CN115114674A - Cloud auditing method, device, equipment and medium supporting automatic compensation of damaged data - Google Patents
Cloud auditing method, device, equipment and medium supporting automatic compensation of damaged data Download PDFInfo
- Publication number
- CN115114674A CN115114674A CN202210730113.1A CN202210730113A CN115114674A CN 115114674 A CN115114674 A CN 115114674A CN 202210730113 A CN202210730113 A CN 202210730113A CN 115114674 A CN115114674 A CN 115114674A
- Authority
- CN
- China
- Prior art keywords
- data
- audit
- key
- preset
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000012550 audit Methods 0.000 claims abstract description 139
- 230000002776 aggregation Effects 0.000 claims abstract description 58
- 238000004220 aggregation Methods 0.000 claims abstract description 58
- 238000004364 calculation method Methods 0.000 claims description 13
- 238000001514 detection method Methods 0.000 claims description 11
- 238000012795 verification Methods 0.000 claims description 11
- 230000006870 function Effects 0.000 claims description 7
- 238000004590 computer program Methods 0.000 claims description 4
- 238000010276 construction Methods 0.000 claims description 4
- 238000013474 audit trail Methods 0.000 claims description 3
- 230000001915 proofreading effect Effects 0.000 claims description 3
- 238000000638 solvent extraction Methods 0.000 claims 1
- 238000004422 calculation algorithm Methods 0.000 description 4
- 238000013500 data storage Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000000903 blocking effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000005242 forging Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012946 outsourcing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
- G06Q20/06—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
- G06Q20/065—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/405—Establishing or using transaction specific rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Computing Systems (AREA)
- General Business, Economics & Management (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Economics (AREA)
- Development Economics (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application relates to the technical field of block chains, and discloses a cloud auditing method, a device, equipment and a medium for supporting automatic compensation of damaged data, wherein the method comprises the steps of establishing an intelligent contract in a block chain, and storing a preset token in the intelligent contract; generating a data key and a public key based on the preset key bit number, and storing the public key in the basic key in a block chain; acquiring target data and a data key, generating an aggregation tag set, and storing the target data in a database of a target server; obtaining an audit challenge of a client, verifying and calculating target data in a database based on the audit challenge to obtain an audit certificate, and issuing the audit certificate in a block chain; decrypting the aggregation label through the public key to obtain a decryption result, and judging whether the decryption result is consistent with the audit certificate to obtain a judgment result; if not, the preset token is paid out to the client. The invention eliminates the risk of third-party operation and improves the safety of cloud audit.
Description
Technical Field
The application relates to the technical field of block chains, in particular to a cloud auditing method, device, equipment and medium for supporting automatic compensation of damaged data.
Background
In order to audit the integrity of outsourced data, an effective cloud audit protocol is established between a user and a service provider, and the user can inquire whether the outsourced data of the storage service end is complete at any time and any place. The cloud audit protocol is a challenge-response protocol, wherein a client initiates audit, a storage server is required to return a storage certificate of certain data, such as a whole data block, a hash check value of the data block or a certain calculation result, and the client verifies the correctness of the data block after receiving the certificate.
In the existing cloud auditing method, data of a block chain is transparently disclosed for all participating nodes, and a storage server can pretend to be an auditor to use a public key to calculate the label to obtain an integrity certificate by assuming that a client publishes the label required in the verification process on the block chain, so that the certificate is forged, and the security of cloud auditing is low. There is a need for a method of improving cloud audit security.
Disclosure of Invention
The embodiment of the application aims to provide a cloud auditing method, a device, equipment and a medium for supporting automatic compensation of damaged data so as to improve the safety of cloud auditing.
In order to solve the above technical problem, an embodiment of the present application provides a cloud auditing method for supporting automatic compensation of damaged data, including:
creating an intelligent contract in a block chain in a preset mode, acquiring a preset token and storing the preset token in the intelligent contract;
generating a data key and a public key based on the preset key bit number, storing the public key in the block chain, and storing the data key in a local database of a client;
acquiring target data and the data key from the local database, generating an aggregation tag set based on the target data and the data key, and storing the target data in a database of a target server, wherein the aggregation tag set comprises a plurality of aggregation tags;
obtaining an audit challenge of the client, verifying and calculating the target data in the database based on the audit challenge to obtain an audit certificate, and issuing the audit certificate in the block chain;
decrypting the aggregation label through the public key to obtain a decryption result, and judging whether the decryption result is consistent with the audit certificate to obtain a judgment result;
and if the judgment result is that the decryption result is inconsistent with the audit certificate, paying the preset token on the client.
In order to solve the above technical problem, an embodiment of the present application provides a cloud audit device for supporting automatic compensation of damaged data, including:
the intelligent contract creating module is used for creating an intelligent contract in a block chain in a preset mode, acquiring a preset token and storing the preset token in the intelligent contract;
the basic key generation module is used for generating a data key and a public key based on the preset key bit number, storing the public key in the block chain and storing the data key in a local database of the client;
the aggregation tag set generating module is used for acquiring target data and the data key from the local database, generating an aggregation tag set based on the target data and the data key, and storing the target data in a database of a target server, wherein the aggregation tag set comprises a plurality of aggregation tags;
the audit certificate generation module is used for acquiring the audit challenge of the client, verifying and calculating the target data in the database based on the audit challenge to obtain an audit certificate, and issuing the audit certificate in the block chain;
the judgment result generation module is used for decrypting the aggregation label through the public key to obtain a decryption result, judging whether the decryption result is consistent with the audit certificate or not, and obtaining a judgment result;
and the preset token paying module is used for paying the preset token to the client if the judgment result is that the decryption result is inconsistent with the audit certificate.
In order to solve the technical problems, the invention adopts a technical scheme that: a computer device is provided that includes, one or more processors; the storage is used for storing one or more programs, so that the one or more processors can realize the cloud auditing method for supporting automatic damage data compensation.
In order to solve the technical problems, the invention adopts a technical scheme that: a computer-readable storage medium having a computer program stored thereon, which when executed by a processor implements any of the above cloud auditing methods supporting automatic indemnity of corrupted data.
The embodiment of the invention provides a cloud auditing method, a device, equipment and a medium for supporting automatic compensation of damaged data. The method comprises the following steps: creating an intelligent contract in the block chain in a preset mode, acquiring a preset token and storing the preset token in the intelligent contract; generating a data key and a public key based on the preset key bit number, storing the public key in a block chain, and storing the data key in a local database of a client; acquiring target data and a data key from a local database, generating an aggregation tag set based on the target data and the data key, and storing the target data in a database of a target server, wherein the aggregation tag set comprises a plurality of aggregation tags; obtaining an audit challenge of a client, verifying and calculating target data in a database based on the audit challenge to obtain an audit certificate, and issuing the audit certificate in a block chain; decrypting the aggregation label through the public key to obtain a decryption result, and judging whether the decryption result is consistent with the audit certificate to obtain a judgment result; and if the judgment result is that the decryption result is inconsistent with the audit certificate, returning the preset token to the client. The embodiment of the invention creates the intelligent contract in the block chain, stores the preset token in the intelligent contract and then stores the generated public key in the block chain, thereby being beneficial to acquiring the public key in the block chain to decrypt and verify the target data and reducing the cost of data storage; and meanwhile, an aggregation tag set corresponding to the target data is generated, when the audit is obtained, the audit certificate is obtained, the decryption result corresponding to the audit certificate and the aggregation tag set is judged, if the decryption result is inconsistent, the preset token is paid to the client, so that the preset token is paid when the cloud audit fails, the risk of third-party operation is eliminated, and the safety of the cloud audit is improved.
Drawings
In order to more clearly illustrate the solution of the present application, the drawings needed for describing the embodiments of the present application will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
FIG. 1 is a flowchart of an implementation of a cloud auditing method flow supporting automatic damage data compensation according to an embodiment of the present application;
FIG. 2 is a flowchart of another implementation of a sub-process of the cloud auditing method for supporting automatic damage data compensation according to the embodiment of the present application;
FIG. 3 is a flowchart illustrating another implementation of a sub-process of the cloud auditing method for supporting automatic compensation of damaged data according to an embodiment of the present application;
FIG. 4 is a flowchart illustrating another implementation of a sub-process of the cloud auditing method for supporting automatic compensation of damaged data according to an embodiment of the present application;
FIG. 5 is a flowchart of another implementation of a sub-process of the cloud auditing method for supporting automatic damage data compensation according to the embodiment of the present application;
FIG. 6 is a flowchart of another implementation of a sub-process of the cloud auditing method for supporting automatic damage data compensation according to the embodiment of the present application;
FIG. 7 is a schematic diagram of a cloud auditing apparatus supporting automatic damage data compensation according to an embodiment of the present application;
fig. 8 is a schematic diagram of a computer device provided in an embodiment of the present application.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "including" and "having," and any variations thereof, in the description and claims of this application and the description of the above figures are intended to cover non-exclusive inclusions. The terms "first," "second," and the like in the description and claims of this application or in the above-described drawings are used for distinguishing between different objects and not for describing a particular order.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein may be combined with other embodiments.
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings.
The present invention will be described in detail below with reference to the accompanying drawings and embodiments.
It should be noted that, the cloud auditing method supporting automatic compensation of damaged data provided in the embodiments of the present application is generally executed by a server, and accordingly, a cloud auditing apparatus supporting automatic compensation of damaged data is generally configured in the server.
Referring to fig. 1, fig. 1 illustrates a specific embodiment of a cloud auditing method for supporting automatic compensation of damaged data.
It should be noted that, if the result is substantially the same, the method of the present invention is not limited to the flow sequence shown in fig. 1, and the method includes the following steps:
s1: and creating an intelligent contract in the block chain in a preset mode, acquiring a preset token and storing the preset token in the intelligent contract.
Specifically, an intelligent contract is created in the blockchain, and the intelligent contract serves as a data storage and trusted computing platform of the protocol and provides a channel for information communication to the client, the target server and the server. And acquiring the preset token and storing the preset token in the intelligent contract.
The client is the owner of the data and stores the data to the target server in an outsourced mode; the client is the only main body holding the key, generates an authentication tag and a challenge tag for the data, and issues the authentication tag and the challenge tag to the intelligent contract. The target server side provides data outsourcing storage service, and responds to storage integrity certification according to the challenge. The server is an execution main body of the embodiment of the application, the server verifies the integrity certification of the target data by calling the intelligent contract, and the server can be regarded as a third-party auditor; a server may be any node on the blockchain. The block chain is a trusted data storage module and a trusted computing module of the system; the intelligent contracts may be deployed in a blockchain to act as data interactions between clients, servers, and servers. Smart contracts (English: Smart contract) are a computer protocol intended to propagate, verify or execute contracts in an informational manner; smart contracts allow trusted transactions, which are traceable and irreversible, to be conducted without a third party. The preset token is a value token negotiated by the client and the target server, and is used for auditing compensation of the client after identification. The preset token is safely stored in the intelligent contract temporarily, when the specified auditing frequency is reached, the intelligent contract is destroyed, and all the value tokens are returned to the account of the server side in an original way.
Referring to fig. 2, fig. 2 shows an embodiment of step S1, which is described in detail as follows:
s11: and acquiring a preset contract life cycle.
S12: and creating an intelligent contract in the blockchain by calling a construction function based on a preset contract life cycle, wherein the intelligent contract comprises a contract address and a control variable.
S13: the method includes acquiring a preset token and storing the preset token in an intelligent contract.
Specifically, a preset contract life cycle client and a target server negotiate a well-negotiated contract cycle; the addresses of the client and the target server are not changed within the preset contract lifecycle. The method and the device for establishing the intelligent contract have the advantages that the preset contract life cycle is obtained, the intelligent contract is established in the block chain in a mode of calling the construction function based on the preset contract life cycle, then the preset token is obtained, and the preset token is stored in the intelligent contract. Specifically, the intelligent contract of the embodiment of the present application is constructed by initializing the intelligent contract in the block chain by calling a constructor (Construct function). Wherein the intelligent contract comprises a contract address and a control variable. Control variables include, but are not limited to, key flags, audit challenge flags, and attestation flags.
S2: and generating a data key and a public key based on the preset key bit number, storing the public key in the block chain, and storing the data key in a local database of the client.
Specifically, the data key is a key generated by using an RSA encryption algorithm, and is used to encrypt an authentication tag of the target data. The public key is used for decrypting the subsequent aggregation authentication tag, only the client can execute the setting of the public key, and the target server cannot execute the setting of the public key.
Referring to fig. 3, fig. 3 shows an embodiment of step S2, which is described in detail as follows:
s21: and acquiring a preset key digit, and generating a data key and a public key based on the preset key digit.
S22: and calling a target keyword of the block chain, and acquiring a target address corresponding to the public key based on the target keyword.
S23: based on the destination address, the public key is stored in the blockchain, and the data key is stored in a local database of the client.
Specifically, in the client, the data key and the public key are generated according to a preset security level, that is, a preset number of bits of the key. And then calling a target keyword of the block chain to check the address of the function executor, namely acquiring the target address corresponding to the public key, storing the public key in the block chain, and storing the data key in a local database of the client. Further, a protocol key corresponding to the intelligent contract is generated according to the preset key digit, and the protocol key is stored in a local database of the client. Wherein the protocol key is used to detect the smart contract.
S3: and acquiring target data and a data key from a local database, generating an aggregation tag set based on the target data and the data key, and storing the target data in a database of a target server.
Wherein the aggregate tag set comprises a plurality of aggregate tags.
Referring to fig. 4, fig. 4 shows an embodiment of step S3, which is described in detail as follows:
s31: and acquiring target data and a data key from a local database, and blocking the target data to obtain n data blocks, wherein n is an integer.
S32: and generating authentication tags corresponding to the n data blocks based on the data key to obtain an authentication tag set.
S33: and acquiring a preset window value, and generating an aggregation tag set based on the preset window value and the authentication tag set.
S34: and sending the target data to the target server so that the target server stores the target data in the database.
Specifically, since the client is a data owner, target data, which is data that needs to be stored by the target server, needs to be obtained from a local database of the client. And then, carrying out block processing on the target data according to the standard size to obtain n data blocks, wherein n is an integer. Acquiring a data key from a local database, and generating a corresponding authentication tag for each data block through the data key so as to generate an authentication tag set; and then acquiring a preset window value, and performing calculation processing through a tag aggregation algorithm based on the preset window value and the authentication tag set to generate a tag aggregation set. The preset window value is the size of a window value in a label compression algorithm agreed by the client according to the size of the authentication label set, the condition of storage service and self computing resources. The window value affects the rate of compression. And finally, sending the target data to the target server so that the target server stores the target data in the database.
Further, the corresponding generation formula of the aggregation label algorithm is as follows:
wherein g is a generator, m i Refers to the ith data block, w refers to the size of the window value, d refers to the key exponent, n is the modulus, BAT i Refers to a polymeric label. Window value w: the window value directly influences the number of the auditing data blocks of the server end for one challenge, and the larger the window value is, the larger the auditing requirement of the target server end needs to be borne. Once the aggregation tag set is constructed, the authentication tag set occupying a large amount of space is released, and the target data is sent to the target server in an outsource form, so that the target data is stored in the database of the target server. The client uses the aggregation tag set as a basic tag, if the target data is not changed, the aggregation tag set is not changed and is stored in a local database of the client.
S4: and acquiring an audit challenge of the client, verifying and calculating target data in the database based on the audit challenge to obtain an audit certificate, and issuing the audit certificate in the block chain.
Specifically, the client may initiate a challenge of auditing the integrity of the target data to the target server at any time. When the server receives the audit challenge from the client, the server verifies and calculates the target data in the database of the target server, so that an audit certificate is generated and is issued in the block chain, and whether the cloud audit is successful or not is judged conveniently and subsequently.
Referring to fig. 5, fig. 5 shows an embodiment of step S4, which is described in detail as follows:
s41: and obtaining the audit challenge of the client.
S42: and analyzing the audit challenge to obtain a challenge parameter in the audit challenge.
S43: and verifying and calculating the target data in the database through a preset formula based on the challenge parameters to obtain a calculation result.
S44: and generating an audit certificate based on the calculation result, and issuing the audit certificate in the block chain.
Specifically, after the target server receives the complete target data again, the target server continuously waits for the audit challenge of the client, so that a complete audit certificate is returned. Therefore, when the server obtains the audit challenge, the audit challenge is analyzed to obtain the challenge parameter in the audit challenge, the target data in the database is verified and calculated through a preset formula to obtain a calculation result, then an audit certificate is generated based on the calculation result, and the audit certificate is issued in the block chain.
Wherein, the preset formula is as follows:
wherein g is a generator, m r Refers to the r-th data block, m k Refer to the kth data block, n is modulus, proof refers to audit trail.
Further, step S41 includes responding to a check instruction of the client, returning the smart contract to the client, so that the client sets a control variable in the smart contract to a real state, and obtains an audit challenge generated by the client, where the audit challenge includes a challenge parameter, which is described as follows:
specifically, when the client needs to initiate audit and challenge, the client sends a proofreading instruction to the server, and after receiving the proofreading instruction, the server returns the intelligent contract to the client, so that the client sets the control variable in the intelligent contract to be in a real state. Then, the client generates an audit challenge according to the required audit content, and feeds the generated audit challenge back to the server. And the server executes the audit task when receiving the audit challenge of the client. The audit challenge comprises challenge parameters, and the challenge parameters comprise a challenge serial number, a random number and a challenge aggregation label. Challenge number: refers to the set challenge of the data block sequence number, which is randomly generated by the client; random number refers to the random number in each challenge; polymeric Tag (Aggregate Tag): the challenge tag, which refers to the challenge block, is generated by step S3 described above. It is worth mentioning that the aggregate tag for each block of data is different for each challenge and can resist replay attacks. The aggregated tag is not issued immediately for verification, since the target server can decrypt the challenge tag with the public key after obtaining the challenge tag in advance, thereby forging the integrity certification. According to the embodiment of the application, the conditional constraint is added in the intelligent contract, and the client cannot immediately issue to the server through the conditional constraint, but issues after waiting for the integrity audit certificate uploaded by the target server, so that the security of cloud audit is improved.
S5: and decrypting the aggregation label through the public key to obtain a decryption result, and judging whether the decryption result is consistent with the audit certificate to obtain a judgment result.
Referring to fig. 6, fig. 6 shows an embodiment of step S5, which is described in detail as follows:
s51: and detecting the state of the control variable and the validity of the data to obtain the detection result of the intelligent contract.
S52: and if the detection result is that the intelligent contract is valid, acquiring the public key from the block chain.
S53: and decrypting the aggregation label through the public key to obtain a decryption result.
S54: and judging whether the decryption result is consistent with the audit certificate or not in a circulating traversal mode to obtain a judgment result.
Specifically, before verifying the audit certificate, the state of the control variable and the validity of the data are detected to obtain a detection result of the intelligent contract. The detection mode of the state of the control variable is to judge whether an audit challenge mark and a certification mark in the control variable are true, and the detection mode of the validity of the data is to judge whether the certification and the challenge mark are null and whether the scales of the challenge and the certification are equal. And if the audit challenge mark and the certification mark are true, the certification and the challenge mark are not empty, and the scale of the challenge and the certification are equal, the detection result is that the intelligent contract is valid, the public key is obtained from the block chain, the aggregation label is decrypted through the public key to obtain a decryption result, and whether the decryption result is consistent with the audit certification or not is judged through a circular traversal mode to obtain a judgment result. Furthermore, by means of Rsa verify, the decryption result and the audit certificate are circularly traversed, whether the decryption result is consistent with the audit certificate is judged, and a judgment result is obtained. Wherein RsaVerify is a precompiled protocol that performs large integer modulo operations on incoming data. The function returns a 1 indicating a successful verification and a 0 indicating a failed verification.
S6: if the judgment result is that the decryption result is inconsistent with the audit certificate, paying the preset token to the client.
Specifically, if the judgment result is that the decryption result is consistent with the audit certificate, the cloud audit result is successful. And if the judgment result is that the decryption result is inconsistent with the audit certificate, which indicates that the cloud audit verification fails, paying the preset token stored in the intelligent contract to the client. Furthermore, the verification failure times can be set, and when the verification failure times reach the preset times, the claims are paid. In the embodiment of the application, due to the fact that the agreed preset token is stored in the intelligent contract in advance, after the verification failure times reach the preset times, the preset token is paid to the client side, automatic compensation of damaged data is achieved, and cloud audit of the automatic compensation of the damaged data is achieved.
In the embodiment, an intelligent contract is created in a block chain in a preset mode, a preset token is obtained, and the preset token is stored in the intelligent contract; generating a data key and a public key based on the preset key bit number, storing the public key in a block chain, and storing the data key in a local database of a client; acquiring target data and a data key from a local database, generating an aggregation tag set based on the target data and the data key, and storing the target data in a database of a target server, wherein the aggregation tag set comprises a plurality of aggregation tags; obtaining an audit challenge of a client, verifying and calculating target data in a database based on the audit challenge to obtain an audit certificate, and issuing the audit certificate in a block chain; decrypting the aggregation label through the public key to obtain a decryption result, and judging whether the decryption result is consistent with the audit certificate to obtain a judgment result; and if the judgment result is that the decryption result is inconsistent with the audit certificate, returning the preset token to the client. The embodiment of the invention creates the intelligent contract in the block chain, stores the preset token in the intelligent contract and then stores the generated public key in the block chain, thereby being beneficial to acquiring the public key in the block chain to decrypt and verify the target data and reducing the cost of data storage; and meanwhile, an aggregation tag set corresponding to the target data is generated, when the audit is obtained, the audit certificate is obtained, the decryption result corresponding to the audit certificate and the aggregation tag set is judged, if the decryption result is inconsistent, the preset token is paid to the client, so that the preset token is paid when the cloud audit fails, the risk of third-party operation is eliminated, and the safety of the cloud audit is improved.
Referring to fig. 7, as an implementation of the method shown in fig. 1, the present application provides an embodiment of a cloud auditing apparatus for supporting automatic compensation of damaged data, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 1, and the apparatus may be applied to various electronic devices.
As shown in fig. 7, the cloud auditing apparatus supporting automatic compensation of damaged data of the present embodiment includes: an intelligent contract creating module 71, a basic key generating module 72, an aggregation tag set generating module 73, an audit certificate generating module 74, a judgment result generating module 75 and a preset token claim module 76, wherein:
the intelligent contract creating module 71 is used for creating an intelligent contract in the block chain in a preset mode, acquiring a preset token and storing the preset token in the intelligent contract;
a basic key generation module 72, configured to generate a data key and a public key based on a preset key bit number, store the public key in a block chain, and store the data key in a local database of the client;
an aggregation tag set generating module 73, configured to obtain target data and a data key from a local database, generate an aggregation tag set based on the target data and the data key, and store the target data in a database of a target server, where the aggregation tag set includes multiple aggregation tags;
the audit certificate generation module 74 is configured to obtain an audit challenge of the client, verify and calculate target data in the database based on the audit challenge to obtain an audit certificate, and issue the audit certificate in the block chain;
a judgment result generating module 75, configured to decrypt the aggregation tag through the public key to obtain a decryption result, and judge whether the decryption result is consistent with the audit certificate to obtain a judgment result;
and a preset token paying module 76, configured to pay the preset token to the client if the decryption result is inconsistent with the audit certificate.
Further, the aggregated tag set generating module 73 includes:
the data blocking unit is used for acquiring target data and a data key from a local database, and blocking the target data to obtain n data blocks, wherein n is an integer;
the authentication tag set generating unit is used for generating authentication tags corresponding to the n data blocks based on the data key to obtain an authentication tag set;
the aggregation tag set constructing unit is used for acquiring a preset window value and generating an aggregation tag set based on the preset window value and the authentication tag set;
and the aggregation tag set storage unit is used for sending the target data to the target server so that the target server stores the target data in the database.
Further, the audit trail generation module 74 includes:
the audit challenge acquiring unit is used for acquiring the audit challenge of the client;
the challenge audit analysis unit is used for analyzing the audit challenge to obtain a challenge parameter in the audit challenge;
the calculation result generation unit is used for verifying and calculating the target data in the database through a preset formula based on the challenge parameters to obtain a calculation result;
and the audit certificate issuing unit is used for generating the audit certificate based on the calculation result and issuing the audit certificate in the block chain.
Further, the audit challenge obtaining unit includes:
and the verification instruction unit is used for responding to a verification instruction of the client and returning the intelligent contract to the client so that the client sets the control variable in the intelligent contract to be in a real state and acquires an audit challenge generated by the client, wherein the audit challenge comprises a challenge parameter.
Further, the judgment result generating module 75 includes:
the detection result acquisition unit is used for acquiring the detection result of the intelligent contract by detecting the state of the control variable and the validity of the data;
the public key obtaining unit is used for obtaining a public key from the block chain if the detection result is that the intelligent contract is valid;
the aggregation tag decryption unit is used for decrypting the aggregation tag through the public key to obtain a decryption result;
and the consistency judging unit is used for judging whether the decryption result is consistent with the audit certificate or not in a circulating traversal mode to obtain a judgment result.
Further, the intelligent contract creation module 71 includes:
the contract life cycle acquiring unit is used for acquiring a preset contract life cycle;
the intelligent contract generating unit is used for creating an intelligent contract in the block chain in a mode of calling a construction function based on a preset contract life cycle, wherein the intelligent contract comprises a contract address and a control variable;
the preset token acquisition unit is used for acquiring the preset token and storing the preset token in the intelligent contract.
Further, the preset token payout module 76 includes:
the basic key generation unit is used for acquiring a preset key digit and generating a data key and a public key based on the preset key digit;
the target address acquisition unit is used for calling a target keyword of the block chain and acquiring a target address corresponding to the public key based on the target keyword;
and the public key storage unit is used for storing the public key in the block chain based on the target address and storing the data secret key in a local database of the client.
In order to solve the technical problem, the embodiment of the application further provides computer equipment. Referring to fig. 8, fig. 8 is a block diagram of a basic structure of a computer device according to the present embodiment.
The computer device 8 includes a memory 81, a processor 82, and a network interface 83 communicatively connected to each other via a system bus. It is noted that only a computer device 8 having three components, a memory 81, a processor 82, and a network interface 83, is shown, but it is understood that not all of the shown components are required to be implemented, and that more or fewer components may be implemented instead. As will be understood by those skilled in the art, the computer device is a device capable of automatically performing numerical calculation and/or information processing according to a preset or stored instruction, and the hardware includes, but is not limited to, a microprocessor, an Application Specific Integrated Circuit (ASIC), a Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), an embedded device, and the like.
The computer device may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing devices. The computer equipment can carry out man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch panel or voice control equipment and the like.
The memory 81 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the storage 81 may be an internal storage unit of the computer device 8, such as a hard disk or a memory of the computer device 8. In other embodiments, the memory 81 may be an external storage device of the computer device 8, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like provided on the computer device 8. Of course, the memory 81 may also include both internal and external storage devices of the computer device 8. In this embodiment, the memory 81 is generally used for storing an operating system installed in the computer device 8 and various types of application software, such as program codes of a cloud auditing method for supporting automatic compensation of damaged data. Further, the memory 81 may also be used to temporarily store various types of data that have been output or are to be output.
The network interface 83 may include a wireless network interface or a wired network interface, and the network interface 83 is generally used to establish communication connections between the computer device 8 and other electronic devices.
The present application provides yet another embodiment, which provides a computer-readable storage medium storing a computer program, which is executable by at least one processor to cause the at least one processor to perform the steps of a cloud audit method supporting automatic compensation of damaged data as described above.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application or portions thereof that contribute to the prior art may be embodied in the form of a software product, where the computer software product is stored in a storage medium (such as a ROM/RAM, a magnetic disk, and an optical disk), and includes several instructions for enabling a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method of the embodiments of the present application.
It is to be understood that the above-described embodiments are merely illustrative of some, but not restrictive, of the broad invention, and that the appended drawings illustrate preferred embodiments of the invention and do not limit the scope of the invention. This application is capable of embodiments in many different forms and is provided for the purpose of enabling a thorough understanding of the disclosure of the application. Although the present application has been described in detail with reference to the foregoing embodiments, it will be apparent to one skilled in the art that modifications can be made to the embodiments described in the foregoing detailed description, or equivalents can be substituted for some of the features described therein. All equivalent structures made by using the contents of the specification and the drawings of the present application are directly or indirectly applied to other related technical fields and are within the protection scope of the present application.
Claims (10)
1. A cloud auditing method supporting automatic compensation of damaged data is characterized by comprising the following steps:
creating an intelligent contract in a block chain in a preset mode, acquiring a preset token and storing the preset token in the intelligent contract;
generating a data key and a public key based on the preset key bit number, storing the public key in the block chain, and storing the data key in a local database of a client;
acquiring target data and the data key from the local database, generating an aggregation tag set based on the target data and the data key, and storing the target data in a database of a target server, wherein the aggregation tag set comprises a plurality of aggregation tags;
obtaining an audit challenge of the client, verifying and calculating the target data in the database based on the audit challenge to obtain an audit certificate, and issuing the audit certificate in the block chain;
decrypting the aggregation label through the public key to obtain a decryption result, and judging whether the decryption result is consistent with the audit certificate to obtain a judgment result;
and if the judgment result is that the decryption result is inconsistent with the audit certificate, paying the preset token on the client.
2. The cloud auditing method according to claim 1 for supporting automatic reimbursement of corrupted data, wherein the obtaining target data and the data key from the local database, generating an aggregated tag set based on the target data and the data key, and storing the target data in a database of a target server comprises:
acquiring target data and the data key from the local database, and partitioning the target data to obtain n data blocks, wherein n is an integer;
generating authentication tags corresponding to the n data blocks based on the data key to obtain an authentication tag set;
acquiring a preset window value, and generating the aggregation tag set based on the preset window value and the authentication tag set;
and sending the target data to the target server, so that the target server stores the target data in the database.
3. The cloud auditing method supporting automatic compensation of damaged data according to claim 1, where the obtaining of the audit challenge of the client, and based on the audit challenge, performing verification calculation on the target data in the database to obtain an audit certificate, and issuing the audit certificate in the block chain includes:
obtaining the audit challenge of the client;
analyzing the audit challenge to obtain a challenge parameter in the audit challenge;
based on the challenge parameters, verifying and calculating the target data in the database through a preset formula to obtain a calculation result;
and generating the audit certificate based on the calculation result, and issuing the audit certificate in the block chain.
4. The cloud auditing method according to claim 3 for supporting automatic compensation of damaged data, wherein obtaining the auditing challenge at the client comprises:
and responding to a proofreading instruction of the client, returning the intelligent contract to the client, so that the client sets a control variable in the intelligent contract to be in a real state, and acquiring an audit challenge generated by the client, wherein the audit challenge comprises the challenge parameter.
5. The cloud auditing method supporting automatic indemnification of damaged data according to claim 1, where the decrypting the aggregated label with the public key to obtain a decrypted result and determining whether the decrypted result is consistent with the audit trail to obtain a determined result includes:
detecting the state of a control variable and the validity of data to obtain the detection result of the intelligent contract;
if the detection result is that the intelligent contract is valid, the public key is obtained from the block chain;
decrypting the aggregation label through the public key to obtain a decryption result;
and judging whether the decryption result is consistent with the audit certificate or not in a circulating traversal mode to obtain the judgment result.
6. The cloud auditing method for supporting automatic damage data compensation according to claim 1, wherein the creating an intelligent contract in a block chain by a preset mode and obtaining a preset token and storing the preset token in the intelligent contract comprises:
acquiring a preset contract life cycle;
creating the intelligent contract in the block chain by calling a construction function based on the preset contract life cycle, wherein the intelligent contract comprises a contract address and a control variable;
the preset token is obtained and stored in the smart contract.
7. The cloud auditing method for supporting automatic indemnification of damaged data according to any one of claims 1 to 6, wherein the generating a data key and a public key based on a preset key bit number, storing the public key in the blockchain, and storing the data key in a local database of a client comprises:
acquiring a preset key digit, and generating the data key and the public key based on the preset key digit;
calling a target keyword of the block chain, and acquiring a target address corresponding to the public key based on the target keyword;
based on the target address, storing the public key in the blockchain and storing the data key in a local database of the client.
8. A cloud audit device supporting automatic compensation of damaged data is characterized by comprising:
the intelligent contract creating module is used for creating an intelligent contract in a block chain in a preset mode, acquiring a preset token and storing the preset token in the intelligent contract;
the basic key generation module is used for generating a data key and a public key based on the preset key bit number, storing the public key in the block chain and storing the data key in a local database of the client;
the aggregation tag set generating module is used for acquiring target data and the data key from the local database, generating an aggregation tag set based on the target data and the data key, and storing the target data in a database of a target server, wherein the aggregation tag set comprises a plurality of aggregation tags;
the audit certificate generation module is used for acquiring the audit challenge of the client, verifying and calculating the target data in the database based on the audit challenge to obtain an audit certificate, and issuing the audit certificate in the block chain;
the judgment result generation module is used for decrypting the aggregation label through the public key to obtain a decryption result, judging whether the decryption result is consistent with the audit certificate or not, and obtaining a judgment result;
and the preset token paying module is used for paying the preset token to the client if the judgment result is that the decryption result is inconsistent with the audit certificate.
9. A computer device comprising a memory having stored therein a computer program and a processor that when executed implements a cloud auditing method in support of automatic damage data reimbursement according to any one of claims 1 to 7.
10. A computer-readable storage medium, having stored thereon a computer program which, when executed by a processor, implements the cloud auditing method in support of automatic damage data reimbursement of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210730113.1A CN115114674B (en) | 2022-06-24 | 2022-06-24 | Cloud auditing method, device, equipment and medium supporting automatic compensation of damaged data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210730113.1A CN115114674B (en) | 2022-06-24 | 2022-06-24 | Cloud auditing method, device, equipment and medium supporting automatic compensation of damaged data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115114674A true CN115114674A (en) | 2022-09-27 |
| CN115114674B CN115114674B (en) | 2024-08-09 |
Family
ID=83330976
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210730113.1A Active CN115114674B (en) | 2022-06-24 | 2022-06-24 | Cloud auditing method, device, equipment and medium supporting automatic compensation of damaged data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115114674B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111355705A (en) * | 2020-02-08 | 2020-06-30 | 西安电子科技大学 | Data auditing and safety duplicate removal cloud storage system and method based on block chain |
| CN112134869A (en) * | 2020-09-16 | 2020-12-25 | 北方工业大学 | Cloud service examination system and examination method based on block chain |
| WO2021184882A1 (en) * | 2020-03-18 | 2021-09-23 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for verifying contract |
| CN114221976A (en) * | 2021-12-08 | 2022-03-22 | 中信银行股份有限公司 | Distributed cloud data integrity auditing method and system |
-
2022
- 2022-06-24 CN CN202210730113.1A patent/CN115114674B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111355705A (en) * | 2020-02-08 | 2020-06-30 | 西安电子科技大学 | Data auditing and safety duplicate removal cloud storage system and method based on block chain |
| WO2021184882A1 (en) * | 2020-03-18 | 2021-09-23 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for verifying contract |
| CN112134869A (en) * | 2020-09-16 | 2020-12-25 | 北方工业大学 | Cloud service examination system and examination method based on block chain |
| CN114221976A (en) * | 2021-12-08 | 2022-03-22 | 中信银行股份有限公司 | Distributed cloud data integrity auditing method and system |
Non-Patent Citations (1)
| Title |
|---|
| 顾浩;贺寰烨;林果园;: "基于联盟链的云存储完整性审计机制研究", 微电子学与计算机, no. 01, 5 January 2020 (2020-01-05) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115114674B (en) | 2024-08-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102687781B1 (en) | System and method for authenticating off-chain data based on proof verification | |
| KR101849917B1 (en) | Method for providing certificate service based on smart contract and server using the same | |
| CN111080295B (en) | Electronic contract processing method and device based on blockchain | |
| US9614847B2 (en) | User authentication | |
| US20120324229A1 (en) | System and method for generating keyless digital multi-signatures | |
| TW201924278A (en) | Systems and methods for ensuring correct execution of computer program using a mediator computer system | |
| US20080083039A1 (en) | Method for integrity attestation of a computing platform hiding its configuration information | |
| KR20180041055A (en) | Method for providing certificate service based on smart contract and server using the same | |
| CN111314172B (en) | Block chain-based data processing method, device, equipment and storage medium | |
| CN111460525B (en) | Block chain-based data processing method, device and storage medium | |
| CN110570196A (en) | Transaction data processing method and device, terminal equipment and storage medium | |
| KR20180041054A (en) | Method for providing certificate service based on smart contract and server using the same | |
| CN110084600B (en) | Processing and verifying method, device, equipment and medium for resolution transaction request | |
| CN112165382A (en) | Software authorization method and device, authorization server and terminal equipment | |
| KR101890584B1 (en) | Method for providing certificate service based on m of n multiple signatures and server using the same | |
| CN114338666A (en) | Method, device, equipment and medium for verifying Fabric block chain cross-chain transaction | |
| KR101253683B1 (en) | Digital Signing System and Method Using Chained Hash | |
| CN114422139A (en) | API gateway request security verification method and device, electronic equipment and computer readable medium | |
| CN111614658A (en) | Calculation force contract generation method based on block chain network, electronic device and medium | |
| JP2023507568A (en) | System and method for protection against malicious program code injection | |
| CN111953477B (en) | Terminal equipment, generation method of identification token of terminal equipment and interaction method of client | |
| CN116506134A (en) | Digital certificate management method, device, equipment, system and readable storage medium | |
| CN115114674B (en) | Cloud auditing method, device, equipment and medium supporting automatic compensation of damaged data | |
| CN112132588B (en) | Data processing method and device based on block chain, routing equipment and storage medium | |
| EP3785410B1 (en) | Validation of short authentication data with a zero knowledge proof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |