CN111062047A - Data storage method, system, device and storage medium - Google Patents
Data storage method, system, device and storage medium Download PDFInfo
- Publication number
- CN111062047A CN111062047A CN201911360126.9A CN201911360126A CN111062047A CN 111062047 A CN111062047 A CN 111062047A CN 201911360126 A CN201911360126 A CN 201911360126A CN 111062047 A CN111062047 A CN 111062047A
- Authority
- CN
- China
- Prior art keywords
- user identifier
- user
- processing
- module
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013500 data storage Methods 0.000 title claims abstract description 105
- 238000000034 method Methods 0.000 title claims abstract description 97
- 238000012545 processing Methods 0.000 claims abstract description 149
- 230000015654 memory Effects 0.000 claims description 25
- 230000008569 process Effects 0.000 claims description 17
- 238000003780 insertion Methods 0.000 claims description 7
- 230000037431 insertion Effects 0.000 claims description 7
- 239000000126 substance Substances 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 7
- 238000003672 processing method Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000004590 computer program Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000007796 conventional method Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003340 mental effect Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001151 other effect Effects 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The application discloses a data storage method, a system, a device and a storage medium, wherein the method comprises the following steps: the control module acquires a first user identifier and sends the first user identifier to the at least one storage module; the at least one storage module receives the first user identification sent by the control module, and performs first encryption processing on the first user identification to obtain a second user identification, wherein the first encryption processing corresponding to different storage modules is different; the at least one storage module acquires first user data corresponding to the first user identifier according to the first user identifier, wherein the first user data is stored in the storage module; and the at least one storage module associates the second user identification with the first user data to obtain second user data, and stores the second user data. The method obviously improves the storage safety of the user data in each storage system.
Description
Technical Field
The present application relates to the field of data storage technologies, and in particular, to a data storage method, system, device, and storage medium.
Background
With the development of the internet technology, a data storage system may include a plurality of storage modules independent of each other, a user corresponds to a unique user identifier in a data storage system, the user may operate in each storage module by means of the user identifier, and store operation data generated by the operation in the corresponding storage module after associating with the user identifier thereof, and when the user logs in the data storage system again, the user may view historical operation data in all the storage modules by means of the user identifier thereof.
In the prior art, a user identifier corresponding to a user is directly transmitted and circulated in a data storage system, the form and the content of the user identifier obtained by each storage module are completely the same, and each storage module is associated with the operation data of the user in the storage module by using the same user identifier and then is stored in the storage module again.
However, because the form and the content of the user identifier acquired by each storage module are completely the same, if the user identifier is acquired by other illegal users, the other illegal users can acquire the operation data associated with the user identifier in all the storage modules through the user identifier, and therefore, the existing data storage method has potential safety hazards.
Disclosure of Invention
Embodiments of the present application provide a data storage method, system, device, and storage medium, which are used to solve the problem that in the existing data storage method, other illegal users can obtain operation data associated with a user identifier in all storage modules through one user identifier.
In a first aspect, the present application provides a data storage method for a data storage system, the data storage system including a control module and at least one storage module, the method including:
the control module acquires a first user identifier and sends the first user identifier to the at least one storage module;
the at least one storage module receives the first user identification sent by the control module, and performs first encryption processing on the first user identification to obtain a second user identification, wherein the first encryption processing corresponding to different storage modules is different;
the at least one storage module acquires first user data corresponding to the first user identifier according to the first user identifier, wherein the first user data is stored in the storage module;
and the at least one storage module associates the second user identification with the first user data to obtain second user data, and stores the second user data.
Further, the at least one storage module performs a first encryption process on the first subscriber identity, including:
and the at least one storage module performs first encryption processing on the first user identifier by using a first key, wherein the first keys corresponding to different storage modules are different.
Further, the at least one storage module performs first encryption processing on the first user identifier, and further includes a step of performing encryption processing on the first user identifier by using an information digest algorithm and a secure hash algorithm in sequence, and then performing the first encryption processing by using the first key.
Further, after the control module obtains the first subscriber identity, the method further includes:
performing second encryption processing on the first user identifier to obtain a third user identifier;
sending the first subscriber identity to the at least one storage module, including:
sending the third user identification to the at least one storage module;
the at least one storage module receives the first subscriber identity sent by the control module, and the method comprises the following steps:
and the at least one storage module receives the third user identifier sent by the control module and decrypts the third user identifier to obtain the first user identifier.
Further, the second encryption processing is performed on the first user identifier by the control module to obtain a third user identifier, including:
performing third encryption processing on the first user identifier by using an asymmetric encryption algorithm to obtain a fourth user identifier, wherein the asymmetric encryption algorithm corresponds to a second key, the length of the second key is L, and L is a positive integer;
randomly inserting the second key into the fourth user identifier to obtain a fifth user identifier, wherein the insertion position of the second key in the fourth user identifier is N, and N is a positive integer;
performing fourth encryption processing on the L and the N by using the public key corresponding to the data storage system to obtain an encryption string;
and inserting the encryption string into the tail part of the fifth user identifier to obtain the third user identifier.
Further, the decrypting, by the at least one storage module, the third user identifier to obtain the first user identifier includes:
disassembling the third user identifier to obtain the encryption string and the fifth user identifier;
decrypting the encrypted string by using a public key corresponding to the data storage system to obtain a numerical value L and a numerical value N;
the second secret key with the length of L is disassembled at the position N of the fifth user identifier to obtain the fourth user identifier;
and decrypting the fourth user identification by using the second secret key to obtain the first user identification.
In a second aspect, the present application provides a data storage system comprising a control module and at least one storage module,
the control module includes:
the first acquisition unit is used for acquiring a first user identifier and sending the first user identifier to the at least one storage module;
the memory module includes:
the first processing unit is used for receiving the first user identifier sent by the control module and performing first encryption processing on the first user identifier to obtain a second user identifier, wherein the first encryption processing corresponding to different storage modules is different;
a second obtaining unit, configured to obtain, according to the first user identifier, first user data corresponding to the first user identifier, where the first user data is stored in the storage module;
and the second processing unit is used for associating the second user identification with the first user data to obtain second user data and storing the second user data.
Further, the storage module corresponds to a first key, and the first keys corresponding to different storage modules are different, and the first processing unit includes:
and the first processing subunit is used for performing first encryption processing on the first user identifier by using a first key.
Further, the first processing unit further includes:
and the second processing subunit is used for carrying out encryption processing on the first user identifier by sequentially utilizing an information digest algorithm and a secure hash algorithm before the first processing subunit.
Further, the first acquisition unit includes:
the third processing subunit is configured to perform second encryption processing on the first user identifier to obtain a third user identifier;
a fourth processing subunit, configured to send the third user identifier to the at least one storage module;
the first processing unit further comprises:
and the fifth processing subunit is configured to receive the third user identifier sent by the control module, and perform decryption processing on the third user identifier to obtain the first user identifier.
Further, the third processing subunit includes:
the first processing module is used for performing third encryption processing on the first user identifier by using an asymmetric encryption algorithm to obtain a fourth user identifier, wherein the asymmetric encryption algorithm corresponds to a second key, the length of the second key is L, and L is a positive integer;
a second processing module, configured to randomly insert the second key into the fourth user identifier to obtain a fifth user identifier, where an insertion position of the second key in the fourth user identifier is N, and N is a positive integer;
the third processing module is used for carrying out fourth encryption processing on the L and the N by using the public key corresponding to the data storage system to obtain an encryption string;
and the fourth processing module is used for inserting the encryption string into the tail part of the fifth user identifier to obtain the third user identifier.
Further, the fifth processing subunit includes:
a fifth processing module, configured to disassemble the third user identifier to obtain the encrypted string and the fifth user identifier;
the sixth processing module is used for decrypting the encrypted string by using the public key corresponding to the data storage system to obtain a numerical value L and a numerical value N;
a seventh processing module, configured to disassemble the second key with the length of L at the position N of the fifth user identifier, to obtain the fourth user identifier;
and the eighth processing module is configured to decrypt the fourth user identifier by using the second key to obtain the first user identifier.
In a third aspect, the present application provides an electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of the first aspects.
In a fourth aspect, the present application provides a non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any of the first aspects.
One embodiment in the above application has the following advantages or benefits: the data storage method provided by the application is used for a data storage system consisting of a control module and at least one storage module, and comprises the following steps: the control module acquires a first user identifier and sends the first user identifier to at least one storage module; at least one storage module receives a first user identifier sent by a control module, and performs first encryption processing on the first user identifier to obtain a second user identifier, wherein the first encryption processing corresponding to different storage modules is different; at least one storage module acquires first user data corresponding to a first user identifier according to the first user identifier, wherein the first user data is stored in the storage module; and the at least one storage module associates the second user identification with the first user data to obtain second user data, and stores the second user data. Each storage module in the data storage system respectively carries out different encryption processing on the received first user identification to obtain a plurality of second user identifications corresponding to each storage module, then each storage module associates the second user identification obtained by respective encryption with first user data of a user in the storage module to obtain second user data, and the second user data is stored in the corresponding storage module again.
Other effects of the above-described alternative will be described below with reference to specific embodiments.
Drawings
The drawings are included to provide a better understanding of the present solution and are not intended to limit the present application.
Fig. 1 is a schematic flowchart of a data storage method provided in an embodiment of the present application;
FIG. 2 is a schematic flow chart illustrating a further data storage method provided in an embodiment of the present application;
FIG. 2a is a schematic diagram of a data storage system provided by an embodiment of the present application;
FIG. 3 is a schematic structural diagram of a data storage system according to an embodiment of the present application;
FIG. 4 is a schematic structural diagram of another data storage system provided in an embodiment of the present application;
fig. 5 is a schematic structural diagram of a data storage device according to an embodiment of the present application.
Detailed Description
The following description of the exemplary embodiments of the present application, taken in conjunction with the accompanying drawings, includes various details of the embodiments of the application for the understanding of the same, which are to be considered exemplary only. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present application. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
The noun to which this application relates explains:
and (3) user identification: a unique universal identification code of a user in the data storage system.
The application scenario of the application is as follows: with the development of the internet technology, a data storage system may include a plurality of storage modules independent of each other, a user corresponds to a unique user identifier in a data storage system, the user may operate in each storage module by means of the user identifier, and store operation data generated by the operation in the corresponding storage module after associating with the user identifier thereof, and when the user logs in the data storage system again, the user may view historical operation data in all the storage modules by means of the user identifier thereof.
In the prior art, a user identifier corresponding to a user is directly transmitted and circulated in a data storage system, the form and the content of the user identifier obtained by each storage module are completely the same, and each storage module is associated with the operation data of the user in the storage module by using the same user identifier and then is stored in the storage module again.
However, because the form and the content of the user identifier acquired by each storage module are completely the same, if the user identifier is acquired by other illegal users, the other illegal users can acquire the operation data associated with the user identifier in all the storage modules through the user identifier, and therefore, the existing data storage method has potential safety hazards.
The present application provides a data storage method, system, device and storage medium, which aims to solve the above technical problems.
Fig. 1 is a schematic flowchart of a data storage method according to an embodiment of the present application, and as shown in fig. 1, the method includes:
In this embodiment, specifically, an execution main body of this embodiment is a terminal device, an application, a server, or a controller that is provided on the terminal device, or other apparatuses or devices that can execute this embodiment, and this embodiment is described by taking the execution main body as a server that is provided on the terminal device as an example.
The method of the present embodiment is used for a data storage system composed of a control module and at least one storage module. In the data storage system, each user corresponds to a user identifier, and the user identifier is unique and fixed and is used for distinguishing the users operating the data storage system. The user can operate each storage module in the data storage system through the control module, the operation data generated after operation is associated with the user identification of the user and then stored in the corresponding storage module, and when the user accesses the storage module again, the operation data can be inquired through the user identification of the user. However, in the above data storage method, the user identifier corresponding to each user is directly transmitted and stored in the data storage system without any processing, the user identifier corresponding to a certain user is easily obtained by other users, and if the user identifier of a first user is obtained by a second user, the second user can also obtain the operation data of the first user in all storage modules through the user identifier of the first user, so that the above data storage method has a potential safety hazard. The method of the embodiment is used for solving the potential safety hazard existing in the storage system.
The first user identifier corresponding to a certain user may be a phone number, an identification number, a Universal Unique Identifier (UUID), or the like corresponding to the user, and preferably, the first user identifier corresponding to a certain user may be a Universal Unique Identifier (UUID) corresponding to the user.
And 102, receiving the first user identification sent by the control module by at least one storage module, and performing first encryption processing on the first user identification to obtain a second user identification, wherein the first encryption processing corresponding to different storage modules is different.
In this embodiment, specifically, after receiving the first user identifier sent by the control module, any storage module may encrypt the first user identifier inside the storage module by using a preset encryption processing method to obtain a second user identifier; for the plurality of storage modules, the first user identifiers sent by the control module and received by each storage module are the same, but the preset encryption processing methods corresponding to the storage modules are different from each other, so that the second user identifiers obtained by encrypting the first user identifiers by the storage modules are also different from each other.
For a certain user, different storage modules perform different encryption processing on the first user identifier corresponding to the user, so that the second user identifiers corresponding to the user, which are obtained by each storage module, are different from each other, and it can be prevented that other users obtain the user identifiers corresponding to the user in all the storage modules by obtaining one user identifier corresponding to the user.
In this embodiment, specifically, the storage module obtains, according to the first user identifier, first user data of a user in the storage module, where the user corresponds to the first user identifier.
The first user data corresponding to the first user identifier includes identity information data registered in the storage module by a user corresponding to the first user identifier and/or operation data generated by operation. Exemplarily, assuming that the data storage system in this embodiment is an education system, the education system includes a learning module and an examination module, a user a is a certain user of the education system, and a corresponding school number of the user a in the education system is a, and the school number a is a first user identifier corresponding to the user a in the education system; taking a learning module as an example for explanation, the first user data corresponding to the learning number a (first user id) in the learning module includes identity information data registered in the learning module by the user a corresponding to the learning number a (first user id) and/or operation data generated by performing an operation, the identity information registered in the learning module by the user a includes identity tags such as gender, age, birthday, academic calendar, home address, etc., and the operation information generated by the user a performing an operation in the learning module includes information related to operations such as learning progress, notes, learning mental activities, submitting jobs, etc.
And 104, associating the second user identification with the first user data by at least one storage module to obtain second user data, and storing the second user data.
In this embodiment, specifically, the storage module associates the second user identifier with the first user data, which may be binding the second user identifier with the first user data, so as to obtain the second user data; and storing the second user data obtained by associating the second user identification with the first user data in a corresponding storage module, so that the user can conveniently check the historical operation data in the storage module according to the corresponding user identification.
In this embodiment, the data storage method provided in this embodiment is used in a data storage system including a control module and at least one storage module, and the method includes: the control module acquires a first user identifier and sends the first user identifier to at least one storage module; at least one storage module receives a first user identifier sent by a control module, and performs first encryption processing on the first user identifier to obtain a second user identifier, wherein the first encryption processing corresponding to different storage modules is different; at least one storage module acquires first user data corresponding to a first user identifier according to the first user identifier, wherein the first user data is stored in the storage module; and the at least one storage module associates the second user identification with the first user data to obtain second user data, and stores the second user data. Each storage module in the data storage system respectively carries out different encryption processing on the received first user identification to obtain a plurality of second user identifications corresponding to each storage module, then each storage module associates the second user identification obtained by respective encryption with first user data of a user in the storage module to obtain second user data, and the second user data is stored in the corresponding storage module again.
Fig. 2 is a schematic flowchart of another data storage method according to an embodiment of the present application, and based on fig. 1, as shown in fig. 2, the method includes:
The method of the present embodiment is applicable to a data storage system, and fig. 2a is a schematic diagram of the data storage system provided in the present embodiment, and as shown in fig. 2a, the data storage system related to the present embodiment is composed of a control module and at least one storage module (only a storage module 1, a storage module 2, a storage module 3, and a storage module 4 are shown in fig. 2 a). After a user logs in the data storage system, the user can operate each storage module in the data storage system, operation data generated by the operation is stored in the corresponding storage module, and in order to distinguish the corresponding relation between the operation data and the user, a user identifier corresponding to the user needs to be associated with the operation data of the user and then stored in the corresponding storage module, so that after the user logs in the data storage system, the control module needs to send the user identifier corresponding to the user to each storage module.
For a certain user, the corresponding user identifier is the first user identifier, and in the process that the control module acquires the first user identifier and sends the first user identifier to each storage module, the first user identifier may be intercepted by other illegal users.
The method for the control module to perform the second encryption processing on the first user identifier may be a conventional encryption method in the art, and any encryption method that can improve the security of the first user identifier and obtain the second user identifier may be used in this embodiment. Preferably, in this embodiment, the control module performs the second encryption processing on the first subscriber identity by using the following method:
the control module performs third encryption processing on the first user identifier by using an asymmetric encryption algorithm to obtain a fourth user identifier, wherein the asymmetric encryption algorithm corresponds to a second key, the length of the second key is L, and L is a positive integer; randomly inserting a second key into a fourth user identifier to obtain a fifth user identifier, wherein the insertion position of the second key in the fourth user identifier is N, and N is a positive integer; performing fourth encryption processing on the L and the N by using a public key corresponding to the data storage system to obtain an encryption string; and inserting the encrypted string into the tail part of the fifth user identifier to obtain a third user identifier.
The method for performing the third encryption processing on the first subscriber identity by using the asymmetric encryption algorithm is a conventional method in the field, and is not described herein again in this embodiment; in the third encryption processing process, the second key used by the asymmetric encryption algorithm can be determined according to the date and time of encryption processing and the user client identifier; the length L of the second key may be determined according to the conventional means in the art, and exemplarily, the value of L may be 1024, 2048, 3072, 4096, and the like; the insertion position N of the second key in the fourth subscriber identity may be any position in the fourth subscriber identity, for example, a value of N may be 5, 500, 5000, or the like; the public key corresponding to the data storage system may be obtained by all storage modules in the data storage system, and both the method of obtaining the encrypted string by performing the fourth encryption processing on the values L and N by using the public key corresponding to the data storage system and the method of inserting the encrypted string into the tail of the fifth user identifier may be conventional encryption methods in the art, and are not described herein again.
Illustratively, suppose user M corresponds to a first user identifier M in the data storage system shown in FIG. 2a1M2M3M4M5M6……MmAfter the control module obtains the first user identifier, firstly, the asymmetric encryption algorithm carries out third encryption processing on the first user identifier to obtain a fourth user identifier C1C2C3C4C5C6……CmWherein, the length L of the asymmetric encryption algorithm corresponding to the second key K is 1024; inserting the second key K into the 5 th byte of the fourth user identification to obtain a fifth user identification C1C2C3C4C5KC6……CmIf N is 5; performing fourth encryption processing on the numerical values 1024(L) and 5(N) by using a public key J corresponding to the data storage system to obtain an encryption string H; inserting the encryption string H into the tail part of the fifth user identification to obtain a third user identification C1C2C3C4C5KC6……CmH. After the encryption process is finished, the control module identifies the third user identifier C1C2C3C4C5KC6……CmH is sent to the storage module 1, the storage module 2, the storage module 3 and the storage module 4, respectively.
In the second encryption processing method, if the decryption operation of the third user identifier is to be completed, the public key corresponding to the data storage system and the encryption rule of the second encryption processing method must be obtained at the same time, so that even if an illegal user intercepts the public key corresponding to the data storage system through an illegal means, the illegal user cannot know the encryption rule, and cannot know the meanings respectively represented by the position, the value L and the value N of the encryption string in the third user identifier, and therefore, the illegal user cannot directly decrypt the third user identifier by using the public key, which further increases the security of the transmission of the user identifier in the data storage system.
Optionally, in the method for second encryption processing provided by this embodiment, the public key corresponding to the data storage system may be replaced every preset time, for example, every two months, so as to further improve the security of the second encryption processing.
In this embodiment, the control module performs the second encryption processing on the first user identifier to obtain a third user identifier, and then sends the third user identifier to the at least one storage module, so that the user identifier can be prevented from being intercepted by other illegal users in the transmission process, and the transmission security of the user identifier is further improved.
In this embodiment, specifically, the third user identifier received by the storage module is an encrypted user identifier, and cannot be directly used for encrypted storage inside the storage module, so that the storage module needs to decrypt the received third user identifier. The storage module may perform decryption processing on the third user identifier by using the following method:
disassembling the third user identification to obtain an encryption string and a fifth user identification; decrypting the encrypted string by using a public key corresponding to the data storage system to obtain a numerical value L and a numerical value N; a second secret key with the length of L is disassembled at the position N of the fifth user identifier to obtain a fourth user identifier; and decrypting the fourth user identification by using the second key to obtain the first user identification.
In the decryption processing method, each storage module may obtain the public key and the encryption rule corresponding to the data storage system, and therefore, each storage module may perform decryption processing on the third user identifier by using the public key and the encryption rule corresponding to the data storage system, where the decryption processing process is an inverse process of the second encryption processing process described in step 102, and the method and the principle are similar or identical to those of the second encryption processing process described in step 102, and this embodiment is not described herein again.
For example, the storage module 1, the storage module 2, the storage module 3 and the storage module 4 in fig. 2a may all receive the third user identifier C sent by the control module in step 1021C2C3C4C5KC6……CmH, the memory module 1 will now be described. As mentioned above, the storage module 1 can obtain the public key J and the encryption rule corresponding to the data storage system, that is, the storage module 1 can know the position of the encryption string in the third user identifier, and the meanings represented by the values L and N, respectively, based on which the storage module 1 corresponds to the third user identifier C1C2C3C4C5KC6……CmH, carrying out decryption processing as follows: first identifying C from a third user1C2C3C4C5KC6……CmTail section of HEncrypting string H, and fifth user ID C as the rest1C2C3C4C5KC6……Cm(ii) a Then, the public key J is used for decrypting the encrypted string H to obtain values 1024(L) and 5 (N); from the fifth subscriber identity C, according to the values 1024(L) and 5(N)1C2C3C4C5KC6……CmThe second key K is intercepted, and the rest part is the fourth user identification C1C2C3C4C5C6……Cm(ii) a Identifying C to the fourth user by using the second secret key K1C2C3C4C5C6……CmCarrying out decryption processing to obtain a first user identifier M1M2M3M4M5M6……Mm。
In this embodiment, specifically, the method for performing the first encryption processing on the first user identifier by using the first key by the storage module may be a conventional method in the art, and this embodiment is not described herein again; the first keys corresponding to different storage modules are different, so that the second user identifications obtained by different storage modules are different, and the condition that an illegal user knows the second user identifications in all the storage modules in the data storage system by acquiring the second user representation in one storage system can be prevented.
Optionally, the method of this embodiment further includes a step of encrypting the first user identifier by using an information digest algorithm and a secure hash algorithm in sequence, and then performing the first encryption by using the first key. The method for encrypting the first user identifier by using the information digest algorithm and the secure hash algorithm may be a conventional method in the art. In this embodiment, the first user identifier is encrypted by using an information digest algorithm and a secure hash algorithm, and then the first encryption is performed, so that the security of the second user identifier is further improved.
Optionally, in this embodiment, the second key corresponding to each storage module may have any length; in order to ensure the security of the second subscriber identity, the second key corresponding to each storage module may be replaced at preset intervals.
The method and principle of step 204 are similar to or the same as those of step 103 and step 104, see the description of step 103 and step 104, and this embodiment is not described herein again.
In this embodiment, the data storage method provided in this embodiment is used in a data storage system including a control module and at least one storage module, and the method includes: the control module acquires a first user identifier, performs second encryption processing on the first user identifier to obtain a third user identifier, and then sends the third user identifier to at least one storage module; at least one storage module receives the third user identification sent by the control module and decrypts the third user identification to obtain the first user identification; at least one storage module performs first encryption processing on a first user identifier by using a first secret key to obtain a second user identifier, wherein the first secret keys corresponding to different storage modules are different; at least one storage module acquires first user data corresponding to a first user identifier according to the first user identifier, wherein the first user data is stored in the storage module; and the at least one storage module associates the second user identification with the first user data to obtain second user data, and stores the second user data. The control module firstly carries out second encryption processing on the first user identification to obtain a third user identification, and then sends the third user identification to the at least one storage module, so that the user identification can be prevented from being intercepted by other illegal users in the transmission process, and the transmission safety of the user identification in the data storage system is further improved; different storage modules utilize different first keys to encrypt the first user identification to obtain second user identifications, so that the second user identifications obtained by the storage modules are different from each other, an illegal user cannot obtain the second user data of the user in all the storage modules of the data storage system only through the first user identification, and the storage safety of the user data in the storage systems can be further improved; and the storage module encrypts the first user data by using the first key, so that the encryption method is simple, the encryption result can be quickly changed by updating the first key, and the encryption safety is further improved.
Fig. 3 is a schematic structural diagram of a data storage system according to an embodiment of the present application, as shown in fig. 3, the system includes a control module 1 and at least one storage module 2,
the control module 1 includes:
the first obtaining unit 11 is configured to obtain a first user identifier, and send the first user identifier to at least one storage module;
the memory module 2 includes:
the first processing unit 21 is configured to receive a first user identifier sent by the control module, and perform first encryption processing on the first user identifier to obtain a second user identifier, where the first encryption processing corresponding to different storage modules is different;
a second obtaining unit 22, configured to obtain first user data corresponding to a first user identifier according to the first user identifier, where the first user data is stored in the storage module;
the second processing unit 23 is configured to associate the second user identifier with the first user data to obtain second user data, and store the second user data.
In this embodiment, the data storage method provided in this embodiment is used in a data storage system including a control module and at least one storage module, and the method includes: the control module acquires a first user identifier and sends the first user identifier to at least one storage module; at least one storage module receives a first user identifier sent by a control module, and performs first encryption processing on the first user identifier to obtain a second user identifier, wherein the first encryption processing corresponding to different storage modules is different; at least one storage module acquires first user data corresponding to a first user identifier according to the first user identifier, wherein the first user data is stored in the storage module; and the at least one storage module associates the second user identification with the first user data to obtain second user data, and stores the second user data. Each storage module in the data storage system respectively carries out different encryption processing on the received first user identification to obtain a plurality of second user identifications corresponding to each storage module, then each storage module associates the second user identification obtained by respective encryption with first user data of a user in the storage module to obtain second user data, and the second user data is stored in the corresponding storage module again.
Fig. 4 is a schematic structural diagram of another data storage system according to an embodiment of the present application, and based on fig. 3, as shown in fig. 4,
the storage modules correspond to first keys, the first keys corresponding to different storage modules are different, and the first processing unit 21 includes:
a first processing subunit 211, configured to perform a first encryption process on the first subscriber identity by using the first key.
The first processing unit 21 further includes:
and a second processing subunit 212, configured to, before the first processing subunit, perform encryption processing on the first user identifier by using an information digest algorithm and a secure hash algorithm in sequence.
The first acquisition unit 11 includes:
a third processing subunit 111, configured to perform a second encryption process on the first user identifier to obtain a third user identifier;
a fourth processing subunit 112, configured to send the third user identifier to the at least one storage module;
the first processing unit 21 further includes:
and a fifth processing subunit 213, configured to receive the third user identifier sent by the control module, and perform decryption processing on the third user identifier to obtain the first user identifier.
The third processing subunit 111 includes:
the first processing module 1111 is configured to perform third encryption processing on the first user identifier by using an asymmetric encryption algorithm to obtain a fourth user identifier, where the asymmetric encryption algorithm corresponds to a second key, the length of the second key is L, and L is a positive integer;
a second processing module 1112, configured to randomly insert a second key into a fourth user identifier to obtain a fifth user identifier, where an insertion position of the second key in the fourth user identifier is N, and N is a positive integer;
the third processing module 1113 is configured to perform fourth encryption processing on L and N by using a public key corresponding to the data storage system to obtain an encrypted string;
the fourth processing module 1114 is configured to insert the encrypted string into the tail of the fifth user id to obtain the third user id.
The fifth processing subunit 213 includes:
a fifth processing module 2131, configured to disassemble the third user identifier, to obtain an encrypted string and a fifth user identifier;
a sixth processing module 2132, configured to decrypt the encrypted string with the public key corresponding to the data storage system to obtain a numerical value L and a numerical value N;
a seventh processing module 2133, configured to disassemble the second key with the length L at the position N of the fifth user identifier, to obtain a fourth user identifier;
the eighth processing module 2134 is configured to perform decryption processing on the fourth user identifier by using the second key, so as to obtain the first user identifier.
In this embodiment, the data storage method provided in this embodiment is used in a data storage system including a control module and at least one storage module, and the method includes: the control module acquires a first user identifier, performs second encryption processing on the first user identifier to obtain a third user identifier, and then sends the third user identifier to at least one storage module; at least one storage module receives the third user identification sent by the control module and decrypts the third user identification to obtain the first user identification; at least one storage module performs first encryption processing on a first user identifier by using a first secret key to obtain a second user identifier, wherein the first secret keys corresponding to different storage modules are different; at least one storage module acquires first user data corresponding to a first user identifier according to the first user identifier, wherein the first user data is stored in the storage module; and the at least one storage module associates the second user identification with the first user data to obtain second user data, and stores the second user data. The control module firstly carries out second encryption processing on the first user identification to obtain a third user identification, and then sends the third user identification to the at least one storage module, so that the user identification can be prevented from being intercepted by other illegal users in the transmission process, and the transmission safety of the user identification in the data storage system is further improved; different storage modules utilize different first keys to encrypt the first user identification to obtain second user identifications, so that the second user identifications obtained by the storage modules are different from each other, an illegal user cannot obtain the second user data of the user in all the storage modules of the data storage system only through the first user identification, and the storage safety of the user data in the storage systems can be further improved; and the storage module encrypts the first user data by using the first key, so that the encryption method is simple, the encryption result can be quickly changed by updating the first key, and the encryption safety is further improved.
According to an embodiment of the present application, an electronic device and a readable storage medium are also provided.
As shown in fig. 5, it is a block diagram of an electronic device according to the method of data storage in the embodiment of the present application. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the present application that are described and/or claimed herein.
As shown in fig. 5, the electronic apparatus includes: one or more processors 501, memory 502, and interfaces for connecting the various components, including high-speed interfaces and low-speed interfaces. The various components are interconnected using different buses and may be mounted on a common motherboard or in other manners as desired. The processor may process instructions for execution within the electronic device, including instructions stored in or on the memory to display graphical information of a GUI on an external input/output apparatus (such as a display device coupled to the interface). In other embodiments, multiple processors and/or multiple buses may be used, along with multiple memories and multiple memories, as desired. Also, multiple electronic devices may be connected, with each device providing portions of the necessary operations (e.g., as a server array, a group of blade servers, or a multi-processor system). In fig. 5, one processor 501 is taken as an example.
The memory 502, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the method of data storage in the embodiment of the present application (for example, the acquisition unit 1, the first processing unit 2, and the second processing unit 3 shown in fig. 3). The processor 501 executes various functional applications of the server and data processing, i.e., a method of implementing data storage in the above-described method embodiments, by executing non-transitory software programs, instructions, and modules stored in the memory 502.
The memory 502 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the electronic device for data storage, and the like. Further, the memory 502 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 502 optionally includes memory located remotely from processor 501, which may be connected to a data-storing electronic device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The electronic device of the method of data storage may further include: an input device 503 and an output device 504. The processor 501, the memory 502, the input device 503 and the output device 504 may be connected by a bus or other means, and fig. 5 illustrates the connection by a bus as an example.
The input device 503 may receive input numeric or character information and generate key signal inputs related to user settings and function control of the data-storing electronic apparatus, such as a touch screen, a keypad, a mouse, a track pad, a touch pad, a pointing stick, one or more mouse buttons, a track ball, a joystick, or other input devices. The output devices 504 may include a display device, auxiliary lighting devices (e.g., LEDs), and haptic feedback devices (e.g., vibrating motors), among others. The display device may include, but is not limited to, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display, and a plasma display. In some implementations, the display device can be a touch screen.
Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, application specific ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
These computer programs (also known as programs, software applications, or code) include machine instructions for a programmable processor, and may be implemented using high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, and/or device (e.g., magnetic discs, optical disks, memory, Programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
The principle and the advantageous effects of the data storage system provided by this embodiment refer to the principle and the advantageous effects of the data storage method in fig. 1-2, and are not described again.
The embodiment of the application also provides a data storage method, which comprises the following steps: receiving an image searching instruction, and determining and displaying an image group matched with an image to be searched based on the image to be searched in the image searching instruction; the image to be searched comprises at least one first image main body, and the first image main body can be any one or more of the following: text, graphics, and electronic images.
The principle and the advantageous effects of the data storage method provided by this embodiment refer to the principle and the advantageous effects of the data storage method in fig. 1-2, and are not described again.
In the embodiments of the present application, the above embodiments may be referred to and referred to by each other, and the same or similar steps and terms are not repeated.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present application may be executed in parallel, sequentially, or in different orders, and the present invention is not limited thereto as long as the desired results of the technical solutions disclosed in the present application can be achieved.
The above-described embodiments should not be construed as limiting the scope of the present application. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (14)
1. A data storage method for use in a data storage system, the data storage system including a control module and at least one storage module, the method comprising:
the control module acquires a first user identifier and sends the first user identifier to the at least one storage module;
the at least one storage module receives the first user identification sent by the control module, and performs first encryption processing on the first user identification to obtain a second user identification, wherein the first encryption processing corresponding to different storage modules is different;
the at least one storage module acquires first user data corresponding to the first user identifier according to the first user identifier, wherein the first user data is stored in the storage module;
and the at least one storage module associates the second user identification with the first user data to obtain second user data, and stores the second user data.
2. The method of claim 1, wherein the at least one memory module performs a first encryption process on the first subscriber identity, comprising:
and the at least one storage module performs first encryption processing on the first user identifier by using a first key, wherein the first keys corresponding to different storage modules are different.
3. The method of claim 2, wherein the at least one memory module performs a first encryption process on the first subscriber identity, further comprising the step of sequentially performing an encryption process on the first subscriber identity using an information digest algorithm and a secure hash algorithm, and then performing the first encryption process using the first key.
4. The method of claim 1, wherein after the control module obtains the first subscriber identity, the method further comprises:
performing second encryption processing on the first user identifier to obtain a third user identifier;
sending the first subscriber identity to the at least one storage module, including:
sending the third user identification to the at least one storage module;
the at least one storage module receives the first subscriber identity sent by the control module, and the method comprises the following steps:
and the at least one storage module receives the third user identifier sent by the control module and decrypts the third user identifier to obtain the first user identifier.
5. The method of claim 4, wherein the controlling module performs a second encryption process on the first subscriber identity to obtain a third subscriber identity, comprising:
performing third encryption processing on the first user identifier by using an asymmetric encryption algorithm to obtain a fourth user identifier, wherein the asymmetric encryption algorithm corresponds to a second key, the length of the second key is L, and L is a positive integer;
randomly inserting the second key into the fourth user identifier to obtain a fifth user identifier, wherein the insertion position of the second key in the fourth user identifier is N, and N is a positive integer;
performing fourth encryption processing on the L and the N by using the public key corresponding to the data storage system to obtain an encryption string;
and inserting the encryption string into the tail part of the fifth user identifier to obtain the third user identifier.
6. The method of claim 5, wherein decrypting the third subscriber identity by the at least one storage module to obtain the first subscriber identity comprises:
disassembling the third user identifier to obtain the encryption string and the fifth user identifier;
decrypting the encrypted string by using a public key corresponding to the data storage system to obtain a numerical value L and a numerical value N;
the second secret key with the length of L is disassembled at the position N of the fifth user identifier to obtain the fourth user identifier;
and decrypting the fourth user identification by using the second secret key to obtain the first user identification.
7. A data storage system comprising a control module and at least one storage module,
the control module includes:
the first acquisition unit is used for acquiring a first user identifier and sending the first user identifier to the at least one storage module;
the memory module includes:
the first processing unit is used for receiving the first user identifier sent by the control module and performing first encryption processing on the first user identifier to obtain a second user identifier, wherein the first encryption processing corresponding to different storage modules is different;
a second obtaining unit, configured to obtain, according to the first user identifier, first user data corresponding to the first user identifier, where the first user data is stored in the storage module;
and the second processing unit is used for associating the second user identification with the first user data to obtain second user data and storing the second user data.
8. The system of claim 7, wherein the storage modules correspond to a first key, and wherein the first keys corresponding to different storage modules are different, the first processing unit comprises:
and the first processing subunit is used for performing first encryption processing on the first user identifier by using a first key.
9. The system of claim 8, wherein the first processing unit further comprises:
and the second processing subunit is used for carrying out encryption processing on the first user identifier by sequentially utilizing an information digest algorithm and a secure hash algorithm before the first processing subunit.
10. The system of claim 7, wherein the first obtaining unit comprises:
the third processing subunit is configured to perform second encryption processing on the first user identifier to obtain a third user identifier;
a fourth processing subunit, configured to send the third user identifier to the at least one storage module;
the first processing unit further comprises:
and the fifth processing subunit is configured to receive the third user identifier sent by the control module, and perform decryption processing on the third user identifier to obtain the first user identifier.
11. The system of claim 10, wherein the third processing subunit comprises:
the first processing module is used for performing third encryption processing on the first user identifier by using an asymmetric encryption algorithm to obtain a fourth user identifier, wherein the asymmetric encryption algorithm corresponds to a second key, the length of the second key is L, and L is a positive integer;
a second processing module, configured to randomly insert the second key into the fourth user identifier to obtain a fifth user identifier, where an insertion position of the second key in the fourth user identifier is N, and N is a positive integer;
the third processing module is used for carrying out fourth encryption processing on the L and the N by using the public key corresponding to the data storage system to obtain an encryption string;
and the fourth processing module is used for inserting the encryption string into the tail part of the fifth user identifier to obtain the third user identifier.
12. The system of claim 11, wherein the fifth processing subunit comprises:
a fifth processing module, configured to disassemble the third user identifier to obtain the encrypted string and the fifth user identifier;
the sixth processing module is used for decrypting the encrypted string by using the public key corresponding to the data storage system to obtain a numerical value L and a numerical value N;
a seventh processing module, configured to disassemble the second key with the length of L at the position N of the fifth user identifier, to obtain the fourth user identifier;
and the eighth processing module is configured to decrypt the fourth user identifier by using the second key to obtain the first user identifier.
13. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-6.
14. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911360126.9A CN111062047B (en) | 2019-12-25 | 2019-12-25 | Data storage method, system, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911360126.9A CN111062047B (en) | 2019-12-25 | 2019-12-25 | Data storage method, system, device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111062047A true CN111062047A (en) | 2020-04-24 |
| CN111062047B CN111062047B (en) | 2022-07-08 |
Family
ID=70303612
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911360126.9A Active CN111062047B (en) | 2019-12-25 | 2019-12-25 | Data storage method, system, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111062047B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102013980A (en) * | 2009-05-06 | 2011-04-13 | 刘海云 | Random encryption method for decrypting by adopting exhaustion method |
| CN102461114A (en) * | 2009-06-04 | 2012-05-16 | 桑迪士克科技股份有限公司 | Method for performing double domain encryption a memory device |
| CN103179086A (en) * | 2011-12-21 | 2013-06-26 | 中国电信股份有限公司 | Method and system for remote storing processing of data |
| CN107948152A (en) * | 2017-11-23 | 2018-04-20 | 腾讯科技(深圳)有限公司 | Information storage means, acquisition methods, device and equipment |
-
2019
- 2019-12-25 CN CN201911360126.9A patent/CN111062047B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102013980A (en) * | 2009-05-06 | 2011-04-13 | 刘海云 | Random encryption method for decrypting by adopting exhaustion method |
| CN102461114A (en) * | 2009-06-04 | 2012-05-16 | 桑迪士克科技股份有限公司 | Method for performing double domain encryption a memory device |
| CN103179086A (en) * | 2011-12-21 | 2013-06-26 | 中国电信股份有限公司 | Method and system for remote storing processing of data |
| CN107948152A (en) * | 2017-11-23 | 2018-04-20 | 腾讯科技(深圳)有限公司 | Information storage means, acquisition methods, device and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111062047B (en) | 2022-07-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112016110B (en) | Method, device, equipment and storage medium for storing data | |
| US10235539B2 (en) | Server device, recording medium, and concealed search system | |
| CN111565109A (en) | Key processing method, device, equipment and medium for block chain | |
| CN111934872B (en) | Key processing method, device, electronic equipment and storage medium | |
| CN111131317B (en) | Data processing method, device, equipment and medium based on block chain | |
| JP2017073074A (en) | Information processing apparatus and information processing system | |
| CN103227786A (en) | Method and device for filling in website login information | |
| CN111666546A (en) | Application login method and device | |
| CN111695166A (en) | Disk encryption protection method and device | |
| CN111274591A (en) | Method, device, electronic equipment and medium for accessing Kubernetes cluster | |
| CN111310204A (en) | Data processing method and device | |
| CN110909372A (en) | Data processing method, device, equipment and medium | |
| CN110545324B (en) | Data processing method, device, system, network equipment and storage medium | |
| CN112565225B (en) | Method and device for data transmission, electronic equipment and readable storage medium | |
| JP2015090993A (en) | Encryption control device, encryption control method and program | |
| CN111400743B (en) | Transaction processing method, device, electronic equipment and medium based on blockchain network | |
| TWI694375B (en) | Encrypted document printing utilizing multiple networks | |
| CN111062047B (en) | Data storage method, system, device and storage medium | |
| CN114363088B (en) | Method and device for requesting data | |
| CN110968856A (en) | Login method, login device, electronic equipment and storage medium | |
| CN111371773A (en) | Information sending and displaying method, device, equipment and storage medium | |
| JP2018032149A (en) | Information processing device, information processing system, information processing method, and program | |
| CN108512657B (en) | Password generation method and device | |
| JP5956092B1 (en) | Server apparatus, information management system, information management method, and computer program | |
| CN115270180A (en) | Log storage and packaging method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |