CN109902494A - Data encryption storage method, device and document storage system - Google Patents
Data encryption storage method, device and document storage system Download PDFInfo
- Publication number
- CN109902494A CN109902494A CN201910069665.0A CN201910069665A CN109902494A CN 109902494 A CN109902494 A CN 109902494A CN 201910069665 A CN201910069665 A CN 201910069665A CN 109902494 A CN109902494 A CN 109902494A
- Authority
- CN
- China
- Prior art keywords
- data
- encrypted
- key
- split
- storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a kind of data encryption storage method, device and document storage systems.Wherein, this method comprises: obtaining source data;It is encrypted by key pair source data, generates data to be split;Data to be split are split into multiple fractionation data, are respectively stored in multiple and different block chain nodes;It will be used to identify that the storage information and key of storage location and storage order are encrypted, generate encryption data.The present invention solves the relevant technologies, and the system of storage file is once cracked, and data may be read and distort, the lower technical problem of safety.
Description
Technical field
The present invention relates to data security arts, in particular to a kind of data encryption storage method, device, Yi Jiwen
Part storage system.
Background technique
Its encryption technology of existing document storage system mainly has the disadvantage that: data safety risk and privacy of user wind
Danger.Most of document storage systems are once cracked, and data may be read and distort.It is most of document storage systems one
Denier is cracked, and data may be read and distort.
For above-mentioned problem, currently no effective solution has been proposed.
Summary of the invention
The embodiment of the invention provides a kind of data encryption storage method, device and document storage systems, at least to solve
The system of certainly the relevant technologies, storage file is once cracked, and data may be read and distort, and the lower technology of safety is asked
Topic.
According to an aspect of an embodiment of the present invention, a kind of data encryption storage method is provided, comprising: obtain source number
According to;The source data is encrypted by first key, generates data to be split;The data to be split are split into multiple
Data are split, multiple and different block chain nodes is respectively stored in;It will be used to identify that depositing for the storage location and storage order
Storage information and the first key are encrypted, and encryption data is generated.
Optionally, obtaining source data includes: to receive the encrypted source data that has encrypted, wherein and the encrypted source data includes,
The encrypted data of the first encrypted source data and encryption second key that are encrypted by the second key;To the encrypted source number
According to being decrypted, the source data is obtained.
Optionally, the encrypted source data is decrypted, obtain the source data include: decrypted by private key it is described close
Key encryption data obtains second key, wherein the encrypted data is added by the corresponding public key of the private key
It is close;It is decrypted by the first encrypted source data described in second key pair, obtains the source data.
Optionally, the source data is encrypted by first key, generation is included to splitting datagram: it is close generates first
Key;The source data is encrypted according to the first key, generates the second encrypted source data;It is raw according to second encrypted source data
At data to be split.
Optionally, second encrypted source data is the data to be split.
Optionally, the data to be split are split into multiple fractionation data, is respectively stored in multiple and different block chains
Node includes: that multiple fractionation data are respectively stored in multiple and different block chain nodes, wherein the block chain node
Including at least trustee's node of an encryption system;Delete the data to be split.
Optionally, the quantity for splitting data is between 1/3 to the 1/2 of the block chain node total quantity of encryption system.
Optionally, the storage location will be used to identify that by the public key of multiple encryption system block chain nodes and stores suitable
The storage information and the first key of sequence are encrypted, and encryption data is generated.
According to another aspect of an embodiment of the present invention, a kind of data encryption storage device is additionally provided, comprising: obtain mould
Block, for obtaining source data;Encrypting module generates number to be split for encrypting by first key to the source data
According to;It splits module and is respectively stored in multiple and different block chains for the data to be split to be split into multiple fractionation data
Node;Generation module, for will be used to identify that the storage location and storage order storage information and the first key into
Row encryption, generates encryption data.
According to another aspect of an embodiment of the present invention, a kind of storage medium is additionally provided, the storage medium includes storage
Program, wherein described program operation when control the storage medium where equipment execute it is any one of above-mentioned described in
Method.
According to another aspect of an embodiment of the present invention, a kind of processor is additionally provided, the processor is used to run program,
Wherein, described program run when execute it is any one of above-mentioned described in method.
According to another aspect of an embodiment of the present invention, a kind of document storage system, the document storage system are additionally provided
Using the method described in any one of above-mentioned, file is encrypted and is stored.
In embodiments of the present invention, using acquisition source data;The source data is encrypted by first key, is generated
Data to be split;The data to be split are split into multiple fractionation data, are respectively stored in multiple and different block chain nodes;
The storage information and the first key that will be used to identify that the storage location and storage order are encrypted, and encryption number is generated
According to mode, it is multiple by the way that encryption data to be split as, store respectively, storage location and storage order be subjected to packaging ciphering,
Achieve the purpose that be stored according to the file of composition, so that realizing that storage system is cracked also can not be completely to storage
The technical effect that file is read out and distorts, and then solve the relevant technologies, the system of storage file is once cracked, data
It may be read and distort, the lower technical problem of safety.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair
Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the schematic diagram of data distribution encryption device according to prior art;
Fig. 2 is a kind of flow chart of data encryption storage method according to an embodiment of the present invention;
Fig. 3 is the schematic diagram of the document storage system of embodiment according to the present invention;
Fig. 4 is the flow chart of the file storage of embodiment according to the present invention;
Fig. 5 is the flow chart of the file authorizing of embodiment according to the present invention;
Fig. 6 is the flow chart that the file of embodiment according to the present invention is read;
Fig. 7 is a kind of schematic diagram of data encryption storage device according to an embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention
Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only
The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people
The model that the present invention protects all should belong in member's every other embodiment obtained without making creative work
It encloses.
It should be noted that description and claims of this specification and term " first " in above-mentioned attached drawing, "
Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way
Data be interchangeable under appropriate circumstances, so as to the embodiment of the present invention described herein can in addition to illustrating herein or
Sequence other than those of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that cover
Cover it is non-exclusive include, for example, the process, method, system, product or equipment for containing a series of steps or units are not necessarily limited to
Step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, product
Or other step or units that equipment is intrinsic.
In the related technology, mainstream cipher mode: in the most common security strategy of the swapping data of two Different LANs
It is to encrypt authentication device using longitudinal, i.e. authentication and data encrypting and deciphering mode carries out service interaction.Traditional longitudinal encryption is recognized
Card device is divided into 100,000,000 types, gigabit type longitudinally encryption authentication device, base according to network bandwidth and data transmission throughput requirement
Control mainboard and a data encryption/decryption module of this structure all by one with double network interfaces form.
In order to overcome the dedicated longitudinal encryption authentication device encryption and decryption rate of existing electric power insufficient and application limitation, research
A content distribution formula encryption device utilizes ten thousand mbit ethernet online data multichannel distribution processor mechanism to create a plurality of data
Transmission link enhances oncurrent processing ability, while by multiple encryption unit concurrent operations, to improve data encrypting and deciphering speed
Rate encrypts authentication device design for novel 10,000,000,000 type and provides theoretical foundation.
10,000,000,000 encryption device whole design block diagram of data distribution, Fig. 1 are data distribution encryption devices according to prior art
Schematic diagram, as shown in Figure 1.It include two distributed network equipments, encryption device, encryption device core processing list in the system
Member.Working principle is as follows: 1. encryption device core processing unit initializes ten thousand mbit ethernet data transmission environments;2. according to rule
Then, distributed network equipment in both ends carries out packet filtering, load-balancing algorithm processing to network message respectively;3. by network data
Packet is distributed to some encryption device by load-balancing algorithm, and the algorithm of rule configuration is selected to carry out data encryption;4. opposite end is distributed
Formula network equipment obtains encryption data, and network protocol rebuilds 10,000,000,000 speed internet message datas, is forwarded to ten thousand mbit ethernets.
According to embodiments of the present invention, a kind of embodiment of the method for data encryption storage method is provided, it should be noted that
Step shown in the flowchart of the accompanying drawings can execute in a computer system such as a set of computer executable instructions, and
It, in some cases, can be to be different from sequence execution institute herein and although logical order is shown in flow charts
The step of showing or describing.
Fig. 2 is a kind of flow chart of data encryption storage method according to an embodiment of the present invention, as shown in Fig. 2, this method
Include the following steps:
Step S202 obtains source data;
Step S204 encrypts source data by first key, generates data to be split;
Data to be split are split into multiple fractionation data, are respectively stored in multiple and different block chain links by step S206
Point;
Step S208 will be used to identify that the storage information and first key of storage location and storage order are encrypted, raw
At encryption data.
Through the above steps, it may be implemented using acquisition source data;Source data is encrypted by first key, is generated
Data to be split;Data to be split are split into multiple fractionation data, are respectively stored in multiple and different block chain nodes;It will use
It is encrypted in the storage information and first key of mark storage location and storage order, generates the mode of encryption data, pass through
Encryption data is split as multiple, stored respectively, storage location and storage order are subjected to packaging ciphering, reached according to composition
The purpose that is stored of file, thus realize storage system be cracked also the file of storage can not be read out completely and
The technical effect distorted, and then solve the relevant technologies, the system of storage file is once cracked, data may be read and
It distorts, the lower technical problem of safety.
Above-mentioned acquisition source data can be and receive other processing modules by receiving module and send treated data,
For example, the data being encrypted by encrypting module, for another example carrying out pretreated data by preprocessing module
Deng.It can also be the data acquired by acquisition module, for example, by acquisition module, the crawler data of acquisition, statistical data,
Deng.Above-mentioned source data, is the object of data encryption storage, and the executing subject of above-mentioned steps can be document storage system.
Source data is encrypted above by first key, is generated by the encrypted data to be split of first key.When
Before there are source data, first key, the encrypted data to be split of first key.Above-mentioned source data can be deleted, avoid source
Data are intercepted, distort.The processing to source data after causing can all be wasted, therefore at once will after encrypting to source data
Source data is deleted.
Above-mentioned that data to be split are split into multiple fractionation data, there are ordinal relations between multiple fractionation data, pass through
Above-mentioned multiple fractionation data groups can be combined into source data by ordinal relation.Above-mentioned split process may include splitting and replicating, with
Machine be split as it is multiple, can with random reproduction it is multiple split data in partial resolution data, the part of the duplication can also be torn open
Divided data random reproduction is multiple, and it is the guarantee to guarantee data integrity that the data for splitting data duplication, which also belong to fractionation data,
It is for interfering search and lookup to data are split.Above-mentioned multiple fractionation data are stored, can be at random will be above-mentioned
It is multiple to split data storage multiple and different nodes in systems, by the storage location and order information of different fractionation data,
It extracts, when being used for ciphertext data, the recovery to source data.
The above-mentioned storage information and first key that will be used to identify that storage location and storage order is encrypted, and is generated and is added
Ciphertext data.In above-mentioned multiple fractionation data there are in the case where distracter, for example, there are false fractionation data, and replicate more
Remaining fractionation data, above-mentioned storage information can also include splitting the true and false information of data for identifying.In above-mentioned multiple fractionation numbers
According to include replicate data in the case where, can detecte split data it is whether complete, be tampered and crack in partial resolution data
In the case of, give up the fractionation data, selects a duplication protector as the fractionation data from the replicate data of the fractionation data.
For above-mentioned storage location to split the block chain node that data are stored, above-mentioned storage order is according to the sequence for splitting data, really
The order information for the block chain node that the fixed fractionation data are stored.
Above-mentioned block chain node is the chain node using block chain technology, can be the client node of encryption system, also
It can be and receive file uploading nodes, can also be trustee's node, can also be polices node, can also be ordinary node
Deng.
Above-mentioned storage information and first key are encrypted, determine encryption data, can be other believable encryption moulds
Block or encryption key, are encrypted.In decryption, first encryption data is decrypted, is storage letter by encryption data decryption
Breath and first key;By the multiple storage locations and storage order for splitting data of storage message identification, multiple fractionation numbers are determined
According to, and multiple fractionation data groups are combined into data to be split in sequence;Then it is treated by first key and splits data progress
Decryption, obtains source data.
Optionally, obtaining source data includes: to receive the encrypted source data that has encrypted, wherein encrypted source data includes, by the
The encrypted data of the second key of the first encrypted source data and encryption of two keys encryption;Encrypted source data is decrypted,
Obtain source data.
Source data is intercepted in transmission process in order to prevent, or is tampered, the present embodiment pass through encrypting module the
Two keys, encrypt source data, obtain the first encrypted source data;Then the second key is encrypted, it will be close by second
The encrypted data of the second key of the first encrypted source data and encryption of key encryption is transmitted, and the encryption data is received
Afterwards, the encrypted data for encrypting the second key is decrypted by way of obtaining key, obtains the second key, then leads to
It crosses the second key above-mentioned first encrypted source data is decrypted, obtains source data.To ensure that source data in transmission process
In reliability and confidence level.
Optionally, encrypted source data is decrypted, obtain source data include: by private key decryption key encryption data,
Obtain the second key, wherein encrypted data is encrypted by the corresponding public key of private key;It is encrypted by the second key pair first
Source data is decrypted, and obtains source data.
It is above-mentioned that encrypted source data is decrypted, source data is obtained, above-mentioned encrypted source data includes being encrypted by the second key
The first encrypted source data and encryption the second key encrypted data.Encrypted data by the corresponding public key of private key into
In the case where row encryption, the second key can be obtained by private key decryption key encryption data.The private key stores in systems,
It does not outwardly show and circulates, to improve the confidence level of the private key or the private key is stored in trusted module, needing to make
Used time, the private key was transmitted by trusted module by requesting to trusted module, to obtain the private key.
Optionally, source data is encrypted by first key, generation is included to splitting datagram: generates first key;
According to first key encrypted source data, the second encrypted source data is generated;Data to be split are generated according to the second encrypted source data.
Source data is encrypted above by first key, generates data to be split, above-mentioned first key can be pair
Claim key, generate symmetric key at random, source data is encrypted with the symmetric key, generates asymmetric cryptography data, and delete
Source data.Above-mentioned second encrypted source data can be asymmetric cryptography data.Data to be split are generated according to the asymmetric cryptography data.
For example, encrypting again to the asymmetric cryptography data using other encryption datas, data to be split etc. are generated.
Optionally, the second encrypted source data is data to be split.
Above-mentioned second encrypted source data can be data to be split in the present embodiment, that is to say above-mentioned asymmetric cryptography data
It can be data to be split, can be directly using the asymmetric cryptography data of symmetric key encryption as data to be split, that is to say can
Directly by the second encrypted source data of first key encryption as data to be split.
Optionally, data to be split are split into multiple fractionation data, is respectively stored in multiple and different block chain nodes
It include: that multiple fractionation data are respectively stored in multiple and different block chain nodes, wherein block chain node includes at least one
Trustee's node of encryption system;Delete data to be split.
It is above-mentioned that multiple fractionation data are respectively stored in multiple and different block chain nodes, it can be by multiple fractionation data point
Other random storage can be the commission of document storage system in different block chain nodes, trustee's node of above-mentioned encryption system
People's node, wherein above-mentioned encryption system may belong to one of the subsystem of above-mentioned document storage system.Above-mentioned block chain node is also
Other memory nodes that can be document storage system can also be the node etc. of encryption system.In such cases, it is deposited in system
Data to be split are contained, and have been split as multiple fractionation data, delete data to be split, it is ensured that data quilt to be split
It intercepts and distorts, to improve the validity and safety that data split storage.
Optionally, the quantity of data is split between 1/3 to the 1/2 of the block chain node total quantity of encryption system.
In the case that above-mentioned fractionation quantity is more than the block chain node total quantity of encryption system, a block chain will occur
Node stores the case where multiple fractionation data, after the block chain link point cracks, available two fractionations data, to a certain degree
On provide convenience for cracker, the generation of above situation in order to prevent, before splitting wait split data, determine split quantity,
Split the block chain node total quantity that quantity is no more than encryption system.Splitting block chain node of the quantity no more than encryption system
In the case where total quantity, split that quantity is more, and data are safer, but it is easier be searched, therefore in the present embodiment, tear open
Dosis refracta guarantees between 1/3 to the 1/2 of the block chain node total quantity of encryption system in the case where splitting quantity, avoids depositing
The block chain node that storage splits data is easily found.
Optionally, storage location and storage order will be used to identify that by the public key of multiple encryption system block chain nodes
Storage information and first key are encrypted, and encryption data is generated.
Information will be stored by the public key of encryption system node and first key encrypts, and generates encryption data.It is above-mentioned
Public key may include the public key of multiple believable trustees of encryption system, and client can unlock above-mentioned public key with the private key of oneself
Encryption, guarantee the transmission of encryption data.
It should be noted that the present embodiment additionally provides a kind of optional embodiment, the embodiment is carried out below
It is described in detail.
Its encryption technology of storage system in the related technology mainly has the disadvantage that: 1, data safety risk.Smart grid
The data of magnanimity in cloud storage system storage and management smart grid, these data are between smart grid operation system, industry
The risk in data leak has been deposited when interaction between business system and external user;Some new technologies can inherently have some numbers
According to security risk.When by these technical applications to smart grid, also just these problems are brought in smart grid;Intelligence electricity
When network termination accesses, many intelligent terminal needs obtain data from smart grid cloud storage system, if these intelligence are eventually
End is controlled or can equally bring a large amount of safety problem to smart grid when illegally accessing.Therefore, in smart grid cloud storage
The safety for needing to protect data in cloud, since confidentiality, integrality are the basic security attributes of smart grid information system, because
This, smart grid cloud storage system concentrates on the protection to data security and integrality to the protection of data safety.
2, privacy of user risk.Smart grid cloud storage service quotient cannot reveal user data.Come from interactive user both sides
Analysis, says user, and there are privacy problem, some users are not intended to disclose their used load numbers smart grid
Amount, type and other information;From the point of view of market, some important operation datas need to protect for still further aspect operator
User behavior privacy that is close, while also having a responsibility for ensure user.In addition, user is limited to the control of data when cloud storage,
The employee of cloud service provider reveals privacy of user data, such as the Transaction Information of some electricity markets in order to prevent, fully ensures that use
The privacy of user data.
Most of document storage systems are once cracked, and data may be read and distort.In order to solve the peace of data
Entirely, the present embodiment uses block chain technology, and several aspects below improve: 1, being burnt by upload, fragment stores and power
The schemes such as limit management, raising crack difficulty;2, it is encrypted due to data by multiple random trustees, even if part of nodes is cracked,
Data still can not be read and distort;3, after some node is cracked, can be tracked by transaction record on block chain and
Positioning, and reject the node;
Fig. 3 is the schematic diagram of the document storage system of embodiment according to the present invention, as shown in figure 3, present embodiment
Document storage system is specific as follows:
1, it user client: uploads and browses for file:
(1) customer end A randomly chooses a node U from node listing (U node is controllable, can be rejected by the committee);
(2) customer end A is sent to U node original Data by modes such as https;
2, U node: file uploading nodes are received, the encryption and upload of file are mainly responsible for:
(1) U node receives the original Data that client uploads;
(2) U node randomly chooses P node according to block height, and obtains trustee's public key of current P node;
(3) U node generates symmetrical code key UKey at random, and encrypts original Data with UKey, generates UEnData, and delete
Except original Data;
(4) UKey is encrypted with P node trustee public key, generates UEnKey, and UEnData and UEnKey are sent to P section
Point;
(5) after P node receives successfully, the encrypted data UEnData and UEnKey of U knot removal;
3, P node: polices node (with trustee's node, can configure), and major function has:
(1) the data UEnData and UEnKey of U node encrytion are received;
(2) UEnKey is decrypted with trustee's private key of P node, obtains UKey, then decrypt UEnData with UKey, obtains original
File Data, and delete the data UEnData and UEnKey of encryption;
(3) code key Key is generated at random again;
(4) original Data is encrypted with newly-generated code key Key, generates encryption data EnData, and delete original
Data;
(5) EnData is split into M parts, and M is generated at random according to trustee's node total number, between 1/3 to the 1/2 of sum.
If trustee's number of nodes is 17, then M is between 6 and 8.
(6) node is searched, and stores files into respective nodes;Every part of file needs to be stored on N number of node that (N can match
It sets, but contains at least one trustee's node, if N can be 5, be divided into 2 trustee's nodes, 3 ordinary nodes, to guarantee data
Safety, avoids losing), and delete EnData;
(7) storage information StorageInfo (address and storage order comprising memory node) and code key Key with X
Believable trustee (this X trustee be it is randomly selected inside Y believable trustees, can be customized according to demand, such as
Y can be that 10, X can be encrypted to obtain EnKeyA for 3) public key PubKeyP1, PubKeyP2, PubKeyPX;
(8) EnKeyA is returned to U node by P node;
(9) EnKeyA is returned to customer end A again by U node;
(10) customer end A is created with private key and is traded, and EnKeyA is stored in and is traded, is published on chain, and delete EnKeyA;
Remarks: P node can also hank memory node by other P node.
4, D node and N node: being the node of storage file.D node is trustee's node, and N node is ordinary node.
Every part of file needs to be stored on n node that (such as: 2 trustee's nodes, 3 ordinary nodes are avoided to guarantee data security
It loses)
Fig. 4 is the flow chart of the file storage of embodiment according to the present invention, as shown in figure 4, file Stored Procedure is specific
As follows: customer end A randomly chooses U node, and upper transmitting file Data;U node receives original Data, and randomly chooses P node;
U node generates symmetric key Ukey at random;U node encrypts Data with Ukey, obtains UEnData, and delete original Data;U
Node P node trustee public key encryption Ukey generates UEnKey, UEnKey and UEnData is sent to P node, wait P nodes
UEnKey and UEnData is deleted after processing;P node receives the data UEnKey and UEnData that U node is sent;P node is with currently
Trustee's private key of node decrypts UEnKey, obtains Ukey, and delete UEnKey;P node decrypts UEnData with Ukey, obtains
Original Data, and delete UEnData;P node is generating symmetric key Key at random;Data is encrypted with Key, obtains EnData,
And delete original Data;P node randomly chooses each corresponding node of M ╳ N, obtains storage information StorageInfo, and delete
EnData;Each memory node stores the data of fragment respectively, and P node randomly chooses X from the Y commission list of new person
Trustee;Key+StorageInfo+PubKey (P1-PX)=EnKeyA (again with X trustee's public key to Key with
StorageInfo is encrypted);EnKeyA and the X trustee's list of public keys encrypted are returned to U node by P node;U node
EnKeyA and X encryption trustee's list of public keys are returned to customer end A again;A is created in client and is traded, and includes in information
Trustee's list of public keys of EnKeyA and X encryption.
Fig. 5 is the flow chart of the file authorizing of embodiment according to the present invention, as shown in figure 5, the process of file authorizing has
Body is as follows, and the authorization requests that party B-subscriber sends file F give all trustees (ID comprising F file);All trustee Dou Eneng connect
Receive authorization requests;It at least needs K (configurable) trustees to authorize to user B, algorithm is known together using PBFT to ensure to authorize;
The trustee of first authorization creates authorization common recognition, is signed with the private key of oneself, and the broadcast (common recognition between trustee's node
It trades, i.e., is known together to transaction comprising authorization);Trustee's node of first authorization randomly chooses a P node again, by P
Node is to waiting and receives authorization common recognition result;After P node needs that K trustee is waited to carry out signature common recognition, authorization could reach
At common recognition;Second to k-th trustee carry out authorization common recognition when, signed with the private key of oneself to authorization, and public key with
Signature is sent to other trustees;When k-th trustee authorizes, authorization common recognition is completed.P node formal broadcast authorization transaction.
Fig. 6 is the flow chart that the file of embodiment according to the present invention is read, as shown in fig. 6, asking the specific step that valence is read
Rapid as follows: party B-subscriber passes through intelligent contract and reads file (could pass through intelligent contract after only authorizing and read file), BYong Hu
Client creation transaction, record relevant operation (call intelligent contract to automatically create transaction);B client randomly chooses U node,
Transaction request is sent to U node;Transaction request is sent to P node in random selection P node by U node;P node is according to friendship
Associated rights are verified in easily request;After P node Authority Verification passes through, the EnKeyA of storage file and X trustee of encryption are read
List, and EnKeyA is sent to X trustee of response;Key+StorageInfo+PubKey (P1-PX)=EnKeyA (X
A trustee successively decrypts EnKeyA with the private key of oneself);P node obtains number to respective stored node according to StorageInfo
According to;P node obtains EnData in combination fragment data;P node decrypts EnData with Key again, obtains original Data;P node
Key KeyB is being generated at random, and is encrypting Data with KeyB, obtains EnDataB;P node uses the public key encryption of B client again
KeyB obtains EnKeyB;EnDataB and EnKeyB are returned to U node by P node, and modify associated rights, such as reading times
Deng.EnDataB and EnKeyB are returned to B client again by U node;Party B-subscriber decrypts EnKeyB in client private key, obtains
KeyB;Party B-subscriber decrypts EnDataB with KeyB again, just obtains Data;Party B-subscriber read Data it is complete after be automatically deleted that (10s can after 10s
It is configured when authorization).
Fig. 7 is a kind of schematic diagram of data encryption storage device according to an embodiment of the present invention, as shown in fig. 7, according to this
The another aspect of inventive embodiments additionally provides a kind of data encryption storage device, comprising: acquisition module 72, encrypting module 74,
Module 76 and generation module 78 are split, the device is described in detail below.
Module 72 is obtained, for obtaining source data;Encrypting module 74 is connected with above-mentioned acquisition module 72, for passing through the
One key pair source data is encrypted, and data to be split are generated;Module 76 is split, is connected with above-mentioned encrypting module 74, being used for will
Data to be split split into multiple fractionation data, are respectively stored in multiple and different block chain nodes;Generation module 78, and it is above-mentioned
Module 76 is split to be connected, for will be used to identify that the storage information and first key of storage location and storage order are encrypted,
Generate encryption data.
By above-mentioned apparatus, source data can be obtained using module 72 is obtained;Encrypting module 74 is by first key to source
Data are encrypted, and data to be split are generated;It splits module 76 and data to be split is split into multiple fractionation data, store respectively
In multiple and different block chain nodes;Generation module 78 will be used to identify that the storage information and of storage location and storage order
One key is encrypted, and the mode of encryption data is generated, multiple by the way that encryption data to be split as, and is stored respectively, will be stored position
It sets and carries out packaging ciphering with storage order, achieved the purpose that be stored according to the file of composition, to realize storage system
System is cracked the technical effect that also can not the file of storage is read out and be distorted completely, and then solves the relevant technologies, deposits
The system of storage file is once cracked, and data may be read and distort, the lower technical problem of safety.
According to another aspect of an embodiment of the present invention, a kind of storage medium is additionally provided, storage medium includes the journey of storage
Sequence, wherein equipment where control storage medium executes any one of above-mentioned method in program operation.
According to another aspect of an embodiment of the present invention, a kind of processor is additionally provided, processor is used to run program,
In, program executes any one of above-mentioned method when running.
According to another aspect of an embodiment of the present invention, a kind of document storage system is additionally provided, document storage system uses
Any one of above-mentioned method, encrypts file and is stored.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
In the above embodiment of the invention, it all emphasizes particularly on different fields to the description of each embodiment, does not have in some embodiment
The part of detailed description, reference can be made to the related descriptions of other embodiments.
In several embodiments provided herein, it should be understood that disclosed technology contents can pass through others
Mode is realized.Wherein, the apparatus embodiments described above are merely exemplary, such as the division of the unit, Ke Yiwei
A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or
Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual
Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of unit or module
It connects, can be electrical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
On unit.It can some or all of the units may be selected to achieve the purpose of the solution of this embodiment according to the actual needs.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product
When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially
The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words
It embodies, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can for personal computer, server or network equipment etc.) execute each embodiment the method for the present invention whole or
Part steps.And storage medium above-mentioned includes: that USB flash disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. be various to can store program code
Medium.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered
It is considered as protection scope of the present invention.
Claims (12)
1. a kind of data encryption storage method characterized by comprising
Obtain source data;
The source data is encrypted by first key, generates data to be split;
The data to be split are split into multiple fractionation data, are respectively stored in multiple and different block chain nodes;
The storage information and the first key that will be used to identify that the storage location and storage order are encrypted, and are generated and are added
Ciphertext data.
2. the method according to claim 1, wherein acquisition source data includes:
Receive the encrypted source data encrypted, wherein the encrypted source data includes the first encrypted source encrypted by the second key
Data and the encrypted data for encrypting second key;
The encrypted source data is decrypted, the source data is obtained.
3. according to the method described in claim 2, obtaining the source it is characterized in that, the encrypted source data is decrypted
Data include:
The encrypted data is decrypted by private key, obtains second key, wherein the encrypted data is described
The corresponding public key of private key is encrypted;
It is decrypted by the first encrypted source data described in second key pair, obtains the source data.
4. the method according to claim 1, wherein being encrypted by first key to the source data, life
It is included to splitting datagram:
Generate first key;
The source data is encrypted according to the first key, generates the second encrypted source data;
Data to be split are generated according to second encrypted source data.
5. according to the method described in claim 4, it is characterized in that,
Second encrypted source data is the data to be split.
6. the method according to claim 1, wherein the data to be split are split into multiple fractionation data,
Being respectively stored in multiple and different block chain nodes includes:
Multiple fractionation data are respectively stored in multiple and different block chain nodes, wherein the block chain node is at least
Trustee's node including an encryption system;
Delete the data to be split.
7. according to the method described in claim 6, it is characterized in that, it is described split data quantity encryption system block chain
Between 1/3 to the 1/2 of node total number amount.
8. method as claimed in any of claims 1 to 7, which is characterized in that pass through multiple encryption system block chains
The public key of node will be used to identify that the storage information of the storage location and storage order and the first key are encrypted,
Generate encryption data.
9. a kind of data encryption storage device characterized by comprising
Module is obtained, for obtaining source data;
Encrypting module generates data to be split for encrypting by first key to the source data;
It splits module and is respectively stored in multiple and different blocks for the data to be split to be split into multiple fractionation data
Chain node;
Generation module, for will be used to identify that the storage location and storage order storage information and the first key into
Row encryption, generates encryption data.
10. a kind of storage medium, which is characterized in that the storage medium includes the program of storage, wherein run in described program
When control the storage medium where equipment perform claim require any one of 1 to 8 described in method.
11. a kind of processor, which is characterized in that the processor is for running program, wherein right of execution when described program is run
Benefit require any one of 1 to 8 described in method.
12. a kind of document storage system, which is characterized in that the document storage system is using any one of claim 1 to 8
The method, encrypts file and is stored.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910069665.0A CN109902494A (en) | 2019-01-24 | 2019-01-24 | Data encryption storage method, device and document storage system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910069665.0A CN109902494A (en) | 2019-01-24 | 2019-01-24 | Data encryption storage method, device and document storage system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109902494A true CN109902494A (en) | 2019-06-18 |
Family
ID=66944209
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910069665.0A Pending CN109902494A (en) | 2019-01-24 | 2019-01-24 | Data encryption storage method, device and document storage system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109902494A (en) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110597824A (en) * | 2019-09-20 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Data storage method and device based on block chain network |
CN110730185A (en) * | 2019-10-22 | 2020-01-24 | 张瑞 | Block chain big data processing method and system based on distributed computation |
CN111143870A (en) * | 2019-12-30 | 2020-05-12 | 兴唐通信科技有限公司 | Distributed encryption storage device, system and encryption and decryption method |
CN111259432A (en) * | 2020-02-18 | 2020-06-09 | 福州瑞芯微电子股份有限公司 | Model data protection method and readable computer storage medium |
CN111314287A (en) * | 2019-12-20 | 2020-06-19 | 淮北师范大学 | Public key encryption communication mode and device |
CN111565109A (en) * | 2020-07-16 | 2020-08-21 | 百度在线网络技术(北京)有限公司 | Key processing method, device, equipment and medium for block chain |
CN111651776A (en) * | 2020-05-12 | 2020-09-11 | 北京信息科技大学 | Access control record storage method and device |
CN112149164A (en) * | 2020-09-22 | 2020-12-29 | 张立旭 | Data security storage method and system under distributed environment |
CN112307493A (en) * | 2020-10-15 | 2021-02-02 | 上海东方投资监理有限公司 | Project settlement data submission method, system, terminal equipment and storage medium |
CN113098697A (en) * | 2021-06-08 | 2021-07-09 | 清华大学 | Block chain data writing and accessing method and device |
CN113346999A (en) * | 2021-08-09 | 2021-09-03 | 国网浙江省电力有限公司杭州供电公司 | Splitting encryption-based brain central system |
CN113469683A (en) * | 2021-06-30 | 2021-10-01 | 建信金融科技有限责任公司 | Key storage method and device, electronic equipment and storage medium |
CN113591140A (en) * | 2021-07-30 | 2021-11-02 | 平安普惠企业管理有限公司 | Method, system, computer device and storage medium for preventing resource data from being tampered |
CN114006690A (en) * | 2021-01-04 | 2022-02-01 | 北京八分量信息科技有限公司 | Data authorization method of block chain |
CN114567426A (en) * | 2021-12-31 | 2022-05-31 | 电子科技大学广东电子信息工程研究院 | Data sharing method and system |
CN115001700A (en) * | 2022-05-12 | 2022-09-02 | 生态环境部华南环境科学研究所(生态环境部生态环境应急研究所) | Ecological environment supervision method and system based on block chain |
CN116485351A (en) * | 2023-06-21 | 2023-07-25 | 深圳市软筑信息技术有限公司 | Electronic archive management method and system |
Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105915332A (en) * | 2016-07-04 | 2016-08-31 | 广东工业大学 | Cloud storage encryption and dereplication method and cloud storage encryption and dereplication system |
CN106548345A (en) * | 2016-12-07 | 2017-03-29 | 北京信任度科技有限公司 | The method and system of block chain private key protection are realized based on Secret splitting |
CN107203344A (en) * | 2017-05-31 | 2017-09-26 | 郑州云海信息技术有限公司 | A kind of date storage method and data-storage system |
CN107249046A (en) * | 2017-08-15 | 2017-10-13 | 李俊庄 | A kind of distributed cloud storage system construction method based on block chain |
CN107360156A (en) * | 2017-07-10 | 2017-11-17 | 广东工业大学 | P2P network method for cloud storage based on block chain under a kind of big data environment |
CN108055125A (en) * | 2017-11-23 | 2018-05-18 | 阿里巴巴集团控股有限公司 | A kind of encryption and decryption method and device of product information |
CN108259169A (en) * | 2018-01-09 | 2018-07-06 | 北京大学深圳研究生院 | A kind of file security sharing method and system based on block chain cloud storage |
CN108462568A (en) * | 2018-02-11 | 2018-08-28 | 西安电子科技大学 | A kind of secure file storage and sharing method based on block chain |
CN108647523A (en) * | 2018-04-28 | 2018-10-12 | 华南理工大学 | A kind of electronic identification system based on block chain and deposit card, file access pattern method |
CN108646983A (en) * | 2018-05-08 | 2018-10-12 | 北京融链科技有限公司 | The treating method and apparatus of storage service data on block chain |
CN108667815A (en) * | 2018-04-18 | 2018-10-16 | 价值互联(广州)信息技术有限公司 | Block chain secret key encipher-decipher method, device and terminal based on bio-identification |
CN108664223A (en) * | 2018-05-18 | 2018-10-16 | 百度在线网络技术(北京)有限公司 | A kind of distributed storage method, device, computer equipment and storage medium |
CN109033855A (en) * | 2018-07-18 | 2018-12-18 | 腾讯科技(深圳)有限公司 | A kind of data transmission method based on block chain, device and storage medium |
CN109120639A (en) * | 2018-09-26 | 2019-01-01 | 众安信息技术服务有限公司 | A kind of data cloud storage encryption method and system based on block chain |
-
2019
- 2019-01-24 CN CN201910069665.0A patent/CN109902494A/en active Pending
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105915332A (en) * | 2016-07-04 | 2016-08-31 | 广东工业大学 | Cloud storage encryption and dereplication method and cloud storage encryption and dereplication system |
CN106548345A (en) * | 2016-12-07 | 2017-03-29 | 北京信任度科技有限公司 | The method and system of block chain private key protection are realized based on Secret splitting |
CN107203344A (en) * | 2017-05-31 | 2017-09-26 | 郑州云海信息技术有限公司 | A kind of date storage method and data-storage system |
CN107360156A (en) * | 2017-07-10 | 2017-11-17 | 广东工业大学 | P2P network method for cloud storage based on block chain under a kind of big data environment |
CN107249046A (en) * | 2017-08-15 | 2017-10-13 | 李俊庄 | A kind of distributed cloud storage system construction method based on block chain |
CN108055125A (en) * | 2017-11-23 | 2018-05-18 | 阿里巴巴集团控股有限公司 | A kind of encryption and decryption method and device of product information |
CN108259169A (en) * | 2018-01-09 | 2018-07-06 | 北京大学深圳研究生院 | A kind of file security sharing method and system based on block chain cloud storage |
CN108462568A (en) * | 2018-02-11 | 2018-08-28 | 西安电子科技大学 | A kind of secure file storage and sharing method based on block chain |
CN108667815A (en) * | 2018-04-18 | 2018-10-16 | 价值互联(广州)信息技术有限公司 | Block chain secret key encipher-decipher method, device and terminal based on bio-identification |
CN108647523A (en) * | 2018-04-28 | 2018-10-12 | 华南理工大学 | A kind of electronic identification system based on block chain and deposit card, file access pattern method |
CN108646983A (en) * | 2018-05-08 | 2018-10-12 | 北京融链科技有限公司 | The treating method and apparatus of storage service data on block chain |
CN108664223A (en) * | 2018-05-18 | 2018-10-16 | 百度在线网络技术(北京)有限公司 | A kind of distributed storage method, device, computer equipment and storage medium |
CN109033855A (en) * | 2018-07-18 | 2018-12-18 | 腾讯科技(深圳)有限公司 | A kind of data transmission method based on block chain, device and storage medium |
CN109120639A (en) * | 2018-09-26 | 2019-01-01 | 众安信息技术服务有限公司 | A kind of data cloud storage encryption method and system based on block chain |
Cited By (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110597824A (en) * | 2019-09-20 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Data storage method and device based on block chain network |
CN110730185A (en) * | 2019-10-22 | 2020-01-24 | 张瑞 | Block chain big data processing method and system based on distributed computation |
CN111314287A (en) * | 2019-12-20 | 2020-06-19 | 淮北师范大学 | Public key encryption communication mode and device |
CN111143870A (en) * | 2019-12-30 | 2020-05-12 | 兴唐通信科技有限公司 | Distributed encryption storage device, system and encryption and decryption method |
CN111143870B (en) * | 2019-12-30 | 2022-05-13 | 兴唐通信科技有限公司 | Distributed encryption storage device, system and encryption and decryption method |
CN111259432B (en) * | 2020-02-18 | 2023-09-12 | 瑞芯微电子股份有限公司 | Model data protection method and readable computer storage medium |
CN111259432A (en) * | 2020-02-18 | 2020-06-09 | 福州瑞芯微电子股份有限公司 | Model data protection method and readable computer storage medium |
CN111651776A (en) * | 2020-05-12 | 2020-09-11 | 北京信息科技大学 | Access control record storage method and device |
CN111565109A (en) * | 2020-07-16 | 2020-08-21 | 百度在线网络技术(北京)有限公司 | Key processing method, device, equipment and medium for block chain |
CN112149164A (en) * | 2020-09-22 | 2020-12-29 | 张立旭 | Data security storage method and system under distributed environment |
CN112307493A (en) * | 2020-10-15 | 2021-02-02 | 上海东方投资监理有限公司 | Project settlement data submission method, system, terminal equipment and storage medium |
CN112307493B (en) * | 2020-10-15 | 2024-02-09 | 上海东方投资监理有限公司 | Project settlement data review sending method, system, terminal equipment and storage medium |
CN114006690A (en) * | 2021-01-04 | 2022-02-01 | 北京八分量信息科技有限公司 | Data authorization method of block chain |
CN113098697A (en) * | 2021-06-08 | 2021-07-09 | 清华大学 | Block chain data writing and accessing method and device |
CN113469683A (en) * | 2021-06-30 | 2021-10-01 | 建信金融科技有限责任公司 | Key storage method and device, electronic equipment and storage medium |
CN113469683B (en) * | 2021-06-30 | 2022-09-27 | 建信金融科技有限责任公司 | Key storage method and device, electronic equipment and storage medium |
CN113591140A (en) * | 2021-07-30 | 2021-11-02 | 平安普惠企业管理有限公司 | Method, system, computer device and storage medium for preventing resource data from being tampered |
CN113591140B (en) * | 2021-07-30 | 2023-10-03 | 安徽韬珀信息技术有限公司 | Resource data tamper-proof method, system, computer equipment and storage medium |
CN113346999A (en) * | 2021-08-09 | 2021-09-03 | 国网浙江省电力有限公司杭州供电公司 | Splitting encryption-based brain central system |
CN114567426A (en) * | 2021-12-31 | 2022-05-31 | 电子科技大学广东电子信息工程研究院 | Data sharing method and system |
CN114567426B (en) * | 2021-12-31 | 2023-10-13 | 电子科技大学广东电子信息工程研究院 | Data sharing method and system |
CN115001700A (en) * | 2022-05-12 | 2022-09-02 | 生态环境部华南环境科学研究所(生态环境部生态环境应急研究所) | Ecological environment supervision method and system based on block chain |
CN115001700B (en) * | 2022-05-12 | 2023-09-22 | 生态环境部华南环境科学研究所(生态环境部生态环境应急研究所) | Ecological environment supervision method and system based on blockchain |
CN116485351A (en) * | 2023-06-21 | 2023-07-25 | 深圳市软筑信息技术有限公司 | Electronic archive management method and system |
CN116485351B (en) * | 2023-06-21 | 2024-01-09 | 深圳市软筑信息技术有限公司 | Electronic archive management method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109902494A (en) | Data encryption storage method, device and document storage system | |
CN111130757B (en) | Multi-cloud CP-ABE access control method based on block chain | |
CN110493261B (en) | Verification code obtaining method based on block chain, client, server and storage medium | |
CN109858262A (en) | Workflow examination and approval method, apparatus, system and storage medium based on block catenary system | |
CN104917741B (en) | A kind of plain text document public network secure transmission system based on USBKEY | |
US20150006895A1 (en) | Distributed network system | |
CN109151053A (en) | Anti- quantum calculation cloud storage method and system based on public asymmetric key pond | |
CN109150519A (en) | Anti- quantum calculation cloud storage method of controlling security and system based on public keys pond | |
CN106104562A (en) | Safety of secret data stores and recovery system and method | |
CN106372499A (en) | Systems and methods for securing virtual machine computing environments | |
CN110599163B (en) | Transaction record outsourcing method facing block chain transaction supervision | |
CN110197082A (en) | Data processing method, data processing equipment and computer system | |
CN106713508A (en) | Data access method and system based on cloud server | |
CN108521393A (en) | Data interactive method, device, system, computer equipment and storage medium | |
CN108347404A (en) | A kind of identity identifying method and device | |
CN108259171A (en) | The guard method of Shader files and device | |
CN107465665A (en) | A kind of file encryption-decryption method based on fingerprint identification technology | |
CN110868290B (en) | Key service method and device without central control | |
CN109543434A (en) | Block chain information encryption method, decryption method, storage method and device | |
CN106936579A (en) | Cloud storage data storage and read method based on trusted third party agency | |
CN109492424A (en) | Data assets management method, data assets managing device and computer-readable medium | |
CN109347923A (en) | Anti- quantum calculation cloud storage method and system based on unsymmetrical key pond | |
CN107040550A (en) | Data ciphering method during instant messaging | |
CN109787747A (en) | Anti- quantum calculation multi-enciphering cloud storage method and system based on multiple unsymmetrical key ponds | |
CN106257859A (en) | A kind of password using method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190618 |
|
RJ01 | Rejection of invention patent application after publication |