TWM591647U - Data management system capable of securely accessing and deleting data - Google Patents

Data management system capable of securely accessing and deleting data Download PDF

Info

Publication number
TWM591647U
TWM591647U TW108214809U TW108214809U TWM591647U TW M591647 U TWM591647 U TW M591647U TW 108214809 U TW108214809 U TW 108214809U TW 108214809 U TW108214809 U TW 108214809U TW M591647 U TWM591647 U TW M591647U
Authority
TW
Taiwan
Prior art keywords
sub
data
file
keys
files
Prior art date
Application number
TW108214809U
Other languages
Chinese (zh)
Inventor
許毓展
Original Assignee
許毓展
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 許毓展 filed Critical 許毓展
Priority to TW108214809U priority Critical patent/TWM591647U/en
Publication of TWM591647U publication Critical patent/TWM591647U/en

Links

Images

Abstract

一種資料管理系統中,管理伺服器執行以下操作:以預定分割方式將資料檔案分割成N個子檔案並利用預定雜湊演算法獲得該資料檔案的主特徵值;產生與該資料檔案的銷毀有關的銷毀密鑰、及N個分別用於該N個子檔案的加密或解密的密鑰,並輸出該銷毀密鑰及該N個密鑰;根據預定存取協議且利用區塊鍊技術,儲存對應於該資料檔案的該銷毀密鑰、該主特徵值及該N個密鑰;利用預定對稱加解密演算法,將每一子檔案以對應的密鑰加密,以獲得N個加密子檔案;及以一對應的方式儲存該N個密鑰和該N個加密子檔案,並執行資料檔案的取回及銷毀。 In a data management system, the management server performs the following operations: divides the data file into N sub-files in a predetermined division method and obtains the main eigenvalue of the data file using a predetermined hash algorithm; generates destruction related to the destruction of the data file The key, and N keys for encryption or decryption of the N sub-files, respectively, and output the destruction key and the N keys; according to a predetermined access protocol and using blockchain technology, store the corresponding The destruction key, the main eigenvalue and the N keys of the data file; using a predetermined symmetric encryption and decryption algorithm, encrypt each sub-file with the corresponding key to obtain N encrypted sub-files; and The N keys and the N encrypted sub-files are stored in a corresponding manner, and the retrieval and destruction of data files are performed.

Description

能夠安全地存取及刪除資料的資料管理系統 Data management system capable of safely accessing and deleting data

本新型是有關於資料的存取,特別是指一種能夠安全地存取及刪除資料的資料管理系統。The present invention relates to data access, especially a data management system capable of safely accessing and deleting data.

在現有利用區塊鍊技術的資料儲存系統,例如以太坊(Ethereum)系統中,以太坊虛擬機(Ethereum Virtual Machine; EVM)僅對於要被儲存且經驗證無誤之資料進行簡單的編譯(compile)後儲存於區塊中,但並未對其進行加密(encrypt),於是,此以太坊系統的每一節點終端可經由簡單的反編譯(decompile)容易地提供儲存於區塊的資料。另一方面,此以太坊系統對於每一筆資料在儲存前進行資料驗證的雜湊演算會耗費相對較大的系統資源,因此具有處理速度較慢及成本較昂貴的缺點。In existing data storage systems that use blockchain technology, such as the Ethereum (Ethereum) system, the Ethereum Virtual Machine (EVM) simply compiles the data to be stored and verified without error It is then stored in the block, but it is not encrypted. Therefore, each node terminal of the Ethereum system can easily provide the data stored in the block through a simple decompile. On the other hand, the hash calculation of the Ethereum system for data verification before storing each data consumes relatively large system resources, and therefore has the disadvantages of slower processing speed and higher cost.

因此,特別是對於具有私密性的文件資料,如何利用以太坊區塊鍊技術能夠安全地存取及刪除資料,實屬當前重要研發課題之一,亦成為目前相關領域極需改進的目標。Therefore, especially for private document data, how to use the Ethereum blockchain technology to safely access and delete data is one of the current important research and development topics, and it has also become a goal that needs to be improved in related fields.

因此,本新型的目的,即在提供一種資料管理系統,其能克服現有技術的至少一缺點。Therefore, the purpose of the present invention is to provide a data management system which can overcome at least one disadvantage of the prior art.

於是,本新型所提供的一種資料管理系統用於管理一資料檔案,且包含一檔案伺服器、及M(M≧1)個管理伺服器。該檔案伺服器提供一檔案資料庫。每一管理伺服器連接該檔案伺服器,並包括一用於提供網頁式的一使用者介面的使用者介面模組、一儲存模組,及一連接該使用者介面模組及該儲存模組,並至少安裝有一預定存取協議的處理模組。Therefore, a data management system provided by the present invention is used to manage a data file, and includes a file server and M (M≧1) management servers. The file server provides a file database. Each management server is connected to the file server, and includes a user interface module for providing a web-based user interface, a storage module, and a connection to the user interface module and the storage module , And at least a processing module with a predetermined access protocol is installed.

對於每一管理伺服器,當該處理模組經由該使用者介面接收到一包含該該資料檔案的管理請求時,該處理模組執行以下操作:以一預定分割方式將該資料檔案分割成N個子檔案,並利用一預定雜湊演算法處理該資料檔案的原始資料內容、及該N個子檔案各自的資料內容,以獲得一作為該資料檔案的主特徵值的雜湊值,以及N個分別作為該N個子檔案的N個子特徵值的雜湊值;產生一與該資料檔案的銷毀有關的銷毀密鑰、及N個彼此不同且分別用於該N個子檔案的加密或解密的密鑰,並回應於該管理請求,經由該使用者介面輸出該N個密鑰及該銷毀密鑰;根據該預定存取協議且利用區塊鍊技術,將對應於該資料檔案且彼此具有關聯性的該銷毀密鑰、該主特徵值及該N個密鑰,以及彼此具有對應關係的該N個密鑰和該N個子特徵值儲存於該儲存模組的一資料區塊;利用一預定對稱加解密演算法,將該N個子檔案其中每一者以該N個密鑰其中一個對應的密鑰加密,以獲得N個分別對應於該N個密鑰的加密子檔案;及將彼此具有對應關係的該N個子特徵值和該N個加密子檔案傳送至該檔案伺服器For each management server, when the processing module receives a management request containing the data file through the user interface, the processing module performs the following operations: dividing the data file into N in a predetermined division manner Sub-files, and use a predetermined hash algorithm to process the original data content of the data file and the data content of the N sub-files to obtain a hash value as the main eigenvalue of the data file, and N as the A hash value of N sub-eigenvalues of N sub-files; generate a destruction key related to the destruction of the data file, and N keys that are different from each other and used to encrypt or decrypt the N sub-files respectively, and respond to The management request outputs the N keys and the destruction key through the user interface; according to the predetermined access protocol and using blockchain technology, the destruction key corresponding to the data file and having correlation with each other , The main eigenvalue and the N keys, and the N keys and the N sub-eigenvalues in correspondence with each other are stored in a data block of the storage module; using a predetermined symmetric encryption and decryption algorithm, Encrypt each of the N sub-files with one of the N keys to obtain N encrypted sub-files corresponding to the N keys; and the N sub-files that have a corresponding relationship with each other The characteristic value and the N encrypted sub-files are sent to the file server

該檔案伺服器將接收自該管理伺服器且具有對應關係的該N個子特徵值和該N個加密子檔案儲存於該檔案資料庫。The file server stores the N sub-feature values and the N encrypted sub-files corresponding to the received from the management server in the file database.

本新型之功效在於:由於該資料檔案是藉由切割、分群及加密處理後所產生的加密子檔案之形式儲存於該檔案伺服器,因此可大幅提升該資料檔案在儲存上的安全性。該管理伺服器在同時接收到相同於N個密鑰的N個輸入碼時,在藉由儲存於資料區塊中的主雜湊值來驗證自該檔案伺服器取回的該N個加密子檔案的正確性(未被篡改)後,輸出該資料檔案,然後根據該預定存取協議,對於與該資料檔案有關的所有資料完全抹跡。另外,該管理伺服器亦可在接收到相同於該銷毀密鑰的輸入碼時,直接進行與該資料檔案有關的所有資料的抹跡處理。The effect of the present invention is that the data file is stored in the file server in the form of encrypted sub-files generated by cutting, grouping, and encryption processing, so the security of the data file in storage can be greatly improved. When the management server receives N input codes that are the same as N keys at the same time, it verifies the N encrypted sub-files retrieved from the file server by the main hash value stored in the data block After the correctness (not tampered), the data file is output, and then all data related to the data file is completely erased according to the predetermined access protocol. In addition, the management server can also directly erase all data related to the data file when it receives the same input code as the destruction key.

在本新型被詳細描述之前,應當注意在以下的說明內容中,類似的元件是以相同的編號來表示。Before the present invention is described in detail, it should be noted that in the following description, similar elements are denoted by the same number.

參閱圖1,所繪示的本新型實施例的資料管理系統100用於管理一資料檔案,並包含一連接一通訊網路200的檔案伺服器1、及M(例如,M=3,但不限於此)個連接該通訊網路200的管理伺服器2。因此,每一管理伺服器2經由該通訊網路200連接該檔案伺服器1。然而,在其他實施例中,M亦可等於1或其他數量。在本實施例中,值得注意的是,該等管理伺服器2經由一通訊網路彼此連接,並共同構成一區塊鍊系統。換言之,每一管理伺服器2可用作此區塊鍊系統的一節點終端。在實際使用時,若該通訊網路為一區域網路,該區塊鍊系統則為一私鍊模式的區塊鍊系統,而該通訊網路為網際網路時,該區塊鍊系統則為一公鍊模式的區塊鍊系統。Referring to FIG. 1, the illustrated data management system 100 of the present embodiment is used to manage a data file, and includes a file server 1 connected to a communication network 200, and M (for example, M=3, but not limited to This) is connected to the management server 2 of the communication network 200. Therefore, each management server 2 is connected to the file server 1 via the communication network 200. However, in other embodiments, M may also be equal to 1 or other numbers. In this embodiment, it is worth noting that the management servers 2 are connected to each other via a communication network, and together constitute a blockchain system. In other words, each management server 2 can be used as a node terminal of this blockchain system. In actual use, if the communication network is a local area network, the blockchain system is a private chain mode blockchain system, and when the communication network is the Internet, the blockchain system is a Blockchain system of public chain mode.

參閱圖2,該檔案伺服器1提供一檔案資料庫11。每一管理伺服器2連接該檔案伺服器1,並包含一使用者介面模組21、一儲存模組22、及一連接該使用者介面模組21和該儲存模組22的處理模組23。在本實施例中,對於每一管理伺服器2而言,該使用者介面模組21用於提供網頁式的一使用者介面(例如,可供使用者操作的操作網頁),該處理模組23安裝有一預定存取協議(例如,一種與檔案管理有關的智慧合約)、及一預定銷毀協議(例如,一種與檔案銷毀有關的智慧合約)。在使用時,當一使用終端(例如,一電腦裝置或行動裝置)300連接該管理伺服器2時,該處理模組23將該使用終端300導入到該操作網頁。舉例來說,此操作網頁可被設計成包含與申請檔案管理、檔案取回、檔案銷毀等相關聯的操作介面區,經由人為的輸入操作此等操作介面區可獲得來自該使用終端的任何輸入資料或上傳的檔案,但不以此例為限。Referring to FIG. 2, the file server 1 provides a file database 11. Each management server 2 is connected to the file server 1 and includes a user interface module 21, a storage module 22, and a processing module 23 connecting the user interface module 21 and the storage module 22 . In this embodiment, for each management server 2, the user interface module 21 is used to provide a web-based user interface (for example, an operation webpage that can be operated by a user), the processing module 23 Install a predetermined access protocol (for example, a smart contract related to file management) and a predetermined destruction protocol (for example, a smart contract related to file destruction). In use, when a user terminal (for example, a computer device or mobile device) 300 is connected to the management server 2, the processing module 23 imports the user terminal 300 to the operation webpage. For example, the operation webpage can be designed to include an operation interface area associated with application file management, file retrieval, file destruction, etc. The operation interface area can be operated by human input to obtain any input from the user terminal Information or uploaded files, but not limited to this example.

以下,將參閱圖2及圖3來示例地說明當使用者想要申請該資料檔案的管理服務時,該資料管理系統100如何結合一使用終端(例如,圖2所示的使用終端400)來執行一檔案儲存程序。舉例來說,該資料檔案為一與例如四位共同締約人有關的合約文件,但不以此例為限。在執行該檔案儲存程序之前,使用者必須先利用該使用終端400建立與該等管理伺服器2其中一者的通訊連接(如圖2所示)。該檔案儲存程序包含以下步驟S301~S307。Hereinafter, referring to FIG. 2 and FIG. 3, an example will be described to explain how the data management system 100 can be combined with a user terminal (for example, the user terminal 400 shown in FIG. 2) when the user wants to apply for the management service of the data file Perform a file storage procedure. For example, the data file is a contract document related to, for example, four co-contractors, but not limited to this example. Before executing the file storage procedure, the user must first use the user terminal 400 to establish a communication connection with one of the management servers 2 (as shown in FIG. 2). The file storage procedure includes the following steps S301-S307.

當該使用終端400連接該管理伺服器2時,該處理模組23將該使用終端400導入到該使用者介面(即,該操作網頁)(步驟S301)。When the user terminal 400 is connected to the management server 2, the processing module 23 imports the user terminal 400 to the user interface (ie, the operation web page) (step S301).

然後,在步驟S302中,該使用終端400經由該使用者介面的操作將一管理請求傳送至該管理伺服器2。在本實施例中,該管理請求包含一數量N及該資料檔案。舉例來說,該數量N相同於此合約文件之締約人的人數,即,N=4,但不以此例為限。在其他實施例中,數量N亦可以是由管理服務的申請者決定的其他整數值。Then, in step S302, the user terminal 400 transmits a management request to the management server 2 through the operation of the user interface. In this embodiment, the management request includes a quantity N and the data file. For example, the number N is the same as the number of contractors in this contract document, that is, N=4, but not limited to this example. In other embodiments, the number N may also be other integer values determined by the applicant of the management service.

當該管理伺服器2的該處理模組23經由該使用者介面接收到該管理請求時,在步驟S303中,該處理模組23以一預定分割方式將該資料檔案分割成N(N=4)個子檔案,並利用一預定雜湊演算法處理該資料檔案的原始資料內容、及該N個子檔案各自的資料內容,以獲得一作為該資料檔案的主特徵值的雜湊值,以及N個分別作為該N個子檔案的N個子特徵值的雜湊值。更具體地,在本實施例中,該處理模組23根據該預定分割方式執行以下操作:以一預定資料長度,將該資料檔案的資料內容依序切割成多個資料段(data segments);及利用一預定分群方式,將該等資料段分成N個資料段群,並將每一個資料段群所含的資料段組合,以獲得該N個子檔案。該預定資料長度例如可經由以該數量N作為種子的演算而獲得,但不在此限。該預定雜湊演算法例如採用SHA(Secure Hash Algorithm) 256,但不在此限。該預定分群方式例如將第[(4×i)+1]個資料段分到第一資料段群;將第[(4×i)+2]個資料段分到第二資料段群;將第[(4×i)+3]個資料段分到第三資料段群;及將第[(4×i)+4]個資料段分到第四資料段群,其中i=0,1,….,但不以此為限。When the processing module 23 of the management server 2 receives the management request via the user interface, in step S303, the processing module 23 divides the data file into N (N=4) in a predetermined division manner ) Sub-files, and use a predetermined hash algorithm to process the original data content of the data file and the respective data content of the N sub-files to obtain a hash value as the main eigenvalue of the data file, and N respectively as The hash value of the N sub-eigenvalues of the N sub-files. More specifically, in this embodiment, the processing module 23 performs the following operations according to the predetermined splitting method: sequentially cutting the data content of the data file into multiple data segments with a predetermined data length; And using a predetermined grouping method, the data segments are divided into N data segment groups, and the data segments contained in each data segment group are combined to obtain the N sub-files. The predetermined data length can be obtained, for example, through calculation using the number N as a seed, but not limited to this. The predetermined hash algorithm is, for example, SHA (Secure Hash Algorithm) 256, but it is not limited to this. The predetermined grouping method divides the [(4×i)+1] data segment into the first data segment group; the [(4×i)+2] data segment into the second data segment group; The [[4×i]+3] data segment is divided into the third data segment group; and the [(4×i)+4] data segment is divided into the fourth data segment group, where i=0,1 ,..., but not limited to this.

在步驟S304中,該處理模組23例如以一由N及處理當下的時間點為種子(Seed)的隨機方式產生一與該資料檔案的銷毀有關的銷毀密鑰、及N個彼此不同且分別用於該N個子檔案的加密或解密的密鑰,並回應於該管理請求,經由該使用者介面將該N個密鑰及該銷毀密鑰輸出至該使用終端400,以供該使用終端400顯示。在此情況下,例如可由四位締約人分別保有顯示在該使用終端400的該N(N=4)個密鑰(例如,可以將密鑰儲存於一隨身碟的方式來保有),以供後續取回操作時使用;並且例如由此四位締約人其中一者或其他重要關係人士來保有顯示在該使用者終端400的該銷毀密鑰,以供後續銷毀操作時使用,但不以此例為限。在本實施例中,該銷毀密鑰及該等密鑰各自例如為一由數字和文字所構成的40-位元碼,但不以此例為限。In step S304, the processing module 23 generates a destruction key related to the destruction of the data file, and N are different from each other, respectively, in a random manner that is seeded by N and the current time point (Seed) The key used to encrypt or decrypt the N sub-files, and in response to the management request, output the N keys and the destruction key to the user terminal 400 via the user interface for the user terminal 400 display. In this case, for example, the four contractors can respectively hold the N (N=4) keys displayed on the user terminal 400 (for example, the keys can be stored on a pen drive) Used in subsequent retrieval operations; and, for example, one of the four contractors or other important related parties retain the destruction key displayed on the user terminal 400 for use in subsequent destruction operations, but not Examples are limited. In this embodiment, the destruction key and the keys are, for example, a 40-bit code composed of numbers and characters, but not limited to this example.

在步驟S303及S304之後的步驟S305中,該處理模組23根據該預定存取協議且利用區塊鍊技術,將對應於該資料檔案且彼此具有關聯性的該銷毀密鑰、該主特徵值及該N個密鑰,以及彼此具有對應關係的該N個密鑰和該N個子特徵值儲存於該儲存模組22的一資料區塊(圖未示)。此外,該管理伺服器2還將彼此具有關聯性的該銷毀密鑰、該主特徵值、及該N個密鑰廣播至其他(M-1)個管理伺服器2,以使其他2(=3-1)個管理伺服器2各自將彼此具有關聯性的該銷毀密鑰、該主特徵值、及該N個密鑰儲存於對應的該儲存模組的一資料區塊。In step S305 following steps S303 and S304, the processing module 23 uses the block chain technology according to the predetermined access protocol to associate the destruction key and the main feature value that are related to the data file and are related to each other And the N keys, and the N keys and the N sub-characteristic values having a corresponding relationship with each other are stored in a data block (not shown) of the storage module 22. In addition, the management server 2 broadcasts the destruction key, the main feature value, and the N keys that are related to each other to the other (M-1) management servers 2 so that the other 2 (= 3-1) Each management server 2 stores the destruction key, the main feature value, and the N keys that are related to each other in a data block of the corresponding storage module.

舉例來說,若沿用上例,在以K11、K12、K13及K14分別代表該等(四個)密鑰;以SK1代表該銷毀密鑰;以HASH10代表該主特徵值;以HASH11、HASH12、HASH13及HASH14分別代表分別對應於K11、K12、K13及K14的該等(四個)子特徵值的情況下,在步驟S305後,在每一管理伺服器2的該儲存模組22的該資料區塊可以如圖7所示的表列形式來儲存具有關聯性的的該銷毀密鑰SK1、該主特徵值HASH10及該等密鑰K1、K2、K3及K4,以及具有對應關係的該等密鑰K1、K2、K3,K4和該等子特徵值HASH1、HASH2、HASH3,HASH4,但不以此例為限。For example, if the above example is followed, K11, K12, K13, and K14 represent the (four) keys; SK1 represents the destruction key; HASH10 represents the main eigenvalue; HASH11, HASH12, HASH13 and HASH14 respectively represent the (four) sub-eigenvalues corresponding to K11, K12, K13, and K14, respectively, after step S305, the data in the storage module 22 of each management server 2 The block can store the associated destruction key SK1, the main eigenvalue HASH10 and the keys K1, K2, K3, and K4, and the corresponding relationships in the form of a table as shown in FIG. 7 The keys K1, K2, K3, K4 and the sub-characteristic values HASH1, HASH2, HASH3, HASH4, but not limited to this example.

之後,在步驟S306中,該處理模組23利用一預定對稱加解密演算法(例如,AES(Advanced Encryption Standard) 256,但不在此限),將該N個子檔案其中每一者以該N個密鑰其中一個對應的密鑰加密,以獲得N個分別對應於該N個密鑰的加密子檔案,並且該管理伺服器2將分別對應於該N個密鑰的該N個子特徵值,以及分別對應於該N個密鑰的該N個加密子檔案傳送至該檔案伺服器1。Afterwards, in step S306, the processing module 23 uses a predetermined symmetric encryption and decryption algorithm (for example, AES (Advanced Encryption Standard) 256, but not limited to this) to assign each of the N sub-files to the N One of the keys is encrypted to obtain N encrypted sub-files respectively corresponding to the N keys, and the management server 2 will respectively correspond to the N sub-eigenvalues of the N keys, and The N encrypted sub-files corresponding to the N keys are sent to the file server 1 respectively.

最後,在步驟S307中,該檔案伺服器1將接收自該管理伺服器2的該N個子特徵值和該N個加密子檔案以一對應的方式儲存於該檔案資料庫11。舉例來說,若沿用上例,在以FILE11、FILE12、FILE13及FILE14分別代表該等(四個)加密子檔案的情況下,該檔案資料庫11可以如圖8所示的表列形式來儲存該等子特徵值HASH1、HASH2、HASH3,HASH4及該等加密子檔案FILE11、FILE12、FILE13及FILE14。至此,該檔案儲存程序執行完成。Finally, in step S307, the file server 1 stores the N sub-feature values and the N encrypted sub-files received from the management server 2 in the file database 11 in a corresponding manner. For example, if the above example is followed, in the case where FILE11, FILE12, FILE13, and FILE14 represent the (four) encrypted sub-files, respectively, the file database 11 may be stored in the form of a table as shown in FIG. 8 The sub-eigenvalues HASH1, HASH2, HASH3, HASH4 and the encrypted sub-files FILE11, FILE12, FILE13 and FILE14. At this point, the file storage process is completed.

以下,將參閱圖2、圖4及圖5來示例地說明當使用者(例如,上述合約文件的一位或多位締約者,但不以此例為限)欲取回該資料檔案以終止管理服務時,該資料管理系統100如何結合一使用終端(例如,圖2所示的使用終端400,在實際使用時,其可以是不同於上述檔案儲存程序中所使用的另一終端裝置)來執行一檔案取回程序。在執行該檔案取回程序之前,使用者必須先利用該使用終端400建立與該等管理伺服器2其中一者的通訊連接(如圖2所示)。在此情況下,連接該使用終端400的該管理伺服器2以下將作為取回發動伺服器,並且以下所提及的處理模組23均指該銷毀發動伺服器2的該處理模組23。該檔案取回程序包含以下步驟S401~S416。Hereinafter, referring to FIG. 2, FIG. 4 and FIG. 5 will be exemplified when the user (for example, one or more contractors of the above contract document, but not limited to this example) wants to retrieve the data file to terminate When managing services, how does the data management system 100 integrate with a user terminal (for example, the user terminal 400 shown in FIG. 2 may be different from another terminal device used in the above file storage procedure in actual use) to Perform a file retrieval procedure. Before executing the file retrieval procedure, the user must first use the user terminal 400 to establish a communication connection with one of the management servers 2 (as shown in FIG. 2). In this case, the management server 2 connected to the user terminal 400 will be used as a retrieval starting server hereinafter, and the processing modules 23 mentioned below all refer to the processing module 23 of the destruction starting server 2. The file retrieval procedure includes the following steps S401-S416.

相似於該檔案儲存程序的步驟S301(圖3),當該使用終端400連接該取回發動伺服器2時,該處理模組23將該使用終端400導入到該使用者介面(即,該操作網頁)(步驟S401)。Similar to step S301 (FIG. 3) of the file storage procedure, when the user terminal 400 is connected to the retrieval starting server 2, the processing module 23 imports the user terminal 400 to the user interface (ie, the operation Web page) (step S401).

然後,在步驟S402中,該使用終端400經由該使用者介面的操作將一取回請求傳送至該管理伺服器2。在本實施例中,該取回請求包含N(例如,N=4)個輸入碼。Then, in step S402, the user terminal 400 transmits a retrieval request to the management server 2 through the operation of the user interface. In this embodiment, the retrieval request includes N (for example, N=4) input codes.

之後,當該處理模組23經由該使用者介面接收到該取回請求時,在步驟S403中,該處理模組23確認該儲存模組22的該資料區塊中是否存在有相符於該N個輸入碼的N個密鑰。若該確認結果為肯定時,流程將進行至步驟S405;否則,該取回發動伺服器2經由該使用者介面將一輸入碼錯誤訊息傳送至該使用終端400(步驟S404)。換言之,只有在使用者輸入的該N個輸入碼就是該資料區塊儲存的該N個密鑰時,才能繼續執行以下步驟,否則須重新執行步驟S402-S404直到該處理模組23確認出該N個輸入碼就是該資料區塊儲存的該N個密鑰。After that, when the processing module 23 receives the retrieval request through the user interface, in step S403, the processing module 23 confirms whether there is a match with the N in the data block of the storage module 22 N keys of input codes. If the confirmation result is affirmative, the flow will proceed to step S405; otherwise, the retrieval activation server 2 transmits an input code error message to the user terminal 400 via the user interface (step S404). In other words, only when the N input codes entered by the user are the N keys stored in the data block can the following steps be continued, otherwise steps S402-S404 must be re-executed until the processing module 23 confirms the The N input codes are the N keys stored in the data block.

在步驟S405中,該取回發動伺模器2將一包含儲存於該資料區塊並分別對應於該N個密鑰的該N個子特徵值的檔案請求傳送至該檔案伺服器1。In step S405, the retrieval triggering servo 2 sends a file request including the N sub-feature values stored in the data block and corresponding to the N keys to the file server 1 respectively.

然後,在步驟S406,該檔案伺服器1回應於該檔案請求,將該檔案資料庫11所儲存且分別對應於該N個子特徵值的該N個加密子檔案傳送至該取回發動伺服器2。Then, in step S406, the file server 1 responds to the file request and sends the N encrypted sub-files stored in the file database 11 and corresponding to the N sub-eigenvalues to the retrieval starting server 2 .

當該取回發動伺服器2接收到來自該檔案伺服器1的該N個加密子檔案時,在步驟S407中,該處理模組23利用該預定對稱加解密演算法以該N個輸入碼(也就是,該N個密鑰)分別將接收到的該N個加密子檔案解密,以獲得N個解密子檔案。When the retrieval starting server 2 receives the N encrypted sub-files from the file server 1, in step S407, the processing module 23 uses the predetermined symmetric encryption and decryption algorithm to use the N input codes ( That is, the N keys) respectively decrypt the received N encrypted sub-files to obtain N decrypted sub-files.

接著,在步驟S408中,該處理模組23利用一對應於該預定分群方式的預組定合方式,組合該N個解密子檔案所含的資料內容,以獲得一組合資料內容。Then, in step S408, the processing module 23 uses a pre-grouping method corresponding to the predetermined grouping method to combine the data content contained in the N decrypted sub-files to obtain a combined data content.

之後,在步驟S409中,該處理模組23利用該預定雜湊演算法處理該組合資料內容,以獲得一雜湊值。Thereafter, in step S409, the processing module 23 processes the combined data content using the predetermined hash algorithm to obtain a hash value.

然後,在步驟S410中,該處理模組23根據該預定存取協議,判定該雜湊值是否相同於儲存於該儲存模組22的該資料區塊且與該N個密鑰相關聯的該主特徵值。若該判定結果為肯定時,此意謂該組合資料內容確實完全相同於該資料檔案的原始資料內容(也就是說,該檔案伺服器1所提供的該N個加密子檔案均未被篡改),則流程將進行至步驟S412);否則,該取回發動伺服器2經由該使用者介面將一檔案錯誤訊息傳送至該使用終端400(步驟S411)。Then, in step S410, the processing module 23 determines whether the hash value is the same as the data block stored in the storage module 22 and associated with the N keys according to the predetermined access protocol Eigenvalues. If the judgment result is positive, this means that the combined data content is indeed exactly the same as the original data content of the data file (that is, the N encrypted sub-files provided by the file server 1 have not been tampered with) , The flow will proceed to step S412); otherwise, the retrieval and activation server 2 transmits a file error message to the user terminal 400 via the user interface (step S411).

在步驟S412中,該處理模組23將該組合資料內容作為該原始資料內容(即,該資料檔案)且經由該使用者介面傳送至該使用終端400。In step S412, the processing module 23 uses the combined data content as the original data content (ie, the data file) and transmits it to the user terminal 400 through the user interface.

然後,在步驟S413中,該處理模組23根據該預定存取協議自該儲存模組22的該資料區塊刪除先前儲存的具有關聯性的該銷毀密鑰、該主特徵值及該N個密鑰,以及具有對應關係的該N個密鑰和該N個子特徵值。舉例來說,在此情況下,圖7列表中的資料(即,SK1、K11、K12、K13、K14、HASH10、HASH11、HASH12HASH13和HASH14)會完全被抹跡。Then, in step S413, the processing module 23 deletes the previously stored related destruction key, the main feature value and the N number from the data block of the storage module 22 according to the predetermined access protocol The key, and the N keys and the N sub-eigenvalues that have a corresponding relationship. For example, in this case, the data in the list in FIG. 7 (ie, SK1, K11, K12, K13, K14, HASH10, HASH11, HASH12, HASH13, and HASH14) will be completely smeared.

之後,在步驟S414中,該取回發動伺服器2將一有關於具有對應關係的該N個子特徵值及該N個加密子檔案的刪除請求傳送至該檔案伺服器1。於是,之後,在步驟S416中,該檔案伺服器1回應於接收到的該刪除請求,自該檔案資料庫11刪除先前儲存的該N個子特徵值及該N個加密子檔案。舉例來說,在此情況下,圖8列表中的資料(即,HASH11、HASH12、HASH13和HASH14,以及FILE11、FILE12、FILE13和FILE14)會完全被抹跡。Then, in step S414, the retrieval activation server 2 sends a deletion request to the file server 1 regarding the N sub-feature values and the N encrypted sub-files with corresponding relationships. Therefore, afterwards, in step S416, the file server 1 deletes the previously stored N sub-feature values and the N encrypted sub-files from the file database 11 in response to the received delete request. For example, in this case, the data in the list of FIG. 8 (that is, HASH11, HASH12, HASH13, and HASH14, and FILE11, FILE12, FILE13, and FILE14) will be completely erased.

另一方面,跟隨在步驟S413之後的步驟S415中,該取回發動伺服器2將有關該銷毀密鑰、該主特徵值及該N個密鑰的刪除訊息廣播至其他(M-1)個管理伺服器2(例如,其他兩個管理伺服器2)。於是,其他(M-1)個管理伺服器各自根據該預定存取協議自對應的資料區塊刪除具有關聯性的該銷毀密鑰、該主特徵值及該N個密鑰,以及具有對應關係的該N個密鑰和該N個子特徵值,藉此,達成該等資料管理伺服器2的資料區塊所儲存的資料的一致性。至此,該檔案取回程序執行完成。On the other hand, in step S415 following step S413, the retrieval activation server 2 broadcasts the deletion message about the destruction key, the main feature value, and the N keys to other (M-1) Management server 2 (for example, the other two management servers 2). Therefore, the other (M-1) management servers each delete the related destruction key, the main feature value, and the N keys from the corresponding data block according to the predetermined access protocol, and have a corresponding relationship The N keys and the N sub-eigenvalues, thereby achieving consistency of the data stored in the data blocks of the data management server 2. At this point, the file retrieval process is completed.

以下,將參閱圖2及圖6來示例地說明若在上述檔案取回程序尚未執行的情況下而使用者(例如,上述合約文件的一位締約人,但不以此例為限)想要銷毀該資料檔案時,該終端設備的維修廠商派遣至該商家的一維修者完修此報修申請案時,該資料管理系統100如何結合一使用終端(例如,圖2所示的使用終端400,在實際使用時,其可以是不同於上述檔案儲存程序或檔案取回程序中所使用的另一終端裝置)來執行一檔案銷毀程序。在執行該檔案銷毀程序之前,使用者必須先利用該使用終端400建立與該等管理伺服器2其中一者的通訊連接(如圖2所示)。在此情況下,連接該使用終端400的該管理伺服器2以下將作為銷毀發動伺服器,並且以下所提及的處理模組23均指該銷毀發動伺服器2的該處理模組23。該檔案銷毀程序包含以下步驟S601~S608。The following will refer to FIGS. 2 and 6 to illustrate if the user (for example, a contractor of the above contract document, but not limited to this example) wants to if the above file retrieval procedure has not been executed When the data file is destroyed, when the repairer of the terminal equipment is dispatched to a repairer of the merchant to complete the repair application, how does the data management system 100 integrate with a user terminal (for example, the user terminal 400 shown in FIG. 2, In actual use, it may be different from the above-mentioned file storage procedure or file retrieval procedure used in another terminal device) to execute a file destruction procedure. Before performing the file destruction procedure, the user must first use the user terminal 400 to establish a communication connection with one of the management servers 2 (as shown in FIG. 2). In this case, the management server 2 connected to the user terminal 400 will be referred to as the destruction starting server hereinafter, and the processing modules 23 mentioned below all refer to the processing module 23 of the destruction starting server 2. The file destruction procedure includes the following steps S601-S608.

相似於該檔案取回程序的步驟S401(圖4),當該使用終端400連接該銷毀發動伺服器2時,該銷毀發動伺服器2的該處理模組23將該使用終端400導入到該使用者介面(即,該操作網頁)(步驟S601)。Similar to step S401 (FIG. 4) of the file retrieval procedure, when the usage terminal 400 is connected to the destruction activation server 2, the processing module 23 of the destruction activation server 2 imports the usage terminal 400 to the usage User interface (ie, the operation web page) (step S601).

然後,在步驟S602中,該使用終端400經由該使用者介面的操作將一銷毀請求傳送至該銷毀發動伺服器2。在本實施例中,該銷毀請求包含一輸入碼。Then, in step S602, the user terminal 400 transmits a destruction request to the destruction activation server 2 through the operation of the user interface. In this embodiment, the destruction request includes an input code.

之後,當該處理模組23經由該使用者介面接收到該銷毀請求時,在步驟S603中,該處理模組23判定該儲存模組22的該資料區塊中是否存在有相符於該輸入碼的銷毀密鑰。若該判定結果為肯定時,流程將進行至步驟S605;否則,該銷毀發動伺服器2經由該使用者介面將一輸入碼錯誤訊息傳送至該使用終端400(步驟S604)。換言之,只有在使用者輸入的該輸入碼就是該資料區塊儲存的該銷毀密鑰時,才能繼續執行以下步驟,否則須重新執行步驟S602-S604直到該處理模組23判定出該輸入碼就是該資料區塊儲存的該銷毀密鑰。After that, when the processing module 23 receives the destruction request via the user interface, in step S603, the processing module 23 determines whether there is a match in the input code in the data block of the storage module 22 The destruction key. If the determination result is affirmative, the flow proceeds to step S605; otherwise, the destruction activation server 2 transmits an input code error message to the user terminal 400 via the user interface (step S604). In other words, only when the input code entered by the user is the destruction key stored in the data block can the following steps be continued, otherwise steps S602-S604 must be re-executed until the processing module 23 determines that the input code is The destruction key stored in the data block.

在步驟S605中,相似於該檔案取回程序的步驟S413(圖5),該處理模組23根據該預定銷毀協議自該儲存模組22的該資料區塊刪除具有關聯性的該銷毀密鑰、該主特徵值及該N個密鑰,以及具有對應關係的該N個密鑰及該N個子特徵值,藉此達成該資料區塊的抹跡。In step S605, similar to step S413 (FIG. 5) of the file retrieval procedure, the processing module 23 deletes the associated destruction key from the data block of the storage module 22 according to the predetermined destruction protocol , The main eigenvalue and the N keys, and the N keys and the N sub-eigenvalues with corresponding relationships, thereby achieving erasure of the data block.

之後,在步驟S606中,相似於該檔案取回程序的步驟S414(圖5),該銷毀發動伺服器2將一有關於具有對應關係的該N個子特徵值及該N個加密子檔案的刪除請求傳送至該檔案伺服器1。隨後,在步驟S608中,相似於該檔案取回程序的步驟S416中,該檔案伺服器1回應於接收到的該刪除請求,自該檔案資料庫11刪除先前儲存的該N個子特徵值及該N個加密子檔案,藉此達成該檔案資料庫11的抹跡。Then, in step S606, similar to step S414 of the file retrieval process (FIG. 5), the destruction activation server 2 deletes the N sub-feature values and the N encrypted sub-files that have corresponding relationships The request is sent to the file server 1. Subsequently, in step S608, similar to step S416 of the file retrieval process, the file server 1 deletes the previously stored N sub-feature values and the file from the file database 11 in response to the received delete request N encrypted sub-files, thereby achieving erasure of the file database 11.

另一方面,跟隨在步驟S605之後的步驟S607中,相似於該檔案取回程序的步驟S414(圖5),該取回發動伺服器2將有關該銷毀密鑰、該主特徵值及該N個密鑰的刪除訊息廣播至其他(M-1)個管理伺服器2(例如,其他兩個管理伺服器2)。於是,其他(M-1)個管理伺服器各自根據該預定存取協議自對應的資料區塊刪除具有關聯性的該銷毀密鑰、該主特徵值及該N個密鑰,以及具有對應關係的該N個密鑰和該N個子特徵值,藉此,達成該等資料管理伺服器2的資料區塊所儲存的資料的一致性。至此,該檔案毀程序執行完成。On the other hand, in step S607 following step S605, similar to step S414 (FIG. 5) of the file retrieval procedure, the retrieval activation server 2 will relate the destruction key, the main feature value and the N The deletion message of each key is broadcast to the other (M-1) management servers 2 (for example, the other two management servers 2). Therefore, the other (M-1) management servers each delete the related destruction key, the main feature value, and the N keys from the corresponding data block according to the predetermined access protocol, and have a corresponding relationship The N keys and the N sub-eigenvalues, thereby achieving consistency of the data stored in the data blocks of the data management server 2. At this point, the file destruction process is completed.

綜上所述,由於該資料檔案是藉由切割、分群及加密處理後所產生的加密子檔案之形式儲存於該檔案伺服器1,因此可大幅提升該資料檔案在儲存上的安全性。該取回發動伺服器2在同時接收到相同於N個密鑰的N個輸入碼時,在藉由儲存於資料區塊中的主雜湊值來驗證自該檔案伺服器1取回的該N個加密子檔案的正確性(未被篡改)後,輸出該資料檔案,然後根據該預定存取協議,對於與該資料檔案有關的所有資料完全抹跡。另外,該銷毀發動伺服器2亦可在接收到相同於該銷毀密鑰的輸入碼時,直接進行與該資料檔案有關的所有資料的抹跡處理。故確實能達成本新型的目的。In summary, since the data file is stored in the file server 1 in the form of encrypted sub-files generated by cutting, grouping, and encryption processing, the security of the data file in storage can be greatly improved. When the retrieval start server 2 receives N input codes that are the same as N keys at the same time, it verifies the N retrieved from the file server 1 by the main hash value stored in the data block After the correctness (not tampered) of an encrypted sub-file, the data file is output, and then all data related to the data file is completely erased according to the predetermined access protocol. In addition, the destruction activation server 2 can also directly erase all data related to the data file when receiving the input code that is the same as the destruction key. Therefore, it can really achieve the purpose of new cost.

惟以上所述者,僅為本新型之實施例而已,當不能以此限定本新型實施之範圍,凡是依本新型申請專利範圍及專利說明書內容所作之簡單的等效變化與修飾,皆仍屬本新型專利涵蓋之範圍內。However, the above are only examples of the new model. When the scope of the new model cannot be limited by this, any simple equivalent changes and modifications made according to the patent application scope and patent specification content of the new model are still regarded as Within the scope of this new patent.

100:資料管理系統100: data management system

1:檔案伺服器1: File server

11:檔案資料庫11: File database

2:管理伺服器2: management server

21:使用者介面模組21: User interface module

22:儲存模組22: Storage module

23:處理模組23: Processing module

200:通訊網路200: communication network

300:區塊鍊系統300: Blockchain system

400:使用終端400: use terminal

S301~S307:步驟S301~S307: Steps

S401~S416:步驟S401~S416: Steps

S601~S608:步驟S601~S608: Steps

本新型之其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中: 圖1是一方塊圖,示例性地繪示本新型實施例的資料管理系統的架構; 圖2是一示意圖,示例性地說明該實施例在使用時的一管理伺服器、一檔案伺服器及一使用終端; 圖3是一流程圖,示例性地說明該實施例如何執行一檔案儲存程序; 圖4及圖5是流程圖,示例性地說明該實施例如何執行一檔案取回程序; 圖6是一流程圖,示例性地說明該實施例如何執行一檔案銷毀程序; 圖7是一示意圖,示例性地說明該實施例中的資料區塊儲存的內容;及 圖8是一示意圖,示例性地說明該實施例中的檔案資料庫儲存的內容。 Other features and functions of the present invention will be clearly presented in the embodiments with reference to the drawings, in which: FIG. 1 is a block diagram exemplarily illustrating the architecture of a data management system according to an embodiment of the present invention; FIG. 2 is a schematic diagram exemplarily illustrating a management server, a file server, and a user terminal when the embodiment is used; FIG. 3 is a flow chart exemplarily illustrating how this embodiment executes a file storage procedure; 4 and 5 are flow charts, which exemplarily illustrate how to perform a file retrieval procedure in this embodiment; FIG. 6 is a flow chart exemplarily illustrating how to perform a file destruction procedure in this embodiment; 7 is a schematic diagram exemplarily illustrating the content stored in the data block in this embodiment; and FIG. 8 is a schematic diagram exemplarily illustrating the content stored in the file database in this embodiment.

100:資料管理系統 100: data management system

1:檔案伺服器 1: File server

2:管理伺服器 2: management server

200:通訊網路 200: communication network

300:區塊鍊系統 300: Blockchain system

Claims (9)

一種資料管理系統,用於管理一資料檔案,且包含: 一檔案伺服器,提供一檔案資料庫;及 M(M≧1)個管理伺服器,其每一者連接該檔案伺服器,並包括 一使用者介面模組,用於提供網頁式的一使用者介面, 一儲存模組,及 一處理模組,連接該使用者介面模組及該儲存模組,並至少安裝有一預定存取協議; 其中,對於每一管理伺服器,當該處理模組經由該使用者介面接收到一包含該該資料檔案的管理請求時,該處理模組執行以下操作 以一預定分割方式將該資料檔案分割成N個子檔案,並利用一預定雜湊演算法處理該資料檔案的原始資料內容、及該N個子檔案各自的資料內容,以獲得一作為該資料檔案的主特徵值的雜湊值,以及N個分別作為該N個子檔案的N個子特徵值的雜湊值, 產生一與該資料檔案的銷毀有關的銷毀密鑰、及N個彼此不同且分別用於該N個子檔案的加密或解密的密鑰,並回應於該管理請求,經由該使用者介面輸出該N個密鑰及該銷毀密鑰, 根據該預定存取協議且利用區塊鍊技術,將對應於該資料檔案且彼此具有關聯性的該銷毀密鑰、該主特徵值及該N個密鑰,以及彼此具有對應關係的該N個密鑰和該N個子特徵值儲存於該儲存模組的一資料區塊, 利用一預定對稱加解密演算法,將該N個子檔案其中每一者以該N個密鑰其中一個對應的密鑰加密,以獲得N個分別對應於該N個密鑰的加密子檔案,及 將彼此具有對應關係的該N個子特徵值和該N個加密子檔案傳送至該檔案伺服器;及 其中,該檔案伺服器將接收自該管理伺服器且具有對應關係的該N個子特徵值和該N個加密子檔案儲存於該檔案資料庫。 A data management system is used to manage a data file, and includes: A file server, providing a file database; and M (M≧1) management servers, each of which is connected to the file server and includes A user interface module for providing a web-based user interface, A storage module, and A processing module, connected to the user interface module and the storage module, and installed with at least a predetermined access protocol; For each management server, when the processing module receives a management request including the data file through the user interface, the processing module performs the following operations The data file is divided into N sub-files in a predetermined division method, and a predetermined hash algorithm is used to process the original data content of the data file and the respective data content of the N sub-files to obtain a master file as the data file The hash value of the eigenvalue, and N hash values of the N sub-eigenvalues of the N sub-files, Generate a destruction key related to the destruction of the data file, and N different keys used for encryption or decryption of the N sub-files respectively, and respond to the management request by outputting the N through the user interface Keys and the destruction key, According to the predetermined access protocol and using blockchain technology, the destruction key, the main eigenvalue and the N keys corresponding to the data file and related to each other, and the N keys corresponding to each other The key and the N sub-eigenvalues are stored in a data block of the storage module, Use a predetermined symmetric encryption and decryption algorithm to encrypt each of the N sub-files with one of the N keys to obtain N encrypted sub-files corresponding to the N keys, and Sending the N sub-eigenvalues and the N encrypted sub-files that have a corresponding relationship to each other to the file server; and Wherein, the file server stores the N sub-eigenvalues and the N encrypted sub-files corresponding to the received from the management server in the file database. 如請求項1所述的資料管理系統,其中,該管理伺服器的該處理模組根據該預定分割方式執行以下操作: 以一預定資料長度,將該資料檔案的資料內容依序切割成多個資料段;及 利用一預定分群方式,將該等資料段分成N個資料段群,並將每一個資料段群所含的資料段組合,以獲得該N個子檔案。 The data management system according to claim 1, wherein the processing module of the management server performs the following operations according to the predetermined division method: Cut the data content of the data file into multiple data segments in sequence with a predetermined data length; and Using a predetermined grouping method, the data segments are divided into N data segment groups, and the data segments contained in each data segment group are combined to obtain the N sub-files. 如請求項1或2所述的資料管理系統,其中,在M≧2的情況下,每一管理伺服器用作一區塊鍊系統的一節點終端,並且該管理伺服器還將彼此具有關聯性的該銷毀密鑰、該主特徵值及該N個密鑰,以及具有對應關係的該N個子特徵值和該N個加密子檔案廣播至其他(M-1)個管理伺服器,以使其他(M-1)個管理伺服器各自將彼此具有關聯性的該銷毀密鑰、該主特徵值及該N個密鑰,以及具有對應關係的該N個子特徵值和該N個加密子檔案儲存於對應的該儲存模組的一資料區塊。The data management system according to claim 1 or 2, wherein, in the case of M≧2, each management server is used as a node terminal of a blockchain system, and the management servers will also be associated with each other The destruction key, the main feature value and the N keys, and the corresponding N sub-feature values and the N encrypted sub-files are broadcast to other (M-1) management servers, so that The other (M-1) management servers will each have the destruction key, the main feature value, and the N keys that are related to each other, and the N sub-feature values and the N encrypted sub-files that have corresponding relationships A data block stored in the corresponding storage module. 如請求項3所述的資料管理系統,其中,對於該M個管理伺服器其中一個作為取回發動伺服器的管理伺服器,當該處理模組經由該使用者介面接收到一包含N個輸入碼的取回請求時,該處理模組執行以下操作: 在確認出該N個輸入碼分別相符於該儲存模組的該資料區塊儲存的該N個密鑰時,將一包含儲存於該資料區塊並分別對應於該N個密鑰的該N個子特徵值的檔案請求傳送至該檔案伺服器,以使該檔案伺服器回應於該檔案請求,將該檔案資料庫所儲存且分別對應於該N個子特徵值的該N個加密子檔案傳送至該取回發動伺服器; 在接收到來自該檔案伺服器的該N個加密子檔案時,利用該預定對稱加解密演算法以該N個輸入碼分別將接收到的該N個加密子檔案解密,以獲得N個解密子檔案; 利用一對應於該預定分群方式的預定組合方式,組合該N個解密子檔案所含的資料內容,以獲得一組合資料內容; 利用該預定雜湊演算法處理該組合資料內容,以獲得一雜湊值; 根據該預定存取協議,判定該雜湊值是否相同於儲存於該儲存模組的該資料區塊且與該N個密鑰相關聯的該主特徵值;及 在判定出該雜湊值相同於該主特徵值時,將該組合資料內容作為該原始資料內容且經由該使用者介面輸出,且根據該預定存取協議自該儲存模組的該資料區塊刪除先前儲存的具有關聯性的該銷毀密鑰、該主特徵值及該N個密鑰,以及具有對應關係的該N個密鑰和該N個子特徵值。 The data management system according to claim 3, wherein one of the M management servers is used as a management server for retrieving the starting server, and when the processing module receives a N input through the user interface When the code is retrieved, the processing module performs the following operations: When it is confirmed that the N input codes respectively match the N keys stored in the data block of the storage module, a N including the N keys stored in the data block and corresponding to the N keys respectively A file request for a sub-feature value is sent to the file server, so that the file server responds to the file request and sends the N encrypted sub-files stored in the file database and corresponding to the N sub-feature values to The retrieval server should be retrieved; When receiving the N encrypted sub-files from the file server, use the predetermined symmetric encryption and decryption algorithm to decrypt the received N encrypted sub-files with the N input codes, respectively, to obtain N decrypted sub-files file; Use a predetermined combination method corresponding to the predetermined grouping method to combine the data content contained in the N decrypted sub-files to obtain a combined data content; Processing the content of the combined data using the predetermined hash algorithm to obtain a hash value; According to the predetermined access protocol, determine whether the hash value is the same as the main feature value stored in the data block of the storage module and associated with the N keys; and When it is determined that the hash value is the same as the main eigenvalue, the combined data content is used as the original data content and output through the user interface, and deleted from the data block of the storage module according to the predetermined access protocol The previously stored correlation destruction key, the main feature value and the N keys, and the corresponding N keys and the N sub-feature values. 如請求項4所述的資料管理系統,其中,在該原始資料內容被輸出後,該取回發動伺服器還將一有關於具有對應關係的該N個子特徵值及該N個加密子檔案的刪除請求傳送至該檔案伺服器,以使該檔案伺服器回應於接收到的該刪除請求,自該檔案資料庫刪除先前儲存的該N個子特徵值及該N個加密子檔案。The data management system according to claim 4, wherein, after the original data content is output, the retrieval starting server will also have information about the N sub-eigenvalues and the N encrypted sub-files with corresponding relationships The delete request is sent to the file server, so that the file server deletes the previously stored N sub-feature values and the N encrypted sub-files from the file database in response to the received delete request. 如請求項4所述的資料管理系統,其中,在M≧2的情況下,該取回發動伺服器還將有關該銷毀密鑰、該主特徵值、該N個密鑰及該N個子特徵值的刪除訊息廣播至其他(M-1)個管理伺服器,以使其他(M-1)個管理伺服器各自根據該預定存取協議自對應的資料區塊刪除具有關聯性的該銷毀密鑰、該主特徵值及該N個密鑰,以及具有對應關係的該N個密鑰和該N個子特徵值。The data management system according to claim 4, wherein, in the case of M≧2, the retrieval activation server will also provide information about the destruction key, the main feature value, the N keys, and the N sub-features The value deletion message is broadcast to other (M-1) management servers, so that the other (M-1) management servers each delete the associated destruction password from the corresponding data block according to the predetermined access protocol The key, the main eigenvalue and the N keys, and the N keys and the N sub-eigenvalues that have a corresponding relationship. 如請求項3所述的資料管理系統,其中: 每一管理伺服器的該處理模組還安裝有一預定銷毀協議;及 對於該M個管理伺服器其中一個作為銷毀發動伺服器的管理伺服器,當該處理模組經由該使用者介面接收到一包含一輸入碼的銷毀請求時,該處理模組執行以下操作: 根據該預定銷毀協議,判定該輸入碼是否相符於該資料區塊儲存的該銷毀密鑰;及 在判定出該輸入碼相符於該銷毀密鑰時,根據該預定銷毀協議自該儲存模組的該資料區塊刪除具有關聯性的該銷毀密鑰、該主特徵值及該N個密鑰,以及具有對應關係的該N個密鑰及該N個子特徵值。 The data management system as described in claim 3, wherein: The processing module of each management server is also installed with a predetermined destruction agreement; and For one of the M management servers to serve as the management server for the destruction start server, when the processing module receives a destruction request including an input code through the user interface, the processing module performs the following operations: According to the predetermined destruction agreement, determine whether the input code matches the destruction key stored in the data block; and When it is determined that the input code matches the destruction key, delete the associated destruction key, the main characteristic value and the N keys from the data block of the storage module according to the predetermined destruction protocol, And the N keys and the N sub-eigenvalues that have a corresponding relationship. 如請求項7所述的資料管理系統,其中,在M≧2的情況下,該銷毀發動伺服器還將有關該銷毀密鑰、該主特徵值及該N個密鑰的刪除訊息廣播至其他(M-1)個管理伺服器,以使其他(M-1)個管理伺服器各自根據該預定銷毀協議自對應儲存模組的資料區塊刪除具有關聯性的該銷毀密鑰、該主特徵值及該N個密鑰,以及具有對應關係的該N個密鑰及該N個子特徵值。The data management system according to claim 7, wherein in the case of M≧2, the destruction activation server also broadcasts the deletion information about the destruction key, the main characteristic value, and the N keys to other (M-1) management servers, so that the other (M-1) management servers each delete the related destruction key and the main feature from the data block of the corresponding storage module according to the predetermined destruction protocol Value and the N keys, and the N keys and the N sub-eigenvalues that have a corresponding relationship. 如請求項7所述的資料管理系統,其中,在該處理模組判定出該輸入碼相符於該銷毀密鑰時後,該銷毀發動伺服器還將一有關於具有對應關係的該N個子特徵值及該N個加密子檔案的刪除請求傳送至該檔案伺服器,以使該檔案伺服器回應於接收到的該刪除請求,自該檔案資料庫刪除先前儲存的該N個子特徵值及該N個子檔案。The data management system according to claim 7, wherein, after the processing module determines that the input code matches the destruction key, the destruction activation server will also have information about the N sub-features with corresponding relationships The value and the delete request of the N encrypted sub-files are sent to the file server, so that the file server deletes the previously stored N sub-feature values and the N from the file database in response to the received delete request Sub-files.
TW108214809U 2019-11-08 2019-11-08 Data management system capable of securely accessing and deleting data TWM591647U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW108214809U TWM591647U (en) 2019-11-08 2019-11-08 Data management system capable of securely accessing and deleting data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW108214809U TWM591647U (en) 2019-11-08 2019-11-08 Data management system capable of securely accessing and deleting data

Publications (1)

Publication Number Publication Date
TWM591647U true TWM591647U (en) 2020-03-01

Family

ID=70767578

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108214809U TWM591647U (en) 2019-11-08 2019-11-08 Data management system capable of securely accessing and deleting data

Country Status (1)

Country Link
TW (1) TWM591647U (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI723622B (en) * 2019-11-08 2021-04-01 許毓展 Data management method and system capable of safely accessing and deleting data

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI723622B (en) * 2019-11-08 2021-04-01 許毓展 Data management method and system capable of safely accessing and deleting data

Similar Documents

Publication Publication Date Title
CN109862041B (en) Digital identity authentication method, equipment, device, system and storage medium
CN107209787B (en) Improving searching ability of special encrypted data
CN105678189B (en) Data file encryption storage and retrieval system and method
CN102170440B (en) Method suitable for safely migrating data between storage clouds
CN107948152B (en) Information storage method, information acquisition method, information storage device, information acquisition device and information acquisition equipment
CN109344631B (en) Data modification and block verification method, device, equipment and medium for block chain
EP3062261A1 (en) Community-based de-duplication for encrypted data
US10951396B2 (en) Tamper-proof management of audit logs
WO2019024230A1 (en) Information encryption and decryption method and device, computer equipment and storage medium
US9749132B1 (en) System and method for secure deletion of data
US10771261B1 (en) Extensible unified multi-service certificate and certificate revocation list management
CN114186264A (en) Data random encryption and decryption method, device and system
CN115225409B (en) Cloud data safety duplicate removal method based on multi-backup joint verification
CN103139143B (en) The method of digital copyright management, system and server
JP2021193587A (en) Provisioning of shippable storage device and ingesting of data from shippable storage device
CN114282193A (en) Application authorization method, device, equipment and storage medium
CN111382458A (en) Data batch sealing method and device and computer storage medium
US20190132133A1 (en) Associating identical fields encrypted with different keys
WO2014141802A1 (en) Information processing device, information processing system, information processing method, and program
US20230274023A1 (en) Data management computer, data management system including the data management computer, and method thereof
CN109918451A (en) Data base management method and system based on block chain
TWI723622B (en) Data management method and system capable of safely accessing and deleting data
TWM591647U (en) Data management system capable of securely accessing and deleting data
CN112464270A (en) Bidding file encryption and decryption method, equipment and storage medium
CN110232570B (en) Information supervision method and device