CN115514487A - Data storage system, data encryption equipment and distributed storage system - Google Patents

Data storage system, data encryption equipment and distributed storage system Download PDF

Info

Publication number
CN115514487A
CN115514487A CN202211198913.XA CN202211198913A CN115514487A CN 115514487 A CN115514487 A CN 115514487A CN 202211198913 A CN202211198913 A CN 202211198913A CN 115514487 A CN115514487 A CN 115514487A
Authority
CN
China
Prior art keywords
data
storage system
distributed storage
encryption
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211198913.XA
Other languages
Chinese (zh)
Inventor
朱佩江
郭立华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Letter Interlink Beijing Technology Co ltd
Original Assignee
Letter Interlink Beijing Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Letter Interlink Beijing Technology Co ltd filed Critical Letter Interlink Beijing Technology Co ltd
Priority to CN202211198913.XA priority Critical patent/CN115514487A/en
Publication of CN115514487A publication Critical patent/CN115514487A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a data storage system, data encryption equipment and a distributed storage system. The data storage system includes a data encryption device and a distributed storage system. The data encryption equipment is used for receiving the written first data and encrypting the written first data based on the block chain to obtain encrypted data; the distributed storage system is used for receiving the encrypted data output by the data encryption equipment and storing the encrypted data in a distributed mode. The method for storing the data in the distributed mode after encryption improves the safety of the data, enables the data not to be decrypted easily after being stolen, and more importantly, increases the difficulty of data stealing, thereby improving the safety of data storage.

Description

Data storage system, data encryption equipment and distributed storage system
Technical Field
The present application relates to data storage technologies, and in particular, to a data storage system, a data encryption device, and a distributed storage system.
Background
In the field of storage technology, it is well known that data needs to be secured when stored. Especially, as the amount of users increases dramatically, more and more data are required to be stored by the users, and how to ensure that the data storage is safer needs to be considered.
The traditional data storage method is to receive data written by a user and store the written data into a database, and the storage form of the storage method is single, so that data leakage is easily caused. Specifically, the storage method is only simple to store when data is stored, which causes the problem that data is easy to steal and is easy to use after being stolen.
Therefore, how to improve the security of data storage still needs to be considered.
Disclosure of Invention
The application provides a data storage system, data encryption equipment and a distributed storage system, which are used for solving the problem of how to improve the safety of data storage.
In one aspect, the present application provides a data storage system comprising:
the data encryption equipment is used for receiving the written first data and encrypting the written first data based on the block chain to obtain encrypted data;
and the distributed storage system is used for receiving the encrypted data output by the data encryption equipment and storing the encrypted data in a distributed mode.
In one embodiment, the data encryption device supports a symmetric encryption algorithm and an asymmetric encryption algorithm.
In one embodiment, the data encryption device is specifically configured to:
acquiring a symmetric key of the first data;
encrypting the first data based on the symmetric secret key and the symmetric encryption algorithm to obtain encrypted data, and uploading the encrypted data to the distributed storage system for distributed storage;
encrypting the symmetric secret key based on an account public key and the asymmetric encryption algorithm to obtain a first ciphertext, and storing the first ciphertext in a preset database; the account public key is stored in the data encryption device corresponding to administrator information logged in a data encryption management system of the data encryption device.
In one embodiment, the data encryption device is further configured to:
after a data access request sent by a terminal device is acquired, a data issuing request interface is displayed, and the data issuing request interface at least displays information of the terminal device;
when a data issuing instruction is received, acquiring a first ciphertext from the preset database, and acquiring the encrypted data from the distributed storage system;
decrypting the first ciphertext based on an account private key to obtain the symmetric secret key, wherein the account private key and the account public key are a pair of secret keys;
decrypting the encrypted data based on the symmetric secret key to obtain the first data;
and sending the first data to the terminal equipment.
In one embodiment, the data encryption device is further configured to;
and displaying an administrator login interface, wherein the administrator login interface is used for authorizing an administrator to log in the data encryption management system of the data encryption equipment after receiving input administrator information.
In one embodiment, the distributed storage system is further configured to: and receiving the written second data, and storing the second data in a distributed mode.
In one embodiment, the distributed storage system includes N distributed storage nodes, and the distributed storage system is specifically configured to:
generating a random number P according to the receiving time of the first data, wherein the range of the random number P is 1-N, and N is a natural number greater than 1;
and storing the encrypted data to the P-th distributed storage node.
In another aspect, the present application provides a data writing and reading method, applied to a data encryption device, including:
receiving written first data, encrypting the written first data based on a block chain to obtain encrypted data, and uploading the encrypted data to a distributed storage system, wherein the distributed storage system is used for storing the encrypted data in a distributed manner;
after a data access request sent by terminal equipment is acquired, a data issuing request interface is displayed, and the data issuing request interface at least displays information of the terminal equipment;
when a data issuing command is received, the encrypted data are read from the distributed storage system, the encrypted data are decrypted to obtain first data, and the first data are sent to the terminal equipment.
In one embodiment, the obtaining the encrypted data after encrypting the written first data based on the blockchain includes:
acquiring a symmetric key of the first data;
encrypting the first data based on the symmetric secret key and a symmetric encryption algorithm to obtain encrypted data;
encrypting the symmetric secret key based on an account public key and an asymmetric encryption algorithm to obtain a first ciphertext, and storing the first ciphertext in a preset database; the account public key is an account public key which is correspondingly stored in the data encryption equipment and corresponds to administrator information logged in a data encryption management system of the data encryption equipment;
the decrypting the encrypted data to obtain first data comprises:
acquiring a first ciphertext from the preset database, and acquiring the encrypted data from the distributed storage system;
decrypting the first ciphertext based on an account private key to obtain the symmetric secret key, wherein the account private key and the account public key are a pair of secret keys;
and decrypting the encrypted data based on the symmetric secret key to obtain the first data.
In another aspect, the present application provides a data encryption device, including: a processor, and a memory communicatively coupled to the processor, the memory storing a computer program;
the processor is configured to execute the computer program to perform the method of writing and reading data according to the second aspect.
In another aspect, the present application provides a distributed storage system, comprising: a processing device and a plurality of distributed storage nodes;
the processing device is configured to receive encrypted data, and the plurality of distributed storage nodes are configured to store the encrypted data.
After receiving data written by a user, a data encryption device in the data storage system provided by the embodiment of the application encrypts the written data based on the block chain to obtain encrypted data, and then the distributed storage system performs distributed storage on the encrypted data or the written data. The mode of encrypting and then storing the data in a distributed mode not only improves the safety of the data, but also ensures that the data is not easy to decrypt after being stolen, and more importantly, increases the difficulty of data stealing, thereby improving the safety of data storage.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
FIG. 1 is a schematic diagram of a data storage system provided by an embodiment of the present application;
FIG. 2 is a schematic diagram of a data storage system storing data provided by another embodiment of the present application;
FIG. 3 is a schematic diagram of a data storage system storing data provided by yet another embodiment of the present application;
FIG. 4 is a schematic diagram of a data storage system provided by an embodiment of the present application to read data;
FIG. 5 is a flowchart illustrating a method for writing and reading data according to an embodiment of the present application;
FIG. 6 is a schematic diagram of a data encryption device provided by an embodiment of the present application;
fig. 7 is a schematic diagram of a distributed storage system according to an embodiment of the present application.
With the foregoing drawings in mind, certain embodiments of the disclosure have been shown and described in more detail below. The drawings and written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the disclosed concepts to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
In the description of the present application, it is to be understood that the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or as implying that the number of indicated technical features is indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present application, "a plurality" means two or more unless specifically limited otherwise.
In the field of storage technology, it is well known that data needs to be secured when stored. Especially, as the amount of users increases dramatically, more and more data are required to be stored by the users, and how to ensure that the data storage is safer needs to be considered.
The traditional data storage method is to receive data written by a user and store the written data into a database, and the storage form of the storage method is single, so that data leakage is easily caused. Specifically, the storage method is only simple to store when storing data, which causes the problem that data is easy to steal and is easy to use after being stolen. Therefore, how to improve the security of data storage still needs to be considered.
Based on this, the application provides a data storage system, a data encryption device and a distributed storage system. The data storage system includes a data encryption device and a distributed storage system. The data encryption equipment is used for receiving the written first data and encrypting the written first data based on the block chain to obtain encrypted data. The distributed storage system is used for receiving the encrypted data output by the data encryption device and storing the encrypted data in a distributed mode. The mode of encrypting and then storing the data in a distributed mode not only improves the safety of the data, but also ensures that the data is not easy to decrypt after being stolen, and more importantly, increases the difficulty of data stealing, thereby improving the safety of data storage.
Referring to fig. 1, one embodiment of the present application provides a data storage system 10, where the data storage system 10 includes a data encryption device 11 and a distributed storage system 12.
As shown in fig. 1, when a user wants to store data in the data storage system 10, the user writes the data to the data encryption device 11. The data encryption device 11 first receives the written first data, and performs encryption processing on the written first data based on the block chain to obtain encrypted data. The distributed storage system 12 is configured to receive the encrypted data output by the data encryption device 11 and store the encrypted data in a distributed manner.
In an optional embodiment, when the first data written is encrypted based on the blockchain, symmetric encryption processing, asymmetric encryption processing, or other forms of encryption processing may be performed on the first data, which is not limited in this embodiment. The symmetric Encryption processing form used in the symmetric Encryption processing may be a block Encryption form (DES), a 3-time block Encryption form (3 DES), an IDEA (International Data Encryption Algorithm) Encryption form, an AES (advanced Encryption Standard) Encryption form, or other symmetric Encryption forms. The asymmetric encryption processing form used in the asymmetric encryption processing may be a Digital Signature Algorithm (DSA) encryption form, an Elliptic Curve Signature Algorithm (ECDSA) encryption form, or another asymmetric encryption processing form.
In an alternative embodiment, the data encryption device 11 supports both symmetric encryption algorithms and asymmetric encryption algorithms. Referring to fig. 2, when encrypting the first data, the data encryption device 11 is specifically configured to obtain a symmetric key of the first data. The symmetric key of the first data is determined according to the information (random number) carried when the first data is uploaded. After the symmetric key is obtained, the first data is encrypted based on the symmetric key and the symmetric encryption algorithm to obtain encrypted data, and the encrypted data is uploaded to the distributed storage system 12 for distributed storage.
The distributed storage system 12 can store the encrypted data in a distributed, fragmented and multi-node distributed storage manner, which not only can satisfy the requirement of large-amount content storage, but also can realize the complete storage of the encrypted data, and improve the security of data storage.
As shown in fig. 1, in an alternative embodiment, the distributed storage System 12 includes N (N is a natural number greater than 1) distributed storage nodes, such as IPFS (internet platform File System) nodes, or other distributed storage nodes. When storing the encrypted data, the encrypted data may be stored to any one of the distributed storage nodes. Or, when storing the encrypted data, generating a random number P (the value range of the random number P is 1 to N) according to the receiving time of the first data, and then storing the encrypted data to the pth distributed storage node. That is, the distributed storage system 12 stores the encrypted data to the distributed storage nodes arranged in sequence according to the time of receiving the data.
For example, if the receiving time of the first data is a first time (e.g., 10 am) and the random number corresponding to the first time is 3, the encrypted data of the first data is stored in the 3 rd distributed storage node. The relationship between the reception time of the first data and the random number P may be preset in advance, for example, N is greater than or equal to 24, then the day is divided into 24 hours, and from time 0. Or in order to enable all distributed storage nodes to store encrypted data, a random number P =1 corresponding to the first hour (0 to 1.
The relationship between the receiving time of the first data and the random number P may be set according to the actual sending time of the data, the number of N, and the like, which is not limited in this embodiment.
In an alternative embodiment, the distributed storage system 12 may also store unencrypted data, e.g., the distributed storage system 12 receives written second data, which is unencrypted data, and redistributes the second data. The way of storing the unencrypted data in the distributed storage system 12 may be selected according to actual needs, and the embodiment is not limited.
Referring to fig. 3, in an alternative embodiment, in order to prevent the encrypted data from leaking, a ciphertext may be set to the encrypted data, that is, after the encrypted data is obtained, the encrypted data needs to be decrypted according to the ciphertext. On the data encryption device 11 side, the data encryption device 11 is configured to encrypt the symmetric key based on the account public key and the asymmetric encryption algorithm to obtain a first ciphertext, and store the first ciphertext in a preset database. The account public key is an account public key that is stored in the data encryption device 11 in correspondence with administrator information registered in the data encryption management system of the data encryption device 11. The data encryption device 11 is further configured to display an administrator login interface, where the administrator login interface is configured to receive input administrator information and then authorize an administrator to log in a data encryption management system of the data encryption device 11. That is, the administrator can obtain the account public key corresponding to the administrator information after logging in. Correspondingly, the administrator can also obtain the account private key after logging in.
The account public key and the account private key are a pair of keys and form a key pair, the account public key can be disclosed to the outside, and the account private key is reserved. The key pair derived by such an algorithm can be guaranteed to be unique worldwide. When using this key pair, if one of the keys is used to encrypt a piece of data, the other key must be used to decrypt the piece of data. If the data is encrypted by the public key, the data must be decrypted by the private key, and if the data is encrypted by the private key, the data must also be decrypted by the public key, otherwise the decryption will not be successful.
Correspondingly, referring to fig. 4, after the data encryption device 11 obtains the data access request sent by the terminal device, a data issuing request interface is displayed, where the data issuing request interface at least displays information of the terminal device. The data issuing request interface is used for an administrator to decide whether to issue data to the terminal equipment. And when a data issuing command is received, acquiring a first ciphertext from the preset database and acquiring the encrypted data from the distributed storage system. The data issuing command is generated by being triggered by an administrator, for example, the data issuing command is generated after the administrator selects a data issuing button in a data issuing request interface. And after the encrypted data and the first ciphertext are obtained, decrypting the first ciphertext based on the account private key to obtain the symmetric key. And decrypting the encrypted data based on the symmetric key to obtain the first data, and sending the first data to the terminal equipment.
In summary, the present embodiment provides a data storage system 10, where the data storage system 10 includes a data encryption device 11 and a distributed storage system 12 (which may include a plurality of distributed storage nodes), and the data encryption device 11 is configured to receive written first data, and perform encryption processing on the written first data based on a block chain to obtain encrypted data. The distributed storage system 12 is configured to receive the encrypted data output by the data encryption device 11 and store the encrypted data in a distributed manner. The mode of encrypting before storing data in a distributed mode not only improves the safety of the data, but also ensures that the data is not easy to decrypt after being stolen, and more importantly, increases the difficulty of data stealing, thereby improving the safety of data storage. In addition, the use of the distributed storage system 12 for data storage may improve the integrity and security of data storage.
Referring to fig. 5, an embodiment of the present application further provides a data writing and reading method, applied to the data encryption device 11, where the method includes:
and S510, receiving the written first data, encrypting the written first data based on the block chain to obtain encrypted data, and uploading the encrypted data to a distributed storage system, wherein the distributed storage system is used for storing the encrypted data in a distributed manner.
In an optional embodiment, when the first data written is encrypted based on the blockchain, symmetric encryption processing, asymmetric encryption processing, or other forms of encryption processing may be performed on the first data, which is not limited in this embodiment. The symmetric Encryption processing form used in the symmetric Encryption processing may be a block Encryption form (DES), a 3-time block Encryption form (3 DES), an IDEA (International Data Encryption Algorithm) Encryption form, an AES (advanced Encryption Standard) Encryption form, or other symmetric Encryption forms. The asymmetric encryption processing format used in the asymmetric encryption processing may be a Digital Signature Algorithm (DSA) encryption format, an Elliptic Curve Signature Algorithm (ECDSA) encryption format, or other asymmetric encryption processing format.
In an alternative embodiment, the data encryption device 11 supports both symmetric encryption algorithms and asymmetric encryption algorithms. When encrypting the first data, the data encryption device 11 is specifically configured to obtain a symmetric key of the first data, encrypt the first data based on the symmetric key and the symmetric encryption algorithm to obtain encrypted data, and upload the encrypted data to the distributed storage system for distributed storage.
The distributed storage system 12 can store the encrypted data in a distributed, fragmented, and multi-node distributed storage manner, which not only satisfies a large amount of content storage, but also realizes complete storage of the encrypted data, thereby improving the security of data storage.
In an alternative embodiment, the distributed storage system 12 includes a plurality of distributed storage nodes, and when storing the encrypted data, the encrypted data may be stored to any one of the distributed storage nodes. Or, further, the distributed storage system 12 includes N (N is a natural number greater than 1) distributed storage nodes, and when storing the encrypted data, a random number P (the value range of the random number P is 1 to N) is generated according to the reception time of the first data, and then the encrypted data is stored in the pth distributed storage node. That is, the distributed storage system 12 stores the encrypted data to the distributed storage nodes arranged in sequence according to the time of receiving the data.
For example, if the receiving time of the first data is a first time (e.g., 10 am) and the random number corresponding to the first time is 3, the encrypted data of the first data is stored in the 3 rd distributed storage node. The relationship between the reception time of the first data and the random number P may be preset in advance, for example, N is greater than or equal to 24, then the day is divided into 24 hours, and from time 0. Or in order to enable all distributed storage nodes to store encrypted data, a random number P =1 corresponding to the first hour (0 to 1.
The relationship between the receiving time of the first data and the random number P may be set according to the actual sending time of the data, the number of N, and the like, which is not limited in this embodiment.
In an alternative embodiment, the distributed storage system 12 may also store unencrypted data, e.g., the distributed storage system 12 receives written second data, which is unencrypted data, and redistributes the second data. The way of storing the unencrypted data in the distributed storage system 12 may be selected according to actual needs, and the embodiment is not limited.
In an optional embodiment, in order to prevent the encrypted data from being leaked, a ciphertext may be set for the encrypted data, that is, the symmetric key is encrypted based on the account public key and the asymmetric encryption algorithm to obtain a first ciphertext, and the first ciphertext is stored in the preset database. As described above, the account public key is the account public key stored in the data encryption device in correspondence with the administrator information registered in the data encryption management system of the data encryption device.
The account public key and the account private key are a pair of secret keys and form a secret key pair, the account public key can be published to the outside, and the account private key is reserved. The key pair derived by such an algorithm can be guaranteed to be unique worldwide. When using this key pair, if one of the keys is used to encrypt a piece of data, the other key must be used to decrypt it. If the public key is used for encrypting data, the data must be decrypted by the private key, and if the data is encrypted by the private key, the data must also be decrypted by the public key, otherwise the decryption will not be successful.
S520, after the data access request sent by the terminal equipment is obtained, a data issuing request interface is displayed, and the data issuing request interface at least displays information of the terminal equipment.
After the data encryption device 11 obtains the data access request sent by the terminal device, a data issuing request interface is displayed, and the data issuing request interface at least displays information of the terminal device. The data issuing request interface is used for an administrator to decide whether to issue data to the terminal equipment.
S530, when a data issuing command is received, the encrypted data is read from the distributed storage system, the encrypted data is decrypted to obtain first data, and the first data is sent to the terminal equipment.
In an optional embodiment, when a data issuing instruction is received, a first ciphertext is obtained from the preset database, and the encrypted data is obtained from the distributed storage system. The data issuing command is generated by being triggered by an administrator, for example, the data issuing command is generated after the administrator selects a data issuing button in a data issuing request interface. And after the encrypted data and the first ciphertext are obtained, decrypting the first ciphertext based on the account private key to obtain the symmetric secret key. And decrypting the encrypted data based on the symmetric key to obtain the first data, and sending the first data to the terminal equipment.
Referring to fig. 6, an embodiment of the present application further provides a data encryption device 20, which includes a processor 21, and a memory 22 communicatively connected to the processor 21, where the memory 22 stores a computer program. The processor 21 is configured to execute the computer program to perform the method for writing and reading data as provided in any of the above embodiments.
Referring to fig. 7, an embodiment of the present application further provides a distributed storage system 30, which includes a processing device 31 and a plurality of distributed storage nodes 32. The processing device 31 is configured to receive encrypted data and the plurality of distributed storage nodes 32 are configured to store the encrypted data.
The present application also provides a computer-readable storage medium having stored therein computer-executable instructions, which when executed, cause a computer to execute the instructions to implement the data storage method provided by any one of the above embodiments.
The present application also provides a computer program product comprising a computer program which, when executed by a processor, implements the data storage method as provided in any of the embodiments above.
The computer-readable storage medium may be a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Programmable Read Only Memory (EPROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a magnetic Random Access Memory (FRAM), a Flash Memory (Flash Memory), a magnetic surface Memory, an optical Disc, or a Compact Disc Read-Only Memory (CD-ROM). And may be various electronic devices such as mobile phones, computers, tablet devices, personal digital assistants, etc., including one or any combination of the above memories.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a component of' 8230; \8230;" does not exclude the presence of another like element in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present application are merely for description, and do not represent the advantages and disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application or portions thereof that contribute to the prior art may be embodied in the form of a software product, where the computer software product is stored in a storage medium (such as a ROM/RAM, a magnetic disk, and an optical disk), and includes several instructions for enabling a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method described in the embodiments of the present application.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present application, and not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application, or which are directly or indirectly applied to other related technical fields, are included in the scope of the present application.

Claims (11)

1. A data storage system, comprising:
the data encryption equipment is used for receiving the written first data and encrypting the written first data based on the block chain to obtain encrypted data;
and the distributed storage system is used for receiving the encrypted data output by the data encryption equipment and storing the encrypted data in a distributed mode.
2. The data storage system of claim 1, wherein the data encryption device supports a symmetric encryption algorithm and an asymmetric encryption algorithm.
3. The data storage system of claim 2, wherein the data encryption device is specifically configured to:
acquiring a symmetric key of the first data;
encrypting the first data based on the symmetric secret key and the symmetric encryption algorithm to obtain encrypted data, and uploading the encrypted data to the distributed storage system for distributed storage;
encrypting the symmetric secret key based on an account public key and the asymmetric encryption algorithm to obtain a first ciphertext, and storing the first ciphertext in a preset database; the account public key is stored in the data encryption device corresponding to administrator information logged in a data encryption management system of the data encryption device.
4. The data storage system of claim 3, wherein the data encryption device is further configured to:
after a data access request sent by a terminal device is acquired, a data issuing request interface is displayed, and the data issuing request interface at least displays information of the terminal device;
when a data issuing instruction is received, acquiring a first ciphertext from the preset database, and acquiring the encrypted data from the distributed storage system;
decrypting the first ciphertext based on an account private key to obtain the symmetric secret key, wherein the account private key and the account public key are a pair of secret keys;
decrypting the encrypted data based on the symmetric key to obtain the first data;
and transmitting the first data to the terminal equipment.
5. The data storage system of claim 3, wherein the data encryption device is further configured to;
and displaying an administrator login interface, wherein the administrator login interface is used for receiving input administrator information and then authorizing an administrator to log in the data encryption management system of the data encryption equipment.
6. The data storage system of claim 1, wherein the distributed storage system is further configured to: and receiving the written second data, and storing the second data in a distributed mode.
7. The data storage system of claim 1, wherein the distributed storage system comprises N distributed storage nodes, the distributed storage system being configured to:
generating a random number P according to the receiving time of the first data, wherein the range of the random number P is 1-N, and N is a natural number greater than 1;
and storing the encrypted data to the P-th distributed storage node.
8. A method for writing and reading data, applied to a data encryption device, comprising:
receiving written first data, encrypting the written first data based on a block chain to obtain encrypted data, and uploading the encrypted data to a distributed storage system, wherein the distributed storage system is used for storing the encrypted data in a distributed manner;
after a data access request sent by a terminal device is acquired, a data issuing request interface is displayed, and the data issuing request interface at least displays information of the terminal device;
when a data issuing command is received, the encrypted data are read from the distributed storage system, the encrypted data are decrypted to obtain first data, and the first data are sent to the terminal equipment.
9. The method according to claim 8, wherein the encrypting the written first data based on the blockchain to obtain encrypted data comprises:
acquiring a symmetric key of the first data;
encrypting the first data based on the symmetric secret key and a symmetric encryption algorithm to obtain encrypted data;
encrypting the symmetric secret key based on an account public key and an asymmetric encryption algorithm to obtain a first ciphertext, and storing the first ciphertext in a preset database; the account public key is an account public key which is correspondingly stored in the data encryption equipment and corresponds to administrator information logged in a data encryption management system of the data encryption equipment;
the decrypting the encrypted data to obtain first data comprises:
acquiring a first ciphertext from the preset database, and acquiring the encrypted data from the distributed storage system;
decrypting the first ciphertext based on an account private key to obtain the symmetric secret key, wherein the account private key and the account public key are a pair of secret keys;
and decrypting the encrypted data based on the symmetric secret key to obtain the first data.
10. A data encryption device, comprising: a processor, and a memory communicatively coupled to the processor, the memory storing a computer program;
the processor is adapted to execute the computer program to perform the method of data writing and reading as claimed in claim 8 or 9.
11. A distributed storage system, comprising: a processing device and a plurality of distributed storage nodes;
the processing device is configured to receive encrypted data, and the plurality of distributed storage nodes are configured to store the encrypted data.
CN202211198913.XA 2022-09-29 2022-09-29 Data storage system, data encryption equipment and distributed storage system Pending CN115514487A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211198913.XA CN115514487A (en) 2022-09-29 2022-09-29 Data storage system, data encryption equipment and distributed storage system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211198913.XA CN115514487A (en) 2022-09-29 2022-09-29 Data storage system, data encryption equipment and distributed storage system

Publications (1)

Publication Number Publication Date
CN115514487A true CN115514487A (en) 2022-12-23

Family

ID=84509005

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211198913.XA Pending CN115514487A (en) 2022-09-29 2022-09-29 Data storage system, data encryption equipment and distributed storage system

Country Status (1)

Country Link
CN (1) CN115514487A (en)

Similar Documents

Publication Publication Date Title
CN109471844B (en) File sharing method and device, computer equipment and storage medium
CN110519260B (en) Information processing method and information processing device
US20170118019A1 (en) Methods, systems and computer program product for providing verification code recovery and remote authentication
WO2015180691A1 (en) Key agreement method and device for verification information
US10951595B2 (en) Method, system and apparatus for storing website private key plaintext
CN113364760A (en) Data encryption processing method and device, computer equipment and storage medium
CN108111497B (en) Mutual authentication method and device for camera and server
CN109150897B (en) End-to-end communication encryption method and device
CN103929307A (en) Password input method, intelligent secret key device and client device
CN111294203B (en) Information transmission method
CN110798315A (en) Data processing method and device based on block chain and terminal
CN110868291B (en) Data encryption transmission method, device, system and storage medium
WO2015180689A1 (en) Method and apparatus for acquiring verification information
CN106330858A (en) Method and apparatus for realizing data cloud storage
CN113572743B (en) Data encryption and decryption methods and devices, computer equipment and storage medium
CN111143474B (en) One-key binding changing method for mobile phone number based on block chain technology
CN112241527B (en) Secret key generation method and system of terminal equipment of Internet of things and electronic equipment
CN113553572A (en) Resource information acquisition method and device, computer equipment and storage medium
US11405782B2 (en) Methods and systems for securing and utilizing a personal data store on a mobile device
CN107026730B (en) Data processing method, device and system
CN117041956A (en) Communication authentication method, device, computer equipment and storage medium
CN114500055B (en) Password verification method and device, electronic equipment and storage medium
CN108429621B (en) Identity verification method and device
CN116528230A (en) Verification code processing method, mobile terminal and trusted service system
CN116366289A (en) Safety supervision method and device for remote sensing data of unmanned aerial vehicle

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination