CN111614739A - Network measurement data storage method, device and system - Google Patents

Network measurement data storage method, device and system Download PDF

Info

Publication number
CN111614739A
CN111614739A CN202010380358.7A CN202010380358A CN111614739A CN 111614739 A CN111614739 A CN 111614739A CN 202010380358 A CN202010380358 A CN 202010380358A CN 111614739 A CN111614739 A CN 111614739A
Authority
CN
China
Prior art keywords
data
data set
metadata information
alliance
coalition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010380358.7A
Other languages
Chinese (zh)
Other versions
CN111614739B (en
Inventor
刘姿杉
程强
党梅梅
敖立
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Academy of Information and Communications Technology CAICT
Original Assignee
China Academy of Information and Communications Technology CAICT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Academy of Information and Communications Technology CAICT filed Critical China Academy of Information and Communications Technology CAICT
Priority to CN202010380358.7A priority Critical patent/CN111614739B/en
Publication of CN111614739A publication Critical patent/CN111614739A/en
Application granted granted Critical
Publication of CN111614739B publication Critical patent/CN111614739B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Environmental & Geological Engineering (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application provides a network measurement data storage method, a device and a system, wherein the method comprises the following steps: receiving network measurement data uploaded by a terminal in the area, and aggregating data sets; generating metadata information of the data set and a block load corresponding to the metadata information; wherein the metadata information includes: a federation member identification ID and a data set number; the alliance member ID is distributed to the alliance member device by the alliance member management device; the data set number consists of the ID of the coalition members and the data set serial number; and sending the block load to the alliance member management equipment, so that when the alliance member management equipment passes the block load verification, the block load is updated and uplink is carried out according to the time for receiving the block load. The method can ensure the security of the network measurement data in a distributed storage and centralized management mode.

Description

Network measurement data storage method, device and system
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method, an apparatus, and a system for storing network measurement data.
Background
In order to realize reliable, full-coverage and high-speed operation of the network, the mobile broadband network needs to measure the signal quality and the transmission rate of the broadband network.
The data obtained by measurement becomes broadband network measurement data, and the information security problem caused by single-point failure and personal privacy disclosure is easily caused by the existing centralized network measurement data storage.
Disclosure of Invention
In view of this, the present application provides a method, an apparatus, and a system for storing network measurement data, which can ensure the security of the network measurement data through distributed storage and centralized management.
In order to solve the technical problem, the technical scheme of the application is realized as follows:
in one embodiment, a network measurement data storage method is provided, which is applied to a coalition member device in a storage system comprising the coalition member device and a coalition member management device; the method comprises the following steps:
receiving network measurement data uploaded by a terminal in the area;
aggregating the received network measurement data into a data set with a preset value size according to the receiving time;
allocating data set serial numbers to the data sets according to the receiving time sequence;
generating metadata information of the data set and a block load corresponding to the metadata information; wherein the metadata information includes: federation member ID and data set number; the alliance member ID is distributed to the alliance member device by the alliance member management device; the data set number consists of the ID of the coalition members and the data set serial number;
and sending the block load to the alliance member management equipment, so that when the alliance member management equipment passes the block load verification, the block load is updated and uplink is carried out according to the time for receiving the block load.
In another embodiment, a network measurement data storage device is provided, which is applied to a coalition member device in a storage system comprising the coalition member device and a coalition member management device; the device comprises: a receiving unit, an aggregation unit, a generation unit and a sending unit;
the receiving unit is used for receiving network measurement data uploaded by a terminal in the area;
the aggregation unit is used for aggregating the network measurement data received by the receiving unit into a data set with a preset value size according to the receiving time; allocating data set serial numbers to the data sets according to the receiving time sequence;
the generating unit is configured to generate metadata information of the data sets aggregated by the aggregating unit, and a block payload corresponding to the metadata information; wherein the metadata information includes: federation member ID and data set number; the alliance member ID is distributed to the alliance member device by the alliance member management device; the data set number consists of the ID of the coalition members and the data set serial number;
the sending unit is configured to send the block load generated by the generating unit to the coalition member management device, so that when the coalition member management device passes the block load verification, the block load is updated and uplinked according to the time for receiving the block load.
In another embodiment, there is provided a network measurement data storage system, the storage system comprising: alliance member device and alliance member management device;
the alliance member equipment receives network measurement data uploaded by a terminal in the area; aggregating the received network measurement data into a data set with a preset value size according to the receiving time; allocating data set serial numbers to the data sets according to the receiving time sequence; generating metadata information of the data set and a block load corresponding to the metadata information; wherein the metadata information includes: federation member ID and data set number; the alliance member ID is distributed to the alliance member device by the alliance member management device; the data set number consists of the ID of the coalition members and the data set serial number; sending the block payload to the federation member management device;
when the block load sent by the coalition members is received and verified by the block load verification code, the coalition member management equipment updates the uplink of the block load according to the time for receiving the block load.
In another embodiment, an electronic device is provided, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the network measurement data storage method as described when executing the program.
In another embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the steps of the network measurement data storage method.
According to the technical scheme, data storage is performed based on the alliance block chain, the device for storing the network measurement data serves as an alliance member, the device for storing the metadata information serves as an alliance member manager, and the scheme can guarantee the security of the network measurement data and the security of the network measurement data in a distributed storage and centralized management mode.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive labor.
FIG. 1 is a schematic diagram of a network measurement data storage system according to an embodiment of the present application;
FIG. 2 is a diagram illustrating an exemplary federation blockchain and data structures thereof in accordance with an embodiment of the present application;
FIG. 3 is a schematic diagram illustrating a process of storing network measurement data according to an embodiment of the present application;
FIG. 4 is a schematic diagram illustrating a data sharing process between different alliance member devices in an embodiment of the present application;
FIG. 5 is a schematic diagram of an apparatus for implementing the above technique in an embodiment of the present application;
fig. 6 is a schematic physical structure diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprising" and "having," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements explicitly listed, but may include other steps or elements not explicitly listed or inherent to such process, method, article, or apparatus.
The technical solution of the present invention will be described in detail with specific examples. Several of the following embodiments may be combined with each other and some details of the same or similar concepts or processes may not be repeated in some embodiments.
The embodiment of the application provides a network measurement data storage system. The system comprises alliance member equipment and alliance member management equipment; the number of the alliance member devices is multiple, the specific number is not limited, and the alliance member devices are deployed according to actual needs.
Referring to fig. 1, fig. 1 is a schematic diagram of a network measurement data storage system according to an embodiment of the present application. In fig. 1, N federation member devices are taken as an example.
The management equipment of the alliance members is equivalent to an administrator of the alliance members of the whole alliance block chain, issues an identity certificate of the alliance members for the alliance members, creates a transmission channel of the alliance block, provides the functions of updating, sequencing and the like of the block chain, and is used for storing metadata information of an integrated data set of network measurement data; the issued alliance member identity certificate comprises alliance member Identification (ID) distributed for alliance members and a key pair, and the key pair comprises a public key and a private key.
The alliance member device is used as an alliance member to store network measurement data.
The process of the storage system for implementing network measurement data storage is detailed below.
And the alliance member equipment receives network measurement data uploaded by the terminal in the area.
After the terminal device performs network signal measurement, the terminal device uploads network measurement data to the corresponding alliance member device in the area where the terminal device is located.
Network measurement data includes, but is not limited to, the following information:
device-related information: equipment model, equipment longitude and latitude coordinates and altitude;
network connection information: network ID, base station ID, connection frequency information, network type and the like;
signal quality information: measurement initiation time, RSRP, RSSI, RSRQ, network uplink and downlink rates and the like.
After receiving the network measurement data, the network measurement data needs to be checked;
the checking process comprises the following steps: if and only if the measurement initiation time, the RSRP, the RSSI, the RSRQ, the network uplink and downlink rates and the like are all in the correspondingly set effective value range, determining that the network measurement data are valid and determining that the verification is successful; otherwise, determining that the verification is unsuccessful, and not processing the network measurement data or discarding the network measurement data.
And the alliance member equipment aggregates the received network measurement data into a data set with a preset value size according to the receiving time.
The alliance member device aggregates a data set from the moment of receiving network measurement data, and if the number of the received data pieces reaches a preset value or the data volume reaches a preset value, a data set is determined to be formed.
And the alliance member equipment distributes the data set sequence numbers to the data sets according to the receiving time sequence.
The data set sequence numbers are assigned to each data set in order of the reception time, e.g., starting with 1 and sequentially adding 1 to assign the data set sequence numbers.
The alliance member equipment encrypts the data set by using a randomly generated symmetric encryption key to generate a data ciphertext of the data set; and generating a data download address of the data cipher text when the data cipher text is stored.
And the alliance member equipment generates metadata information of the data set and a block load corresponding to the metadata information.
Wherein the metadata information includes: federation member ID and data set number;
the alliance member ID is distributed to the alliance member device by the alliance member management device;
the data set number consists of the ID of the coalition members and the data set serial number; and if the number of the coalition members is i and the serial number of the data set is j, the number of the data set is i + j.
If i is 1 and j is 2, the data set number can be represented as 1_ 2; and may also be denoted as 1-1, and this implementation is not limited in the embodiments of the present application.
The data set number is globally unique throughout the storage system.
The metadata information further includes: sharing member list and data download address;
wherein the shared member list includes: a federation member ID and an encryption key for a federation member sharing data in the dataset; the encryption key is generated by encrypting a randomly generated symmetric encryption key by using a public key distributed by the coalition member management equipment for coalition members sharing data in the data set;
the metadata information further includes: a hash value; wherein the hash value is generated from data in the dataset.
When the data shared by the devices of the present alliance members to other alliance members is not available, the metadata information does not include: a shared member list, a data download address, and a hash value.
The block load includes: metadata information, time to generate a chunk payload, and a digital signature of the metadata information.
And the alliance member device sends the block load to the alliance member management device.
And when the block load passes the verification of the block load, the management equipment of the coalition members updates uplink of the block load according to the time for receiving the block load.
The specific block uplink process performed by the alliance member management device is as follows:
when a block load sent by the alliance member equipment is received, verifying the identity of the alliance member equipment sending the block load and the integrity of a message by using a digital signature in the block load;
if the verification is passed, updating uplink of the newly received block data according to the time of receiving the block load in sequence; otherwise, the updating is not performed, and the received block load is discarded.
Referring to fig. 2, fig. 2 is a schematic diagram of a federation blockchain and a data structure thereof in an embodiment of the present application.
In fig. 2, the data of two adjacent blocks, the data of the block with block number N includes: block number N, last block hash value (hash value of block number N-1), timestamp (time corresponding to block payload received), block payload (metadata information, transmission time, and digital signature); the data of the block of block number N +1 includes: block number N +1, last block hash value (hash value of block number N), timestamp (time corresponding to block payload was received), block payload (metadata information, transmission time, and digital signature).
This completes the storage of the network measurement data.
The access procedure of shared data in network measurement data is given below:
take the example of one coalition member device accessing data in the data set of another coalition member device.
The alliance member device is used as a device for accessing shared data, and when a data set corresponding to metadata information on the alliance member management device needs to be acquired, an encryption key corresponding to an alliance member ID corresponding to the device in the metadata information is acquired;
decrypting the encrypted key by using a private key in a key pair distributed by the coalition member management equipment to obtain a decrypted key;
constructing a downloading request according to the data downloading address in the metadata information, and sending the downloading request to the alliance member equipment storing the data set corresponding to the metadata information, namely the accessed alliance member equipment; wherein, the download request carries the data set number of the requested data set, the download request time and the signature of the request information;
and when the data ciphertext corresponding to the metadata information is downloaded, decrypting the data ciphertext by using the decrypted key to obtain a data set corresponding to the metadata information.
And after the alliance member device further uses the decrypted key to decrypt the data ciphertext to obtain the data set corresponding to the metadata information, using the hash value in the metadata information to verify whether the data in the data set is tampered.
The method comprises the steps that alliance member equipment is used as equipment for accessing shared data, and when downloading requests sent by other alliance member equipment are received, whether the downloading request time carried in the downloading requests is within the set effective sharing time or not is verified;
if the verification is successful, acquiring a public key of the alliance member device which sends the downloading request to verify the digital signature in the downloading request;
if the verification is passed, responding a data cipher text corresponding to the data set number carried in the downloading request to the alliance member equipment sending the downloading request; otherwise, the download request is rejected.
The network measurement data storage system provided by the embodiment of the application realizes distributed storage of data, the data on different alliance member devices can be shared, and security verification is set, so that the security, authenticity and integrity of the network measurement data and the sharability of the data stored on different devices are guaranteed.
Based on the same inventive concept, the embodiment of the present application further provides a network measurement data storage method, which is applied to coalition member devices in a storage system including coalition member devices and coalition member management devices. Referring to fig. 3, fig. 3 is a schematic diagram illustrating a network measurement data storage process according to an embodiment of the present application. The method comprises the following specific steps:
step 301, receiving network measurement data uploaded by a terminal in a region where the terminal is located.
After the terminal device performs network signal measurement, the terminal device uploads network measurement data to the corresponding alliance member device in the area where the terminal device is located.
Network measurement data includes, but is not limited to, the following information:
device-related information: equipment model, equipment longitude and latitude coordinates and altitude;
network connection information: network ID, base station ID, connection frequency information, network type and the like;
signal quality information: measurement initiation time, RSRP, RSSI, RSRQ, network uplink and downlink rates and the like.
After receiving the network measurement data, the network measurement data needs to be checked;
the checking process comprises the following steps: if and only if the measurement initiation time, the RSRP, the RSSI, the RSRQ, the network uplink and downlink rates and the like are all in the correspondingly set effective value range, determining that the network measurement data are valid and determining that the verification is successful; otherwise, determining that the verification is unsuccessful, and not processing the network measurement data or discarding the network measurement data.
Step 302, aggregating the received network measurement data into a data set with a preset value size according to the receiving time.
Step 303, assigning data set sequence numbers to the data sets according to the receiving time sequence.
The method further comprises:
encrypting the data set by using a randomly generated symmetric encryption key to generate a data ciphertext of the data set; and generating a data download address of the data cipher text when the data cipher text is stored.
Step 304, generating metadata information of the data set and a block load corresponding to the metadata information.
Wherein the metadata information includes: federation member ID and data set number; the alliance member ID is distributed to the alliance member device by the alliance member management device; the data set number consists of the ID of the coalition members and the data set serial number;
the metadata information further includes: when sharing the member list and the data download address, wherein the sharing member list comprises: a federation member ID and an encryption key for a federation member sharing data in the dataset; the encryption key is generated by encrypting a randomly generated symmetric encryption key by using a public key distributed by the coalition member management equipment for coalition members sharing data in the data set;
the metadata information further includes: a hash value; wherein the hash value is generated from data in the dataset.
When the data shared by the devices of the present alliance members to other alliance members is not available, the metadata information does not include: a shared member list, a data download address, and a hash value.
The block load includes: metadata information, time to generate a chunk payload, and a digital signature of the metadata information.
Step 305, sending the block load to the coalition member management equipment, so that when the coalition member management equipment passes the block load verification, the coalition member management equipment updates uplink of the block load according to the time for receiving the block load.
The specific process of block uplink by the alliance member management equipment comprises the following steps:
when a block load sent by the alliance member equipment is received, verifying the identity of the alliance member equipment sending the block load and the integrity of a message by using a digital signature in the block load;
if the verification is passed, updating uplink of the newly received block data according to the time of receiving the block load in sequence; otherwise, the updating is not performed, and the received block load is discarded.
And finishing the storage of the data corresponding to the data set and the metadata information.
The following gives the procedure for data sharing between different federation member devices:
referring to fig. 4, fig. 4 is a schematic diagram of a data sharing process between different federation member devices in this embodiment. The method comprises the following specific steps:
step 401, when the alliance member device needs to acquire a data set corresponding to metadata information on the alliance member management device, acquiring an encryption key corresponding to an alliance member ID corresponding to the device in the metadata information.
And step 402, decrypting the encrypted key by using a private key in the key pair distributed by the coalition member management equipment to obtain a decrypted key.
Step 403, constructing a downloading request according to the data downloading address in the metadata information, and sending the downloading request to the alliance member device storing the data set corresponding to the metadata information.
Wherein, the download request carries the data set number of the requested data set, the download request time and the signature of the request information;
when receiving a downloading request sent by other alliance member equipment, checking whether the time for requesting downloading carried in the downloading request is within the set effective sharing time;
if the verification is successful, acquiring a public key of the alliance member device which sends the downloading request to verify the digital signature in the downloading request; and if the verification is unsuccessful, rejecting the downloading request.
If the verification is passed, responding a data cipher text corresponding to the data set number carried in the downloading request to the alliance member equipment sending the downloading request; otherwise, the download request is rejected.
And step 404, when the data ciphertext corresponding to the metadata information is downloaded, decrypting the data ciphertext by using the decrypted key to obtain a data set corresponding to the metadata information.
After the data ciphertext is decrypted by using the decrypted key to obtain the data set corresponding to the metadata information, the method further includes:
and verifying whether the data in the data set is tampered or not by using the hash value in the metadata information.
In the embodiment of the application, data storage is performed based on the block chain of the alliance, a device for storing network measurement data is used as an alliance member, a device for storing metadata information is used as an administrator of the alliance member, distributed storage and centralized management of data can be achieved, data can be shared among different alliance members, and security, integrity and authenticity of the data are guaranteed through encryption and introduction of hash values during data sharing.
In the following, with reference to a specific example, by taking the system in fig. 1 as an example, an example is described in which the federation member device i stores network measurement data, and a federation member j accesses shared data on the federation member device i:
i and j are integers between 1 and N.
Firstly, alliance member equipment i receives network measurement data reported by a mobile terminal in an area where the alliance member equipment i is located, and validity verification is carried out on the network measurement data.
The validity verification here refers to verifying whether the reported network measurement data is in a set valid range, and if so, the verification is successful; otherwise, the verification fails;
and secondly, when the verification of the received network measurement data is successful, the alliance member device i aggregates the received network measurement data into a data set with a preset value size according to the receiving time.
And thirdly, allocating a data set sequence number to the data set according to the receiving time sequence by the alliance member device i, wherein if the data set sequence number allocated to the current data set is 2.
Fourthly, generating metadata information of the data set with the data set serial number of 2;
the metadata information includes: federation member ID and data set number;
here, for example, the assigned federation member ID of a federation member device is i, the data set number is i _ 2.
Fifthly, when the data set i _2 is a shared data set, namely other alliance members can access the data set, such as member alliance j, and member alliance d can access the data set i _2, generating a hash value H according to the content of the data set, and encrypting the data set i _2 by using a randomly generated symmetric encryption key k to generate a ciphertext C; storing the data to generate a data download address W;
and sixthly, acquiring public keys of the coalition member j and the coalition member d from the coalition member management equipment: pj, Pd, encrypting the symmetric encryption key k to generate corresponding encryption keys Cj and Cd.
Seventhly, generating complete metadata information m ═ i, i _2, H, list, W >.
Wherein, list is a sharing list, and specifically comprises the following steps: list [ < j, Cj >, < d, Cd > ];
eighthly, generating a block load b of the metadata information m by the alliance member device i;
b=<m,t1,sig>;
where t1 is the time at which the chunk payload was generated, and sig is a digital signature of m.
And step nine, sending the block load b to the member management equipment of the alliance.
Tenth, when the management equipment of the coalition members receives the block load, using the digital signature in the block load to verify the integrity of the identity and the message, and updating the uplink of the block load when the verification is passed; during uplink, a block number such as N is sequentially allocated to the current block, and the hash value of the previous block (block number N-1) is added, as well as the current uplink timestamp, and the block payload b, the hash value H in the metadata information is used as the hash value of the next block.
And completing the complete process of storing one data set by the alliance member device.
The process of the federation member device j accessing the data set i _2 is given below.
The management device of the alliance member can show the metadata information on the blockchain to all the alliance members so as to facilitate the alliance members to obtain the shared data.
Firstly, acquiring an encryption key Cj corresponding to j in a shared member list in metadata information corresponding to a data set i _2 on alliance member management equipment by using alliance member equipment j;
secondly, the alliance member device j decrypts the encryption key Cj by using a private key in a key pair distributed by the alliance member management device to obtain a decrypted key k;
thirdly, the alliance member device j constructs a downloading request according to the data downloading address W in the metadata information and sends the downloading request to the alliance member device i which stores the data set corresponding to the metadata information; wherein the download request carries the data set number i _2 of the requested data set, the time t0 of the request for downloading and the signature sig of the request informationq
Fourthly, when the alliance member device i receives a downloading request sent by the alliance member device j, checking whether the time t0 for requesting downloading carried in the downloading request is in the set effective sharing time;
fifthly, if the verification is successful, a public key verification station of the alliance member device j sending the downloading request is obtainedDigital signature sig in the download requestq
Sixthly, if the verification is passed, responding a data ciphertext C corresponding to the data set number carried in the downloading request to the alliance member device j sending the downloading request; otherwise, the download request is rejected.
And seventhly, when the data ciphertext C corresponding to the metadata information is downloaded, decrypting the data ciphertext by using the decrypted key k to obtain a data set i _2 corresponding to the metadata information.
And eighthly, verifying whether the data in the data set i _2 is tampered by using the hash value H in the metadata information.
The specific verification process is as follows: calculating a hash value H0 using the data in the data set i _2, determining whether H0 and H are the same, and if so, determining that the data in the data set i _2 has not been tampered with; otherwise, it is determined that the data in the data set i _2 is tampered.
By this, sharing of the data set is completed once.
Based on the same inventive concept, the embodiment of the present application further provides a network measurement data storage apparatus, which is applied to a coalition member device in a storage system including the coalition member device and a coalition member management device. Referring to fig. 5, fig. 5 is a schematic structural diagram of an apparatus applied to the above technology in the embodiment of the present application. The device comprises: a receiving unit 501, an aggregation unit 502, a generation unit 503, and a transmitting unit 504;
a receiving unit 501, configured to receive network measurement data uploaded by a terminal in a located area;
an aggregation unit 502, configured to aggregate the network measurement data received by the receiving unit 501 into a data set with a preset value size according to the receiving time; allocating data set serial numbers to the data sets according to the receiving time sequence;
a generating unit 503, configured to generate metadata information of the data sets aggregated by the aggregating unit 502, and a chunk load corresponding to the metadata information; wherein the metadata information includes: federation member ID and data set number; the alliance member ID is distributed to the alliance member device by the alliance member management device; the data set number consists of the ID of the coalition members and the data set serial number;
a sending unit 504, configured to send the block payload generated by the generating unit 503 to the coalition member management device, so that when the coalition member management device passes verification of the block payload, the block payload is updated and uplinked according to the time when the block payload is received.
Preferably, the first and second electrodes are formed of a metal,
a generating unit 503, further configured to encrypt the data set using a randomly generated symmetric encryption key, and generate a data ciphertext of the data set; when the data ciphertext is stored, a data download address of the data ciphertext is generated; the generated metadata information further includes: when sharing the member list and the data download address, wherein the sharing member list comprises: a federation member ID and an encryption key for a federation member sharing data in the dataset; the encryption key is generated by encrypting a randomly generated symmetric encryption key by using a public key distributed by the coalition member management device for coalition members sharing data in the data set.
In another embodiment, an electronic device is also provided, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the network measurement data storage method when executing the program.
In another embodiment, a computer readable storage medium is also provided, having stored thereon computer instructions, which when executed by a processor, may implement the steps in the network measurement data storage method.
Fig. 6 is a schematic physical structure diagram of an electronic device according to an embodiment of the present invention. As shown in fig. 6, the electronic device may include: a Processor (Processor)610, a communication Interface (Communications Interface)620, a Memory (Memory)630 and a communication bus 640, wherein the Processor 610, the communication Interface 620 and the Memory 630 communicate with each other via the communication bus 640. The processor 610 may call logic instructions in the memory 330 to perform the following method:
a network measurement data storage method is characterized in that the method is applied to coalition member equipment in a storage system comprising coalition member equipment and coalition member management equipment; the method comprises the following steps:
receiving network measurement data uploaded by a terminal in the area;
aggregating the received network measurement data into a data set with a preset value size according to the receiving time;
allocating data set serial numbers to the data sets according to the receiving time sequence;
generating metadata information of the data set and a block load corresponding to the metadata information; wherein the metadata information includes: federation member ID and data set number; the alliance member ID is distributed to the alliance member device by the alliance member management device; the data set number consists of the ID of the coalition members and the data set serial number;
and sending the block load to the alliance member management equipment, so that when the alliance member management equipment passes the block load verification, the block load is updated and uplink is carried out according to the time for receiving the block load.
In addition, the logic instructions in the memory 630 may be implemented in software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (10)

1. A network measurement data storage method is characterized in that the method is applied to coalition member equipment in a storage system comprising coalition member equipment and coalition member management equipment; the method comprises the following steps:
receiving network measurement data uploaded by a terminal in the area;
aggregating the received network measurement data into a data set with a preset value size according to the receiving time;
allocating data set serial numbers to the data sets according to the receiving time sequence;
generating metadata information of the data set and a block load corresponding to the metadata information; wherein the metadata information includes: a federation member identification ID and a data set number; the alliance member ID is distributed to the alliance member device by the alliance member management device; the data set number consists of the ID of the coalition members and the data set serial number;
and sending the block load to the alliance member management equipment, so that when the alliance member management equipment passes the block load verification, the block load is updated and uplink is carried out according to the time for receiving the block load.
2. The method of claim 1, wherein the metadata information further comprises: when sharing the member list and the data download address, wherein the sharing member list comprises: a federation member ID and an encryption key for a federation member sharing data in the dataset; the encryption key is generated by encrypting a randomly generated symmetric encryption key by using a public key distributed by the coalition member management equipment for coalition members sharing data in the data set;
the method further comprises:
encrypting the data set by using a randomly generated symmetric encryption key to generate a data ciphertext of the data set; and generating a data download address of the data cipher text when the data cipher text is stored.
3. The method of claim 2, further comprising:
when a data set corresponding to metadata information on the management equipment of the coalition members needs to be acquired, acquiring an encryption key corresponding to a coalition member ID corresponding to the equipment in the metadata information;
decrypting the encrypted key by using a private key in a key pair distributed by the coalition member management equipment to obtain a decrypted key;
constructing a downloading request according to the data downloading address in the metadata information, and sending the downloading request to the alliance member equipment for storing the data set corresponding to the metadata information; wherein, the download request carries the data set number of the requested data set, the download request time and the signature of the request information;
and when the data ciphertext corresponding to the metadata information is downloaded, decrypting the data ciphertext by using the decrypted key to obtain a data set corresponding to the metadata information.
4. The method of claim 3, wherein the metadata information further comprises: a hash value; wherein the hash value is generated from data in the dataset;
after the data ciphertext is decrypted by using the decrypted key to obtain the data set corresponding to the metadata information, the method further includes:
and verifying whether the data in the data set is tampered or not by using the hash value in the metadata information.
5. The method of claim 2, further comprising:
when receiving a downloading request sent by other alliance member equipment, checking whether the time for requesting downloading carried in the downloading request is within the set effective sharing time;
if the verification is successful, acquiring a public key of the alliance member device which sends the downloading request to verify the digital signature in the downloading request;
if the verification is passed, responding a data cipher text corresponding to the data set number carried in the downloading request to the alliance member equipment sending the downloading request; otherwise, the download request is rejected.
6. The network measurement data storage device is applied to the coalition member equipment in a storage system comprising the coalition member equipment and coalition member management equipment; the device comprises: a receiving unit, an aggregation unit, a generation unit and a sending unit;
the receiving unit is used for receiving network measurement data uploaded by a terminal in the area;
the aggregation unit is used for aggregating the network measurement data received by the receiving unit into a data set with a preset value size according to the receiving time; allocating data set serial numbers to the data sets according to the receiving time sequence;
the generating unit is configured to generate metadata information of the data sets aggregated by the aggregating unit, and a block payload corresponding to the metadata information; wherein the metadata information includes: federation member ID and data set number; the alliance member ID is distributed to the alliance member device by the alliance member management device; the data set number consists of the ID of the coalition members and the data set serial number;
the sending unit is configured to send the block load generated by the generating unit to the coalition member management device, so that when the coalition member management device passes the block load verification, the block load is updated and uplinked according to the time for receiving the block load.
7. The apparatus of claim 6,
the generating unit is further configured to encrypt the data set using a randomly generated symmetric encryption key to generate a data ciphertext of the data set; when the data ciphertext is stored, a data download address of the data ciphertext is generated; the generated metadata information further includes: when sharing the member list and the data download address, wherein the sharing member list comprises: a federation member ID and an encryption key for a federation member sharing data in the dataset; the encryption key is generated by encrypting a randomly generated symmetric encryption key by using a public key distributed by the coalition member management device for coalition members sharing data in the data set.
8. A network measurement data storage system, the storage system comprising: alliance member device and alliance member management device;
the alliance member equipment receives network measurement data uploaded by a terminal in the area; aggregating the received network measurement data into a data set with a preset value size according to the receiving time; allocating data set serial numbers to the data sets according to the receiving time sequence; generating metadata information of the data set and a block load corresponding to the metadata information; wherein the metadata information includes: federation member ID and data set number; the alliance member ID is distributed to the alliance member device by the alliance member management device; the data set number consists of the ID of the coalition members and the data set serial number; sending the block payload to the federation member management device;
when the block load sent by the coalition members is received and verified by the block load verification code, the coalition member management equipment updates the uplink of the block load according to the time for receiving the block load.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1-5 when executing the program.
10. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the method of any one of claims 1 to 5.
CN202010380358.7A 2020-05-08 2020-05-08 Network measurement data storage method, device and system Active CN111614739B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010380358.7A CN111614739B (en) 2020-05-08 2020-05-08 Network measurement data storage method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010380358.7A CN111614739B (en) 2020-05-08 2020-05-08 Network measurement data storage method, device and system

Publications (2)

Publication Number Publication Date
CN111614739A true CN111614739A (en) 2020-09-01
CN111614739B CN111614739B (en) 2023-06-23

Family

ID=72204815

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010380358.7A Active CN111614739B (en) 2020-05-08 2020-05-08 Network measurement data storage method, device and system

Country Status (1)

Country Link
CN (1) CN111614739B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114221889A (en) * 2020-09-03 2022-03-22 中国联合网络通信集团有限公司 Test data processing method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108833385A (en) * 2018-06-01 2018-11-16 深圳崀途科技有限公司 User data anonymity sharing method based on the encryption of alliance's chain
CN108848081A (en) * 2018-06-01 2018-11-20 深圳崀途科技有限公司 The data sharing method of verification and integral incentive mechanism is stored based on alliance's chain
US20190253245A1 (en) * 2018-11-27 2019-08-15 Alibaba Group Holding Limited Asymmetric key management in consortium blockchain networks
US20190278944A1 (en) * 2018-12-21 2019-09-12 Alibaba Group Holding Limited Verifying integrity of data stored in a consortium blockchain using a public sidechain
CN110572262A (en) * 2019-09-20 2019-12-13 中国银行股份有限公司 Block chain alliance chain construction method, device and system
US20200034291A1 (en) * 2018-07-27 2020-01-30 EMC IP Holding Company LLC Method, device and computer program product for managing metadata at a control device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108833385A (en) * 2018-06-01 2018-11-16 深圳崀途科技有限公司 User data anonymity sharing method based on the encryption of alliance's chain
CN108848081A (en) * 2018-06-01 2018-11-20 深圳崀途科技有限公司 The data sharing method of verification and integral incentive mechanism is stored based on alliance's chain
US20200034291A1 (en) * 2018-07-27 2020-01-30 EMC IP Holding Company LLC Method, device and computer program product for managing metadata at a control device
US20190253245A1 (en) * 2018-11-27 2019-08-15 Alibaba Group Holding Limited Asymmetric key management in consortium blockchain networks
US20190278944A1 (en) * 2018-12-21 2019-09-12 Alibaba Group Holding Limited Verifying integrity of data stored in a consortium blockchain using a public sidechain
CN110572262A (en) * 2019-09-20 2019-12-13 中国银行股份有限公司 Block chain alliance chain construction method, device and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
杨兵等: "基于联盟链的学习数据存储系统研究", 《现代教育技术》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114221889A (en) * 2020-09-03 2022-03-22 中国联合网络通信集团有限公司 Test data processing method and system

Also Published As

Publication number Publication date
CN111614739B (en) 2023-06-23

Similar Documents

Publication Publication Date Title
CN106357649B (en) User identity authentication system and method
US5915021A (en) Method for secure communications in a telecommunications system
US20180351734A1 (en) Cloud storage method and system
CN106953729B (en) Satellite communication encryption system and method based on quantum key
CN106878016A (en) Data is activation, method of reseptance and device
CN108667791B (en) Identity authentication method
CN111404664B (en) Quantum secret communication identity authentication system and method based on secret sharing and multiple mobile devices
WO2019214623A1 (en) Authentication method, related equipment, and system
CN106571915A (en) Terminal master key setting method and apparatus
CN107707562B (en) Method and device for encrypting and decrypting algorithm of asymmetric dynamic token
CN103313242A (en) Secret key verification method and device
CN111552935A (en) Block chain data authorization access method and device
CN114765543A (en) Encryption communication method and system of quantum cryptography network expansion equipment
CN110166460B (en) Service account registration method and device, storage medium and electronic device
CN108418679B (en) Method and device for processing secret key under multiple data centers and electronic equipment
CN112152796B (en) Multicast method based on key dynamic negotiation and related device
CN106850222B (en) Configuration synchronization method of wireless networking equipment, wireless networking equipment and system
CN111614739A (en) Network measurement data storage method, device and system
CN111404659B (en) Privacy protection communication method, server and communication system based on chaotic system
CN110598427B (en) Data processing method, system and storage medium
CN112134831B (en) Method and device for sending and processing access request
CN112887979A (en) Network access method and related equipment
CN112242976A (en) Identity authentication method and device
CN108156112B (en) Data encryption method, electronic equipment and network side equipment
CN113452513B (en) Key distribution method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant