CN110324150B - Data storage method and device, computer readable storage medium and electronic equipment - Google Patents
Data storage method and device, computer readable storage medium and electronic equipment Download PDFInfo
- Publication number
- CN110324150B CN110324150B CN201910507170.1A CN201910507170A CN110324150B CN 110324150 B CN110324150 B CN 110324150B CN 201910507170 A CN201910507170 A CN 201910507170A CN 110324150 B CN110324150 B CN 110324150B
- Authority
- CN
- China
- Prior art keywords
- data
- data segment
- segment
- digital signature
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The present disclosure relates to a data storage method, an apparatus, a computer-readable storage medium, and an electronic device, the method comprising: when the storage state of a data area of a first data segment meets a preset condition, encrypting data content in the data area of the first data segment and a first digital signature of a second data segment to obtain the first digital signature of the first data segment; storing a first digital signature of the first data segment into the signature region of the first data segment; if the data region of the first data segment is stored completely and a next data segment exists in the first data segment in the data segment set, storing a first digital signature of the first data segment in the signature region of the next data segment. Through the technical scheme, the safety and the integrity of data storage can be guaranteed, a user can directly check the data, the complexity of user operation is reduced, and the user experience is improved.
Description
Technical Field
The present disclosure relates to the field of data storage, and in particular, to a data storage method and apparatus, a computer-readable storage medium, and an electronic device.
Background
With the rapid development of computer internet technology, services on the internet and data generated during the processing of the services are also growing explosively. Wherein part of the data during the operation of the service is generally not modifiable. For such data, the prior art generally encrypts the data, so that the data can be prevented from being modified and the integrity of the data can be ensured. Although the data can be safely stored in the above manner, the stored data is encrypted data, and a user needs to decrypt the encrypted data to view the data, which is inconvenient for the user to view.
Disclosure of Invention
The purpose of the present disclosure is to provide a data storage method, apparatus, computer-readable storage medium and electronic device, which can ensure data security, integrity and convenient for users to view.
In order to achieve the above object, according to a first aspect of the present disclosure, there is provided a data storage method, the method including:
when the storage state of a data area of a first data segment meets a preset condition, encrypting data content in the data area of the first data segment and a first digital signature of a second data segment to obtain the first digital signature of the first data segment, wherein the first data segment and the second data segment belong to the same data segment set, the second data segment is a previous data segment of the first data segment, each data segment in the data segment set comprises a signature area and a data area, and the signature area of the first data segment stores the first digital signature of the second data segment;
storing a first digital signature of the first data segment into the signature region of the first data segment;
if the data region of the first data segment is stored completely and a next data segment exists in the first data segment in the data segment set, storing a first digital signature of the first data segment in the signature region of the next data segment.
Optionally, the next data segment is used as a new first data segment, and when the storage state of the data area of the first data segment meets a preset condition, the data content in the data area of the first data segment and the first digital signature of the second data segment are encrypted to obtain the first digital signature of the first data segment.
Optionally, the preset condition includes that the data area storage of the first data segment is completed; the method further comprises the following steps:
in response to receiving a sequestration instruction for the set of data segments, storing a first digital signature of the first data segment into the signature region of a first data segment of the set of data segments.
Optionally, the preset condition includes that a new data record is stored in the data area of the first data segment;
the method further comprises the following steps:
storing a first digital signature of the first data segment into the signature region of a first data segment of the set of data segments.
Optionally, the storing the first digital signature of the first data segment into the signature area of the first data segment includes:
storing the first digital signature of the first data segment into the signature area of the first data segment if the digital signature of the first data segment was not previously stored in the signature area of the first data segment;
if the signature area of the first data segment stores the digital signature of the first data segment, replacing the previously stored digital signature of the first data segment with the first digital signature of the first data segment.
Optionally, the method further comprises:
after the first digital signature of the first data segment is stored in the signature area of a first data segment in the data segment set, if a new data record to be stored is received, the first data segment is determined according to the identification information of the first data segment, and the data record to be stored is stored in the data area of the first data segment.
Optionally, the method further comprises:
in response to receiving a verification instruction, encrypting data content in a data area of a data segment to be verified indicated by the verification instruction and a first digital signature of a previous data segment of the data segment to be verified, which is stored in a signature area of the data segment to be verified, to obtain a second digital signature of the data segment to be verified;
if the first digital signature of the data segment to be verified stored in the signature area of the data segment to be verified is different from the second digital signature of the data segment to be verified, determining that the data content of the data segment to be verified is tampered;
and if the first digital signature of the data segment to be verified stored in the signature area of the data segment to be verified is the same as the second digital signature of the data segment to be verified, and the next data segment exists in the data segment set, determining that the data content of the data segment to be verified is tampered under the condition that the second digital signature of the data segment to be verified is different from the first digital signature of the data segment to be verified stored in the next data segment of the data segment to be verified.
Optionally, each data segment in the set of data segments further includes a redundant backup area;
the method further comprises the following steps:
after storing a data record in a data area of the first data segment, fragmenting the data record to obtain a plurality of sub-fragments of the data record;
determining a hash value of each sub-segment of the data record according to other data segments except the first data segment in the data segment set;
and according to the hash value, respectively storing each sub-segment into the redundant backup area of the data segment corresponding to the hash value of the sub-segment, wherein the sub-segment is used for recovering the data record.
According to a second aspect of the present disclosure, there is provided a data storage apparatus comprising:
the data processing device comprises a first signature module, a second signature module and a first storage module, wherein the first signature module is used for encrypting data content in a data area of a first data segment and a first digital signature of a second data segment when the storage state of the data area of the first data segment meets a preset condition to obtain the first digital signature of the first data segment, the first data segment and the second data segment belong to the same data segment set, the second data segment is a previous data segment of the first data segment, each data segment in the data segment set comprises a signature area and a data area, and the signature area of the first data segment stores the first digital signature of the second data segment;
a first storage module to store a first digital signature of the first data segment into the signature region of the first data segment;
a second storing module, configured to store a first digital signature of the first data segment into the signature area of a next data segment if the data area of the first data segment is completely stored and the first data segment in the data segment set exists in the next data segment.
Optionally, the apparatus further comprises: and the first determining module is used for taking the next data segment as a new first data segment and triggering the first signature module to encrypt the data content in the data area of the first data segment and the first digital signature of the second data segment when the storage state of the data area of the first data segment meets a preset condition so as to obtain the first digital signature of the first data segment.
Optionally, the preset condition includes that the data area storage of the first data segment is completed; the device further comprises:
a third storage module to store a first digital signature of the first data segment into the signature region of a first data segment of the set of data segments in response to receiving a sequestration instruction for the set of data segments.
Optionally, the preset condition includes that a new data record is stored in the data area of the first data segment;
the device further comprises:
a fourth storage module to store a first digital signature of the first data segment into the signature region of a first one of the set of data segments.
Optionally, the first storage module includes:
a first storage sub-module to store the first digital signature of the first data segment into the signature area of the first data segment if the digital signature of the first data segment was not previously stored in the signature area of the first data segment;
a second storage sub-module for replacing a previously stored digital signature of a first data segment with the first digital signature of the first data segment if the digital signature of the first data segment was previously stored in the signature region of the first data segment.
Optionally, the apparatus further comprises:
a second determining module, configured to, after storing the first digital signature of the first data segment in the signature area of a first data segment in the data segment set, if a new data record to be stored is received, determine the first data segment according to identification information of the first data segment, and store the data record to be stored in the data area of the first data segment.
Optionally, the apparatus further comprises:
the second signature module is used for responding to the received verification instruction, encrypting the data content in the data area of the to-be-verified data segment indicated by the verification instruction and the first digital signature of the last data segment of the to-be-verified data segment stored in the signature area of the to-be-verified data segment, and obtaining a second digital signature of the to-be-verified data segment;
the third determining module is used for determining that the data content of the data segment to be verified is tampered under the condition that the first digital signature of the data segment to be verified stored in the signature area of the data segment to be verified is different from the second digital signature of the data segment to be verified;
a fourth determining module, configured to determine that the data content of the data segment to be verified is tampered when the second digital signature of the data segment to be verified is different from the first digital signature of the data segment to be verified stored in the next data segment of the data segment to be verified, if the first digital signature of the data segment to be verified stored in the signature area of the data segment to be verified is the same as the second digital signature of the data segment to be verified and the next data segment exists in the data segment set.
Optionally, each data segment in the set of data segments further includes a redundant backup area;
the device further comprises:
the fragmentation module is used for fragmenting the data record after the data record is stored in the data area of the first data fragment so as to obtain a plurality of sub fragments of the data record;
a fifth determining module, configured to determine, according to data segments other than the first data segment in the data segment set, a hash value of each sub-segment of the data record;
and a fifth storage module, configured to store each sub-segment into the redundant backup area of the data segment corresponding to the hash value of the sub-segment according to the hash value, where the sub-segment is used to restore the data record.
According to a third aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of any of the methods of the first aspect described above.
According to a fourth aspect of the present disclosure, there is provided an electronic device comprising:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory, the steps of the method of any of the above first aspects.
In the above technical solution, the digital signature of the previous data segment is stored in the current data segment, and the digital signature of the current data segment is generated based on the data content of the current data segment and the digital signature of the previous data segment, thereby forming a serial chained storage structure. Based on the data storage mode provided by the disclosure, if the data is tampered with due to bad attacks, the content of the current data segment and the content of the subsequent data segment need to be modified, the complexity required by data tampering is increased, and the safe storage of the data is ensured. Moreover, when the data content is changed, the corresponding digital signature is changed inevitably, and through the chain storage structure and the digital signature, the probability of timely finding when the data is tampered can be ensured, and the safety and the integrity of data storage are further ensured. In addition, in the present disclosure, data content may be directly stored in the data area, and encrypted storage is not required, so that a user may directly view the data content, complexity of user operation is reduced, and user experience is improved.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure. In the drawings:
FIG. 1 is a flow chart of a data storage method provided according to one embodiment of the present disclosure;
FIG. 2 is a schematic diagram of data segmentation provided in accordance with one embodiment of the present disclosure;
FIG. 3 is a schematic diagram of a set of data segments provided in accordance with one embodiment of the present disclosure;
FIG. 4 is a schematic diagram of a set of data segments provided in accordance with another embodiment of the present disclosure;
FIG. 5 is a schematic diagram of data segmentation provided in accordance with another embodiment of the present disclosure;
FIG. 6 is a block diagram of a data storage device provided in accordance with one embodiment of the present disclosure;
FIG. 7 is a block diagram illustrating an electronic device in accordance with an exemplary embodiment;
FIG. 8 is a block diagram illustrating an electronic device in accordance with an example embodiment.
Detailed Description
The following detailed description of specific embodiments of the present disclosure is provided in connection with the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present disclosure, are given by way of illustration and explanation only, not limitation.
As described in the background, a large amount of data is generated in the business on the internet and in the business process. Some of these data are modifiable, such as data related to user information, such as user password, login device, etc., and some data are not modifiable, such as log data, etc., and it is necessary to ensure integrity and readability. The present disclosure is directed to such non-modifiable data, and the following description will take log data as an example.
Fig. 1 is a flowchart illustrating a data storage method according to an embodiment of the present disclosure. As shown in fig. 1, the method includes:
at S11, when the storage state of the data area of the first data segment satisfies a preset condition, encrypting the data content in the data area of the first data segment and a first digital signature of a second data segment to obtain a first digital signature of the first data segment, where the first data segment and the second data segment belong to a same data segment set, the second data segment is a previous data segment of the first data segment, each data segment in the data segment set includes a signature area and a data area, and the signature area of the first data segment stores the first digital signature of the second data segment.
Illustratively, as shown in fig. 2, the diagram is a schematic diagram of a data segment, wherein the area a is a signature area of the data segment, and the area B is a data area of the data segment. The signature area stores the first digital signature of the previous data segment, the data area stores the data content of the current data segment, and the data content and the stored first digital signature of the previous data segment can be directly encrypted to obtain the first digital signature of the current data segment. The above process may adopt a digital signature manner in the prior art, and the key may be set by the user, or may adopt a default setting manner, which is not limited by the present disclosure.
Optionally, one set of data segments corresponds to one type of data storage file. Illustratively, taking log data as an example, one data segment set corresponds to a storage file of audit process log data, and as an example, a data segment set 1 corresponds to a leave audit process log file, and a data segment set 2 corresponds to an reimbursement audit process log file. Therefore, in the process of business processing, the storage location of the generated log file can be determined according to the flow corresponding to the business, so that the data can be conveniently searched and reviewed.
In S12, the first digital signature of the first data segment is stored in the signature area of the first data segment.
For example, as shown in fig. 2, in a signature area of a current data segment, a first digital signature of the current data segment and a first digital signature of the previous data segment may be stored; in the data area, data written to the data segment, such as a log file, may be stored.
In S13, if the data region storage of the first data segment is completed and there is a next data segment in the first data segment in the data segment set, the first digital signature of the first data segment is stored in the signature region of the next data segment.
The memory capacity of the storage area corresponding to each data segment may be preset, and for example, each data segment may correspond to 20M of storage space. Furthermore, storage spaces corresponding to the signature area and the data area in the data segment can be set. As an example, it may be determined that the data storage area of the data segment is stored completely when the remaining storage capacity of the data area of the data segment is less than a preset threshold. The preset threshold may be set according to an actual usage scenario, which is not limited by the present disclosure.
In the above technical solution, the digital signature of the previous data segment is stored in the current data segment, and the digital signature of the current data segment is generated based on the data content of the current data segment and the digital signature of the previous data segment, thereby forming a serial chained storage structure. Based on the data storage mode provided by the disclosure, if the data is tampered with due to bad attacks, the content of the current data segment and the content of the subsequent data segment must be modified, so that the complexity of data tampering is greatly increased, and the safe storage of the data is ensured. Moreover, when the data content is changed, the corresponding digital signature is changed inevitably, and through the chain storage structure and the digital signature, the probability of timely finding when the data is tampered can be ensured, and the safety and the integrity of data storage are further ensured. In addition, in the present disclosure, data content may be directly stored in the data area, and encrypted storage is not required, so that a user may directly view the data content, complexity of user operation is reduced, and user experience is improved.
Optionally, if the first data segment is a first data segment in the data segment set, when a storage state of a data area of the first data segment satisfies a preset condition, directly encrypting data content in the data area of the first data segment to obtain a first data signature of the first data segment, and storing the data signature in a signature area of the first data segment. And if the data area storage of the first data segment is finished, storing the first digital signature of the first data segment in the signature area of the next data segment of the first data segment.
By the technical scheme, the data content of the first data segment in the data segment set can be stored, and the security and the accuracy of the data content can be ensured in a digital signature mode.
Optionally, the method further comprises: and step 11, taking the next data segment as a new first data segment, and when the storage state of the data area of the first data segment meets a preset condition, encrypting the data content in the data area of the first data segment and the first digital signature of the second data segment to obtain the first digital signature of the first data segment.
Illustratively, as shown in FIG. 3, a diagram of a set of data segments is shown. As shown in fig. 3, D1, D2, D3 and D4 respectively represent a data segment, D1 is the first data segment in the data segment set, D2 is the next data segment of D1, D3 is the next data segment of D2, and D4 is the next data segment of D3. In the above example, the digital signature of D1 was obtained by encrypting the data content of D1, and after the data area storage of D1 was completed, the obtained digital signature was stored into the signature area of D2.
Thereafter, D2 (i.e., the first data segment) may be encrypted with the data content of D2 according to the digital signature of D1 it stores, so that the digital signature of D2 may be obtained, while the digital signature of D2 is stored in the signature area of D3 after the data area of D2 is completely stored. At this time, D3 may repeat the above steps as a new first data segment, thereby forming the data storage structure shown in fig. 3. By the technical scheme, the relevance among the data segments in the data segment set can be ensured, and the complexity of data modification is further improved so as to ensure the safety of data storage.
Optionally, in an embodiment, the preset condition includes that the data area storage of the first data segment is completed; the method further comprises the following steps:
in response to receiving a sequestration instruction for a set of data segments, a first digital signature of a first data segment is stored into a signature region of a first data segment of the set of data segments.
For part of data generated in the business process, if the business is changed, the data generated before is generally not used, and at this time, the data needs to be sealed, so that the business can be checked or the version is traced. In this embodiment, when data needs to be sealed, a first digital signature of a first data segment (at this time, the last data segment in the set of data segments) is stored in a signature area of the first data segment in the set of data segments in response to receiving a sealing instruction for the set of data segments. The sealing instruction may be triggered by a user, or may be triggered by default, for example, triggered automatically when a business processing flow changes. Illustratively, as shown in fig. 4, the first data is segmented into D4, and in response to receiving a sequestration instruction, the digital signature of D4 is stored into the signature region of D1.
In the above technical solution, when the data area of the first data segment is stored, the first digital signature of the first data segment is calculated, which can reduce the calculation amount of the digital signature and ensure the data storage efficiency. And when the data is sealed, a first digital signature of the first data segment is stored in a signature area of a first data segment in the data segment set, so that a closed-loop incidence relation can be formed among the data segments in the data segment set, the first data segment in the data segment set cannot be determined when the data content is tampered by a bad attack, the data cannot be continuously tampered, and the safety and the integrity of the data are further ensured.
In another embodiment, optionally, the preset condition includes that a new data record is stored in the data area of the first data segment;
the method further comprises the following steps:
a first digital signature of a first data segment is stored in a signature area of a first data segment of a set of data segments.
In this embodiment, when a new data record is stored in the data area of the first data segment, the data content in the data area of the first data segment (i.e., the data content containing the new data record) and the first digital signature of the second data segment are encrypted to obtain the first digital signature of the first data segment.
And, to further ensure the security of data storage, in this embodiment, after obtaining the first digital signature of the first data segment, the first digital signature is stored in the signature area of the first data segment of the set of data segments. That is, in this embodiment, after a new data record is stored, the first digital signature of the current data segment (i.e., the first data segment) is stored in the signature area of the first data segment in the data segment set, so that a closed-loop association relationship is formed between the data segments of the data segment set.
Therefore, by the technical scheme, a new data record is stored in the first data segment, so that the latest first digital signature of the first data segment is obtained, and the first digital signature is stored in the signature area of the first data segment in the data segment set, so that when data is not stored, the data segments in the data segment set are in a closed-loop association relationship, and data tampering is effectively avoided.
Optionally, the method further comprises:
after storing a first digital signature of a first data segment in the signature area of a first data segment in a data segment set, if a new data record to be stored is received, determining the first data segment according to identification information of the first data segment, and storing the data record to be stored in the data area of the first data segment.
In this embodiment, after storing the new data record in the first data segment, the first digital signature of the first data segment is stored in the signature area of the first data segment in the data segment set, forming a closed-loop association relationship. Therefore, when a new data record to be stored is received, the data segment in which the data record to be stored is stored, i.e., the first data segment, needs to be determined from the data segments.
Illustratively, the first data segment may be determined based on identification information of the first data segment. As an example, the identification information may be an ID, an ID of a first data segment may be stored in advance, and when a new data record to be stored is received, the first data segment in the data segment set may be determined directly according to the ID, and then the first data segment in which the data record to be stored is stored may be determined.
As shown in fig. 4, if the ID of the first data segment in the pre-recorded data segment set is D1, when a new data record to be stored is received, the first data segment D1 may be determined in the data segment set by D1, and then D4 may be determined as the first data segment by the digital signature of D4 stored in D1, and the data record to be stored is stored in D4.
In the technical scheme, when the data record to be stored is received, the first data segment in the data segment set is determined based on the identification information, and then the first data segment in which the data record to be stored is determined, so that on one hand, the accuracy of data writing and storage can be ensured, on the other hand, the integrity of data storage can also be ensured, and the data is effectively prevented from being tampered.
In the above embodiment, when a new data record is stored in the data area of the first data segment, the data content in the data area of the first data segment (i.e., the data content containing the new data record) and the first digital signature of the second data segment are encrypted to obtain the first digital signature of the first data segment. As an example, storing a first digital signature of the first data segment in the signature area of the first data segment in S12 includes:
storing the first digital signature of the first data segment into the signature area of the first data segment if the digital signature of the first data segment was not previously stored in the signature area of the first data segment;
if the signature area of the first data segment stores the digital signature of the first data segment, replacing the previously stored digital signature of the first data segment with the first digital signature of the first data segment.
Through the technical scheme, only the latest first digital signature of the first data segment is stored in the signature area of the first data segment, so that the data storage safety is ensured, and unnecessary resource storage occupation is avoided.
Optionally, when the first digital signature of the first data segment is stored in the signature area of the first data segment in the data segment set, only the latest first digital signature of the first data segment may be stored in the signature area of the first data segment in the data segment set in the above manner, so as to reduce resource occupation and improve resource utilization.
Optionally, the method further comprises:
in response to receiving a verification instruction, encrypting data content in a data area of a data segment to be verified indicated by the verification instruction and a first digital signature of a previous data segment of the data segment to be verified, which is stored in a signature area of the data segment to be verified, to obtain a second digital signature of the data segment to be verified;
if the first digital signature of the data segment to be verified stored in the signature area of the data segment to be verified is different from the second digital signature of the data segment to be verified, determining that the data content of the data segment to be verified is tampered;
and if the first digital signature of the data segment to be verified stored in the signature area of the data segment to be verified is the same as the second digital signature of the data segment to be verified, and the next data segment exists in the data segment set, determining that the data content of the data segment to be verified is tampered under the condition that the second digital signature of the data segment to be verified is different from the first digital signature of the data segment to be verified stored in the next data segment of the data segment to be verified.
In the present disclosure, a signature is generated by using a uniform key and encryption method when generating a digital signature by encryption.
As an example, the check instruction may be triggered by a timer, that is, in order to timely find whether the data is tampered during the data storage process, the check instruction may be triggered every other cycle to check the stored data. As another example, the verification instruction may also be triggered by user action. The check instruction may indicate the data segment to be checked, for example, the check instruction may include an ID of a field to be checked, and if the check instruction does not include an ID, it may be determined that each data segment in the data segment set is the data segment to be checked.
The verification process is described in detail below with respect to the set of data segments shown in FIG. 4.
For the data segment D2 in the data segment set, when the D2 is verified, the data content stored in the data area of D2 and the first digital signature of D1 stored in the signature area of D2 are encrypted, and the second digital signature of D2 is obtained. If the data content in the data area of D2 has not been tampered with, the second digital signature of D2, which is obtained by the same encryption method and key as the first digital signature, and the first digital signature of D2 stored in the signature area of D2 should be the same, and therefore, when the second digital signature of D2 and the first digital signature of D2 stored in the signature area of D2 are different, it can be determined that the data content of D2 has been tampered with.
In another embodiment, a bad attack may alter the first digital signature of D2 stored in D2 at the same time when tampering with the data content of D2, and therefore, upon determining that the second digital signature of D2 is the same as the first digital signature of D2 stored in the signature region of D2, it is necessary to compare the first digital signature of D2 stored in the signature region of the next data segment D3 of D2, and if the second digital signature of D2 is different from the first digital signature of D2 stored in the signature region of D3, the first digital signature of D2 stored in the signature region of D2 is altered, and the data content of D2 is also tampered.
For the first data segment D1 in the data segment set, since the first digital signature is obtained by encrypting the data content thereof, when it is verified, the second digital signature of D1 is also obtained by encrypting the data content thereof, so as to ensure consistency of verification. The verification process after obtaining the second digital signature of D1 is the same as above and will not be described herein.
Through the technical scheme, the data content of the current data segment is verified through the first digital signature of the current data segment stored in the current data segment and the first digital signature of the current data segment stored in the next data segment, the data content can be found in time when being tampered, and even if the data content in the current data segment and the first digital signature stored in the current data segment are changed by bad attacks, the content can be accurately verified through the rapid scheme provided by the disclosure, so that a user can make countermeasures in time, and the use experience of the user is guaranteed.
Optionally, each data segment in the data segment set further includes a redundant backup area, as shown in fig. 5, where the area C is the redundant backup area;
the method may further comprise:
after storing the data record to the data area of the first data segment, the data record is sliced to obtain a plurality of sub-segments of the data record. For example, taking log data as an example, one data record may be a log file, and after storing the log file, the log file may be divided into 2nSub-segments. And n is a positive integer and can be set according to actual use scenes. The larger n, the higher the security of data storage.
The hash value for each sub-segment of the data record is determined based on the other data segments in the set of data segments except the first data segment. The other data segments may be used as storage spaces, and a hash algorithm is used to determine the hash value of each sub-segment, where the hash algorithm is the prior art and is not described herein again.
And respectively storing each sub-segment into a redundant backup area of the data segment corresponding to the hash value of the sub-segment according to the hash value, wherein the sub-segment is used for restoring the data record.
The sub-segments are stored through the hash values, backup storage can be carried out on the sub-segments, and the sub-segments are stored in other data segments except the first data segment in the data segment set, so that the safety of backup data storage can be effectively guaranteed, and the searching efficiency and accuracy of the sub-segments can be effectively improved.
As an example, taking data records as log files as an example, when storing a log file, the number ID of each log file in the data segment may be sequentially continuous and unique for each data segment, and when dividing the log file into a plurality of sub-segments, the backup hash of each sub-segment may be stored to other data segments according to the number ID of the log file. By the scheme, the uniformity of the data structure is ensured in a sequential storage mode, the data records in the data segments are conveniently managed, and the data query efficiency is improved.
Optionally, in an embodiment, if it is determined that the data content of the data segment to be verified is tampered, acquiring, according to the hash value of the sub-segment of each data record in the data content of the data segment to be verified, the sub-segment of each data record in the data content of the data segment to be verified from the redundant backup area of the data segment corresponding to the hash value; the data record is regenerated from the sub-segments belonging to the same data record.
Illustratively, the data records stored in D2 are L1, L2 and L3, wherein L1 is divided into 2 sub-segments, denoted as L1-1 and L1-2, and the following description will take L1 as an example to perform data record recovery. If the data content of D2 is determined to be tampered, the data records stored in D2 can be determined. For L1, its corresponding backup is determined from the hash values corresponding to L1-1, L1-2. Illustratively, the backup of L1-1 is extracted from the redundant backup area of D1, the backup of L1-2 is extracted from the redundant backup area of D3, and then L1 may be regenerated from the backup of L1-1 and the backup of L1-2. For other data records that need to be restored, the execution steps are the same as those described above, and the manner of generating data records according to each sub-segment is the prior art, and will not be described herein again.
By the technical scheme, when the data content of the data segment is verified and confirmed to be tampered, the data content of the data segment can be recovered, so that the readability of the data and the integrity of the data can be guaranteed, and accurate data support is provided for subsequent data analysis.
Optionally, the data area of the data segment may further include an index file. The data content comprises a plurality of data records, and the index file records the index of each data record, so that the corresponding data record can be quickly determined based on the index file. The signature area of the data segment can also comprise a number of the data segment and an index area reference, wherein the number is used for uniquely representing the data segment, and the index area reference is used for indicating the storage position of the index file in the data area, so that the index file can be quickly queried, and the efficiency of querying the data record is further improved.
It should be noted that, in the embodiment of the present disclosure, an example is performed through a log file, the present disclosure is not limited, and the data storage method described in the present disclosure may be adopted for storing data that can be directly viewed and needs to ensure integrity.
The present disclosure also provides a data storage device, as shown in fig. 6, the device 10 including:
a first signature module 100, configured to encrypt a data content in a data area of a first data segment and a first digital signature of a second data segment when a storage state of the data area of the first data segment meets a preset condition, to obtain a first digital signature of the first data segment, where the first data segment and the second data segment belong to a same data segment set, the second data segment is a previous data segment of the first data segment, each data segment in the data segment set includes a signature area and a data area, and the signature area of the first data segment stores the first digital signature of the second data segment;
a first storage module 200, configured to store a first digital signature of the first data segment into the signature area of the first data segment;
a second storing module 300, configured to, if the data area of the first data segment is completely stored and there is a next data segment in the first data segment in the data segment set, store a first digital signature of the first data segment in the signature area of the next data segment.
Optionally, the apparatus further comprises: and the first determining module is used for taking the next data segment as a new first data segment and triggering the first signature module to encrypt the data content in the data area of the first data segment and the first digital signature of the second data segment when the storage state of the data area of the first data segment meets a preset condition so as to obtain the first digital signature of the first data segment.
Optionally, the preset condition includes that the data area storage of the first data segment is completed; the device further comprises:
a third storage module to store a first digital signature of the first data segment into the signature region of a first data segment of the set of data segments in response to receiving a sequestration instruction for the set of data segments.
Optionally, the preset condition includes that a new data record is stored in the data area of the first data segment;
the device further comprises:
a fourth storage module to store a first digital signature of the first data segment into the signature region of a first one of the set of data segments.
Optionally, the first storage module includes:
a first storage sub-module to store the first digital signature of the first data segment into the signature area of the first data segment if the digital signature of the first data segment was not previously stored in the signature area of the first data segment;
a second storage sub-module for replacing a previously stored digital signature of a first data segment with the first digital signature of the first data segment if the digital signature of the first data segment was previously stored in the signature region of the first data segment.
Optionally, the apparatus further comprises:
a second determining module, configured to, after storing the first digital signature of the first data segment in the signature area of a first data segment in the data segment set, if a new data record to be stored is received, determine the first data segment according to identification information of the first data segment, and store the data record to be stored in the data area of the first data segment.
Optionally, the apparatus further comprises:
the second signature module is used for responding to the received verification instruction, encrypting the data content in the data area of the to-be-verified data segment indicated by the verification instruction and the first digital signature of the last data segment of the to-be-verified data segment stored in the signature area of the to-be-verified data segment, and obtaining a second digital signature of the to-be-verified data segment;
the third determining module is used for determining that the data content of the data segment to be verified is tampered under the condition that the first digital signature of the data segment to be verified stored in the signature area of the data segment to be verified is different from the second digital signature of the data segment to be verified;
a fourth determining module, configured to determine that the data content of the data segment to be verified is tampered when the second digital signature of the data segment to be verified is different from the first digital signature of the data segment to be verified stored in the next data segment of the data segment to be verified, if the first digital signature of the data segment to be verified stored in the signature area of the data segment to be verified is the same as the second digital signature of the data segment to be verified and the next data segment exists in the data segment set.
Optionally, each data segment in the set of data segments further includes a redundant backup area;
the device further comprises:
the fragmentation module is used for fragmenting the data record after the data record is stored in the data area of the first data fragment so as to obtain a plurality of sub fragments of the data record;
a fifth determining module, configured to determine, according to data segments other than the first data segment in the data segment set, a hash value of each sub-segment of the data record;
and a fifth storage module, configured to store each sub-segment into the redundant backup area of the data segment corresponding to the hash value of the sub-segment according to the hash value, where the sub-segment is used to restore the data record.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
Fig. 7 is a block diagram illustrating an electronic device 700 in accordance with an example embodiment. As shown in fig. 7, the electronic device 700 may include: a processor 701 and a memory 702. The electronic device 700 may also include one or more of a multimedia component 703, an input/output (I/O) interface 704, and a communication component 705.
The processor 701 is configured to control the overall operation of the electronic device 700, so as to complete all or part of the steps in the data storage method. The memory 702 is used to store various types of data to support operation at the electronic device 700, such as instructions for any application or method operating on the electronic device 700 and application-related data, such as contact data, transmitted and received messages, pictures, audio, video, and the like. The Memory 702 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk, or optical disk. The multimedia components 703 may include screen and audio components. Wherein the screen may be, for example, a touch screen and the audio component is used for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signal may further be stored in the memory 702 or transmitted through the communication component 705. The audio assembly also includes at least one speaker for outputting audio signals. The I/O interface 704 provides an interface between the processor 701 and other interface modules, such as a keyboard, mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. The communication component 705 is used for wired or wireless communication between the electronic device 700 and other devices. Wireless Communication, such as Wi-Fi, bluetooth, Near Field Communication (NFC), 2G, 3G, 4G, NB-IOT, eMTC, or other 5G, etc., or a combination of one or more of them, which is not limited herein. The corresponding communication component 705 may thus include: Wi-Fi module, Bluetooth module, NFC module, etc.
In an exemplary embodiment, the electronic Device 700 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components for performing the above-described data storage method.
In another exemplary embodiment, a computer readable storage medium comprising program instructions which, when executed by a processor, implement the steps of the data storage method described above is also provided. For example, the computer readable storage medium may be the memory 702 described above comprising program instructions that are executable by the processor 701 of the electronic device 700 to perform the data storage method described above.
Fig. 8 is a block diagram illustrating an electronic device 1900 in accordance with an example embodiment. For example, the electronic device 1900 may be provided as a server. Referring to fig. 8, an electronic device 1900 includes a processor 1922, which may be one or more in number, and a memory 1932 for storing computer programs executable by the processor 1922. The computer program stored in memory 1932 may include one or more modules that each correspond to a set of instructions. Further, the processor 1922 may be configured to execute the computer program to perform the data storage method described above.
Additionally, electronic device 1900 may also include a power component 1926 and a communication component 1950, the power component 1926 may be configured to perform power management of the electronic device 1900, and the communication component 1950 may be configured to enable communication, e.g., wired or wireless communication, of the electronic device 1900. In addition, the electronic device 1900 may also include input/output (I/O) interfaces 1958. The electronic device 1900 may operate based on an operating system, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, etc., stored in memory 1932.
In another exemplary embodiment, a computer readable storage medium comprising program instructions which, when executed by a processor, implement the steps of the data storage method described above is also provided. For example, the computer readable storage medium may be the memory 1932 described above that includes program instructions that are executable by the processor 1922 of the electronic device 1900 to perform the data storage methods described above.
In another exemplary embodiment, a computer program product is also provided, which comprises a computer program executable by a programmable apparatus, the computer program having code portions for performing the above-mentioned data storage method when executed by the programmable apparatus.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.
It should be noted that the various features described in the above embodiments may be combined in any suitable manner without departing from the scope of the invention. In order to avoid unnecessary repetition, various possible combinations will not be separately described in this disclosure.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.
Claims (12)
1. A method of data storage, the method comprising:
encrypting data content in a data area of a first data segment and a first digital signature of a second data segment when the storage state of the data area of the first data segment meets a preset condition to obtain the first digital signature of the first data segment, wherein the preset condition comprises that the data area of the first data segment is stored completely or a new data record is stored in the data area of the first data segment, the first data segment and the second data segment belong to the same set of data segments, the second data segment being a previous data segment to the first data segment, each data segment in the set of data segments comprises a signature region and a data region, the signature region of the first data segment having stored therein a first digital signature of the second data segment;
storing a first digital signature of the first data segment into the signature region of the first data segment;
if the data region of the first data segment is stored completely and a next data segment exists in the first data segment in the data segment set, storing a first digital signature of the first data segment in the signature region of the next data segment.
2. The method according to claim 1, wherein the next data segment is taken as a new first data segment, and the step of encrypting the data content in the data area of the first data segment and the first digital signature of the second data segment to obtain the first digital signature of the first data segment when the storage state of the data area of the first data segment satisfies a preset condition is returned.
3. The method according to claim 2, wherein the preset condition comprises that the data area storage of the first data segment is completed; the method further comprises the following steps:
in response to receiving a sequestration instruction for the set of data segments, storing a first digital signature of the first data segment into the signature region of a first data segment of the set of data segments.
4. The method of claim 2, wherein the predetermined condition comprises that a new data record is stored in the data area of the first data segment;
the method further comprises the following steps:
storing a first digital signature of the first data segment into the signature region of a first data segment of the set of data segments.
5. The method of claim 4, wherein storing the first digital signature of the first data segment in the signature region of the first data segment comprises:
storing the first digital signature of the first data segment into the signature area of the first data segment if the digital signature of the first data segment was not previously stored in the signature area of the first data segment;
if the signature area of the first data segment stores the digital signature of the first data segment, replacing the previously stored digital signature of the first data segment with the first digital signature of the first data segment.
6. The method of claim 4, further comprising:
after the first digital signature of the first data segment is stored in the signature area of a first data segment in the data segment set, if a new data record to be stored is received, the first data segment is determined according to the identification information of the first data segment, and the data record to be stored is stored in the data area of the first data segment.
7. The method of claim 1, further comprising:
in response to receiving a verification instruction, encrypting data content in a data area of a data segment to be verified indicated by the verification instruction and a first digital signature of a previous data segment of the data segment to be verified, which is stored in a signature area of the data segment to be verified, to obtain a second digital signature of the data segment to be verified;
if the first digital signature of the data segment to be verified stored in the signature area of the data segment to be verified is different from the second digital signature of the data segment to be verified, determining that the data content of the data segment to be verified is tampered;
and if the first digital signature of the data segment to be verified stored in the signature area of the data segment to be verified is the same as the second digital signature of the data segment to be verified, and the next data segment exists in the data segment set, determining that the data content of the data segment to be verified is tampered under the condition that the second digital signature of the data segment to be verified is different from the first digital signature of the data segment to be verified stored in the next data segment of the data segment to be verified.
8. The method of claim 1, wherein each data segment of the set of data segments further comprises a redundant backup area;
the method further comprises the following steps:
after storing a data record in a data area of the first data segment, fragmenting the data record to obtain a plurality of sub-fragments of the data record;
determining a hash value of each sub-segment of the data record according to other data segments except the first data segment in the data segment set;
and according to the hash value, respectively storing each sub-segment into the redundant backup area of the data segment corresponding to the hash value of the sub-segment, wherein the sub-segment is used for recovering the data record.
9. The method of claim 1, further comprising:
if the first data segment is the first data segment in the data segment set, encrypting the data content in the data area of the first data segment when the storage state of the data area of the first data segment meets the preset condition, obtaining the first data signature of the first data segment, and storing the first data signature in the signature area of the first data segment;
and if the data area of the first data segment is stored, storing the first digital signature of the first data segment in a signature area of a next data segment of the first data segment.
10. A data storage device, characterized in that the device comprises:
a first signature module, configured to, when a storage state of a data area of the first data segment satisfies a preset condition, encrypting data content in the data area of the first data segment and a first digital signature of a second data segment to obtain a first digital signature of the first data segment, wherein the preset condition comprises that the data area of the first data segment is stored completely or a new data record is stored in the data area of the first data segment, the first data segment and the second data segment belong to the same set of data segments, the second data segment being a previous data segment to the first data segment, each data segment in the set of data segments comprises a signature region and a data region, the signature region of the first data segment having stored therein a first digital signature of the second data segment;
a first storage module to store a first digital signature of the first data segment into the signature region of the first data segment;
a second storing module, configured to store a first digital signature of the first data segment into the signature area of a next data segment if the data area of the first data segment is completely stored and the first data segment in the data segment set exists in the next data segment.
11. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 9.
12. An electronic device, comprising:
a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to carry out the steps of the method of any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910507170.1A CN110324150B (en) | 2019-06-12 | 2019-06-12 | Data storage method and device, computer readable storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910507170.1A CN110324150B (en) | 2019-06-12 | 2019-06-12 | Data storage method and device, computer readable storage medium and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110324150A CN110324150A (en) | 2019-10-11 |
| CN110324150B true CN110324150B (en) | 2022-03-22 |
Family
ID=68120892
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910507170.1A Active CN110324150B (en) | 2019-06-12 | 2019-06-12 | Data storage method and device, computer readable storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110324150B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109118223A (en) * | 2018-08-21 | 2019-01-01 | 上海点融信息科技有限责任公司 | For managing the method, apparatus and medium of electronic data in block chain |
| CN109194466A (en) * | 2018-10-29 | 2019-01-11 | 南开大学 | A kind of cloud data integrity detection method and system based on block chain |
| CN109302495A (en) * | 2018-11-20 | 2019-02-01 | 北京邮电大学 | A kind of date storage method and device |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090044018A1 (en) * | 2007-08-08 | 2009-02-12 | Mark Louis Kirchner | Section Inclusion and Section Order Authentication Method for Computer Electronic Documents |
| IL187040A0 (en) * | 2007-10-30 | 2008-02-09 | Sandisk Il Ltd | Caching for structural integrity schemes |
| US20150169901A1 (en) * | 2013-12-12 | 2015-06-18 | Sandisk Technologies Inc. | Method and Systems for Integrity Checking a Set of Signed Data Sections |
| CN109462472A (en) * | 2017-09-06 | 2019-03-12 | 阿里巴巴集团控股有限公司 | The methods, devices and systems of data encryption and decryption |
-
2019
- 2019-06-12 CN CN201910507170.1A patent/CN110324150B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109118223A (en) * | 2018-08-21 | 2019-01-01 | 上海点融信息科技有限责任公司 | For managing the method, apparatus and medium of electronic data in block chain |
| CN109194466A (en) * | 2018-10-29 | 2019-01-11 | 南开大学 | A kind of cloud data integrity detection method and system based on block chain |
| CN109302495A (en) * | 2018-11-20 | 2019-02-01 | 北京邮电大学 | A kind of date storage method and device |
Non-Patent Citations (2)
| Title |
|---|
| Filipe Apolinário ; Miguel Pardal ; Miguel Correia."S-Audit: Efficient Data Integrity Verification for Cloud Storage".《2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)》.2018, * |
| 区块链中的隐私保护技术;翟社平等;《西安邮电大学学报》;20180910(第05期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110324150A (en) | 2019-10-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110826111B (en) | Test supervision method, device, equipment and storage medium | |
| US11074139B2 (en) | Dynamic block chain system using metadata for backing up data based on digest rules | |
| US8108536B1 (en) | Systems and methods for determining the trustworthiness of a server in a streaming environment | |
| CN111897786B (en) | Log reading method, device, computer equipment and storage medium | |
| US8175268B2 (en) | Generating and securing archive keys | |
| US20200265124A1 (en) | Blockchain-based image processing method and apparatus | |
| TW201939337A (en) | Behavior recognition, data processing method and apparatus | |
| CN115248919A (en) | Method and device for calling function interface, electronic equipment and storage medium | |
| CN116305290A (en) | System log security detection method and device, electronic equipment and storage medium | |
| US11934539B2 (en) | Method and apparatus for storing and processing application program information | |
| CN108154042B (en) | File system encryption method and device | |
| CN110324150B (en) | Data storage method and device, computer readable storage medium and electronic equipment | |
| CN111400771A (en) | Target partition checking method and device, storage medium and computer equipment | |
| CN117201120A (en) | Information encryption method, device, computer equipment and storage medium | |
| CN111291001A (en) | Reading method and device of computer file, computer system and storage medium | |
| CN115935414A (en) | Block chain based data verification method and device, electronic equipment and storage medium | |
| CN115361198A (en) | Decryption method, encryption method, device, computer equipment and storage medium | |
| CN114979109A (en) | Behavior track detection method and device, computer equipment and storage medium | |
| CN111008389B (en) | Data processing method and device based on file system in satellite | |
| CN114491661A (en) | Log tamper-proofing method and system based on block chain | |
| US11310218B2 (en) | Password streaming | |
| TWM591647U (en) | Data management system capable of securely accessing and deleting data | |
| CN113407213B (en) | Resource package updating method, device, equipment and storage medium | |
| CN117150575B (en) | Method, system, equipment and medium for preventing manipulation of operation log of trusted industrial control system | |
| CN112307468B (en) | Software detection method, software detection device and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |