CN109412754A

CN109412754A - A kind of data storage, distribution and access method encoding cloud

Info

Publication number: CN109412754A
Application number: CN201811259051.0A
Authority: CN
Inventors: 李祥明; 卢继华; 杨杰; 孙磊; 李翔
Original assignee: Beijing Institute of Technology BIT
Current assignee: Beijing Institute of Technology BIT
Priority date: 2018-10-22
Filing date: 2018-10-26
Publication date: 2019-03-01
Anticipated expiration: 2038-10-26
Also published as: CN109412754B

Abstract

The present invention relates to a kind of data storage, distribution and access methods for encoding cloud, belong to wireless storage and transmission technique field.It stores and distributes and data access two parts including data；Data storage and distribution include: that 1. pairs of initial data carry out level encoder；2. symbol after level encoder is divided into dispersion and core data group；3. a pair dispersion data group carries out fountain coding and generates dispersion cloud；4. generating core cloud based on core data group；Data access includes: to skip to B after A. core Cloud Server receives user's request；B, access request is authenticated, core cloud fountain coding is generated enough codings after passing through and wrapped to request user by certification；C, the coding packet received and dispersion cloud joint decoding are restored initial data by request user.Even if this method is limited based on dimension so that the whole dispersion cloud data of user's acquisition have security performance good and the advantage of fast response time if core cloud data are not added can not also obtain initial data.

Description

A kind of data storage, distribution and access method encoding cloud

Technical field

The present invention relates to it is a kind of encode cloud data storage, distribution and access method, belong to data encoding, encryption and decryption, Data storage and cloud storage technical field.

Background technique

Nearly ten years, with advances in technology, each row is widely used in the technology stored again after data encoding In each industry.It is local that commodity, product and material etc. are classified, sorted and numbered, then carry out beyond the clouds the storage of information with Tracking and managing, this type it is very universal.It, can be by the number such as file, code when what is stored and accessed is data itself According to deposit cloud after coding: such as Ali's cloud and Baidu's cloud.

However, the existing cloud storage method for mass data is mainly according to access password, digital signature and certification Based on mode.When forge password, signature and authentication information occur when, storage end there is no enough abilities identify "true", "false" or " enemy " and " friend ".Therefore, leakage of data event happens occasionally.

The mixing storage system based on fountain codes and cloud storage is documented, had both overcome existing for cloud storage system " all data all simultaneously be stored into cluster of server " also overcome point-to-point storage system " distributed data storage is one-to-one Pair group in cause data reset terminal severely damaged " the shortcomings that.Propose the data packet that mixing storage system stores needs Cloud storage quickly is uploaded to, while also protecting the privacy of user.The mode of this distributed storage, overcomes in data set and deposits Storage can lead to not the shortcomings that restoring because being destroyed, and have certain data and generate safety.Though but this mixing storage system The drawback of data storage survivability difference is so overcome, and improves the flexible and robustness of data storage, access using fountain codes, But it in this way, is ganged up if there is certain " power user " with other users, is collected into enough distributing storage datas, just It can be calculated by the decoded mode of fountain and recover the data for being not belonging to oneself access authority originally, cause leaking data.

In addition, there are also documents to be related to dynamic monitoring and correcting data error error-check, specifically: data access passes through unification Storage service access interface；Secure data area conciliates closely knit existing, storage scheduling controlling coding and solution by the encryption of information Code realizes correcting data error and error detection, is furthermore provided with interface, module or unit that dynamic monitors cloud performance.

Network storage mode more commonly used at present includes: that user deposits data by the storage of certain cipher mode to network Reservoir；User fetches encryption data from network memory and decrypts when needing using these data, to restore data.Using This mode carries out data storage, and the safety of data depends on the intensity of Encryption Algorithm.Currently used Encryption Algorithm It is built upon on the high computation complexity problem being difficult to resolve, if hacker has broken through used Encryption Algorithm, using these calculations The data of method storage just lose protection, and safety cannot be guaranteed.More importantly after hacker breaks through certain Encryption Algorithm, This know-how may be guarded, and steals data using this algorithm.Except algorithm may be broken, due to distributed computing, amount The technologies rapid development such as son calculating, the computing capability of hacker are increasingly enhanced, this to establish asks in the high computation complexity being difficult to resolve The safety of method for secure storing on topic also constantly reduces.

As previously mentioned, illegal " power user " with powerful capacity gauge, is able to use enough resources, such as high property Can array of computers group and distributed data listen to means, obtain enough multi informations, so that data be stolen, bring cloud storage with Dissemination system data and the hidden danger of privacy of user leakage.This explanation, although the above-mentioned prior art is from distributed storage and entangles inspection Two aspect of mistake protects the distribution, storage and secure data area of data, but its reliability and safety all exist very The space that can be promoted greatly.

Summary of the invention

It is an object of the invention to overcome existing cloud storage low with Information Security existing for distribution technology and service effect The low technological deficiency of rate proposes a kind of data storage, distribution and access method for encoding cloud.

A kind of data storage, distribution and access method encoding cloud, including data storage and distribution and data access two Part；

Wherein, storage and distributing portion, include the following steps:

Step (1) data set provider carries out first order coding to K symbol of source data of data storage and distribution to be carried out Generate N number of symbol；

Wherein, N is to go out K source data using the corresponding Maximum likelihood sequence decoder energy decoding success of first order encoder The minimum length of symbol；And the first order is encoded to the inverible transform with hash characteristic, including interleaver and nonsystematic error correction are compiled Code cascade device, des encryption algorithm, IDEA encryption algorithm, TEA Encryption Algorithm, RSA cryptographic algorithms and other private keys or public key add One of close algorithm；

When the first order be encoded to des encryption algorithm, IDEA encryption algorithm, TEA Encryption Algorithm, RSA cryptographic algorithms and its When one of its private key or public key encryption algorithm, code key S；

Wherein, the purpose of first order coding is so that data is had hash characteristic, and Encryption Algorithm and key S can be disclosed；

Wherein, hash characteristic refers to: after the first order encodes, each coded identification has phase with other many symbols Mutual the constraint relationship, the variation of an input symbol, may cause the great changes of output sequence；Corresponding level-one decodes defeated Enter to hold few error code can cause a large amount of mistake of decoded output, that is, there is the pernicious propagation characteristic of mistake；

The N number of symbol generated through first order coding is carried out data fractionation by step (2), splits into N respectively₁A and N₂A symbol Number, and corresponding deposit dispersion block and core block；

Q is enabled to indicate the complete or collected works of N number of symbol composition, A₁It is N₁The set of a symbol composition, A₂It is N₂The collection of a symbol composition It closes；A₁UA₂=Q, and | A₂-A₁| > 0；A₁UA₂Indicate set A₁With set A₂And；

|A₂-A₁| indicate set A₂-A₁Gesture, A₂-A₁Indicate A₂And A₁Difference set；

Error Correction of Coding and digital signature can be added in dispersion block and core block, to guarantee the reliability and integrality of data；

Step (3) carries out fountain coding to the data in dispersion block, and is distributed in different dispersion clouds；

Wherein, dispersion cloud storage is not required to authorization with regard to addressable server or depositing by other non-data supplier to user Reservoir；

Data set provider and non-data supplier are allowed to shared dispersion cloud；

Wherein, fountain coding is known as second level coding A, and the fountain coding parameter of second level coding A can disclose；

Step (4) stores the data in core block into core cloud；

Wherein, core cloud storage is in the server or memory for only authorized user being allowed to access；

Data access portion includes the following steps:

Step (A) user goes out dispersion block data from disclosed dispersion cloud computing；

Step (B) core Cloud Server waits user to request access to core block data, until receiving the access request of user；

Step (C) core Cloud Server verifies user identity, if user is by authorization, core Cloud Server is to core block Data carry out fountain coding and transmit the data packet after encoding to authorized user, skip to step (D)；If user does not pass through authorization, Then skip to step (B)；

Wherein, core Cloud Server is the server or memory for storing core cloud；

Wherein, fountain coding is known as second level coding B；

The dispersion block stored in data packet after the fountain coding that step (D) user receiving step (C) transmits, with dispersion cloud Data calculate N number of symbol before data are split through fountain decoding together；

Step (E) user obtains the source data of data set provider sending by the decoding process of first order coding；

Wherein, the decoding process of first order coding, referred to as level-one decode.

Beneficial effect

A kind of data storage, distribution and access method encoding cloud proposed by the present invention has compared with prior art It is following the utility model has the advantages that

1. this method is compared with the traditional method, advantage first is that dual fail-safe in the data of storage and distribution: i.e. not only From certification angle assuring data security, on the other hand by the symbol after exports coding rather than the source data to be asked for so that Even if forging a signature through certification, core cloud data are taken, initial data can not be also recovered；

2. this method can be used for individual consumer's storage and request, it is readily applicable to the storage access of user group and asks It asks；

3. this method is compared with prior art, even if being limited based on dimension so that user obtains the number in all dispersion clouds According to, if core cloud data are not added can not also obtain initial data, the Core Superiority for having security performance good, and can accomplish " really secrecy ", as long as protecting the access safety of core cloud, no matter unauthorized access person how many computing resource, practical and reason By the upper data that can not all crack user's storage；

4. this method makes, the service of data storage and distribution is more quick, it is more flexible and efficient to realize；When user's free time Dispersion cloud data can be distributed to deposit dispersion Cloud Server；When user needs to access, that is, service is generated, core need to be only transmitted Heart cloud data are to produce the access request needed, have data acquisition high-efficient and the advantage of fast response time.

Detailed description of the invention

Fig. 1 is a kind of process signal for data storage, distribution and the access method and embodiment 1 for encoding cloud of the present invention Figure；

Fig. 2 is a kind of data storage for encoding cloud of the present invention, the individual or enterprise of distribution and access method in embodiment 2 The secure cloud storage method of data；

Fig. 3 is a kind of data flow for data storage, distribution and the access method and embodiment 4 for encoding cloud of the present invention Figure；

Fig. 4 is implement scene signal in a kind of data storage, distribution and access method embodiment 8 for encoding cloud of the present invention Figure.

Specific embodiment

The invention will be further described with specific embodiment with reference to the accompanying drawing.

Embodiment 1

The present embodiment describe using it is of the present invention it is a kind of encode cloud data storage, distribution and access method into The specific implementation of the storage of row data and distribution and access.

Fig. 1 is a kind of flow diagram for data storage, distribution and the access method for encoding cloud of the present invention.

It will be seen from figure 1 that specific to the present embodiment coding cloud data storage with distribution method in data storage and Distributing portion includes the following steps:

Step 1) carries out first order coding to K symbol of source data of data storage and distribution to be carried out and generates N number of symbol Number；

Wherein, the first order is encoded to the inverible transform with hash characteristic, and the purpose is to so that data is had hash characteristic, packet Include intertexture and nonsystematic Error Correction of Coding cascade device, des encryption algorithm, IDEA encryption algorithm, TEA Encryption Algorithm, RSA cryptographic algorithms And one of other private keys or public key encryption algorithm；

Wherein, when the first order be encoded to des encryption algorithm, IDEA encryption algorithm, TEA Encryption Algorithm, RSA cryptographic algorithms with And when one of other private keys or public key encryption algorithm, the code key of first order coding is S, and Encryption Algorithm and key at this time S can be disclosed；

Wherein, there is data hash characteristic to refer to: after the first order encodes, each coded identification and other many symbols Number there is mutual the constraint relationship, the variation of an input symbol may cause the great changes of output sequence；Corresponding level-one The few error code of the input terminal of decoding can cause a large amount of mistake of decoded output, that is, there is the pernicious propagation characteristic of mistake.

This step carries out first order coding, and the indirect data for being intended to access are stored into cloud；So that even if subsequent steal Listen user pass through forge a signature step 2) and step C is added) in authorization take number of the core cloud data after fountain coding According to packet, initial data can not be also recovered；

The N number of symbol generated through first order coding is carried out data fractionation by step 2), splits into N1 and N2 symbol, Dispersion block and core block are generated respectively；

Q is enabled to indicate the complete or collected works of N number of symbol composition, A₁It is N₁The set of a symbol composition, A₂It is N₂The collection of a symbol composition It closes；A₁UA₂=Q, A₁UA₂Indicate A₁And A₂Union, and | A₂-A₁| > 0；

Wherein, | A₂-A₁| indicate set A₂-A₁Gesture, A₂-A₁Indicate A₂And A₁Difference set；

Error Correction of Coding and digital signature can be added when in dispersion block and core block, to guarantee the reliability of data and complete Property；

When specific implementation: | A₂-A₁| value range be 0.05N to 0.2N, i.e. 5% to the 20% of N, value acquirement is bigger, Safety is higher；But the amount of storage demand of core memory can also correspondingly increase；

Further, in order to guarantee the reliability and integrality of data, when it is implemented, can be in dispersion block and core block Data Error Correction of Coding appropriate and digital signature is added；Digital signature herein guarantees the integrality of institute's storing data, prevents Hacker's data falsification carries out pollution attack；

Step 3) carries out fountain coding to the data in dispersion block, generates dispersion cloud, and dispersion cloud is distributed storage In the server that may have access to user or by the memory of other non-data supplier；

The coding mode and coding parameter of fountain coding used in dispersion cloud allow disclosure, allow the user to basis point Scattered clouds calculates dispersion block；

Step 4) stores into core cloud the data in core block；

Wherein, for core cloud storage in core Cloud Server, core Cloud Server is the clothes for only authorized user being allowed to access Business device or memory；

Wherein, the fountain coding in step 3) is known as second level coding A, is specifically cascaded using high code rate LDPC code and LT code, That is Raptor coding is realized；

Data access portion includes the following steps:

Step A) user from disclosed dispersion cloud computing goes out dispersion block data；

Step B) core cloud waits user to request access to core block data, until receiving the access request of user；

Step C) core cloud service module verification requests user, if user, by authorization, core cloud service module passes through Fountain coding mode distributes core block data to authorized user；If user does not pass through authorization, step (B) is skipped to；

Wherein, step C) in fountain coding be known as second level coding B；

Service module mainly includes core cloud service module and dispersion cloud service module, to operate in server end and user The service software of client, for completing the storage, distribution and access function of data；

Step D) user decodes through fountain and calculates the data for including in core block, then combines core block and dispersion block, Source data is recovered through level-one decoding using known code key and decipherment algorithm.

Embodiment 2

The present embodiment describes the specific requirements that service provider is directed to certain client, using a kind of coding cloud of the present invention Data storage, distribution and access method carry out the detailed process of data storage and distribution.

The following table 1 is the annual screening achievement table of certain company, wherein list individual privacy, including name, the age, position, Rewards and punishments and annual screening result.These information should not to all employees of the said firm as it can be seen that should be to management level either Special rights user can access, and to avoid privacy leakage, cause adverse effect to company.

The annual achievement table of 1 certain company of table

The following table 2 be in table 1 data carry out level encoder after, then carry out core data group and dispersion data group classification after Result；The corresponding message of every serial number, which has, makes a summary in plain text as index.

The result that table 2 carries out level encoder to the data in table 1 and data are split

Data are the data after level encoder in core cloud in table 2；The data of 3 dispersion cloud respective columns are by the Data after second level coding, and the content of 2 bracket of table is digital signature.

Specific to the present embodiment, including data storage and two processes of data distribution:

Wherein, data store, and include the following steps:

Each in table 1 is wanted the data encoding of storage and distribution at core cloud and dispersion cloud by step i. service provider；

Wherein, service provider refers to data set provider；

Step ii. core cloud is stored in the core Cloud Server of oneself by service provider, and forbids unauthorized access；

The dispersion cloud dispersion storage that step iii. service provider will deposit is into each distribution server；

Wherein, each distribution server also referred to as disperses Cloud Server；

Wherein, step ii and step iii can be executed or exchange sequence parallel；

Wherein, the distribution server of each storage dispersion cloud data allows user to access, and user is encouraged to copy mutually With it is shared；

Wherein, user is the user of data, anyone proposes user accesses data request, and the identity of the people is exactly at this time User；

Such as:

When data set provider proposes user accesses data request, data set provider is exactly user；

When non-data supplier proposes user accesses data request, non-data supplier is exactly user；

Plaintext abstract is attached to after core cloud and each item dispersion cloud by step iv. service provider；

Abstract can also be centrally stored into core Cloud Server in plain text, and for providing retrieval service, it may be assumed that user according to Keyword retrieval to be offered is plucked in plain text goes out corresponding dispersion cloud and core cloud number；Corresponding point is obtained from dispersion Cloud Server Then scattered clouds requests from core Cloud Server and obtains corresponding core cloud data；

The effect of abstract in plain text are as follows: the index relative of core cloud with corresponding dispersion cloud is provided, facilitates user fast and efficiently It finds oneself interested data and is restored.If abstract is with dispersion cloud storage in plain text, make a summary in plain text and dispersion cloud Data participate in the calculating of digital signature together, guarantee that abstract will not be tampered in plain text.If abstract is stored in core cloud clothes in plain text It is engaged in device, then these plaintext summary datas are read-only data for a user, and user cannot modify.

Data dissemination process is as follows:

Step A1. user finds interested content by abstract in plain text, and then to kernel service, it initiates the visit of core cloud Ask request；

Step A2. core Cloud Server authenticates user's request, the core after distributing fountain coding to legitimate request person Heart cloud data；

Wherein, fountain coding is known as second level coding B, and pseudorandom number generator needed for the fountain coding divides to user It generates, after user is by authentication, is sent from core cloud service module to user, mode is as follows in real time when sending out data:

(1) user selects the public key cryptography system based on RSA or elliptic curve, chooses public key Ka and private key Kb, open Used Encryption Algorithm and public key Ka, secret hold private key Kb；

(2) randomizer seed required for fountain coder encodes is randomly generated in core Cloud Server, uses use The Encryption Algorithm and public key Ka at family send this seed encrypted to user；

(3) user's use decipherment algorithm corresponding with (2) recovers the fountain coding of second level coding B using private key Kb Random generator seed obtains the coding mode of second level encoder；

In step A2, generated in real time when sending data using the fountain coding mode of second level coding B, core cloud Service module encrypts coding mode by the public key of user.After user receives the coding mode data of encryption, using certainly It is decrypted in oneself private key, obtains the coding mode of fountain coding, and legitimate user being capable of normal decoding data.For illegal User, even if the access that it steals the ID of legitimate user by certain mode and entry password successfully passes core cloud data is reflected Power, but the private key Kb due to not knowing user are unable to get the fountain coding mode and parameter of second level coding B, will be unable to solve Ciphertext data, this greatly improves the safeties of data access.In network communications, user password is frequently used, and user often makes Password is generated with the number or monogram of some easy memories, can also transmit these passwords in a network sometimes, thus is used The registered permanent residence enables the risk being stolen higher；Key Kb is not involved in transmission of network, and the mode that certain secret safety can be used in user is deposited It stores up and reads it, the risk that Kb is stolen by hacker is very low.

After step A3. user obtains data, core cloud service module is read in user after data, after a suitable amount of time The plaintext recovered and corresponding core cloud data (i.e. " burn-after-reading ") are irretrievably deleted from user terminal；

It should be noted that centralized system storage can be used in core cloud, distributed storage can also be used, and only authorize User is just allowed access to core cloud.

Therefore, it can be seen that: the method for the invention can accomplish " the really secrecy " of data, as long as protecting core The access safety of cloud, because are as follows: dispersion cloud data are also intended to after carrying out fountain coding before core cloud data distribution by coding Distribute again.And core cloud and dispersion cloud because dimension not full rank the problem of, i.e., after there is no whole initial data codings in dispersion cloud Symbol, in this way, no matter illegal user how many computing resource, data that are practical and theoretically can not all cracking user's storage.

Embodiment 3

The present embodiment describe a kind of data storage, distribution and access method for encoding cloud of the present invention be applied to it is personal or The secure cloud storage method of business data, as shown in Figure 2.

A kind of personal or business data secure cloud storage method, including data storage and distribution and two ranks of data access Section；

Wherein, data storage and distribution, include the following steps:

Data are decomposed into dispersion block and core block by step 1i. data storage person, and are separately encoded and are generated core cloud and divide Scattered clouds；

Wherein, data storage person is the individual using data storage service or enterprise；

The cloud platform that step 2i. data storage person provides dispersion cloud storage to cloud storage service quotient；

Wherein, each piece of dispersion cloud includes digital signature, to guarantee the integrality of every block number evidence；

For storage service used in the present embodiment, coding mode and coding parameter can be underground, further to mention The safety of high institute's storing data；

Core cloud storage in the core cloud storage of local security, is forbidden other people to access by step 3i. data storage person；

Wherein, the cloud platform of the cloud storage service quotient in step 2i and step 3i and core cloud storage are data Supplier；

Step 1i to step 3i is based on dimension and is limited principle, even if making that the user that data access must be obtained all Disperse the data in cloud, if core cloud data are not added can not also obtain initial data, with the good Core Superiority of security performance.

The data access stage, i.e., when data storage person needs to restore data, concrete operations include the following steps:

Step k1. data storage person reads enough dispersion clouds from dispersion Cloud Server, and decodes and recover dispersion block；

Wherein, the cloud platform that the cloud storage service quotient that dispersion Cloud Server is step 2i provides；

Step k2. data storage person accesses local core cloud storage and obtains core cloud, and recovers core by decoding Heart block；

Step k3. combination dispersion block and core block calculate complete initial data.

Embodiment 4

The present embodiment narration uses a kind of coding cloud data storage and distribution of the present invention and access method single user The specific implementation of storage, distribution and access.The specific implementation for being divided to two aspects of personal user and user group data to operate.

Fig. 3 is a kind of data flow for data storage, distribution and the access method and embodiment 3 for encoding cloud of the present invention Figure.

When it is implemented, including that data store and distribute and two processes of data access；

Wherein, data storage and distribution, include the following steps:

Step 1: wanting the initial data of storage and distribution to carry out level encoder active user k, after obtaining level encoder Symbol；

Wherein, the initial data of active user k is N-bit, the coding mode of level encoder be non-system redundancy coding, In des encryption algorithm, IDEA encryption algorithm, TEA Encryption Algorithm, RSA cryptographic algorithms and other private keys or public key encryption algorithm One kind；

Symbol numbers after level encoder are L, and L is the minimum symbol quantity that can restore N-bit initial data；

Wherein, k is the number of active user；

Step 2: the symbol after step 1 encodes is divided into dispersion data group and core data group；

Wherein, dispersion data group is that a part in the symbol extracted after step 1 redundancy encoding generates, and is denoted as D_k, And each symbol dispersed in data group has symbol ID；

Wherein, core data group is to disperse the supplementary set of data group, is denoted as C_k, C_kQuantity be L_k, L_kIt is that can restore C_kMiddle institute There is the minimum symbolic number of symbol；

When it is implemented, core data group is to restore C_kAssemble of symbol；C_kTo disperse data group D_kThe possibility of reversal of supplementary set It gets in return；

Step 3: carrying out fountain coding to dispersion data group, then the cell member group code exported after fountain coding is stored Enter to disperse cloud；

Wherein, disperse the kind that symbol ID in data group is used to generate the distribution of fountain coding degree and encoder pseudo-random generator Son；

The coding mode for dispersing cloud is related with the storage number of dispersion cloud user；When it is implemented, in step 3, dispersion Symbol is the linear transformation of Customs Assigned Number or information itself relevant to Customs Assigned Number or information in data group.For generating spray The seed of the distribution of spring coding degree and encoder pseudo-random generator is the uniform enconding of symbol serial number；

Wherein, dispersion cloud be not required to authorize and authenticate, be the server that any user can arbitrarily be accessed, it is all with per family by Allow and encourage mutual copy data or shared dispersion cloud；The quantity for dispersing cloud is X, X >=2；

The cell member group code stored in dispersion cloud has collection to neutralize distribution storage two ways；The cell stored in dispersion cloud Tuple total number of symbols is D, and D < N；

Step 4: carrying out fountain coding to the symbol in core data group, the cell member group code after coding generates core Cloud；

Wherein, the quantity of core cloud is Y, Y >=1；The cell tuple total number of symbols stored in core cloud is C, and C >= C_k, C+D > L；

Wherein, core cloud is the Core server for only authorized user being allowed to access；

Data access includes the following steps:

Step A, core cloud waits request user to the access request of core data group, until receiving request user to core The request of data group skips to step B, if not receiving, continues waiting for；

It wherein, include user authentication information and symbol ID in access information；Request user is active user k or other are legal User；

Step B, after core cloud receives request, access request is authenticated first, if certification does not pass through, core cloud Refusal sends fountain coding packet to request user, skips to step A；If certification passes through, fountain is generated with symbol ID or User ID The seed of the distribution of coding degree and encoder pseudo-random generator, and export at least L_kA cell member group code, and form fountain volume Request user is issued after code packet；

If request user is illegal user, and illegal user has stolen the ID number and password of legitimate request user；It can be with The code segment mode and parameter that the second level encodes B are sent by dynamic password and short message certification, can be reinforced in this way Data safety；

It step C, will be in the fountain coding packet that received after request user receives the fountain coding packet that core cloud is sent Cell member group code carries out fountain codes decoding together with the cell member group code in the dispersion data group stored in dispersion cloud, until It is successfully decoded；

Step D carries out level-one to the symbol of the successfully decoded output of fountain codes of step C output again and decodes process, final to restore Out in data storing steps one active user k initial data；

After step E requests user to obtain data, the core block in core cloud is after user reads data, in reasonable time The plaintext recovered and corresponding core cloud data are irretrievably deleted from request user terminal later.

Embodiment 5

The present embodiment describe user group using the present invention it is a kind of encode cloud data storage, distribution and access method into The detailed process of row data storage and distribution.

Wherein, user group is research group or the client group of certain company, has relevance between the user in user group, This relevance embodies are as follows: the data sharing of user, such as software, project document and exploitation program code；But outside user group Member cannot access the shared data of user in the user group.

The process of the data sharing of user includes data storage and distribution and data access portion in user group.

Wherein, data storage and distribution, include the following steps:

Step I, initial data shared to active user's group carries out level encoder, the symbol after being encoded；This level-one It is encoded to nonsystematic Reed-Solomon coding, initial data is S parts, and i-th part of original data bits are S_iIt is a；

It wherein, include S user, S >=2 in active user's group；

Minimum symbol quantity is L after remembering the coding that can restore all S parts of initial data_SIt is a；

Step II, the symbol after step I coding is divided into two groups: dispersion data group and core data group, then by L_DIt is a Symbol is put into dispersion data group；

Wherein, dispersion data group is that a part in the symbol extracted after step I redundancy encoding generates, specific implementation When, ratio is preferably 80%；It is denoted as D；Its quantity is L_D,L_D<L_S；

By L_DWhen a symbol is stored into T dispersion data group, needs to store simultaneously and be stored in corresponding dispersion data group Primary sign serial number and terminal serial number；

Wherein, the supplementary set for dispersing data group D, is denoted as C, specific to this example, is " can restore all number initial data " L_SThe linear transformation of supplementary set or supplementary set that D is obtained is removed in a symbol；

The quantity for remembering C is L_c, core data group is to restore the set of all symbols in C；

Symbol quantity in core data group is more than or equal to L_C, L_CFor the supplementary set C of dispersion data group D can be restored most Few symbol quantity；

Step III, Raptor fountain coding is carried out to the symbol in dispersion data group, the cell member group code after coding is deposited Enter T dispersion cloud；

Wherein, T > 1；

Raptor fountain coding generates fountain coding based on starting and terminal serial number in corresponding dispersion data group Degree and random number seed；

Wherein, the quantity for dispersing cloud is X, X >=2, is greater than S specific to the quantity of this example dispersion cloud；Disperse in cloud The symbol of storage is dispersed the total number of symbols stored in cloud and is less than the symbol dimension in initial data included using distribution storage mode Degree；

When it is implemented, dispersion cloud is storable in user terminal, may also be stored in the server of dispersion；Each dispersion cloud There is the number of the cell member group code corresponding relationship stored with it；Each dispersion cloud bar has digital signature, prevents from wherein storing Data are destroyed, and guarantee the integrality of each dispersion cloud data；

Customs Assigned Number is unrelated with the dispersion number of cloud；

Step IV, fountain coding is carried out to symbol in core data group, the cell member group code after coding generates core cloud；

Wherein, the quantity of core cloud is Y, Y >=1；The cell tuple assemble of symbol stored in core cloud is that can restore C's Assemble of symbol；

Data access includes the following steps:

It wherein, include user authentication information and symbol ID in access information；Request user is active user or other are legal User；

Step b, after core cloud receives request, access request is authenticated first, if certification does not pass through, core cloud Refusal sends fountain coding packet to request user, skips to step a；If certification passes through, fountain coding degree point is generated with symbol ID The seed of cloth and encoder pseudo-random generator, and export at least L_kA cell member group code, and form fountain coding Bao Houfa To request user；

Step c, after requesting the user k in user group to receive the fountain coding packet that core cloud is sent, the spray that will be received Cell member group code in spring coding packet is sprayed together with the cell member group code in the dispersion data group stored in dispersion cloud Spring code decoding, until successfully decoded；

Step d, level-one is carried out to the symbol of the successfully decoded output of fountain codes of step c output and decodes process, it is final to restore The shared initial data of step I active user group in data storage procedure out.

Embodiment 6

The coding cloud data storage can be used for one of individual consumer's storage and request, application therein with distribution method As described in the content of present invention and as described in embodiment 4.Possessing the legitimate user of dispersion cloud, this user can be active user k, It can not be；Can also be the user group for possessing legal identity, that is, it may also be possible to apply the invention for user group storage access and Request, one of concrete operations are as described in Example 5.

Since " legitimate user for possessing dispersion cloud " is limited by dimension, even if having collected the symbol stored in all dispersion clouds Number, it is also necessary to Core server request data, it is likely to restore initial data.

Embodiment 7

When it is implemented, can be authenticated by the way of digital signature.Core cloud can not be obtained by forging Customs Assigned Number Data, even if raw information can not also be restored and generate service by obtaining core cloud data.

Embodiment 1 distributes symbol of the initial data for generating dispersion cloud and core cloud after level encoder into embodiment 6 Ratio is as follows:

Preferred proportion 1: dispersion cloud 90%, core cloud 10%；

Preferred proportion 2: dispersion cloud 80%, core cloud 20%；

In above-mentioned two preferred proportion, dispersion cloud assumes responsibility for the storage and distribution of most of data, and data set provider can To be distributed generation dispersion cloud to data using the idle period of user, it is restored again into dispersion Cloud Server；Aforementioned proportion makes Work load is light for obtaining the storage of core cloud and distributing relative distribution cloud.

It is thereby achieved that faster, flexible and efficient storage and distribution.

Embodiment 8

Fig. 4 is implement scene schematic diagram in a kind of coding cloud data storage of the present invention, distribution and access method.

From fig. 4, it can be seen that when specific implementation:

Firstly, the initial data of space-time dispersion converges to core Cloud Server through cordless communication network；

Wherein, the data set provider of initial data can be the mobile phone user in move vehicle, be also possible in building Smart machine user；

Secondly, data server carries out level encoder to initial data, then coded data is split and is stored as core cloud With dispersion cloud；

Third, user obtain dispersion cloud, reuse the ID request core cloud data of oneself and restore source data；

The form of memory of storage dispersion cloud can be various, can be local storage and is also possible to private server；

When user needs to access, that is, service is generated, need to only transmit core cloud data and produce the access request needed, tool There is data acquisition high-efficient and the advantage of fast response time.

The above is presently preferred embodiments of the present invention, and it is public that the present invention should not be limited to embodiment and attached drawing institute The content opened.It is all not depart from the lower equivalent or modification completed of spirit disclosed in this invention, both fall within the model that the present invention protects It encloses.

Claims

1. a kind of coding cloud data storage, distribution and access method, it is characterised in that: store and distribute including data and visited with data Ask two parts；

Wherein, data storage and distribution, include the following steps:

Step (1) data set provider carries out first order coding to K symbol of source data of data storage and distribution to be carried out and generates N A symbol；

The N number of symbol generated through first order coding is carried out data fractionation by step (2), splits into N respectively₁A and N₂A symbol, and Corresponding deposit dispersion block and core block；

Q is enabled to indicate the complete or collected works of N number of symbol composition, A₁It is N₁The set of a symbol composition, A₂It is N₂The set of a symbol composition； A₁UA₂=Q, A₁UA₂Indicate set A₁With set A₂And；And | A₂-A₁| > 0；

Wherein, fountain coding is known as second level coding A；

Step (4) stores the data in core block into core cloud；

Data access portion includes the following steps:

Step (A) user is based on disclosed dispersion cloud computing and goes out dispersion block data；

Step (C) core Cloud Server verifies user identity, if user is by authorization, core Cloud Server is to core block data Data packet after carrying out fountain coding and transmitting from coding to authorized user, skips to step (D)；If user does not pass through authorization, jump To step (B)；

Wherein, fountain coding is known as second level coding B；

The dispersion block data stored in data packet after the fountain coding that step (D) user receiving step (C) transmits, with dispersion cloud N number of symbol before data are split is calculated through fountain decoding together；

Step (E) user obtains the source data of data set provider sending by the decoding process of first order coding.

2. a kind of coding cloud data storage, distribution and access method according to claim 1, it is characterised in that: step (1) In, N is the minimum for going out K source data symbol using the corresponding Maximum likelihood sequence decoder energy decoding success of first order encoder Length；And the first order is encoded to the inverible transform with hash characteristic, including interleaver and nonsystematic Error Correction of Coding cascade device, In des encryption algorithm, IDEA encryption algorithm, TEA Encryption Algorithm, RSA cryptographic algorithms and other private keys or public key encryption algorithm One kind；

When the first order is encoded to des encryption algorithm, IDEA encryption algorithm, TEA Encryption Algorithm, RSA cryptographic algorithms and other privates When one of key or public key encryption algorithm, code key S.

3. a kind of coding cloud data storage, distribution and access method according to claim 1, it is characterised in that: step (1) In, the purpose of first order coding is so that data is had hash characteristic, and Encryption Algorithm and key S can be disclosed.

4. a kind of coding cloud data storage, distribution and access method according to claim 1, it is characterised in that: step (2) In, Error Correction of Coding and digital signature can be added when in dispersion block and core block, to guarantee the reliability and integrality of data.

5. a kind of coding cloud data storage, distribution and access method according to claim 1, it is characterised in that: step (3) In, dispersion cloud storage to user is not required to authorization with regard to addressable server or by the memory of other non-data supplier.

6. a kind of coding cloud data storage, distribution and access method according to claim 1, it is characterised in that: step (3) In, data set provider and non-data supplier are allowed to shared dispersion cloud.

7. a kind of personal or business data secure cloud storage method, it is characterised in that: including data storage and distribution and data Access two stages；

Wherein, data storage and distribution, include the following steps:

Data are decomposed into dispersion block and core block by step 1i. data storage person, and are separately encoded and are generated core cloud and dispersion cloud；

Wherein, the cloud platform of the cloud storage service quotient in step 2i and step 3i and core cloud storage are that data provide Person；

Step 1i to step 3i is based on dimension and is limited principle, even if obtaining the user that must data be carried out with unauthorized access all Data in dispersion cloud, even if the illegal user possesses unlimited computing resource, can not also obtain if core cloud data are not added Initial data, with the good Core Superiority of security performance；

Step k2. data storage person accesses local core cloud storage and obtains core cloud, and recovers core block by decoding；