CN109558754B - Backup data anti-theft method and device - Google Patents
Backup data anti-theft method and device Download PDFInfo
- Publication number
- CN109558754B CN109558754B CN201811453948.7A CN201811453948A CN109558754B CN 109558754 B CN109558754 B CN 109558754B CN 201811453948 A CN201811453948 A CN 201811453948A CN 109558754 B CN109558754 B CN 109558754B
- Authority
- CN
- China
- Prior art keywords
- data
- logical volume
- extracted
- backup
- residual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1458—Management of the backup or restore process
- G06F11/1469—Backup restoration techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/0614—Improving the reliability of storage systems
- G06F3/0619—Improving the reliability of storage systems in relation to data integrity, e.g. data losses, bit errors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
- G06F3/0622—Securing storage systems in relation to access
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0662—Virtualisation aspects
- G06F3/0665—Virtualisation aspects at area level, e.g. provisioning of virtual or logical volumes
Abstract
The invention relates to the technical field of data backup, in particular to a method and a device for preventing backup data from being stolen. The method comprises the following steps: receiving backup data transmitted by a backup client and determining an extraction factor; extracting the backup data to obtain extracted data and residual data; creating a logical volume, and storing the extracted data and the residual data in the logical volume to generate an extracted data logical volume and a residual data logical volume; storing the extraction factor into a local database; reading the extraction factor from the local database; reading the extracted data and the residual data from the extracted data logical volume and the residual data logical volume; and merging the extracted data and the residual data according to the extraction factor to generate complete backup data. The invention can realize that under the condition that partial data or all data of the user is stolen, the stealer still can not obtain the data content of the user; the method is suitable for local storage and cloud storage, and the safety problem of the user data is solved from the technical level.
Description
Technical Field
The invention relates to the technical field of data backup, in particular to a method and a device for preventing backup data from being stolen.
Background
With the continuous development of computer technology and network technology, the data volume of various data is explosively increased, and the importance of the data is also continuously improved; data backup is an essential component of a complete IT system, and is the last line of defense in protecting data from loss and corruption.
Data backup is required to not only realize backup of various service systems, applications and the like, but also ensure the safety of backup data. At present, the data backup technology is mature, and can support the backup of various applications such as files, databases, operating systems, virtualization, application systems and the like; however, in terms of security of backup data storage, the backup data is generally directly stored in a local storage medium without being encrypted; with the gradual popularization of cloud computing technology, more and more data are backed up on a cloud platform by a user, data stored on the cloud platform by the user are mainly protected by a cloud storage service provider, the data in cloud storage are generally protected by a service provider in an encryption mode, the data of the user can not be leaked under general conditions, but the cloud storage service provider cannot be guaranteed to steal commercial data or private data of the user at a technical level, and only restraint can be carried out through morality and law.
To this end, we propose a method and apparatus for anti-theft of backup data to solve the above problems.
Disclosure of Invention
The invention aims to solve the defects that the traditional backup data storage safety is low and cloud storage data can not be protected in a technical level in the prior art, and provides a method and a device for preventing backup data from being stolen.
In order to achieve the purpose, the invention adopts the following technical scheme:
a method for backup data anti-theft, the method comprising:
receiving backup data transmitted by a backup client and determining an extraction factor;
extracting the backup data to obtain extracted data and residual data;
creating a logical volume, and storing the extracted data and the residual data into the logical volume to generate an extracted data logical volume and a residual data logical volume;
and saving the extraction factor into a local database.
The method for preventing the backup data from being stolen further comprises the following steps of:
reading the extraction factor from a local database;
reading the extracted data and the residual data from the extracted data logical volume and the residual data logical volume;
and merging the extracted data and the residual data according to the extraction factor to generate complete backup data.
Optionally, the receiving the backup data transmitted by the backup client and determining the extraction factor include:
determining the required extraction factor by a user, and determining a data extraction position according to the extraction factor;
the extraction factor is the number of bytes of the extracted data.
Optionally, the extracting the backup data to obtain extracted data and remaining data includes:
and extracting the backup data according to the extraction factor and the data extraction position, wherein the extracted data is the extracted data, and the data which is not extracted is the residual data.
Optionally, the creating a logical volume, and storing the extracted data and the remaining data in the logical volume to generate an extracted data logical volume and a remaining data logical volume specifically includes:
creating a plurality of logical volumes on a storage medium, and defining formats of the plurality of logical volumes;
and selecting a logical volume from the plurality of logical volumes, acquiring the position of the logical volume, and storing the extracted data and the residual data into the logical volume to generate an extracted data logical volume and a residual data logical volume.
Optionally, the storing the extraction factor in a local database specifically includes:
and saving the extraction factor and the position of the logical volume in a local database.
An apparatus for backup data anti-theft, comprising:
the selection unit is used for receiving the backup data transmitted by the backup client and determining an extraction factor;
the extraction unit is used for extracting the backup data to obtain extracted data and residual data;
the first storage unit is used for creating a logical volume and storing the extracted data and the residual data into the logical volume to generate an extracted data logical volume and a residual data logical volume;
and the second storage unit is used for storing the extraction factor into a local database.
The device for preventing backup data from being stolen further comprises the following steps of:
the first reading unit reads the extraction factor from a local database;
a second reading unit that reads the extracted data and the surplus data from the extracted data logical volume and the surplus data logical volume;
and the merging unit merges the extracted data and the residual data according to the extraction factor to generate complete backup data.
Optionally, the extracting unit is configured to:
and extracting the backup data according to the extraction factor and the data extraction position, wherein the extracted data is the extracted data, and the data which is not extracted is the residual data.
Optionally, the first saving unit is configured to:
creating a plurality of logical volumes on a storage medium, and defining formats of the plurality of logical volumes;
and selecting a logical volume from the plurality of logical volumes, acquiring the position of the logical volume, and storing the extracted data and the residual data into the logical volume to generate an extracted data logical volume and a residual data logical volume.
The storage server side of the invention improves the storage mode, is different from the traditional backup software that stores backup data in a storage medium, creates a plurality of logical volumes on the storage medium, defines the format of the logical volumes, and each logical volume is used for storing the backed-up data; by the method, only the corresponding storage server can read the data stored in the logical volume in the storage server, so that the safety of data storage is enhanced; extracting partial information from backup data to be stored according to extraction factors, dividing the backup data into two or more independent data, and independently storing the two or more generated data in different logical volumes of a storage end; only after all the split data are merged and restored by the method of the invention, the complete backup data can be generated, so that the backup data can be normally used, even if part of or all the data of the user are stolen, the stealer still can not obtain the data content of the user, and the safety of the user data is fundamentally ensured; the method is suitable for data storage in all occasions, including local storage and cloud storage, and solves the problem of safety of user data.
Drawings
Fig. 1 shows a detailed flowchart of the storage steps of the backup data anti-theft method in embodiment 1 of the present invention;
fig. 2 shows a detailed flowchart of the recovery steps of the backup data anti-theft method in embodiment 2 of the present invention;
fig. 3 is a specific block diagram of a backup data theft prevention apparatus in embodiment 3 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Examples1
The embodiment provides a storage step of a backup data anti-theft method, which is used in a backup data anti-theft device. As shown in fig. 1, the method comprises the steps of:
s101: receiving backup data transmitted by a backup client, and determining an extraction factor:
determining the required extraction factor by a user, and determining a data extraction position according to the extraction factor;
the extraction factor is the number of bytes of the extracted data;
specifically, the extraction factor is a random seed (seed-key) and/or a random number sequence generated by the random seed, the user selects the random seed, the storage service end generates the random number sequence through the random seed, the number of random numbers in the random number sequence is the number of extraction positions, and the numerical value of the random number is the position of data to be extracted.
S102: extracting the backup data to obtain extracted data and residual data:
extracting the backup data according to the extraction factor and the data extraction position, wherein the extracted data is extracted data, and the data which is not extracted is residual data;
specifically, according to the position of the data to be extracted, the data at the position is extracted one by one, the extracted data is generated into new data a, namely extracted data, and the data remaining after extraction is generated into data B, namely remaining data.
For example, if the generated random number sequence is (2, 5, 12), the second bit and the fifth bit of the backup data are extracted as the positions. Twelfth, after the extraction position is determined, corresponding data is extracted from the extraction position, wherein the corresponding data is the number of the extraction position, namely two characters are extracted at the 2 nd position, five characters are extracted at the 5 th position, and 12 characters are extracted at the 12 th position.
S103: creating a logical volume, storing the extracted data and the residual data in the logical volume to generate an extracted data logical volume and a residual data logical volume:
creating a plurality of logical volumes on a storage medium, and defining formats of the plurality of logical volumes;
selecting a logical volume from the plurality of logical volumes, acquiring the position of the logical volume, and storing the extracted data and the residual data into the logical volume to generate an extracted data logical volume and a residual data logical volume;
specifically, the storage server generates and defines a plurality of logical volumes generated on the storage medium, where the definition includes the size, position, and other relevant attributes of each logical volume;
and the storage server selects a matched logical volume according to the sizes of the extracted data and the residual data or other storage requirements, and extracts the position index information of the logical volume.
S104: saving the extraction factor to a local database:
and saving the extraction factor and the position of the logical volume in a local database:
specifically, the extraction factor and the location of the logical volume are saved to a local database.
Examples2
The embodiment provides a recovery step of an anti-theft backup data method, which is used in an anti-theft backup data device. As shown in fig. 2, the method comprises the steps of:
s201: reading the extraction factor from the local database;
specifically, a random seed and/or a sequence of random numbers generated from the random seed is read from a local database, and the locations of the data logical volume and the remaining data logical volumes are extracted.
S202: reading the extracted data and the residual data from the extracted data logical volume and the residual data logical volume;
specifically, the extracted data logical volume and the remaining data logical volume are found from the position information of the extracted data logical volume and the remaining data logical volume, the extracted data stored in the extracted data logical volume is extracted from the extracted data logical volume, and the remaining data stored in the remaining data logical volume is extracted from the remaining data logical volume.
S203: merging the extracted data and the residual data according to the extraction factor to generate complete backup data;
specifically, if the extraction factor is a random seed, the random seed regenerates the previous random number sequence according to the same random number sequence generation rule, the random number sequence obtains the number of characters corresponding to the extraction position of the number sequence and the extraction position of the number sequence, and the extracted data and the residual data are merged to generate complete backup data.
Examples3
The embodiment provides a device for preventing backup data from being stolen. As shown in fig. 3, the apparatus includes:
s301: the selection unit is used for receiving the backup data transmitted by the backup client and determining an extraction factor;
specifically, the selection unit: determining a factor to be extracted by a user, and determining a data extraction position according to the extraction factor;
the extraction factor is the number of bytes of the extracted data.
S302: the extraction unit is used for extracting the backup data to obtain extracted data and residual data;
specifically, the backup data is extracted according to the extraction factor and the data extraction position, the extracted data is the extracted data, and the data that is not extracted is the residual data.
S303: the first storage unit is used for creating a logical volume, storing the extracted data and the residual data of the extraction factor read from the local database into the logical volume and generating an extracted data logical volume and a residual data logical volume;
specifically, a plurality of logical volumes are created on a storage medium, and formats of the plurality of logical volumes read from the local database by the extraction factors are defined;
and selecting a logical volume from the plurality of logical volumes, acquiring the position of the logical volume, and storing the extracted data and the residual data into the logical volume to generate an extracted data logical volume and a residual data logical volume.
S304: the second storage unit is used for storing the extraction factor into a local database;
specifically, the locations of reading the extraction factor from the local database and reading the extraction factor logical volume from the local database are saved in the local database.
S305: the first reading unit reads the extraction factor from the local database;
s306: a second reading unit that reads the extracted data and the surplus data from the extracted data logical volume and the surplus data logical volume:
s307: and the merging unit is used for merging the extracted data and the residual data according to the extraction factor to generate complete backup data.
Embodiments of the present invention further provide a non-transitory computer storage medium storing computer-executable instructions, where the computer-executable instructions may implement any one of the embodiments. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, HDD), a Solid-State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only a few preferred embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can combine, substitute, or change the technical solutions and their inventive concepts within the technical scope of the present invention.
Claims (9)
1. A method for backup data anti-theft, the method comprising:
receiving backup data transmitted by a backup client and determining an extraction factor;
extracting the backup data to obtain extracted data and residual data;
creating a logical volume, storing the extracted data and the residual data into the logical volume to generate an extracted data logical volume and a residual data logical volume, creating a plurality of logical volumes on a storage medium, and defining the formats of the plurality of logical volumes;
selecting a logical volume from the plurality of logical volumes, acquiring the position of the logical volume, and storing the extracted data and the residual data into the logical volume to generate an extracted data logical volume and a residual data logical volume;
and saving the extraction factor into a local database.
2. The method of claim 1, further comprising performing a restore of the backup data:
reading the extraction factor from a local database;
reading the extracted data and the residual data from the extracted data logical volume and the residual data logical volume;
and merging the extracted data and the residual data according to the extraction factor to generate complete backup data.
3. The method for preventing backup data from being stolen according to claim 1, wherein the receiving backup data transmitted by a backup client and determining an extraction factor specifically comprise:
determining the required extraction factor by a user, and determining a data extraction position according to the extraction factor;
the extraction factor is the number of bytes of the extracted data.
4. The method for preventing backup data from being stolen according to claim 1, wherein the extracting the backup data to obtain extracted data and residual data specifically comprises:
and extracting the backup data according to the extraction factor and the data extraction position, wherein the extracted data is the extracted data, and the data which is not extracted is the residual data.
5. The method for preventing backup data from being stolen according to claim 1, wherein the step of storing the extraction factor in a local database specifically comprises:
and saving the extraction factor and the position of the logical volume in a local database.
6. An apparatus for protecting backup data from theft, comprising:
the selection unit is used for receiving the backup data transmitted by the backup client and determining an extraction factor;
the extraction unit is used for extracting the backup data to obtain extracted data and residual data;
the first storage unit is used for creating a logical volume and storing the extracted data and the residual data into the logical volume to generate an extracted data logical volume and a residual data logical volume;
and the second storage unit is used for storing the extraction factor into a local database.
7. The apparatus for preventing backup data from being stolen according to claim 6, further comprising, performing recovery of backup data:
the first reading unit reads the extraction factor from a local database;
a second reading unit that reads the extracted data and the surplus data from the extracted data logical volume and the surplus data logical volume;
and the merging unit merges the extracted data and the residual data according to the extraction factor to generate complete backup data.
8. The apparatus for preventing backup data from being stolen according to claim 6, wherein the extraction unit is specifically configured to:
and extracting the backup data according to the extraction factor and the data extraction position, wherein the extracted data is the extracted data, and the data which is not extracted is the residual data.
9. The apparatus for preventing backup data from being stolen according to claim 6, wherein the first saving unit is specifically configured to:
creating a plurality of logical volumes on a storage medium, and defining formats of the plurality of logical volumes;
and selecting a logical volume from the plurality of logical volumes, acquiring the position of the logical volume, and storing the extracted data and the residual data into the logical volume to generate an extracted data logical volume and a residual data logical volume.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811453948.7A CN109558754B (en) | 2018-11-30 | 2018-11-30 | Backup data anti-theft method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811453948.7A CN109558754B (en) | 2018-11-30 | 2018-11-30 | Backup data anti-theft method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109558754A CN109558754A (en) | 2019-04-02 |
| CN109558754B true CN109558754B (en) | 2022-04-01 |
Family
ID=65868223
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811453948.7A Active CN109558754B (en) | 2018-11-30 | 2018-11-30 | Backup data anti-theft method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109558754B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101620515A (en) * | 2009-08-12 | 2010-01-06 | 宋振华 | Method for enhancing logical volume management LVM function |
| CN102664928A (en) * | 2012-04-01 | 2012-09-12 | 南京邮电大学 | Data secure access method used for cloud storage and user terminal system |
| CN103607393A (en) * | 2013-11-21 | 2014-02-26 | 浪潮电子信息产业股份有限公司 | Data safety protection method based on data partitioning |
| CN105608193A (en) * | 2015-12-23 | 2016-05-25 | 深圳市深信服电子科技有限公司 | Data management method and apparatus for distributed file system |
| CN107425962A (en) * | 2017-04-21 | 2017-12-01 | 济南浪潮高新科技投资发展有限公司 | A kind of high in the clouds data guard method of data staging encryption and segmentation |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090138530A1 (en) * | 2007-11-26 | 2009-05-28 | Inventec Corporation | Data management method for logical volume manager |
-
2018
- 2018-11-30 CN CN201811453948.7A patent/CN109558754B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101620515A (en) * | 2009-08-12 | 2010-01-06 | 宋振华 | Method for enhancing logical volume management LVM function |
| CN102664928A (en) * | 2012-04-01 | 2012-09-12 | 南京邮电大学 | Data secure access method used for cloud storage and user terminal system |
| CN103607393A (en) * | 2013-11-21 | 2014-02-26 | 浪潮电子信息产业股份有限公司 | Data safety protection method based on data partitioning |
| CN105608193A (en) * | 2015-12-23 | 2016-05-25 | 深圳市深信服电子科技有限公司 | Data management method and apparatus for distributed file system |
| CN107425962A (en) * | 2017-04-21 | 2017-12-01 | 济南浪潮高新科技投资发展有限公司 | A kind of high in the clouds data guard method of data staging encryption and segmentation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109558754A (en) | 2019-04-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103268455B (en) | The access method of data and device | |
| US10204235B2 (en) | Content item encryption on mobile devices | |
| CN108027757B (en) | System and method for restoring data from opaque data backup streams | |
| US11663236B2 (en) | Search and analytics for storage systems | |
| CN108667917B (en) | Method and device for realizing data storage, computer storage medium and terminal | |
| CN103942292A (en) | Virtual machine mirror image document processing method, device and system | |
| CN107111460A (en) | Use the data de-duplication of block file | |
| CN105260639A (en) | Face recognition system data update method and device | |
| CN105630965A (en) | System and method for securely deleting file from user space on mobile terminal flash medium | |
| EP3449372B1 (en) | Fault-tolerant enterprise object storage system for small objects | |
| CN108229162B (en) | Method for realizing integrity check of cloud platform virtual machine | |
| CN105550071A (en) | System file upgrading and detecting method and communication device | |
| CN109558754B (en) | Backup data anti-theft method and device | |
| CN116069729B (en) | Intelligent document packaging method, system and medium | |
| CN104536852A (en) | Data recovery method and device | |
| CN109271281B (en) | Data backup method and system for preventing data from being tampered | |
| JP6550191B2 (en) | Method, apparatus, storage medium and device for forgery prevention based on map revocation data | |
| CN109766313A (en) | Geological project data processing method, device and computer equipment | |
| CN113742786B (en) | Method and device for checking archive data in blockchain | |
| CN103902919A (en) | Method and device for recovering login information | |
| CN110636042B (en) | Method, device and equipment for updating verified block height of server | |
| CN109241011B (en) | Virtual machine file processing method and device | |
| US20160026390A1 (en) | Method of deleting information, computer program product and computer system | |
| CN114138188B (en) | Method, system and device for shrinking volume of data volume and readable storage medium | |
| CN114564456B (en) | Distributed storage file recovery method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |