KR102281901B1 - Apparatus and method for managing data using blockchain - Google Patents

Abstract

A data management apparatus using a block chain according to an embodiment of the present invention and a method therefor are provided. A data management apparatus using a block chain according to an embodiment of the present invention includes: a communication unit configured to communicate with a computing device and a block chain node; a storage unit configured to distribute and store the data; a processor configured to be operatively connected to the communication unit and the storage unit, wherein the processor receives a request for at least one of read, write, and delete for the distributed stored data from the computing device, and responds to the request. Accordingly, at least one of reading, writing, and deletion of the distributed stored data is performed, a log file related to at least one of the performed reading, writing, and deletion is generated, and the block chain node blocks the generated log file. It is configured to transmit the generated log file to the blockchain node to generate a blockchain by including it in the .

Description

Data management device using block chain and method therefor {APPARATUS AND METHOD FOR MANAGING DATA USING BLOCKCHAIN}

The present invention provides a data management apparatus using a block chain and a method therefor.

Recently, the demand for a huge storage environment is increasing due to the rapidly increasing data demand in environments including smart homes, smart offices, and Internet of Things (IoT) infrastructure. Conventionally, a storage device embedded in a digital device or connected by a wire has been mainly used, but recently, a network-connected storage device that can be freely accessed from the outside through network communication has been in the spotlight.

However, in the case of a network-attached storage device, since it is often designed for data sharing, there is a violation of data integrity due to indiscriminate forgery and alteration of data by a user. In addition, since the network-connected storage device performs user authentication using an ID and password, it is difficult to verify whether a user who has modified and submitted data or forged or altered data matches an actual user while providing minimal security.

Accordingly, there is a need for a method for preventing infringement of data integrity, confidentiality and availability, and furthermore, recovering data when a breach occurs.

The problem to be solved by the present invention is to provide a data management apparatus using a block chain and a method therefor.

Specifically, the problem to be solved by the present invention is data management using a block chain to support data version management for data recovery by storing evidence (eg, log files) for at least one of data reading, writing, and deletion. To provide an apparatus and a method therefor.

The problems of the present invention are not limited to the problems mentioned above, and other problems not mentioned will be clearly understood by those skilled in the art from the following description.

In order to solve the problems as described above, a data management apparatus using a block chain according to an embodiment of the present invention and a method therefor are provided. A data management apparatus using a block chain according to an embodiment of the present invention includes: a communication unit configured to communicate with a computing device and a block chain node; a storage unit configured to distribute and store the data; a processor configured to be operatively connected to the communication unit and the storage unit, wherein the processor receives a request for at least one of read, write, and delete for the distributed stored data from the computing device, and responds to the request. Accordingly, at least one of reading, writing, and deletion of the distributed stored data is performed, a log file related to at least one of the performed reading, writing, and deletion is generated, and the block chain node blocks the generated log file. It is configured to transmit the generated log file to the blockchain node to generate a blockchain by including it in the . A log file included in a block according to an embodiment of the present invention is a log file generated with respect to at least one of read, write, and delete performed in a specific time range, or a log file that is read, written, or deleted related to specific data. It may be a log file generated for at least one.

A data management method using a block chain performed by a processor of a data management device using a block chain according to an embodiment of the present invention receives a request for at least one of read, write, and delete for distributed and stored data from a computing device to do; performing at least one of reading, writing, and deleting the distributed stored data according to the request; generating a log file related to at least one of the read, write, and delete operations; and transmitting the generated log file to the block chain node so that the block chain node generates a block chain by including the generated log file in a block. A log file included in a block according to an embodiment of the present invention is a log file generated with respect to at least one of read, write, and delete performed in a specific time range, or a log file that is read, written, or deleted related to specific data. It may be a log file generated for at least one.

The details of other embodiments are included in the detailed description and drawings.

The present invention stores a log file for at least one of read, write, and delete performed when at least one of reading, writing, and deleting data is performed using a block chain, thereby providing reliability, integrity, and confidentiality of data and availability, and data version management for data recovery.

In addition, the present invention improves data security and minimizes time and resources required for data recovery by storing evidence for data changed by data-related reads, writes, and deletions in the block chain. can do.

In addition, in the present invention, log files generated in response to a specific time range, log files generated in response to specific data, and log files generated in response to specific data according to a specific time range, respectively, are stored in a single block chain or multi block chain. By storing it, the time required to retrieve evidence stored in the blockchain can also be minimized.

The effect according to the present invention is not limited by the contents exemplified above, and more various effects are included in the present invention.

1 is a schematic diagram of a data management system using a block chain according to an embodiment of the present invention.
2 is a schematic block diagram illustrating a network-attached storage device according to an embodiment of the present invention.
3 is a block diagram for explaining a method for generating a log file by performing at least one of reading, writing, and deleting data and storing the generated log file in a block chain according to an embodiment of the present invention.
4 is a block diagram for explaining an evidence query operation according to an embodiment of the present invention. In the presented embodiment, the operation of each part and each component may correspond to the contents described above in FIG. 3 .
5 is a schematic flowchart illustrating a method of managing a log file according to at least one of data reading, writing, and deletion using a block chain in a network-connected storage device according to an embodiment of the present invention.
6 is a schematic flowchart illustrating a method of managing a log file according to at least one of data reading, writing, and deletion using a block chain in a network-connected storage device according to an embodiment of the present invention.
7 is a schematic flowchart illustrating a method of managing a log file according to at least one of data reading, writing, and deletion using a block chain in a network-connected storage device according to an embodiment of the present invention.
8 is a schematic flowchart illustrating a method of managing a log file according to at least one of data read, write, and delete using a block chain in a network-connected storage device according to an embodiment of the present invention.
9 is an exemplary diagram for explaining a first type of single block chain according to an embodiment of the present invention.
10 is an exemplary diagram for explaining a second type of single block chain according to an embodiment of the present invention.
11 is an exemplary diagram for explaining a multi-block chain according to an embodiment of the present invention.
12 is a schematic diagram for explaining evidence related to the modification of data transmitted to a blockchain node according to an embodiment of the present invention.

Advantages and features of the present invention and methods of achieving them will become apparent with reference to the embodiments described below in detail in conjunction with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below, but will be implemented in various different forms, and only these embodiments allow the disclosure of the present invention to be complete, and common knowledge in the art to which the present invention pertains It is provided to fully inform those who have the scope of the invention, and the present invention is only defined by the scope of the claims.

Although the first, second, etc. are used to describe various elements, these elements are not limited by these terms, of course. These terms are only used to distinguish one component from another. Therefore, it goes without saying that the first component mentioned below may be the second component within the spirit of the present invention.

Like reference numerals refer to like elements throughout.

Each feature of the various embodiments of the present invention may be partially or wholly combined or combined with each other, and technically various interlocking and driving are possible, as will be fully understood by those skilled in the art, and each embodiment may be independently implemented with respect to each other, It may be possible to implement together in a related relationship.

Hereinafter, various embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a schematic diagram of a data management system using a block chain according to an embodiment of the present invention.

Referring to FIG. 1 , a data management system 100 using a block chain blocks a log file corresponding to a proof of this when an action such as read/write/delete of data is performed. As a system for storage and management using a chain, it may include a gateway 110 , a network-connected storage system 120 , and a blockchain node system 130 .

First, the gateway 110 is connected to the network-connected storage system 120 wirelessly or by wire, and the network-connected storage system 120 may be connected to a computer network such as the Internet or an intranet. In this case, the user may access data stored in the network-connected storage system 120 through the computing device 140 such as a portable terminal, a smart TV, a personal computer (PC), a notebook, etc. that can be connected to the Internet or an intranet. For example, the user may view content such as images, music, or documents stored in the network-connected storage system 120 through the computing device 140 . Although a gateway has been described in the presented embodiment, the present invention is not limited thereto, and a router, a bridge, etc. that provide a function similar to the gateway 110 may be used.

In various embodiments, the gateway 110 may convert the content provided to the computing device 140 into data and transmit it to the network-connected storage system 120 . For example, the gateway 110 may separate the video or music content data transmitted to the computing device 140 in packet units and transmit it to the network-connected storage system 120 .

Subsequently, the network-connected storage system 120 is a system configured to enable data access without being constrained by a location in which a storage medium for storing data is connected to a computer network such as the Internet or an intranet, and the network-connected storage device 122 and It may include an extended network attached storage device 124 .

The network-connected storage device 122 is a data storage server, and may distribute and store data with the extended network-connected storage device 124 . This operation may be performed by the processor of the network-attached storage device 122 . For example, the network-attached storage device 122 may detect the connection of the extended network-connected storage device 124 and change the setting to distribute and store data with the extended network-connected storage device 124 .

In various embodiments, the network-attached storage device 122 is configured to have at least one virtual machine or container, and control to distribute and store data with the extended network-attached storage device 124 through the built virtual machine or container. You may. In this case, the network-attached storage device 122 detects the connection of the extended network-attached storage device 124 through at least one virtual machine or container, and remotely sets the settings to distribute and store data with the extended network-attached storage device 124 . can be changed Here, the container may be implemented by LXD, LXC, Docker hypervisor, or the like, but is not limited thereto.

The network-connected storage device 122 performs actions such as reading/writing/deleting data according to the request of the computing device 140, and transmits a log file for the performed action to the block chain node system 130 to block A log file can be stored in a block chain located in the chain node system 130 . Such data may be data distributed and stored in the network-attached storage device 122 and the extended network-attached storage device 124 . The above-described operation may be performed by the network-attached storage device 122 or the extended network-connected storage device 124 according to a location where data is stored.

The block chain node system 130 includes block chain nodes 132 and 134, enables mutual communication with the network-connected storage system 120, and includes blocks in which log files related to data read/write/deletion, etc. are recorded. It can create, store, or verify the blockchain corresponding to the bundle of connections. For example, the block chain nodes 132 and 134 can include log files related to data read/write/deletion, etc. in the block, connect it to an existing block chain, and distribute and store the copy in all nodes. These blockchain nodes 132 and 134 may be public or private blockchain nodes.

In various embodiments, the block chain node 132 is an element constituting the block chain node system 130 and may be located in the network-connected storage system 120 and a dedicated private network. Specifically, the blockchain node 132 may receive a log file related to data read/write/deletion, etc. from the network-connected storage device 122 or the extended network-connected storage device 124 existing in the same dedicated private network. The blockchain node 132 may put the received log file in a block, connect it to the blockchain, and transmit a copy to the neighboring blockchain node 134 . Accordingly, the blockchain node system 130 can function as a distributed and stored ledger using the blockchain, and the log files stored in the blockchain cannot be forged or altered for malicious purposes.

Hereinafter, the network-connected storage device 122 according to an embodiment of the present invention will be described in detail with reference to FIG. 2 .

2 is a schematic block diagram illustrating a network-attached storage device according to an embodiment of the present invention. In the presented embodiment, the network-connected storage device 200 may be the network-connected device 122 of FIG. 1 .

Referring to FIG. 2 , the network-connected storage device 200 may include a communication unit 210 , a storage unit 220 , and a processor 230 .

The communication unit 210 connects the network-connected storage device 200 to communicate with an external device. The communication unit 210 may be connected to the extended network-connected storage device 124 , the block chain nodes 132 , 134 , or the computing device 140 using wired or wireless communication. Specifically, the communication unit 210 receives a request such as read/write/deletion of data from the computing device 140, and a block chain node ( 132, 134) can deliver log files. Also, the communication unit 210 may receive device information, performance information, or network information from the extended network-connected storage device 124 .

The storage unit 220 is a medium for reading/writing data and programs, and stores memory that can be configured as dynamic random-access memory (DRAM) or static RAM (SRAM) and data and programs that do not require immediate processing. It may be composed of an auxiliary memory that can be stored. Specifically, auxiliary storage devices include hard disk drives (HDD), solid state drives (SSDs), secure digital (SD) cards, compact disks (CDs), digital video discs (DVDs), and Blu-ray discs (Blu- ray Disk), and may be composed of various storage media such as a USB memory. The storage unit 220 may be directly connected to the host of the network-connected storage device 200 through a direct connection.

In various embodiments, the storage unit 220 may store log files related to reading/writing/deleting data generated by at least one of virtual machines built in the network-connected storage device 200 . Also, the storage 220 may store device information, performance information, or network information received from the extended network-connected storage device 124 .

The processor 230 is operatively connected to the communication unit 210 and the storage unit 220 , and may control the operation of the network-connected storage device 200 through at least one virtual machine. The processor 230 may control distributed storage of data so that the network-attached storage device 200 and the extended network-attached storage device 124 can be used as one storage device through at least one virtual machine.

The processor 230 receives a request for at least one of read, write, delete, etc. for the distributed stored data from the computer device 140, and performs at least one of read, write, and delete for the distributed stored data according to the request. can be done The processor 230 generates a log file related to at least one of read, write, delete, etc. performed, and delivers the generated log file to the block chain node 132 so that the block chain node 132 stores the log file in the block. It can be included to create a blockchain. These log files can be included in a block as a transaction.

The log file included in the block may be a log file generated with respect to at least one of read, write, and delete performed in a specific time range. For example, the specific time range may be in nanosecond units (ns), but is not limited thereto. In this case, according to each block, a single blockchain including a log file generated with respect to at least one of reads, writes, deletes, etc. performed in a specific time range may be generated. For example, the first block of the generated single block chain is the first log file generated with respect to any one of reading, writing, deletion, etc. of the first data performed in the first time range, reading and writing of the second data , a first log file generated with respect to any one of , deletion, etc. or a second log file generated with respect to any one of reading, writing, or deletion of a third file, etc. are included, and the second block includes the first time range and A first log file generated with respect to any one of reading, writing, and deletion of the third file performed in another second time range, and a second log generated with respect to any one of reading, writing, and deletion of the second file A third log file generated in relation to any one of reading, writing, or deleting a file or a second file may be included.

In various embodiments, the log file included in the block may be a log file generated with respect to at least one of reading, writing, and deleting specific data. In this case, a single block chain including log files corresponding to at least one of reading, writing, and deleting specific data for each block may be created. For example, the first block of the generated single block chain is the first log file created for any one of reading, writing, and deleting of the first data, and reading, writing, deleting, etc. of the first data. and a third log file generated with respect to any one of reading, writing, and deletion of the first data, and the like, wherein the second block reads and writes second data different from the first data , any one of a first log file created for any one of , deletion, etc., a second log file created for any one of reading, writing, deletion, etc. of second data, and reading, writing, deletion, etc. of second data It may include a third log file generated with respect to the .

In various embodiments, the log file included in the block may be a log file generated with respect to at least one of reading, writing, and deleting of specific data, performed in a specific time range. In this case, according to each block, a multi-blockchain including log files generated for at least one of reading, writing, and deleting specific data corresponding to a specific time range may be generated. For example, the first block included in the first block chain of the generated multi-block chain is a first log file generated with respect to any one of reading, writing, deletion, etc. of the first data performed in the first time range; The second log file generated with respect to any one of reading, writing, and deletion of the first data performed in the first time range and the reading, writing, and deletion of the first data performed in the first time range The generated third log file may be included. The second block included in the first block chain is the n+1th log file, the second generated with respect to any one of reading, writing, deletion, etc. of the first data performed in a second time range different from the first time range. In any one of the n+2th log file generated with respect to any one of the reading, writing, and deletion of the first data performed in the time range and the reading, writing, deletion, etc. of the first data performed in the second time range The generated n+3th log file may be included (n>0). The first block included in the second block chain of the generated multi-block chain is the first log generated with respect to any one of reading, writing, deletion, etc. of second data different from the first data performed in the first time range Any one of a second log file generated with respect to a file, any one of reading, writing, deletion, etc. of the second data performed in the second time range, and reading, writing, or deletion of the second data performed in the first time range A third log file generated for one may be included. The second block included in the second block chain is the m+1th log file generated with respect to any one of reading, writing, deletion, etc. of the second data performed in the second time range, and the second block performed in the second time range. 2 The m+2th log file generated with respect to any one of reading, writing, and deletion of data and the m+th generated with respect to any one of reading, writing, or deletion of second data performed in the second time range 3 A log file may be included (m>0).

Specifically, the processor 230 transmits the generated log file to the block chain node 132 through the communication unit 210 for at least one of data read, write, delete, etc. performed in a specific time range among the generated log files. can Through this, the block chain node 132 stores log files corresponding to each time range by block by including the log files generated for at least one of read, write, and delete performed in a specific time range in one block. A single blockchain can be created. In this way, by managing the log files created for read, write, and delete performed according to each time range as a single block chain,

In various embodiments, the processor 230 may transmit a log file generated with respect to at least one of reading, writing, and deleting of specific data among the generated log files to the block chain node 132 through the communication unit 210 . . Through this, the block chain node 132 includes a log file generated for at least one of reading, writing, and deleting of specific data in one block to create a single block chain in which the log file for each data is stored for each block. can create In this way, by managing the log files created for reading, writing, and deleting each data as a single block chain, it is possible to improve data security and minimize the time and resources required for data recovery. The time required to search for evidence stored in the blockchain according to the data can also be minimized.

In various embodiments, the processor 230 transmits, through the communication unit 210, a log file generated in relation to at least one of reading, writing, and deleting of specific data, performed in a specific time range among the generated log files, to a block chain node. It can be passed to (132). Through this, the blockchain node 132 can create a multi-blockchain by including in each of a plurality of blocks the log file generated for at least one of reading, writing, and deleting of specific data, performed in a specific time range, in each of the plurality of blocks. there is. In this way, by managing the log files generated for each data read, write, delete, etc., performed according to each time range with a multi-blockchain, the security of data is improved, and reads performed in a specific time range, It is possible to quickly and conveniently search and check log files for at least one of write and delete, and minimize the time and resources required to recover data changed in a specific time range.

In the following, when at least one virtual machine is built on the processor, at least one of reading, writing, and deleting data is performed on data through at least one virtual machine to generate a log file, and the generated log file is stored in the block chain. A method for doing this will be described in detail with reference to FIG. 3 .

3 is a block diagram for explaining a method for generating a log file by performing at least one of reading, writing, and deleting data and storing the generated log file in a block chain according to an embodiment of the present invention. In the presented embodiment, a case in which the network-attached storage devices 122 and 200 is implemented as a virtual machine such as a Control and Storage (CnS) node among at least one virtual machine will be described.

3, the CnS node 300 is a routing part 302, a service part 304, an RPC part 324, a core part 326, a message queue part 340, a monitoring part 342, a distribution The file system part 352 and the control O/S part 360 may be configured to be disposed. The CnS node 300 may operate as a management device for maintaining system and cluster configuration and delivering user requests to correct services. Since the CnS node 300 is defined as a control and storage node, it is possible to provide a distributed file system service as well as a data service.

To this end, the routing part 302 may be directly connected to the computing device 140 when the computing device 140 is connected to the network-attached storage device 122 by the user. The routing part 302 may handle user requests.

The service part 304 may provide file sharing services and system management services for the network attached storage device 122 . These service parts 304 include a System Administration service 306 , a Distributed File System (DFS) service 308 , a Fast Data Transferring Protocol (FDT) service 310 , a Secure Shell (SSH) service 312 , and a File System (FTP) service. Transfer Protocol) service (314), Trivial File Transfer Protocol (TFTP) service (316), Network File System (NFS) service (318), Server Message Block (SMB)/Common Internet File System (CIFS) service (320) and It includes a remote synchronization (RSync) service 322 and may support such a file sharing service. The service part 304 may support administration services by the System Administration service 306 and cooperate with the core part 326 via the RPC part 324 . In particular, the System Administration service 306 may support an evidence query service.

The RPC part 324 may handle communication between the service part 304 and the core part 326 . The RPC part 324 operates for the System Administration service 306 and may obtain the latest service information from the core part 326 by other services.

The core part 326 may perform system management of the network-attached storage device 122 . The core part 326 may maintain the overall system configuration and state of all physical virtual machines. These core parts 326 include a scalability management component 328 , a system reliability management component 330 , a data denial containment management component 332 , a package management component 334 , a user management component 336 and a network management component ( 338) may be included.

The scalability management component 328 may handle physical device scalability operations such as scale-up, scale-out, scale-down, and scale-in. there is. System reliability management component 330 may operate to maintain network attached storage 122 continuously available to end users. Package management component 334 , user management component 336 , and network management component 338 may be optimized to work with system reliability management component 330 to support fault tolerant. The system reliability management component 330 may cooperate with the monitoring part 342 to obtain physical device information, virtual machine state and software runtime information together with the scalability management component 328 . The data denial containment management component 332 may assist in storing and providing evidence (ie, log files) regarding a user's data reads, writes, deletes, and the like. The package management component 330 may provide system package installation and non-installation functions. User management component 336 may support user account management and control list access. The network management component 338 may be used to manage the network configuration of the physical virtual machine.

The message queue part 340 may support message queue communication required by the core part 326 .

The monitoring part 342 may include a process monitoring component 344 , a disk monitoring component 346 , a network monitoring component 348 , and a distributed file system monitoring component 350 . The process monitoring component 344 may collect runtime process information of the network-attached storage device 122 . Disk monitoring component 346 may collect disk health (or health) information. Network monitoring component 348 may collect data over a network interface. The distributed file system monitoring component 350 may collect status information of the distributed file system 352 .

The distributed file system part 352 may provide a function for distributing and storing data in the network-attached storage device 122 and the extended network-attached storage device 124 . This distributed file system part 352 may include a distributed file system metadata management component 354 , a distributed file system object data management component 356 , and a distributed file system health management component 358 .

Distributed file system metadata management component 354 manages metadata, distributed file system object data management component 356 stores and manages data at the object level, and distributed file system health management component 358 manages the entire system state can be controlled. Specifically, the distributed file system metadata management component 354 manages file system metadata such as file names and folder trees, the distributed file system object data management component 356 manages all the actual data on the physical storage device, and , the distributed file system health management component 358 can manage all node state and handle the entire file operation.

The control O/S part 360 may allocate a physical resource of hardware to at least one virtual machine. Accordingly, even if at least one virtual machine is mounted on one piece of hardware and virtualized, a task may be completed within a predicted time based on a given resource, and real-time performance may be implemented.

The CnS node 300 constructed as described above may receive a request for at least one of data read, write, and delete from the user 362 through the computing device 140 . In this case, user authentication may be performed through the operating system login system, and when authentication of the user is completed, a request from the user may be initiated.

Next, at least one of reading, writing, and deleting data may be performed according to a request. A request for at least one of data read, write, and delete by a user may be processed by the routing part 302 of the CnS node 300 .

The routing part 302 forwards a request for at least one of data read, write, and delete to the NFS component 318 among the file sharing services supported by the service part 304, and the NFS component 318 distributes these requests. to the distributed file system object data management component 356 of the file system 352 .

Upon receiving the request, the distributed file system object data management component 356 may perform at least one of reading, writing, and deleting data according to the request. In this case, a log file regarding at least one of read, write, delete, etc. performed may be generated. The generated log files may be collected by the distributed file system metadata management component 354 . The log file may include at least one of user information, user IP, timestamp, data name, data path, inode ID, and user operation data. Here, an inode is a data structure on a disk that describes data, and may include information about data, such as an owner group, an access mode (read, write, and execute permission), a file type, an inode number, and the like.

The distributed file system metadata management component 354 and/or the distributed file system object data management component 356 provides snapshots regarding data changed by read, write, delete, etc. in response to commands of the data denial containment management component 332 . You can collect (snapshot) or take a snapshot of the data before it is changed. The operation of collecting the snapshot as described above may be performed according to the setting of each component, but is not limited thereto. For example, the distributed file system metadata management component 354 may collect a snapshot about the data before it is changed, and the distributed file system object data management component 356 may collect a snapshot about the changed data. Alternatively, the distributed file system metadata management component 354 may collect a snapshot about the changed data, and the distributed file system object data management component 356 may collect a snapshot about the data before the change.

The snapshot collected in this way may be transmitted to the blockchain node 132 together with the log file and stored in the blockchain. When the storage space in the blockchain is insufficient, the snapshot may be stored in the storage of the distributed file system 352 . In various embodiments, distributed file system metadata management component 354 may collect an encrypted ID of the snapshot or a hash string of the snapshot, and the collected ID or hash string may be stored in a blockchain. This can save storage space in the blockchain.

Using these snapshots, data can be restored to the state before the change in the event of forgery or alteration of data. A detailed operation in which such a snapshot is transmitted as evidence together with the log file will be described in detail below with reference to FIG. 12 .

Next, the collected log file is transmitted to the block chain node 132, and the block chain node 132 can create a block chain by including the log file in the block. Specifically, the distributed file system metadata management component 354 is a log file generated with respect to at least one of reads, writes, and deletions performed in a specific time range among the collected log files, and reads, writes, and deletes specific data. The data denial containment management component of the core part 326 of the log file generated with respect to at least one of, etc. or the log file generated with respect to at least one of read, write, delete, etc. for specific data performed in a specific time range 332) can be forwarded. In this case, not only the log file but also the snapshot or snapshot-related information (eg, an encrypted ID or hash string) may be delivered together.

Among the log files collected in various embodiments, a log file generated with respect to at least one of reads, writes, and deletions performed in a specific time range, and a log file generated with respect to at least one of reads, writes, and deletions for specific data Alternatively, the log file generated for at least one of read, write, delete, etc. for specific data, performed in a specific time range, is delivered to the data denial containment management component 332 through the distributed file system object data management component 356 . could be

Upon receiving this, the data denial containment management component 332 may forward the log file as a transaction to the blockchain node 132 . In this case, not only the log file but also the snapshot or snapshot-related information may be transmitted together. In addition, the data denial containment management component 332 stores snapshots and/or snapshot-related information via the distributed file system metadata management component 354 and/or the distributed file system object data management component 356, as described above. can be collected Here, the transaction may be encrypted by an electronic signature as a data structure for changing the state of a smart contract for reading, writing, or deleting data existing on the block chain. Smart contracts are applications written in the solidity language, and can be deployed to each blockchain node in the form of compiled code. Deployed smart contracts can be executed in the EVM (Ethereum Virtual Machine) of each blockchain node to perform functions such as state change in blocks or data storage.

The block chain node 132 that has received the log file may store the log file in the block chain by executing the smart contract. Log files related to data reading, writing, deletion, etc. can be stored in the block chain by executing functions in the code of the smart contract. In this case, not only the log file but also the snapshot or snapshot-related information may be stored together.

Specifically, the block chain node 132 includes a log file generated for at least one of read, write, and delete performed in a specific time range by smart contract execution in one block, and connects these blocks to a single A single block chain can be created by creating a block chain or by including a log file generated for at least one of reading, writing, and deleting specific data in one block, and connecting these blocks.

In various embodiments, the block chain node 132 includes a log file generated for at least one of read, write, delete, etc. of the first data performed in the first time range by smart contract execution in one block, and , a log file generated for at least one of read, write, delete, etc. of the first data performed in the second time range is included in one block to connect these blocks to create the first single block chain, A log file generated for at least one of reading, writing, and deleting of the second data performed in one time range is included in one block, and reading and writing of the second data performed in the second time range are included in one block; After creating the second single block chain by including the log file generated for at least one of deletion, etc. in one block, it is possible to create a multi block chain that connects the first single block chain and the second single block chain. there is. In the presented embodiment, it has been described that a multi-blockchain is created by connecting two single block chains, but it is not limited thereto, and it can be created in various ways, such as creating a multi-blockchain in which a plurality of single block chains are connected.

Through this, the present invention can ensure reliability, integrity, confidentiality and availability of data, and data version management for data recovery. In addition, the present invention can improve data security and minimize time and resources required for data recovery.

Hereinafter, an evidence query operation of at least one virtual machine built on the processor will be described in detail with reference to FIG. 4 .

4 is a block diagram for explaining an evidence query operation according to an embodiment of the present invention. In the presented embodiment, the operation of each part and each component may correspond to the contents described above with reference to FIG. 3 .

Referring to FIG. 4 , the evidence query operation is performed by the System Administration component 306 , and may mean an operation for searching log files stored in the blockchain node 132 .

The System Administration component 306 receives a query from the user 362 through the computing device 140 to retrieve a log file stored for a specific data range or corresponding to a specific time range. These queries may include data names or timestamps to be retrieved. In this case, the timestamp may be a recently modified timestamp. The System Administration component 306 passes this query to the data denial containment administration component 332, which receives the query and logs corresponding to the data name and/or timestamp contained in the query. A smart contract for retrieving files can be deployed to each blockchain node.

The blockchain node 132 may execute the smart contract to deliver a log file corresponding to the data name or timestamp included in the query to the data denial containment management component 332 . In this case, a block number in which the log file is stored and/or a hash pointer indicating a previous block may be transmitted together with the log file.

The data denial containment management component 332 transmits the obtained log file to the System Administration component 306, and the System Administration component 306 transmits the obtained log file to the computer device 140, so that the user can access the blockchain. You can search for a desired log file among the saved log files.

Through this, the present invention can minimize the time required to search for evidence stored in the block chain.

5 is a schematic flowchart illustrating a method of managing a log file according to at least one of data reading, writing, and deletion using a block chain in a network-connected storage device according to an embodiment of the present invention. In the presented embodiment, the following operations may be performed by the processor 230 of the network-attached storage devices 122 and 200 or at least one virtual machine or container built on the processor 230 .

1 and 5 , the network-attached storage device 122 receives a request for at least one of read, write, and delete for distributed and stored data from the computing device 140 (S500), and distributes according to the request. At least one of reading, writing, and deleting the stored data is performed (S510). The network-connected storage device 122 generates a log file related to at least one of read, write, and delete performed (S520), and a log file so that the block chain node 132 includes the log file in the block to create a block chain. is transferred to the blockchain node 132 (S530).

6 is a schematic flowchart illustrating a method of managing a log file according to at least one of data reading, writing, and deletion using a block chain in a network-connected storage device according to an embodiment of the present invention. In the presented embodiment, the process of creating a single block chain for each time range will be described.

1 and 6 , steps S600 to S620 may coincide with steps S500 to S520 of FIG. 5 .

After step S620, the network-connected storage device 122 transmits the generated log file with respect to at least one of read, write, and delete performed in a specific time range among the generated log files to the block chain node 132 (S630). The block chain node 132 that has received this can create a single block chain by including the log file in the block, or, if the block chain already exists, can connect the block to the single block chain. Each block of the blockchain may contain log files generated for at least one of reads, writes, and deletes performed in different time ranges. In this way, the block chain node 132 can create a single block chain by connecting blocks including log files for each time range.

7 is a schematic flowchart illustrating a method of managing a log file according to at least one of data reading, writing, and deletion using a block chain in a network-connected storage device according to an embodiment of the present invention. In the presented embodiment, the process of creating a single block chain for each data will be described.

1 and 7 , steps S700 to S720 may coincide with steps S500 to S520 and/or steps S600 to S620 described above with reference to FIGS. 5 and 6 .

After step S720, the network-connected storage device 122 transmits the generated log file for at least one of read, write, and delete performed in relation to specific data among the generated log files to the block chain node 132 (S730). . The block chain node 132 that has received this can create a single block chain by including the log file in the block, or can connect to the single block chain if the block chain already exists. Each block of the blockchain may include log files generated for at least one of reads, writes, and deletions performed in relation to different data. In this way, the block chain node 132 can create a single block chain by connecting blocks including log files for each data.

8 is a schematic flowchart illustrating a method of managing a log file according to at least one of data read, write, and delete using a block chain in a network-connected storage device according to an embodiment of the present invention. The process of creating a multi-blockchain according to the time range and data will be described.

1 and 8 , steps S800 to S820 may coincide with steps S500 to S520, S600 to S620 and/or S700 to S720 described above in FIGS. 5, 6 and 7 . .

After step S820, the network-connected storage device 122 transmits the generated log file to the block chain node 132 for at least one of reading, writing, and deleting of specific data performed in a specific time range among the generated log files. (S830). The block chain node 132 that has received this can create a multi-blockchain by including a log file corresponding to a specific time range among log files for specific data in a block, or can connect to an existing multi-blockchain. A multi-blockchain can mean a set of single blockchains in which blocks for each time range for the same data are connected. For example, the blockchain node 132 includes first data, second data, third data, ... A single block chain corresponding to each of the n-th data can be created, and a multi block chain can be created by connecting the generated single block chain. A plurality of such single block chains can be connected to each other by a genesis block. First data, second data, third data, ... A block included in the single block chain corresponding to each of the n-th data may include a log file generated with respect to at least one of read, write, and delete performed in relation to each data by time range. In this way, the blockchain node 132 can create a multi-blockchain by connecting blocks including log files for each time range and for each data.

Hereinafter, a single block chain of the first type in which a log file generated with respect to at least one of read, write, and delete performed in a specific time range is stored will be described with reference to FIG. 9 .

9 is an exemplary diagram for explaining a first type of single block chain according to an embodiment of the present invention. In the presented embodiment, a case in which the block chain node 132 generates a single block chain of the first type will be described.

Referring to FIG. 9 , the block chain node 132 includes a log file generated with respect to at least one of read, write, delete, etc. performed in a specific time range in a block to create a single block chain 900 of the first type. can create

The first type of single block chain 900 is a first block 910, a second block 920, ... An n-th block 930 may be connected (n>0). For example, the first block 910 includes a first log file 914 of the first data corresponding to the first timestamp 912, a first log file 916 of the second data, ... It may include an n-th log file 918 of the N-th data, and the second block 920 is a first log of third data corresponding to a second timestamp 922 different from the first timestamp 912 . A file 924, a second log file 926 of the second data, ... An m-th log file 928 of the M-th data may be included (N>0, M>0, m>0).

Specifically, the block chain node 132 generates a first log file 914, a first timestamp ( The first log file 916 generated with respect to at least one of read, write, delete, etc. of the second data performed in 912 , . . . The first type single block by including the n-th log file 918 generated with respect to at least one of reading, writing, and deletion of the M-th data performed at the first timestamp 912 in the first block 910 . It can be connected to a chain 900 .

The block chain node 132 records the first log file 924 and the second timestamp 922 generated with respect to at least one of read, write, delete, etc. of the third data performed at the second timestamp 922. A second log file 926 generated with respect to at least one of the performed second data read, write, delete, and the like, . . . The first type single block by including the m th log file 928 generated with respect to at least one of reading, writing, and deleting of the M th data performed at the second timestamp 922 in the second block 920 . It can be connected to a chain 900 .

Hereinafter, a second type of single block chain in which a log file generated with respect to at least one of read, write, and delete performed in relation to specific data is stored will be described with reference to FIG. 10 .

10 is an exemplary diagram for explaining a second type of single block chain according to an embodiment of the present invention. In the presented embodiment, a case in which the block chain node 132 generates a single block chain of the second type will be described.

Referring to FIG. 10 , the block chain node 132 includes a log file generated with respect to at least one of read, write, delete, etc. performed in relation to specific data in a block to include a second type of single block chain 1000 can create

The second type of single block chain 1000 is a first block 1010, a second block 1020, ... An n-th block 1030 may be connected. For example, the first block 1010 includes a first log file 1012 of the first data, a second log file 1014 of the first data, ... The n-th log file 1016 of the first data is included, and the second block 1020 includes the first log file 1022 of the third data, the second log file 1024 of the third data, ... An mth log file 1026 of the third data may be included.

Specifically, the block chain node 132 includes a first log file 1012 for at least one of reads, writes, and deletions performed in relation to the first data, and reads, writes, and deletes performed in relation to the first data. The second log file 1014 for at least one of, ... The n-th log file 1016 for at least one of read, write, and delete performed in relation to the first data may be included in the first block 1010 to be connected to the single block chain 1000 of the second type. .

The block chain node 132 includes at least the first log file 1022 for at least one of read, write, and delete performed in relation to the third data, and at least one of the read, write, and delete performed in relation to the third data. A second log file 1024 for one, ... The m-th log file 1026 for at least one of read, write, delete, etc. performed in relation to the third data may be included in the second block 1020 to be connected to the second type of single block chain 1000 .

Hereinafter, a multi-block chain storing log files generated for at least one of read, write, and delete of specific data performed in a specific time range will be described with reference to FIG. 11 .

11 is an exemplary diagram for explaining a multi-block chain according to an embodiment of the present invention. In the presented embodiment, a case of generating a multi-blockchain in the blockchain node 132 will be described.

Referring to FIG. 11 , the block chain node 132 includes a log file generated for at least one of read, write, and delete of specific data performed in a specific time range in a block to create a multi-blockchain 1100. can create

The multi-block chain 1100 is a first block 1120, a second block 1130, ... in which the log file of the first data is stored. The first single block chain 1112 to which the n-th block 1140 is connected, and the first block 1150, the second block 1160, . The n-th block 1170 may include a connected second single block chain 1114 , and the first single block chain 1112 and the second single block chain 1114 may be connected by the genesis block 1110 .

For example, the first block 1120 of the first single block chain 1112 is a first log generated with respect to at least one of read, write, delete, etc. of the first data performed on the first timestamp 1122 A file 1124, a second log file 1126 generated with respect to at least one of reading, writing, deletion, etc. of the first data performed on the first timestamp 1122, . . . The n-th log file 1128 generated with respect to at least one of reading, writing, and deletion of the first data performed at the first timestamp 1122 may be included.

The second block 1130 of the first single block chain 1112 relates to at least one of read, write, delete, etc. of the first data performed at a second timestamp 1132 different from the first timestamp 1122. An n+4th log file 1136 generated with respect to at least one of the generated n+3th log file 1134, reading, writing, and deleting the first data performed on the second timestamp 1132, . . . The second timestamp 1132 may include an n+mth log file 1138 generated with respect to at least one of reading, writing, and deleting of the first data.

The first block 1150 of the second single block chain 1114 is a first log file 1124 generated with respect to at least one of reading, writing, and deleting the second data performed on the first timestamp 1152. , a second log file 1156 generated with respect to at least one of read, write, delete, etc. of the second data performed on the first timestamp 1152, ... The m-th log file 1158 generated with respect to at least one of reading, writing, and deletion of the second data performed at the first timestamp 1152 may be included. Here, the first timestamp 1152 may be identical to or different from the first timestamp 1122 .

The second block 1160 of the second single block chain 1114 relates to at least one of reading, writing, and deleting the second data performed at a second timestamp 1162 different from the first timestamp 1152. The m + 2 th log file 1166 generated with respect to at least one of the generated m + 1 th log file 1164, reading, writing, and deleting the second data performed on the second timestamp 1162, . . . The m+nth log file 1168 generated with respect to at least one of reading, writing, and deleting of the second data performed at the second timestamp 1162 may be included. Here, the second timestamp 1162 may be identical to or different from the second timestamp 1132 .

Specifically, the block chain node 132 includes a first log file 1124, a first timestamp ( The second log file 1126 generated with respect to at least one of read, write, delete, etc. of the first data performed in 1122), ... The n-th log file 1128 generated with respect to at least one of read, write, delete, etc. of the first data performed at the first timestamp 1122 is included in the first block 1120 to include the first single block chain ( 1112) can be connected.

The block chain node 132 generates an n+3 log file 1134 and a second timestamp 1132 for at least one of reading, writing, and deleting the first data performed at the second timestamp 1132 . ), the n + 4th log file 1136 generated with respect to at least one of the read, write, delete, etc. of the first data, . . . A first single block by including the n+mth log file 1138 generated with respect to at least one of reading, writing, and deletion of the first data performed at the second timestamp 1132 in the second block 1130 . It can be connected to a chain 1112 .

The block chain node 132 is a first log file 1154 and a first timestamp 1152 generated with respect to at least one of read, write, delete, etc. of the second data performed at the first timestamp 1152. The second log file 1156 generated with respect to at least one of the performed second data read, write, delete, etc. The mth log file 1158 generated with respect to at least one of read, write, delete, etc. of the second data performed at the first timestamp 1152 is included in the first block 1150 to include the second single block chain ( 1114) can be connected.

The block chain node 132 generates the m+1th log file 1164 and the second timestamp 1162 for at least one of read, write, delete, etc. of the second data performed at the second timestamp 1162 . ), the m+2th log file 1166 generated with respect to at least one of read, write, delete, etc. of the second data performed in . The second single block by including the m+nth log file 1168 generated with respect to at least one of reading, writing, and deleting of the second data performed at the second timestamp 1162 in the second block 1160 It can be connected to a chain 1114 .

In the presented embodiment, M, N, m, and n may be different numbers or the same number.

In the presented embodiment, the multi-block chain has been described as including the first single block chain corresponding to the first data and the second single block chain corresponding to the second data, but the present invention is not limited thereto. A single blockchain can be connected to create a multi-blockchain.

Hereinafter, the evidence transmitted in the form of a transaction will be described in more detail with reference to FIG. 12 . Such evidence may include snapshots and/or snapshot-related information.

12 is a schematic diagram for explaining evidence related to the modification of data transmitted to a blockchain node according to an embodiment of the present invention.

Referring to FIG. 12 , a file named test stored under the root folder shows evidence collected after an unlink operation is performed by a user named user1. At this time, the hash string af6b7066-de4a-45d0-9f7c-1c7949bfc4776 of the snapshot for the modified part of the file and the encrypted ID 7ef0ccaf-78ad-4c45-aaea-09c86e53dcad of the snapshot are also included as evidence. A snapshot stored in the storage of the distributed file system 352 is retrieved using such a hash string, and emergency recovery of data is possible through the retrieved snapshot. Since such large-capacity snapshots are stored in a distributed file system rather than directly stored in the blockchain ledger, space in the blockchain can be saved.

The evidence transmitted to the blockchain node 132 is not limited to the above-mentioned evidence and may include other evidence.

As described above, the present invention stores a log file for at least one of read, write, and delete performed when at least one of reading, writing, and deleting data is performed using a block chain, thereby providing reliability and integrity of data , confidentiality and availability, and data version management for data recovery.

In addition, the present invention improves data security and minimizes time and resources required for data recovery by storing evidence for data changed by data-related reads, writes, and deletions in the block chain. can do.

In addition, in the present invention, log files generated in response to a specific time range, log files generated in response to specific data, and log files generated in response to specific data according to a specific time range, respectively, are stored in a single block chain or multi block chain. By storing it, the time required to retrieve evidence stored in the blockchain can also be minimized.

The apparatus and method according to an embodiment of the present invention may be implemented in the form of program instructions that can be executed through various computer means and recorded in a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination.

The program instructions recorded on the computer readable medium may be specially designed and configured for the present invention, or may be known and available to those skilled in the computer software field. Examples of the computer-readable recording medium include magnetic media such as hard disks, floppy disks and magnetic tapes, optical media such as CD-ROMs and DVDs, and magnetic such as floppy disks. - Includes magneto-optical media and hardware devices specially configured to store and execute program instructions, such as ROM, RAM, flash memory, and the like. Examples of program instructions include not only machine language codes such as those generated by a compiler, but also high-level language codes that can be executed by a computer using an interpreter or the like.

The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.

Although the embodiments of the present invention have been described in more detail with reference to the accompanying drawings, the present invention is not necessarily limited to these embodiments, and various modifications may be made within the scope without departing from the technical spirit of the present invention. . Therefore, the embodiments disclosed in the present invention are not intended to limit the technical spirit of the present invention, but to explain, and the scope of the technical spirit of the present invention is not limited by these embodiments. Therefore, it should be understood that the embodiments described above are illustrative in all respects and not restrictive. The protection scope of the present invention should be construed by the following claims, and all technical ideas within the equivalent range should be construed as being included in the scope of the present invention.

100: Data management system using blockchain
110: gateway
120: network-attached storage system
122, 200: network attached storage device
124: extended network attached storage device
130: Blockchain Node System
132, 134: Blockchain Nodes
140: computing device
210: communication unit
220: storage
230: processor

Claims (18)

In a data management device using a block chain,
a communication unit configured to communicate with the computing device and the blockchain node;
a storage unit configured to distribute and store the data;
a processor configured to be operatively connected to the communication unit and the storage unit;
The processor is
Receiving a request for at least one of read, write, and delete for the distributed stored data from the computing device,
performing at least one of reading, writing, and deleting the distributed stored data according to the request;
create a log file related to at least one of the read, write, and delete performed,
and transmit the generated log file to the block chain node so that the block chain node generates a block chain by including the generated log file in a block,
The log file included in the block is a log file generated with respect to at least one of reading, writing, and deleting of specific data performed in a specific time range,
The block chain is a multi-blockchain in which blocks including a log file generated with respect to at least one of read, write, and delete of specific data performed in the specific time range are connected. data management device. delete The method of claim 1, wherein the log file,
A data management device using a block chain, including at least one of user information, user IP, timestamp, data name, data path, inode ID, and user operation data. The method of claim 1, wherein the processor comprises:
A data management apparatus using a block chain, configured to transmit a snapshot regarding data changed by at least one of the read, write, and delete performed to the block chain node. delete delete delete According to claim 1, wherein the multi-block chain,
A first single block chain to which a block including a log file generated with respect to at least one of read, write, and delete performed according to a preset time range corresponding to the first data is connected, and a preset time corresponding to the second data A data management device using a block chain in which a second single block chain is connected to which a block including a log file generated with respect to at least one of read, write, and delete performed according to a range is connected. The method of claim 1, wherein the operation performed by the processor comprises:
A data management device using a block chain, which is performed by at least one virtual machine or container built on the processor. In the data management method using the block chain performed by the processor of the data management device using the block chain,
Receiving a request for at least one of read, write, and delete for distributed and stored data from a computing device;
performing at least one of reading, writing, and deleting the distributed stored data according to the request;
generating a log file related to at least one of the read, write, and delete operations; and
transmitting the generated log file to the block chain node so that the block chain node generates a block chain by including the generated log file in a block;
The log file included in the block is a log file generated with respect to at least one of reading, writing, and deleting of specific data performed in a specific time range,
The block chain is a multi-blockchain in which blocks including a log file generated with respect to at least one of read, write, and delete of specific data performed in the specific time range are connected. How to manage your data. delete 11. The method of claim 10, wherein the log file,
A data management method using a block chain, including at least one of user information, user IP, timestamp, data name, data path, ID of an inode, and user operation data. 11. The method of claim 10,
The data management method using a block chain, further comprising the step of transmitting a snapshot regarding the data changed by at least one of the performed read, write, and delete to the block chain node. delete delete delete 11. The method of claim 10, wherein the multi-block chain,
A first single block chain to which a block including a log file generated with respect to at least one of read, write, and delete performed according to a preset time range corresponding to the first data is connected, and a preset time corresponding to the second data A data management method using a block chain, in which a second single block chain is connected to which a block containing a log file generated for at least one of read, write, and delete performed according to a range is connected. 11. The method of claim 10, wherein the steps
A data management method using a block chain, which is performed by at least one virtual machine or container built on the processor.

Images