more parts of ciphertexts.
Optionally, node can arbitrarily generate storage and prove that the safety element further includes sending module in order to prevent, use
In after determining the storage state is effectively storage, basis signature private key can be preset first, generating storage proves information,
Wherein, it may include the identification information of muti-piece data to be verified in checking request, therefore storage state can be confirmed as having
The identification information for imitating the data to be verified of storage synthesizes a data packet with the random number generated at random, and utilizes default label
Name private key is used as storage to prove information after signing to the data packet.Then safety element sends storage card to the server
Bright information, the storage prove that information is used to indicate the service and determines whether the back end stores the number to be verified
According to.Wherein, server can be first with the corresponding public signature key of the back end to depositing after receiving storage to prove information
Storage proves that information is decrypted, if successful decryption, it is determined that the storage proves that information is the data section currently verified
What the safety element of point generated;Then identification information and random number are extracted, storage is proved into random number in information and receives peace
The random number that full element is individually sent is matched, and when matching result is identical, determines that the storage proves that information is not usurped
Change, so that the data to be verified that server determines that storage proves that identification information included in information is referred to are really to be stored in
Data in the back end.
Optionally, before receiving the data to be verified that back end is sent, receiving module 401 is also used to receive number first
The data to be stored sent according to node;Then the data to be stored is encrypted, wherein can be according to predetermined encryption key
Data to be stored is encrypted;Then the second check information of the encrypted data to be stored is generated, and by described
Two check informations are stored in the pre-generated check information library;The last sending module is also used to send to back end
The encrypted data to be stored.The memory space of the back end is stored in the encrypted data to be stored
In for when the back end receives the checking request as data to be verified receive storage verifying.
In the embodiment of the present application, safety element receives the data to be verified of back end transmission first, described to be verified
Data are what the checking request that the back end is sent according to server was read from the memory space of the back end;It connects
Determine whether the data to be verified are encryption data;Secondly it when the data to be verified are the encryption data, generates
First check information of the data to be verified;Then the data to be verified are searched from pre-generated check information library
Second check information;First check information is matched with second check information finally, is determined described to be verified
Validity, the complexity of reduction data storage proof that data storage proves can be improved in the storage state of data.
Referring to FIG. 5, Fig. 5 is the structural schematic diagram for another safety element that the embodiment of the present application proposes.As shown,
The safety element may include: at least one processor 501, such as CPU, at least one communication interface 502, at least one storage
Device 503, at least one bus 504.Wherein, bus 504 is for realizing the connection communication between these components.Wherein, the application
The communication interface 502 of electronic equipment is wired sending port in embodiment, or wireless device, for example including antenna safety
Element, for carrying out the communication of signaling or data with other node devices.Memory 503 can be high speed RAM memory, can also
To be non-labile memory (non-volatile memory), for example, at least a magnetic disk storage.Memory 503 can
Choosing can also be that at least one is located remotely from the storage safety element of aforementioned processor 501.One group of journey is stored in memory 503
Sequence code, and processor 501 is used to call the program code stored in memory, for performing the following operations:
The data to be verified that back end is sent are received, the data to be verified are that the back end is sent out according to server
What the checking request sent was read from the memory space of the back end;
Determine whether the data to be verified are encryption data;
When the data to be verified are the encryption data, the first check information of the data to be verified is generated;
The second check information of the data to be verified is searched from pre-generated check information library;
First check information is matched with second check information, determines the storage of the data to be verified
State.
Wherein, processor 501 is also used to perform the following operations step:
When first check information is identical with second check information, determine that the storage state is effectively to deposit
Storage;Or
When first check information and not identical second check information, determine that the storage state is to deposit in vain
Storage.
Wherein, processor 501 is also used to perform the following operations step:
According to default signature private key, generating storage proves information;
Sending storage to the server proves information, and the storage proves that information is used to indicate the server and determines institute
State whether back end stores the data to be verified.
Wherein, processor 501 is also used to perform the following operations step:
The checking request includes the identification information of the data to be verified;
Receive the identification information that the back end is sent;
Second check information corresponding with the identification information is searched from the pre-generated check information library,
It include the corresponding relationship of the identification information and second check information in the pre-generated check information library.
Wherein, processor 501 is also used to perform the following operations step:
Receive the data to be stored that the back end is sent;
The data to be stored is encrypted;
Second check information of the encrypted data to be stored is generated, and second check information is stored in
In the pre-generated check information library;
The encrypted storing data is sent to the back end, the encrypted data to be stored is stored in
For being deposited when the back end receives the checking request as the data receiving to be verified in the memory space
Storage verifying.
Wherein, processor 501 is also used to perform the following operations step:
According to predetermined encryption key, the data to be stored is encrypted.
Wherein, processor 501 is also used to perform the following operations step:
The lock instruction that the server is sent is received, the lock instruction is for forbidding to the predetermined encryption key
It uses.
It should be noted that the embodiment of the present application also provides a kind of storage medium simultaneously, the storage medium is for storing
Application program, the application program for executing safety member in Fig. 2 and a kind of data storage method of proof shown in Fig. 3 at runtime
The operation that part executes.
It should be noted that the embodiment of the present application also provides a kind of application program simultaneously, the application program is for transporting
The operation that safety element executes in Fig. 2 and a kind of data storage method of proof shown in Fig. 3 is executed when row.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or any combination thereof real
It is existing.When implemented in software, it can entirely or partly realize in the form of a computer program product.The computer program
Product includes one or more computer instructions.When loading on computers and executing the computer program instructions, all or
It partly generates according to process or function described in the embodiment of the present application.The computer can be general purpose computer, dedicated meter
Calculation machine, computer network or other programmable safe elements.The computer instruction can store in computer-readable storage
In medium, or from a computer readable storage medium to the transmission of another computer readable storage medium, for example, the meter
Calculation machine instruction can from a web-site, computer, server or data center by it is wired (such as coaxial cable, optical fiber,
Digital Subscriber Line (DSL)) or wireless (such as infrared, wireless, microwave etc.) mode to another web-site, computer, service
Device or data center are transmitted.The computer readable storage medium can be any usable medium that computer can access
Either comprising data storage devices such as one or more usable mediums integrated server, data centers.The usable medium
It can be magnetic medium, (for example, floppy disk, hard disk, tape), optical medium (for example, DVD) or semiconductor medium (such as solid-state
Hard disk Solid State Disk (SSD)) etc..Above-described specific embodiment, to the purpose of the application, technical solution and
Beneficial effect has been further described.Within the spirit and principles of this application, it is made it is any modification, equally replace
It changes, improve, should be included within the scope of protection of this application.
Claims (10)
1. a kind of data store method of proof, which is characterized in that the method is applied to safety element, which comprises
The data to be verified that back end is sent are received, the data to be verified are what the back end was sent according to server
What checking request was read from the memory space of the back end;
Determine whether the data to be verified are encryption data;
When the data to be verified are the encryption data, the first check information of the data to be verified is generated;
The second check information of the data to be verified is searched from pre-generated check information library;
First check information is matched with second check information, determines the storage shape of the data to be verified
State.
2. the method as described in claim 1, which is characterized in that described to believe first check information with second verification
Breath is matched, and determines that the storage state of the data to be verified includes:
When first check information is identical with second check information, determine that the storage state is effectively storage;Or
When first check information and not identical second check information, determine that the storage state is invalid storage.
3. method according to claim 2, which is characterized in that the determination storage state is after effectively storing, also
Include:
According to default signature private key, generating storage proves information;
Sending storage to the server proves information, and the storage proves that information is used to indicate the server and determines the number
The data to be verified whether are stored according to node.
4. the method as described in claim 1, which is characterized in that the checking request includes the mark letter of the data to be verified
Breath;
Second check information that the data to be verified are searched from pre-generated check information library includes:
Receive the identification information that the back end is sent;
Second check information corresponding with the identification information is searched from the pre-generated check information library, it is described
It include the corresponding relationship of the identification information and second check information in pre-generated check information library.
5. the method as described in claim 1, which is characterized in that before the data to be verified for receiving back end transmission,
Further include:
Receive the data to be stored that the back end is sent;
The data to be stored is encrypted;
Second check information of the encrypted data to be stored is generated, and will be described in second check information deposit
In pre-generated check information library;
The encrypted storing data is sent to the back end, the encrypted data to be stored is stored in described
It is tested in memory space for receiving storage as the data to be verified when the back end receives the checking request
Card.
6. method as claimed in claim 5, which is characterized in that it is described to the data to be stored carry out encryption include:
According to predetermined encryption key, the data to be stored is encrypted.
7. method as claimed in claim 6, which is characterized in that before the data to be verified for receiving back end transmission,
Further include:
The lock instruction that the server is sent is received, the lock instruction is for forbidding making the predetermined encryption key
With.
8. a kind of safety element, which is characterized in that the safety element includes:
Receiving module, the data to be verified that node is sent for receiving data, the data to be verified are the back end root
It is read from the memory space of the back end according to the checking request that server is sent;
Determining module, for determining whether the data to be verified are encryption data;
The determining module is also used to generate the data to be verified when the data to be verified are the encryption data
First check information;
Searching module, for searching the second check information of the data to be verified from pre-generated check information library;
The determining module is also used to match first check information with second check information, described in determination
The storage state of data to be verified.
9. a kind of safety element characterized by comprising processor, memory, communication interface and bus;
The processor, the memory are connected by the bus with the communication interface and complete mutual communication;
The memory stores executable program code;
The processor is run and the executable program by reading the executable program code stored in the memory
The corresponding program of code, to store method of proof for executing the described in any item data of claim 1-7 such as.
10. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has a plurality of finger
It enables, described instruction is suitable for being loaded by processor and being executed such as the described in any item data storage methods of proof of claim 1-7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810834885.3A CN109302442B (en) | 2018-07-26 | 2018-07-26 | Data storage proving method and related equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810834885.3A CN109302442B (en) | 2018-07-26 | 2018-07-26 | Data storage proving method and related equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109302442A true CN109302442A (en) | 2019-02-01 |
CN109302442B CN109302442B (en) | 2022-02-22 |
Family
ID=65172649
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810834885.3A Active CN109302442B (en) | 2018-07-26 | 2018-07-26 | Data storage proving method and related equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109302442B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110020844A (en) * | 2019-04-17 | 2019-07-16 | 深圳市先河系统技术有限公司 | Control method, system and the relevant device of decentralization storage |
CN113378242A (en) * | 2021-06-28 | 2021-09-10 | 北京沃东天骏信息技术有限公司 | Data verification method and system |
CN113885797A (en) * | 2021-09-24 | 2022-01-04 | 济南浪潮数据技术有限公司 | Data storage method, device, equipment and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102045356A (en) * | 2010-12-14 | 2011-05-04 | 中国科学院软件研究所 | Cloud-storage-oriented trusted storage verification method and system |
US20120230337A1 (en) * | 2011-03-09 | 2012-09-13 | Electronics And Telecommunications Research Insitute | Method and apparatus for packet call setup |
CN107219997A (en) * | 2016-03-21 | 2017-09-29 | 阿里巴巴集团控股有限公司 | A kind of method and device for being used to verify data consistency |
CN107516180A (en) * | 2017-08-25 | 2017-12-26 | 迅鳐成都科技有限公司 | A kind of system and method that storage transaction security and operating efficiency are improved based on block chain |
-
2018
- 2018-07-26 CN CN201810834885.3A patent/CN109302442B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102045356A (en) * | 2010-12-14 | 2011-05-04 | 中国科学院软件研究所 | Cloud-storage-oriented trusted storage verification method and system |
US20120230337A1 (en) * | 2011-03-09 | 2012-09-13 | Electronics And Telecommunications Research Insitute | Method and apparatus for packet call setup |
CN107219997A (en) * | 2016-03-21 | 2017-09-29 | 阿里巴巴集团控股有限公司 | A kind of method and device for being used to verify data consistency |
CN107516180A (en) * | 2017-08-25 | 2017-12-26 | 迅鳐成都科技有限公司 | A kind of system and method that storage transaction security and operating efficiency are improved based on block chain |
Non-Patent Citations (4)
Title |
---|
CHENGJUN CAI ET AL: "Towards trustworthy and private keyword search in encrypted decentralized storage", 《2017 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS》 * |
付艳艳等: "面向云存储的多副本文件完整性验证方案", 《计算机研究与发展》 * |
郝琨: "去中心化的分布式存储模型", 《计算机工程与应用》 * |
韩德志等: "云存储中数据持有性证明方法研究", 《计算机研究与发展》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110020844A (en) * | 2019-04-17 | 2019-07-16 | 深圳市先河系统技术有限公司 | Control method, system and the relevant device of decentralization storage |
CN113378242A (en) * | 2021-06-28 | 2021-09-10 | 北京沃东天骏信息技术有限公司 | Data verification method and system |
CN113885797A (en) * | 2021-09-24 | 2022-01-04 | 济南浪潮数据技术有限公司 | Data storage method, device, equipment and storage medium |
CN113885797B (en) * | 2021-09-24 | 2023-12-22 | 济南浪潮数据技术有限公司 | Data storage method, device, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN109302442B (en) | 2022-02-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10790976B1 (en) | System and method of blockchain wallet recovery | |
CN110324146B (en) | Mitigation of offline ciphertext-only attacks | |
JP4216475B2 (en) | Cryptographic indexed key update method and device having leakage resistance | |
CN109740384A (en) | Data based on block chain deposit card method and apparatus | |
US20190165947A1 (en) | Signatures for near field communications | |
CN113240519A (en) | Intelligent contract management method and device based on block chain and electronic equipment | |
CN112215608A (en) | Data processing method and device | |
CN110417750A (en) | File based on block chain technology is read and method, terminal device and the storage medium of storage | |
CN110492990A (en) | Private key management method, apparatus and system under block chain scene | |
CN109474420A (en) | A kind of private key backup method and relevant device | |
US11102006B2 (en) | Blockchain intelligent security implementation | |
CN111342963A (en) | Data uplink method, data storage method and device | |
CN108768963A (en) | The communication means and system of trusted application and safety element | |
CN110716728B (en) | Credible updating method and device for FPGA (field programmable Gate array) logic | |
CN106789024A (en) | A kind of remote de-locking method, device and system | |
CN109302442A (en) | A kind of data storage method of proof and relevant device | |
CN108335105A (en) | Data processing method and relevant device | |
CN109067544A (en) | A kind of private key verification method, the apparatus and system of soft or hard combination | |
JP2003535497A (en) | Cryptographically checkable identification method of physical units in public wireless telecommunications networks | |
CN110365472A (en) | Quantum communications service station digital signature method based on unsymmetrical key pond pair, system | |
CN116455572B (en) | Data encryption method, device and equipment | |
CN109474431A (en) | Client certificate method and computer readable storage medium | |
CN113302876A (en) | Offline non-interception interaction with cryptocurrency network using network-disabled devices | |
Rezaeighaleh | Improving security of crypto wallets in blockchain technologies | |
CN110750303B (en) | Pipelined instruction reading method and device based on FPGA |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |