CN111835742A - Data security management system and method based on distributed copy storage - Google Patents

Data security management system and method based on distributed copy storage Download PDF

Info

Publication number
CN111835742A
CN111835742A CN202010637348.7A CN202010637348A CN111835742A CN 111835742 A CN111835742 A CN 111835742A CN 202010637348 A CN202010637348 A CN 202010637348A CN 111835742 A CN111835742 A CN 111835742A
Authority
CN
China
Prior art keywords
file
copy
sub
module
file data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010637348.7A
Other languages
Chinese (zh)
Other versions
CN111835742B (en
Inventor
陈杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Pu Jian Weisi Information Technology Co ltd
Original Assignee
Nanjing Pu Jian Weisi Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Pu Jian Weisi Information Technology Co ltd filed Critical Nanjing Pu Jian Weisi Information Technology Co ltd
Priority to CN202010637348.7A priority Critical patent/CN111835742B/en
Publication of CN111835742A publication Critical patent/CN111835742A/en
Application granted granted Critical
Publication of CN111835742B publication Critical patent/CN111835742B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/182Distributed file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Abstract

The invention discloses a data security management system and a method based on distributed copy storage, the management system comprises a file data dividing module, a file copy creating module, a numbering encryption module and a copy storage module, the file data dividing module is used for dividing the file data into a plurality of sub-file data segments, the file copy creating module is used for acquiring the size of each sub-file data segment in advance, and creates the number of file copies corresponding to the level of each sub-file data segment, the number encryption module adds watermark numbers to the file copies corresponding to each sub-file data segment in sequence according to the front and back positions of the sub-file data segments in the file data and encrypts each file copy, and the copy storage module is used for storing each file copy to each data storage node after the file copy is encrypted.

Description

Data security management system and method based on distributed copy storage
Technical Field
The invention relates to the field of data management, in particular to a data security management system and a data security management method based on distributed copy storage.
Background
With the advent of the information age, the global volume of data is in explosive growth. The data security problem is also brought in the process of rapidly increasing the information data quantity. Distributed replica storage refers to breaking a large data file into multiple small data files, creating multiple replicas for each small data file, and storing the multiple replicas in different places. The distributed copy storage can ensure the safety performance of data storage to a certain extent, but the safety protection performance of the data with high privacy degree is far from enough.
Disclosure of Invention
The invention aims to provide a data security management system and a data security management method based on distributed copy storage, which aim to solve the problems in the prior art.
In order to achieve the purpose, the invention provides the following technical scheme:
a data security management system based on distributed copy storage comprises a file data dividing module, a file copy creating module, a number encrypting module and a copy storage module, wherein the file data dividing module is used for dividing file data into a plurality of sub-file data segments, the file copy creating module is used for acquiring the size of each sub-file data segment in advance and creating the number of file copies corresponding to the level of the size of each sub-file data segment, the number encrypting module is used for sequentially adding watermark numbers to the file copies corresponding to each sub-file data segment according to the front and back positions of the sub-file data segments in the file data and encrypting the file copies, and the copy storage module is used for storing the file copies to data storage nodes after the file copies are encrypted.
Preferably, the number encryption module comprises a re-encryption module and a double-encryption module, the re-encryption module comprises a first closed loop forming module and a re-encryption key obtaining module, the double-encryption module comprises a file data segment classification module, a private encryption module and a common encryption module, the file data classification module comprises a private grade obtaining module and a private grade comparing module, the private grade obtaining module is used for obtaining the preset private grade of each sub-file data segment, and the private grade comparing module is used for comparing the private grade of the sub-file data segment with a private threshold value and dividing the private sub-file data segment and the common sub-file data segment according to the comparison result; the private encryption module comprises a second closed loop forming module and a private encryption key obtaining module, the second closed loop forming module sequences the watermark numbers corresponding to the private sub-file data segments and connects the sequencing results end to form a second closed loop, the private encryption key obtaining module obtains the hash value of the private sub-file data segment corresponding to the previous watermark number of the watermark number corresponding to the file copy of the private sub-file data segment from the second closed loop in a clockwise direction or a counterclockwise direction when a double encryption key of the file copy of a certain private sub-file data segment is set, and the hash value is used as the double encryption key of the file copy of the private sub-file data segment; the common encryption module comprises a third closed loop forming module and a common encryption key obtaining module, the third closed loop forming module sequences the watermark numbers corresponding to the common sub-file data sections and connects the sequencing results end to form a third closed loop, the common encryption key obtaining module obtains the hash value of the common sub-file data section corresponding to the watermark number which is before the watermark number corresponding to the file copy of the common sub-file data section from the third closed loop according to the clockwise direction or the anticlockwise direction when the double encryption key of the file copy of a certain common sub-file data section is set, and the hash value is used as the double encryption key of the file copy of the common sub-file data section.
Preferably, the copy storage module comprises an effective identifier adding module, an effective duration setting module, an effective duration judging module and a copy transfer storage module, wherein the effective identifier adding module respectively adds an effective identifier to each file copy when each file copy is stored in each data storage node, the effective duration setting module is used for setting an effective identifier duration for the effective identifier on each file copy, the effective duration judging module is used for comparing the remaining effective duration of the effective identifier of the file copy in a certain data storage node with an effective duration threshold value and transmitting information to the copy transfer storage module when the remaining effective duration of the effective identifier is less than or equal to the effective duration threshold value, the copy transfer storage module transfers and stores the file copy to other data storage nodes and transmits the information to the effective duration setting module, and the effective duration setting module resets the effective duration of the identification for the effective identification of the file copy.
Preferably, the copy transfer storage module comprises a data storage node sorting module and a data storage node selection module, wherein the data storage node sorting module is used for obtaining the sum of the number of all the file copies stored by each data storage node, sorting the data storage nodes according to the sequence of the sum of the number of all the file copies from small to small, and the data storage node selection module selects the first data storage node in the sorting and places the first data storage node in the transfer storage node of the file copy.
A data security management method based on distributed copy storage comprises the following steps:
step S1: dividing file data into a plurality of sub-file data segments, acquiring the size of each sub-file data segment in advance, and creating the number of file copies corresponding to the level of the size of each sub-file data segment, wherein the larger the size of each sub-file data segment is, the more the number of corresponding file copies is;
step S2: and adding watermark numbers to the file copies corresponding to each sub-file data segment in sequence according to the front and back positions of the sub-file data segments in the file data, encrypting each file copy, and storing each file copy to each data storage node, wherein the watermark numbers of the file copies of the same sub-file data segment are the same.
Preferably, the encrypting each copy of the file in step S2 includes performing one-time encryption and two-time encryption on each copy of the file,
the performing of one-time encryption on each file copy comprises:
sequencing the watermark numbers corresponding to all the sub-file data segments, and connecting the sequencing results end to form a first closed loop;
acquiring a hash value of a sub-file data segment corresponding to a watermark number before a watermark number corresponding to the file copy from the first closed loop in a clockwise direction or a counterclockwise direction, and taking the hash value as a re-encryption key of the file copy;
the double encryption of each file copy comprises:
presetting the privacy level of each sub-file data segment, if the privacy level of a certain sub-file data segment is more than or equal to a privacy threshold value, the sub-file data segment is a private sub-file data segment, and if the privacy level of a certain sub-file data segment is less than the privacy threshold value, the sub-file data segment is a common sub-file data segment;
sequencing the watermark numbers corresponding to the private sub-file data segments, connecting the sequencing results end to form a second closed loop, sequencing the watermark numbers corresponding to the common sub-file data segments, and connecting the sequencing results end to form a third closed loop;
when a double encryption key of a file copy of a certain private sub-file data segment is set, a hash value of the private sub-file data segment corresponding to a watermark number which is before the watermark number corresponding to the file copy of the private sub-file data segment is obtained from a second closed loop in a clockwise direction or a counterclockwise direction, and the hash value is used as the double encryption key of the file copy of the private sub-file data segment;
when a double encryption key of a file copy of a certain common sub-file data segment is set, a hash value of the common sub-file data segment corresponding to a watermark number which is before the watermark number corresponding to the file copy of the common sub-file data segment is obtained from a third closed loop according to the clockwise direction or the anticlockwise direction, and the hash value is used as the double encryption key of the file copy of the common sub-file data segment;
the first encryption keys of the file copies of the same sub-file data segment are the same, and the second encryption keys of the file copies of the same sub-file data segment are the same.
Preferably, the step S2 of storing each file copy to each data storage node further includes:
when each file copy is stored in each data storage node, respectively adding an effective identifier to each file copy, and setting an identifier effective duration for the effective identifier on each file copy, wherein the effective durations of the effective identifiers of the file copies of the same sub-file data segment are different;
when the remaining effective duration of the effective identifier of the file copy in a certain data storage node is less than or equal to the effective duration threshold, the file copy is stored in other data storage nodes, and the effective identifier effective duration of the file copy is reset.
Preferably, the step S2 of storing the new file copy to the other data storage nodes includes:
and acquiring the sum of the number of all the file copies stored by each data storage node, sequencing the data storage nodes according to the sequence of the sum of the number of all the file copies from small to small, and storing the file copies to the data storage node with the first sequence.
Compared with the prior art, the invention has the beneficial effects that: when distributed copy storage is carried out, multiple encryption keys are set, different encryption modes are adopted for file copies with different privacy degrees, so that the safety performance of the file copies is improved, meanwhile, the file copies are not invariably and consistently stored in a certain unique data storage node, but the storage positions of certain file copies are periodically transferred, and the safety performance of the external parts of the file copies is improved.
Drawings
FIG. 1 is a schematic block diagram of a data security management system based on distributed replica storage according to the present invention;
fig. 2 is a schematic flow chart of a data security management method based on distributed copy storage according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-2, in an embodiment of the present invention, a data security management system based on distributed copy storage, the management system comprises a file data dividing module, a file copy creating module, a numbering encryption module and a copy storage module, the file data dividing module is used for dividing the file data into a plurality of sub-file data segments, the file copy creating module is used for acquiring the size of each sub-file data segment in advance, and creates the number of file copies corresponding to the level of each sub-file data segment, the number encryption module adds watermark numbers to the file copies corresponding to each sub-file data segment in sequence according to the front and back positions of the sub-file data segments in the file data and encrypts each file copy, and the copy storage module is used for storing each file copy to each data storage node after the file copy is encrypted.
The number encryption module comprises a re-encryption module and a re-encryption module, the re-encryption module comprises a first closed loop forming module and a re-encryption key obtaining module, the re-encryption module comprises a file data segment classification module, a private encryption module and a common encryption module, the file data classification module comprises a private grade obtaining module and a private grade comparison module, the private grade obtaining module is used for obtaining the preset private grade of each sub-file data segment, and the private grade comparison module is used for comparing the private grade of each sub-file data segment with a private threshold value and dividing the private sub-file data segment and the common sub-file data segment according to the comparison result; the private encryption module comprises a second closed loop forming module and a private encryption key obtaining module, the second closed loop forming module sequences the watermark numbers corresponding to the private sub-file data segments and connects the sequencing results end to form a second closed loop, the private encryption key obtaining module obtains the hash value of the private sub-file data segment corresponding to the previous watermark number of the watermark number corresponding to the file copy of the private sub-file data segment from the second closed loop in a clockwise direction or a counterclockwise direction when a double encryption key of the file copy of a certain private sub-file data segment is set, and the hash value is used as the double encryption key of the file copy of the private sub-file data segment; the common encryption module comprises a third closed loop forming module and a common encryption key obtaining module, the third closed loop forming module sequences the watermark numbers corresponding to the common sub-file data sections and connects the sequencing results end to form a third closed loop, the common encryption key obtaining module obtains the hash value of the common sub-file data section corresponding to the watermark number which is before the watermark number corresponding to the file copy of the common sub-file data section from the third closed loop according to the clockwise direction or the anticlockwise direction when the double encryption key of the file copy of a certain common sub-file data section is set, and the hash value is used as the double encryption key of the file copy of the common sub-file data section.
The copy storage module comprises an effective identifier adding module, an effective duration setting module, an effective duration judging module and a copy transfer storage module, the valid identifier adding module adds a valid identifier to each file copy when each file copy is stored in each data storage node, the effective duration setting module is used for setting an identification effective duration for the effective identification on each file copy, the effective duration judging module is used for comparing the residual effective duration of the effective identification of the file copy in a certain data storage node with an effective duration threshold, and transmits information to the copy transfer storage module when the remaining effective duration of the effective identifier is less than or equal to the effective duration threshold, the copy transfer storage module transfers and stores the file copy to other data storage nodes, and transmitting information to an effective duration setting module, wherein the effective duration setting module resets the effective duration of the identification for the effective identification of the file copy.
The copy transfer storage module comprises a data storage node sorting module and a data storage node selection module, wherein the data storage node sorting module is used for obtaining the sum of the number of all file copies stored by each data storage node and sorting the data storage nodes according to the sum of all the file copies in the order from small to small, and the data storage node selection module selects the first data storage node in the sorting and stores the transfer storage node of the file copy.
A data security management method based on distributed copy storage comprises the following steps:
step S1: dividing file data into a plurality of sub-file data segments, acquiring the size of each sub-file data segment in advance, and creating the number of file copies corresponding to the level of the size of each sub-file data segment, wherein the larger the size of each sub-file data segment is, the more the number of corresponding file copies is; the larger the size of the sub-file data segment is, the more the information content contained in the sub-file data segment is, and the more the number of file copies is, so that the file copy of a certain data storage node is prevented from being damaged, and information data is prevented from being lost;
step S2: and adding watermark numbers to the file copies corresponding to each sub-file data segment in sequence according to the front and back positions of the sub-file data segments in the file data, encrypting each file copy, and storing each file copy to each data storage node, wherein the watermark numbers of the file copies of the same sub-file data segment are the same.
Encrypting each copy of the file in step S2 includes performing one-time encryption and two-time encryption on each copy of the file,
the performing of one-time encryption on each file copy comprises:
sequencing the watermark numbers corresponding to all the sub-file data segments, and connecting the sequencing results end to form a first closed loop;
acquiring a hash value of a sub-file data segment corresponding to a watermark number before a watermark number corresponding to the file copy from the first closed loop in a clockwise direction or a counterclockwise direction, and taking the hash value as a re-encryption key of the file copy;
the double encryption of each file copy comprises:
presetting the privacy level of each sub-file data segment, if the privacy level of a certain sub-file data segment is more than or equal to a privacy threshold value, the sub-file data segment is a private sub-file data segment, and if the privacy level of a certain sub-file data segment is less than the privacy threshold value, the sub-file data segment is a common sub-file data segment;
sequencing the watermark numbers corresponding to the private sub-file data segments, connecting the sequencing results end to form a second closed loop, sequencing the watermark numbers corresponding to the common sub-file data segments, and connecting the sequencing results end to form a third closed loop;
when a double encryption key of a file copy of a certain private sub-file data segment is set, a hash value of the private sub-file data segment corresponding to a watermark number which is before the watermark number corresponding to the file copy of the private sub-file data segment is obtained from a second closed loop in a clockwise direction or a counterclockwise direction, and the hash value is used as the double encryption key of the file copy of the private sub-file data segment;
when a double encryption key of a file copy of a certain common sub-file data segment is set, a hash value of the common sub-file data segment corresponding to a watermark number which is before the watermark number corresponding to the file copy of the common sub-file data segment is obtained from a third closed loop according to the clockwise direction or the anticlockwise direction, and the hash value is used as the double encryption key of the file copy of the common sub-file data segment;
the first encryption keys of the file copies of the same sub-file data segment are the same, and the second encryption keys of the file copies of the same sub-file data segment are the same. In the application, when the hash value of a certain file copy is required to be calculated, the file copy can be obtained only after a key is unlocked, and the hash value of the sub-file data segment corresponding to the file copy is calculated; meanwhile, when a key of a certain file copy is required to be acquired, the file copy of the previous watermark number of the loop where the watermark number corresponding to the file copy is located must be acquired, so that file data can be acquired and recombined only by acquiring all the file copies and knowing one of the keys, and the safety performance of the file copy stored in the data storage node is further improved by the arrangement; all file copies are obtained in real time, numbered watermarks exist on the file copies, the key is a hash value of the file data segments, no numbered watermarks exist on the file data segments, and the key stealing difficulty is further increased or decreased, so that the difficulty of externally stealing file data is increased.
The step S2 of storing the respective file copies to the respective data storage nodes further includes:
when each file copy is stored in each data storage node, respectively adding an effective identifier to each file copy, and setting an identifier effective duration for the effective identifier on each file copy, wherein the effective durations of the effective identifiers of the file copies of the same sub-file data segment are different;
when the remaining effective duration of the effective identifier of the file copy in a certain data storage node is less than or equal to the effective duration threshold, the file copy is stored in other data storage nodes, and the effective identifier effective duration of the file copy is reset.
Storing the new file copy to the other data storage nodes includes:
and acquiring the sum of the number of all the file copies stored by each data storage node, sequencing the data storage nodes according to the sequence of the sum of the number of all the file copies from small to small, and storing the file copies to the data storage node with the first sequence.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.

Claims (8)

1. A data security management system based on distributed copy storage is characterized in that: the management system comprises a file data dividing module, a file copy creating module, a numbering encryption module and a copy storage module, wherein the file data dividing module is used for dividing file data into a plurality of sub-file data segments, the file copy creating module is used for acquiring the size of each sub-file data segment in advance and creating the number of file copies corresponding to the level of the size of each sub-file data segment, the numbering encryption module is used for sequentially adding watermark numbers to the file copies corresponding to each sub-file data segment according to the front and back positions of the sub-file data segments in the file data and encrypting the file copies, and the copy storage module is used for storing the file copies to data storage nodes after the file copies are encrypted.
2. The data security management system based on the distributed copy storage as claimed in claim 1, wherein: the number encryption module comprises a re-encryption module and a re-encryption module, the re-encryption module comprises a first closed loop forming module and a re-encryption key obtaining module, the re-encryption module comprises a file data segment classification module, a private encryption module and a common encryption module, the file data classification module comprises a private grade obtaining module and a private grade comparison module, the private grade obtaining module is used for obtaining the preset private grade of each sub-file data segment, and the private grade comparison module is used for comparing the private grade of each sub-file data segment with a private threshold value and dividing the private sub-file data segment and the common sub-file data segment according to the comparison result; the private encryption module comprises a second closed loop forming module and a private encryption key obtaining module, the second closed loop forming module sequences the watermark numbers corresponding to the private sub-file data segments and connects the sequencing results end to form a second closed loop, the private encryption key obtaining module obtains the hash value of the private sub-file data segment corresponding to the previous watermark number of the watermark number corresponding to the file copy of the private sub-file data segment from the second closed loop in a clockwise direction or a counterclockwise direction when a double encryption key of the file copy of a certain private sub-file data segment is set, and the hash value is used as the double encryption key of the file copy of the private sub-file data segment; the common encryption module comprises a third closed loop forming module and a common encryption key obtaining module, the third closed loop forming module sequences the watermark numbers corresponding to the common sub-file data sections and connects the sequencing results end to form a third closed loop, the common encryption key obtaining module obtains the hash value of the common sub-file data section corresponding to the watermark number which is before the watermark number corresponding to the file copy of the common sub-file data section from the third closed loop according to the clockwise direction or the anticlockwise direction when the double encryption key of the file copy of a certain common sub-file data section is set, and the hash value is used as the double encryption key of the file copy of the common sub-file data section.
3. The data security management system based on the distributed copy storage as claimed in claim 1, wherein: the copy storage module comprises an effective identifier adding module, an effective duration setting module, an effective duration judging module and a copy transfer storage module, the valid identifier adding module adds a valid identifier to each file copy when each file copy is stored in each data storage node, the effective duration setting module is used for setting an identification effective duration for the effective identification on each file copy, the effective duration judging module is used for comparing the residual effective duration of the effective identification of the file copy in a certain data storage node with an effective duration threshold, and transmits information to the copy transfer storage module when the remaining effective duration of the effective identifier is less than or equal to the effective duration threshold, the copy transfer storage module transfers and stores the file copy to other data storage nodes, and transmitting information to an effective duration setting module, wherein the effective duration setting module resets the effective duration of the identification for the effective identification of the file copy.
4. The system for data security management based on distributed copy storage according to claim 3, wherein: the copy transfer storage module comprises a data storage node sorting module and a data storage node selection module, wherein the data storage node sorting module is used for obtaining the sum of the number of all file copies stored by each data storage node and sorting the data storage nodes according to the sum of all the file copies in the order from small to small, and the data storage node selection module selects the first data storage node in the sorting and stores the transfer storage node of the file copy.
5. A data security management method based on distributed copy storage is characterized in that: the management method comprises the following steps:
step S1: dividing file data into a plurality of sub-file data segments, acquiring the size of each sub-file data segment in advance, and creating the number of file copies corresponding to the level of the size of each sub-file data segment, wherein the larger the size of each sub-file data segment is, the more the number of corresponding file copies is;
step S2: and adding watermark numbers to the file copies corresponding to each sub-file data segment in sequence according to the front and back positions of the sub-file data segments in the file data, encrypting each file copy, and storing each file copy to each data storage node, wherein the watermark numbers of the file copies of the same sub-file data segment are the same.
6. The data security management method based on distributed copy storage according to claim 5, wherein: encrypting each copy of the file in step S2 includes performing one-time encryption and two-time encryption on each copy of the file,
the performing of one-time encryption on each file copy comprises:
sequencing the watermark numbers corresponding to all the sub-file data segments, and connecting the sequencing results end to form a first closed loop;
acquiring a hash value of a sub-file data segment corresponding to a watermark number before a watermark number corresponding to the file copy from the first closed loop in a clockwise direction or a counterclockwise direction, and taking the hash value as a re-encryption key of the file copy;
the double encryption of each file copy comprises:
presetting the privacy level of each sub-file data segment, if the privacy level of a certain sub-file data segment is more than or equal to a privacy threshold value, the sub-file data segment is a private sub-file data segment, and if the privacy level of a certain sub-file data segment is less than the privacy threshold value, the sub-file data segment is a common sub-file data segment;
sequencing the watermark numbers corresponding to the private sub-file data segments, connecting the sequencing results end to form a second closed loop, sequencing the watermark numbers corresponding to the common sub-file data segments, and connecting the sequencing results end to form a third closed loop;
when a double encryption key of a file copy of a certain private sub-file data segment is set, a hash value of the private sub-file data segment corresponding to a watermark number which is before the watermark number corresponding to the file copy of the private sub-file data segment is obtained from a second closed loop in a clockwise direction or a counterclockwise direction, and the hash value is used as the double encryption key of the file copy of the private sub-file data segment;
when a double encryption key of a file copy of a certain common sub-file data segment is set, a hash value of the common sub-file data segment corresponding to a watermark number which is before the watermark number corresponding to the file copy of the common sub-file data segment is obtained from a third closed loop according to the clockwise direction or the anticlockwise direction, and the hash value is used as the double encryption key of the file copy of the common sub-file data segment;
the first encryption keys of the file copies of the same sub-file data segment are the same, and the second encryption keys of the file copies of the same sub-file data segment are the same.
7. The data security management method based on distributed copy storage according to claim 6, wherein: the step S2 of storing the respective file copies to the respective data storage nodes further includes:
when each file copy is stored in each data storage node, respectively adding an effective identifier to each file copy, and setting an identifier effective duration for the effective identifier on each file copy, wherein the effective durations of the effective identifiers of the file copies of the same sub-file data segment are different;
when the remaining effective duration of the effective identifier of the file copy in a certain data storage node is less than or equal to the effective duration threshold, the file copy is stored in other data storage nodes, and the effective identifier effective duration of the file copy is reset.
8. The data security management method based on distributed copy storage according to claim 7, wherein: the step S2 of storing the new file copy to the other data storage node includes:
and acquiring the sum of the number of all the file copies stored by each data storage node, sequencing the data storage nodes according to the sequence of the sum of the number of all the file copies from small to small, and storing the file copies to the data storage node with the first sequence.
CN202010637348.7A 2020-07-03 2020-07-03 Data security management system and method based on distributed copy storage Active CN111835742B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010637348.7A CN111835742B (en) 2020-07-03 2020-07-03 Data security management system and method based on distributed copy storage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010637348.7A CN111835742B (en) 2020-07-03 2020-07-03 Data security management system and method based on distributed copy storage

Publications (2)

Publication Number Publication Date
CN111835742A true CN111835742A (en) 2020-10-27
CN111835742B CN111835742B (en) 2022-07-19

Family

ID=72901104

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010637348.7A Active CN111835742B (en) 2020-07-03 2020-07-03 Data security management system and method based on distributed copy storage

Country Status (1)

Country Link
CN (1) CN111835742B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113806697A (en) * 2021-09-22 2021-12-17 北京明朝万达科技股份有限公司 Watermark adding method and system under proxy mode
CN115834257A (en) * 2023-02-20 2023-03-21 国网冀北电力有限公司 Cloud electric power data safety protection method and protection system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160078245A1 (en) * 2014-09-17 2016-03-17 Commvault Systems, Inc. Data storage systems and methods
CN106033434A (en) * 2015-03-12 2016-10-19 中国人民解放军国防科学技术大学 Virtual asset data replica processing method based on data size and popularity
CN108776758A (en) * 2018-04-13 2018-11-09 西安电子科技大学 The block level data De-weight method of dynamic ownership management is supported in a kind of storage of mist
CN108920099A (en) * 2018-06-22 2018-11-30 中国人民解放军战略支援部队信息工程大学 Data dynamic storage system and method based on a variety of sliced fashions
CN110062034A (en) * 2019-04-01 2019-07-26 中科天御(苏州)科技有限公司 A kind of big file safety storage method of block chain and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160078245A1 (en) * 2014-09-17 2016-03-17 Commvault Systems, Inc. Data storage systems and methods
CN106033434A (en) * 2015-03-12 2016-10-19 中国人民解放军国防科学技术大学 Virtual asset data replica processing method based on data size and popularity
CN108776758A (en) * 2018-04-13 2018-11-09 西安电子科技大学 The block level data De-weight method of dynamic ownership management is supported in a kind of storage of mist
CN108920099A (en) * 2018-06-22 2018-11-30 中国人民解放军战略支援部队信息工程大学 Data dynamic storage system and method based on a variety of sliced fashions
CN110062034A (en) * 2019-04-01 2019-07-26 中科天御(苏州)科技有限公司 A kind of big file safety storage method of block chain and system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113806697A (en) * 2021-09-22 2021-12-17 北京明朝万达科技股份有限公司 Watermark adding method and system under proxy mode
CN113806697B (en) * 2021-09-22 2023-09-01 北京明朝万达科技股份有限公司 Watermark adding method and system in proxy mode
CN115834257A (en) * 2023-02-20 2023-03-21 国网冀北电力有限公司 Cloud electric power data safety protection method and protection system

Also Published As

Publication number Publication date
CN111835742B (en) 2022-07-19

Similar Documents

Publication Publication Date Title
US8892866B2 (en) Secure cloud storage and synchronization systems and methods
US7634659B2 (en) Roaming hardware paired encryption key generation
CN104363215B (en) A kind of encryption method and system based on attribute
CN110881063B (en) Storage method, device, equipment and medium of private data
US9256499B2 (en) Method and apparatus of securely processing data for file backup, de-duplication, and restoration
CN111835742B (en) Data security management system and method based on distributed copy storage
CN112738051B (en) Data information encryption method, system and computer readable storage medium
CN103095452A (en) Random encryption method needing to adopt exhaustion method for deciphering
CN112804133B (en) Encryption group chat method and system based on blockchain technology
CN104219232B (en) Method for controlling file security of block distributed file system
CN107094075B (en) Data block dynamic operation method based on convergence encryption
CN110704858A (en) Data security storage method and system under distributed environment
CN109241754A (en) A kind of cloud file data de-duplication method based on block chain
Mo et al. Two-party fine-grained assured deletion of outsourced data in cloud systems
CN106611136A (en) Data tampering verification method in cloud storage
CN113347143A (en) Identity authentication method, device, equipment and storage medium
CN112382376A (en) Medical instrument management tracing system based on block chain
CN112818404B (en) Data access permission updating method, device, equipment and readable storage medium
CN108259606B (en) Cloud computing public cloud file storage and retrieval method
CN111711671B (en) Cloud storage method for updating efficient ciphertext file based on blind storage
CN110704856B (en) Secret sharing method based on operation and maintenance auditing system
CN115865461B (en) Method and system for distributing data in high-performance computing cluster
CN116389137A (en) Data encryption method and system based on network information security
CN108809889B (en) Data deterministic deletion method based on data block random position negation
CN115935299A (en) Authorization control method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant