CN111917720A - File fragmentization encryption storage method, file fragmentization encryption acquisition method and file fragmentization encryption storage system based on block chain - Google Patents

File fragmentization encryption storage method, file fragmentization encryption acquisition method and file fragmentization encryption storage system based on block chain Download PDF

Info

Publication number
CN111917720A
CN111917720A CN202010596823.0A CN202010596823A CN111917720A CN 111917720 A CN111917720 A CN 111917720A CN 202010596823 A CN202010596823 A CN 202010596823A CN 111917720 A CN111917720 A CN 111917720A
Authority
CN
China
Prior art keywords
file
module
encryption
fragments
transaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010596823.0A
Other languages
Chinese (zh)
Inventor
尚德重
焦臻桢
丁慧
田锐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute Of Digital Economy Industry Institute Of Computing Technology Chinese Academy Of Sciences
Zhongke Wuyuan Technology Hangzhou Co ltd
Original Assignee
Institute Of Digital Economy Industry Institute Of Computing Technology Chinese Academy Of Sciences
Zhongke Wuyuan Technology Hangzhou Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute Of Digital Economy Industry Institute Of Computing Technology Chinese Academy Of Sciences, Zhongke Wuyuan Technology Hangzhou Co ltd filed Critical Institute Of Digital Economy Industry Institute Of Computing Technology Chinese Academy Of Sciences
Priority to CN202010596823.0A priority Critical patent/CN111917720A/en
Publication of CN111917720A publication Critical patent/CN111917720A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention relates to a block chain-based file fragmentation encryption storage method, a block chain-based file fragmentation encryption acquisition method and a block chain-based file fragmentation encryption storage system. The invention aims to provide a block chain-based file fragmentation encryption storage method, an acquisition method and a system, so as to avoid the risk that data is acquired by a storage host and protect the data privacy of all parties of the data. The technical scheme of the invention is as follows: a file fragmentation encryption storage method based on a block chain is characterized in that: dividing the encrypted file into file fragments; calculating the abstract signature of the file fragment according to the content of the file fragment; recording the abstract signature of the file fragment into the load of the block chain transaction to generate the transaction, and sending the transaction to the block chain module; and sending the file fragments to a distributed storage module, and storing the file fragments by the distributed storage module. The invention is suitable for the technical field of block chains.

Description

File fragmentization encryption storage method, file fragmentization encryption acquisition method and file fragmentization encryption storage system based on block chain
Technical Field
The invention relates to a block chain-based file fragmentation encryption storage method, a block chain-based file fragmentation encryption acquisition method and a block chain-based file fragmentation encryption storage system. The method is suitable for the technical field of block chains.
Background
The storage technology of the database has wide application in various fields of computers, and the existing database technology usually stores data on a server owned by a certain party, and the method has the following defects: 1. the owner of the server has the tampering right and the deletion right of all data, and can randomly delete the data at any time. When data needs to be used between multiple parties, it is difficult to ensure that the data is authentic. 2. Since data is stored on a server of a certain party, the data may be lost due to unexpected causes such as damage to the server. 3. Since the data is stored on a server of a certain party, the server owner actually owns the data, and the privacy of the actual owner of the data is at risk of being violated. For cloud computing, this is a significant risk.
In order to overcome the above problems, the prior art uses a block chain to store data, but the following problems exist: 1. the block chain cannot store large data and multimedia data due to the chain structure of the block chain, otherwise the block size of the block chain is difficult to control, and the whole chain expandability of the block chain is poor; 2. still because of the chain structure of the block chain, the data access efficiency of the block chain is poor, and because of the existence of the packing process, the block chain data storage cannot be used for high-speed writing and fast reading.
Therefore, in order to solve this problem, in practice, due to the excessive amount of data, the data is usually stored in a line, and only the verification HASH value of the data is stored in the blockchain, however, the blockchain cannot guarantee that the data itself cannot be tampered and deleted, and the data still has the risk of being tampered and lost. As a policy, there is also a method of replacing a database with a distributed storage system, such as IPFS, and the like, first storing data in the distributed storage system, and managing the data by the distributed storage system, so that the data is stored in hardware storage entities of multiple parties, however, this raises a data privacy problem. The existing method generally adopts a means of encrypting data to ensure the privacy of the data, however, the method still enables the data to be obtained by other storage hosting parties, and the hosting parties can obtain the data through a brute force cracking method.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: aiming at the existing problems, a file fragmentation encryption storage method, an acquisition method and a system based on a block chain are provided, so that the risk that data is acquired by a storage host is avoided, and the data privacy of all parties of the data is protected.
The technical scheme adopted by the invention is as follows: a file fragmentation encryption storage method based on a block chain is characterized in that:
dividing the encrypted file into file fragments;
calculating the abstract signature of the file fragment according to the content of the file fragment;
recording the abstract signature of the file fragment into the load of the block chain transaction to generate the transaction, and sending the transaction to the block chain module;
and sending the file fragments to a distributed storage module, and storing the file fragments by the distributed storage module.
The file encryption comprises the following steps:
acquiring user authentication information and a file which is uploaded by a user and needs to be encrypted and stored;
after the authentication is passed, encrypting the file according to the encryption key;
the encryption key is a default key which is designated by the user or distributed by the system for each user and is determined based on the user authentication information.
The file segmentation comprises:
and selecting a proper fragment division number and a proper fragment division method according to the encryption level to divide the encrypted file into file fragments.
The file fragments are stored in the distributed storage module in a multi-copy mode.
The distributed storage module is composed of a distributed file storage system or a distributed database.
A method for acquiring a storage file by adopting a storage method is characterized by comprising the following steps:
acquiring a file acquisition request of a user, wherein the file acquisition request comprises user authentication information and a file name;
after the authentication is passed, acquiring file storage position information according to the file name;
acquiring file fragments from the distributed storage module according to the file name and the file storage position information, and acquiring transactions corresponding to the file fragments from the block chain module;
acquiring the digest signature of the file fragment, comparing the digest signature with the digest signature of the file fragment in the block chain transaction, and confirming the integrity of the file fragment;
after the file fragments are confirmed to be complete, combining the file fragments into a complete encrypted file;
and decrypting the encrypted file and then sending the decrypted file to the user.
The encrypted file is decrypted based on a decryption key provided by the user or a default key assigned by the system to each user determined based on user authentication information.
A file fragmentation encrypted storage system based on a blockchain, comprising:
the file directory service module is used for providing a writing and reading interface of an encrypted file, user identity verification and authentication, recording related information of the file and providing file index service for a user;
the file encryption module is used for encrypting the file;
the file segmentation module is used for segmenting the encrypted file into file fragments;
the transaction generation module is used for converting each file fragment into one transaction on the block chain and storing the file fragment into the distributed storage module;
the block chain module is used for storing the transaction corresponding to each file fragment;
the distributed storage module is used for storing each file fragment;
the transaction verification module is used for acquiring the file fragments from the distributed storage module and verifying the file fragments through transaction data related to the file fragments on the block chain;
the file merging module is used for merging the file fragments into a complete encrypted file;
and the file decryption module is used for decrypting the encrypted file.
Acquiring an uploaded file needing to be encrypted and stored through a file directory service module, and specifying an encryption key, an encryption method and an encryption level by a user;
the file directory service module performs authentication operation on the user and records the file name, the encryption method, the encryption level and the file storage position information corresponding to the file uploaded by the user;
the file directory service module sends the file, the encryption method, the encryption level and the encryption key to the file encryption module;
the file encryption module selects a proper encryption method to encrypt the received file according to the received encryption method and encryption key to obtain an encrypted file;
the file encryption module sends the encrypted file and the encryption level to the file segmentation module;
the file segmentation module selects a proper fragment segmentation quantity and a proper fragment segmentation method according to the encryption level, and segments the encrypted file into file fragments;
the file segmentation module sends the file fragments to the transaction generation module;
the transaction generation module calculates the abstract signature of the file fragment according to the content of the file fragment, records the abstract signature of the file fragment into the load of the blockchain transaction, and sends the transaction to the blockchain module after generating the transaction, and the blockchain module writes the received transaction into a corresponding blockchain system according to a preset rule;
the transaction generation module sends the file fragments to the distributed storage module, and the distributed storage module stores the received file fragments according to a preset rule.
The file directory service module acquires a file acquisition request sent by a user, wherein the file acquisition request comprises a file name, user authentication information and a decryption key;
the file directory service module performs user authentication according to the user authentication information;
after the authentication is passed, the file directory service module acquires file storage position information according to the file name and transmits a file acquisition request containing the file name, the file storage position information and a decryption key to the transaction verification module;
after receiving the request, the transaction verification module acquires file fragments from the distributed storage module according to the file name and the file storage position information, and acquires transactions corresponding to the fragments from the block chain module;
the transaction verification module acquires the digest signature of the file fragment, compares the digest signature with the digest signature of the file fragment in the block chain transaction and confirms the integrity of the file fragment;
after the completeness of the file fragments is confirmed, the transaction verification module returns all file fragments related to the file merging module;
the file merging module merges the file fragments into a complete encrypted file according to the cutting rule recorded by the file directory service module and returns the encrypted file to the file decryption module;
and the file decryption module completes decryption according to the decryption method and the decryption key to obtain the decrypted original file.
And the file directory service module sends the decrypted original file to the user.
The invention has the beneficial effects that: the encrypted file is divided into file fragments, actual data of the file fragments are stored in the distributed storage modules, and transactions which correspond to the file fragments and are used for verifying the integrity of the file are stored in the block chain system, so that any storage management side cannot acquire the data and the whole copy of the file, the risk that the data is acquired by the storage management side is fundamentally avoided, and the data privacy of all data sides is protected.
Drawings
FIG. 1 is a schematic diagram of a file fragmentation encryption storage system based on a block chain in an embodiment.
Detailed Description
The embodiment is a block chain-based file fragmentation encryption storage method, which specifically comprises the following steps:
acquiring user authentication information, files which are uploaded by a user and need to be encrypted and stored, and an encryption key, an encryption method and an encryption level which are specified by the user;
after the authentication is passed, recording the file name, the encryption method, the encryption level and the file storage position information corresponding to the file;
encrypting the file according to the encryption method and the encryption key to obtain an encrypted file;
according to the encryption level, selecting a proper fragment division number and a proper fragment division method, and dividing the encrypted file into file fragments;
calculating the abstract signature of the file fragment according to the content of the file fragment;
the abstract signature of the file fragment is recorded into the load of the block chain transaction, and after the transaction is generated, the transaction is sent to a block chain module;
the block chain module writes the received transaction into a corresponding block chain system according to a preset rule;
sending the file fragments to a distributed storage module;
the distributed storage module stores the received file fragments according to a preset rule.
The embodiment also provides a file acquisition method for acquiring the file stored by the storage method of the embodiment, which includes the following specific steps:
acquiring a file acquisition request of a user, wherein the file acquisition request comprises user authentication information, a file name and a decryption key;
after the authentication is passed, acquiring a decryption method and file storage position information according to the file name;
acquiring file fragments from the distributed storage module according to the file name and the file storage position information, and acquiring transactions corresponding to the file fragments from the block chain module;
calculating and acquiring the abstract signature of the file fragment acquired from the distributed storage module, comparing the abstract signature with the file fragment abstract signature in block chain transaction, and confirming the integrity of the file fragment;
after the file fragments are confirmed to be complete, combining the file fragments into a complete encrypted file according to a segmentation rule during file segmentation;
according to the decryption method and the decryption key, the decryption of the encrypted file is completed;
and sending the decrypted file to a user.
When the user stores and acquires the file, if the encryption and decryption keys are not specified, the system uses the default key which corresponds to each user and is distributed by the system to carry out encryption and decryption operation. The default secret key of each user adopts a symmetric encryption algorithm, and the user authentication information of each user is used as a secret key for encryption. If the authentication information of the user does not exist or is wrong, the default key of the user cannot be obtained, and the encryption and decryption operation of the file cannot be performed.
As shown in fig. 1, this embodiment further provides a block chain-based file fragmentation encryption storage system, which includes a file directory service module, a file encryption module, a file splitting module, a transaction generation module, a block chain module, a distributed storage module, a transaction verification module, a file merging module, and a file decryption module.
In this embodiment, the file directory service module is configured to provide a writing and reading interface for a file for a user, where the user interface may be in a variety of different forms, including but not limited to interface service forms based on a pipe, Socket, and the like; for user authentication and authorization; management of user default encryption and decryption keys; for management of user directory space; recording related information (including file name, file size, encryption mode and fragment number) for user files, and providing file index service.
In this example, the file encryption module is used for encrypting the file content. The file encryption module can simultaneously select a plurality of different encryption methods, including but not limited to encryption algorithms such as DES, 3DES, AES, RC2, RC4, RC5, Blowfish, SM1, SM2, SM4, SM7, SM9, ZUC, RSA, and the like, and can also encrypt a plurality of times by using a plurality of different encryption algorithms.
The file segmentation module in this embodiment is configured to segment the encrypted file. The file segmentation module can segment the encrypted file into different numbers of file fragments according to the encryption level designated by the user, each file fragment only contains part of the encrypted file content, and all the fragments are combined together to completely restore the original encrypted file.
The transaction generation module is used for converting each file fragment into a transaction on the blockchain and storing the file fragments into the distributed storage module. After the file segmentation module sends the fragments of the encrypted file to the transaction generation module, the transaction generation module signs each file fragment according to the conversion rule, converts the file fragment into a transaction on a block chain, and sends the transaction to the block chain module; meanwhile, the transaction generation module sends the signed file fragments to the distributed storage module for storage.
In this embodiment, the block chain module is used to permanently store the transaction corresponding to each file fragment. The blockchain module can be composed of a public chain system or a alliance chain system, and when a transaction is received, the blockchain module can be matched with a corresponding blockchain system rule, the transaction information is written into the blockchain system for permanent storage, and the data is prevented from being tampered privately.
The distributed storage module is used for permanently and fixedly storing the actual data of each file fragment. The distributed module can be composed of a distributed file storage system or a distributed database, and when a file fragment is received, the distributed storage module stores the file fragment according to a storage mode specified by the file directory service module. The file fragments are stored in the distributed storage module in a multi-copy mode, and the risk of data loss is reduced.
In this embodiment, the transaction verification module is configured to obtain fragments of the encrypted file from the distributed storage, and verify the file fragments by using transaction data related to the fragments in the blockchain.
The file merging module in the embodiment is used for merging the fragments of the encrypted file. After receiving the file fragments sent by the transaction verification module, the file merging module can merge the files according to the file splitting rules recorded in the file directory service module, so as to obtain a complete encrypted file.
In this example, the file decryption module is used to decrypt the encrypted file content. And after receiving the encrypted file sent by the file merging module, the file decryption module decrypts the encrypted file according to the file encryption/decryption rule recorded in the file directory service module and the decryption key provided by the user. And after decryption is finished, returning the original file to the user through the file directory service module.
The file storage method of the file fragmentation encryption storage system based on the block chain in the embodiment includes:
the file directory service module acquires files which are uploaded by a user and need to be encrypted and stored, and an encryption key, an encryption method and an encryption level which are specified by the user.
The file directory service module performs authentication operation on the user and records the file name, the encryption method, the encryption level and the file storage position information corresponding to the file uploaded by the user.
The file directory service module sends the file, the encryption method, the encryption level and the encryption key to the file encryption module. If the user does not specify an encryption key, a default encryption key is used.
And the file encryption module selects a proper encryption method to encrypt the received file according to the received encryption method and encryption key to obtain the encrypted file.
The file encryption module sends the encrypted file and the encryption level to the file segmentation module.
And the file segmentation module selects a proper fragment segmentation quantity and a segmentation method according to the encryption level, and segments the encrypted file into file fragments. And sending the file division rule to a file directory service module, and recording by the file directory service module.
The file splitting module sends the file fragments to the transaction generation module.
And the transaction generation module calculates the digest signature of the file fragment according to the content of the file fragment, records the digest signature of the file fragment into the load of the blockchain transaction, and sends the transaction to the blockchain module after the transaction is generated.
The transaction generation module sends the file fragments to the distributed storage module.
The blockchain module writes the received transaction into the corresponding blockchain system according to a predetermined rule.
The distributed storage module stores the received file fragments according to a preset rule.
The file acquisition method of the file fragmentation encryption storage system based on the block chain in the embodiment includes:
the file directory service module acquires a file acquisition request sent by a user, wherein the file acquisition request comprises a file name, user authentication information and a decryption key.
And the file directory service module performs user authentication according to the user authentication information in the request.
After the authentication is passed, the file directory service module acquires related information such as a file storage position, a cutting rule and the like according to the file name; and if the request does not comprise the decryption key, decrypting the stored user default key by using the authentication information to obtain the default key.
The file directory service module transmits a file acquisition request containing information such as a file name, a file storage position, a decryption key and the like to the transaction verification module.
After receiving the request, the transaction verification module acquires file fragments from the distributed storage module according to information such as file names, file storage positions and the like, and acquires transactions corresponding to the fragments from the block chain module.
And the transaction verification module calculates the file fragment abstract signature acquired from the distributed storage module, compares the file fragment abstract signature with the file fragment abstract signature in the block chain transaction and confirms the integrity of the file fragments.
And after the file fragments are confirmed to be complete, the transaction verification module returns all the fragments related to the files to the file merging module.
The file merging module merges the file fragments into a complete encrypted file according to the cutting rule recorded by the file directory service module, and returns the encrypted file to the file decryption module.
And the file decryption module completes decryption according to the decryption method and the decryption key to obtain the decrypted original file.
And the file directory service module sends the decrypted original file to the user.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (10)

1. A file fragmentation encryption storage method based on a block chain is characterized in that:
dividing the encrypted file into file fragments;
calculating the abstract signature of the file fragment according to the content of the file fragment;
recording the abstract signature of the file fragment into the load of the block chain transaction to generate the transaction, and sending the transaction to the block chain module;
and sending the file fragments to a distributed storage module, and storing the file fragments by the distributed storage module.
2. The method according to claim 1, wherein the file encryption comprises:
acquiring user authentication information and a file which is uploaded by a user and needs to be encrypted and stored;
after the authentication is passed, encrypting the file according to the encryption key;
the encryption key is a default key which is designated by the user or distributed by the system for each user and is determined based on the user authentication information.
3. The method according to claim 1, wherein the file splitting comprises:
and selecting a proper fragment division number and a proper fragment division method according to the encryption level, and dividing the encrypted file into file fragments.
4. The method for fragmenting, encrypting and storing files based on a blockchain according to claim 1, wherein: the file fragments are stored in the distributed storage module in a multi-copy mode.
5. The method for fragmenting, encrypting and storing files based on a blockchain according to claim 4, wherein: the distributed storage module is composed of a distributed file storage system or a distributed database.
6. An acquisition method for storing a file by using the storage method of any one of claims 1 to 5, characterized in that:
acquiring a file acquisition request of a user, wherein the file acquisition request comprises user authentication information and a file name;
after the authentication is passed, acquiring file storage position information according to the file name;
acquiring file fragments from the distributed storage module according to the file name and the file storage position information, and acquiring transactions corresponding to the file fragments from the block chain module;
acquiring the digest signature of the file fragment, comparing the digest signature with the digest signature of the file fragment in the block chain transaction, and confirming the integrity of the file fragment;
after the file fragments are confirmed to be complete, combining the file fragments into a complete encrypted file;
and decrypting the encrypted file and then sending the decrypted file to the user.
7. The acquisition method according to claim 6, wherein the encrypted file is decrypted based on a decryption key provided by the user or a default key determined based on user authentication information assigned to each user by the system.
8. A file fragmentation encrypted storage system based on a blockchain, comprising:
the file directory service module is used for providing a writing and reading interface of an encrypted file, user identity verification and authentication, recording related information of the file and providing file index service for a user;
the file encryption module is used for encrypting the file;
the file segmentation module is used for segmenting the encrypted file into file fragments;
the transaction generation module is used for converting each file fragment into one transaction on the block chain and storing the file fragment into the distributed storage module;
the block chain module is used for storing the transaction corresponding to each file fragment;
the distributed storage module is used for storing each file fragment;
the transaction verification module is used for acquiring the file fragments from the distributed storage module and verifying the file fragments through transaction data related to the file fragments on the block chain;
the file merging module is used for merging the file fragments into a complete encrypted file;
and the file decryption module is used for decrypting the encrypted file.
9. The blockchain-based file fragmentation encryption storage system of claim 8, wherein:
acquiring an uploaded file needing to be encrypted and stored through a file directory service module, and specifying an encryption key, an encryption method and an encryption level by a user;
the file directory service module performs authentication operation on the user and records a file name, an encryption method, an encryption level and a file storage position corresponding to a file uploaded by the user;
the file directory service module sends the file, the encryption method, the encryption level and the encryption key to the file encryption module;
the file encryption module selects a proper encryption method to encrypt the received file according to the received encryption method and encryption key to obtain an encrypted file;
the file encryption module sends the encrypted file and the encryption level to the file segmentation module;
the file segmentation module selects a proper fragment segmentation quantity and a proper fragment segmentation method according to the encryption level, and segments the encrypted file into file fragments;
the file segmentation module sends the file fragments to the transaction generation module;
the transaction generation module calculates the abstract signature of the file fragment according to the content of the file fragment, records the abstract signature of the file fragment into the load of the blockchain transaction, and sends the transaction to the blockchain module after the transaction is generated, and the blockchain module writes the received transaction into a corresponding blockchain system according to a preset rule;
the transaction generation module sends the file fragments to the distributed storage module, and the distributed storage module stores the received file fragments according to a preset rule.
10. The blockchain-based file fragmentation encryption storage system according to claim 8 or 9, wherein:
the file directory service module acquires a file acquisition request sent by a user, wherein the file acquisition request comprises a file name, user authentication information and a decryption key;
the file directory service module performs user authentication according to the user authentication information;
after the authentication is passed, the file directory service module acquires file storage position information according to the file name and transmits a file acquisition request containing the file name, the file storage position and the decryption key to the transaction verification module;
after receiving the request, the transaction verification module acquires file fragments from the distributed storage module according to the file name and the file storage position, and acquires transactions corresponding to the fragments from the block chain module;
the transaction verification module acquires the digest signature of the file fragment, compares the digest signature with the digest signature of the file fragment in the block chain transaction and confirms the integrity of the file fragment;
after the completeness of the file fragments is confirmed, the transaction verification module returns all file fragments related to the file merging module;
the file merging module merges the file fragments into a complete encrypted file according to the cutting rule recorded by the file directory service module and returns the encrypted file to the file decryption module;
and the file decryption module completes decryption according to the decryption method and the decryption key to obtain the decrypted original file.
And the file directory service module sends the decrypted original file to the user.
CN202010596823.0A 2020-06-28 2020-06-28 File fragmentization encryption storage method, file fragmentization encryption acquisition method and file fragmentization encryption storage system based on block chain Pending CN111917720A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010596823.0A CN111917720A (en) 2020-06-28 2020-06-28 File fragmentization encryption storage method, file fragmentization encryption acquisition method and file fragmentization encryption storage system based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010596823.0A CN111917720A (en) 2020-06-28 2020-06-28 File fragmentization encryption storage method, file fragmentization encryption acquisition method and file fragmentization encryption storage system based on block chain

Publications (1)

Publication Number Publication Date
CN111917720A true CN111917720A (en) 2020-11-10

Family

ID=73227894

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010596823.0A Pending CN111917720A (en) 2020-06-28 2020-06-28 File fragmentization encryption storage method, file fragmentization encryption acquisition method and file fragmentization encryption storage system based on block chain

Country Status (1)

Country Link
CN (1) CN111917720A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113032357A (en) * 2021-04-29 2021-06-25 中国工商银行股份有限公司 File storage method and device and server
CN113204786A (en) * 2021-05-06 2021-08-03 北京连山科技股份有限公司 Data protection method and system for going to center
CN113468862A (en) * 2021-07-08 2021-10-01 微易签(杭州)科技有限公司 Method and device for creating layout file by block chain, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103455764A (en) * 2013-08-27 2013-12-18 无锡华御信息技术有限公司 File segmentation and merging technology-based file encryption and decryption systems
CN106055993A (en) * 2016-08-13 2016-10-26 深圳市樊溪电子有限公司 Encryption storage system for block chains and method for applying encryption storage system
CN107070649A (en) * 2017-03-02 2017-08-18 桂林电子科技大学 A kind of big file selective cryptographic method for reducing write-in
CN109508552A (en) * 2018-11-09 2019-03-22 江苏大学 The method for secret protection of distributed cloud storage system
CN109768987A (en) * 2019-02-26 2019-05-17 重庆邮电大学 A kind of storage of data file security privacy and sharing method based on block chain
CN110138754A (en) * 2019-04-26 2019-08-16 珍岛信息技术(上海)股份有限公司 A kind of cloudy client information processing system and its resource share method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103455764A (en) * 2013-08-27 2013-12-18 无锡华御信息技术有限公司 File segmentation and merging technology-based file encryption and decryption systems
CN106055993A (en) * 2016-08-13 2016-10-26 深圳市樊溪电子有限公司 Encryption storage system for block chains and method for applying encryption storage system
CN107070649A (en) * 2017-03-02 2017-08-18 桂林电子科技大学 A kind of big file selective cryptographic method for reducing write-in
CN109508552A (en) * 2018-11-09 2019-03-22 江苏大学 The method for secret protection of distributed cloud storage system
CN109768987A (en) * 2019-02-26 2019-05-17 重庆邮电大学 A kind of storage of data file security privacy and sharing method based on block chain
CN110138754A (en) * 2019-04-26 2019-08-16 珍岛信息技术(上海)股份有限公司 A kind of cloudy client information processing system and its resource share method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113032357A (en) * 2021-04-29 2021-06-25 中国工商银行股份有限公司 File storage method and device and server
CN113204786A (en) * 2021-05-06 2021-08-03 北京连山科技股份有限公司 Data protection method and system for going to center
CN113468862A (en) * 2021-07-08 2021-10-01 微易签(杭州)科技有限公司 Method and device for creating layout file by block chain, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US10769252B2 (en) Method and apparatus for watermarking of digital content, method for extracting information
US8238554B2 (en) Method for transmission/reception of contents usage right information in encrypted form, and device thereof
JP5786670B2 (en) Information processing apparatus, information storage apparatus, information processing system, information processing method, and program
KR101656434B1 (en) Secure data cache
EP3361408A1 (en) Verifiable version control on authenticated and/or encrypted electronic documents
CN111917720A (en) File fragmentization encryption storage method, file fragmentization encryption acquisition method and file fragmentization encryption storage system based on block chain
CN110190962B (en) Anti-leakage file security sharing method
US20100005318A1 (en) Process for securing data in a storage unit
CN102833346A (en) Storage metadata based security protection system and method for cloud sensitive data
CN104809407A (en) Method and system for encrypting, decrypting and verifying cloud storage front end data
US8363835B2 (en) Method for transmission/reception of contents usage right information in encrypted form, and device thereof
JP6242036B2 (en) Information processing apparatus, information storage apparatus, information processing system, information processing method, and program
JP2014507841A (en) Apparatus and method for online storage, transmitting apparatus and method, and receiving apparatus and method
CN113541935A (en) Encryption cloud storage method, system, equipment and terminal supporting key escrow
EP4020265A1 (en) Method and device for storing encrypted data
CN115567312B (en) Alliance chain data authority management system and method capable of meeting various scenes
CN110990877A (en) Medical image file segmentation encryption and decryption system and method based on greenplus
CN117061126A (en) System and method for managing encryption and decryption of cloud disk files
CN103973698A (en) User access right revoking method in cloud storage environment
JP5821558B2 (en) Information processing apparatus, information storage apparatus, information processing system, information processing method, and program
CN112231779B (en) Cross-platform data security protection method compatible with BitLocker encrypted disk
CN113553607A (en) Bidding file secrecy method based on multiple asymmetric encryption algorithm
CN111865891B (en) Data transmission method, user terminal, electronic equipment and readable storage medium
CN103379133A (en) Safe and reliable cloud storage system
CN112528309A (en) Data storage encryption and decryption method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 12 / F, building 4, 108 Xiangyuan Road, Gongshu District, Hangzhou City, Zhejiang Province 310015

Applicant after: Institute of digital economy industry, Institute of computing technology, Chinese Academy of Sciences

Applicant after: Zhongke Wuyuan Technology (Hangzhou) Co.,Ltd.

Address before: Room 319, building 5, 17-1 Chuxin Road, Gongshu District, Hangzhou City, Zhejiang Province, 310015

Applicant before: Zhongke Wuyuan Technology (Hangzhou) Co.,Ltd.

Applicant before: Institute of digital economy industry, Institute of computing technology, Chinese Academy of Sciences

CB02 Change of applicant information
RJ01 Rejection of invention patent application after publication

Application publication date: 20201110

RJ01 Rejection of invention patent application after publication