CN118432793A

CN118432793A - Method, device, equipment, storage medium and product for retrieving encrypted data

Info

Publication number: CN118432793A
Application number: CN202410411660.2A
Authority: CN
Inventors: 唐志军; 潘晓丰; 叶可可; 张鹏; 方有轩; 赖思为; 许明伟
Original assignee: China Mobile Communications Group Co Ltd; China Mobile Information Technology Co Ltd
Current assignee: China Mobile Communications Group Co Ltd; China Mobile Information Technology Co Ltd
Priority date: 2024-04-07
Filing date: 2024-04-07
Publication date: 2024-08-02

Abstract

The invention discloses an encryption data retrieval method, an encryption data retrieval device, encryption data retrieval equipment, an encryption data retrieval storage medium and an encryption data retrieval computer program product, and relates to the technical field of blockchain, wherein the encryption data retrieval method comprises the following steps: determining a target retrieval gateway node corresponding to the retrieval keyword output by the user terminal; after acquiring the order paid by the retrieval user terminal through the target retrieval gateway node, dividing the order into a plurality of batches of orders with preset number, and dividing the encrypted data packet into a plurality of data blocks with preset number through the corresponding target encryption storage nodes in each encryption storage node of the target retrieval gateway node; batch-wise outputting the batch subscription to a target encryption storage node through a target retrieval gateway, and batch-wise receiving each data block through the target retrieval gateway; and outputting each data block to the retrieval user side in batches through the target retrieval gateway. The method can improve the trust degree between the user and the cloud storage.

Description

Method, device, equipment, storage medium and product for retrieving encrypted data

Technical Field

The present invention relates to the field of blockchain technologies, and in particular, to an encrypted data retrieval method, an apparatus, a device, a storage medium, and a computer program product.

Background

With the development of cloud computing, more and more enterprises and individuals utilize this emerging technology to migrate large amounts of data and computing tasks onto cloud platforms to save local storage and computing resources. The cloud platform can access and use user data at any time without limitation. In order to ensure the data availability in the cloud platform and the security, the searchable encryption technology becomes a research hotspot of cloud computing.

The conventional retrievable encryption technical scheme is a data retrieval scheme based on cryptographic primitives, in the encryption storage process of user data with keywords, a pseudo-random number and a hash algorithm are adopted to generate privacy keywords, the privacy keywords and the encrypted data are associated together by a user to form a privacy keyword list, the privacy keyword list is stored on a cloud server, and meanwhile the cloud server provides a search function based on the privacy keywords. When a user needs to search keywords, the keywords are firstly converted into privacy keywords, then privacy keywords are matched with a privacy keyword list at a cloud server end, and if the privacy keywords are successfully matched, search results (encrypted data corresponding to the privacy keywords) are returned to the user. Thus, the keyword search by the user is realized without decrypting the ciphertext.

However, although the conventional retrievable encryption technology can achieve protection of privacy, in the technology, ciphertext transmission and payment channels are separated, and a process of data decryption and a process of transaction are not transparent, so that trust strength between a user and an encrypted cloud service side is insufficient.

Disclosure of Invention

The invention mainly aims to provide an encrypted data retrieval method, an apparatus, a device, a storage medium and a computer program product, and aims to solve the technical problem that trust strength between a user and an encrypted cloud service side in a conventional retrievable encryption technology is insufficient.

In order to achieve the above object, the present invention provides an encrypted data retrieval method applied to an encrypted data retrieval system comprising: an encrypted storage network, the encrypted storage network comprising: a plurality of retrieval gateway nodes and a plurality of encrypted storage nodes; the method comprises the following steps:

Determining a target retrieval gateway node corresponding to the retrieval keyword in each retrieval gateway node based on the retrieval keyword output by the retrieval user terminal;

After acquiring the order paid by the retrieval user terminal through the target retrieval gateway node, dividing the order into a plurality of batches of orders with preset number, and dividing an encrypted data packet into a plurality of data blocks with preset number through the target retrieval gateway node in a corresponding target encryption storage node in each encryption storage node;

each batch of orders are output to the target encryption storage node in batches through the target retrieval gateway, and each data block is received in batches through the target retrieval gateway;

and outputting the data blocks to the retrieval user side in batches through the target retrieval gateway.

Optionally, the step of determining, in each of the search gateway nodes, a target search gateway node corresponding to the search keyword based on the search keyword output by the search user terminal includes:

when receiving a search keyword output by a search user terminal through a block link, outputting a plurality of first search gateway nodes corresponding to the search keyword in the search gateway nodes to the search user terminal based on the search keyword;

When receiving price inquiry requests output by the retrieval user end through the first retrieval gateway nodes, respectively outputting price information of the first retrieval gateway nodes to the retrieval user end through the first retrieval gateway nodes;

And determining a target retrieval gateway node in the order request output by the retrieval user side in each first retrieval gateway node.

Optionally, the encrypted data retrieval system further comprises: a blockchain; the step of outputting, to the search client, a plurality of first search gateway nodes corresponding to the search keyword in each of the search gateway nodes based on the search keyword includes:

inquiring an encrypted data packet label corresponding to the search keyword in the blockchain;

and searching a plurality of first search gateway nodes comprising the encrypted data packet labels in the search gateway nodes, and outputting the first search gateway nodes to the search user side.

Optionally, the step of outputting each batch subscription to the target encryption storage node in batches through the target retrieval gateway, and receiving each data block in batches through the target retrieval gateway includes:

outputting a batch of orders to the target encryption storage node through the target retrieval gateway;

After receiving the batch subscription through the target encryption storage node, outputting a data block to the target retrieval gateway node;

And returning to the step of outputting a batch order to the target encryption storage node through the target retrieval gateway until the data block is output.

Optionally, after the step of outputting each of the data blocks to the retrieval client in batches through the target retrieval gateway, the method further includes:

acquiring price information of the encrypted data packet through the target encrypted storage node;

and returning the balance in the order to the retrieval user side through the retrieval network node according to the price information.

Optionally, the encrypted storage network further comprises: the storage gateway node, the method further comprising:

when a storage request output by a storage user terminal is received through the storage gateway node, verifying the user identity in the storage request;

and after the verification is passed, receiving the encrypted data packet output by the storage user through the storage gateway node, and storing the encrypted data packet into the encrypted storage node.

In addition, in order to achieve the above object, the present invention also provides an encrypted data retrieval system, which includes: an encrypted storage network, the encrypted storage network comprising: a plurality of retrieval gateway nodes and a plurality of encrypted storage nodes; the encrypted data retrieval system further includes:

The retrieval module is used for determining a target retrieval gateway node corresponding to the retrieval keyword in each retrieval gateway node based on the retrieval keyword output by the retrieval user terminal;

The payment channel establishment module is used for dividing the subscription into a plurality of batches of subscription with preset number after acquiring the subscription paid by the retrieval user terminal through the target retrieval gateway node, and dividing the encrypted data packet into a plurality of data blocks with preset number through the target retrieval gateway node in the corresponding target encryption storage nodes in the encryption storage nodes;

The payment module is used for outputting each batch of orders to the target encryption storage node in batches through the target retrieval gateway and receiving each data block in batches through the target retrieval gateway; and outputting the data blocks to the retrieval user side in batches through the target retrieval gateway.

In addition, to achieve the above object, the present invention also proposes an encrypted data retrieval apparatus, comprising: a memory, a processor and an encrypted data retrieval program stored on the memory and executable on the processor, the encrypted data retrieval program configured to implement the steps of the encrypted data retrieval method as described above.

In addition, in order to achieve the above object, the present invention also proposes a storage medium having stored thereon an encrypted data retrieval program which, when executed by a processor, implements the steps of the encrypted data retrieval method as described above.

Furthermore, to achieve the above object, the present invention also provides a computer program product comprising an encrypted data retrieval program which, when executed by a processor, implements the steps of the encrypted data retrieval method as described above.

The invention provides an encrypted data retrieval method, an apparatus, a device, a storage medium and a computer program product, wherein the encrypted data retrieval method is applied to an encrypted data retrieval system, and the encrypted data retrieval system comprises the following steps: an encrypted storage network, the encrypted storage network comprising: a plurality of retrieval gateway nodes and a plurality of encrypted storage nodes; the method comprises the following steps: determining a target retrieval gateway node corresponding to the retrieval keyword in each retrieval gateway node based on the retrieval keyword output by the retrieval user terminal; after acquiring the order paid by the retrieval user terminal through the target retrieval gateway node, dividing the order into a plurality of batches of orders with preset number, and dividing an encrypted data packet into a plurality of data blocks with preset number through the target retrieval gateway node in a corresponding target encryption storage node in each encryption storage node; each batch of orders are output to the target encryption storage node in batches through the target retrieval gateway, and each data block is received in batches through the target retrieval gateway; and outputting the data blocks to the retrieval user side in batches through the target retrieval gateway.

Compared with the traditional data encryption method, the method has the advantages that after the retrieval user retrieves the encrypted data packet by using the keywords, a payment channel for batch payment is established, the payment paid by the user at one time is divided into a plurality of batches of orders, the encrypted data packet is also divided into a plurality of data blocks, the orders are submitted and transmitted in batches in sequence, the interruption of the data retrieval process is effectively prevented, and the retrieval gateway node is used as a middleman for data transmission and payment transaction, so that the trust degree between the user side and cloud storage is enhanced.

Drawings

FIG. 1 is a schematic diagram of an encrypted data retrieval device of a hardware operating environment according to an embodiment of the present invention;

FIG. 2 is a flowchart of a first embodiment of an encrypted data retrieval method according to the present invention;

FIG. 3 is a system frame scene diagram according to a first embodiment of the encrypted data retrieval method of the present invention;

FIG. 4 is a functional interaction diagram of a first embodiment of the method for retrieving encrypted data according to the present invention;

fig. 5 is a block diagram showing the structure of a first embodiment of the encrypted data retrieval system according to the present invention.

The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.

Detailed Description

It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.

Referring to fig. 1, fig. 1 is a schematic structural diagram of an encrypted data retrieval device in a hardware running environment according to an embodiment of the present invention.

As shown in fig. 1, the encrypted data retrieval apparatus may include: a processor 1001, such as a central processing unit (Central Processing Unit, CPU), a communication bus 1002, a user interface 1003, a network interface 1004, a memory 1005. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display, an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may further include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a Wireless interface (e.g., a Wireless-Fidelity (WI-FI) interface). The Memory 1005 may be a high-speed random access Memory (Random Access Memory, RAM) or a stable nonvolatile Memory (NVM), such as a disk Memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.

It will be appreciated by those skilled in the art that the structure shown in fig. 1 does not constitute a limitation of the encrypted data retrieval apparatus, and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.

As shown in fig. 1, an operating system, a network communication module, a user interface module, and an encrypted data retrieval program may be included in the memory 1005 as one type of storage medium.

In the encrypted data retrieval apparatus shown in fig. 1, the network interface 1004 is mainly used for data communication with a network server; the user interface 1003 is mainly used for data interaction with a user; the processor 1001, the memory 1005 in the encrypted data retrieval apparatus according to the present invention may be provided in an encrypted data retrieval apparatus that calls an encrypted data retrieval program stored in the memory 1005 through the processor 1001 and executes the encrypted data retrieval method provided by the embodiment of the present invention.

An embodiment of the present invention provides an encrypted data retrieval method, referring to fig. 2, fig. 2 is a schematic flow chart of a first embodiment of the encrypted data retrieval method of the present invention.

In this embodiment, the encrypted data retrieval method is applied to an encrypted data retrieval system, which includes: an encrypted storage network, the encrypted storage network comprising: a plurality of retrieval gateway nodes and a plurality of encrypted storage nodes; the method comprises the following steps:

step S10, determining a target retrieval gateway node corresponding to the retrieval keyword in each retrieval gateway node based on the retrieval keyword output by the retrieval user terminal;

It should be noted that, the execution body of the embodiment may be a computing service device with functions of data processing, network communication and program running, such as a tablet computer, a personal computer, a mobile phone, or an electronic device, an encrypted data retrieval system, or the like, which can implement the above functions. Hereinafter, this embodiment and the following embodiments will be described with reference to an encrypted data retrieval system as an example.

It should be noted that, there are five common encryption methods for encrypting conventional data: in the first data encryption storage mode, MD5 encrypts (encryption is irreversible) and can encrypt a unique fixed-length code corresponding to an arbitrary character string. And in the second data encryption storage mode, base64 bit encryption (encryption or decryption) is realized, and a user-defined character set designs a coding mode similar to Base64 to encrypt data. In the third data encryption storage mode, SHA1 is encrypted (encryption is irreversible), the length of encrypted data is longer based on MD5, and ciphertext encrypted by SHA-1 is 40 characters and consists of alphanumerics. In a fourth data encryption storage mode, RSA encryption (public key encryption, private key decryption) is adopted, and an asymmetric encryption algorithm refers to that encryption and decryption use different keys, wherein one key is a public key, and the other key is a private key. The content encrypted by the public key can only be decrypted by the private key, whereas the content encrypted by the private key can only be decrypted by the public key. Data encryption storage mode five, AES encryption (key is needed to decrypt), AES encryption algorithm involves 4 operations: byte substitution (SubBytes), row shifting (ShiftRows), column obfuscation (MixColumns), and round key addition (AddRoundKey). The technical scheme of retrievable encryption is a data retrieval scheme based on cryptographic primitives, in the process of encrypting and storing user data with keywords, a pseudo-random number and a hash algorithm (sha 256) are adopted to generate privacy keywords, the privacy keywords and the encrypted data are associated together by a user to form a privacy keyword list, the privacy keyword list is stored on a cloud server, and meanwhile the cloud server provides a search function based on the privacy keywords. When a user needs to search keywords, the keywords are firstly converted into privacy keywords, then privacy keywords are matched with a privacy keyword list at a cloud server end, and if the privacy keywords are successfully matched, search results (encrypted data corresponding to the privacy keywords) are returned to the user. Therefore, under the condition that the ciphertext is not decrypted, the keyword search of the user is realized, meanwhile, the privacy information related to the plaintext data cannot be revealed at the cloud server, and the keyword of the user and the encrypted data of the user cannot be seen at the cloud server. However, the retrievable encryption scheme provides a keyword search function that protects privacy, and then retrieves a privacy keyword list of the cloud server according to the search function, and returns the retrieval result to the user. The ciphertext transmission and payment channel of the scheme are separated, data are transmitted after payment, or data are transmitted after payment, and the data decryption process and the transaction process are not transparent, so that the trust strength of a user and an encryption cloud service side is insufficient. Therefore, an encrypted data retrieval method is proposed in the present embodiment.

In this embodiment, the encrypted data retrieval system includes: an encrypted storage network, the encrypted storage network comprising: the terminal search system comprises a plurality of search gateway nodes and a plurality of encryption storage nodes, wherein the encryption storage nodes store a plurality of encryption data packets containing encryption data packet labels, a user can search and purchase the encryption data packets through the search gateway nodes, and after the terminal search user performs keyword search, the terminal search user can determine the target encryption storage node to be purchased through the search gateway nodes.

Step S20, after obtaining the order paid by the search user terminal through the target search gateway node, dividing the order into a plurality of batches of orders with preset number, and dividing an encrypted data packet into a plurality of data blocks with preset number through the target search gateway node in the corresponding target encryption storage nodes;

in this embodiment, after determining the target encryption storage node, the user needs to establish a payment channel for batch payment transmission with the target retrieval gateway node and the target encryption storage node, and after receiving the subscription of the user, the target retrieval gateway node divides the subscription into a plurality of batches of subscription, and at the same time, the target encryption storage node divides the encrypted data packet into a plurality of data blocks.

Step S30, outputting each batch of orders to the target encryption storage node in batches through the target retrieval gateway, and receiving each data block in batches through the target retrieval gateway;

and S40, outputting the data blocks to the retrieval user side in batches through the target retrieval gateway.

In this embodiment, after the payment channel is established, the target retrieval gateway outputs the subscription to the target encryption storage node in batches, the target encryption storage node outputs the data block to the target retrieval gateway node in batches after receiving the subscription, and then the target retrieval gateway node outputs the data block to the terminal retrieval user after receiving the data block.

Further, in a possible embodiment, in the step S10, the step of determining, in each of the search gateway nodes, the target search gateway node corresponding to the search keyword based on the search keyword output by the search user terminal includes:

Step S101, when receiving a search keyword output by a search user terminal through a block link, outputting a plurality of first search gateway nodes corresponding to the search keyword in each search gateway node to the search user terminal based on the search keyword;

the step S101 includes:

Step S1011, inquiring the encrypted data packet label corresponding to the search keyword in the block chain;

step S1012, retrieving, in each of the retrieval gateway nodes, a plurality of first retrieval gateway nodes including the encrypted data packet tag, and outputting each of the first retrieval gateway nodes to the retrieval client.

Step S102, when receiving price inquiry requests output by the retrieval user terminal through the first retrieval gateway nodes, respectively outputting price information of the first retrieval gateway nodes to the retrieval user terminal through the first retrieval gateway nodes;

Step S103, determining a target retrieval gateway node in the order request output by the retrieval user side in each first retrieval gateway node.

In this embodiment, after searching for a search keyword, the system queries an encrypted data packet tag (PieceID character string) corresponding to the search keyword in the blockchain, and then queries the first search gateway node including the PieceID in each search gateway node, and then arranges each first search gateway node into a node list and sends the node list to the user. The user can then query all nodes in the list for the price of the required encrypted data packet, and each first retrieval gateway node, upon receiving the user's request, returns price information to the user, including the size and price of the required encrypted data packet. The user may then select the node to purchase by himself and then send an order request to the target retrieval gateway node for confirmation by the target retrieval gateway, the order including payer information (including the de-centralised identity of the retrieval user), the tag of the encrypted data packet, the subscription amount, the storage party information (encrypted storage node name) and intermediate information (retrieval gateway node name).

Further, in a possible embodiment, the step S30 of outputting, by the target retrieval gateway, each of the lot orders to the target encryption storage node in batches, and receiving, by the target retrieval gateway, each of the data blocks in batches includes:

step S301, outputting a batch order to the target encryption storage node through the target retrieval gateway;

Step S302, after receiving the batch subscription through the target encryption storage node, outputting a data block to the target retrieval gateway node;

step S303, returning to execute the step of outputting a lot order to the target encryption storage node through the target retrieval gateway until the outputting of each data block is completed.

In this embodiment, after the separation of the subscription and the encrypted data packet is completed, the target retrieval gateway node outputs a subscription to the target encrypted storage node, and after receiving a subscription, the target encrypted storage node correspondingly sends a data block to the target retrieval gateway node, then the target retrieval gateway node outputs the data block to the user, and then the target retrieval gateway node continues to output the next subscription to the target encrypted storage node, and loops sequentially until the transmission of all the data blocks in the data packet is completed.

Further, in a possible embodiment, after the step of outputting, in batches, each of the data blocks to the retrieval client through the target retrieval gateway in step S40, the method further includes:

step S50, acquiring price information of the encrypted data packet through the target encrypted storage node;

And step S60, returning the balance in the order to the retrieval user side through the retrieval network joint point according to the price information.

In this embodiment, after the transmission of all the data blocks in the data packet is completed, the user may have a remaining amount for subscription, so the remaining amount needs to be refunded to the user after the data transmission is completed.

Specifically, referring to fig. 3 as an example, fig. 3 is a scene diagram of a system frame related to a first embodiment of the encrypted data retrieval method of the present invention, where, as shown in fig. 3, the system includes a web3 encrypted storage network and a blockchain, the web3 encrypted storage network includes a plurality of web3 storage gateway nodes, a web3 retrieval gateway node and a plurality of web3 encrypted storage nodes, an encrypted storage order needs to be stored in the blockchain, the order includes PieceID strings, prices, data sizes, storage times, web3 storage users, web3 gateway nodes, web3 encrypted storage nodes and search keywords, the search order of the users also needs to be stored in the blockchain, the search order includes a web3 terminal search user DID, pieceID of an encrypted data packet, an amount of subscription, a web3 order storage node name, a web3 search node name, a web3 terminal storage user SA, B, C has a super card, and stores web3 identity data and web3 storage user de-centralisation identity (DID), and can store encrypted data packets in the encrypted storage network. The web3 terminal retrieval user A, B, C also has a super SIM card and can retrieve encrypted data packets in the encrypted storage network. when a web3 terminal storage user stores data in a web3 encryption storage network, the web3 encryption storage network links the web3 terminal storage user, the web3 storage gateway node and the web3 encryption storage node together through encryption storage orders on a blockchain. Encrypted store orders on blockchain (containing PieceID strings, price, data size, storage time, web3 terminal store user, web3 gateway node, web3 encrypted store node, search keywords). And the web3 terminal search user inquires PieceID character strings corresponding to the search keywords on the blockchain through the search keywords, and then the web3 terminal search user sends PieceID character strings to the web3 encryption storage network to provide a search request. The web3 retrieval gateway node is for web3 users to retrieve encrypted data packets Piece (the identifier of the encrypted data packet is PieceID) from the web3 encrypted network and to transmit the retrieved encrypted data packets Piece to the web3 terminal retrieval user in batches. The blockchain system is used to store and record retrieval orders. The web3 encryption storage node is for storing encrypted data. The order is adopted to be uplink, so that the transaction process is kept transparent, and the trust degree between the user and the cloud storage is improved.

When the user searches the data packet, the web3 terminal searches the user to inquire the blockchain system according to the PieceID character string, and obtains a web3 search gateway node list with PieceID information. The web3 terminal retrieval user then provides PieceID strings at each web3 retrieval gateway node in the list of web3 retrieval gateway nodes, queries each web3 retrieval gateway node for price information about Piece (encrypted data packet), and each web3 retrieval gateway node returns a web3 storage node that obtained the encrypted data packet Piece, the size of the encrypted data packet Piece, the price of the encrypted data packet Piece. The web3 user then decides to purchase the encrypted data packet Piece and then provides the transaction subscription for the acquired data to a certain web3 retrieval gateway node, opening the payment channel. The web3 retrieval gateway node is responsible for generating a retrieval order, and the specific contents of the retrieval order are as follows: payer information (including web3 user de-centralized identity (DID), pieceID of encrypted packets, subscription amount), repository information (web 3 encrypted storage node name), intermediate information (web 3 retrieval node name). The web3 search web node writes the search order to the blockchain. After the web3 search web node writes the search order into the blockchain, the system will inform the web3 user to establish an on-chain payment channel. The payment channel is used as a payment channel among the web3 user, the web3 retrieval gateway node and the web3 encryption storage node, the web3 terminal retrieval user pays the subscription, the subscription is transferred to the web3 retrieval gateway node once, and the web3 retrieval gateway node transfers the subscription to the web3 encryption storage node in batches. The specific contents of the payment channel include a web3 terminal retrieval user account, a web3 retrieval gateway node account, a web3 encrypted storage node account, pieceID character strings, a payment channel ID, a data channel ID, an order amount, and a lane ID. Referring to fig. 4, fig. 4 is a functional interaction diagram related to a first embodiment of the encrypted data retrieval method according to the present invention, as shown in fig. 4, after the web3 retrieval network node writes the retrieval order into the blockchain, the system informs the web3 terminal to retrieve the user X to establish the on-chain payment channel. The payment channel is used for the web3 terminal to search the payment channel n between the user and the web3 search gateway node B, web and the encryption storage node A, the web3 terminal searches the user to pay the order mm, the order is transferred to the web3 search gateway node once, and the web3 search gateway node transfers the order to the web3 encryption storage node in batches. First, the web3 terminal retrieves that the user established p lanes within the payment channel, divides all the order mm into p shares, and divides the p lanes into one share. The web3 encrypted storage node then divides the Piece (encrypted data packet) into p shares, one for each lane. And (3) repeating the process for p times, transmitting one encrypted data each time, and paying a subscription after each transmission is finished. And finally, after the transmission of the encrypted data is finished, closing the payment channel.

In addition, the data transmission process between the web3 terminal and the web3 encrypted storage node adopts libp p protocol, the web3 terminal searches the topic of common subscription/fil/DATATRANSFER/1.0.0 of the user and the web3 encrypted storage node, the data transmission is completed by GRAPHSYNC protocol, and the data blocks (IPLD graphic elements) are synchronized among different nodes to realize the data transmission. The web3 user issues a request to the web3 encrypted storage node, which searches the data block (IPLD primitives) of the node by selector, returning the data block (IPLD primitives) required to match the request. When the retrieval of the data is completed, the subscription balance of the payment channel is returned to the web3 user. The payment channel is closed.

An encrypted data retrieval system based on a web3 retrieval gateway node and a batch payment ordering mechanism, wherein a web3 terminal storage user stores encrypted data to a web3 encrypted storage node through the web3 storage gateway node. The web3 terminal search user searches PieceID the encrypted data packet (PieceID is a 256-bit character string, which is a marker of the encrypted data packet) through the web3 search gateway node, and when the web3 terminal search user obtains the complete encrypted data packet from the web3 search gateway node, the web3 terminal search user decrypts Piece (encrypted data packet) with its own private key. Through the linear payment mechanism of order in this patent, web3 terminal retrieves user and creates the payment channel, and establish a plurality of lanes in each payment channel to circulate the segmentation and acquire Piece (encrypted data packet), and each batch is accomplished in a lane, retrieves gateway node's data of Piece (encrypted data packet) from web3 in batches. In each transmission batch, each time the web3 terminal retrieves a part of subscription from the web3 retrieval gateway node, a part of encrypted data block is obtained, and the process is circularly obtained until the Piece (encrypted data packet) is transmitted, and the web3 terminal retrieves the complete Piece (encrypted data packet) from the user. The web3 terminal searches the flow of the user to search the encrypted data is divided into a search data discovery stage, a search data price acquisition stage, a search order generation stage, an on-chain payment channel establishment stage, a search data decryption stage and a sectional type circulation data acquisition and payment ordering stage. The system provides PieceID character strings (marks of encrypted data packets) according to web3 terminal searching users, pushing PieceID character strings to web3 searching gateway nodes, after the web3 terminal searching users inquire prices of the pieces (encrypted data packets), submitting searching orders to the web3 searching gateway nodes, after the web3 searching gateway nodes confirm, the searching orders are written into a block chain, the web3 terminal searching users create an on-chain payment channel, the payment channel is divided into a plurality of times to pay the payment to the web3 searching gateway nodes, after the payment gateway nodes receive the payment, the data blocks are transmitted to the web3 terminal searching users, and after the data transmission is completed in a plurality of times of circulation. After the web3 terminal retrieves the user's Piece (encrypted data packet), the data is decrypted and the retrieval process is written to the blockchain in the form of a retrieval order. And returning the balance of the subscription to the web3 terminal for searching the user after the data searching is completed. The payment channel is closed.

Based on the above-described first embodiment, a second embodiment of the encrypted data retrieval method of the present invention is proposed, in which the encrypted storage network further includes: the storage gateway node, the encrypted data retrieval method further comprises:

step A10, when a storage request output by a storage user terminal is received through the storage gateway node, verifying the user identity in the storage request;

And step A20, after the verification is passed, receiving the encrypted data packet output by the storage user through the storage gateway node, and storing the encrypted data packet into the encrypted storage node.

In this embodiment, the user may store data into the encrypted storage node through the storage king node, and when the data storage request is made, the system may check the identity of the user to ensure that the user has the qualification of storing data in the network, and after determining that the user has the authority, the user may store the data packet into the encrypted storage node through the storage king node. By adopting the storage mode, the safety of data can be ensured.

In addition, the embodiment of the invention also provides a storage medium, wherein the storage medium stores an encrypted data retrieval program, and the encrypted data retrieval program realizes the steps of the encrypted data retrieval method when being executed by a processor.

Furthermore, an embodiment of the present invention also proposes a computer program product comprising an encrypted data retrieval program which, when executed by a processor, implements the steps of the encrypted data retrieval method as described above.

The specific implementation manner of the computer program product of the present invention is basically the same as that of the above-mentioned embodiments of the encrypted data retrieval method, and will not be repeated here.

Referring to fig. 5, fig. 5 is a block diagram showing the structure of a first embodiment of the encrypted data retrieval system according to the present invention.

As shown in fig. 5, the encrypted data retrieval system according to the embodiment of the present invention includes: an encrypted storage network, the encrypted storage network comprising: a plurality of retrieval gateway nodes and a plurality of encrypted storage nodes; the encrypted data retrieval system further includes:

The retrieval module 10 is configured to determine, in each of the retrieval gateway nodes, a target retrieval gateway node corresponding to the retrieval keyword based on the retrieval keyword output by the retrieval user terminal;

The payment channel establishing module 20 is configured to divide a subscription into a plurality of batches of subscription of a preset number after obtaining the subscription paid by the retrieval user terminal through the target retrieval gateway node, and divide an encrypted data packet into a plurality of data blocks of the preset number through a corresponding target encryption storage node in each encryption storage node of the target retrieval gateway node;

A payment module 30, configured to output each batch subscription to the target encryption storage node in batches through the target retrieval gateway, and receive each data block in batches through the target retrieval gateway; and outputting the data blocks to the retrieval user side in batches through the target retrieval gateway.

Optionally, the retrieval module is further configured to:

When receiving a search keyword output by a search user terminal through a block link, outputting a plurality of first search gateway nodes corresponding to the search keyword in the search gateway nodes to the search user terminal based on the search keyword; when receiving price inquiry requests output by the retrieval user end through the first retrieval gateway nodes, respectively outputting price information of the first retrieval gateway nodes to the retrieval user end through the first retrieval gateway nodes; and determining a target retrieval gateway node in the order request output by the retrieval user side in each first retrieval gateway node.

Optionally, the encrypted data retrieval system further comprises: a blockchain; the retrieval module is also for:

Optionally, the payment module is further configured to:

Optionally, the encrypted data retrieval system further comprises:

A return module, configured to obtain price information of the encrypted data packet through the target encrypted storage node; and returning the balance in the order to the retrieval user side through the retrieval network node according to the price information.

Optionally, the encrypted data retrieval system further comprises: the storage gateway node, the encrypted data retrieval system further comprising:

The storage module is used for verifying the user identity in the storage request when the storage request output by the storage user terminal is received through the storage gateway node; and after the verification is passed, receiving the encrypted data packet output by the storage user through the storage gateway node, and storing the encrypted data packet into the encrypted storage node.

Other embodiments or specific implementations of the encrypted data retrieval system of the present invention may refer to the above method embodiments, and will not be described herein.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.

The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.

From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. read-only memory/random-access memory, magnetic disk, optical disk), comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present invention.

The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.

Claims

1. An encrypted data retrieval method, characterized in that the encrypted data retrieval method is applied to an encrypted data retrieval system, the encrypted data retrieval system comprising: an encrypted storage network, the encrypted storage network comprising: a plurality of retrieval gateway nodes and a plurality of encrypted storage nodes; the method comprises the following steps:

2. The method for retrieving encrypted data according to claim 1, wherein the step of determining a target retrieval gateway node corresponding to a retrieval keyword among the retrieval gateway nodes based on the retrieval keyword outputted from the retrieval user terminal comprises:

3. The encrypted data retrieval method according to claim 2, wherein the encrypted data retrieval system further comprises: a blockchain; the step of outputting, to the search client, a plurality of first search gateway nodes corresponding to the search keyword in each of the search gateway nodes based on the search keyword includes:

4. The method of claim 3, wherein the step of outputting each of the lot orders to the target encryption storage node in batches through the target retrieval gateway and receiving each of the data blocks in batches through the target retrieval gateway comprises:

5. The encrypted data retrieval method according to claim 1, wherein after the step of outputting each of the data blocks to the retrieval client in batches through the target retrieval gateway, the method further comprises:

6. The encrypted data retrieval method according to claim 1, wherein the encrypted storage network further comprises: the storage gateway node, the method further comprising:

7. An encrypted data retrieval system, the encrypted data retrieval system comprising: an encrypted storage network, the encrypted storage network comprising: a plurality of retrieval gateway nodes and a plurality of encrypted storage nodes; the encrypted data retrieval system further includes:

8. An encrypted data retrieval apparatus, said apparatus comprising: a memory, a processor, and an encrypted data retrieval program stored on the memory and executable on the processor, the encrypted data retrieval program configured to implement the steps of the encrypted data retrieval method of any one of claims 1 to 6.

9. A storage medium having stored thereon an encrypted data retrieval program which, when executed by a processor, implements the steps of the encrypted data retrieval method according to any one of claims 1 to 6.

10. A computer program product, characterized in that the computer program product comprises an encrypted data retrieval program which, when executed by a processor, implements the steps of the encrypted data retrieval method according to any one of claims 1 to 6.