CN111614739B - Network measurement data storage method, device and system - Google Patents

Network measurement data storage method, device and system Download PDF

Info

Publication number
CN111614739B
CN111614739B CN202010380358.7A CN202010380358A CN111614739B CN 111614739 B CN111614739 B CN 111614739B CN 202010380358 A CN202010380358 A CN 202010380358A CN 111614739 B CN111614739 B CN 111614739B
Authority
CN
China
Prior art keywords
data
data set
alliance
metadata information
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010380358.7A
Other languages
Chinese (zh)
Other versions
CN111614739A (en
Inventor
刘姿杉
程强
党梅梅
敖立
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Academy of Information and Communications Technology CAICT
Original Assignee
China Academy of Information and Communications Technology CAICT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Academy of Information and Communications Technology CAICT filed Critical China Academy of Information and Communications Technology CAICT
Priority to CN202010380358.7A priority Critical patent/CN111614739B/en
Publication of CN111614739A publication Critical patent/CN111614739A/en
Application granted granted Critical
Publication of CN111614739B publication Critical patent/CN111614739B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The application provides a network measurement data storage method, device and system, wherein the method comprises the following steps: network measurement data uploaded by a terminal in the area is received, and a data set is aggregated; generating metadata information of the data set and a block load corresponding to the metadata information; wherein the metadata information includes: a federation member identification ID and a dataset number; the alliance member ID is distributed to the alliance member management equipment and the alliance member equipment; the data set number consists of the alliance member ID and the data set sequence number; and sending the block load to the alliance member management equipment, so that the alliance member management equipment updates and uplinks the block load according to the time of receiving the block load when the block load passes verification. The method can ensure the safety of network measurement data through a distributed storage and centralized management mode.

Description

Network measurement data storage method, device and system
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method, an apparatus, and a system for storing network measurement data.
Background
Mobile broadband networks in order to achieve reliable, full coverage and high rate operation of the network, measurements of signal quality and transmission rate are required for the broadband network.
The measured data becomes broadband network measurement data, and the storage of the existing centralized network measurement data is easy to cause information security problems caused by single point failure and personal privacy disclosure.
Disclosure of Invention
In view of this, the present application provides a method, an apparatus and a system for storing network measurement data, which can ensure the security of the network measurement data by a distributed storage and centralized management manner.
In order to solve the technical problems, the technical scheme of the application is realized as follows:
in one embodiment, a network measurement data storage method is provided, which is applied to a alliance member device in a storage system comprising the alliance member device and an alliance member management device; the method comprises the following steps:
receiving network measurement data uploaded by a terminal in an area;
aggregating the received network measurement data into a data set with a preset value according to the receiving time;
distributing the data set with data set serial numbers according to the receiving time sequence;
generating metadata information of the data set and a block load corresponding to the metadata information; wherein the metadata information includes: a federation member ID and a dataset number; the alliance member ID is distributed to the alliance member management equipment and the alliance member equipment; the data set number consists of the alliance member ID and the data set sequence number;
and sending the block load to the alliance member management equipment, so that the alliance member management equipment updates and uplinks the block load according to the time of receiving the block load when the block load passes verification.
In another embodiment, a network measurement data storage apparatus is provided for use with a federated member device in a storage system comprising the federated member device and a federated member management device; the device comprises: the device comprises a receiving unit, an aggregation unit, a generating unit and a transmitting unit;
the receiving unit is used for receiving network measurement data uploaded by a terminal in the area;
the aggregation unit is used for aggregating the network measurement data received by the receiving unit into a data set with a preset value according to the receiving time; distributing the data set with data set serial numbers according to the receiving time sequence;
the generating unit is used for generating metadata information of the data set aggregated by the aggregation unit and a block load corresponding to the metadata information; wherein the metadata information includes: a federation member ID and a dataset number; the alliance member ID is distributed to the alliance member management equipment and the alliance member equipment; the data set number consists of the alliance member ID and the data set sequence number;
the sending unit is configured to send the block payload generated by the generating unit to the federation member management device, so that when the block payload passes verification, the federation member management device updates the block payload according to the time of receiving the block payload.
In another embodiment, a network measurement data storage system is provided, the storage system comprising: a coalition member device and a coalition member management device;
the alliance member equipment receives network measurement data uploaded by a terminal in the area; aggregating the received network measurement data into a data set with a preset value according to the receiving time; distributing the data set with data set serial numbers according to the receiving time sequence; generating metadata information of the data set and a block load corresponding to the metadata information; wherein the metadata information includes: a federation member ID and a dataset number; the alliance member ID is distributed to the alliance member management equipment and the alliance member equipment; the data set number consists of the alliance member ID and the data set sequence number; transmitting the block payload to the federation member management device;
and when the block load sent by the member of the alliance is received, the member management equipment of the alliance updates the block load according to the time of receiving the block load when the verification code is passed through the block load.
In another embodiment, an electronic device is provided that includes a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing steps of a method for storing network measurement data as described herein when the program is executed.
In another embodiment, a computer readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, implements the steps of the network measurement data storage method.
As can be seen from the above technical solution, in the above embodiment, the device for storing network measurement data is used as a member of the federation and the device for storing metadata information is used as a manager of the member of the federation, and the solution can ensure the security of the network measurement data by means of distributed storage and centralized management.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort to a person skilled in the art.
FIG. 1 is a schematic diagram of a network measurement data storage system according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a federated blockchain and a data structure thereof in an embodiment of the present application;
FIG. 3 is a schematic diagram of a network measurement data storage flow in an embodiment of the present application;
FIG. 4 is a schematic diagram of a data sharing flow between different member devices of a federation in an embodiment of the present application;
FIG. 5 is a schematic view of a device structure applied to the above technology in an embodiment of the present application;
fig. 6 is a schematic diagram of an entity structure of an electronic device according to an embodiment of the present invention.
Detailed Description
The following description of the technical solutions in the embodiments of the present application will be made clearly and completely with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
The terms "first," "second," "third," "fourth" and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented, for example, in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those elements but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The technical scheme of the invention is described in detail below by specific examples. The following embodiments may be combined with each other, and some embodiments may not be repeated for the same or similar concepts or processes.
The embodiment of the application provides a network measurement data storage system. The system comprises a alliance member device and an alliance member management device; the number of the alliance member devices is multiple, the specific number is not limited, and the alliance member devices are deployed according to actual needs.
Referring to fig. 1, fig. 1 is a schematic diagram of a network measurement data storage system according to an embodiment of the present application. In fig. 1, N coalition member devices are taken as an example.
The alliance member management equipment is equivalent to an administrator of an alliance member of the whole alliance blockchain, issues an alliance member identity certificate for the alliance member, creates a transmission channel of an alliance block, provides functions of updating, sequencing and the like of the blockchain, and is used for storing metadata information of an integrated data set of network measurement data; wherein the issued federation membership certificate includes a federation member Identification (ID) assigned to the federation member, and a key pair including a public key and a private key.
The alliance member device is used as an alliance member to store network measurement data.
The process by which the storage system implements network measurement data storage is detailed below.
And the alliance member equipment receives network measurement data uploaded by the terminal in the area.
After the terminal device performs network signal measurement, the network measurement data is uploaded to the alliance member device corresponding to the area where the terminal device is located.
Network measurement data includes, but is not limited to, the following information:
device related information: equipment model, longitude and latitude coordinates and altitude of equipment;
network connection information: network ID, base station ID, connection frequency information, network system, etc.;
signal quality information: measurement initiation time, RSRP, RSSI, RSRQ, network upstream and downstream rate, etc.
After receiving the network measurement data, the network measurement data needs to be checked;
the verification process is as follows: if and only if the measurement initiation time, RSRP, RSSI, RSRQ, the network uplink and downlink rates and the like are in the corresponding set effective value ranges, determining that the network measurement data are effective, and determining that the verification is successful; otherwise, determining that the verification is unsuccessful, and not processing the network measurement data or discarding the network measurement data.
The alliance member equipment aggregates the received network measurement data into a data set with a preset value according to the receiving time.
The member device of the alliance gathers a data set from the beginning of the network measurement data reception, and determines a data set formation when the number of received data reaches a preset value or the data amount reaches a preset value.
And the alliance member equipment distributes the data sets with the data set serial numbers according to the receiving time sequence.
Each data set is assigned a data set sequence number in the order of the time of receipt, e.g., starting with 1, and sequentially adding 1 to this assigned data set sequence number.
The alliance member equipment encrypts the data set by using a randomly generated symmetric encryption key to generate a data ciphertext of the data set; and generating a data downloading address of the data ciphertext when the data ciphertext is stored.
And the alliance member equipment generates metadata information of the data set and a block load corresponding to the metadata information.
Wherein the metadata information includes: a federation member ID and a dataset number;
the alliance member ID is distributed to the alliance member management equipment and the alliance member equipment;
the data set number consists of the alliance member ID and the data set sequence number; if the alliance member number is i and the data set number is j, the data set number is i+j.
If i is 1 and j is 2, the data set number may be expressed as 1_2; may also be denoted as 1-1, and this implementation is not limited in the embodiments of the present application.
The data set number is globally unique throughout the storage system.
The metadata information further includes: sharing a member list and a data download address;
wherein the shared member list includes: a coalition member ID and an encryption key of coalition members sharing data in the dataset; the encryption key is generated by encrypting a randomly generated symmetric encryption key by using a public key distributed by the alliance member management device for alliance members sharing data in the data set;
the metadata information further includes: a hash value; wherein the hash value is generated from data in the dataset.
When the member device of the present alliance does not share the data to other member devices of the alliance, the metadata information does not include: a shared member list, a data download address, and a hash value.
The block load includes: metadata information, time of generating the block payload, and a digital signature of the metadata information.
And the alliance member equipment transmits the block load to the alliance member management equipment.
And when the block load verification is passed, the alliance member management equipment updates the block load according to the time of receiving the block load.
The block uplink process of the alliance member management device is specifically:
when receiving a block load sent by a member device of a alliance, verifying the identity and the integrity of a message of the member device of the alliance sending the block load by using a digital signature in the block load;
if the verification is passed, updating the newly received block data to be uplink according to the time of receiving the block load in sequence; otherwise, the received block payload is discarded without updating.
Referring to fig. 2, fig. 2 is a schematic diagram of a federated blockchain and a data structure thereof in an embodiment of the present application.
In fig. 2, the data of two adjacent blocks, the data of the block with the block number N includes: block number N, last block hash value (hash value of block number N-1), timestamp (time when corresponding block payload was received), block payload (metadata information, transmission time, and digital signature); the data of the block number n+1 includes: block number n+1, the last block hash value (the hash value of the block of block number N), the timestamp (the time when the corresponding block payload was received), the block payload (metadata information, transmission time, and digital signature).
The storage of network measurement data is thus completed.
The access procedure for shared data in the network measurement data is given below:
taking as an example the data in a dataset that one federated member device accesses another federated member device.
The method comprises the steps that the member equipment of the alliance is used as equipment for accessing shared data, and when a data set corresponding to metadata information on member management equipment of the alliance is required to be acquired, an encryption key corresponding to an alliance member ID corresponding to the equipment in the metadata information is acquired;
decrypting the encryption key by using a private key in a key pair distributed by the member management device of the alliance to obtain a decrypted key;
constructing a downloading request according to the data downloading address in the metadata information, and sending the downloading request to the alliance member equipment storing the data set corresponding to the metadata information, namely the accessed alliance member equipment; wherein the download request carries the data set number of the requested data set, the time of the request download and the signature of the request information;
and when the data ciphertext corresponding to the metadata information is downloaded, decrypting the data ciphertext by using the decrypted key to obtain a data set corresponding to the metadata information.
And after the member device of the alliance further uses the decrypted key to decrypt the data ciphertext to obtain a data set corresponding to the metadata information, using the hash value in the metadata information to verify whether the data in the data set is tampered.
The method comprises the steps that alliance member equipment is used as equipment amount of accessed shared data, and when download requests sent by other alliance member equipment are received, whether the download request time carried in the download requests is within the set effective sharing time or not is checked;
if the verification is successful, acquiring a public key of alliance member equipment sending a downloading request to verify a digital signature in the downloading request;
if the verification is passed, responding the data ciphertext corresponding to the data set number carried in the downloading request to alliance member equipment for sending the downloading request; otherwise, rejecting the downloading request.
The network measurement data storage system provided by the embodiment of the application realizes the distributed storage of data, the data on different alliance member devices can be shared, and the security verification is set, so that the security, the authenticity and the integrity of the network measurement data and the sharing of the stored data on different devices are ensured.
Based on the same inventive concept, the embodiment of the application also provides a network measurement data storage method which is applied to the alliance member device in the storage system comprising the alliance member device and the alliance member management device. Referring to fig. 3, fig. 3 is a schematic diagram of a network measurement data storage flow in an embodiment of the present application. The method comprises the following specific steps:
step 301, receiving network measurement data uploaded by a terminal in the area.
After the terminal device performs network signal measurement, the network measurement data is uploaded to the alliance member device corresponding to the area where the terminal device is located.
Network measurement data includes, but is not limited to, the following information:
device related information: equipment model, longitude and latitude coordinates and altitude of equipment;
network connection information: network ID, base station ID, connection frequency information, network system, etc.;
signal quality information: measurement initiation time, RSRP, RSSI, RSRQ, network upstream and downstream rate, etc.
After receiving the network measurement data, the network measurement data needs to be checked;
the verification process is as follows: if and only if the measurement initiation time, RSRP, RSSI, RSRQ, the network uplink and downlink rates and the like are in the corresponding set effective value ranges, determining that the network measurement data are effective, and determining that the verification is successful; otherwise, determining that the verification is unsuccessful, and not processing the network measurement data or discarding the network measurement data.
Step 302, aggregating the received network measurement data into a data set with a preset value according to the receiving time.
And step 303, distributing the data set with the data set serial numbers according to the receiving time sequence.
The method further comprises:
encrypting the data set by using a randomly generated symmetric encryption key to generate a data ciphertext of the data set; and generating a data downloading address of the data ciphertext when the data ciphertext is stored.
Step 304, metadata information of the data set and a block payload corresponding to the metadata information are generated.
Wherein the metadata information includes: a federation member ID and a dataset number; the alliance member ID is distributed to the alliance member management equipment and the alliance member equipment; the data set number consists of the alliance member ID and the data set sequence number;
the metadata information further includes: when sharing a member list and a data downloading address, wherein the shared member list comprises: a coalition member ID and an encryption key of coalition members sharing data in the dataset; the encryption key is generated by encrypting a randomly generated symmetric encryption key by using a public key distributed by the alliance member management device for alliance members sharing data in the data set;
the metadata information further includes: a hash value; wherein the hash value is generated from data in the dataset.
When the member device of the present alliance does not share the data to other member devices of the alliance, the metadata information does not include: a shared member list, a data download address, and a hash value.
The block load includes: metadata information, time of generating the block payload, and a digital signature of the metadata information.
And 305, transmitting the block payload to the alliance member management device, so that the alliance member management device updates and uplinks the block payload according to the time of receiving the block payload when the block payload passes verification.
The specific block uplink process of the alliance member management equipment is as follows:
when receiving a block load sent by a member device of a alliance, verifying the identity and the integrity of a message of the member device of the alliance sending the block load by using a digital signature in the block load;
if the verification is passed, updating the newly received block data to be uplink according to the time of receiving the block load in sequence; otherwise, the received block payload is discarded without updating.
And the data corresponding to the data set and the metadata information are stored.
The process of data sharing between different coalition member devices is given below:
referring to fig. 4, fig. 4 is a schematic diagram of a data sharing flow between different coalition member devices in an embodiment of the present application. The method comprises the following specific steps:
in step 401, when the member device of the federation needs to obtain the data set corresponding to the metadata information on the member management device of the federation, the member device of the federation obtains the encryption key corresponding to the member ID of the federation corresponding to the device in the metadata information.
And step 402, decrypting the encryption key by using a private key in a key pair distributed by the member management device of the alliance to obtain a decrypted key.
And step 403, constructing a downloading request according to the data downloading address in the metadata information, and sending the downloading request to alliance member equipment for storing the data set corresponding to the metadata information.
Wherein the download request carries the data set number of the requested data set, the time of the request download and the signature of the request information;
when receiving download requests sent by other alliance member devices, checking whether the download request time carried in the download requests is within the set effective sharing time;
if the verification is successful, acquiring a public key of alliance member equipment sending a downloading request to verify a digital signature in the downloading request; and if the verification is unsuccessful, rejecting the downloading request.
If the verification is passed, responding the data ciphertext corresponding to the data set number carried in the downloading request to alliance member equipment for sending the downloading request; otherwise, rejecting the downloading request.
And step 404, when the data ciphertext corresponding to the metadata information is downloaded, decrypting the data ciphertext by using the decrypted key to obtain a data set corresponding to the metadata information.
After the decrypting the data ciphertext using the decrypted key to obtain the data set corresponding to the metadata information, the method further includes:
and verifying whether the data in the data set is tampered by using the hash value in the metadata information.
In the embodiment of the application, the data storage is performed based on the alliance block chain, the equipment for storing the network measurement data is used as an alliance member, the equipment for storing the metadata information is used as an alliance member manager, the distributed storage and the centralized management of the data can be realized, the data can be shared among different alliance members, and the safety, the integrity and the authenticity of the data are ensured through the introduction of encryption and hash values during the data sharing.
In the following, taking the system in fig. 1 as an example, the federation member device i stores network measurement data, and the federation member j accesses shared data on the federation member device i as an example:
i and j are integers between 1 and N.
The first step, the member equipment i of the alliance receives network measurement data reported by the mobile terminal in the area, and performs validity verification on the network measurement data.
The validity verification here means verifying whether the reported network measurement data is within a set valid range, if so, the verification is successful; otherwise, the verification fails;
and secondly, when the received network measurement data is successfully verified, the alliance member equipment i aggregates the received network measurement data into a data set with a preset value according to the receiving time.
And thirdly, the alliance member equipment i distributes the data set with the data set serial number according to the receiving time sequence, and if the data set serial number distributed for the current data set is 2.
Generating metadata information of a data set with the data set serial number of 2;
the metadata information includes: a federation member ID and a dataset number;
taking the example of a coalition member ID i assigned to a coalition member device, the data set number is i_2.
Fifthly, when the data set i_2 is a shared data set, i.e. other coalition members can access the data set, such as a member coalition j, and a member coalition d can access the data set i_2, generating a hash value H according to the content of the data set, and encrypting the data set i_2 by using a randomly generated symmetric encryption key k to generate a ciphertext C; storing to generate a data downloading address W;
sixth, obtain the public key of member j and member d of the alliance from member management device of the alliance: pj, pd, encrypt the symmetric encryption key k, generate the corresponding encryption keys Cj and Cd.
Seventh, the generated complete metadata information m= < i, i_2, h, list, w >.
Wherein list is a shared list, specifically: list= [ < j, cj >, < d, cd > ];
eighth step, the member device i of the alliance generates the block load b of the metadata information m;
b=<m,t1,sig>;
wherein t1 is a digital signature with sig m, which is the time for generating the block payload.
And a ninth step, the block load b is sent to the alliance member management equipment.
Tenth, when the alliance member management equipment receives the block load, the digital signature in the block load is used for verifying the identity and the message integrity, and when the verification is passed, the block load is updated and uplink; in the uplink, a block number such as N is sequentially allocated to the current block, and the hash value of the previous block (block number N-1), the current uplink timestamp, and the block payload b are added, and the hash value H in the metadata information is used as the hash value of the next block.
Thus, the complete process of the member device of the federation to store a data set is completed.
The procedure for federation member device j to access this dataset i_2 is given below.
The coalition member management device will show metadata information on the blockchain to all coalition members so that the coalition members can acquire shared data.
Step one, a member device j of a alliance acquires an encryption key Cj corresponding to j in a shared member list in metadata information corresponding to a data set i_2 on member management equipment of the alliance;
secondly, the member equipment j of the alliance decrypts the encryption key Cj by using a private key in a key pair distributed by member management equipment of the alliance to obtain a decrypted key k;
thirdly, constructing a downloading request by the alliance member equipment j according to the data downloading address W in the metadata information, and sending the downloading request to the alliance member equipment i storing a data set corresponding to the metadata information; wherein the download request carries the data set number i_2 of the requested data set, the time t0 of the request download and the signature sig of the request information q
Fourthly, when the member equipment i receives a downloading request sent by the member equipment j, checking whether the time t0 of the downloading request carried in the downloading request is within the set effective sharing time;
fifthly, if verification is successful, acquiring a public key of a alliance member device j which transmits a download request to verify a digital signature sig in the download request q
Step six, if the verification is passed, responding the data ciphertext C corresponding to the data set number carried in the downloading request to alliance member equipment j which sends the downloading request; otherwise, rejecting the downloading request.
And seventh, when the data ciphertext C corresponding to the metadata information is downloaded, decrypting the data ciphertext by using the decrypted key k to obtain a data set i_2 corresponding to the metadata information.
Eighth, verifying whether the data in the data set i_2 is tampered with using the hash value H in the metadata information.
The specific verification process comprises the following steps: calculating a hash value H0 by using the data in the data set i_2, determining whether H0 and H are the same, and if so, determining that the data in the data set i_2 is not tampered; otherwise, it is determined that the data in the data set i_2 is tampered with.
Thus, the sharing of the data set is completed once.
Based on the same inventive concept, the embodiment of the application also provides a network measurement data storage device, which is applied to the alliance member device in a storage system comprising the alliance member device and the alliance member management device. Referring to fig. 5, fig. 5 is a schematic structural diagram of an apparatus to which the above technology is applied in the embodiment of the present application. The device comprises: a receiving unit 501, an aggregation unit 502, a generating unit 503, and a transmitting unit 504;
a receiving unit 501, configured to receive network measurement data uploaded by a terminal in a region where the network measurement data is located;
an aggregation unit 502, configured to aggregate the network measurement data received by the receiving unit 501 into a data set with a preset value according to the receiving time; distributing the data set with data set serial numbers according to the receiving time sequence;
a generating unit 503, configured to generate metadata information of the data set aggregated by the aggregating unit 502, and a block payload corresponding to the metadata information; wherein the metadata information includes: a federation member ID and a dataset number; the alliance member ID is distributed to the alliance member management equipment and the alliance member equipment; the data set number consists of the alliance member ID and the data set sequence number;
a sending unit 504, configured to send the block payload generated by the generating unit 503 to the federation member management device, so that when the federation member management device verifies the block payload, the block payload is updated and uplink according to the time of receiving the block payload.
Preferably, the method comprises the steps of,
a generating unit 503, configured to encrypt the data set using a symmetric encryption key that is generated randomly, and generate a data ciphertext of the data set; generating a data downloading address of the data ciphertext when the data ciphertext is stored; the metadata information generated further includes: when sharing a member list and a data downloading address, wherein the shared member list comprises: a coalition member ID and an encryption key of coalition members sharing data in the dataset; the encryption key is generated by encrypting a randomly generated symmetric encryption key using a public key assigned by the federation member management device to a federation member sharing data in the dataset.
In another embodiment, there is also provided an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the network measurement data storage method when executing the program.
In another embodiment, a computer readable storage medium having stored thereon computer instructions which when executed by a processor may implement steps in the network measurement data storage method is also provided.
Fig. 6 is a schematic diagram of an entity structure of an electronic device according to an embodiment of the present invention. As shown in fig. 6, the electronic device may include: processor (Processor) 610, communication interface (Communications Interface) 620, memory (Memory) 630, and communication bus 640, wherein Processor 610, communication interface 620, and Memory 630 communicate with each other via communication bus 640. The processor 610 may call logic instructions in the memory 330 to perform the following method:
a network measurement data storage method, which is characterized by being applied to a member device of a alliance in a storage system comprising the member device of the alliance and a member management device of the alliance; the method comprises the following steps:
receiving network measurement data uploaded by a terminal in an area;
aggregating the received network measurement data into a data set with a preset value according to the receiving time;
distributing the data set with data set serial numbers according to the receiving time sequence;
generating metadata information of the data set and a block load corresponding to the metadata information; wherein the metadata information includes: a federation member ID and a dataset number; the alliance member ID is distributed to the alliance member management equipment and the alliance member equipment; the data set number consists of the alliance member ID and the data set sequence number;
and sending the block load to the alliance member management equipment, so that the alliance member management equipment updates and uplinks the block load according to the time of receiving the block load when the block load passes verification.
Further, the logic instructions in the memory 630 may be implemented in the form of software functional units and stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather to enable any modification, equivalent replacement, improvement or the like to be made within the spirit and principles of the invention.

Claims (8)

1. A network measurement data storage method, which is characterized by being applied to a member device of a alliance in a storage system comprising the member device of the alliance and a member management device of the alliance; the method comprises the following steps:
receiving network measurement data uploaded by a terminal in an area;
aggregating the received network measurement data into a data set with a preset value according to the receiving time;
distributing the data set with data set serial numbers according to the receiving time sequence;
generating metadata information of the data set and a block load corresponding to the metadata information; wherein the metadata information includes: a federation member ID and a dataset number; the alliance member ID is distributed to the alliance member management equipment and the alliance member equipment; the data set number consists of the alliance member ID and the data set sequence number;
the block load is sent to the alliance member management equipment, so that the alliance member management equipment updates and uplinks the block load according to the time of receiving the block load when the block load passes verification;
wherein the metadata information further includes: when sharing a member list and a data downloading address, wherein the shared member list comprises: a coalition member ID and an encryption key of coalition members sharing data in the dataset; the encryption key is generated by encrypting a randomly generated symmetric encryption key by using a public key distributed by the alliance member management device for alliance members sharing data in the data set;
the method further comprises:
encrypting the data set by using a randomly generated symmetric encryption key to generate a data ciphertext of the data set; and generating a data downloading address of the data ciphertext when the data ciphertext is stored.
2. The method according to claim 1, wherein the method further comprises:
when a data set corresponding to metadata information on the alliance member management equipment is required to be acquired, acquiring an encryption key corresponding to an alliance member ID corresponding to the equipment in the metadata information;
decrypting the encryption key by using a private key in a key pair distributed by the member management device of the alliance to obtain a decrypted key;
constructing a downloading request according to the data downloading address in the metadata information, and sending the downloading request to alliance member equipment for storing a data set corresponding to the metadata information; wherein the download request carries the data set number of the requested data set, the time of the request download and the signature of the request information;
and when the data ciphertext corresponding to the metadata information is downloaded, decrypting the data ciphertext by using the decrypted key to obtain a data set corresponding to the metadata information.
3. The method of claim 2, wherein the metadata information further comprises: a hash value; wherein the hash value is generated from data in the dataset;
after the decrypting the data ciphertext using the decrypted key to obtain the data set corresponding to the metadata information, the method further includes:
and verifying whether the data in the data set is tampered by using the hash value in the metadata information.
4. The method according to claim 1, wherein the method further comprises:
when receiving download requests sent by other alliance member devices, checking whether the download request time carried in the download requests is within the set effective sharing time;
if the verification is successful, acquiring a public key of alliance member equipment sending a downloading request to verify a digital signature in the downloading request;
if the verification is passed, responding the data ciphertext corresponding to the data set number carried in the downloading request to alliance member equipment for sending the downloading request; otherwise, rejecting the downloading request.
5. A network measurement data storage device, characterized by being applied to a member device of a federation in a storage system including the member device of the federation and a member management device of the federation; the device comprises: the device comprises a receiving unit, an aggregation unit, a generating unit and a transmitting unit;
the receiving unit is used for receiving network measurement data uploaded by a terminal in the area;
the aggregation unit is used for aggregating the network measurement data received by the receiving unit into a data set with a preset value according to the receiving time; distributing the data set with data set serial numbers according to the receiving time sequence;
the generating unit is used for generating metadata information of the data set aggregated by the aggregation unit and a block load corresponding to the metadata information; wherein the metadata information includes: a federation member ID and a dataset number; the alliance member ID is distributed to the alliance member management equipment and the alliance member equipment; the data set number consists of the alliance member ID and the data set sequence number;
the sending unit is configured to send the block payload generated by the generating unit to the federation member management device, so that the federation member management device updates the block payload according to the time of receiving the block payload when the block payload passes the verification;
wherein, the liquid crystal display device comprises a liquid crystal display device,
the generating unit is further used for encrypting the data set by using the randomly generated symmetric encryption key to generate a data ciphertext of the data set; generating a data downloading address of the data ciphertext when the data ciphertext is stored; the metadata information generated further includes: when sharing a member list and a data downloading address, wherein the shared member list comprises: a coalition member ID and an encryption key of coalition members sharing data in the dataset; the encryption key is generated by encrypting a randomly generated symmetric encryption key using a public key assigned by the federation member management device to a federation member sharing data in the dataset.
6. A network measurement data storage system, the storage system comprising: a coalition member device and a coalition member management device;
the alliance member equipment receives network measurement data uploaded by a terminal in the area; aggregating the received network measurement data into a data set with a preset value according to the receiving time; distributing the data set with data set serial numbers according to the receiving time sequence; generating metadata information of the data set and a block load corresponding to the metadata information; wherein the metadata information includes: a federation member ID and a dataset number; the alliance member ID is distributed to the alliance member management equipment and the alliance member equipment; the data set number consists of the alliance member ID and the data set sequence number; transmitting the block payload to the federation member management device;
when receiving a block load sent by the member of the alliance, the member management equipment of the alliance updates and links the block load according to the time of receiving the block load when verification codes of the block load pass;
wherein the metadata information further includes: when sharing a member list and a data downloading address, wherein the shared member list comprises: a coalition member ID and an encryption key of coalition members sharing data in the dataset; the encryption key is generated by encrypting a randomly generated symmetric encryption key by using a public key distributed by the alliance member management device for alliance members sharing data in the data set;
the alliance member device is further configured to encrypt the data set using a symmetric encryption key that is randomly generated, and generate a data ciphertext of the data set; and generating a data downloading address of the data ciphertext when the data ciphertext is stored.
7. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any of claims 1-4 when the program is executed by the processor.
8. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method of any of claims 1-4.
CN202010380358.7A 2020-05-08 2020-05-08 Network measurement data storage method, device and system Active CN111614739B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010380358.7A CN111614739B (en) 2020-05-08 2020-05-08 Network measurement data storage method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010380358.7A CN111614739B (en) 2020-05-08 2020-05-08 Network measurement data storage method, device and system

Publications (2)

Publication Number Publication Date
CN111614739A CN111614739A (en) 2020-09-01
CN111614739B true CN111614739B (en) 2023-06-23

Family

ID=72204815

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010380358.7A Active CN111614739B (en) 2020-05-08 2020-05-08 Network measurement data storage method, device and system

Country Status (1)

Country Link
CN (1) CN111614739B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114221889A (en) * 2020-09-03 2022-03-22 中国联合网络通信集团有限公司 Test data processing method and system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108848081A (en) * 2018-06-01 2018-11-20 深圳崀途科技有限公司 The data sharing method of verification and integral incentive mechanism is stored based on alliance's chain
CN108833385A (en) * 2018-06-01 2018-11-16 深圳崀途科技有限公司 User data anonymity sharing method based on the encryption of alliance's chain
CN110765036B (en) * 2018-07-27 2023-11-10 伊姆西Ip控股有限责任公司 Method and device for managing metadata at a control device
RU2733097C1 (en) * 2018-11-27 2020-09-29 Алибаба Груп Холдинг Лимитед Control of asymmetric keys in consortium blockchain networks
PL3571825T3 (en) * 2018-12-21 2021-08-16 Advanced New Technologies Co., Ltd. Verifying integrity of data stored in a consortium blockchain using a public sidechain
CN110572262A (en) * 2019-09-20 2019-12-13 中国银行股份有限公司 Block chain alliance chain construction method, device and system

Also Published As

Publication number Publication date
CN111614739A (en) 2020-09-01

Similar Documents

Publication Publication Date Title
EP2823595B1 (en) Method, apparatuses, and computer-readable storage medium for securely accessing social networking data
US8429404B2 (en) Method and system for secure communications on a managed network
US20040123156A1 (en) System and method of non-centralized zero knowledge authentication for a computer network
CN113614572A (en) Base station location authentication
CN106888092B (en) Information processing method and device
JP2004032730A (en) Method and apparatus, which check validity of first communication participant in communication network having first and second communication participants
EP2756696A1 (en) Systems and methods for encoding exchanges with a set of shared ephemeral key data
CN108667791B (en) Identity authentication method
CN111404664B (en) Quantum secret communication identity authentication system and method based on secret sharing and multiple mobile devices
KR20150024117A (en) Data certification and acquisition method for vehicle
CN111182545B (en) Micro base station authentication method and terminal
CN108306732A (en) A kind of random digit generation method, relevant device and system
CN111080299B (en) Anti-repudiation method for transaction information, client and server
WO2015144041A1 (en) Network authentication method and device
CN102970135A (en) Methods and apparatus for finding a shared secret without compromising non-shared secrets
CN111614739B (en) Network measurement data storage method, device and system
CN108737431B (en) Confusion-based hierarchical distributed authentication method, device and system in IoT (Internet of things) scene
CN107005913A (en) Verification method, user equipment and the adjacent service functional entity of adjacent service communication
CN111404659B (en) Privacy protection communication method, server and communication system based on chaotic system
CN106850222B (en) Configuration synchronization method of wireless networking equipment, wireless networking equipment and system
CN112788571A (en) Group authentication method and system for machine type communication equipment in LTE network
KR20190040443A (en) Apparatus and method for creating secure session of smart meter
CN114500064B (en) Communication security verification method and device, storage medium and electronic equipment
CN102045709B (en) Mobile terminal application data downloading method, system and mobile terminal
CN112134831B (en) Method and device for sending and processing access request

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant