CN115630409B - Data storage control method and device - Google Patents

Data storage control method and device Download PDF

Info

Publication number
CN115630409B
CN115630409B CN202211334879.4A CN202211334879A CN115630409B CN 115630409 B CN115630409 B CN 115630409B CN 202211334879 A CN202211334879 A CN 202211334879A CN 115630409 B CN115630409 B CN 115630409B
Authority
CN
China
Prior art keywords
data
node
encryption
private
stored
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211334879.4A
Other languages
Chinese (zh)
Other versions
CN115630409A (en
Inventor
张智波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Yuanxing Information Technology Co ltd
Original Assignee
Shenzhen Yuanxing Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Yuanxing Information Technology Co ltd filed Critical Shenzhen Yuanxing Information Technology Co ltd
Priority to CN202211334879.4A priority Critical patent/CN115630409B/en
Publication of CN115630409A publication Critical patent/CN115630409A/en
Application granted granted Critical
Publication of CN115630409B publication Critical patent/CN115630409B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of data storage, and discloses a data storage control method and device, wherein the method comprises the following steps: starting a data storage system according to a data storage instruction, wherein the data storage system consists of a private end, a public end and a user end, a root indexes data to be stored and the encryption node number of the data to be stored from the user end, the data to be stored is segmented based on the encryption node number to obtain a segmented data set with the same number as the data to be stored, a data encryption tree is generated according to the segmented data set and the data to be stored, the root node encryption data of the data encryption tree is stored to the user end, the leaf node encryption data is respectively stored to the private end and the public end according to proportion, the internal node encryption data is respectively stored to the private end and the user end according to proportion, and the storage control of the data is completed. The invention mainly aims to solve the problem of contradiction between large-scale storage and safety when data are stored and controlled.

Description

Data storage control method and device
Technical Field
The invention relates to a data storage control method and device, and belongs to the technical field of data storage.
Background
At present, along with technological development, various systems related to industries and personal demands are developed successively, so that the living convenience of people is greatly improved, but the data volume of various systems is increased in a blowout way, and the problem of how to efficiently store data is the problem to be solved currently.
The common data storage control method mainly depends on a user end, a private end and a public end, namely, the data storage and control are realized through the imagination and coordination of the user end, the private end and the public end. The private end is a cloud system which is constructed according to the enterprises, companies, scientific institutions and the like where the user end is located and can provide high data security, the public end is generally provided by a third party provider, and a cloud which can be stored in a large scale but is shared with other unit storage resources is constructed according to the unit requirements of the enterprises, the companies, the scientific institutions and the like.
In contrast, the user side has poorer exchange and sharing properties for data, the private side is safer, but is not suitable for large-scale storage, and the public side has lower security although the public side can realize large-scale storage. Therefore, the partial data storage method adopts a cross storage method, namely, data is divided into important data and non-important data, wherein the important data is stored to a private end, the non-important data is stored to a public end, the method realizes the advantages of the public end and the private end, but not all data can be divided into the important data and the non-important data, in addition, when data leakage occurs in simple data splitting, the tracing of the data is extremely difficult, and therefore, the problem of contradiction between large-scale storage and safety is still faced in the control of the data storage.
Disclosure of Invention
The invention provides a data storage control method, a data storage control device and a computer readable storage medium, which mainly aim to solve the problem that large-scale storage and security contradict when data storage control is realized.
In order to achieve the above object, the present invention provides a data storage control method, including:
receiving a data storage instruction initiated by a user terminal, and starting a data storage system according to the data storage instruction, wherein the data storage system consists of a private terminal, a public terminal and a user terminal, and the private terminal and the public terminal respectively store a key pair for verifying the legitimacy of the user terminal;
verifying the legitimacy of the user terminal based on the key pairs of the private terminal and the public terminal, and when the legitimacy verification passes, retrieving data to be stored from the user terminal according to the data storage instruction;
calculating the data quantity of the data to be stored, determining the encryption node number of the data to be stored by using the data quantity, and dividing the data to be stored based on the encryption node number to obtain a divided data set with the same quantity as the data to be stored;
generating a data encryption tree according to the segmentation data set and the data to be stored, wherein the data encryption tree consists of a root node and a plurality of leaf nodes, the root node corresponds to the root node encryption data and is generated by the data to be stored, and each leaf node and each internal node respectively correspond to the leaf node encryption data and the internal node encryption data and are generated by the segmentation data set;
And storing the root node encrypted data of the data encryption tree to a user terminal, and storing the leaf node encrypted data to a private terminal and a public terminal respectively according to the proportion, and storing the internal node encrypted data to the private terminal and the user terminal respectively according to the proportion to finish the storage control of the data.
Optionally, the storing process of the key pair includes:
receiving an application instruction of adding the user terminal into the data storage system, and acquiring the user terminal attribute of the user terminal according to the application instruction, wherein the user terminal attribute comprises a user name and a user password of the user terminal, a user terminal IP address, a user terminal port value, a user terminal registration place and user terminal operation permission information.
Transmitting the user side attribute to an auditing platform of a data storage system, and when the auditing platform audits an application instruction passing through the user side, performing hash operation by taking the user side attribute as an input value of a first hash algorithm to obtain a user side hash value;
receiving a handwritten user name signature of a user side, wherein the handwritten user name signature is consistent with a user name of the user side;
performing hash operation on the input value of the second hash algorithm of the handwriting user name signature to obtain a signature hash value;
obtaining a private end attribute of each private end and a public end attribute of each public end in a data storage system, and performing hash operation by taking each private end attribute or public end attribute as an input value of a first hash algorithm to obtain a private end hash value and a public end hash value respectively;
Generating a private-end key pair according to the sequence of the user-end hash value, the private-end hash value and the signature hash value, wherein the private-end key pair comprises a private public key and a private key, the private public key is stored in the private end, and the private key is stored in the user end;
generating a public key pair according to the sequence of the hash value of the user side, the hash value of the public side and the hash value of the signature, wherein the public key pair comprises a public key and a public private key, the public key is stored in the public side, and the public private key is stored in the user side.
Optionally, the verifying the validity of the user terminal based on the key pairs of the private terminal and the public terminal includes:
generating a legal verification instruction of a user side, and receiving a handwriting signature to be verified input by a user operating the user side according to the legal verification instruction;
calculating the similarity value of the handwritten signature to be verified and the handwritten user name signature, and if the similarity value is not higher than a specified similarity threshold, determining that the user terminal is an illegal user terminal;
if the similarity value is higher than the appointed similarity threshold value, acquiring all private key sets stored in the user terminal, wherein the private key sets consist of private keys and public private keys;
sequentially determining whether each private key is consistent with the private public key of the corresponding private end and whether each public private key is consistent with the public key of the corresponding public end;
And determining that the user side has validity until all the private keys and the private public keys are identical, and the public private keys and the public keys are identical, so that verification is passed.
Optionally, the determining the number of encryption nodes of the data to be stored by using the data volume includes:
receiving the set highest number of the encryption nodes and the set lowest number of the encryption nodes;
taking the data volume as an entry of the following formula, and determining the encryption node number of the data to be stored by combining the highest encryption node number and the lowest encryption node number:
wherein A is i Encryption node number and Byte representing data to be stored of ith user terminal i Representing the data quantity j of the data to be stored of the ith user side max Represents the highest number of encryption nodes, j min Representing the lowest number of encryption nodes.
Optionally, the dividing the data to be stored based on the number of encryption nodes to obtain a divided data set with the same number as the data to be stored includes:
calculating whether the encryption node number is an exponential multiple of 2, if the encryption node number is not the exponential multiple of 2, increasing the encryption node number until the encryption node number is the exponential multiple of 2, and determining that the encryption node number is the finger node number;
calculating an index value of the finger node number pair 2, and simultaneously cutting the data to be stored into 2 according to the sequence of the data structure of the data to be stored to obtain a 2 segmentation data set, wherein the 2 segmentation data set comprises 2 groups of 2 segmentation data;
Judging whether the data quantity of the 2-segmentation data set is equal to an index value, if the data quantity of the 2-segmentation data set is not equal to the index value, repeating the segmentation step, namely cutting the 2-segmentation data into 2 according to the sequence of the data structure of each group of 2-segmentation data in the 2-segmentation data set to obtain a 4-segmentation data set, wherein the 4-segmentation data set comprises 4 groups of 4-segmentation data;
up to 2 n The segmentation number n of the segmentation data set is equal to the index value, and 2 segmentation data sets, 4 segmentation data sets, … and 2 are summarized n And segmenting the data set to obtain a segmented data set.
Optionally, the generating a data encryption tree according to the segmentation data set and the data to be stored includes:
generating an empty node tree according to the finger node number, wherein the empty node tree comprises a root node, an internal node and a leaf node;
encrypting and compressing the data to be stored according to a preset first data encryption method to obtain root node encrypted data, and putting the root node encrypted data into a root node;
2-segment data set, 4-segment data, …, 2 of the segment data set n-1 The segmentation data set is encrypted and compressed according to a second data encryption method to obtain internal node encrypted data, and the internal node encrypted data are respectively put into the internal nodes;
Will 2 n Encrypting and compressing the segmentation data set according to a third data encryption method to obtain leaf nodesPoint-encrypting data, and respectively putting the leaf node encrypted data into leaf nodes;
summarizing all root nodes, internal nodes and leaf nodes comprising root node encrypted data, internal node encrypted data and leaf node encrypted data to obtain the data encryption tree.
Optionally, the generating a null node tree according to the finger node number includes:
generating root nodes, wherein the number of the root nodes is 1;
splitting 2 internal nodes below the root node, wherein the 2 internal nodes are respectively positioned at the left and right sides of the root node, judging whether the splitting times of the nodes are equal to the number of finger-shaped nodes at the moment, if the splitting times are equal to the number of finger-shaped nodes at the moment, determining the internal nodes as leaf nodes, and forming an empty node tree by the root node and the leaf nodes, wherein the empty node tree comprises the root node and the leaf nodes;
if the number of splitting times is smaller than the number of finger-shaped nodes, 2 internal nodes are continuously split below each internal node, whether the number of splitting times is equal to the number of finger-shaped nodes or not is judged, and when the number of splitting times is equal to the number of finger-shaped nodes, an empty node tree is formed by the root node, the internal node and the leaf node, and comprises the root node, the internal node and the leaf node.
Optionally, the encrypting and compressing the data to be stored according to a preset first data encrypting method to obtain root node encrypted data, including:
receiving a set minimum compression unit, wherein the minimum compression unit consists of a data head, a random marker and a node identifier;
determining the maximum accommodating capacity of the data heads, splitting data to be stored according to the maximum accommodating capacity, and obtaining a plurality of groups of data head storage data;
generating minimum compression units with the same quantity as the data stored by the data heads, and storing the data stored by each data head into each minimum compression unit in turn;
while setting the node identifier of each minimum compression unit to 2 0 And based on encryptionThe algorithm generates a first public key and a first private key;
and taking the first public key as a random marker of each minimum compression unit, and after the first private key is stored in the private end, performing compression processing on each minimum compression unit to obtain root node encrypted data.
Optionally, the 2-segment data set, 4-segment data, …, 2 of the split data sets n-1 The segmentation data set is encrypted and compressed according to a second data encryption method to obtain internal node encrypted data, and the method comprises the following steps:
Dividing the internal nodes into a first layer internal node, a second layer internal node, … and an n-1 layer internal node according to the structure of each internal node in the data encryption tree;
extracting an encryption compression algorithm of the internal nodes of the first layer, and executing encryption compression on the 2 segmentation data set according to the encryption compression algorithm of the internal nodes of the first layer to obtain the 2 segmentation encrypted data set;
encryption compression algorithm for extracting internal nodes of the second layer, … and internal nodes of the n-1 layer respectively performs encryption compression on the 4-segmentation data, … and n-2-segmentation data sets to obtain 4-segmentation encrypted data sets, … and 2 n-1 Segmenting the encrypted data set;
when the data set 2 is segmented, the data set 4 is segmented, …, 2 n-1 When the data set is segmented, a second public key and a second private key are generated, the second private key is stored in the user side, and after the second public key is stored in the private side, the 2 segmented encrypted data set, … and 2 are summarized n-1 And segmenting the encrypted data set to obtain the encrypted data of the internal node.
Alternatively, the said will be 2 n The segmentation data set is encrypted and compressed according to a third data encryption method to obtain leaf node encrypted data, and the method comprises the following steps:
judging the 2 n Segmenting each 2 in the dataset n The size relation between the data volume of the segmentation data and the maximum accommodating volume of the data head of the minimum compression unit;
If each is 2 n The data volume of the sliced data is larger than the maximum accommodating volume of the data head, and the maximum accommodating volume of the data head is obtainedThe accommodation amount performs an expansion operation;
up to 2 each n Generating and 2 when the data quantity of the segmentation data is smaller than or equal to the maximum accommodating quantity of the data head n Splitting the data set into the same number of minimum compression units and sequentially combining each 2 n The segmentation data are stored to each minimum compression unit;
while setting the node identifier of each minimum compression unit to 2 n Generating a third public key and a third private key based on an encryption algorithm;
and taking the third public key as a random marker of each minimum compression unit, storing the third private key at the private end, and then executing compression processing on each minimum compression unit to obtain leaf node encrypted data.
In order to solve the above problems, the present invention also provides a data storage control apparatus, the apparatus comprising:
the system comprises a user side verification module, a data storage system and a data storage module, wherein the user side verification module is used for receiving a data storage instruction initiated by a user side, starting the data storage system according to the data storage instruction, the data storage system consists of a private side, a public side and a user side, wherein the private side and the public side respectively store key pairs for verifying the validity of the user side, the validity of the user side is verified based on the key pairs of the private side and the public side, and when the validity verification passes, the data to be stored is searched and extracted from the user side according to the data storage instruction;
The data segmentation module is used for calculating the data quantity of the data to be stored, determining the number of encryption nodes of the data to be stored by utilizing the data quantity, and segmenting the data to be stored based on the number of the encryption nodes to obtain segmented data sets with the same number as the data to be stored;
the data encryption tree generation module is used for generating a data encryption tree according to the segmentation data set and the data to be stored, wherein the data encryption tree consists of a root node and a plurality of leaf nodes, the root node corresponds to the root node encryption data and is generated by the data to be stored, and each leaf node and each internal node respectively correspond to the leaf node encryption data and the internal node encryption data and are generated by the segmentation data set;
the storage control module is used for storing the root node encrypted data of the data encryption tree to the user side, the leaf node encrypted data are respectively stored to the private side and the public side according to the proportion, the internal node encrypted data are respectively stored to the private side and the user side according to the proportion, and the storage control of the data is completed.
In order to solve the above-mentioned problems, the present invention also provides an electronic apparatus including:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,,
The memory stores instructions executable by the at least one processor to implement the data storage control method described above.
In order to solve the above-described problems, the present invention also provides a computer-readable storage medium having stored therein at least one instruction that is executed by a processor in an electronic device to implement the above-described data storage control method.
Compared with the problems in the prior art, the embodiment of the invention firstly receives the data storage instruction initiated by the user terminal, starts the data storage system according to the data storage instruction, wherein the data storage system consists of a private terminal, a public terminal and a user terminal, the private terminal and the public terminal respectively store key pairs for verifying the validity of the user terminal, the key pairs mainly play a role in verifying the validity of the user terminal, thereby improving the safety of storage control of data, when the validity verification is passed, the data to be stored is extracted from the user terminal according to the data storage instruction, the data quantity of the data to be stored is calculated, the encryption node number of the data to be stored is determined by the data quantity, and the data to be stored is divided based on the encryption node number, so as to obtain the same number of divided data sets as the data to be stored, the main purpose of the embodiment of the invention is to continuously and repeatedly divide the data to be stored, so that the data to be stored is fragmented, even if part of the divided data is leaked, the key pairs cannot cause important safety, therefore, the data encryption tree is generated according to the divided data sets and the data to be stored, the divided data encryption tree is generated, the data to be divided into a root node and a plurality of leaf nodes correspond to the root node and a leaf node, the root node and the leaf node are respectively used for storing the encrypted data, the root node and the root node are respectively corresponding to the root node of the encrypted data to the root node, and the root node is used for storing the encrypted data, and the root node of the encrypted data to the root node and the node is the root node, and the root node and the node is the leaf node and the node, the data encryption tree constructed by the embodiment of the invention is divided into important data and non-important data which are respectively stored in the private end and the public end, compared with the prior art, the problem of tracing when the data is leaked is solved, because the data encryption tree has a progressive logic relationship, the root node corresponds to the root node encryption data, each leaf node and the internal node respectively correspond to the leaf node encryption data and the internal node encryption data, and each leaf node and the internal node are generated by the data of the root node on the premise of ensuring the data security. Therefore, the data storage control method, the data storage control device, the electronic equipment and the computer readable storage medium mainly aim to solve the problem that large-scale storage and security contradiction are faced when data storage control is realized.
Drawings
FIG. 1 is a flow chart of a method for controlling data storage according to an embodiment of the invention;
FIG. 2 is a functional block diagram of a data storage control device according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device for implementing the data storage control method according to an embodiment of the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The embodiment of the application provides a data storage control method. The execution body of the data storage control method includes, but is not limited to, at least one of a server, a terminal, and the like, which can be configured to execute the method provided by the embodiment of the application. In other words, the storage control method of the data may be performed by software or hardware installed in the terminal device or the server device. The service end includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like.
Example 1:
referring to fig. 1, a flow chart of a method for controlling data storage according to an embodiment of the invention is shown. In this embodiment, the method for controlling storage of data includes:
S1, receiving a data storage instruction initiated by a user terminal, and starting a data storage system according to the data storage instruction, wherein the data storage system consists of a private terminal, a public terminal and a user terminal, and the private terminal and the public terminal respectively store a key pair for verifying the legitimacy of the user terminal.
In the embodiment of the invention, the data storage system generally comprises a plurality of user terminals, a plurality of private terminals and a plurality of public terminals. The private end is a cloud end which is constructed according to enterprises, companies, scientific research institutions and other units where a plurality of user ends are located and can provide high security for data, and is relatively safer but not suitable for large-scale storage. The public terminal is generally provided by a third party provider, and a cloud terminal which can be stored in a large scale but is shared with other unit storage resources is constructed according to the demands of enterprises, companies, scientific research institutions and other units, namely the public terminal.
It can be understood that the private end belongs to the unit where the plurality of user ends are located, and is managed by the unit by itself, so that the security is high but the maintainability is poor, and the public end can be stored in a large scale, but the security is poor due to the resource sharing and the maintenance of a third party.
Compared with the traditional data storage method, in order to overcome the defects of the private end and the public end, the embodiment of the invention provides a novel data storage method by combining the advantages of the public end and the private end. The new data storage method firstly needs to verify the validity of a user side before realizing data storage, so that the data storage system is built, a private side and a public side respectively store key pairs for verifying the validity of the user side, and the storage process of the key pairs comprises the following steps:
receiving an application instruction of adding the user terminal into the data storage system, and acquiring the user terminal attribute of the user terminal according to the application instruction, wherein the user terminal attribute comprises a user name and a user password of the user terminal, a user terminal IP address, a user terminal port value, a user terminal registration place and user terminal operation permission information.
Transmitting the user side attribute to an auditing platform of a data storage system, and when the auditing platform audits an application instruction passing through the user side, performing hash operation by taking the user side attribute as an input value of a first hash algorithm to obtain a user side hash value;
receiving a handwritten user name signature of a user side, wherein the handwritten user name signature is consistent with a user name of the user side;
Performing hash operation on the input value of the second hash algorithm of the handwriting user name signature to obtain a signature hash value;
obtaining a private end attribute of each private end and a public end attribute of each public end in a data storage system, and performing hash operation by taking each private end attribute or public end attribute as an input value of a first hash algorithm to obtain a private end hash value and a public end hash value respectively;
generating a private-end key pair according to the sequence of the user-end hash value, the private-end hash value and the signature hash value, wherein the private-end key pair comprises a private public key and a private key, the private public key is stored in the private end, and the private key is stored in the user end;
generating a public key pair according to the sequence of the hash value of the user side, the hash value of the public side and the hash value of the signature, wherein the public key pair comprises a public key and a public private key, the public key is stored in the public side, and the public private key is stored in the user side.
For example, the small sheet is a newly added employee of a certain scientific research institution, a certain scientific research is being carried out, and an important scientific research file is generated in the carrying-out process, so that the small sheet needs to store the scientific research file into a data storage system designated by the scientific research institution, and the small Zhang Anzhao meets the technical requirements, and initiates an application instruction added into the data storage system according to a user terminal.
Further, the first hash algorithm according to the embodiment of the present invention is generally different from the second hash algorithm, where the first hash algorithm includes, but is not limited to, MD5, SHA-1, SHA-256, etc., and the second hash algorithm includes, but is not limited to, perceptual hash algorithm, dHash, etc.
And S2, verifying the validity of the user terminal based on the key pairs of the private terminal and the public terminal, and when verification passes, retrieving data to be stored from the user terminal according to the data storage instruction.
It can be understood that the private key of each private end and the private key of the public end are stored in the user end, and the validity of the user end can be verified through the correspondence between the private key and the public key, specifically, the verification of the validity of the user end based on the respective key pairs of the private end and the public end comprises the following steps:
generating a legal verification instruction of a user side, and receiving a handwriting signature to be verified input by a user operating the user side according to the legal verification instruction;
calculating the similarity value of the handwritten signature to be verified and the handwritten user name signature, and if the similarity value is not higher than a specified similarity threshold, determining that the user terminal is an illegal user terminal;
if the similarity value is higher than the appointed similarity threshold value, acquiring all private key sets stored in the user terminal, wherein the private key sets consist of private keys and public private keys;
Sequentially determining whether each private key is consistent with the private public key of the corresponding private end and whether each public private key is consistent with the public key of the corresponding public end;
and determining that the user side has validity until all the private keys and the private public keys are identical, and the public private keys and the public keys are identical, so that verification is passed.
Illustratively, the sheetlet has initiated an application instruction to join the data storage system based on its own client, and the application passes through, the user side representing the small sheet is already affiliated to the data storage system. The scientific research file is uploaded at present, so that the requirements are installed, a hand-written signature to be verified is firstly written again, then the consistency judgment is carried out on the private key set stored by the user terminal where the user terminal is located and the public keys of the private terminal and the public terminal of the data storage system in sequence until the requirements are met, and the user terminal where the small sheet is located is determined to be a legal user terminal.
S3, calculating the data quantity of the data to be stored, determining the encryption node number of the data to be stored by using the data quantity, and dividing the data to be stored based on the encryption node number to obtain a divided data set with the same quantity as the data to be stored.
It should be explained that, in order to improve the security of data storage, the embodiments of the present invention make full use of the advantages of the public end and the private end, firstly segment the data to be stored, and then construct a data encryption tree, where the data encryption tree reflects the segmentation logic and encryption logic of the segmented data set, so that the storage security can be effectively improved according to the data encryption tree.
For example, 120M of the scientific files to be uploaded are taken as a small sheet, and the encryption node number is determined according to the scientific files of 120M. In detail, the determining the number of encryption nodes of the data to be stored by using the data amount includes:
receiving the set highest number of the encryption nodes and the set lowest number of the encryption nodes;
taking the data volume as an entry of the following formula, and determining the encryption node number of the data to be stored by combining the highest encryption node number and the lowest encryption node number:
wherein A is i Encryption node number and Byte representing data to be stored of ith user terminal i Representing the data quantity j of the data to be stored of the ith user side max Represents the highest number of encryption nodes, j min Representing the lowest number of encryption nodes.
It can be understood that the embodiment of the invention can effectively calculate the number of encryption nodes of the data to be stored according to the data quantity of the data to be stored, thereby preparing for the subsequent segmentation of the data to be stored.
In detail, the dividing the data to be stored based on the number of encryption nodes to obtain a divided data set with the same number as the data to be stored, including:
calculating whether the encryption node number is an exponential multiple of 2, if the encryption node number is not the exponential multiple of 2, increasing the encryption node number until the encryption node number is the exponential multiple of 2, and determining that the encryption node number is the finger node number;
Calculating an index value of the finger node number pair 2, and simultaneously cutting the data to be stored into 2 according to the sequence of the data structure of the data to be stored to obtain a 2 segmentation data set, wherein the 2 segmentation data set comprises 2 groups of 2 segmentation data;
judging whether the segmentation times of the 2 segmentation data set are equal to the index value, if the segmentation times of the 2 segmentation data set are not equal to the index value, repeating the segmentation step, namely cutting the 2 segmentation data into 2 according to the sequence of the data structure of each group of 2 segmentation data in the 2 segmentation data set to obtain a 4-segmentation data set, wherein the 4-segmentation data set comprises 4 groups of 4-segmentation data;
up to 2 n The segmentation number n of the segmentation data set is equal to the index value, and 2 segmentation data sets, 4 segmentation data sets, … and 2 are summarized n And segmenting the data set to obtain a segmented data set.
For example, if the number of encryption nodes of the scientific research file to be uploaded is 7, and since 7 is not an exponential multiple of 2, the number of expanded encryption nodes is 8, and the index of 8 to 2 is 3, then 8 is called a finger node number, and represents that 2-segment data sets, 4-segment data sets and 8-segment data sets need to be calculated altogether. Further, if the scientific research file includes various pictures arranged in sequence, a series of scientific research pictures are divided into 2 according to the middle as a segmentation point to obtain 2 segmentation data sets, wherein each 2 segmentation data set is different from each other but has a sequence, and the like, and each 2 segmentation data set still performs segmentation, so that 4 segmentation data sets and 8 segmentation data sets are obtained.
S4, generating a data encryption tree according to the segmentation data set and the data to be stored, wherein the data encryption tree consists of a root node and a plurality of leaf nodes, the root node corresponds to the root node encryption data and is generated by the data to be stored, and each leaf node and each internal node respectively correspond to the leaf node encryption data and the internal node encryption data and are generated by the segmentation data set.
It can be understood that the embodiment of the invention further needs to construct a data encryption tree, so that the storage of the data to be stored is realized according to the data encryption tree. In detail, the generating a data encryption tree according to the segmentation data set and the data to be stored includes:
generating an empty node tree according to the finger node number, wherein the empty node tree comprises a root node, an internal node and a leaf node;
encrypting and compressing the data to be stored according to a preset first data encryption method to obtain root node encrypted data, and putting the root node encrypted data into a root node;
2-segment data set, 4-segment data, …, 2 of the segment data set n-1 The segmentation data set is encrypted and compressed according to a second data encryption method to obtain internal node encrypted data, and the internal node encrypted data are respectively put into the internal nodes;
Will 2 n Encrypting and compressing the segmentation data set according to a third data encryption method to obtain leaf node encrypted data, and dividing the leaf node encrypted dataPutting the leaf nodes into the leaf nodes;
summarizing all root nodes, internal nodes and leaf nodes comprising root node encrypted data, internal node encrypted data and leaf node encrypted data to obtain the data encryption tree.
The method includes the steps that an example is that a small sheet is required to upload a scientific research file, the number of the determined finger-shaped nodes is 8, an empty node tree corresponding to the number of the finger-shaped nodes 8 is generated, further, the scientific research file is encrypted and compressed according to a first data encryption method to obtain root node encrypted data, in addition, a 2 segmentation data set and a 4 segmentation data set are used as internal node encrypted data, and the 8 segmentation data set is used as leaf node encrypted data, so that a data encryption tree is constructed.
Further, the generating a null node tree according to the finger node number includes:
generating root nodes, wherein the number of the root nodes is 1;
splitting 2 internal nodes below the root node, wherein the 2 internal nodes are respectively positioned at the left and right sides of the root node, judging whether the splitting times of the nodes are equal to the number of finger-shaped nodes at the moment, if the splitting times are equal to the number of finger-shaped nodes at the moment, determining the internal nodes as leaf nodes, and forming an empty node tree by the root node and the leaf nodes, wherein the empty node tree comprises the root node and the leaf nodes;
If the number of splitting times is smaller than the number of finger-shaped nodes, 2 internal nodes are continuously split below each internal node, whether the number of splitting times is equal to the number of finger-shaped nodes or not is judged, and when the number of splitting times is equal to the number of finger-shaped nodes, an empty node tree is formed by the root node, the internal node and the leaf node, and comprises the root node, the internal node and the leaf node.
For example, if the number of finger-shaped nodes of the scientific research file to be uploaded is 8, the corresponding empty node tree structure is 1 for the root node, 2 for the root node to the internal node of the first layer, 4 for the internal node of the first layer to the internal node of the second layer, and 8 for the leaf node.
Further, the encrypting and compressing the data to be stored according to the preset first data encrypting method to obtain root node encrypted data, which includes:
receiving a set minimum compression unit, wherein the minimum compression unit consists of a data head, a random marker and a node identifier;
determining the maximum accommodating capacity of the data heads, splitting data to be stored according to the maximum accommodating capacity, and obtaining a plurality of groups of data head storage data;
generating minimum compression units with the same quantity as the data stored by the data heads, and storing the data stored by each data head into each minimum compression unit in turn;
While setting the node identifier of each minimum compression unit to 2 0 Generating a first public key and a first private key based on an encryption algorithm;
and taking the first public key as a random marker of each minimum compression unit, and after the first private key is stored in the private end, performing compression processing on each minimum compression unit to obtain root node encrypted data.
For example, a small scientific research file is taken as data to be stored, 10M is taken as the total data, and the maximum accommodating amount of the data head of each minimum compression unit is 1M, then 10 groups of minimum compression units are needed to be generated firstly for encrypting and compressing the data to be stored, the data head of each group of minimum compression units comprises 1M data to be stored, and in order to distinguish that the data source stored in the minimum compression unit is the data to be stored, a node identifier is set to 2 0 The data representing the minimum compression unit corresponds to the root node of the number of encryption nodes. Further, encryption algorithms include, but are not limited to AES, DES, blowfish, CAST, and the like.
In addition, the 2-segment data set, 4-segment data, …, 2 of the to-be-segmented data sets n-1 The segmentation data set is encrypted and compressed according to a second data encryption method to obtain internal node encrypted data, and the method comprises the following steps:
Dividing the internal nodes into a first layer internal node, a second layer internal node, … and an n-1 layer internal node according to the structure of each internal node in the data encryption tree;
extracting an encryption compression algorithm of the internal nodes of the first layer, and executing encryption compression on the 2 segmentation data set according to the encryption compression algorithm of the internal nodes of the first layer to obtain the 2 segmentation encrypted data set;
encryption compression algorithm for extracting internal nodes of the second layer, … and internal nodes of the n-1 layer respectively performs encryption compression on the 4-segmentation data, … and n-2-segmentation data sets to obtain 4-segmentation encrypted data sets, … and 2 n-1 Segmenting the encrypted data set;
when the data set 2 is segmented, the data set 4 is segmented, …, 2 n-1 When the data set is segmented, a second public key and a second private key are generated, the second private key is stored in the user side, and after the second public key is stored in the private side, the 2 segmented encrypted data set, … and 2 are summarized n-1 And segmenting the encrypted data set to obtain the encrypted data of the internal node.
It should be explained that the encryption and compression algorithms of the internal nodes of each layer may be the same or different, and the encryption and compression algorithms used are all disclosed technical contents and are not described herein.
Finally, said will be 2 n The segmentation data set is encrypted and compressed according to a third data encryption method to obtain leaf node encrypted data, and the method comprises the following steps:
Judging the 2 n Segmenting each 2 in the dataset n The size relation between the data volume of the segmentation data and the maximum accommodating volume of the data head of the minimum compression unit;
if each is 2 n The data volume of the segmentation data is larger than the maximum accommodating volume of the data head, and then the capacity expansion operation is carried out on the maximum accommodating volume of the data head;
up to 2 each n Generating and 2 when the data quantity of the segmentation data is smaller than or equal to the maximum accommodating quantity of the data head n Splitting the data set into the same number of minimum compression units and sequentially combining each 2 n The segmentation data are stored to each minimum compression unit;
while setting the node identifier of each minimum compression unit to 2 n Generating a third public key and a third private key based on an encryption algorithm;
and taking the third public key as a random marker of each minimum compression unit, storing the third private key at the private end, and then executing compression processing on each minimum compression unit to obtain leaf node encrypted data.
It can be appreciated that the operations described above can be implemented to treat stored data, 2-split data sets, 4-split data, …, 2 n -1 Segmentation dataset, 2 n And (5) encrypting and compressing the cut data, thereby obtaining a corresponding data encryption tree.
S5, storing the root node encrypted data of the data encryption tree to the user side, respectively storing the leaf node encrypted data to the private side and the public side according to the proportion, respectively storing the internal node encrypted data to the private side and the user side according to the proportion, and completing the storage control of the data.
In the embodiment of the invention, because the root node encrypted data of the data encryption tree is compressed, the data size is smaller than the original data to be stored, and the root node encrypted data is stored to the user side for the user to operate the method at any time. In addition, the purpose of storing the encrypted data of the internal node to the private end and the public end respectively according to the proportion is to prevent the whole data from being lost due to invasion of the private end or the public end, the problem can be effectively avoided through separate storage, and in order to improve the safety of data storage, the embodiment of the invention stores the encrypted data of the finer leaf node to the private end and the public end in the same proportion.
Compared with the problems in the prior art, the embodiment of the invention firstly receives the data storage instruction initiated by the user terminal, starts the data storage system according to the data storage instruction, wherein the data storage system consists of a private terminal, a public terminal and a user terminal, the private terminal and the public terminal respectively store key pairs for verifying the validity of the user terminal, the key pairs mainly play a role in verifying the validity of the user terminal, thereby improving the safety of storage control of data, when the validity verification is passed, the data to be stored is extracted from the user terminal according to the data storage instruction, the data quantity of the data to be stored is calculated, the encryption node number of the data to be stored is determined by the data quantity, and the data to be stored is divided based on the encryption node number, so as to obtain the same number of divided data sets as the data to be stored, the main purpose of the embodiment of the invention is to continuously and repeatedly divide the data to be stored, so that the data to be stored is fragmented, even if part of the divided data is leaked, the key pairs cannot cause important safety, therefore, the data encryption tree is generated according to the divided data sets and the data to be stored, the divided data encryption tree is generated, the data to be divided into a root node and a plurality of leaf nodes correspond to the root node and a leaf node, the root node and the leaf node are respectively used for storing the encrypted data, the root node and the root node are respectively corresponding to the root node of the encrypted data to the root node, and the root node is used for storing the encrypted data, and the root node of the encrypted data to the root node and the node is the root node, and the root node and the node is the leaf node and the node, the data encryption tree constructed by the embodiment of the invention is divided into important data and non-important data which are respectively stored in the private end and the public end, compared with the prior art, the problem of tracing when the data is leaked is solved, because the data encryption tree has a progressive logic relationship, the root node corresponds to the root node encryption data, each leaf node and the internal node respectively correspond to the leaf node encryption data and the internal node encryption data, and each leaf node and the internal node are generated by the data of the root node on the premise of ensuring the data security. Therefore, the data storage control method, the data storage control device, the electronic equipment and the computer readable storage medium mainly aim to solve the problem that large-scale storage and security contradiction are faced when data storage control is realized.
Example 2:
fig. 2 is a functional block diagram of a data storage control device according to an embodiment of the present invention.
The data storage control apparatus 100 according to the present invention may be mounted in an electronic device. The data storage control device 100 may include a client verification module 101, a data segmentation module 102, a data encryption tree generation module 103, and a storage control module 104 according to the implemented functions. The module of the invention, which may also be referred to as a unit, refers to a series of computer program segments, which are stored in the memory of the electronic device, capable of being executed by the processor of the electronic device and of performing a fixed function.
The user terminal verification module 101 is configured to receive a data storage instruction initiated by a user terminal, and start a data storage system according to the data storage instruction, where the data storage system is composed of a private terminal, a public terminal and a user terminal, where the private terminal and the public terminal each store a key pair for verifying the validity of the user terminal, and verify the validity of the user terminal based on the key pair of the private terminal and the public terminal, and when the validity verification passes, retrieve data to be stored from the user terminal according to the data storage instruction;
The data splitting module 102 is configured to calculate a data amount of the data to be stored, determine an encryption node number of the data to be stored by using the data amount, and split the data to be stored based on the encryption node number to obtain a split data set with the same number as the data to be stored;
the data encryption tree generating module 103 is configured to generate a data encryption tree according to the splitting dataset and the data to be stored, where the data encryption tree is composed of a root node and a plurality of leaf nodes, the root node corresponds to the root node encryption data and is generated by the data to be stored, and each of the leaf nodes and the internal node corresponds to the leaf node encryption data and the internal node encryption data respectively and is generated by the splitting dataset;
the storage control module 104 is configured to store root node encrypted data of the data encryption tree to the user side, store leaf node encrypted data to the private side and the public side respectively according to a proportion, store internal node encrypted data to the private side and the user side respectively according to a proportion, and complete storage control of the data.
In detail, the modules in the data storage control device 100 in the embodiment of the present invention use the same technical means as the data storage control method described in fig. 1, and can produce the same technical effects, which are not described herein.
Example 3:
fig. 3 is a schematic structural diagram of an electronic device for implementing a method for controlling data storage according to an embodiment of the present invention.
The electronic device 1 may comprise a processor 10, a memory 11, a bus 12 and a communication interface 13, and may further comprise a computer program, such as a storage control program of data, stored in the memory 11 and executable on the processor 10.
The memory 11 includes at least one type of readable storage medium, including flash memory, a mobile hard disk, a multimedia card, a card memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device 1, such as a removable hard disk of the electronic device 1. The memory 11 may in other embodiments also be an external storage device of the electronic device 1, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the electronic device 1. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device 1. The memory 11 may be used not only for storing application software installed in the electronic device 1 and various types of data, such as codes of a storage control program of the data, but also for temporarily storing data that has been output or is to be output.
The processor 10 may be comprised of integrated circuits in some embodiments, for example, a single packaged integrated circuit, or may be comprised of multiple integrated circuits packaged with the same or different functions, including one or more central processing units (Central Processing unit, CPU), microprocessors, digital processing chips, graphics processors, combinations of various control chips, and the like. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects respective parts of the entire electronic device using various interfaces and lines, and executes various functions of the electronic device 1 and processes data by running or executing programs or modules (e.g., a storage Control program of data, etc.) stored in the memory 11, and calling the data stored in the memory 11.
The bus may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. The bus is arranged to enable a connection communication between the memory 11 and at least one processor 10 etc.
Fig. 3 shows only an electronic device with components, it being understood by a person skilled in the art that the structure shown in fig. 3 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than shown, or may combine certain components, or may be arranged in different components.
For example, although not shown, the electronic device 1 may further include a power source (such as a battery) for supplying power to each component, and preferably, the power source may be logically connected to the at least one processor 10 through a power management device, so that functions of charge management, discharge management, power consumption management, and the like are implemented through the power management device. The power supply may also include one or more of any of a direct current or alternating current power supply, recharging device, power failure detection circuit, power converter or inverter, power status indicator, etc. The electronic device 1 may further include various sensors, bluetooth modules, wi-Fi modules, etc., which will not be described herein.
Further, the electronic device 1 may also comprise a network interface, optionally the network interface may comprise a wired interface and/or a wireless interface (e.g. WI-FI interface, bluetooth interface, etc.), typically used for establishing a communication connection between the electronic device 1 and other electronic devices.
The electronic device 1 may optionally further comprise a user interface, which may be a Display, an input unit, such as a Keyboard (Keyboard), or a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying information processed in the electronic device 1 and for displaying a visual user interface.
It should be understood that the embodiments described are for illustrative purposes only and are not limited to this configuration in the scope of the patent application.
The storage control program of the data stored in the memory 11 in the electronic device 1 is a combination of a plurality of instructions, which when executed in the processor 10, can realize:
receiving a data storage instruction initiated by a user terminal, and starting a data storage system according to the data storage instruction, wherein the data storage system consists of a private terminal, a public terminal and a user terminal, and the private terminal and the public terminal respectively store a key pair for verifying the legitimacy of the user terminal;
Verifying the legitimacy of the user terminal based on the key pairs of the private terminal and the public terminal, and when the legitimacy verification passes, retrieving data to be stored from the user terminal according to the data storage instruction;
calculating the data quantity of the data to be stored, determining the encryption node number of the data to be stored by using the data quantity, and dividing the data to be stored based on the encryption node number to obtain a divided data set with the same quantity as the data to be stored;
generating a data encryption tree according to the segmentation data set and the data to be stored, wherein the data encryption tree consists of a root node and a plurality of leaf nodes, the root node corresponds to the root node encryption data and is generated by the data to be stored, and each leaf node and each internal node respectively correspond to the leaf node encryption data and the internal node encryption data and are generated by the segmentation data set;
and storing the root node encrypted data of the data encryption tree to a user terminal, and storing the leaf node encrypted data to a private terminal and a public terminal respectively according to the proportion, and storing the internal node encrypted data to the private terminal and the user terminal respectively according to the proportion to finish the storage control of the data.
Specifically, the specific implementation method of the above instruction by the processor 10 may refer to descriptions of related steps in the corresponding embodiments of fig. 1 to 2, which are not repeated herein.
Further, the modules/units integrated in the electronic device 1 may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as separate products. The computer readable storage medium may be volatile or nonvolatile. For example, the computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM).
The present invention also provides a computer readable storage medium storing a computer program which, when executed by a processor of an electronic device, can implement:
receiving a data storage instruction initiated by a user terminal, and starting a data storage system according to the data storage instruction, wherein the data storage system consists of a private terminal, a public terminal and a user terminal, and the private terminal and the public terminal respectively store a key pair for verifying the legitimacy of the user terminal;
verifying the legitimacy of the user terminal based on the key pairs of the private terminal and the public terminal, and when the legitimacy verification passes, retrieving data to be stored from the user terminal according to the data storage instruction;
Calculating the data quantity of the data to be stored, determining the encryption node number of the data to be stored by using the data quantity, and dividing the data to be stored based on the encryption node number to obtain a divided data set with the same quantity as the data to be stored;
generating a data encryption tree according to the segmentation data set and the data to be stored, wherein the data encryption tree consists of a root node and a plurality of leaf nodes, the root node corresponds to the root node encryption data and is generated by the data to be stored, and each leaf node and each internal node respectively correspond to the leaf node encryption data and the internal node encryption data and are generated by the segmentation data set;
and storing the root node encrypted data of the data encryption tree to a user terminal, and storing the leaf node encrypted data to a private terminal and a public terminal respectively according to the proportion, and storing the internal node encrypted data to the private terminal and the user terminal respectively according to the proportion to finish the storage control of the data.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units can be realized in a form of hardware or a form of hardware and a form of software functional modules.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
Finally, it should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention.

Claims (7)

1. A method of controlling storage of data, the method comprising:
receiving a data storage instruction initiated by a user terminal, and starting a data storage system according to the data storage instruction, wherein the data storage system consists of a private terminal, a public terminal and a user terminal, and the private terminal and the public terminal respectively store a key pair for verifying the legitimacy of the user terminal;
Verifying the legitimacy of the user terminal based on the key pairs of the private terminal and the public terminal, and when the legitimacy verification passes, retrieving data to be stored from the user terminal according to the data storage instruction;
calculating the data quantity of the data to be stored, and determining the encryption node number of the data to be stored by using the data quantity, wherein the method comprises the following steps: receiving the set highest number of the encryption nodes and the set lowest number of the encryption nodes;
taking the data volume as an entry of the following formula, and determining the encryption node number of the data to be stored by combining the highest encryption node number and the lowest encryption node number:
wherein A is i Encryption node number and Byte representing data to be stored of ith user terminal i Representing the data quantity j of the data to be stored of the ith user side max Represents the highest number of encryption nodes, j min Representing the lowest number of encryption nodes; dividing the data to be stored based on the number of encryption nodes to obtain a divided data set with the same number as the data to be stored, wherein the method comprises the following steps: calculating whether the encryption node number is an exponential multiple of 2, if the encryption node number is not the exponential multiple of 2, increasing the encryption node number until the encryption node number is the exponential multiple of 2, and determining that the encryption node number is the finger node number; calculating an index value of the finger node number pair 2, and simultaneously cutting the data to be stored into 2 according to the sequence of the data structure of the data to be stored to obtain a 2 segmentation data set, wherein the 2 segmentation data set comprises 2 groups of 2 segmentation data; judging 2-cut data set If the segmentation times are equal to the index value, repeating the segmentation step, namely cutting 2 segmentation data into 2 according to the sequence of the data structure of each group of 2 segmentation data in the 2 segmentation data set to obtain a 4-segmentation data set, wherein the 4-segmentation data set comprises 4 groups of 4 segmentation data; up to 2 n The number of cuts n of the cut dataset is equal to the index value, and 2 cut datasets, 4 cut data, 2 are summarized n Segmenting the data set to obtain a segmented data set;
generating a data encryption tree according to the segmentation data set and the data to be stored, wherein the data encryption tree comprises the following steps: generating an empty node tree according to the finger node number, wherein the empty node tree comprises a root node, an internal node and a leaf node; encrypting and compressing the data to be stored according to a preset first data encryption method to obtain root node encrypted data, and putting the root node encrypted data into a root node; 2-cut dataset, 4-cut dataset, 2 among the cut datasets n-1 The segmentation data set is encrypted and compressed according to a second data encryption method to obtain internal node encrypted data, and the internal node encrypted data are respectively put into the internal nodes; will 2 n The segmentation data set is encrypted and compressed according to a third data encryption method to obtain leaf node encrypted data, and the leaf node encrypted data are respectively put into leaf nodes; summarizing all root nodes, internal nodes and leaf nodes comprising root node encrypted data, internal node encrypted data and leaf node encrypted data to obtain a data encrypted tree, wherein the data encrypted tree consists of one root node and a plurality of leaf nodes, the root node corresponds to the root node encrypted data and is generated by data to be stored, and each leaf node and internal node respectively correspond to the leaf node encrypted data and the internal node encrypted data and are generated by a segmentation data set;
and storing the root node encrypted data of the data encryption tree to a user terminal, and storing the leaf node encrypted data to a private terminal and a public terminal respectively according to the proportion, and storing the internal node encrypted data to the private terminal and the user terminal respectively according to the proportion to finish the storage control of the data.
2. The data storage control method according to claim 1, wherein the storing of the key pair includes:
receiving an application instruction of a user terminal added to a data storage system, and acquiring a user terminal attribute of the user terminal according to the application instruction, wherein the user terminal attribute comprises a user name and a user password of the user terminal, a user terminal IP address, a user terminal port value, a user terminal registration place and user terminal operation permission information;
Transmitting the user side attribute to an auditing platform of a data storage system, and when the auditing platform audits an application instruction passing through the user side, performing hash operation by taking the user side attribute as an input value of a first hash algorithm to obtain a user side hash value;
receiving a handwritten user name signature of a user side, wherein the handwritten user name signature is consistent with a user name of the user side;
performing hash operation on the input value of the second hash algorithm of the handwriting user name signature to obtain a signature hash value;
obtaining a private end attribute of each private end and a public end attribute of each public end in a data storage system, and performing hash operation by taking each private end attribute or public end attribute as an input value of a first hash algorithm to obtain a private end hash value and a public end hash value respectively;
generating a private-end key pair according to the sequence of the user-end hash value, the private-end hash value and the signature hash value, wherein the private-end key pair comprises a private public key and a private key, the private public key is stored in the private end, and the private key is stored in the user end;
generating a public key pair according to the sequence of the hash value of the user side, the hash value of the public side and the hash value of the signature, wherein the public key pair comprises a public key and a public private key, the public key is stored in the public side, and the public private key is stored in the user side.
3. The method for controlling data storage according to claim 2, wherein said verifying the validity of the user terminal based on the key pairs of the private terminal and the public terminal, comprises:
generating a legal verification instruction of a user side, and receiving a handwriting signature to be verified input by a user operating the user side according to the legal verification instruction;
calculating the similarity value of the handwritten signature to be verified and the handwritten user name signature, and if the similarity value is not higher than a specified similarity threshold, determining that the user terminal is an illegal user terminal;
if the similarity value is higher than the appointed similarity threshold value, acquiring all private key sets stored in the user terminal, wherein the private key sets consist of private keys and public private keys;
sequentially determining whether each private key is consistent with the private public key of the corresponding private end and whether each public private key is consistent with the public key of the corresponding public end;
and determining that the user side has validity until all the private keys and the private public keys are identical, and the public private keys and the public keys are identical, so that verification is passed.
4. The method of claim 1, wherein generating a tree of null nodes based on the number of finger nodes comprises:
Generating root nodes, wherein the number of the root nodes is 1;
splitting 2 internal nodes below the root node, wherein the 2 internal nodes are respectively positioned at the left and right sides of the root node, judging whether the splitting times of the nodes are equal to the number of finger-shaped nodes at the moment, if the splitting times are equal to the number of finger-shaped nodes at the moment, determining the internal nodes as leaf nodes, and forming an empty node tree by the root node and the leaf nodes, wherein the empty node tree comprises the root node and the leaf nodes;
if the number of splitting times is smaller than the number of finger-shaped nodes, 2 internal nodes are continuously split below each internal node, whether the number of splitting times is equal to the number of finger-shaped nodes or not is judged, and when the number of splitting times is equal to the number of finger-shaped nodes, an empty node tree is formed by the root node, the internal node and the leaf node, and comprises the root node, the internal node and the leaf node.
5. The method for controlling data storage according to claim 4, wherein said encrypting and compressing the data to be stored according to a preset first data encrypting method to obtain root node encrypted data comprises:
receiving a set minimum compression unit, wherein the minimum compression unit consists of a data head, a random marker and a node identifier;
Determining the maximum accommodating capacity of the data heads, splitting data to be stored according to the maximum accommodating capacity, and obtaining a plurality of groups of data head storage data;
generating minimum compression units with the same quantity as the data stored by the data heads, and storing the data stored by each data head into each minimum compression unit in turn;
setting the node identifier of each minimum compression unit to 20 at the same time, and generating a first public key and a first private key based on an encryption algorithm;
and taking the first public key as a random marker of each minimum compression unit, and after the first private key is stored in the private end, performing compression processing on each minimum compression unit to obtain root node encrypted data.
6. The data storage control method according to claim 5, wherein the data storage control method is characterized in that 2-split data set, 4-split data set, and 2 n-1 The segmentation data set is encrypted and compressed according to a second data encryption method to obtain internal node encrypted data, and the method comprises the following steps:
dividing the internal nodes into a first layer internal node, a second layer internal node, an n-1 layer internal node according to the structure of each internal node in the data encryption tree;
extracting an encryption compression algorithm of the internal nodes of the first layer, and executing encryption compression on the 2 segmentation data set according to the encryption compression algorithm of the internal nodes of the first layer to obtain the 2 segmentation encrypted data set;
Extracting encryption compression algorithms of the second layer internal nodes, the first layer internal nodes, and the n-1 layer internal nodes, and respectively executing encryption compression on the 4-segmentation data, the first layer internal nodes, the second layer internal nodes and the n-2 segmentation data set to obtain 4Splitting an encrypted data set, 2 n-1 Segmenting the encrypted data set;
when the pair of 2-split data sets, 4-split data, 2 n-1 When the data set is segmented, a second public key and a second private key are generated, the second private key is stored in the user side, and after the second public key is stored in the private side, the 2-segmentation encrypted data set is summarized, the 2-degree and 2-degree data are summarized n-1 And segmenting the encrypted data set to obtain the encrypted data of the internal node.
7. The data storage control method according to claim 6, wherein said data storage control method further comprises the step of adding 2 n The segmentation data set is encrypted and compressed according to a third data encryption method to obtain leaf node encrypted data, and the method comprises the following steps:
judging the 2 n Segmenting each 2 in the dataset n The size relation between the data volume of the segmentation data and the maximum accommodating volume of the data head of the minimum compression unit;
if each is 2 n The data volume of the segmentation data is larger than the maximum accommodating volume of the data head, and then the capacity expansion operation is carried out on the maximum accommodating volume of the data head;
up to 2 each n Generating and 2 when the data quantity of the segmentation data is smaller than or equal to the maximum accommodating quantity of the data head n Splitting the data set into the same number of minimum compression units and sequentially combining each 2 n The segmentation data are stored to each minimum compression unit;
while setting the node identifier of each minimum compression unit to 2 n Generating a third public key and a third private key based on an encryption algorithm;
and taking the third public key as a random marker of each minimum compression unit, storing the third private key at the private end, and then executing compression processing on each minimum compression unit to obtain leaf node encrypted data.
CN202211334879.4A 2022-10-28 2022-10-28 Data storage control method and device Active CN115630409B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211334879.4A CN115630409B (en) 2022-10-28 2022-10-28 Data storage control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211334879.4A CN115630409B (en) 2022-10-28 2022-10-28 Data storage control method and device

Publications (2)

Publication Number Publication Date
CN115630409A CN115630409A (en) 2023-01-20
CN115630409B true CN115630409B (en) 2023-08-08

Family

ID=84908050

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211334879.4A Active CN115630409B (en) 2022-10-28 2022-10-28 Data storage control method and device

Country Status (1)

Country Link
CN (1) CN115630409B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107330337A (en) * 2017-07-19 2017-11-07 腾讯科技(深圳)有限公司 Date storage method, device, relevant device and the cloud system of mixed cloud
CN110929293A (en) * 2019-12-11 2020-03-27 佛山科学技术学院 Beauty data storage system based on block chain
CN110933044A (en) * 2019-11-08 2020-03-27 华中科技大学 Data possession proving method capable of realizing public audit in distributed storage system
CN114297711A (en) * 2021-12-27 2022-04-08 电子科技大学广东电子信息工程研究院 Data security protection method based on cloud server

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11409892B2 (en) * 2018-08-30 2022-08-09 International Business Machines Corporation Enhancing security during access and retrieval of data with multi-cloud storage

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107330337A (en) * 2017-07-19 2017-11-07 腾讯科技(深圳)有限公司 Date storage method, device, relevant device and the cloud system of mixed cloud
CN110933044A (en) * 2019-11-08 2020-03-27 华中科技大学 Data possession proving method capable of realizing public audit in distributed storage system
CN110929293A (en) * 2019-12-11 2020-03-27 佛山科学技术学院 Beauty data storage system based on block chain
CN114297711A (en) * 2021-12-27 2022-04-08 电子科技大学广东电子信息工程研究院 Data security protection method based on cloud server

Also Published As

Publication number Publication date
CN115630409A (en) 2023-01-20

Similar Documents

Publication Publication Date Title
US11563560B2 (en) Blockchain-based data evidence storage method and apparatus
CN115270193B (en) Data file secure sharing method and device based on block chain and collaborative synchronization
WO2021174882A1 (en) Data fragment verification method, apparatus, computer device, and readable storage medium
CN113704781A (en) File secure transmission method and device, electronic equipment and computer storage medium
CN114553532A (en) Data secure transmission method and device, electronic equipment and storage medium
CN116975884B (en) Data security storage method
CN115630409B (en) Data storage control method and device
CN111400270A (en) Block chain-based file time service method and device
CN116089985A (en) Encryption storage method, device, equipment and medium for distributed log
CN115001768A (en) Data interaction method, device and equipment based on block chain and storage medium
CN113918517A (en) Multi-type file centralized management method, device, equipment and storage medium
CN114398678A (en) Registration verification method and device for preventing electronic file from being tampered, electronic equipment and medium
CN116136844A (en) Entity identification information generation method, device, medium and electronic equipment
CN111949738A (en) Block chain-based data storage deduplication method, terminal device and storage medium
CN116880778B (en) User privacy protection method based on regenerative coding and distributed storage
CN113886493B (en) System log security query method, device, equipment and storage medium
CN113626533B (en) Ultraviolet power detection method and device and electronic equipment
CN116340295B (en) Data migration method and device based on multi-type data sources
CN117194348B (en) Household file storage system, method, equipment and storage medium
CN115757915B (en) Online electronic file generation method and device
CN118157928B (en) Information security management method and device based on big data and storage medium
CN113703995B (en) Front-end and back-end data interaction method and device, electronic equipment and storage medium
CN118093727B (en) Order library construction method based on multistage distribution
CN115002100B (en) File transmission method and device, electronic equipment and storage medium
CN110868469B (en) Extensive equipment management algorithm for ubiquitous Internet of things

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant