CN115630409B - Data storage control method and device - Google Patents

Data storage control method and device Download PDF

Info

Publication number
CN115630409B
CN115630409B CN202211334879.4A CN202211334879A CN115630409B CN 115630409 B CN115630409 B CN 115630409B CN 202211334879 A CN202211334879 A CN 202211334879A CN 115630409 B CN115630409 B CN 115630409B
Authority
CN
China
Prior art keywords
data
node
nodes
private
stored
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211334879.4A
Other languages
Chinese (zh)
Other versions
CN115630409A (en
Inventor
张智波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Yuanxing Information Technology Co ltd
Original Assignee
Shenzhen Yuanxing Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Yuanxing Information Technology Co ltd filed Critical Shenzhen Yuanxing Information Technology Co ltd
Priority to CN202211334879.4A priority Critical patent/CN115630409B/en
Publication of CN115630409A publication Critical patent/CN115630409A/en
Application granted granted Critical
Publication of CN115630409B publication Critical patent/CN115630409B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

本发明涉及数据存储技术领域,揭露了一种数据的存储控制方法及装置,包括:根据数据存储指令启动数据存储系统,其中数据存储系统由私有端、公有端及用户端组成,根从用户端中索引出待存储数据及待存储数据的加密结点数,基于加密结点数切分所述待存储数据,得到与待存储数据相同数量的切分数据集,根据所述切分数据集和待存储数据生成数据加密树,将数据加密树的根结点加密数据存储至用户端,叶子结点加密数据按照比例分别存储至私有端和公有端,内部结点加密数据按照比例分别存储至私有端和用户端,完成数据的存储控制。本发明主要目的在于解决对数据实现存储控制时面临大规模存储和安全性相矛盾的问题。

The present invention relates to the technical field of data storage, and discloses a data storage control method and device, including: starting a data storage system according to a data storage instruction, wherein the data storage system is composed of a private end, a public end, and a user end, and the root is from the user end Index the data to be stored and the number of encrypted nodes of the data to be stored, segment the data to be stored based on the number of encrypted nodes, and obtain the same number of split data sets as the data to be stored, according to the split data set and the number of encrypted nodes to be stored The data generates a data encryption tree, and the encrypted data of the root node of the data encryption tree is stored to the client, the encrypted data of the leaf nodes is stored in the private end and the public end in proportion, and the encrypted data of the internal nodes is stored in the private end and the public end in proportion. The client side completes data storage control. The main purpose of the invention is to solve the problem of conflict between large-scale storage and security when implementing storage control for data.

Description

一种数据的存储控制方法及装置A data storage control method and device

技术领域technical field

本发明涉及一种数据的存储控制方法及装置,属于数据存储技术领域。The invention relates to a data storage control method and device, belonging to the technical field of data storage.

背景技术Background technique

目前伴随科技发展,目前各类跟行业、个人诉求息息相关的系统被相继开发,极大的提高了人民的生活便捷性,但伴随而来的是各类系统的数据量呈现井喷式增加,如何高效存储数据是当下急需解决的问题。At present, with the development of science and technology, various systems that are closely related to industries and personal demands have been developed one after another, which has greatly improved the convenience of people's lives, but it is accompanied by a blowout increase in the amount of data in various systems. How to efficiently Data storage is an urgent problem to be solved at present.

常用的数据的存储控制方法主要依赖于用户端、私有端和公有端,即通过用户端、私有端和公有端的想好配合实现数据的存储与控制。其中,用户端直接面向用户与用户交互,私有端根据用户端所在企业、公司、科研机构等单位而构建的可提供数据高安全性的云端系统,公有端一般由第三方提供商提供,根据企业、公司、科研机构等单位需求,构建出一种可大规模存储但与其他单位存储资源共用的云端。Commonly used data storage control methods mainly rely on the user end, private end, and public end, that is, data storage and control are realized through the cooperation of the user end, private end, and public end. Among them, the client side is directly oriented to interact with users. The private side is a cloud system that can provide high data security based on the enterprise, company, scientific research institution and other units where the user side is located. The public side is generally provided by a third-party provider. According to the enterprise According to the needs of units, companies, scientific research institutions, etc., a cloud that can be stored on a large scale but shared with other units' storage resources is built.

相对来说,用户端对于数据的交流性和共享性较差,私有端更加安全,但不适合大规模存储,公有端虽然可实现大规模存储,但安全性较低。因此部分数据存储方法采取交叉存储的方法,即将数据分为重要数据和非重要数据,其中重要数据存储至私有端,非重要数据存储至公有端,这种方法实现了公有端和私有端的优势,但并非所有数据均可分为重要数据和非重要数据,此外,简单的数据拆分当发生数据泄露时,对于数据的溯源也极其困难,故当下数据存储控制依然面临大规模存储和安全性相矛盾的问题。Relatively speaking, the user end has poor communication and sharing of data, the private end is more secure, but it is not suitable for large-scale storage, and the public end can achieve large-scale storage, but it is less secure. Therefore, some data storage methods adopt the method of cross-storage, that is, the data is divided into important data and non-important data, in which important data is stored in the private end, and non-important data is stored in the public end. This method realizes the advantages of the public end and the private end. But not all data can be divided into important data and non-important data. In addition, simple data splitting makes it extremely difficult to trace the source of data when a data leak occurs. Contradictory question.

发明内容Contents of the invention

本发明提供一种数据的存储控制方法、装置及计算机可读存储介质,其主要目的在于解决对数据实现存储控制时面临大规模存储和安全性相矛盾的问题。The present invention provides a data storage control method, device and computer-readable storage medium, the main purpose of which is to solve the problem of large-scale storage and security conflicts when implementing storage control for data.

为实现上述目的,本发明提供的一种数据的存储控制方法,包括:In order to achieve the above purpose, a data storage control method provided by the present invention includes:

接收用户端发起的数据存储指令,根据所述数据存储指令启动数据存储系统,其中数据存储系统由私有端、公有端及用户端组成,其中私有端、公有端各自存储有验证用户端合法性的密钥对;Receive the data storage instruction initiated by the client, and start the data storage system according to the data storage instruction, wherein the data storage system is composed of a private end, a public end, and a client end, wherein the private end and the public end each store information for verifying the legitimacy of the client end. key pair;

基于所述私有端、公有端各自的密钥对验证用户端的合法性,当合法性验证通过时,根据所述数据存储指令从用户端中索引出待存储数据;Verifying the legitimacy of the user end based on the respective key pairs of the private end and the public end, when the legitimacy verification is passed, indexing the data to be stored from the user end according to the data storage instruction;

计算所述待存储数据的数据量,利用数据量确定待存储数据的加密结点数,并基于加密结点数切分所述待存储数据,得到与待存储数据相同数量的切分数据集;Calculating the data volume of the data to be stored, using the data volume to determine the number of encrypted nodes of the data to be stored, and segmenting the data to be stored based on the number of encrypted nodes to obtain the same number of split data sets as the data to be stored;

根据所述切分数据集和待存储数据生成数据加密树,其中,数据加密树由一个根结点和多个叶子结点组成,根结点对应根结点加密数据,由待存储数据生成,每个叶子结点和内部结点分别对应叶子结点加密数据和内部结点加密数据,均由切分数据集生成;Generate a data encryption tree according to the split data set and the data to be stored, wherein the data encryption tree is composed of a root node and a plurality of leaf nodes, the root node corresponds to the encrypted data of the root node, and is generated from the data to be stored, Each leaf node and internal node correspond to the encrypted data of the leaf node and the encrypted data of the internal node respectively, which are generated by splitting the data set;

将数据加密树的根结点加密数据存储至用户端,叶子结点加密数据按照比例分别存储至私有端和公有端,内部结点加密数据按照比例分别存储至私有端和用户端,完成数据的存储控制。The encrypted data of the root node of the data encryption tree is stored on the client side, the encrypted data of the leaf nodes is stored on the private side and the public side according to the proportion, and the encrypted data of the internal nodes is stored on the private side and the user side according to the proportion respectively, and the data is completely encrypted. storage control.

可选地,所述密钥对的存储过程包括:Optionally, the storage process of the key pair includes:

接收用户端加入至数据存储系统的申请指令,根据所述申请指令获取用户端的用户端属性,其中用户端属性包括用户端的用户名及用户密码、用户端IP地址、用户端端口值、用户端注册地、用户端运行许可信息。Receive an application instruction for the client to join the data storage system, and obtain the client attributes of the client according to the application instruction, wherein the client attributes include the user name and password of the client, the IP address of the client, the port value of the client, and the registration of the client. Local and client operating license information.

将所述用户端属性发送至数据存储系统的审核平台,当审核平台审核通过用户端的申请指令时,将用户端属性作为第一哈希算法的输入值执行哈希运算,得到用户端哈希值;Send the client attribute to the review platform of the data storage system, and when the review platform approves the application instruction of the client, use the client attribute as the input value of the first hash algorithm to perform a hash operation to obtain the client hash value ;

接收用户端的手写用户名签名,其中所述手写用户名签名与用户端的用户名一致;receiving the handwritten username signature of the client, wherein the handwritten username signature is consistent with the username of the client;

将所述手写用户名签名第二哈希算法的输入值执行哈希运算,得到签名哈希值;Performing a hash operation on the input value of the second hash algorithm of the handwritten username signature to obtain a signature hash value;

获取数据存储系统中每个私有端的私有端属性,及每个公有端的公有端属性,将每个私有端属性或公有端属性作为第一哈希算法的输入值执行哈希运算,分别得到私有端哈希值及公有端哈希值;Obtain the private end attributes of each private end in the data storage system, and the public end attributes of each public end, and use each private end attribute or public end attribute as the input value of the first hash algorithm to perform a hash operation to obtain the private end respectively Hash value and public hash value;

按照用户端哈希值、私有端哈希值及签名哈希值的顺序生成私有端的密钥对,其中,私有端的密钥对包括私有公钥及私有私钥,私有公钥存储至私有端,私有私钥存储至用户端;The key pair of the private end is generated in the order of the hash value of the user end, the hash value of the private end and the hash value of the signature. The key pair of the private end includes a private public key and a private private key, and the private public key is stored in the private end. The private private key is stored to the client;

按照用户端哈希值、公有端哈希值及签名哈希值的顺序生成公有端的密钥对,其中,公有端的密钥对包括公有公钥及公有私钥,公有公钥存储至公有端,公有私钥存储至用户端。The key pair of the public end is generated in the order of the hash value of the user end, the hash value of the public end, and the hash value of the signature. The key pair of the public end includes a public public key and a public private key, and the public public key is stored in the public end. The public and private keys are stored on the client side.

可选地,所述基于所述私有端、公有端各自的密钥对验证用户端的合法性,包括:Optionally, verifying the legitimacy of the client based on the respective key pairs of the private end and the public end includes:

生成用户端的合法验证指令,根据所述合法验证指令接收操作用户端的用户所输入的手写待验证签名;Generate the legal verification instruction of the client terminal, and receive the handwritten signature to be verified input by the user operating the client terminal according to the legal verification instruction;

计算所述手写待验证签名与手写用户名签名的相似度值,若相似度值不高于指定相似阈值,则确定用户端为非法用户端;Calculate the similarity value of the handwritten signature to be verified and the handwritten username signature, if the similarity value is not higher than the specified similarity threshold, then determine that the client is an illegal client;

若相似度值高于指定相似阈值,获取用户端中存储的所有私钥集,其中私钥集由私有私钥和公有私钥组成;If the similarity value is higher than the specified similarity threshold, obtain all private key sets stored in the client, where the private key set consists of private private keys and public private keys;

依次确定每个私有私钥与对应的私有端的私有公钥是否一致,及每个公有私钥与对应的公有端的公有公钥是否一致;Determine in turn whether each private private key is consistent with the private public key of the corresponding private end, and whether each public private key is consistent with the public public key of the corresponding public end;

直至所有的私有私钥与私有公钥,及公有私钥与公有公钥均一致,确定用户端具有合法性,验证通过。Until all private private keys and private public keys, and public private keys and public public keys are consistent, it is determined that the client is legal and the verification is passed.

可选地,所述利用数据量确定待存储数据的加密结点数,包括:Optionally, the determining the number of encrypted nodes to store data by using the amount of data includes:

接收设定的加密结点最高数与加密结点最低数;Receive the maximum number of encrypted nodes and the lowest number of encrypted nodes set;

将所述数据量作为如下公式的入参,并结合加密结点最高数与加密结点最低数确定待存储数据的加密结点数:Use the amount of data as an input parameter of the following formula, and combine the highest number of encrypted nodes and the lowest number of encrypted nodes to determine the number of encrypted nodes to store data:

其中,Ai表示第i个用户端的待存储数据的加密结点数,Bytei表示第i个用户端的待存储数据的数据量,jmax表示加密结点最高数,jmin表示加密结点最低数。Among them, A i represents the number of encrypted nodes of the data to be stored in the i-th client, Byte i represents the data volume of the data to be stored in the i-th client, j max represents the highest number of encrypted nodes, and j min represents the lowest number of encrypted nodes .

可选地,所述基于加密结点数切分所述待存储数据,得到与待存储数据相同数量的切分数据集,包括:Optionally, the splitting of the data to be stored based on the number of encrypted nodes to obtain the same number of split data sets as the data to be stored includes:

计算所述加密结点数是否为2的指数倍数,若加密结点数不为2的指数倍数,则增大加密结点数,直至加密结点数为2的指数倍数,确定加密结点数为指形结点数;Calculate whether the number of encrypted nodes is an exponential multiple of 2, if the number of encrypted nodes is not an exponential multiple of 2, then increase the number of encrypted nodes until the number of encrypted nodes is an exponential multiple of 2, and determine that the number of encrypted nodes is the number of finger nodes ;

计算指形结点数对2的指数值,同时按照待存储数据的数据结构的先后顺序,将待存储数据一切为2,得到2切分数据集,其中,2切分数据集中包括2组2切分数据;Calculate the index value of the number of finger nodes to 2, and at the same time, according to the order of the data structure of the data to be stored, divide the data to be stored into 2, and obtain a 2-segmented data set, where the 2-segmented data set includes 2 groups of 2 slices points data;

判断2切分数据集的数据量是否等于指数值,若2切分数据集的数据量不等于指数值,则重复切分步骤,即按照2切分数据集中每组2切分数据的数据结构的先后顺序,将2切分数据一切为2,得到4分切分数据集,其中,4切分数据集中包括4组4切分数据;Determine whether the data volume of the 2-splitting data set is equal to the index value. If the data volume of the 2-splitting data set is not equal to the exponent value, repeat the segmentation step, that is, according to the data structure of each group of 2-splitting data in the 2-splitting data set In order of succession, the 2-segmented data is divided into 2, and the 4-segmented data set is obtained, wherein, the 4-segmented data set includes 4 groups of 4-segmented data;

直至2n切分数据集的切分次数n等于指数值,汇总2切分数据集、4切分数据、…、2n切分数据集得到切分数据集。Until the number of splits n of the 2 n split data set is equal to the index value, the 2 split data set, the 4 split data, ..., the 2 n split data set are aggregated to obtain the split data set.

可选地,所述根据所述切分数据集和待存储数据生成数据加密树,包括:Optionally, the generating a data encryption tree according to the split data set and the data to be stored includes:

根据所述指形结点数生成空结点树,其中空结点树包括根结点、内部结点及叶子结点;Generate an empty node tree according to the number of finger nodes, wherein the empty node tree includes a root node, an internal node and a leaf node;

根据预设的第一数据加密方法,对所述待存储数据执行加密并压缩,得到根结点加密数据,将根结点加密数据放入至根结点;According to the preset first data encryption method, encrypt and compress the data to be stored to obtain encrypted data of the root node, and put the encrypted data of the root node into the root node;

将切分数据集中的2切分数据集、4切分数据、…、2n-1切分数据集按照第二数据加密方法执行加密并压缩,得到内部结点加密数据,并将内部结点加密数据分别放入至内部结点;Encrypt and compress the 2-segmented data set, 4-segmented data, ..., 2 n-1 segmented data set in the segmented data set according to the second data encryption method to obtain internal node encrypted data, and convert the internal node The encrypted data is put into the internal nodes respectively;

将2n切分数据集按照第三数据加密方法执行加密并压缩,得到叶子结点加密数据,并将叶子结点加密数据分别放入至叶子结点;Encrypt and compress the 2n split data set according to the third data encryption method to obtain leaf node encrypted data, and put the leaf node encrypted data into the leaf nodes respectively;

汇总包括根结点加密数据、内部结点加密数据及叶子结点加密数据的所有根结点、内部结点及叶子结点,得到所述数据加密树。Summarizing all the root nodes, internal nodes and leaf nodes including encrypted data of root nodes, encrypted data of internal nodes and encrypted data of leaf nodes, to obtain the data encryption tree.

可选地,所述根据所述指形结点数生成空结点树,包括:Optionally, the generating an empty node tree according to the number of finger nodes includes:

生成根结点,其中根结点的数量为1;Generate a root node, where the number of root nodes is 1;

在根结点的下方分裂出2个内部结点,且2个内部结点分别位于根结点的左右,判断此时结点的分裂次数是否等于指形结点数,若此时分裂次数等于指形结点数,则将内部结点确定为叶子结点,由根结点及叶子结点组成空结点树,空结点树包括根结点及叶子结点;Two internal nodes are split below the root node, and the two internal nodes are respectively located on the left and right sides of the root node. It is judged whether the number of splits of the node at this time is equal to the number of finger nodes. If the number of splits at this time is equal to the number of finger nodes If the number of shape nodes is determined, the internal nodes are determined as leaf nodes, and an empty node tree is composed of root nodes and leaf nodes. The empty node tree includes root nodes and leaf nodes;

若此时分裂次数小于指形结点数,则在每个内部结点的下方继续分裂出2个内部结点,并判断此时分裂次数是否等于指形结点数,直至分裂次数等于指形结点数时,由根结点、内部结点及叶子结点组成空结点树,空结点树包括根结点、内部结点及叶子结点。If the number of splits is less than the number of finger nodes at this time, continue to split two internal nodes below each internal node, and judge whether the number of splits is equal to the number of finger nodes at this time, until the number of splits is equal to the number of finger nodes When , an empty node tree is composed of root nodes, internal nodes and leaf nodes, and the empty node tree includes root nodes, internal nodes and leaf nodes.

可选地,所述根据预设的第一数据加密方法,对所述待存储数据执行加密并压缩,得到根结点加密数据,包括:Optionally, performing encryption and compression on the data to be stored according to the preset first data encryption method to obtain root node encrypted data includes:

接收设定的最小压缩单元,其中最小压缩单元由数据头、随机标记符、结点标识符组成;Receive the set minimum compression unit, where the minimum compression unit consists of a data header, a random marker, and a node identifier;

确定所述数据头的最大可容纳量,根据所述最大可容纳量拆分待存储数据,得到多组数据头存储数据;Determining the maximum capacity of the data header, splitting the data to be stored according to the maximum capacity to obtain multiple sets of data header storage data;

生成与多组数据头存储数据相同数量的最小压缩单元,并依次将每组数据头存储数据存入至每个最小压缩单元;Generate the same number of minimum compression units as the data stored in multiple sets of data headers, and sequentially store the data stored in each set of data headers into each minimum compression unit;

同时将每个最小压缩单元的结点标识符设置为20,并基于加密算法生成第一公钥和第一私钥;At the same time, the node identifier of each minimum compression unit is set to 2 0 , and a first public key and a first private key are generated based on an encryption algorithm;

将第一公钥作为每个最小压缩单元的随机标记符,第一私钥存储于私有端后,对每个最小压缩单元执行压缩处理,得到根结点加密数据。The first public key is used as the random marker of each minimum compression unit, and after the first private key is stored in the private end, compression processing is performed on each minimum compression unit to obtain encrypted data of the root node.

可选地,所述将切分数据集中的2切分数据集、4切分数据、…、2n-1切分数据集按照第二数据加密方法执行加密并压缩,得到内部结点加密数据,包括:Optionally, the 2-segmented data set, 4-segmented data, ..., 2n-1 segmented data sets in the segmented data set are encrypted and compressed according to the second data encryption method to obtain internal node encrypted data ,include:

按照每个内部结点在数据加密树的结构,将内部结点分为第一层内部结点、第二层内部结点、…、第n-1层内部结点;According to the structure of each internal node in the data encryption tree, the internal nodes are divided into internal nodes of the first layer, internal nodes of the second layer, ..., internal nodes of the n-1th layer;

提取第一层内部结点的加密压缩算法,并根据第一层内部结点的加密压缩算法对2切分数据集执行加密压缩,得到2切分加密数据集;Extract the encryption compression algorithm of the internal nodes of the first layer, and perform encryption and compression on the 2-splitting data set according to the encryption compression algorithm of the internal nodes of the first layer, and obtain the 2-splitting encrypted data set;

提取第二层内部结点、…、第n-1层内部结点的加密压缩算法,分别对4切分数据、…、n-2切分数据集执行加密压缩,得到4切分加密数据集、…、2n-1切分加密数据集;Extract the encryption and compression algorithms of the internal nodes of the second layer, ..., the internal nodes of the n-1th layer, respectively perform encryption and compression on the 4-segmented data, ..., n-2-segmented data sets, and obtain a 4-segmented encrypted data set , ..., 2 n-1 split encrypted data set;

当完成对2切分数据集、4切分数据、…、2n-1切分数据集时,生成第二公钥和第二私钥,并将第二私钥存储于用户端,第二公钥存储至私有端后,汇总2切分加密数据集、…、2n-1切分加密数据集得到所述内部结点加密数据。When the 2-splitting data set, 4-splitting data, ..., 2 n-1 splitting the data set are completed, the second public key and the second private key are generated, and the second private key is stored in the client, and the second After the public key is stored in the private end, the encrypted data of internal nodes is obtained by summarizing 2 encrypted data sets, ..., 2 n-1 encrypted data sets.

可选地,所述将2n切分数据集按照第三数据加密方法执行加密并压缩,得到叶子结点加密数据,包括:Optionally, the 2n split data set is encrypted and compressed according to the third data encryption method to obtain leaf node encrypted data, including:

判断所述2n切分数据集中每个2n切分数据的数据量与所述最小压缩单元的数据头的最大可容纳量的大小关系;Judging the relationship between the data volume of each 2n split data in the 2n split data set and the maximum capacity of the data header of the minimum compression unit;

若每个2n切分数据的数据量均大于所述数据头的最大可容纳量,则对数据头的最大可容纳量执行扩容操作;If the data volume of each 2n split data is greater than the maximum capacity of the data header, then perform an expansion operation on the maximum capacity of the data header;

直至每个2n切分数据的数据量均小于或等于所述数据头的最大可容纳量时,生成与2n切分数据集相同数量的最小压缩单元,并依次将每个2n切分数据存储至每个最小压缩单元;Until the data volume of each 2 n split data is less than or equal to the maximum capacity of the data header, generate the same number of minimum compression units as the 2 n split data set, and sequentially divide each 2 n split Data is stored to each smallest compression unit;

同时将每个最小压缩单元的结点标识符设置为2n,并基于加密算法生成第三公钥和第三私钥;At the same time, the node identifier of each minimum compression unit is set to 2 n , and a third public key and a third private key are generated based on an encryption algorithm;

将第三公钥作为每个最小压缩单元的随机标记符,并将第三私钥存储于私有端后,对每个最小压缩单元执行压缩处理,得到叶子结点加密数据。After the third public key is used as the random marker of each minimum compression unit, and the third private key is stored in the private end, compression processing is performed on each minimum compression unit to obtain leaf node encrypted data.

为了解决上述问题,本发明还提供一种数据的存储控制装置,所述装置包括:In order to solve the above problems, the present invention also provides a data storage control device, which includes:

用户端验证模块,用于接收用户端发起的数据存储指令,根据所述数据存储指令启动数据存储系统,其中数据存储系统由私有端、公有端及用户端组成,其中私有端、公有端各自存储有验证用户端合法性的密钥对,基于所述私有端、公有端各自的密钥对验证用户端的合法性,当合法性验证通过时,根据所述数据存储指令从用户端中索引出待存储数据;The client verification module is used to receive the data storage instruction initiated by the client, and start the data storage system according to the data storage instruction, wherein the data storage system is composed of a private end, a public end and a client end, wherein the private end and the public end respectively store There is a key pair for verifying the legitimacy of the client, and the legitimacy of the client is verified based on the respective key pairs of the private end and the public end. Storing data;

数据切分模块,用于计算所述待存储数据的数据量,利用数据量确定待存储数据的加密结点数,并基于加密结点数切分所述待存储数据,得到与待存储数据相同数量的切分数据集;The data segmentation module is used to calculate the data volume of the data to be stored, determine the number of encrypted nodes of the data to be stored by using the data volume, and divide the data to be stored based on the number of encrypted nodes to obtain the same number of data to be stored Split the dataset;

数据加密树生成模块,用于根据所述切分数据集和待存储数据生成数据加密树,其中,数据加密树由一个根结点和多个叶子结点组成,根结点对应根结点加密数据,由待存储数据生成,每个叶子结点和内部结点分别对应叶子结点加密数据和内部结点加密数据,均由切分数据集生成;A data encryption tree generating module, configured to generate a data encryption tree according to the split data set and the data to be stored, wherein the data encryption tree is composed of a root node and a plurality of leaf nodes, and the root node is encrypted corresponding to the root node The data is generated from the data to be stored. Each leaf node and internal node correspond to the encrypted data of the leaf node and the encrypted data of the internal node respectively, which are generated by splitting the data set;

存储控制模块,用于将数据加密树的根结点加密数据存储至用户端,叶子结点加密数据按照比例分别存储至私有端和公有端,内部结点加密数据按照比例分别存储至私有端和用户端,完成数据的存储控制。The storage control module is used to store the encrypted data of the root node of the data encryption tree to the user end, the encrypted data of the leaf nodes are stored in the private end and the public end in proportion, and the encrypted data of the internal nodes are respectively stored in the private end and the public end in proportion. The client side completes data storage control.

为了解决上述问题,本发明还提供一种电子设备,所述电子设备包括:In order to solve the above problems, the present invention also provides an electronic device, which includes:

至少一个处理器;以及,at least one processor; and,

与所述至少一个处理器通信连接的存储器;其中,a memory communicatively coupled to the at least one processor; wherein,

所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以实现上述所述的数据的存储控制方法。The memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor, so as to implement the above-mentioned data storage control method.

为了解决上述问题,本发明还提供一种计算机可读存储介质,所述计算机可读存储介质中存储有至少一个指令,所述至少一个指令被电子设备中的处理器执行以实现上述所述的数据的存储控制方法。In order to solve the above problems, the present invention also provides a computer-readable storage medium, at least one instruction is stored in the computer-readable storage medium, and the at least one instruction is executed by a processor in the electronic device to realize the above-mentioned Data storage control method.

相比于背景技术所述问题,本发明实施例先接收用户端发起的数据存储指令,根据所述数据存储指令启动数据存储系统,其中数据存储系统由私有端、公有端及用户端组成,其中私有端、公有端各自存储有验证用户端合法性的密钥对,密钥对的主要作用在于验证用户端的合法性,从而提高对数据的存储控制的安全性,当合法性验证通过时,根据所述数据存储指令从用户端中索引出待存储数据,计算所述待存储数据的数据量,利用数据量确定待存储数据的加密结点数,并基于加密结点数切分所述待存储数据,得到与待存储数据相同数量的切分数据集,本发明实施例的主要目的在于不断反复的切分待存储数据,从而达到待存储数据的碎片化,这样即使部分切分数据泄露也不会造成重要的安全隐患,因此进一步地,根据所述切分数据集和待存储数据生成数据加密树,其中,数据加密树由一个根结点和多个叶子结点组成,根结点对应根结点加密数据,由待存储数据生成,每个叶子结点和内部结点分别对应叶子结点加密数据和内部结点加密数据,均由切分数据集生成,其中数据加密树的主要作用在于体现出对待存储数据的切分逻辑,最后,将数据加密树的根结点加密数据存储至用户端,叶子结点加密数据按照比例分别存储至私有端和公有端,内部结点加密数据按照比例分别存储至私有端和用户端,完成数据的存储控制,可见通过数据的碎片化,在保证数据安全性的前提下,可同时将数据存储至公有端和私有端,充分结合了公有端和私有端各自的优点,此外,本发明实施例所构建的数据加密树,相比于背景技术所述,将数据拆分为重要数据和非重要数据分别存储至私有端和公有端来说,解决了数据泄露时的溯源问题,因为数据加密树具有层层递进的逻辑关系,其中根结点对应根结点加密数据,每个叶子结点和内部结点分别对应叶子结点加密数据和内部结点加密数据,而每个叶子结点和内部结点均由根结点的数据生成,因此一旦发生数据丢失或泄露时,可高效快速的根据数据加密树追溯到丢失数据,安全性进一步提高。因此本发明提出的数据的存储控制方法、装置、电子设备及计算机可读存储介质,其主要目的在于解决对数据实现存储控制时面临大规模存储和安全性相矛盾的问题。Compared with the problems described in the background technology, the embodiment of the present invention first receives the data storage instruction initiated by the user end, and starts the data storage system according to the data storage instruction, wherein the data storage system is composed of a private end, a public end, and a user end, wherein The private end and the public end each store a key pair to verify the legitimacy of the user end. The main function of the key pair is to verify the legitimacy of the user end, thereby improving the security of data storage control. When the legitimacy verification is passed, according to The data storage instruction indexes the data to be stored from the client, calculates the data volume of the data to be stored, uses the data volume to determine the number of encrypted nodes of the data to be stored, and divides the data to be stored based on the number of encrypted nodes, To obtain the same number of split data sets as the data to be stored, the main purpose of the embodiment of the present invention is to repeatedly split the data to be stored, so as to achieve the fragmentation of the data to be stored, so that even if part of the split data leaks, it will not cause important security risks, so further, a data encryption tree is generated based on the split data set and the data to be stored, wherein the data encryption tree consists of a root node and multiple leaf nodes, and the root node corresponds to the root node The encrypted data is generated from the data to be stored. Each leaf node and internal node correspond to the encrypted data of the leaf node and the encrypted data of the internal node respectively, which are generated by splitting the data set. The main function of the data encryption tree is to reflect For the segmentation logic of the stored data, finally, the encrypted data of the root node of the data encryption tree is stored to the client, the encrypted data of the leaf nodes is stored in the private end and the public end in proportion, and the encrypted data of the internal nodes is stored in proportion To the private end and the user end, complete the storage control of the data. It can be seen that through the fragmentation of the data, the data can be stored in the public end and the private end at the same time under the premise of ensuring data security, which fully combines the public end and the private end. In addition, the data encryption tree constructed by the embodiment of the present invention, compared with the background technology, splits the data into important data and non-important data and stores them on the private end and the public end respectively, which solves the problem of data leakage The problem of traceability, because the data encryption tree has a progressive logical relationship, where the root node corresponds to the encrypted data of the root node, and each leaf node and internal node correspond to the encrypted data of the leaf node and the encrypted data of the internal node. Data, and each leaf node and internal node is generated from the data of the root node, so in the event of data loss or leakage, the lost data can be traced back efficiently and quickly according to the data encryption tree, and the security is further improved. Therefore, the data storage control method, device, electronic equipment, and computer-readable storage medium proposed by the present invention are mainly aimed at solving the problem of conflicting between large-scale storage and security when implementing storage control for data.

附图说明Description of drawings

图1为本发明一实施例提供的数据的存储控制方法的流程示意图;FIG. 1 is a schematic flowchart of a data storage control method provided by an embodiment of the present invention;

图2为本发明一实施例提供的数据的存储控制装置的功能模块图;Fig. 2 is a functional block diagram of a data storage control device provided by an embodiment of the present invention;

图3为本发明一实施例提供的实现所述数据的存储控制方法的电子设备的结构示意图。FIG. 3 is a schematic structural diagram of an electronic device implementing the data storage control method provided by an embodiment of the present invention.

本发明目的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The realization of the purpose, function and advantages of the present invention will be further described in conjunction with the embodiments and with reference to the accompanying drawings.

具体实施方式Detailed ways

应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

本申请实施例提供一种数据的存储控制方法。所述数据的存储控制方法的执行主体包括但不限于服务端、终端等能够被配置为执行本申请实施例提供的该方法的电子设备中的至少一种。换言之,所述数据的存储控制方法可以由安装在终端设备或服务端设备的软件或硬件来执行。所述服务端包括但不限于:单台服务器、服务器集群、云端服务器或云端服务器集群等。An embodiment of the present application provides a data storage control method. The executor of the data storage control method includes but is not limited to at least one of electronic devices such as a server and a terminal that can be configured to execute the method provided by the embodiment of the present application. In other words, the data storage control method may be implemented by software or hardware installed on the terminal device or the server device. The server includes, but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like.

实施例1:Example 1:

参照图1所示,为本发明一实施例提供的数据的存储控制方法的流程示意图。在本实施例中,所述数据的存储控制方法包括:Referring to FIG. 1 , it is a schematic flowchart of a data storage control method provided by an embodiment of the present invention. In this embodiment, the data storage control method includes:

S1、接收用户端发起的数据存储指令,根据所述数据存储指令启动数据存储系统,其中数据存储系统由私有端、公有端及用户端组成,其中私有端、公有端各自存储有验证用户端合法性的密钥对。S1. Receive the data storage instruction initiated by the user terminal, and start the data storage system according to the data storage instruction, wherein the data storage system is composed of a private terminal, a public terminal, and a user terminal, wherein the private terminal and the public terminal respectively store data for verifying that the user terminal is legal Sexual key pair.

本发明实施例中,数据存储系统一般包括多个用户端、多个私有端及多个公有端。其中用户端直接面向用户与用户直接交互,私有端是根据多个用户端所在的企业、公司、科研机构等单位而构建的可提供对数据高安全性的云端,相对来说,私有端更加安全,但不适合大规模存储。公有端一般由第三方提供商提供,根据企业、公司、科研机构等单位的需求,构建出一种可大规模存储但与其他单位存储资源共用的云端,即称为公有端。In the embodiment of the present invention, the data storage system generally includes multiple client terminals, multiple private terminals and multiple public terminals. Among them, the client side is directly facing the user and directly interacts with the user. The private side is built according to the enterprises, companies, scientific research institutions and other units where the multi-client side is located, which can provide high data security. Relatively speaking, the private side is more secure , but not suitable for large-scale storage. The public end is generally provided by a third-party provider. According to the needs of enterprises, companies, scientific research institutions and other units, a cloud that can be stored on a large scale but shared with other units' storage resources is built, which is called the public end.

可理解的是,私有端隶属于多个用户端所在的单位,且由单位自行管理,安全性高但可维护性较差,公有端由可大规模存储,但由于资源共用且第三方维护,安全性较差。It is understandable that the private end belongs to the unit where multiple client terminals are located, and is managed by the unit itself. It has high security but poor maintainability. The public end can be stored on a large scale, but due to resource sharing and third-party maintenance, Less security.

相比于传统数据存储方法来说,本发明实施例中为了克服私有端和公有端的缺点,结合公有端和私有端的优点,提出一种新的数据存储方法。新的数据存储方法首先在实现数据存储之前,需要验证用户端的合法性,由此在构建时数据存储系统,私有端、公有端各自存储有验证用户端合法性的密钥对,详细地,所述密钥对的存储过程包括:Compared with the traditional data storage method, in order to overcome the shortcomings of the private end and the public end and combine the advantages of the public end and the private end in the embodiment of the present invention, a new data storage method is proposed. The new data storage method first needs to verify the legitimacy of the client before implementing data storage. Therefore, when constructing the data storage system, the private end and the public end each store a key pair for verifying the legitimacy of the client. In detail, all The stored procedure of the key pair includes:

接收用户端加入至数据存储系统的申请指令,根据所述申请指令获取用户端的用户端属性,其中用户端属性包括用户端的用户名及用户密码、用户端IP地址、用户端端口值、用户端注册地、用户端运行许可信息。Receive an application instruction for the client to join the data storage system, and obtain the client attributes of the client according to the application instruction, wherein the client attributes include the user name and password of the client, the IP address of the client, the port value of the client, and the registration of the client. Local and client operating license information.

将所述用户端属性发送至数据存储系统的审核平台,当审核平台审核通过用户端的申请指令时,将用户端属性作为第一哈希算法的输入值执行哈希运算,得到用户端哈希值;Send the client attribute to the review platform of the data storage system, and when the review platform approves the application instruction of the client, use the client attribute as the input value of the first hash algorithm to perform a hash operation to obtain the client hash value ;

接收用户端的手写用户名签名,其中所述手写用户名签名与用户端的用户名一致;receiving the handwritten username signature of the client, wherein the handwritten username signature is consistent with the username of the client;

将所述手写用户名签名第二哈希算法的输入值执行哈希运算,得到签名哈希值;Performing a hash operation on the input value of the second hash algorithm of the handwritten username signature to obtain a signature hash value;

获取数据存储系统中每个私有端的私有端属性,及每个公有端的公有端属性,将每个私有端属性或公有端属性作为第一哈希算法的输入值执行哈希运算,分别得到私有端哈希值及公有端哈希值;Obtain the private end attributes of each private end in the data storage system, and the public end attributes of each public end, and use each private end attribute or public end attribute as the input value of the first hash algorithm to perform a hash operation to obtain the private end respectively Hash value and public hash value;

按照用户端哈希值、私有端哈希值及签名哈希值的顺序生成私有端的密钥对,其中,私有端的密钥对包括私有公钥及私有私钥,私有公钥存储至私有端,私有私钥存储至用户端;The key pair of the private end is generated in the order of the hash value of the user end, the hash value of the private end and the hash value of the signature. The key pair of the private end includes a private public key and a private private key, and the private public key is stored in the private end. The private private key is stored to the client;

按照用户端哈希值、公有端哈希值及签名哈希值的顺序生成公有端的密钥对,其中,公有端的密钥对包括公有公钥及公有私钥,公有公钥存储至公有端,公有私钥存储至用户端。The key pair of the public end is generated in the order of the hash value of the user end, the hash value of the public end, and the hash value of the signature. The key pair of the public end includes a public public key and a public private key, and the public public key is stored in the public end. The public and private keys are stored on the client side.

示例性的,小张为某科研机构的新加入员工,现正在开展某项科研研究,在开展过程中产生了重要的科研文件,因此小张需要将科研文件存储至科研机构所指定的数据存储系统内,因此小张按照上述技术要求,根据自己用户端发起加入至数据存储系统的申请指令。For example, Xiao Zhang is a new employee of a scientific research institution, and is currently carrying out a certain scientific research. During the process, important scientific research documents are produced, so Xiao Zhang needs to store the scientific research files in the data storage designated by the scientific research institution In the system, Xiao Zhang initiates an application instruction to join the data storage system according to the above technical requirements according to his client terminal.

进一步地,本发明实施例所述第一哈希算法一般情况下与第二哈希算法不同,其中第一哈希算法包括但不限于MD5、SHA-1、SHA-256等,第二哈希算法包括但不限于感知哈希算法、dHash等。Further, the first hash algorithm described in the embodiment of the present invention is generally different from the second hash algorithm, wherein the first hash algorithm includes but not limited to MD5, SHA-1, SHA-256, etc., and the second hash algorithm Algorithms include but are not limited to perceptual hashing algorithms, dHash, etc.

S2、基于所述私有端、公有端各自的密钥对验证用户端的合法性,当验证通过时,根据所述数据存储指令从用户端中索引出待存储数据。S2. Verify the legitimacy of the user terminal based on the respective key pairs of the private terminal and the public terminal, and when the verification is passed, index the data to be stored from the user terminal according to the data storage instruction.

可理解的是,用户端中存储有每个私有端及公有端的私钥,通过私钥和公钥的对应性即可验证用户端的合法性,详细地,所述基于所述私有端、公有端各自的密钥对验证用户端的合法性,包括:It can be understood that the private key of each private end and public end is stored in the user end, and the legitimacy of the user end can be verified through the correspondence between the private key and the public key. In detail, based on the private end, public end The respective key pairs verify the legitimacy of the client, including:

生成用户端的合法验证指令,根据所述合法验证指令接收操作用户端的用户所输入的手写待验证签名;Generate the legal verification instruction of the client terminal, and receive the handwritten signature to be verified input by the user operating the client terminal according to the legal verification instruction;

计算所述手写待验证签名与手写用户名签名的相似度值,若相似度值不高于指定相似阈值,则确定用户端为非法用户端;Calculate the similarity value of the handwritten signature to be verified and the handwritten username signature, if the similarity value is not higher than the specified similarity threshold, then determine that the client is an illegal client;

若相似度值高于指定相似阈值,获取用户端中存储的所有私钥集,其中私钥集由私有私钥和公有私钥组成;If the similarity value is higher than the specified similarity threshold, obtain all private key sets stored in the client, where the private key set consists of private private keys and public private keys;

依次确定每个私有私钥与对应的私有端的私有公钥是否一致,及每个公有私钥与对应的公有端的公有公钥是否一致;Determine in turn whether each private private key is consistent with the private public key of the corresponding private end, and whether each public private key is consistent with the public public key of the corresponding public end;

直至所有的私有私钥与私有公钥,及公有私钥与公有公钥均一致,确定用户端具有合法性,验证通过。Until all private private keys and private public keys, and public private keys and public public keys are consistent, it is determined that the client is legal and the verification is passed.

示例性的,小张前期已根据自己用户端发起加入至数据存储系统的申请指令,且申请通过,表示小张的用户端已经隶属于数据存储系统。现在需上传科研文件,因此安装上述要求,先再一次手写一份手写待验证签名,然后并将自己所在的用户端所保存的私钥集依次与数据存储系统的私有端、公有端的公钥执行一致性判断,直至均满足要求后,确定小张所在的用户端为合法用户端。Exemplarily, Xiao Zhang has initiated an application instruction to join the data storage system according to his own client in the early stage, and the application is passed, which means that Xiao Zhang's client has already belonged to the data storage system. Now you need to upload scientific research files, so to install the above requirements, first write a handwritten signature to be verified again, and then execute the private key set saved on your client side with the public key of the private end and public end of the data storage system in turn Consistency judgment, until all requirements are met, it is determined that the client where Xiao Zhang is located is a legitimate client.

S3、计算所述待存储数据的数据量,利用数据量确定待存储数据的加密结点数,并基于加密结点数切分所述待存储数据,得到与待存储数据相同数量的切分数据集。S3. Calculate the data volume of the data to be stored, use the data volume to determine the number of encrypted nodes of the data to be stored, and divide the data to be stored based on the number of encrypted nodes to obtain the same number of divided data sets as the data to be stored.

需解释的是,本发明实施例为了提高数据存储的安全性,充分利用公有端和私有端的优点,先切分待存储数据然后构建出数据加密树,数据加密树反映出切分数据集的切分逻辑及加密逻辑,可有效根据数据加密树提高存储安全性。It should be explained that, in order to improve the security of data storage, the embodiments of the present invention make full use of the advantages of the public end and the private end, first segment the data to be stored, and then build a data encryption tree, which reflects the segmentation of the data set. Split logic and encryption logic can effectively improve storage security according to the data encryption tree.

示例性的,小张需上传的科研文件共120M,则根据120M的科研文件确定加密结点数。详细地,所述利用数据量确定待存储数据的加密结点数,包括:Exemplarily, the scientific research files that Zhang needs to upload are 120M in total, and the number of encrypted nodes is determined based on the 120M scientific research files. In detail, the determining the number of encrypted nodes to store data by using the amount of data includes:

接收设定的加密结点最高数与加密结点最低数;Receive the maximum number of encrypted nodes and the lowest number of encrypted nodes set;

将所述数据量作为如下公式的入参,并结合加密结点最高数与加密结点最低数确定待存储数据的加密结点数:Use the amount of data as an input parameter of the following formula, and combine the highest number of encrypted nodes and the lowest number of encrypted nodes to determine the number of encrypted nodes to store data:

其中,Ai表示第i个用户端的待存储数据的加密结点数,Bytei表示第i个用户端的待存储数据的数据量,jmax表示加密结点最高数,jmin表示加密结点最低数。Among them, A i represents the number of encrypted nodes of the data to be stored in the i-th client, Byte i represents the data volume of the data to be stored in the i-th client, j max represents the highest number of encrypted nodes, and j min represents the lowest number of encrypted nodes .

可理解的是,本发明实施例根据待存储数据的数据量可有效计算出待存储数据的加密结点数,从而为后续切分待存储数据做好准备。It can be understood that, according to the data volume of the data to be stored, the embodiment of the present invention can effectively calculate the number of encryption nodes of the data to be stored, so as to prepare for subsequent segmentation of the data to be stored.

详细地,所述基于加密结点数切分所述待存储数据,得到与待存储数据相同数量的切分数据集,包括:In detail, the splitting of the data to be stored based on the number of encrypted nodes to obtain the same number of split data sets as the data to be stored includes:

计算所述加密结点数是否为2的指数倍数,若加密结点数不为2的指数倍数,则增大加密结点数,直至加密结点数为2的指数倍数,确定加密结点数为指形结点数;Calculate whether the number of encrypted nodes is an exponential multiple of 2, if the number of encrypted nodes is not an exponential multiple of 2, then increase the number of encrypted nodes until the number of encrypted nodes is an exponential multiple of 2, and determine that the number of encrypted nodes is the number of finger nodes ;

计算指形结点数对2的指数值,同时按照待存储数据的数据结构的先后顺序,将待存储数据一切为2,得到2切分数据集,其中,2切分数据集中包括2组2切分数据;Calculate the index value of the number of finger nodes to 2, and at the same time, according to the order of the data structure of the data to be stored, divide the data to be stored into 2, and obtain a 2-segmented data set, where the 2-segmented data set includes 2 groups of 2 slices points data;

判断2切分数据集的切分次数是否等于指数值,若2切分数据集的切分次数不等于指数值,则重复切分步骤,即按照2切分数据集中每组2切分数据的数据结构的先后顺序,将2切分数据一切为2,得到4分切分数据集,其中,4切分数据集中包括4组4切分数据;Judging whether the number of splits of the 2-splitting data set is equal to the index value, if the number of splits of the 2-splitting data set is not equal to the index value, repeat the splitting step, that is, according to the number of 2 splits in each group of 2-splitting data The order of the data structure is to divide the 2-segmented data into 2 to obtain a 4-segmented data set, wherein the 4-segmented data set includes 4 groups of 4-segmented data;

直至2n切分数据集的切分次数n等于指数值,汇总2切分数据集、4切分数据、…、2n切分数据集得到切分数据集。Until the number of splits n of the 2 n split data set is equal to the index value, the 2 split data set, the 4 split data, ..., the 2 n split data set are aggregated to obtain the split data set.

示例性的,假如小张需上传的科研文件的加密结点数为7,由于7并非是2的指数倍数,因此扩大加密结点数为8,8对2的指数为3,则8称为指形结点数,且表示共需要计算出2切分数据集、4切分数据、8切分数据集。进一步地,若科研文件包括由按照顺序排列的各种图片,则将一系列的科研图片按照中间为切分点一分为2,得到2切分数据集,其中每个2切分数据互不相同,但具有先后顺序,以此类推,每个2切分数据依然执行切分,从而得到4切分数据、8切分数据集。For example, if the number of encrypted nodes of the scientific research file that Zhang needs to upload is 7, since 7 is not an exponential multiple of 2, the number of encrypted nodes is expanded to 8, and the index of 8 to 2 is 3, then 8 is called a finger The number of nodes, and indicates that a total of 2 split data sets, 4 split data sets, and 8 split data sets need to be calculated. Further, if the scientific research file includes various pictures arranged in order, divide a series of scientific research pictures into 2 according to the split point in the middle, and obtain 2 split data sets, in which each 2 split data is different from each other. The same, but in order, and so on, each 2-splitting data is still split, so as to obtain 4-splitting data and 8-splitting data sets.

S4、根据所述切分数据集和待存储数据生成数据加密树,其中,数据加密树由一个根结点和多个叶子结点组成,根结点对应根结点加密数据,由待存储数据生成,每个叶子结点和内部结点分别对应叶子结点加密数据和内部结点加密数据,均由切分数据集生成。S4. Generate a data encryption tree according to the split data set and the data to be stored, wherein the data encryption tree is composed of a root node and a plurality of leaf nodes, the root node corresponds to the encrypted data of the root node, and the data to be stored is Generated, each leaf node and internal node correspond to the encrypted data of the leaf node and the encrypted data of the internal node respectively, both of which are generated by splitting the data set.

可以理解的是,本发明实施例进一步需构建数据加密树,从而根据数据加密树实现对待存储数据的存储。详细地,所述根据所述切分数据集和待存储数据生成数据加密树,包括:It can be understood that, the embodiment of the present invention further needs to construct a data encryption tree, so as to implement storage of the data to be stored according to the data encryption tree. In detail, the generating a data encryption tree according to the split data set and the data to be stored includes:

根据所述指形结点数生成空结点树,其中空结点树包括根结点、内部结点及叶子结点;Generate an empty node tree according to the number of finger nodes, wherein the empty node tree includes a root node, an internal node and a leaf node;

根据预设的第一数据加密方法,对所述待存储数据执行加密并压缩,得到根结点加密数据,将根结点加密数据放入至根结点;According to the preset first data encryption method, encrypt and compress the data to be stored to obtain encrypted data of the root node, and put the encrypted data of the root node into the root node;

将切分数据集中的2切分数据集、4切分数据、…、2n-1切分数据集按照第二数据加密方法执行加密并压缩,得到内部结点加密数据,并将内部结点加密数据分别放入至内部结点;Encrypt and compress the 2-segmented data set, 4-segmented data, ..., 2 n-1 segmented data set in the segmented data set according to the second data encryption method to obtain internal node encrypted data, and convert the internal node The encrypted data is put into the internal nodes respectively;

将2n切分数据集按照第三数据加密方法执行加密并压缩,得到叶子结点加密数据,并将叶子结点加密数据分别放入至叶子结点;Encrypt and compress the 2n split data set according to the third data encryption method to obtain leaf node encrypted data, and put the leaf node encrypted data into the leaf nodes respectively;

汇总包括根结点加密数据、内部结点加密数据及叶子结点加密数据的所有根结点、内部结点及叶子结点,得到所述数据加密树。Summarizing all the root nodes, internal nodes and leaf nodes including encrypted data of root nodes, encrypted data of internal nodes and encrypted data of leaf nodes, to obtain the data encryption tree.

示例性的,小张需上传科研文件,所确定的指形结点数为8,则生成与指形结点数8对应的空结点树,进而将科研文件按照第一数据加密方法执行加密压缩得到根结点加密数据,此外2切分数据集及4切分数据集作为内部结点加密数据,8切分数据集作为叶子结点加密数据,从而构建出数据加密树。Exemplarily, Xiao Zhang needs to upload scientific research files, and the determined number of finger nodes is 8, then an empty node tree corresponding to the number of finger nodes is generated, and then the scientific research files are encrypted and compressed according to the first data encryption method to obtain The root node encrypts data, in addition, the 2-splitting data set and the 4-splitting data set are used as internal node encrypted data, and the 8-splitting data set is used as leaf node encrypted data, thereby constructing a data encryption tree.

进一步地,所述根据所述指形结点数生成空结点树,包括:Further, the generating an empty node tree according to the number of finger nodes includes:

生成根结点,其中根结点的数量为1;Generate a root node, where the number of root nodes is 1;

在根结点的下方分裂出2个内部结点,且2个内部结点分别位于根结点的左右,判断此时结点的分裂次数是否等于指形结点数,若此时分裂次数等于指形结点数,则将内部结点确定为叶子结点,由根结点及叶子结点组成空结点树,空结点树包括根结点及叶子结点;Two internal nodes are split below the root node, and the two internal nodes are respectively located on the left and right sides of the root node. It is judged whether the number of splits of the node at this time is equal to the number of finger nodes. If the number of splits at this time is equal to the number of finger nodes If the number of shape nodes is determined, the internal nodes are determined as leaf nodes, and an empty node tree is composed of root nodes and leaf nodes. The empty node tree includes root nodes and leaf nodes;

若此时分裂次数小于指形结点数,则在每个内部结点的下方继续分裂出2个内部结点,并判断此时分裂次数是否等于指形结点数,直至分裂次数等于指形结点数时,由根结点、内部结点及叶子结点组成空结点树,空结点树包括根结点、内部结点及叶子结点。If the number of splits is less than the number of finger nodes at this time, continue to split two internal nodes below each internal node, and judge whether the number of splits is equal to the number of finger nodes at this time, until the number of splits is equal to the number of finger nodes When , an empty node tree is composed of root nodes, internal nodes and leaf nodes, and the empty node tree includes root nodes, internal nodes and leaf nodes.

示例性的,小张需上传的科研文件的指形结点数为8,则表示对应的空结点树结构为根结点为1、根结点到第一层内部结点为2、第一层内部结点到第二层内部结点为4、叶子结点为8。Exemplarily, the number of finger nodes of the scientific research file that Zhang needs to upload is 8, which means that the corresponding empty node tree structure is 1 for the root node, 2 for the internal node from the root node to the first layer, and 2 for the first layer. From the internal node of the layer to the internal node of the second layer is 4, and the number of leaf nodes is 8.

进一步地,所述根据预设的第一数据加密方法,对所述待存储数据执行加密并压缩,得到根结点加密数据,包括:Further, according to the preset first data encryption method, encrypting and compressing the data to be stored to obtain root node encrypted data includes:

接收设定的最小压缩单元,其中最小压缩单元由数据头、随机标记符、结点标识符组成;Receive the set minimum compression unit, where the minimum compression unit consists of a data header, a random marker, and a node identifier;

确定所述数据头的最大可容纳量,根据所述最大可容纳量拆分待存储数据,得到多组数据头存储数据;Determining the maximum capacity of the data header, splitting the data to be stored according to the maximum capacity to obtain multiple sets of data header storage data;

生成与多组数据头存储数据相同数量的最小压缩单元,并依次将每组数据头存储数据存入至每个最小压缩单元;Generate the same number of minimum compression units as the data stored in multiple sets of data headers, and sequentially store the data stored in each set of data headers into each minimum compression unit;

同时将每个最小压缩单元的结点标识符设置为20,并基于加密算法生成第一公钥和第一私钥;At the same time, the node identifier of each minimum compression unit is set to 2 0 , and a first public key and a first private key are generated based on an encryption algorithm;

将第一公钥作为每个最小压缩单元的随机标记符,第一私钥存储于私有端后,对每个最小压缩单元执行压缩处理,得到根结点加密数据。The first public key is used as the random marker of each minimum compression unit, and after the first private key is stored in the private end, compression processing is performed on each minimum compression unit to obtain encrypted data of the root node.

示例性的,小张的科研文件作为待存储数据,共有10M,而每个最小压缩单元的数据头的最大可容纳量为1M,则表明加密并压缩待存储数据需要先生成10组最小压缩单元,每组最小压缩单元的数据头包括1M的待存储数据,此外,为了区分最小压缩单元内所存储的数据来源是待存储数据,则设置结点标识符设置为20,表示最小压缩单元的数据与加密结点数的根结点对应。此外,加密算法包括但不限于AES、DES、Blowfish、CAST等。Exemplarily, Xiao Zhang’s scientific research file is used as data to be stored, with a total of 10M, and the maximum capacity of the data header of each minimum compression unit is 1M, which means that encrypting and compressing the data to be stored needs to generate 10 sets of minimum compression units , the data header of each set of minimum compression units includes 1M data to be stored. In addition, in order to distinguish the source of data stored in the minimum compression unit as data to be stored, the node identifier is set to 2 0 , indicating that the minimum compression unit The data corresponds to the root node of the encrypted node number. In addition, encryption algorithms include, but are not limited to, AES, DES, Blowfish, CAST, and the like.

此外,所述将切分数据集中的2切分数据集、4切分数据、…、2n-1切分数据集按照第二数据加密方法执行加密并压缩,得到内部结点加密数据,包括:In addition, the 2-segmented data set, 4-segmented data, ..., 2n-1 segmented data set in the segmented data set are encrypted and compressed according to the second data encryption method to obtain internal node encrypted data, including :

按照每个内部结点在数据加密树的结构,将内部结点分为第一层内部结点、第二层内部结点、…、第n-1层内部结点;According to the structure of each internal node in the data encryption tree, the internal nodes are divided into internal nodes of the first layer, internal nodes of the second layer, ..., internal nodes of the n-1th layer;

提取第一层内部结点的加密压缩算法,并根据第一层内部结点的加密压缩算法对2切分数据集执行加密压缩,得到2切分加密数据集;Extract the encryption compression algorithm of the internal nodes of the first layer, and perform encryption and compression on the 2-splitting data set according to the encryption compression algorithm of the internal nodes of the first layer, and obtain the 2-splitting encrypted data set;

提取第二层内部结点、…、第n-1层内部结点的加密压缩算法,分别对4切分数据、…、n-2切分数据集执行加密压缩,得到4切分加密数据集、…、2n-1切分加密数据集;Extract the encryption and compression algorithms of the internal nodes of the second layer, ..., the internal nodes of the n-1th layer, respectively perform encryption and compression on the 4-segmented data, ..., n-2-segmented data sets, and obtain a 4-segmented encrypted data set , ..., 2 n-1 split encrypted data set;

当完成对2切分数据集、4切分数据、…、2n-1切分数据集时,生成第二公钥和第二私钥,并将第二私钥存储于用户端,第二公钥存储至私有端后,汇总2切分加密数据集、…、2n-1切分加密数据集得到所述内部结点加密数据。When the 2-splitting data set, 4-splitting data, ..., 2 n-1 splitting the data set are completed, the second public key and the second private key are generated, and the second private key is stored in the client, and the second After the public key is stored in the private end, the encrypted data of internal nodes is obtained by summarizing 2 encrypted data sets, ..., 2 n-1 encrypted data sets.

需解释的是,每层内部结点的加密压缩算法可相同也可不相同,且所使用的加密压缩算法均为已公开的技术内容,在此不再赘述。It should be explained that the encryption and compression algorithms of the internal nodes of each layer may be the same or different, and the encryption and compression algorithms used are all disclosed technical contents, which will not be repeated here.

最后,所述将2n切分数据集按照第三数据加密方法执行加密并压缩,得到叶子结点加密数据,包括:Finally, the 2 n split data set is encrypted and compressed according to the third data encryption method to obtain leaf node encrypted data, including:

判断所述2n切分数据集中每个2n切分数据的数据量与所述最小压缩单元的数据头的最大可容纳量的大小关系;Judging the relationship between the data volume of each 2n split data in the 2n split data set and the maximum capacity of the data header of the minimum compression unit;

若每个2n切分数据的数据量均大于所述数据头的最大可容纳量,则对数据头的最大可容纳量执行扩容操作;If the data volume of each 2n split data is greater than the maximum capacity of the data header, then perform an expansion operation on the maximum capacity of the data header;

直至每个2n切分数据的数据量均小于或等于所述数据头的最大可容纳量时,生成与2n切分数据集相同数量的最小压缩单元,并依次将每个2n切分数据存储至每个最小压缩单元;Until the data volume of each 2 n split data is less than or equal to the maximum capacity of the data header, generate the same number of minimum compression units as the 2 n split data set, and sequentially divide each 2 n split Data is stored to each smallest compression unit;

同时将每个最小压缩单元的结点标识符设置为2n,并基于加密算法生成第三公钥和第三私钥;At the same time, the node identifier of each minimum compression unit is set to 2 n , and a third public key and a third private key are generated based on an encryption algorithm;

将第三公钥作为每个最小压缩单元的随机标记符,并将第三私钥存储于私有端后,对每个最小压缩单元执行压缩处理,得到叶子结点加密数据。After the third public key is used as the random marker of each minimum compression unit, and the third private key is stored in the private end, compression processing is performed on each minimum compression unit to obtain leaf node encrypted data.

可理解的是,根据上述操作可实现对待存储数据、2切分数据集、4切分数据、…、2n -1切分数据集、2n切分数据的加密压缩处理,从而得到对应的数据加密树。It can be understood that, according to the above operations, the encryption and compression processing of the data to be stored, 2-segmented data sets, 4-segmented data, ..., 2 n -1 segmented data sets, and 2 n- segmented data can be realized, so as to obtain the corresponding Data encryption tree.

S5、将数据加密树的根结点加密数据存储至用户端,叶子结点加密数据按照比例分别存储至私有端和公有端,内部结点加密数据按照比例分别存储至私有端和用户端,完成数据的存储控制。S5. Store the encrypted data of the root node of the data encryption tree to the user end, store the encrypted data of the leaf nodes in the private end and the public end in proportion, and store the encrypted data of the internal nodes in the private end and the user end in proportion, and complete Data storage control.

本发明实施例中,因为数据加密树的根结点加密数据已经经过压缩处理,因此数据量相比于原来的待存储数据来说更小,且为了用户随时操作方法,将根结点加密数据存储至用户端。此外,内部结点加密数据按照比例分别存储至私有端和公有端的目的是防止因私有端或公有端被入侵而导致整个数据丢失,通过分开存储可有效避免上述问题,且为了提高数据存储的安全性,本发明实施例还将更细致的叶子结点加密数据同样按照比例存储至私有端和公有端。In the embodiment of the present invention, because the encrypted data of the root node of the data encryption tree has been compressed, the amount of data is smaller than the original data to be stored, and the encrypted data of the root node is stored on the client side. In addition, the encrypted data of the internal nodes is stored in proportion to the private end and the public end respectively. In addition, the embodiment of the present invention also stores more detailed leaf node encrypted data in proportion to the private end and the public end.

相比于背景技术所述问题,本发明实施例先接收用户端发起的数据存储指令,根据所述数据存储指令启动数据存储系统,其中数据存储系统由私有端、公有端及用户端组成,其中私有端、公有端各自存储有验证用户端合法性的密钥对,密钥对的主要作用在于验证用户端的合法性,从而提高对数据的存储控制的安全性,当合法性验证通过时,根据所述数据存储指令从用户端中索引出待存储数据,计算所述待存储数据的数据量,利用数据量确定待存储数据的加密结点数,并基于加密结点数切分所述待存储数据,得到与待存储数据相同数量的切分数据集,本发明实施例的主要目的在于不断反复的切分待存储数据,从而达到待存储数据的碎片化,这样即使部分切分数据泄露也不会造成重要的安全隐患,因此进一步地,根据所述切分数据集和待存储数据生成数据加密树,其中,数据加密树由一个根结点和多个叶子结点组成,根结点对应根结点加密数据,由待存储数据生成,每个叶子结点和内部结点分别对应叶子结点加密数据和内部结点加密数据,均由切分数据集生成,其中数据加密树的主要作用在于体现出对待存储数据的切分逻辑,最后,将数据加密树的根结点加密数据存储至用户端,叶子结点加密数据按照比例分别存储至私有端和公有端,内部结点加密数据按照比例分别存储至私有端和用户端,完成数据的存储控制,可见通过数据的碎片化,在保证数据安全性的前提下,可同时将数据存储至公有端和私有端,充分结合了公有端和私有端各自的优点,此外,本发明实施例所构建的数据加密树,相比于背景技术所述,将数据拆分为重要数据和非重要数据分别存储至私有端和公有端来说,解决了数据泄露时的溯源问题,因为数据加密树具有层层递进的逻辑关系,其中根结点对应根结点加密数据,每个叶子结点和内部结点分别对应叶子结点加密数据和内部结点加密数据,而每个叶子结点和内部结点均由根结点的数据生成,因此一旦发生数据丢失或泄露时,可高效快速的根据数据加密树追溯到丢失数据,安全性进一步提高。因此本发明提出的数据的存储控制方法、装置、电子设备及计算机可读存储介质,其主要目的在于解决对数据实现存储控制时面临大规模存储和安全性相矛盾的问题。Compared with the problems described in the background technology, the embodiment of the present invention first receives the data storage instruction initiated by the user end, and starts the data storage system according to the data storage instruction, wherein the data storage system is composed of a private end, a public end, and a user end, wherein The private end and the public end each store a key pair to verify the legitimacy of the user end. The main function of the key pair is to verify the legitimacy of the user end, thereby improving the security of data storage control. When the legitimacy verification is passed, according to The data storage instruction indexes the data to be stored from the client, calculates the data volume of the data to be stored, uses the data volume to determine the number of encrypted nodes of the data to be stored, and divides the data to be stored based on the number of encrypted nodes, To obtain the same number of split data sets as the data to be stored, the main purpose of the embodiment of the present invention is to repeatedly split the data to be stored, so as to achieve the fragmentation of the data to be stored, so that even if part of the split data leaks, it will not cause important security risks, so further, a data encryption tree is generated based on the split data set and the data to be stored, wherein the data encryption tree consists of a root node and multiple leaf nodes, and the root node corresponds to the root node The encrypted data is generated from the data to be stored. Each leaf node and internal node correspond to the encrypted data of the leaf node and the encrypted data of the internal node respectively, which are generated by splitting the data set. The main function of the data encryption tree is to reflect For the segmentation logic of the stored data, finally, the encrypted data of the root node of the data encryption tree is stored to the client, the encrypted data of the leaf nodes is stored in the private end and the public end in proportion, and the encrypted data of the internal nodes is stored in proportion To the private end and the user end, complete the storage control of the data. It can be seen that through the fragmentation of the data, the data can be stored in the public end and the private end at the same time under the premise of ensuring data security, which fully combines the public end and the private end. In addition, the data encryption tree constructed by the embodiment of the present invention, compared with the background technology, splits the data into important data and non-important data and stores them on the private end and the public end respectively, which solves the problem of data leakage The problem of traceability, because the data encryption tree has a progressive logical relationship, where the root node corresponds to the encrypted data of the root node, and each leaf node and internal node correspond to the encrypted data of the leaf node and the encrypted data of the internal node. Data, and each leaf node and internal node is generated from the data of the root node, so in the event of data loss or leakage, the lost data can be traced back efficiently and quickly according to the data encryption tree, and the security is further improved. Therefore, the data storage control method, device, electronic equipment, and computer-readable storage medium proposed by the present invention are mainly aimed at solving the problem of conflicting between large-scale storage and security when implementing storage control for data.

实施例2:Example 2:

如图2所示,是本发明一实施例提供的数据的存储控制装置的功能模块图。As shown in FIG. 2 , it is a functional block diagram of a data storage control device provided by an embodiment of the present invention.

本发明所述数据的存储控制装置100可以安装于电子设备中。根据实现的功能,所述数据的存储控制装置100可以包括用户端验证模块101、数据切分模块102、数据加密树生成模块103及存储控制模块104。本发明所述模块也可以称之为单元,是指一种能够被电子设备处理器所执行,并且能够完成固定功能的一系列计算机程序段,其存储在电子设备的存储器中。The data storage control device 100 of the present invention can be installed in an electronic device. According to the realized functions, the data storage control device 100 may include a client verification module 101 , a data segmentation module 102 , a data encryption tree generation module 103 and a storage control module 104 . The module in the present invention can also be called a unit, which refers to a series of computer program segments that can be executed by the processor of the electronic device and can complete fixed functions, and are stored in the memory of the electronic device.

所述用户端验证模块101,用于接收用户端发起的数据存储指令,根据所述数据存储指令启动数据存储系统,其中数据存储系统由私有端、公有端及用户端组成,其中私有端、公有端各自存储有验证用户端合法性的密钥对,基于所述私有端、公有端各自的密钥对验证用户端的合法性,当合法性验证通过时,根据所述数据存储指令从用户端中索引出待存储数据;The client verification module 101 is configured to receive a data storage instruction initiated by the client, and start a data storage system according to the data storage instruction, wherein the data storage system is composed of a private end, a public end, and a user end, wherein the private end, the public end Each end stores a key pair for verifying the legitimacy of the user end, and verifies the legitimacy of the user end based on the respective key pairs of the private end and the public end. Index the data to be stored;

所述数据切分模块102,用于计算所述待存储数据的数据量,利用数据量确定待存储数据的加密结点数,并基于加密结点数切分所述待存储数据,得到与待存储数据相同数量的切分数据集;The data segmentation module 102 is used to calculate the data volume of the data to be stored, use the data volume to determine the number of encrypted nodes of the data to be stored, and divide the data to be stored based on the number of encrypted nodes to obtain the data to be stored The same number of split datasets;

所述数据加密树生成模块103,用于根据所述切分数据集和待存储数据生成数据加密树,其中,数据加密树由一个根结点和多个叶子结点组成,根结点对应根结点加密数据,由待存储数据生成,每个叶子结点和内部结点分别对应叶子结点加密数据和内部结点加密数据,均由切分数据集生成;The data encryption tree generating module 103 is configured to generate a data encryption tree according to the split data set and the data to be stored, wherein the data encryption tree is composed of a root node and a plurality of leaf nodes, and the root node corresponds to the root Node encrypted data is generated from the data to be stored. Each leaf node and internal node correspond to leaf node encrypted data and internal node encrypted data respectively, which are generated by splitting the data set;

所述存储控制模块104,用于将数据加密树的根结点加密数据存储至用户端,叶子结点加密数据按照比例分别存储至私有端和公有端,内部结点加密数据按照比例分别存储至私有端和用户端,完成数据的存储控制。The storage control module 104 is used to store the encrypted data of the root node of the data encryption tree to the client, the encrypted data of the leaf nodes are respectively stored in the private end and the public end in proportion, and the encrypted data of the internal nodes are respectively stored in the The private end and the user end complete data storage control.

详细地,本发明实施例中所述数据的存储控制装置100中的所述各模块在使用时采用与上述的图1中所述的数据的存储控制方法一样的技术手段,并能够产生相同的技术效果,这里不再赘述。In detail, the modules in the data storage control device 100 in the embodiment of the present invention use the same technical means as the data storage control method described in Figure 1 above, and can generate the same The technical effect will not be repeated here.

实施例3:Example 3:

如图3所示,是本发明一实施例提供的实现数据的存储控制方法的电子设备的结构示意图。As shown in FIG. 3 , it is a schematic structural diagram of an electronic device implementing a data storage control method provided by an embodiment of the present invention.

所述电子设备1可以包括处理器10、存储器11、总线12和通信接口13,还可以包括存储在所述存储器11中并可在所述处理器10上运行的计算机程序,如数据的存储控制程序。The electronic device 1 may include a processor 10, a memory 11, a bus 12 and a communication interface 13, and may also include computer programs stored in the memory 11 and operable on the processor 10, such as data storage control program.

其中,所述存储器11至少包括一种类型的可读存储介质,所述可读存储介质包括闪存、移动硬盘、多媒体卡、卡型存储器(例如:SD或DX存储器等)、磁性存储器、磁盘、光盘等。所述存储器11在一些实施例中可以是电子设备1的内部存储单元,例如该电子设备1的移动硬盘。所述存储器11在另一些实施例中也可以是电子设备1的外部存储设备,例如电子设备1上配备的插接式移动硬盘、智能存储卡(Smart Media Card,SMC)、安全数字(SecureDigital,SD)卡、闪存卡(Flash Card)等。进一步地,所述存储器11还可以既包括电子设备1的内部存储单元也包括外部存储设备。所述存储器11不仅可以用于存储安装于电子设备1的应用软件及各类数据,例如数据的存储控制程序的代码等,还可以用于暂时地存储已经输出或者将要输出的数据。Wherein, the memory 11 includes at least one type of readable storage medium, and the readable storage medium includes flash memory, mobile hard disk, multimedia card, card type memory (for example: SD or DX memory, etc.), magnetic memory, magnetic disk, CD etc. The storage 11 may be an internal storage unit of the electronic device 1 in some embodiments, such as a mobile hard disk of the electronic device 1 . The memory 11 can also be an external storage device of the electronic device 1 in other embodiments, such as a plug-in mobile hard disk equipped on the electronic device 1, a smart memory card (Smart Media Card, SMC), a secure digital (SecureDigital, SD) card, flash memory card (Flash Card), etc. Further, the memory 11 may also include both an internal storage unit of the electronic device 1 and an external storage device. The memory 11 can not only be used to store application software and various data installed in the electronic device 1 , such as codes of data storage control programs, but also can be used to temporarily store data that has been output or will be output.

所述处理器10在一些实施例中可以由集成电路组成,例如可以由单个封装的集成电路所组成,也可以是由多个相同功能或不同功能封装的集成电路所组成,包括一个或者多个中央处理器(Central Processing unit,CPU)、微处理器、数字处理芯片、图形处理器及各种控制芯片的组合等。所述处理器10是所述电子设备的控制核心(Control Unit),利用各种接口和线路连接整个电子设备的各个部件,通过运行或执行存储在所述存储器11内的程序或者模块(例如数据的存储控制程序等),以及调用存储在所述存储器11内的数据,以执行电子设备1的各种功能和处理数据。In some embodiments, the processor 10 may be composed of integrated circuits, for example, may be composed of a single packaged integrated circuit, or may be composed of multiple integrated circuits with the same function or different functions, including one or more Combination of central processing unit (Central Processing unit, CPU), microprocessor, digital processing chip, graphics processor and various control chips, etc. The processor 10 is the control core (Control Unit) of the electronic device, and uses various interfaces and lines to connect the various components of the entire electronic device, by running or executing programs or modules stored in the memory 11 (such as data storage control program, etc.), and call the data stored in the memory 11 to execute various functions of the electronic device 1 and process data.

所述总线可以是外设部件互连标准(peripheral component interconnect,简称PCI)总线或扩展工业标准结构(extended industry standard architecture,简称EISA)总线等。该总线可以分为地址总线、数据总线、控制总线等。所述总线被设置为实现所述存储器11以及至少一个处理器10等之间的连接通信。The bus may be a peripheral component interconnect (PCI for short) bus or an extended industry standard architecture (EISA for short) bus or the like. The bus can be divided into address bus, data bus, control bus and so on. The bus is configured to realize connection and communication between the memory 11 and at least one processor 10 and the like.

图3仅示出了具有部件的电子设备,本领域技术人员可以理解的是,图3示出的结构并不构成对所述电子设备1的限定,可以包括比图示更少或者更多的部件,或者组合某些部件,或者不同的部件布置。FIG. 3 only shows an electronic device with components. Those skilled in the art can understand that the structure shown in FIG. 3 does not constitute a limitation to the electronic device 1, and may include fewer or more components, or combinations of certain components, or different arrangements of components.

例如,尽管未示出,所述电子设备1还可以包括给各个部件供电的电源(比如电池),优选地,电源可以通过电源管理装置与所述至少一个处理器10逻辑相连,从而通过电源管理装置实现充电管理、放电管理、以及功耗管理等功能。电源还可以包括一个或一个以上的直流或交流电源、再充电装置、电源故障检测电路、电源转换器或者逆变器、电源状态指示器等任意组件。所述电子设备1还可以包括多种传感器、蓝牙模块、Wi-Fi模块等,在此不再赘述。For example, although not shown, the electronic device 1 can also include a power supply (such as a battery) for supplying power to various components. Preferably, the power supply can be logically connected to the at least one processor 10 through a power management device, so that the power supply can be controlled by power management. The device implements functions such as charge management, discharge management, and power consumption management. The power supply may also include one or more DC or AC power supplies, recharging devices, power failure detection circuits, power converters or inverters, power status indicators and other arbitrary components. The electronic device 1 may also include various sensors, bluetooth modules, Wi-Fi modules, etc., which will not be repeated here.

进一步地,所述电子设备1还可以包括网络接口,可选地,所述网络接口可以包括有线接口和/或无线接口(如WI-FI接口、蓝牙接口等),通常用于在该电子设备1与其他电子设备之间建立通信连接。Further, the electronic device 1 may also include a network interface, optionally, the network interface may include a wired interface and/or a wireless interface (such as a WI-FI interface, a Bluetooth interface, etc.), which are usually used in the electronic device 1 Establish a communication connection with other electronic devices.

可选地,该电子设备1还可以包括用户接口,用户接口可以是显示器(Display)、输入单元(比如键盘(Keyboard)),可选地,用户接口还可以是标准的有线接口、无线接口。可选地,在一些实施例中,显示器可以是LED显示器、液晶显示器、触控式液晶显示器以及OLED(Organic Light-Emitting Diode,有机发光二极管)触摸器等。其中,显示器也可以适当的称为显示屏或显示单元,用于显示在电子设备1中处理的信息以及用于显示可视化的用户界面。Optionally, the electronic device 1 may further include a user interface, which may be a display (Display) or an input unit (such as a keyboard (Keyboard)). Optionally, the user interface may also be a standard wired interface or a wireless interface. Optionally, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode, Organic Light-Emitting Diode) touch device, and the like. Wherein, the display may also be appropriately called a display screen or a display unit, and is used for displaying information processed in the electronic device 1 and for displaying a visualized user interface.

应该了解,所述实施例仅为说明之用,在专利申请范围上并不受此结构的限制。It should be understood that the embodiments are only for illustration, and are not limited by the structure in the scope of the patent application.

所述电子设备1中的所述存储器11存储的数据的存储控制程序是多个指令的组合,在所述处理器10中运行时,可以实现:The storage control program of the data stored in the memory 11 in the electronic device 1 is a combination of multiple instructions. When running in the processor 10, it can realize:

接收用户端发起的数据存储指令,根据所述数据存储指令启动数据存储系统,其中数据存储系统由私有端、公有端及用户端组成,其中私有端、公有端各自存储有验证用户端合法性的密钥对;Receive the data storage instruction initiated by the client, and start the data storage system according to the data storage instruction, wherein the data storage system is composed of a private end, a public end, and a client end, wherein the private end and the public end each store information for verifying the legitimacy of the client end. key pair;

基于所述私有端、公有端各自的密钥对验证用户端的合法性,当合法性验证通过时,根据所述数据存储指令从用户端中索引出待存储数据;Verifying the legitimacy of the user end based on the respective key pairs of the private end and the public end, when the legitimacy verification is passed, indexing the data to be stored from the user end according to the data storage instruction;

计算所述待存储数据的数据量,利用数据量确定待存储数据的加密结点数,并基于加密结点数切分所述待存储数据,得到与待存储数据相同数量的切分数据集;Calculating the data volume of the data to be stored, using the data volume to determine the number of encrypted nodes of the data to be stored, and segmenting the data to be stored based on the number of encrypted nodes to obtain the same number of split data sets as the data to be stored;

根据所述切分数据集和待存储数据生成数据加密树,其中,数据加密树由一个根结点和多个叶子结点组成,根结点对应根结点加密数据,由待存储数据生成,每个叶子结点和内部结点分别对应叶子结点加密数据和内部结点加密数据,均由切分数据集生成;Generate a data encryption tree according to the split data set and the data to be stored, wherein the data encryption tree is composed of a root node and a plurality of leaf nodes, the root node corresponds to the encrypted data of the root node, and is generated from the data to be stored, Each leaf node and internal node correspond to the encrypted data of the leaf node and the encrypted data of the internal node respectively, which are generated by splitting the data set;

将数据加密树的根结点加密数据存储至用户端,叶子结点加密数据按照比例分别存储至私有端和公有端,内部结点加密数据按照比例分别存储至私有端和用户端,完成数据的存储控制。The encrypted data of the root node of the data encryption tree is stored on the client side, the encrypted data of the leaf nodes is stored on the private side and the public side according to the proportion, and the encrypted data of the internal nodes is stored on the private side and the user side according to the proportion respectively, and the data is completely encrypted. storage control.

具体地,所述处理器10对上述指令的具体实现方法可参考图1至图2对应实施例中相关步骤的描述,在此不赘述。Specifically, for the specific implementation method of the above instructions by the processor 10, reference may be made to the description of relevant steps in the embodiments corresponding to FIG. 1 to FIG. 2 , and details are not repeated here.

进一步地,所述电子设备1集成的模块/单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读存储介质中。所述计算机可读存储介质可以是易失性的,也可以是非易失性的。例如,所述计算机可读介质可以包括:能够携带所述计算机程序代码的任何实体或装置、记录介质、U盘、移动硬盘、磁碟、光盘、计算机存储器、只读存储器(ROM,Read-Only Memory)。Further, if the integrated modules/units of the electronic device 1 are realized in the form of software function units and sold or used as independent products, they can be stored in a computer-readable storage medium. The computer-readable storage medium may be volatile or non-volatile. For example, the computer-readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer memory, a read-only memory (ROM, Read-Only Memory).

本发明还提供一种计算机可读存储介质,所述可读存储介质存储有计算机程序,所述计算机程序在被电子设备的处理器所执行时,可以实现:The present invention also provides a computer-readable storage medium, the readable storage medium stores a computer program, and when the computer program is executed by a processor of an electronic device, it can realize:

接收用户端发起的数据存储指令,根据所述数据存储指令启动数据存储系统,其中数据存储系统由私有端、公有端及用户端组成,其中私有端、公有端各自存储有验证用户端合法性的密钥对;Receive the data storage instruction initiated by the client, and start the data storage system according to the data storage instruction, wherein the data storage system is composed of a private end, a public end, and a client end, wherein the private end and the public end each store information for verifying the legitimacy of the client end. key pair;

基于所述私有端、公有端各自的密钥对验证用户端的合法性,当合法性验证通过时,根据所述数据存储指令从用户端中索引出待存储数据;Verifying the legitimacy of the user end based on the respective key pairs of the private end and the public end, when the legitimacy verification is passed, indexing the data to be stored from the user end according to the data storage instruction;

计算所述待存储数据的数据量,利用数据量确定待存储数据的加密结点数,并基于加密结点数切分所述待存储数据,得到与待存储数据相同数量的切分数据集;Calculating the data volume of the data to be stored, using the data volume to determine the number of encrypted nodes of the data to be stored, and segmenting the data to be stored based on the number of encrypted nodes to obtain the same number of split data sets as the data to be stored;

根据所述切分数据集和待存储数据生成数据加密树,其中,数据加密树由一个根结点和多个叶子结点组成,根结点对应根结点加密数据,由待存储数据生成,每个叶子结点和内部结点分别对应叶子结点加密数据和内部结点加密数据,均由切分数据集生成;Generate a data encryption tree according to the split data set and the data to be stored, wherein the data encryption tree is composed of a root node and a plurality of leaf nodes, the root node corresponds to the encrypted data of the root node, and is generated from the data to be stored, Each leaf node and internal node correspond to the encrypted data of the leaf node and the encrypted data of the internal node respectively, which are generated by splitting the data set;

将数据加密树的根结点加密数据存储至用户端,叶子结点加密数据按照比例分别存储至私有端和公有端,内部结点加密数据按照比例分别存储至私有端和用户端,完成数据的存储控制。The encrypted data of the root node of the data encryption tree is stored on the client side, the encrypted data of the leaf nodes is stored on the private side and the public side according to the proportion, and the encrypted data of the internal nodes is stored on the private side and the user side according to the proportion respectively, and the data is completely encrypted. storage control.

所述作为分离部件说明的模块可以是或者也可以不是物理上分开的,作为模块显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。The modules described as separate components may or may not be physically separated, and the components shown as modules may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

另外,在本发明各个实施例中的各功能模块可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能模块的形式实现。In addition, each functional module in each embodiment of the present invention may be integrated into one processing unit, or each unit may physically exist separately, or two or more units may be integrated into one unit. The above-mentioned integrated units can be implemented in the form of hardware, or in the form of hardware plus software function modules.

对于本领域技术人员而言,显然本发明不限于上述示范性实施例的细节,而且在不背离本发明的精神或基本特征的情况下,能够以其他的具体形式实现本发明。It will be apparent to those skilled in the art that the invention is not limited to the details of the above-described exemplary embodiments, but that the invention can be embodied in other specific forms without departing from the spirit or essential characteristics of the invention.

最后应说明的是,以上实施例仅用以说明本发明的技术方案而非限制,尽管参照较佳实施例对本发明进行了详细说明,本领域的普通技术人员应当理解,可以对本发明的技术方案进行修改或等同替换,而不脱离本发明技术方案的精神和范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention without limitation. Although the present invention has been described in detail with reference to the preferred embodiments, those of ordinary skill in the art should understand that the technical solutions of the present invention can be Modifications or equivalent replacements can be made without departing from the spirit and scope of the technical solutions of the present invention.

Claims (7)

1. A method of controlling storage of data, the method comprising:
receiving a data storage instruction initiated by a user terminal, and starting a data storage system according to the data storage instruction, wherein the data storage system consists of a private terminal, a public terminal and a user terminal, and the private terminal and the public terminal respectively store a key pair for verifying the legitimacy of the user terminal;
Verifying the legitimacy of the user terminal based on the key pairs of the private terminal and the public terminal, and when the legitimacy verification passes, retrieving data to be stored from the user terminal according to the data storage instruction;
calculating the data quantity of the data to be stored, and determining the encryption node number of the data to be stored by using the data quantity, wherein the method comprises the following steps: receiving the set highest number of the encryption nodes and the set lowest number of the encryption nodes;
taking the data volume as an entry of the following formula, and determining the encryption node number of the data to be stored by combining the highest encryption node number and the lowest encryption node number:
wherein A is i Encryption node number and Byte representing data to be stored of ith user terminal i Representing the data quantity j of the data to be stored of the ith user side max Represents the highest number of encryption nodes, j min Representing the lowest number of encryption nodes; dividing the data to be stored based on the number of encryption nodes to obtain a divided data set with the same number as the data to be stored, wherein the method comprises the following steps: calculating whether the encryption node number is an exponential multiple of 2, if the encryption node number is not the exponential multiple of 2, increasing the encryption node number until the encryption node number is the exponential multiple of 2, and determining that the encryption node number is the finger node number; calculating an index value of the finger node number pair 2, and simultaneously cutting the data to be stored into 2 according to the sequence of the data structure of the data to be stored to obtain a 2 segmentation data set, wherein the 2 segmentation data set comprises 2 groups of 2 segmentation data; judging 2-cut data set If the segmentation times are equal to the index value, repeating the segmentation step, namely cutting 2 segmentation data into 2 according to the sequence of the data structure of each group of 2 segmentation data in the 2 segmentation data set to obtain a 4-segmentation data set, wherein the 4-segmentation data set comprises 4 groups of 4 segmentation data; up to 2 n The number of cuts n of the cut dataset is equal to the index value, and 2 cut datasets, 4 cut data, 2 are summarized n Segmenting the data set to obtain a segmented data set;
generating a data encryption tree according to the segmentation data set and the data to be stored, wherein the data encryption tree comprises the following steps: generating an empty node tree according to the finger node number, wherein the empty node tree comprises a root node, an internal node and a leaf node; encrypting and compressing the data to be stored according to a preset first data encryption method to obtain root node encrypted data, and putting the root node encrypted data into a root node; 2-cut dataset, 4-cut dataset, 2 among the cut datasets n-1 The segmentation data set is encrypted and compressed according to a second data encryption method to obtain internal node encrypted data, and the internal node encrypted data are respectively put into the internal nodes; will 2 n The segmentation data set is encrypted and compressed according to a third data encryption method to obtain leaf node encrypted data, and the leaf node encrypted data are respectively put into leaf nodes; summarizing all root nodes, internal nodes and leaf nodes comprising root node encrypted data, internal node encrypted data and leaf node encrypted data to obtain a data encrypted tree, wherein the data encrypted tree consists of one root node and a plurality of leaf nodes, the root node corresponds to the root node encrypted data and is generated by data to be stored, and each leaf node and internal node respectively correspond to the leaf node encrypted data and the internal node encrypted data and are generated by a segmentation data set;
and storing the root node encrypted data of the data encryption tree to a user terminal, and storing the leaf node encrypted data to a private terminal and a public terminal respectively according to the proportion, and storing the internal node encrypted data to the private terminal and the user terminal respectively according to the proportion to finish the storage control of the data.
2. The data storage control method according to claim 1, wherein the storing of the key pair includes:
receiving an application instruction of a user terminal added to a data storage system, and acquiring a user terminal attribute of the user terminal according to the application instruction, wherein the user terminal attribute comprises a user name and a user password of the user terminal, a user terminal IP address, a user terminal port value, a user terminal registration place and user terminal operation permission information;
Transmitting the user side attribute to an auditing platform of a data storage system, and when the auditing platform audits an application instruction passing through the user side, performing hash operation by taking the user side attribute as an input value of a first hash algorithm to obtain a user side hash value;
receiving a handwritten user name signature of a user side, wherein the handwritten user name signature is consistent with a user name of the user side;
performing hash operation on the input value of the second hash algorithm of the handwriting user name signature to obtain a signature hash value;
obtaining a private end attribute of each private end and a public end attribute of each public end in a data storage system, and performing hash operation by taking each private end attribute or public end attribute as an input value of a first hash algorithm to obtain a private end hash value and a public end hash value respectively;
generating a private-end key pair according to the sequence of the user-end hash value, the private-end hash value and the signature hash value, wherein the private-end key pair comprises a private public key and a private key, the private public key is stored in the private end, and the private key is stored in the user end;
generating a public key pair according to the sequence of the hash value of the user side, the hash value of the public side and the hash value of the signature, wherein the public key pair comprises a public key and a public private key, the public key is stored in the public side, and the public private key is stored in the user side.
3. The method for controlling data storage according to claim 2, wherein said verifying the validity of the user terminal based on the key pairs of the private terminal and the public terminal, comprises:
generating a legal verification instruction of a user side, and receiving a handwriting signature to be verified input by a user operating the user side according to the legal verification instruction;
calculating the similarity value of the handwritten signature to be verified and the handwritten user name signature, and if the similarity value is not higher than a specified similarity threshold, determining that the user terminal is an illegal user terminal;
if the similarity value is higher than the appointed similarity threshold value, acquiring all private key sets stored in the user terminal, wherein the private key sets consist of private keys and public private keys;
sequentially determining whether each private key is consistent with the private public key of the corresponding private end and whether each public private key is consistent with the public key of the corresponding public end;
and determining that the user side has validity until all the private keys and the private public keys are identical, and the public private keys and the public keys are identical, so that verification is passed.
4. The method of claim 1, wherein generating a tree of null nodes based on the number of finger nodes comprises:
Generating root nodes, wherein the number of the root nodes is 1;
splitting 2 internal nodes below the root node, wherein the 2 internal nodes are respectively positioned at the left and right sides of the root node, judging whether the splitting times of the nodes are equal to the number of finger-shaped nodes at the moment, if the splitting times are equal to the number of finger-shaped nodes at the moment, determining the internal nodes as leaf nodes, and forming an empty node tree by the root node and the leaf nodes, wherein the empty node tree comprises the root node and the leaf nodes;
if the number of splitting times is smaller than the number of finger-shaped nodes, 2 internal nodes are continuously split below each internal node, whether the number of splitting times is equal to the number of finger-shaped nodes or not is judged, and when the number of splitting times is equal to the number of finger-shaped nodes, an empty node tree is formed by the root node, the internal node and the leaf node, and comprises the root node, the internal node and the leaf node.
5. The method for controlling data storage according to claim 4, wherein said encrypting and compressing the data to be stored according to a preset first data encrypting method to obtain root node encrypted data comprises:
receiving a set minimum compression unit, wherein the minimum compression unit consists of a data head, a random marker and a node identifier;
Determining the maximum accommodating capacity of the data heads, splitting data to be stored according to the maximum accommodating capacity, and obtaining a plurality of groups of data head storage data;
generating minimum compression units with the same quantity as the data stored by the data heads, and storing the data stored by each data head into each minimum compression unit in turn;
setting the node identifier of each minimum compression unit to 20 at the same time, and generating a first public key and a first private key based on an encryption algorithm;
and taking the first public key as a random marker of each minimum compression unit, and after the first private key is stored in the private end, performing compression processing on each minimum compression unit to obtain root node encrypted data.
6. The data storage control method according to claim 5, wherein the data storage control method is characterized in that 2-split data set, 4-split data set, and 2 n-1 The segmentation data set is encrypted and compressed according to a second data encryption method to obtain internal node encrypted data, and the method comprises the following steps:
dividing the internal nodes into a first layer internal node, a second layer internal node, an n-1 layer internal node according to the structure of each internal node in the data encryption tree;
extracting an encryption compression algorithm of the internal nodes of the first layer, and executing encryption compression on the 2 segmentation data set according to the encryption compression algorithm of the internal nodes of the first layer to obtain the 2 segmentation encrypted data set;
Extracting encryption compression algorithms of the second layer internal nodes, the first layer internal nodes, and the n-1 layer internal nodes, and respectively executing encryption compression on the 4-segmentation data, the first layer internal nodes, the second layer internal nodes and the n-2 segmentation data set to obtain 4Splitting an encrypted data set, 2 n-1 Segmenting the encrypted data set;
when the pair of 2-split data sets, 4-split data, 2 n-1 When the data set is segmented, a second public key and a second private key are generated, the second private key is stored in the user side, and after the second public key is stored in the private side, the 2-segmentation encrypted data set is summarized, the 2-degree and 2-degree data are summarized n-1 And segmenting the encrypted data set to obtain the encrypted data of the internal node.
7. The data storage control method according to claim 6, wherein said data storage control method further comprises the step of adding 2 n The segmentation data set is encrypted and compressed according to a third data encryption method to obtain leaf node encrypted data, and the method comprises the following steps:
judging the 2 n Segmenting each 2 in the dataset n The size relation between the data volume of the segmentation data and the maximum accommodating volume of the data head of the minimum compression unit;
if each is 2 n The data volume of the segmentation data is larger than the maximum accommodating volume of the data head, and then the capacity expansion operation is carried out on the maximum accommodating volume of the data head;
up to 2 each n Generating and 2 when the data quantity of the segmentation data is smaller than or equal to the maximum accommodating quantity of the data head n Splitting the data set into the same number of minimum compression units and sequentially combining each 2 n The segmentation data are stored to each minimum compression unit;
while setting the node identifier of each minimum compression unit to 2 n Generating a third public key and a third private key based on an encryption algorithm;
and taking the third public key as a random marker of each minimum compression unit, storing the third private key at the private end, and then executing compression processing on each minimum compression unit to obtain leaf node encrypted data.
CN202211334879.4A 2022-10-28 2022-10-28 Data storage control method and device Active CN115630409B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211334879.4A CN115630409B (en) 2022-10-28 2022-10-28 Data storage control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211334879.4A CN115630409B (en) 2022-10-28 2022-10-28 Data storage control method and device

Publications (2)

Publication Number Publication Date
CN115630409A CN115630409A (en) 2023-01-20
CN115630409B true CN115630409B (en) 2023-08-08

Family

ID=84908050

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211334879.4A Active CN115630409B (en) 2022-10-28 2022-10-28 Data storage control method and device

Country Status (1)

Country Link
CN (1) CN115630409B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107330337A (en) * 2017-07-19 2017-11-07 腾讯科技(深圳)有限公司 Date storage method, device, relevant device and the cloud system of mixed cloud
CN110933044A (en) * 2019-11-08 2020-03-27 华中科技大学 A Publicly Auditable Proof of Data Possession in a Distributed Storage System
CN110929293A (en) * 2019-12-11 2020-03-27 佛山科学技术学院 Beauty data storage system based on block chain
CN114297711A (en) * 2021-12-27 2022-04-08 电子科技大学广东电子信息工程研究院 Data security protection method based on cloud server

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11409892B2 (en) * 2018-08-30 2022-08-09 International Business Machines Corporation Enhancing security during access and retrieval of data with multi-cloud storage

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107330337A (en) * 2017-07-19 2017-11-07 腾讯科技(深圳)有限公司 Date storage method, device, relevant device and the cloud system of mixed cloud
CN110933044A (en) * 2019-11-08 2020-03-27 华中科技大学 A Publicly Auditable Proof of Data Possession in a Distributed Storage System
CN110929293A (en) * 2019-12-11 2020-03-27 佛山科学技术学院 Beauty data storage system based on block chain
CN114297711A (en) * 2021-12-27 2022-04-08 电子科技大学广东电子信息工程研究院 Data security protection method based on cloud server

Also Published As

Publication number Publication date
CN115630409A (en) 2023-01-20

Similar Documents

Publication Publication Date Title
CN109831487B (en) Fragmented file verification method and terminal equipment
WO2021189899A1 (en) Link state tracking method and apparatus, and electronic device and computer storage medium
US11563560B2 (en) Blockchain-based data evidence storage method and apparatus
WO2022105135A1 (en) Information verification method and apparatus, and electronic device and storage medium
WO2021174882A1 (en) Data fragment verification method, apparatus, computer device, and readable storage medium
CN112347042A (en) File uploading method and device, electronic equipment and storage medium
CN111859424B (en) Data encryption method, system, terminal and storage medium of physical management platform
CN115017107A (en) Data retrieval method, device, computer equipment and medium based on protection of privacy
CN114996675A (en) Data query method and device, computer equipment and storage medium
CN115270193B (en) Data file secure sharing method and device based on block chain and collaborative synchronization
CN115048664A (en) Data security storage method, device, equipment and medium based on solid state disk
WO2022222350A1 (en) Method for encrypting data, and computing device
CN114881616A (en) Business process execution method and device, electronic equipment and storage medium
CN115859362A (en) Data storage system, method, device and medium based on block chain side chain
CN116340295B (en) Data migration method and device based on multi-type data sources
CN114826736B (en) Information sharing method, device, equipment and storage medium
CN111400270B (en) Block chain-based file time service method and device
CN115630409B (en) Data storage control method and device
CN111611601A (en) Method, device and storage medium for joint training of multi-data user analysis model
CN116975884A (en) Data security storage method and device
CN114036068B (en) Update detection method, device, equipment and storage medium based on privacy security
CN112925753B (en) File additional writing method and device, electronic equipment and storage medium
CN116842012A (en) Method, device, equipment and storage medium for storing Redis cluster in fragments
CN114598715A (en) Method, device and medium for efficient auditing of cloud storage data without bilinear pairing
CN114626103A (en) Data consistency comparison method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A data storage control method and device

Granted publication date: 20230808

Pledgee: Shenzhen hi tech investment small loan Co.,Ltd.

Pledgor: Shenzhen Yuanxing Information Technology Co.,Ltd.

Registration number: Y2025980014858