CN113037864A - Data storage system and data storage method - Google Patents
Data storage system and data storage method Download PDFInfo
- Publication number
- CN113037864A CN113037864A CN202110372276.2A CN202110372276A CN113037864A CN 113037864 A CN113037864 A CN 113037864A CN 202110372276 A CN202110372276 A CN 202110372276A CN 113037864 A CN113037864 A CN 113037864A
- Authority
- CN
- China
- Prior art keywords
- user
- data
- quota
- public key
- stored
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Abstract
The invention discloses a data storage system.A user side is used for generating a label according to a user public key of the user side, a unique marker of data to be stored and a quota corresponding to the user side; sending the tag to a block chain for storage, and sending a user public key and data to be stored to a cloud for storage; when the quota is changed, receiving the updated quota through the KGC; and updating the user private key of the user side according to the updated quota. The metadata information of the data to be stored is sent to the decentralized block chain for storage, so that the problem of single-point failure can be avoided; and when the user quota changes, only the user private key is changed, the data storage and verification process is not influenced, and the user quota is allowed to be dynamically adjusted. The invention also provides a data storage method, which also has the beneficial effects.
Description
Technical Field
The present invention relates to the field of data storage technologies, and in particular, to a data storage system and a data storage method.
Background
When the user shares own data, the data needs to be uploaded to the cloud, and then other systems or users can access the data. In order to ensure the integrity of data stored in the cloud, related researchers provide a pdp (flexible data access) technology, and a user can check the integrity of the cloud data without downloading the cloud data, so that a large amount of bandwidth and computing resources can be saved. Limited by the cloud storage capacity, the system can set the number of files allowed to be uploaded by the user, namely the user quota. The user quota is bound with the user private key, and if the quota is modified, the user private key is required to be changed, so that the system security can be improved. The conventional quota scheme generally needs to be implemented by relying on a centralized node, and this introduces a single point of failure problem, so how to implement a decentralized user quota function in a PDP scheme and allow a user to dynamically adjust a user quota is a problem that needs to be solved urgently by a person skilled in the art.
Disclosure of Invention
The invention aims to provide a data storage system which can facilitate the change of user quota while realizing decentralization; another object of the present invention is to provide a data storage method, which can facilitate user quota change while decentralizing.
In order to solve the above technical problems, the present invention provides a data storage system, which includes a user side, a block chain, a cloud side, and a KGC;
the user side is used for:
generating a label according to the user public key of the user side, the unique marker of the data to be stored and the quota corresponding to the user side;
sending the tag to the block chain for storage, and sending the user public key and the data to be stored to the cloud for storage;
when the quota is changed, receiving the updated quota through the KGC;
and updating the user private key of the user side according to the updated quota.
Optionally, the blockchain is configured to:
calling an intelligent contract to detect whether the label meets a first requirement; the first requirement comprises that the user public key is stored in a registered user list which is established in advance by the block chain, and the number of files corresponding to the user public key is less than the quota;
when the smart contract detects that the tag meets the first requirement; storing the tag in the blockchain.
Optionally, the cloud is configured to:
and after the tag corresponding to the data to be stored is stored in the block chain, storing the data to be stored according to the user public key.
Optionally, the user side is specifically configured to:
calling a signature function, and calculating signature information according to the user public key, the unique marker and the quota;
the first requirement further includes:
and the signature information is verified successfully.
Optionally, the KGC is used to:
determining a user public key according to the user identity information and the quota of the user side, and sending the user public key and the quota to the block chain;
the blockchain is to:
and storing the user public key and the corresponding quota to the registered user list.
Optionally, the KGC is further configured to:
sending the user public key to the client;
the client is further configured to:
and generating a user private key according to the user public key.
Optionally, the user side is specifically configured to:
calculating a file identifier set of each data block of the data to be stored according to the user private key;
sending the data to be stored, the user public key and the file identifier set to the cloud end;
the cloud is further configured to:
and checking the correctness of each data block through the file discriminator set.
Optionally, the cloud is specifically configured to:
and when the block chain stores the label corresponding to the data to be stored and each data block is correct, storing the data to be stored according to the user public key.
Optionally, the block chain is further configured to:
and when a user revocation instruction is received, calling the intelligent contract to move the user public key corresponding to the user revocation instruction from the registered user list to the revoked user list.
The invention also provides a data storage method, which is applied to the client and comprises the following steps:
generating a label according to the user public key of the user side, the unique marker of the data to be stored and the quota corresponding to the user side;
sending the tag to a block chain for storage, and sending the user public key and the data to be stored to a cloud for storage;
when the quota is changed, receiving an updated quota sent by the KGC;
and updating the user private key of the user side according to the updated quota.
The invention provides a data storage system, which comprises a user side, a block chain, a cloud side and a KGC; the user side is used for generating a label according to a user public key of the user side, the unique marker of the data to be stored and a quota corresponding to the user side; sending the tag to a block chain for storage, and sending a user public key and data to be stored to a cloud for storage; when the quota is changed, receiving the updated quota through the KGC and sending the updated quota to the user side; and updating the user private key of the user side according to the updated quota.
The metadata information of the data to be stored is sent to the decentralized block chain for storage, so that the problem of single-point failure can be avoided; and when the user quota changes, only the user private key is changed, the user public key is not changed, the data storage and verification process is not influenced, and the user quota is allowed to be dynamically adjusted.
The invention also provides a data storage method, which has the beneficial effects and is not repeated herein.
Drawings
In order to more clearly illustrate the embodiments or technical solutions of the present invention, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without creative efforts.
FIG. 1 is a block diagram of a data storage system according to an embodiment of the present invention;
fig. 2 is a flowchart of a data storage method according to an embodiment of the present invention.
Detailed Description
The core of the invention is to provide a data storage system. In the prior art, the system is limited by the cloud storage capacity, and the number of files allowed to be uploaded by the user, that is, the user quota, is set. The user quota is bound with the user private key, and if the quota is modified, the user private key is required to be changed, so that the system security can be improved. Traditional quota solutions typically need to rely on centralized nodes for implementation, which introduces a single point of failure problem.
The data storage system provided by the invention comprises a user side, a block chain, a cloud side and a KGC; the user side is used for generating a label according to a user public key of the user side, the unique marker of the data to be stored and a quota corresponding to the user side; sending the tag to a block chain for storage, and sending a user public key and data to be stored to a cloud for storage; when the quota is changed, receiving the updated quota through the KGC; and updating the user private key of the user side according to the updated quota.
The metadata information of the data to be stored is sent to the decentralized block chain for storage, so that the problem of single-point failure can be avoided; and when the user quota changes, only the user private key is changed, the user public key is not changed, the data storage and verification process is not influenced, and the user quota is allowed to be dynamically adjusted.
In order that those skilled in the art will better understand the disclosure, the invention will be described in further detail with reference to the accompanying drawings and specific embodiments. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a block diagram illustrating a data storage system according to an embodiment of the present invention.
Referring to fig. 1, in the embodiment of the present invention, the data storage system includes a user side 1, a blockchain 2, a cloud side 3, and a KGC; the user side 1 is used for: generating a label according to the user public key of the user end 1, the unique marker of the data to be stored and the quota corresponding to the user end 1; sending the tag to the block chain 2 for storage, and sending the user public key and the data to be stored to the cloud 3 for storage; when the quota is changed, receiving the updated quota through the KGC; and updating the user private key of the user end 1 according to the updated quota.
In the embodiment of the present invention, when a user wants to store data, that is, data to be stored, in the cloud 3 through the user 1, a tag corresponding to the user 1 is generated according to a user public key of the user 1, a unique identifier of the data to be stored, and a quota corresponding to the user 1, and the tag carries information of the user public key, the unique identifier, and the quota. The details of the tag will be described in detail in the following embodiments of the invention, and will not be described herein. In the embodiment of the present invention, the user 1 sends the tag to the block chain 2, and sends the complete data to be stored and the user public key to the cloud 3.
The block chain 2 is maintained with an intelligent contract, and details about the intelligent contract may refer to the prior art, which is not described herein again. The chain of blocks 2 may normally check the validity of the tag and only after the tag passes the validity check will the tag be saved.
After receiving the user public key and the data to be stored, the cloud 3 usually checks the correctness of the data to be stored, or after checking the tag by the block chain 2, stores the data to be stored according to the user public key. The specific steps of the cloud 3 storing the data to be stored will be described in detail in the following embodiments of the invention, and will not be described herein again. It should be noted that, when the validity of the data to be stored or the tag is checked, the blockchain 2 and the cloud end 3 only relate to the user public key generally, but not to the user private key of the user end 1, and specific applications of the user private key will be described in detail in the following embodiments of the present invention, which is not described herein again.
In the embodiment of the present invention, when the quota is changed, the KGC or another entity in the data storage system, for example, a management center controlled by an administrator, is usually required to send the updated quota to the blockchain 2 for updating, and send the updated quota to the user end 1 through the KGC; and the user side 1 is used for updating the user private key of the user side 1 according to the updated quota. The kgc (key Generation center) is a key management center, and is responsible for generating the public and private key information of the user in cooperation with the user terminal 1. In the embodiment of the present invention, when the quota is changed, the KGC may send the updated quota to the user end 1, so that the user end 1 updates the user private key according to the updated quota, and the block chain 2 may also receive and store the updated quota, so as to determine whether the number of files stored in the user end 1 exceeds the quota when storing the tag. In general, when the number of files stored in the user side 1 exceeds a quota, the data to be stored, which the user side 1 wants to store at this time, is not stored. The details of updating the private key of the user will be described in detail in the following embodiments of the present invention, and will not be described herein again.
The data storage system provided by the embodiment of the invention comprises a user side 1, a block chain 2, a cloud side 3 and a KGC; the user side 1 is used for generating a label according to a user public key of the user side 1, the unique marker of the data to be stored and a quota corresponding to the user side 1; sending the tag to the block chain 2 for storage, and sending the user public key and the data to be stored to the cloud 3 for storage; when the quota is changed, receiving the updated quota through the KGC and sending the updated quota to the user side 1; and updating the user private key of the user end 1 according to the updated quota.
The metadata information of the data to be stored is sent to the decentralized block chain 2 for storage, so that the problem of single-point failure can be avoided; and when the user quota changes, only the user private key is changed, the user public key is not changed, the data storage and verification process is not influenced, and the user quota is allowed to be dynamically adjusted.
The details of a data storage system provided by the present invention will be described in detail in the following embodiments of the invention.
Different from the above embodiment of the present invention, the embodiment of the present invention further specifically limits the content of the data storage system on the basis of the above embodiment of the present invention, and the rest of the content has been described in detail in the above embodiment of the present invention, and is not described again here.
In the embodiment of the present invention, the data storage system may be divided into five stages, i.e., user registration, data storage, data integrity check, user revocation and user quota update, from establishment to use. In the embodiment of the present invention, the data storage system can be extended as follows: the system comprises a user side, a block chain, a cloud side, a KGC (Key Generation Center) and a TPA (Third-party Auditor), wherein the Key management Center is responsible for generating public and private Key information of the user in cooperation with the user, and the TPA is responsible for checking an entity of cloud side data integrity on behalf of the user. It should be noted that, in the embodiment of the present invention, an algorithm used in the data verification process may specifically be an elliptic curve, that is, the embodiment of the present invention may specifically be a whole scheme of data storage and integrity verification implemented based on an elliptic curve, and has higher confidentiality.
In the user registration stage, the user side negotiates with the KGC to generate a private key and a public key of the user side, that is, a user private key and a user public key. The user private key is only stored by the user side, and other parts cannot know the user private key. In the embodiment of the present invention, the KGC may be specifically configured to determine a user public key according to the user identity information and the quota of the user side, and send the user public key and the quota to the block chain; the corresponding blockchain may be used to store the user public key and the corresponding quota to the registered user list to complete registration. In general, the KGC may also be configured to send the user public key to a client; the corresponding client is specifically configured to generate the user private key according to the user public key.
Specifically, the administrator selects a large prime number q, a generator P corresponding to the addition cycle group G, G, and two hash functions H1() And H2(). The information is public information, and any entity or structure in the data storage system can obtain the information. Then, KGC randomly selects an integer
As a system private key for a data storage system, and then calculates PpubGet system public key P ═ xPpub. As described above
Is a sequence of integers between 1 and q.
In the user registration phase, the user terminal i can randomly select an integer
Calculating to obtain Xi=xiP, then will<IDi,Xi>Sent to the KGC. Wherein the IDiIs the user identity information of the user terminal i. Then KGC randomly selects an integer
Calculating Yi=riP, and ui=ri+xH1(IDi,Xi+Yi,RN)+H2(IDi,xXi,Yi) And the RN is the number of files allowed to be accessed by the client i, namely a quota, and the quota is bound with the corresponding client. Then KGC will convert Yi、uiAnd the RN is sent to the user terminal i through a public channel. Will finally calculate Ki=Xi+Yi,KiI.e. the public key information of the user, i.e. the user public key, will then<Ki,RN>And sending the data to a block chain for storage.
The blockchain typically maintains a smart contract ξ implementing access control functions, which includes two lists ζ storing subscriber informationallowAnd ζdeny,ζallowZeta being a list of registered users for storing information about registered usersdenyIs a revoked user list in which revoked user information is stored. Block chain reception<Ki,RN>Then, the intelligent contract xi is called to detect it, if K isiIs not stored at ζallowWhile not being stored at ζdenyIn, then K isiStore to ζallowAnd finishing the registration of the user terminal.
The subsequent user end needs to generate its own private key, specifically, user end i receives Yi、uiAnd after RN, the method passes a check formula:
uiP=Yi+H1(IDi,Xi+Yi,RN)Ppub+H2(IDi,xiPpub,Yi)P;
and checking, and if the check is not passed, requiring the KGC to resend the corresponding data. If the verification passes, the user end calculates yi=ui-H2(IDi,xiPpub,Yi). At this time, the user private key is determined to be sigmai=xi+yiThe user public key is Ki=Xi+Yi。
In the data storage stage, the processes executed by the client, the cloud and the blockchain are substantially the same as those described in the above embodiments of the present invention. Specifically, in the embodiment of the present invention, the block chain may be configured to invoke an intelligent contract to detect whether the tag meets the first requirement; the first requirement generally includes that the user public key is stored in a registered user list pre-established by the block chain, and the number of files corresponding to the user public key is less than the quota; when the smart contract detects that the tag meets the first requirement; storing the tag in the blockchain. The cloud may be specifically configured to store the data to be stored according to the user public key after the tag corresponding to the data to be stored is stored in the blockchain. Further, the user side can be specifically used for calling a signature function, and calculating signature information according to the user public key, the unique marker and the quota; the first requirement then also needs to include that the signature information check is successful.
Specifically, in the embodiment of the present invention, the user side is specifically configured to calculate a file identifier set of each data block of the data to be stored according to a user private key; specifically, the data to be stored, the user public key and the file identifier set are sent to the cloud end; the cloud may also be used to verify the correctness of each data block through the set of file identifiers. Correspondingly, the cloud end can be specifically used for storing the data to be stored according to the user public key when the tag corresponding to the data to be stored is stored in the block chain and each data block is correct.
Specifically, in the data storage stage, the user side may be set as a, the file F, that is, the data to be stored, is divided into n parts to form n data blocks, and T is calculated for each data blocki=h(name||i||RN)miσaP, to obtain Λ ═ Ti}1≤i≤nWhere Λ is the set of file discriminators. The file identifier set corresponding to the user side is used for calculating each data block of the data to be stored according to the user private key. The user terminal also calculates Za=H1(IDa,Ka,RN)PpubCalculating tag as Ka||name||RN||Za||SSig(Ka||name||RN||Za) Here tag is the label. The client first needs to send tag to the blockchain, and usually after receiving the message of successful storage, the client sends { F, Λ, K } to the blockchainaAnd sending the data to the cloud. The user side is used for sending the data to be stored, the user public key and the file identifier set to the cloud. The SSig is a signature function, which may be customized, for example, RSA signature algorithm, and is not limited in this respect.
The blockchain specifically calls intelligent contract xi to detect the validity of the tag, including SSig (K)a||name||RN||Za) Whether the verification is successful or not is determined,<Ka,RN>whether or not it is stored at ζallowWithout the presence of ζdenyIn, KaIf the number of stored files exceeds the number of stored files of RN, the tag is stored on the block chain usually only after all the checks are passed. Calling the intelligent contract to detect whether the label meets the first requirement; the first requirement comprises that a user public key is stored in a registered user list which is established in advance in the block chain, and the number of files corresponding to the user public key is less than a quota; when the intelligent contract detection label meets the first requirement; the tag is stored in the blockchain. The user side is also used for calling a signature function and calculating signature information according to the user public key, the unique marker and the quota; the first requirement further comprises that the signature information is verified successfully.
Receiving { F, Λ, K at the cloudaAfter information is obtained, whether a tag exists in a block chain is detected, and only if the detection is successful, the subsequent operation is usually executed. The cloud firstly checks the received F and Lambda, and the formula for checking each data block is TiP=h(name||i||RN)mi(Za+Ka) And after each data block passes the verification, the cloud end receives and stores the data. Here, the cloud is used to verify the correctness of each data block through the file discriminator set. And when the block chain stores the label corresponding to the data to be stored and each data block is correct, storing the data to be stored according to the user public key.
At the present stage, after storing data meeting the requirements of the supervision rules in the cloud, a user needs to rely on a mechanism to ensure the integrity of the data. The current relevant researchers provide a PDP (plasma display panel) technology, wherein a user can realize the scheme of auditing the integrity of cloud data without downloading the cloud data, and the user can realize the auditing the integrity of the cloud data without downloading the cloud data. Now most PDP solutions do not implement the aforementioned distributed user data management function, so how to provide a data storage system that can support the data management function and PDP solution is a problem that needs to be solved urgently by those skilled in the art.
In the embodiment of the present invention, in the data integrity checking stage, the cloud may be further configured to: receiving challenge information which is generated by a verifier through a TPA and used for verifying the integrity of a file, and a unique marker corresponding to the challenge information; generating certification information according to the challenge information and the unique marker, and sending the certification information to the block chain; the blockchain is used for: and after receiving the certification information, calling an intelligent contract to verify the certification information. If the check is successful, the check result is typically stored in the blockchain.
The TPA (Third-party audio) is an entity responsible for checking the integrity of the cloud data on behalf of the user. And the verifying party is an entity for verifying the cloud data. The verifying party may be assumed by a third party trusted by both the user and the cloud server, or may be assumed by the cloud server trusted by the user, which is not specifically limited in the embodiment of the present invention. Firstly, in the data integrity verification stage, a verifier generates challenge information Chal ═ i, v, corresponding to the unique identifier name according to the TPAi}I={1,...,c},i∈IAnd sending the name and the Chal to the cloud.
After receiving the name and the Chal, the cloud end firstly needs to calculate
And
where T is the file discriminator, which will then beAttestation information
And sending the block chain.
The block chain receives
And then, calling the intelligent contract xi to search the tag by using the name, and if the tag cannot be searched, failing to check. After the tag is retrieved, it needs to be checked
Whether or not this is true. After the verification is passed, the blockchain will usually store the verification result in a log form on the blockchain, and the log information may include<name,Timestamp,Ka,...>Where Timestamp is a Timestamp.
And in the user revocation section, the method is mainly used for realizing revocation of the user. And the block chain is used for calling an intelligent contract to move the user public key corresponding to the user canceling instruction from the registered user list to the canceled user list when the user canceling section receives the user canceling instruction. Specifically, in the embodiment of the invention, the blockchain is maintained with a registered user list ζ through an intelligent contract ξallowAnd a revoked user list ζdenyWhen the user side uploads the data to be stored, the two lists must be checked to determine whether the user is allowed to store the data. When the user needs to be revoked, a user revocation instruction needs to be generated and sent to the block chain, the block chain can call the intelligent contract ξ, and the intelligent contract ξ is used for revoking the user list ζdenyIn-line adding user public key KiAnd the user public key KiFrom a list of registered users ζallowIs deleted.
At present, when the conventional PDP technology implements the user revocation function, metadata information stored by a user to be revoked needs to be processed, so that time consumed for executing the revocation function is linearly related to the amount of data already stored by the user to be revoked. In the embodiment of the invention, the registered user list ζ is maintainedallowAnd a revoked user list ζdenyThe user revocation can be realized, the complexity of the required time is irrelevant to the number of the files stored by the user to be revoked, and the execution efficiency is high.
In the stage of updating the user quota, the processes executed by the ue, the KGC and the blockchain are substantially the same as those described in the above embodiment of the present invention. In the embodiment of the present invention, when the user quota is updated, only the user private key is modified correspondingly, and the user public key is not changed, so that the verification method of the previous file stored by the user, that is, the verification method possibly performed by the data storage system in each piece of content, is not affected.
Specifically, in the stage of updating the user quota, the management center in the data storage system, which is controlled by the administrator, is used for enabling the < ID of the user endi,Xi,Yi,RN,RN',uiAnd transmitting the data to KGC through a public channel, wherein RN is the number of files which are originally allowed to be uploaded by a user, and RN' is a modified numerical value. After the KGC receives the information, u needs to be calculatedi'=ui-xH1(IDi,Xi+Yi,RN)+xH1(IDi,Xi+YiRN'), and then u is addedi' send to the user side. Then, the user end needs to be calculated
Thereby updating the user private key to σi'=xi+yi', and the user public key Ki'=Xi+Yi=KiThe method and the device can keep unchanged, and meanwhile, the KGC can not know the private key information of the user and can not influence the verification process executed when the user stores the data to be stored previously.
The data storage system provided by the embodiment of the invention can realize a PDP scheme and allow a user to adjust quota. In addition, the embodiment of the invention supports the function of revoking the user, the complexity of the required time is irrelevant to the number of the files stored by the user to be revoked, and the execution efficiency is higher.
In the following, a data storage method provided by an embodiment of the present invention is introduced, and a data storage method described below and a data storage system described above may be referred to correspondingly.
Referring to fig. 2, fig. 2 is a flowchart illustrating a data storage method according to an embodiment of the present invention.
The data storage method provided in the embodiments of the present invention is specifically applied to the user side, and the specific content of the user side and the specific content of the data storage system related to the user side are described in detail in the embodiments of the present invention, and are not described herein again.
Referring to fig. 2, the data storage method may include:
s101: and generating a label according to the user public key of the user end, the unique marker of the data to be stored and the quota corresponding to the user end.
S102: and sending the tag to the block chain for storage, and sending the user public key and the data to be stored to the cloud for storage.
S103: and when the quota is changed, receiving the updated quota sent by the KGC.
S104: and updating the user private key of the user side according to the updated quota.
The operation performed by the user side in the data storage system has been described in detail in the above embodiments of the present invention, and will not be described herein again. The data storage method of this embodiment is specifically used for implementing the foregoing data storage system, and therefore, a specific implementation manner of the data storage method can be seen in the foregoing embodiment section of the data storage system, and therefore, the specific implementation manner thereof may refer to the description of each corresponding embodiment section, and is not described herein again.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The data storage system and the data storage method provided by the invention are described in detail above. The principles and embodiments of the present invention are explained herein using specific examples, which are presented only to assist in understanding the method and its core concepts. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present invention.
Claims (10)
1. A data storage system is characterized by comprising a user side, a block chain, a cloud side and a KGC;
the user side is used for:
generating a label according to the user public key of the user side, the unique marker of the data to be stored and the quota corresponding to the user side;
sending the tag to the block chain for storage, and sending the user public key and the data to be stored to the cloud for storage;
when the quota is changed, receiving the updated quota through the KGC;
and updating the user private key of the user side according to the updated quota.
2. The system of claim 1, wherein the blockchain is to:
calling an intelligent contract to detect whether the label meets a first requirement; the first requirement comprises that the user public key is stored in a registered user list which is established in advance by the block chain, and the number of files corresponding to the user public key is less than the quota;
when the smart contract detects that the tag meets the first requirement; storing the tag in the blockchain.
3. The system of claim 2, wherein the cloud is configured to:
and after the tag corresponding to the data to be stored is stored in the block chain, storing the data to be stored according to the user public key.
4. The system of claim 2, wherein the user side is specifically configured to:
calling a signature function, and calculating signature information according to the user public key, the unique marker and the quota;
the first requirement further includes:
and the signature information is verified successfully.
5. The system according to claim 1, wherein the KGC is configured to:
determining a user public key according to the user identity information and the quota of the user side, and sending the user public key and the quota to the block chain;
the blockchain is to:
and storing the user public key and the corresponding quota to the registered user list.
6. The system of claim 5, wherein the KGC is further configured to:
sending the user public key to the client;
the client is further configured to:
and generating a user private key according to the user public key.
7. The system of claim 6, wherein the user side is specifically configured to:
calculating a file identifier set of each data block of the data to be stored according to the user private key;
sending the data to be stored, the user public key and the file identifier set to the cloud end;
the cloud is further configured to:
and checking the correctness of each data block through the file discriminator set.
8. The system of claim 7, wherein the cloud is specifically configured to:
and when the block chain stores the label corresponding to the data to be stored and each data block is correct, storing the data to be stored according to the user public key.
9. The system of claim 1, wherein the blockchain is further configured to:
and when a user revocation instruction is received, calling the intelligent contract to move the user public key corresponding to the user revocation instruction from the registered user list to the revoked user list.
10. A data storage method is applied to a client and comprises the following steps:
generating a label according to the user public key of the user side, the unique marker of the data to be stored and the quota corresponding to the user side;
sending the tag to a block chain for storage, and sending the user public key and the data to be stored to a cloud for storage;
when the quota is changed, receiving an updated quota sent by the KGC;
and updating the user private key of the user side according to the updated quota.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110372276.2A CN113037864B (en) | 2021-04-07 | 2021-04-07 | Data storage system and data storage method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110372276.2A CN113037864B (en) | 2021-04-07 | 2021-04-07 | Data storage system and data storage method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113037864A true CN113037864A (en) | 2021-06-25 |
| CN113037864B CN113037864B (en) | 2022-11-29 |
Family
ID=76453985
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110372276.2A Active CN113037864B (en) | 2021-04-07 | 2021-04-07 | Data storage system and data storage method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113037864B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104811450A (en) * | 2015-04-22 | 2015-07-29 | 电子科技大学 | Data storage method based on identity in cloud computing and integrity verification method based on identity in cloud computing |
| WO2017140358A1 (en) * | 2016-02-17 | 2017-08-24 | Nec Europe Ltd. | Method for storing data on a storage entity |
| GB201717414D0 (en) * | 2017-10-23 | 2017-12-06 | Cygnetise Ltd | Methods and apparatus for verifying a user transaction |
| CN108768966A (en) * | 2018-05-14 | 2018-11-06 | 北京邮电大学 | Register node and member node and Node registry leave, identity identifying method |
| CN108769173A (en) * | 2018-05-21 | 2018-11-06 | 阿里体育有限公司 | The block chain implementation method and equipment of the intelligent contract of operation |
| CN109901798A (en) * | 2019-02-27 | 2019-06-18 | 新华三技术有限公司成都分公司 | Date storage method and device |
| CN110990418A (en) * | 2019-12-20 | 2020-04-10 | 北京艾摩瑞策科技有限公司 | Asynchronous processing method and device based on block chain user data |
| ES2774397A1 (en) * | 2019-01-18 | 2020-07-20 | Telefonica Digital Espana Slu | METHOD AND SYSTEM FOR RECOVERY OF CRYPTOGRAPHIC KEYS FROM A BLOCK CHAIN NETWORK (Machine-translation by Google Translate, not legally binding) |
| CN111611614A (en) * | 2020-04-29 | 2020-09-01 | 南京财经大学 | Block chain based malicious auditor resistant cloud storage public auditing method and system |
-
2021
- 2021-04-07 CN CN202110372276.2A patent/CN113037864B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104811450A (en) * | 2015-04-22 | 2015-07-29 | 电子科技大学 | Data storage method based on identity in cloud computing and integrity verification method based on identity in cloud computing |
| WO2017140358A1 (en) * | 2016-02-17 | 2017-08-24 | Nec Europe Ltd. | Method for storing data on a storage entity |
| GB201717414D0 (en) * | 2017-10-23 | 2017-12-06 | Cygnetise Ltd | Methods and apparatus for verifying a user transaction |
| CN108768966A (en) * | 2018-05-14 | 2018-11-06 | 北京邮电大学 | Register node and member node and Node registry leave, identity identifying method |
| CN108769173A (en) * | 2018-05-21 | 2018-11-06 | 阿里体育有限公司 | The block chain implementation method and equipment of the intelligent contract of operation |
| ES2774397A1 (en) * | 2019-01-18 | 2020-07-20 | Telefonica Digital Espana Slu | METHOD AND SYSTEM FOR RECOVERY OF CRYPTOGRAPHIC KEYS FROM A BLOCK CHAIN NETWORK (Machine-translation by Google Translate, not legally binding) |
| CN109901798A (en) * | 2019-02-27 | 2019-06-18 | 新华三技术有限公司成都分公司 | Date storage method and device |
| CN110990418A (en) * | 2019-12-20 | 2020-04-10 | 北京艾摩瑞策科技有限公司 | Asynchronous processing method and device based on block chain user data |
| CN111611614A (en) * | 2020-04-29 | 2020-09-01 | 南京财经大学 | Block chain based malicious auditor resistant cloud storage public auditing method and system |
Non-Patent Citations (3)
| Title |
|---|
| LIPENG WANG; MINGSHENG HU; ZHIJUAN JIA; BEI GONG; YANFANG LEI: "A Signature Scheme Applying on Blockchain Voting Scene Based on the Asmuth-Bloom Algorithm", 《2018 IEEE 4TH INTERNATIONAL CONFERENCE ON COMPUTER AND COMMUNICATIONS (ICCC)》 * |
| 宁晓静; 张毅; 林湘宁; 魏繁荣; 程晨: "基于物理–信息–价值的能源区块链分析", 《电网技术》 * |
| 张家硕; 高健博; 王利朋; 李青山; 陈钟: "区块链隐私保护技术综述", 《保密科学技术》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113037864B (en) | 2022-11-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Kumar et al. | Secure CLS and CL-AS schemes designed for VANETs | |
| Luu et al. | Scp: A computationally-scalable byzantine consensus protocol for blockchains | |
| Li et al. | Privacy-preserving public auditing protocol for low-performance end devices in cloud | |
| Yuan et al. | Public integrity auditing for dynamic data sharing with multiuser modification | |
| US8195935B2 (en) | Systems, methods and computer-accessible media for acquiring and authenticating public key certificate status | |
| CN112583596B (en) | Complete cross-domain identity authentication method based on block chain technology | |
| CN112600678B (en) | Data processing method, device, equipment and storage medium | |
| CN111275555B (en) | Block chain transaction processing method, transaction node and block chain system | |
| Nie et al. | NCLAS: A novel and efficient certificateless aggregate signature scheme | |
| Jia et al. | Redactable blockchain from decentralized chameleon hash functions | |
| Toorani et al. | A decentralized dynamic pki based on blockchain | |
| US11646897B2 (en) | Method and apparatus for utilizing off-platform-resolved data as an input to code execution on a decentralized platform | |
| Bellare et al. | Deterring certificate subversion: efficient double-authentication-preventing signatures | |
| CN112385178B (en) | Lightweight certificate status checking system for large number of certificates | |
| US20070150944A1 (en) | User authentication system and method for a communications network | |
| CN112020849A (en) | Method for verifying a node | |
| CN112039837B (en) | Electronic evidence preservation method based on block chain and secret sharing | |
| JP2007515837A (en) | Method and system for providing integrity and trust in data management and data delivery processes | |
| CN113037864B (en) | Data storage system and data storage method | |
| US11635952B2 (en) | Secure update propagation with digital signatures | |
| US20050120207A1 (en) | Method and system for enabling PKI in a bandwidth restricted environment | |
| CN113032809A (en) | Data storage system and data storage method | |
| Misra et al. | Geographic server distribution model for key revocation | |
| Suguna et al. | Privacy preserving data auditing protocol for secure storage in mobile cloud computing | |
| Zhang et al. | OGPADSM2: oriented-group public auditing for data sharing with multi-user modification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |