WO2012071720A1 - Method for controlling cloud storage data - Google Patents

Method for controlling cloud storage data Download PDF

Info

Publication number
WO2012071720A1
WO2012071720A1 PCT/CN2010/079332 CN2010079332W WO2012071720A1 WO 2012071720 A1 WO2012071720 A1 WO 2012071720A1 CN 2010079332 W CN2010079332 W CN 2010079332W WO 2012071720 A1 WO2012071720 A1 WO 2012071720A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
original
cloud storage
original data
physical
Prior art date
Application number
PCT/CN2010/079332
Other languages
French (fr)
Chinese (zh)
Inventor
刘慧�
Original Assignee
北京卓微天成科技咨询有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京卓微天成科技咨询有限公司 filed Critical 北京卓微天成科技咨询有限公司
Priority to US12/999,273 priority Critical patent/US8595512B2/en
Publication of WO2012071720A1 publication Critical patent/WO2012071720A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Definitions

  • the invention belongs to the field of cloud storage data security technologies, and in particular relates to a method for cloud storage data control.
  • DAS direct attached storage, direct attached storage
  • SAN Storage Area Network
  • NAS network access storage
  • the other is a multi-party shared architecture, the cloud storage architecture. According to the scope of its services, it is divided into private cloud and public cloud.
  • the cloud storage architecture is based on network technologies (internet and intranet) that provide storage space for on-demand purchase, lease, and on-demand provisioning services, typically provided by third parties or third-party departments within the enterprise, including storage devices and dedicated maintenance personnel. . Through this storage service, organizations or departments within the enterprise can significantly reduce their internal storage requirements and corresponding management costs to balance the sharply rising storage demands and corporate cost pressures.
  • the users of the above mentioned storage may be individuals, enterprises, or even departments or branches within the enterprise.
  • the invention provides a method for cloud storage data control, the method comprising:
  • the invention converts the original data to be stored into a physical part, and outputs the physical part to the logical part of the original data information, stores the physical part in the cloud storage data center, saves the logical part and controls by the user, thereby realizing the control of the physical
  • the logical part occupying a small space controls the physical part of the data that physically takes up a large space, and realizes the control of the owned data.
  • FIG. 1 is a flowchart of a method for controlling cloud storage data according to an embodiment of the present invention
  • FIG. 2 is a flowchart of a method for converting physical data to be stored into data blocks to form physical parts of original data according to an embodiment of the present invention
  • 3 is a schematic diagram of a principle for reorganizing source data according to an embodiment of the present invention
  • FIG. 4 is a flowchart of a method for randomly reorganizing source data according to an embodiment of the present invention
  • FIG. FIG. 6 is a schematic flowchart of a method for generating a key used in a cryptographic codebook according to an embodiment of the present invention
  • FIG. 7 is a schematic diagram of a method for collecting data according to an embodiment of the present invention.
  • the invention converts the original data to be stored into a physical part, and outputs the physical part to the logical part of the original data information, stores the physical part in the cloud storage data center, saves the logical part and controls by the user, thereby realizing The control of the physical part that takes up less space controls the physical part of the data that physically takes up a large space, and realizes the control of the owned data.
  • an embodiment of the present invention provides a method for controlling cloud storage data, where the method includes the following steps:
  • Step S101 Convert the original data to be stored into an irreversible data block in a preset manner to form a physical part of the original data;
  • the physical part is the real expression of the physical space occupied by the original data. It is a set of data blocks. Because the computer storage medium can only accept Q, l values, it is represented by a string of 0, 1 values, which is usually transformed by the original data through technical means. Come over (as with the method provided by the present invention), the converted data cannot be restored to the original data, no matter how much computing power and time, without the logical part information of the original data, so the physical part of the original data Irreversible; Step S102: outputting information necessary for data restoration in converting the original data into a physical part, as a logical part of the original data;
  • the logical part of the original data includes the physical part of the original data.
  • the original data that is, which data blocks are composed of the original data, the actual representation of the physical part of the original data, and other required information to be restored to the original data, which is not a large physical space, but is primitive.
  • the physical part of the data is restored to the indispensable part of the original data; in addition, according to the storage needs, the logical part of the original data also includes the attributes of the original data, access rights and check values (such as MD5 values, verifying the retrieval of the data content) Accuracy) information;
  • Step S103 The physical part of the original data is stored in the cloud storage data center.
  • the number of the cloud storage service data center that stores the physical part of the original data is not limited, and may be one or multiple;
  • the embodiment of the present invention may further notify the data storage success or failure according to the result returned by the cloud storage data center;
  • Step S104 save the logical part of the original data, and be controlled by the user;
  • the logical part of the original data is stored in a storage server within the scope of the user control, such as a local server, or may be stored in a storage medium that the user can carry with him, or may be stored in a cloud storage data center different from the physical part storing the original data or server.
  • a storage server within the scope of the user control, such as a local server, or may be stored in a storage medium that the user can carry with him, or may be stored in a cloud storage data center different from the physical part storing the original data or server.
  • the backup archiving strategy and plan of the data are set, and the original data is configured according to the set backup archiving strategy and plan.
  • the conversion is converted to a logical part and a physical part.
  • the physical part of the original data is sent to the designated cloud storage data center according to the set cloud storage service access agreement, such as authentication, payment billing record, etc., and the logical part of the original data is saved, and Controlled by the user.
  • the set cloud storage service access agreement such as authentication, payment billing record, etc.
  • an embodiment of the present invention provides a method for converting a raw data to be stored into a data block to form a physical part of the original data, where the method includes the following steps: Data blocks, and de-weighted to form source data;
  • Step S202 After content reorganization of each source data, new data is formed
  • the method of the present invention can adopt the method of sequentially reorganizing the data content in the content reorganization of each source data, or the method of randomly reorganizing the data content;
  • the data content order reorganization method comprises: arranging rules in a fixed order of presets, collecting data in the same position in each source data; combining the collected data in order to form new data; for example, arranging the specified groups by grouping
  • the n m-bit source data is vertically reorganized to form m n-bit new data, that is, the sequence reorganization of the content of the grouped source data is completed, as shown in FIG. 3;
  • the data content random reorganization method includes the following steps, as shown in Figure 4:
  • Step S301 traversing the source data corresponding to the new data according to the preset data recombination rule;
  • Step S302 collecting data from the source data according to the preset data collection rule;
  • Step S303 Combine the collected data in order to form new data
  • the specific implementation method of random reorganization of data content see FIG. 5, assumes that the original data is converted, and obtains a series of source data, that is, source data 2 - source data i, and all or part of the source data corresponding to the original data is combined with other source data. a set of source data to be reorganized;
  • each new data in the specified group is reorganized into m g-bit new data, each new data corresponds to p source data (1 pn, p too large affects performance, too small will affect security),
  • the source data corresponds to r new data (1 rm ).
  • data is collected from each source data u times, each time taking V bits (l v f );
  • the detailed construction process is as follows: When constructing the kth new data (td k ), first traverse its corresponding p source data, collect U times from each source data, and collect V-bit data each time.
  • the kth new data is identified from the i-th source data (1 (1 1)
  • data is identified as Ext iq k ( s iq , e iq ), where s iq is a randomly generated data collection Starting cursor position, e iq is random
  • Combining the collected data in order is the new data that needs to be built. Expressed as:
  • Tdk ( Extn ( Sn, en ) , Extn ( ) , ⁇ , Ext pu k ( ) ) .
  • Ext iq k (s iq, e iq), placed in corresponding positions td k (in the acquired data is placed in the can calculate td k) is denoted V-bit data acquisition sdi td corresponding data bits k is Rxt kq (Skq, ⁇ kq) , wherein s kq for acquiring data corresponding to the starting cursor position k td, e kq for the acquired data in td k Corresponding termination cursor position, Skq, ⁇ kq are natural numbers, and s kq e kq , if it is said that the number of digits of the data acquisition is 0, further analysis shows that the source data sdi can collect its corresponding new data by reverse Specify the order of the data bits, that is,
  • each source data and the recombined new data may be fixed length or indefinite length, and p, U, V may be variables, that is, each time new data is constructed, they may be different; p, u, V true random number generation method, Mechanical Industry Press, March 1, 2003, "Application Cryptography Protocol, Algorithm and C Source Program", page 301, gives a variety of real random numbers. Methods, such as using random noise, using computer clock, CPU load, network packet arrival times, etc., will not be described here. Suppose that some true random numbers Rl, R2, R3 have been generated in some way, then
  • Step S203 Encrypt the new data with a cryptographic code encryption algorithm at a time to obtain a physical part of the original data.
  • the unresolved "one time and one confusing codebook" encryption algorithm is used to encrypt the reassembled data, thereby improving the security of the original data.
  • the embodiment of the present invention simultaneously outputs and saves the correspondence relationship between the new data and the source data, the source data and the original data, and the correspondence relationship between the new data and the key into the logical part of the original data.
  • an embodiment of the present invention provides a key generation method for a one-time chaos codebook encryption algorithm, and the steps are as follows:
  • Step S601 Generate a true random number of a predetermined length and a random seed of a predetermined length formed by a true random array according to a preset method
  • Step S602 Randomly collecting data from the random seed multiple times, and merging each collected data into a true random data string not less than the plaintext length;
  • Step S603 Generate a true random key of the same length as the plaintext by using the true random data string.
  • the true random data string may be selected as the true random key for encryption; when the length of the true random data string is greater than the length of the plaintext, the random start of the true random data string Position traversing the true random data string to select a data string of the same length as the plaintext to generate a true random key. If the data string of the same length as the plaintext has not been selected at the end of the true random data string, return to the true random data string header to continue. Select until you select a data string that is as long as the plain text.
  • a method of generating a random key used for encryption of a codebook at a time in the embodiment of the present invention is provided below, but the scope of protection of the present invention is not limited to this implementation.
  • the generated true random key is fixed length, that is, equal to the plaintext length.
  • m, n, l, p are all natural numbers, where m is the length of the random seed, / is the length of the random key required to be generated (equal to the length of the plaintext), and p is the data bit already generated in the random key
  • ⁇ _ ⁇ is the number of bits of the uncollected data remaining in the random key.
  • the random seed is collected for n times of random data. If the data is collected to the end of the random string, the data is collected back to the random seed head, and the data collected each time is cascaded into a true random number of predetermined length/bit.
  • the data string that is, the true random key (/ is equal to the length of the plaintext).
  • the starting cursor position and the collected data length (which can be greater than or equal to 0) for each data acquisition are random.
  • T2 R2 mod( l -p)
  • mod is a modulo operation.
  • the true random key corresponding to the kth plaintext is re k (k is a natural number), then re k is equal to the sequential combination of the n randomly collected data from the random seed of the predetermined length, recorded from the random seed
  • the data collected by i times is (Cur s , Cur e ) i , where Cur s is the starting cursor position of the i-th collected data in the random seed, and accordingly Cur e is the ending cursor position of the i-th collected data, Cur p Cur e is identified by the offset from the random seed head.
  • Cur p Cur e is an integer greater than or equal to 0 and less than or equal to m, and Cur e is greater than or equal to Cur s .
  • Cur e is equal to Cur s
  • the data is collected. The number of bits is 0.
  • the data collected in the i-th time is the data between Cur s and Cur e in the random seed of the specified length.
  • re k can be expressed as:
  • a key generation method for determining a random number of random data with a fixed number of data may be used, that is, n is determined, / is uncertain; indefinite data acquisition times fixed length random key generation Method, that is, n is indefinite, / is deterministic; indefinite data acquisition times are indefinitely long, random key generation methods, that is, n and / are indefinite; random key pair is random.
  • the restoration of the data physical part to the source data of the cloud storage data center end protected by the traditional encryption method is theoretically reversible.
  • the technical solution proposed by the present invention can realize the irreversible reduction of the physical part of the data to the source data of the cloud storage data center end that is protected, that is, it cannot be cracked.
  • the logical part information of the original data includes the correspondence between the source data and the new data in the content reorganization and the plaintext (new data after the content reorganization) ) Correspondence with random keys.
  • the logical part information of the original data includes the correspondence between the source data and the new data and the correspondence between the plaintext (new data after content reorganization) and the random key.
  • the correspondence information between the source data and the new data to be saved is mainly:
  • each new data needs to be collected 100 times (that is, data is collected once for each corresponding source data when generating new data), that is to say, generating 1MB of new data requires 600B of physical space to store new data and source data. Correspondence relationship.
  • the physical space occupied by the correspondence between the plaintext (new data after content reorganization) and the random key is as follows:
  • each cursor bit occupies a physical space of no more than 4 bytes (Byte), so each time the data acquisition cursor expression needs to occupy a physical space of no more than 8 bytes, then 100 times of acquisition, that is, 800 bytes. Therefore, after 1MB of source data is randomly reorganized by data content and converted by a cryptographic code encryption method, a physical space of about 1 400 B is needed to store the logical part information of the source data, and further calculation is available, and the logical part information of the source data is obtained.
  • the ratio of physical space occupied by the source data is approximately 1: 7 30. Since the source data is decomposed by the original data, the proportion of the relative physical space occupied by the logical part of the original data is smaller.
  • the design object of the present invention can be achieved by the above content recombination and one-time encryption code method encryption, that is, the data is reasonably converted and transformed into a physical part and a logical part of the original data, wherein the physical part The occupied physical space is large, and the logical part occupies less physical space.
  • the physical part of the original data cannot be restored to the original data alone without the logical part of the original data.
  • the data block formed after the conversion of the original data is subjected to de-reprocessing, content recombination and encryption processing, so that the original part of the data cannot be separately restored on the premise that the physical part of the original data has no logical part information of the original data.
  • the logical portion of the original data occupies a small space of 4, thereby realizing control of the entire data by controlling the logical portion of the data occupying a small physical space, and then storing the logical portion and the physical portion of the original data separately. Reaching the goal of users using cloud storage services to save local storage space while maintaining control of all their data.
  • the embodiment of the present invention After receiving the external access request for the original data, the embodiment of the present invention first acquires a logical part corresponding to the original data to be accessed, and restores the physical part of the original data to the original data, and then according to the predetermined cloud storage service. Access protocols, such as authentication, paid billing records, etc., and the acquired logical portion retrieves the corresponding physical portion from the cloud storage data center where the physical portion of the original data is to be accessed, and then, based on the information stored in the logical portion of the original data obtained, The physical part of the retrieved original data is aggregated and restored to the accessed original data, and the restored original data is handed over to the external access request, thereby realizing the restoration of the data retrieval.
  • Access protocols such as authentication, paid billing records, etc.
  • the invention converts the original data to be stored into data blocks to form a physical part of the original data, and restores the physical part of the original data to a logical part of the original data information, and the physical part of the original data is in the absence of the logical part of the original data. , can not be restored to the original data, and then the physical part of the original data is stored in the cloud storage data center, the logical part of the original data is saved and controlled by the user, and the physical part is controlled by controlling the physical part occupying a small space.
  • the physical part of the original data occupies a large space, thereby realizing the user's control over the data possessed, and ensuring the security and privacy of the user data, and achieving the purpose of saving physical storage space.

Abstract

The present invention particularly discloses a method for controlling cloud storage data, which belongs to the field of cloud storage data security technology. The method includes the steps: the original data to be stored are transformed to an irreversible data block by a preset way, to form the physical part of the original data, which is then stored in a cloud storage data center; the necessary information, for data restoring in the procedure of transforming the original data to the physical part, is output as the logical part of the original data, which is then stored and controlled by user. With the present invention, the original data to be stored are transformed to the physical part, the logical part for restoring the physical part to the original data information is output, the physical part is stored in the cloud storage data center, and the logical part is controlled by user. Therefore, the invention can control the physical part of data occupying the larger physical space by controlling the logical part occupying the smaller physical space, and performs the control on the owned data.

Description

一种云存储数据控制的方法  Cloud storage data control method
技术领域 Technical field
本发明属于云存储数据安全技术领域, 特别涉及一种云存储数据 控制的方法。  The invention belongs to the field of cloud storage data security technologies, and in particular relates to a method for cloud storage data control.
背景技术 Background technique
数据已经被证明是企业重要资产之一, 数据的高速增长使企业面 临前所未有的挑战。 同时, 瞬息万变的世界经济形势和激烈竟争带来 的成本压力, 使企业不得不考虑如何以降低 IT成本, 应对企业不断增 长的存储需求。  Data has proven to be one of the company's key assets, and the rapid growth of data has made companies face unprecedented challenges. At the same time, the ever-changing world economic situation and the cost pressures of fierce competition have forced companies to consider how to reduce IT costs and respond to the growing storage needs of enterprises.
现有的存储架构可以划分为两种: 一种是由一方专有的架构, 如 Existing storage architectures can be divided into two types: one is a proprietary architecture, such as
DAS (direct attached storage, 直接附力口存储), SAN (Storage Area Network, 存储区网络) 和网络接入存储服务器 ( Network access server, NAS) 等。 这类存储体系由一方独占使用, 可以提供给用户很 好的控制权, 更好的可靠性和性能, 但是其扩展性较差, 不适用于大 规模部署; 用户在这种模式下也很难灵活使用存储预算, 需要一次性 地投入购买存储设备, 随着存储容量的增加, 成本控制也将面临挑战。 DAS (direct attached storage, direct attached storage), SAN (Storage Area Network) and network access storage (NAS). This kind of storage system is used exclusively by one party, which can provide users with good control, better reliability and performance, but its scalability is poor, and it is not suitable for large-scale deployment; users are also difficult in this mode. Flexible use of storage budgets requires a one-time investment in storage devices, and as storage capacity increases, cost control will also face challenges.
另一种是多方共享架构, 即云存储架构。 按照其服务范畴的不同, 分为私有云 ( private cloud ) 和公共云 ( public cloud ) 。 云存储的 体系结构基于网络技术( internet和 intranet ) , 为用户提供存储空 间按需购买、 租赁和按需配置服务, 该服务通常由第三方或企业内第 三方部门提供包括存储设备和专门维护人员。 通过该存储服务, 企业 或企业内各部门可以大幅降低其内部存储器的需求和相应管理成本, 以平衡急剧上升的存储需求和企业成本压力。 以上所提存储的使用方 可以是个人、 企业, 甚至企业内的部门或者分支机构等。  The other is a multi-party shared architecture, the cloud storage architecture. According to the scope of its services, it is divided into private cloud and public cloud. The cloud storage architecture is based on network technologies (internet and intranet) that provide storage space for on-demand purchase, lease, and on-demand provisioning services, typically provided by third parties or third-party departments within the enterprise, including storage devices and dedicated maintenance personnel. . Through this storage service, organizations or departments within the enterprise can significantly reduce their internal storage requirements and corresponding management costs to balance the sharply rising storage demands and corporate cost pressures. The users of the above mentioned storage may be individuals, enterprises, or even departments or branches within the enterprise.
然而, 云存储无论是哪种运作模式 (私有云和公共云) , 数据所 有者都不可避免对其数据的安全和隐私抱有顾虑。 而这种数据安全和 隐私的风险主要来源于将数据交付第三方保管后, 其对所有数据控制 权的丧失, 即数据可以不需要数据所有者授权便可以被访问、 拷贝、 移动、 改写等。 However, regardless of the mode of operation of cloud storage (private and public), data owners are inevitably concerned about the security and privacy of their data. And this data is safe and The risk of privacy mainly comes from the loss of control over all data after the data is delivered to a third party, that is, the data can be accessed, copied, moved, rewritten, etc. without the authorization of the data owner.
现有的云存储安全解决方案大都是针对云存储数据中心的, 如通 过数据加密进行保护 ( 记载于 US 2008/0083036 Off-Premise Encryption of Data Storage, US 2008/0080718 Data Security in an Off-Premise Environment 以 及 US 2008/0081613 Rights Management in a Cloud文献中 ) , 虚拟化及更完善的权限控制和认证 机制 (记载于 US 2008/0081613 Rights Management in a Cloud, US 2009/ 0228950 Self-Describing Authorization Pol icy for Accessing Cloud-based Resources及 US 2007/0039053 Security Server in the Cloud文献中)。 上述方法在一定程度上增强了数据所有者对数据的保 护力度, 但这些方法并没有从根本上解决数据所有者对其所有数据的 控制问题。 通常情况下, 由于用户无法参与云存储服务数据中心的管 理, 一旦用户将其数据交给云存储服务提供商保存后, 其数据的所有 权就脱离了用户控制的范围。  Existing cloud storage security solutions are mostly targeted at cloud storage data centers, such as data encryption (documented in US 2008/0083036 Off-Premise Encryption of Data Storage, US 2008/0080718 Data Security in an Off-Premise Environment And US 2008/0081613 Rights Management in a Cloud literature), virtualization and improved access control and authentication mechanisms (described in US 2008/0081613 Rights Management in a Cloud, US 2009/ 0228950 Self-Describing Authorization Polic for Accessing Cloud-based Resources and US 2007/0039053 Security Server in the Cloud literature). The above methods have enhanced the data owner's protection of data to a certain extent, but these methods have not fundamentally solved the data owner's control over all of its data. Usually, because users cannot participate in the management of the cloud storage service data center, once the user passes their data to the cloud storage service provider for storage, the ownership of the data is out of the scope of user control.
以公共云为例, 用户将数据完全存放在云存储服务数据中心端后, 其数据很有可能和他的竟争对手的数据存放在一起, 数据所有者无法 错误或者职业操守等原因导致的数据泄漏。  Taking the public cloud as an example, after the user completely stores the data in the data center of the cloud storage service, the data is likely to be stored with the data of his competitors. The data owner cannot be wrong or the data caused by professional ethics. leakage.
虽然加密在一定程度上通过用户的密钥保护了数据的控制权, 但 值得注意的是, 因未解决密钥占用空间过大的问题, 现有云存储数据 保护所使用的数据加密技术尚无法应用 "一次一密乱码本" 的加密算 法, 因此现有使用在云存储服务中的数据加密技术在理论上都无法证 明是不可逆的, 即在一定条件下, 如拥有足够的计算能力和足够的时 间, 其加密所得的密文都可以被还原成明文或部分明文。 具体内容可 见机械工业出版社 2003年 3月 1 日出版的 《应用密码学协议、 算法与 C源程序》 第 6、 12页。 换言之, 随着解密技术的不断进步, 解密硬件的价格快速下降和 性能不断上升, 仅通过加密密钥是无法保证云存储用户对其所有数据 控制权的完全掌控, 或者说虽然用户把握加密密钥, 但是仍无法阻止 其存储在云存储数据中心端的数据被非法破解和未授权使用。 Although encryption protects the data control by the user's key to a certain extent, it is worth noting that the data encryption technology used by the existing cloud storage data protection cannot be solved due to the problem that the key occupation space is too large. Applying the encryption algorithm of "one time, one confusing codebook", the existing data encryption technology used in cloud storage services cannot theoretically prove to be irreversible, that is, under certain conditions, such as having sufficient computing power and sufficient At the time, the encrypted ciphertext can be restored to plain text or partial plaintext. The specific content can be found in the "Application Cryptography Protocol, Algorithm and C Source Program" published by the Machinery Industry Press on March 1, 2003, pages 6 and 12. In other words, with the continuous advancement of decryption technology, the price of decryption hardware is rapidly declining and performance is rising. It is impossible to guarantee the full control of all data control by cloud storage users only through the encryption key, or even if the user grasps the encryption key. However, it still cannot prevent the data stored on the cloud storage data center from being illegally cracked and unauthorized.
总之, 现有云存储服务方案都无法避免用户在将数据移出其控制 范围 (多是本地) 以节省本地的存储空间的同时, 保持其对所有数据 的控制权的问题, 然而后者通常是用户在选择云存储服务时的主要顾 虑。  In summary, existing cloud storage service solutions cannot prevent users from moving their data out of their control (mostly local) to save local storage space while maintaining control over all data, but the latter is usually the user. The main concern when choosing a cloud storage service.
发明内容 Summary of the invention
本发明的目的在于提供一种云存储数据控制的方法, 旨在解决现 有云存储技术无法避免用户将其所有的数据移出其控制范围后仍然保 持对其所有的数据的控制的问题。  It is an object of the present invention to provide a method of cloud storage data control that is directed to solving the problem that existing cloud storage technologies cannot prevent the user from maintaining control of all of their data after moving all of its data out of its control range.
本发明提供了一种云存储数据控制的方法, 该方法包括:  The invention provides a method for cloud storage data control, the method comprising:
将待存储原始数据以预置方式转换为不可逆的数据块, 形成所述 原始数据的物理部分, 并保存于云存储数据中心;  Converting the original data to be stored into an irreversible data block in a preset manner, forming a physical part of the original data, and storing the data in the cloud storage data center;
输出将所述原始数据转换为所述物理部分过程中用于数据还原所 必要的信息, 作为所述原始数据的逻辑部分, 将所述原始数据的逻辑 部分保存并由用户控制。  Outputting the raw data into information necessary for data restoration in the physical portion process, as a logical portion of the original data, storing the logical portion of the original data and being controlled by a user.
本发明通过将待存储原始数据转换为物理部分, 并输出物理部分 还原成原始数据信息的逻辑部分, 将物理部分存储在云存储数据中心, 将逻辑部分保存并由用户控制, 从而实现通过控制物理上占用空间较 小的逻辑部分控制了物理上占用空间较大的数据的物理部分, 实现了 对所拥有数据的控制。  The invention converts the original data to be stored into a physical part, and outputs the physical part to the logical part of the original data information, stores the physical part in the cloud storage data center, saves the logical part and controls by the user, thereby realizing the control of the physical The logical part occupying a small space controls the physical part of the data that physically takes up a large space, and realizes the control of the owned data.
附图说明 DRAWINGS
图 1是本发明实施例提供的云存储数据控制的方法流程图; 图 2 是本发明实施例提供的将待存储原始数据转换为数据块形成 原始数据的物理部分的方法流程图; 图 3是本发明实施例提供的对源数据进行顺序重组的原理示意图; 图 4是本发明实施例提供的对源数据进行随机重组的方法流程图; 图 5是本发明实施例提供的对源数据进行随机重组的原理示意图; 图 6 是本发明实施例提供的生成一次一密乱码本所用密钥的方法 流程图; 1 is a flowchart of a method for controlling cloud storage data according to an embodiment of the present invention; FIG. 2 is a flowchart of a method for converting physical data to be stored into data blocks to form physical parts of original data according to an embodiment of the present invention; 3 is a schematic diagram of a principle for reorganizing source data according to an embodiment of the present invention; FIG. 4 is a flowchart of a method for randomly reorganizing source data according to an embodiment of the present invention; FIG. FIG. 6 is a schematic flowchart of a method for generating a key used in a cryptographic codebook according to an embodiment of the present invention;
图 7是本发明实施例提供的对数据进行采集的方法示意图。  FIG. 7 is a schematic diagram of a method for collecting data according to an embodiment of the present invention.
具体实施方式 detailed description
为了使本发明的目的、 技术方案及优点更加清楚明白, 以下结合附 图及实施例, 对本发明进行进一步详细说明。 应当理解, 此处所描述的 具体实施例仅仅用以解释本发明, 并不用于限定本发明。  In order to make the objects, the technical solutions and the advantages of the present invention more comprehensible, the present invention will be further described in detail below with reference to the accompanying drawings. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
本发明通过将待存储的原始数据转换转化为物理部分, 并输出物理 部分还原成原始数据信息的逻辑部分, 将物理部分存储在云存储数据 中心, 将逻辑部分保存并由用户控制, 从而实现通过控制物理上占用 空间较小的逻辑部分控制了物理上占用空间较大的数据的物理部分, 实现了对所拥有数据的控制。  The invention converts the original data to be stored into a physical part, and outputs the physical part to the logical part of the original data information, stores the physical part in the cloud storage data center, saves the logical part and controls by the user, thereby realizing The control of the physical part that takes up less space controls the physical part of the data that physically takes up a large space, and realizes the control of the owned data.
参见图 1 , 本发明实施例提供了一种云存储数据控制的方法, 该方法 包括如下步骤:  Referring to FIG. 1, an embodiment of the present invention provides a method for controlling cloud storage data, where the method includes the following steps:
步骤 S 101 : 将待存储原始数据以预置方式转换为不可逆的数据块, 形成原始数据的物理部分;  Step S101: Convert the original data to be stored into an irreversible data block in a preset manner to form a physical part of the original data;
物理部分为原始数据所占据物理空间的真实表达, 是一组数据块, 因计算机存储介质只能接受 Q,l值, 所以表现为一串 0,1值, 它通常由 原始数据经过技术手段转化过来(如使用本发明所提供的方法), 转换后 的数据在无原始数据的逻辑部分信息的情况下, 无论有多少计算能力和 多少时间, 都无法还原成原始数据, 因此原始数据的物理部分不可逆; 步骤 S 102 : 输出将原始数据转换为物理部分过程中用于数据还原 所必要的信息, 作为原始数据的逻辑部分;  The physical part is the real expression of the physical space occupied by the original data. It is a set of data blocks. Because the computer storage medium can only accept Q, l values, it is represented by a string of 0, 1 values, which is usually transformed by the original data through technical means. Come over (as with the method provided by the present invention), the converted data cannot be restored to the original data, no matter how much computing power and time, without the logical part information of the original data, so the physical part of the original data Irreversible; Step S102: outputting information necessary for data restoration in converting the original data into a physical part, as a logical part of the original data;
本发明实施例中, 原始数据的逻辑部分包括原始数据的物理部分还 原成原始数据的信息, 即原始数据由哪些数据块组成, 原始数据的物理 部分的实际表现形式以及其他还原成原始数据的所需信息, 该部分信息 所占物理空间不大, 但却是原始数据的物理部分还原成原始数据不可或 缺的部分; 此外, 根据存储的需要, 原始数据的逻辑部分还包括原始数 据的属性、 访问权限和校验值 (如 MD5值, 验证取回数据内容的准确性) 信息; In the embodiment of the present invention, the logical part of the original data includes the physical part of the original data. The original data, that is, which data blocks are composed of the original data, the actual representation of the physical part of the original data, and other required information to be restored to the original data, which is not a large physical space, but is primitive. The physical part of the data is restored to the indispensable part of the original data; in addition, according to the storage needs, the logical part of the original data also includes the attributes of the original data, access rights and check values (such as MD5 values, verifying the retrieval of the data content) Accuracy) information;
步骤 S103: 将原始数据的物理部分存放于云存储数据中心; 本发明实施例中, 存储原始数据的物理部分的云存储服务数据中心 的数量不受限制, 可以是一个, 也可以是多个; 此外, 本发明实施例还 可以根据云存储数据中心返回的结果, 通知数据存储成功或失败的信息; 步骤 S104 : 将原始数据的逻辑部分保存, 并由用户控制;  Step S103: The physical part of the original data is stored in the cloud storage data center. In the embodiment of the present invention, the number of the cloud storage service data center that stores the physical part of the original data is not limited, and may be one or multiple; In addition, the embodiment of the present invention may further notify the data storage success or failure according to the result returned by the cloud storage data center; Step S104: save the logical part of the original data, and be controlled by the user;
原始数据的逻辑部分存储于用户控制范围内的存储服务器, 如本地 某服务器, 也可以存储于用户可随身携带的存储介质, 还可以存储于不 同于存储原始数据的物理部分的云存储数据中心或服务器。  The logical part of the original data is stored in a storage server within the scope of the user control, such as a local server, or may be stored in a storage medium that the user can carry with him, or may be stored in a cloud storage data center different from the physical part storing the original data or server.
本发明实施例中, 当用户选定某个待存储的原始数据存放到指定的 云存储数据中心后, 设定数据的备份归档策略与计划, 该原始数据被按 照设定的备份归档策略与计划转换转化为逻辑部分和物理部分。  In the embodiment of the present invention, after the user selects a certain original data to be stored and stores it in the designated cloud storage data center, the backup archiving strategy and plan of the data are set, and the original data is configured according to the set backup archiving strategy and plan. The conversion is converted to a logical part and a physical part.
当原始数据转换完成之后, 将原始数据的物理部分按照设定的云存 储服务访问协定, 如认证, 付费账单记录等发送给指定的云存储数据中 心进行保存, 将原始数据的逻辑部分保存, 并由用户控制。  After the original data conversion is completed, the physical part of the original data is sent to the designated cloud storage data center according to the set cloud storage service access agreement, such as authentication, payment billing record, etc., and the logical part of the original data is saved, and Controlled by the user.
由于在没有原始数据的逻辑部分的前提下, 原始数据的物理部分不 能被还原成原始数据, 或者说原始数据的物理部分在没有原始数据的逻 辑部分信息的前提下只是无意义的 0、 1字符串, 无法解读和使用, 从而 在分开保存后实现了通过对原始数据的逻辑部分的控制, 达到了对整个 数据的控制。  Since there is no logical part of the original data, the physical part of the original data cannot be restored to the original data, or the physical part of the original data is only meaningless 0, 1 character without the logical part of the original data. Strings, which cannot be interpreted and used, thus achieve control over the entire data by controlling the logical part of the original data after being saved separately.
参见图 2 ,本发明实施例提供了一种将待存储原始数据转换为数据块 形成原始数据的物理部分的方法, 该方法包括如下步骤: 个数据块, 并去重后形成源数据; Referring to FIG. 2, an embodiment of the present invention provides a method for converting a raw data to be stored into a data block to form a physical part of the original data, where the method includes the following steps: Data blocks, and de-weighted to form source data;
数据去重技术 (data deduplication) 已经在业界被广泛应用, 这 里不再赘述;  Data deduplication has been widely used in the industry and will not be repeated here;
步骤 S202: 对每个源数据进行内容重组后, 形成新数据;  Step S202: After content reorganization of each source data, new data is formed;
本发明实施在对每个源数据进行内容重组可以采用数据内容顺序重 组的方法, 也可以采用数据内容随机重组的方法;  The method of the present invention can adopt the method of sequentially reorganizing the data content in the content reorganization of each source data, or the method of randomly reorganizing the data content;
数据内容顺序重组方法包括: 按预置的固定顺序排列规则, 采集每 个源数据中处于相同位置的数据; 将采集的数据按顺序进行组合, 形 成新数据; 例如, 将分组排列好的指定的 n个 m位源数据进行纵向重组 形成 m个 n位新数据, 即完成了对分组后的源数据的内容进行顺序重组, 如图 3所示;  The data content order reorganization method comprises: arranging rules in a fixed order of presets, collecting data in the same position in each source data; combining the collected data in order to form new data; for example, arranging the specified groups by grouping The n m-bit source data is vertically reorganized to form m n-bit new data, that is, the sequence reorganization of the content of the grouped source data is completed, as shown in FIG. 3;
数据内容随机重组方法包括如下步骤, 如图 4所示:  The data content random reorganization method includes the following steps, as shown in Figure 4:
步骤 S301:按预置的数据重组规则遍历待形成新数据对应的源数据; 步骤 S302: 按预置的数据采集规则从源数据中采集数据;  Step S301: traversing the source data corresponding to the new data according to the preset data recombination rule; Step S302: collecting data from the source data according to the preset data collection rule;
步骤 S303: 将采集的数据按顺序进行组合, 形成新数据;  Step S303: Combine the collected data in order to form new data;
数据内容随机重组的具体实现方法, 参见图 5, 假定原始数据经过转 换, 得到一串源数据即源数据 2—源数据 i, 将该原始数据对应的全部或 部分源数据与其他源数据一起组成了一组待重组的源数据;  The specific implementation method of random reorganization of data content, see FIG. 5, assumes that the original data is converted, and obtains a series of source data, that is, source data 2 - source data i, and all or part of the source data corresponding to the original data is combined with other source data. a set of source data to be reorganized;
假如设定指定组中的 n个 f 位源数据重组为 m个 g位新数据, 每个 新数据对应 p个源数据( 1 p n, p过大会影响性能, 过小会影响安全 性 ) , 每个源数据对应 r个新数据( 1 r m )。 在构造新数据的过程中, 从每个源数据中采集数据 u次, 每次取 V位 (l v f ) ;  If the n f-bit source data in the specified group is reorganized into m g-bit new data, each new data corresponds to p source data (1 pn, p too large affects performance, too small will affect security), The source data corresponds to r new data (1 rm ). In the process of constructing new data, data is collected from each source data u times, each time taking V bits (l v f );
标识第 i个源数据为 sdi, 第 k个新数据为 tdk。 这里 m, n, p, r, i, k都是自然数, u,v是大于等于 0的整数, p, u, V都是真随机数; Identifies the i-th source data as sdi and the k-th new data as td k . Where m, n, p, r, i, k are all natural numbers, u, v are integers greater than or equal to 0, p, u, V are all true random numbers;
其详细构造过程如下: 在构造第 k个新数据 ( tdk) 时, 首先遍历其 对应的 p个源数据, 从每个源数据中采集 U次, 每次采集 V位数据。 第 k 个新数据从第 i个源数据中第(1次(1 (1 1)采集出的数据标识为 Extiq k ( siq, eiq) , 其中 siq为随机产生的数据采集的起始游标位置, eiq为随机 产生的数据采集的终止游标位置, siq, eiq都是自然数, 且 siq eiq, 如果 siq=eiq, 那么说明该次数据采集的位数是 0, 显然 v= eiq-siq+l。 将采集出 来的数据按照顺序组合起来就是所需构建的新数据。 表示为: The detailed construction process is as follows: When constructing the kth new data (td k ), first traverse its corresponding p source data, collect U times from each source data, and collect V-bit data each time. The kth new data is identified from the i-th source data (1 (1 1) data is identified as Ext iq k ( s iq , e iq ), where s iq is a randomly generated data collection Starting cursor position, e iq is random The end cursor position of the generated data acquisition, s iq , e iq are natural numbers, and s iq e iq , if s iq =e iq , then the number of bits of the data acquisition is 0, obviously v= e iq -s Iq +l. Combining the collected data in order is the new data that needs to be built. Expressed as:
tdk = ( Extn ( Sn, en ) , Extn ( ) , ···, Extpu k ( ) ) 。 同时每次数据采集过后, 同步生成源数据和新数据之间的对应关系。 假 设从 sdi中第 q次采集了 V位数据, 即 Extiq k ( siq,eiq) , 放置在 tdk中相 应位置(在将该采集数据放置在 tdk中便可以计算出),记 sdi采集的 V位 数据对应 tdk中数据位为 Rxt kq ( Skq, ©kq ) , 其中 skq为该采集数据在 tdk 中对应的起始游标位置, ekq为该采集数据在 tdk中对应的终止游标位置, Skq, ©kq都是自然数, 且 skq ekq, 如果 那么说明该次数据采集的 位数是 0, 进一步分析可知, 源数据 sdi可以通过反向采集其对应新数据 的指定数据位顺序组合而成, 即 Tdk = ( Extn ( Sn, en ) , Extn ( ) , ···, Ext pu k ( ) ) . At the same time, after each data collection, the correspondence between the source data and the new data is synchronously generated. Suppose the q-th sdi from the collected data bits V, i.e. Ext iq k (s iq, e iq), placed in corresponding positions td k (in the acquired data is placed in the can calculate td k) is denoted V-bit data acquisition sdi td corresponding data bits k is Rxt kq (Skq, © kq) , wherein s kq for acquiring data corresponding to the starting cursor position k td, e kq for the acquired data in td k Corresponding termination cursor position, Skq, ©kq are natural numbers, and s kq e kq , if it is said that the number of digits of the data acquisition is 0, further analysis shows that the source data sdi can collect its corresponding new data by reverse Specify the order of the data bits, that is,
sdi = ( Rxtn1 ( Sn, en ) , Rxt^1 ( Si2, Qn ) , ··· , Rxtj-u1 ( ) ) 同理, 在构建第 k+1个新数据时, 遍历该第 k+1个新数据对应的源 数据, 按照上述方法进行采集, (所采集的数据与之前采集过的数据不 能重复, 即源数据中数据不许重复被采集) , 依此类推, 直至所有源数 据重组完成, 并同时生成所有新数据和所有源数据与新数据的对应关系。 Sdi = ( Rxtn 1 ( Sn, en ) , Rxt^ 1 ( Si 2 , Qn ) , ··· , Rxtj-u 1 ( ) ) Similarly, when constructing the k+1th new data, traversing the kth The source data corresponding to +1 new data is collected according to the above method. (The collected data cannot be duplicated with the previously collected data, that is, the data in the source data cannot be repeatedly collected), and so on, until all source data is reorganized. Complete, and generate all new data and all source data and new data correspondence.
上述方法中, 每个源数据和重组后的新数据可以定长也可以不定长, 且 p, U, V都可以是变量, 即每次新数据构造时它们都可以不同; 需要 说明的是, p, u, V真随机数生成的方法, 机械工业出版社 2003年 3月 1 日出版的《应用密码学协议、 算法与 C源程序》第 301页中给出了多种 产生真随机数的方法, 如使用随机噪声, 使用计算机时钟, CPU负载, 网 络数据包到达次数等方法, 这里不再赘述。 假设用某种方法已经生成了 三个真随机数 Rl, R2, R3, 那么  In the above method, each source data and the recombined new data may be fixed length or indefinite length, and p, U, V may be variables, that is, each time new data is constructed, they may be different; p, u, V true random number generation method, Mechanical Industry Press, March 1, 2003, "Application Cryptography Protocol, Algorithm and C Source Program", page 301, gives a variety of real random numbers. Methods, such as using random noise, using computer clock, CPU load, network packet arrival times, etc., will not be described here. Suppose that some true random numbers Rl, R2, R3 have been generated in some way, then
p = Rl mod n  p = Rl mod n
u = R2 mod w  u = R2 mod w
v = R3 mod f '  v = R3 mod f '
其中, ¾/是取模运算, w是指定的 u的最大取值, Γ 是源数据中 剩余的未被采集数据位数; Where 3⁄4/ is the modulo operation, w is the maximum value of the specified u, Γ is in the source data The remaining number of uncollected data bits;
步骤 S203 : 用一次一密乱码本加密算法对新数据加密, 得到原始数 据的物理部分。  Step S203: Encrypt the new data with a cryptographic code encryption algorithm at a time to obtain a physical part of the original data.
本发明实施例对源数据进行内容重组后, 运用不可破解的 "一次一 密乱码本" 加密算法对重组后的数据进行加密, 更加提高了原始数据的 安全性。  After the content data is reorganized in the embodiment of the present invention, the unresolved "one time and one confusing codebook" encryption algorithm is used to encrypt the reassembled data, thereby improving the security of the original data.
本发明实施例在上述步骤 S 203之后, 还同时输出并保存新数据与源 数据、 源数据与原始数据的对应关系信息、 新数据与密钥的对应关系信 息至原始数据的逻辑部分中。  After the foregoing step S203, the embodiment of the present invention simultaneously outputs and saves the correspondence relationship between the new data and the source data, the source data and the original data, and the correspondence relationship between the new data and the key into the logical part of the original data.
参见图 6 ,本发明实施例提供了一次一密乱码本加密算法的密钥生成 方法, 其步骤如下:  Referring to FIG. 6, an embodiment of the present invention provides a key generation method for a one-time chaos codebook encryption algorithm, and the steps are as follows:
步骤 S601 : 根据预置方法生成预定长度的真随机数和由真随机数组 成的预定长度的随机种子;  Step S601: Generate a true random number of a predetermined length and a random seed of a predetermined length formed by a true random array according to a preset method;
步骤 S602 : 从随机种子中多次随机采集数据, 将每次采集的数据级 联成不小于明文长度的真随机数据串;  Step S602: Randomly collecting data from the random seed multiple times, and merging each collected data into a true random data string not less than the plaintext length;
步骤 S603 : 利用真随机数据串生成与明文等长的真随机密钥。  Step S603: Generate a true random key of the same length as the plaintext by using the true random data string.
当真随机数据串的长度等于明文的长度时, 可以选择该真随机数据 串作为用于加密的真随机密钥; 当真随机数据串的长度大于明文的长度 时, 从真随机数据串的随机起始位置遍历真随机数据串选取与明文等长 的数据串生成真随机密钥, 如果已至真随机数据串尾部尚没有选取到与 明文等长的数据串, 则回到真随机数据串头部继续选取, 直至选取到与 明文等长的数据串为止。  When the length of the true random data string is equal to the length of the plaintext, the true random data string may be selected as the true random key for encryption; when the length of the true random data string is greater than the length of the plaintext, the random start of the true random data string Position traversing the true random data string to select a data string of the same length as the plaintext to generate a true random key. If the data string of the same length as the plaintext has not been selected at the end of the true random data string, return to the true random data string header to continue. Select until you select a data string that is as long as the plain text.
以下提供一种生成本发明实施例一次一密乱码本加密所用的随机密 钥的方法, 但是本发明的保护范围不限于此实现。  A method of generating a random key used for encryption of a codebook at a time in the embodiment of the present invention is provided below, but the scope of protection of the present invention is not limited to this implementation.
本实现中, 生成的真随机密钥是定长的, 即等于明文长度。  In this implementation, the generated true random key is fixed length, that is, equal to the plaintext length.
以下所述 m、 n、 l、 p都是自然数, 其中, m是随机种子的长度, /是 所需产生随机密钥的长度(等于明文长度), p是随机密钥中已经产生的 数据位数, ί _ρ就是随机密钥剩余未采集数据的位数。 首先生成预定长度 m位的真随机数 0, 1 串和由真随机数组成的预定 长度的随机种子, 并将其存储进行存储; The following m, n, l, p are all natural numbers, where m is the length of the random seed, / is the length of the random key required to be generated (equal to the length of the plaintext), and p is the data bit already generated in the random key The number, ί _ρ is the number of bits of the uncollected data remaining in the random key. First, a true random number 0, 1 string of a predetermined length m bits and a random seed of a predetermined length composed of a true random number are generated and stored for storage;
其次对该随机种子做预定 n次的随机数据采集, 如果数据采集至随 机串尾部, 则回到该随机种子头部继续数据采集, 将每次采集的数据级 联成预定长度 /位的真随机数据串, 即真随机密钥(/等于明文的长度)。  Secondly, the random seed is collected for n times of random data. If the data is collected to the end of the random string, the data is collected back to the random seed head, and the data collected each time is cascaded into a true random number of predetermined length/bit. The data string, that is, the true random key (/ is equal to the length of the plaintext).
每次数据采集前, 先产生两个真随机数, 后对这两个真随机数分别 取模, 得到随机数据采集需要的起始游标位置和所需采集的数据长度。  Before each data acquisition, two true random numbers are generated first, and then the two true random numbers are respectively modulo, and the starting cursor position and the required data length required for random data acquisition are obtained.
每次数据采集的起始游标位置和采集的数据长度(可以大于等于 0 ) 都是随机的。  The starting cursor position and the collected data length (which can be greater than or equal to 0) for each data acquisition are random.
假定在数据采集前, 生成了两个真随机数 M, R2 , 那么现在需要产 生两个分别小于 m和 /-Ρ的随机值 Tl、 Τ2 , 那么,  Assuming that two true random numbers M, R2 are generated before data acquisition, then it is now necessary to generate two random values Tl, Τ2 which are less than m and /-Ρ, respectively, then
Tl = Rl mod m  Tl = Rl mod m
T2 = R2 mod( l -p)  T2 = R2 mod( l -p)
其中, mod是取模运算。  Among them, mod is a modulo operation.
参见图 7 , 记第 k个明文对应的真随机密钥为 r ek (k是自然数), 那 么 rek 等于从预定长度随机种子中 n次随机采集的数据的顺序组合, 记 从随机种子中第 i次采集的数据为(Curs, Cure) i , 其中 Curs为第 i次采集 数据在随机种子中起始游标位置, 相应地 Cure为第 i次采集数据的终止 游标位置, Cur p Cure都以从随机种子头的偏移量标识,可见 Cur p Cure 都是大于等于 0 , 小于等于 m的整数, 且 Cure大于等于 Curs , 当 Cure等 于 Curs时,数据采集的位数为 0。 那么第 i次采集的数据为指定长度随机 种子中 Curs 到 Cure之间的数据。 进一步, rek可以表达为: Referring to Figure 7, the true random key corresponding to the kth plaintext is re k (k is a natural number), then re k is equal to the sequential combination of the n randomly collected data from the random seed of the predetermined length, recorded from the random seed The data collected by i times is (Cur s , Cur e ) i , where Cur s is the starting cursor position of the i-th collected data in the random seed, and accordingly Cur e is the ending cursor position of the i-th collected data, Cur p Cur e is identified by the offset from the random seed head. It can be seen that Cur p Cur e is an integer greater than or equal to 0 and less than or equal to m, and Cur e is greater than or equal to Cur s . When Cur e is equal to Cur s , the data is collected. The number of bits is 0. Then the data collected in the i-th time is the data between Cur s and Cur e in the random seed of the specified length. Further, re k can be expressed as:
rek = [ (Curs, Cure) i , (Curs, Cure) 2, .... (Curs, Cure) i , .... (Curs, Cure) n] k Re k = [ (Cur s , Cur e ) i , (Cur s , Cur e ) 2 , .... (Cur s , Cur e ) i , .... (Cur s , Cur e ) n ] k
以上仅是一种实现方法, 此外, 还可以使用定数据采集次数不定长 随机密钥的密钥生成方法, 即 n是确定的, /是不确定的; 不定数据采集 次数定长随机密钥生成方法, 即 n是不定的, /是确定的; 不定数据采集 次数不定长随机密钥生成方法, 即 n和 /都是不定的; 随机密钥对随机密 钥做预定次数运算后再加密明文等方法。 The above is only one implementation method. In addition, a key generation method for determining a random number of random data with a fixed number of data may be used, that is, n is determined, / is uncertain; indefinite data acquisition times fixed length random key generation Method, that is, n is indefinite, / is deterministic; indefinite data acquisition times are indefinitely long, random key generation methods, that is, n and / are indefinite; random key pair is random The method of encrypting the plaintext after the key is calculated by a predetermined number of times.
生成上述真随机密钥后即用其对内容重组后的新数据进行加密, 从 而可以实现了以 "一次一密乱码本" 的方法对数据进行加密的目的。  After generating the above-mentioned true random key, it encrypts the new data after the content is reorganized, thereby realizing the purpose of encrypting the data by the method of "one time, one secret codebook".
由于传统云存储数据加密方法尚无应用 "一次一密乱码本" 加密算 法的先例, 所以传统加密方法所保护的云存储数据中心端的数据物理部 分到源数据的还原在理论上都是可逆的, 而本发明所提出的该技术方案 则可以实现其所保护的云存储数据中心端的数据物理部分到源数据的还 原不可逆, 即不可破解。  Since the traditional cloud storage data encryption method has no precedent for applying the "one-time-one-time codebook" encryption algorithm, the restoration of the data physical part to the source data of the cloud storage data center end protected by the traditional encryption method is theoretically reversible. However, the technical solution proposed by the present invention can realize the irreversible reduction of the physical part of the data to the source data of the cloud storage data center end that is protected, that is, it cannot be cracked.
为了进一步阐明本发明的可行性, 现对原始数据的逻辑部分所占用 的物理空间分析如下:  To further clarify the feasibility of the present invention, the physical space occupied by the logical portion of the original data is analyzed as follows:
一、 顺序重组方法下原始数据的逻辑部分所占用的物理空间分析 该方法中, 原始数据的逻辑部分信息包括内容重组中源数据和新数 据之间的对应关系及明文 (内容重组后的新数据) 与随机密钥的对应关 系。  First, the physical space analysis of the logical part of the original data under the sequential reorganization method. In the method, the logical part information of the original data includes the correspondence between the source data and the new data in the content reorganization and the plaintext (new data after the content reorganization) ) Correspondence with random keys.
假定需要对数个大小 1MB 去重后的数据块进行内容重组和加密, 加 密函数使用异或运算 (需要随机密钥的长度与明文相等) , 每个随机密 钥生成需要随机采集数据 100次。  It is assumed that a plurality of sizes of 1 MB deduplicated data blocks need to be reorganized and encrypted, and the encryption function uses an exclusive OR operation (the length of the random key is required to be equal to the plaintext), and each random key generation needs to randomly collect data 100 times.
因顺序重组中源数据与新数据的排列是有规律的, 所以它们之间的 对应关系实际上占用的物理空间可以忽略, 只要记录下源数据和新数据 的排列顺序即可。  Since the arrangement of the source data and the new data in the sequential reorganization is regular, the physical space occupied by the correspondence between them can be neglected, as long as the order of the source data and the new data is recorded.
下面对用 "一次一密乱码本" 加密后明文与随机密钥对应关系所占 用空间分析:  The following is an analysis of the space occupied by the correspondence between plaintext and random keys after encrypting with "one-time-one-time codebook":
假定现需要产生长度 8M ( =8, 000, 000 )位的密钥加密 1MB (也是 8M 位) 的数据。 所使用的随机种子的大小是 1Gbit, 即 1000, 000, 000位随 机 0,1 串, 设定每个随机密钥的生成需随机采集数据 100次, 即 n=100。  Assume that it is now necessary to generate a data length of 8M (=8, 000, 000) to encrypt 1MB (also 8M bits) of data. The size of the random seed used is 1Gbit, that is, 1000, 000, 000 bits of random 0, 1 string. To set the generation of each random key, it is necessary to randomly collect data 100 times, that is, n=100.
那么, 每个游标位占用物理空间不大于 4个字节 (Byte ) , 所以每 次数据采集游标表达需要占用物理空间不大于 8个字节, 那么采集 100 次, 就是 800个字节, 即不超过 1024字节 (=1KB) 。 所以, 每 1MB源数据经过数据内容随机重组和一次一密乱码本加密 方法转换后, 需要大概 800B的物理空间存放该源数据的逻辑部分信息, 进一步计算可得, 该源数据的逻辑部分信息与源数据占用物理空间比大 致是 1: 1250。 因源数据是原始数据分解去重而得, 所以原始数据逻辑部 分信息占用的相对物理空间比例更小。 Then, each cursor bit occupies a physical space of no more than 4 bytes (Byte), so each time the data acquisition cursor expression needs to occupy a physical space of no more than 8 bytes, then 100 times of acquisition, that is, 800 bytes, that is, no More than 10 24 bytes (=1KB). Therefore, after 1 MB of source data is randomly reorganized by data content and converted by a cryptographic code encryption method, a physical space of about 800 B is required to store the logical part information of the source data, and further calculation is available, and the logical part information of the source data is The source data occupies a physical space ratio of approximately 1:1250. Since the source data is decomposed by the original data, the proportion of the relative physical space occupied by the logical part of the original data is smaller.
二、 随机重组方法下数据逻辑部分占用空间分析  Second, the spatial analysis of the logical part of the data under the random reorganization method
同顺序重组方法, 原始数据的逻辑部分信息包括源数据和新数据之 间的对应关系及明文 (内容重组后的新数据) 与随机密钥的对应关系。  In the same order recombination method, the logical part information of the original data includes the correspondence between the source data and the new data and the correspondence between the plaintext (new data after content reorganization) and the random key.
关于对保存源数据与新数据之间对应关系所占用的物理空间分析: 对应于每个源数据的还原, 所需保存的源数据和新数据之间对应关 系信息主要是:  Regarding the physical space analysis occupied by the correspondence between the saved source data and the new data: Corresponding to the restoration of each source data, the correspondence information between the source data and the new data to be saved is mainly:
sdi = ( Rxtn1 ( Sn, en ) , Rxt^1 ( s12, e12 ) ,… , Rx ίΓυ' ( ) ) 如果源数据和重组后的新数据大小都是 1MB, 即源数据和新数据等 长, 可以计算出每个新数据中游标 (即 skq或 ekq, 其中 skq为该采集数据 在 tdk中对应的起始游标位置, ekq为该采集数据在 tdk中对应的终止游标 位置) 占用的物理空间不大于 3B, 所以上面对应关系中每个对应数据在 tdk起始和终止游标占用的物理空间不大于 6B。 每个新数据的生成需要采 集 100次(即生成新数据时对每个对应的源数据采集一次数据), 那么也 就是说, 生成 1MB的新数据需要 600B的物理空间存放新数据与源数据的 对应关系。 Sdi = ( Rxtn 1 ( Sn, en ) , Rxt^ 1 ( s 12 , e 12 ) ,... , Rx ί Γυ ' ( ) ) If the source data and the recombined new data size are both 1MB, ie source data and new data length can be calculated for each new data cursor (i.e. s kq or e kq, wherein s kq td k corresponds to the data acquisition for the initial cursor position, e kq td k corresponds to the data acquired for the The termination of the cursor position) The occupied physical space is not greater than 3B, so the physical space occupied by each corresponding data in the corresponding relationship at td k start and end cursors is not greater than 6B. The generation of each new data needs to be collected 100 times (that is, data is collected once for each corresponding source data when generating new data), that is to say, generating 1MB of new data requires 600B of physical space to store new data and source data. Correspondence relationship.
在一次一密乱本加密方法下, 明文 (内容重组后的新数据) 与随机 密钥的对应关系所占用的物理空间如下:  Under the one-time encryption method, the physical space occupied by the correspondence between the plaintext (new data after content reorganization) and the random key is as follows:
假定现需要产生长度 8M (=8, 000, 000 )位的密钥加密 1MB (也是 8M 位) 的数据。 所使用的随机种子的大小是 1Gbit, 即 1000, 000, 000位随 机 0,1 串, 设定每个随机密钥的生成需随机采集数据 100次, 即 n=100。  Assume that it is now necessary to generate a data length of 8M (= 8,000, 000) to encrypt 1MB (also 8M bits) of data. The size of the random seed used is 1Gbit, that is, 1000, 000, 000 bits of random 0, 1 string. To set the generation of each random key, it is necessary to randomly collect data 100 times, that is, n=100.
那么, 每个游标位占用物理空间不大于 4个字节 (Byte) , 所以每 次数据采集游标表达需要占用物理空间不大于 8个字节, 那么采集 100 次, 就是 800个字节。 所以, 每 1MB源数据经过数据内容随机重组和一次一密乱码本加密 方法转换后, 需要大概 1 400B的物理空间存放该源数据的逻辑部分信息, 进一步计算可得, 该源数据的逻辑部分信息与源数据占用物理空间比大 致是 1 : 7 30。 因源数据是原始数据分解去重而得, 所以原始数据逻辑部 分信息占用的相对物理空间比例更小。 Then, each cursor bit occupies a physical space of no more than 4 bytes (Byte), so each time the data acquisition cursor expression needs to occupy a physical space of no more than 8 bytes, then 100 times of acquisition, that is, 800 bytes. Therefore, after 1MB of source data is randomly reorganized by data content and converted by a cryptographic code encryption method, a physical space of about 1 400 B is needed to store the logical part information of the source data, and further calculation is available, and the logical part information of the source data is obtained. The ratio of physical space occupied by the source data is approximately 1: 7 30. Since the source data is decomposed by the original data, the proportion of the relative physical space occupied by the logical part of the original data is smaller.
需要指出的是, 以上两种方法数据逻辑部分占用物理空间的计算未 计入所用随机种子占用物理空间 (因为它是一次性开销, 为所有待加密 数据所共用) 。 进一步可以看出, 通过以上内容重组及一次一密乱码本 方法加密, 可以实现本发明的设计目的, 即将数据做合理转换和转化, 使之转换为原始数据的物理部分和逻辑部分, 其中物理部分占用物理空 间较大, 逻辑部分占用物理空间较小。  It should be pointed out that the calculation of the physical space occupied by the logical part of the above two methods does not count the physical space occupied by the random seed used (because it is a one-time overhead, shared by all data to be encrypted). It can be further seen that the design object of the present invention can be achieved by the above content recombination and one-time encryption code method encryption, that is, the data is reasonably converted and transformed into a physical part and a logical part of the original data, wherein the physical part The occupied physical space is large, and the logical part occupies less physical space.
以上两种实现中, 原始数据的物理部分, 在没有原始数据的逻辑部 分的前提下, 是无法单独地还原成原始数据的。  In the above two implementations, the physical part of the original data cannot be restored to the original data alone without the logical part of the original data.
因为, 一次一密乱码本加密算法无论计算机多么强大, 都是不可以 破解的,见机械工业出版社出版的《应用密码学协议、算法与 C源程序》, 第 6、 1 2页;  Because, once a chaotic codebook encryption algorithm, no matter how powerful the computer, can not be cracked, see "Application Cryptography Protocol, Algorithm and C Source Program" published by Mechanical Industry Press, pages 6, 12;
其次, 即便密码分析者通过无数次尝试得到了一个可疑明文, 因在 一次一密乱码本加密算法体系下, 所有明文都是等概的, 所有密钥都是 随机的且只使用一次, 密码分析者无法断定哪些是正确的明文, 因为在 数据加密和传输前, 所有数据内容已经被重组过, 所以所获得的所谓 "可 疑" 明文也是无法被正确解读的。  Secondly, even if the cryptanalyst obtains a suspicious plaintext through countless attempts, all the plaintexts are equal in the one-time encryption code encryption algorithm system. All keys are random and used only once, cryptanalysis It is impossible to determine which is the correct plaintext, because all data content has been reorganized before data encryption and transmission, so the so-called "suspicious" plaintext obtained cannot be correctly interpreted.
总之, 通过以上方法, 原始数据的物理部分无法单独地还原成原始 数据的。  In summary, through the above method, the physical part of the original data cannot be restored to the original data separately.
对原始数据的转换后形成的数据块, 经过去重处理、 内容重组及加 密处理, 更使得对原始数据的物理部分在没有原始数据的逻辑部分信息 的前提下是无法单独地还原数据的原始内容, 而原始数据的逻辑部分所 占用的空间 4艮小, 从而实现了通过控制占用物理空间较小的数据逻辑部 分控制整个数据, 进而通过将原始数据的逻辑部分和物理部分分开存放, 达到用户在采用云存储服务以节省本地存储空间的目的同时, 保持了对 其所有数据的控制权。 The data block formed after the conversion of the original data is subjected to de-reprocessing, content recombination and encryption processing, so that the original part of the data cannot be separately restored on the premise that the physical part of the original data has no logical part information of the original data. The logical portion of the original data occupies a small space of 4, thereby realizing control of the entire data by controlling the logical portion of the data occupying a small physical space, and then storing the logical portion and the physical portion of the original data separately. Reaching the goal of users using cloud storage services to save local storage space while maintaining control of all their data.
本发明实施例当收到外部对原始数据的访问请求后, 首先获取与所 要访问的原始数据相对应的、 保存了原始数据的物理部分还原成原始数 据的逻辑部分, 然后根据预定的云存储服务访问协定, 如认证, 付费账 单记录等及所获取的逻辑部分从存储所要访问原始数据物理部分的云存 储数据中心取回相应物理部分, 之后, 根据所获取的原始数据的逻辑部 分保存的信息, 将所述取回的原始数据的物理部分聚合还原成访问的原 始数据, 并将还原后的原始数据交给外部访问请求, 从而实现了数据取 回的还原。  After receiving the external access request for the original data, the embodiment of the present invention first acquires a logical part corresponding to the original data to be accessed, and restores the physical part of the original data to the original data, and then according to the predetermined cloud storage service. Access protocols, such as authentication, paid billing records, etc., and the acquired logical portion retrieves the corresponding physical portion from the cloud storage data center where the physical portion of the original data is to be accessed, and then, based on the information stored in the logical portion of the original data obtained, The physical part of the retrieved original data is aggregated and restored to the accessed original data, and the restored original data is handed over to the external access request, thereby realizing the restoration of the data retrieval.
本发明通过将待存储原始数据转换为数据块, 形成原始数据的物理 部分, 输出原始数据的物理部分还原成原始数据信息的逻辑部分, 原始 数据的物理部分在无原始数据的逻辑部分的情况下, 无法还原成原始数 据, 进而将原始数据的物理部分存储于云存储数据中心, 将原始数据的 逻辑部分保存并由用户控制, 实现了通过控制物理上占用空间较小的逻 辑部分控制了物理上占用空间较大的原始数据的物理部分, 从而实现了 用户对所拥有的数据的控制, 在保证了用户数据的安全性和私密性的同 时, 又达到了节省物理存储空间的目的。  The invention converts the original data to be stored into data blocks to form a physical part of the original data, and restores the physical part of the original data to a logical part of the original data information, and the physical part of the original data is in the absence of the logical part of the original data. , can not be restored to the original data, and then the physical part of the original data is stored in the cloud storage data center, the logical part of the original data is saved and controlled by the user, and the physical part is controlled by controlling the physical part occupying a small space. The physical part of the original data occupies a large space, thereby realizing the user's control over the data possessed, and ensuring the security and privacy of the user data, and achieving the purpose of saving physical storage space.
以上所述仅为本发明的较佳实施例而已, 并不用以限制本发明, 凡 在本发明的精神和原则之内所作的任何修改、 等同替换和改进等, 均应 包含在本发明的保护范围之内。  The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the protection of the present invention. Within the scope.

Claims

权 利 要 求 书 Claim
1、 一种云存储数据控制的方法, 其特征在于, 所述方法包括: 将待存储原始数据以预置方式转换为不可逆的数据块, 形成所述 原始数据的物理部分, 并保存于云存储数据中心; A cloud storage data control method, the method comprising: converting raw data to be stored into an irreversible data block in a preset manner, forming a physical part of the original data, and saving the cloud data in a cloud storage data center;
输出将所述原始数据转换为所述物理部分过程中用于数据还原所 必要的信息, 作为所述原始数据的逻辑部分, 将所述原始数据的逻辑 部分保存并由用户控制。  Outputting the raw data into information necessary for data restoration in the physical portion process, as a logical portion of the original data, storing the logical portion of the original data and being controlled by a user.
2、 如权利要求 1所述的云存储数据控制的方法, 其特征在于, 所 述原始数据的物理部分是一串计算机可读的不具备所述原始数据特征 的 0、 1值; 所述原始数据的物理部分不可逆。  2. The method of cloud storage data control according to claim 1, wherein the physical portion of the original data is a string of computer readable values of 0, 1 that do not have the original data features; The physical part of the data is irreversible.
3、 如权利要求 1所述的云存储数据控制的方法, 其特征在于, 所 述原始数据的逻辑部分包括所述原始数据的属性、 访问权限及校验值 信息。  3. The method of cloud storage data control according to claim 1, wherein the logical portion of the original data includes attributes, access rights, and check value information of the original data.
4、 如权利要求 1所述的云存储数据控制的方法, 其特征在于, 所 述原始数据的逻辑部分保存于可随身携带的存储介质中, 或者保存于 本地服务器, 或者保存于不同于存储所述原始数据的物理部分的服务 器。  The method for controlling cloud storage data according to claim 1, wherein the logical portion of the original data is stored in a storage medium that can be carried around, or stored in a local server, or stored in a storage device different from the storage device. A server that describes the physical part of the original data.
5、 如权利要求 1所述的云存储数据控制的方法, 其特征在于, 所 述将待存储原始数据以预置方式转换为不可逆的数据块, 形成所述原 始数据的物理部分的步骤具体包括: 并去重后形成源数据;  The method for controlling the cloud storage data according to claim 1, wherein the step of converting the original data to be stored into an irreversible data block in a preset manner, and forming the physical portion of the original data comprises: : and then form the source data after de-duplication;
对每个源数据进行内容重组, 形成新数据;  Reorganize the content of each source data to form new data;
用一次一密乱码本加密算法对每个新数据加密, 得到所述原始数 据的物理部分。  Each new data is encrypted with a one-time scribble code encryption algorithm to obtain the physical portion of the original data.
6、 如权利要求 5所述的云存储数据控制的方法, 其特征在于, 所 述对每个源数据进行内容重组, 形成新数据的步骤具体包括:  The method for controlling the data storage of the cloud according to claim 5, wherein the step of reorganizing the content of each source data to form new data comprises:
按预置的固定顺序排列规则, 采集每个源数据中处于相同位置的 数据; Arrange the rules in a fixed order of presets, and collect the same position in each source data. Data
将所述采集的数据按顺序进行组合, 形成新数据。  The collected data is combined in order to form new data.
7、 如权利要求 5所述的云存储数据控制的方法, 其特征在于, 所 述对每个源数据进行内容重组, 形成新数据的步骤具体包括:  The method for controlling the cloud storage data according to claim 5, wherein the step of reorganizing the content of each source data to form new data comprises:
按预置的数据重组规则遍历待形成新数据对应的源数据; 按预置的数据采集规则从所述源数据中采集数据;  Traversing the source data corresponding to the new data according to the preset data recombination rule; collecting data from the source data according to the preset data collection rule;
将所述采集的数据按顺序进行组合, 形成新数据。  The collected data is combined in order to form new data.
8、 如权利要求 5所述的云存储数据控制的方法, 其特征在于, 所 述用一次一密乱码本加密算法对每个新数据加密的步骤具体包括: 根据预置方法生成并存储预定长度的真随机数和由所述真随机数 组成的预定长度的随机种子;  The method for controlling the cloud storage data according to claim 5, wherein the step of encrypting each new data by using the one-time encryption code encryption algorithm comprises: generating and storing a predetermined length according to a preset method a true random number and a random seed of predetermined length consisting of the true random number;
从所述随机种子中多次随机采集数据, 将每次采集的数据级联成 不小于明文长度的真随机数据串;  Collecting data randomly from the random seed multiple times, and merging each collected data into a true random data string not less than the plaintext length;
根据所述真随机数据串, 生成与明文等长的真随机密钥; 用所述真随机密钥对每个新数据加密。  Generating, according to the true random data string, a true random key that is equal in length to the plaintext; encrypting each new data with the true random key.
9、 如权利要求 8所述的云存储数据控制的方法, 其特征在于, 所 述用所述真随机密钥对每个新数据加密的步骤还包括:  The method for controlling cloud storage data according to claim 8, wherein the step of encrypting each new data with the true random key further comprises:
输出并保存所述新数据与源数据、 所述源数据与所述原始数据、 所述新数据与真随机密钥的对应关系信息到所述原始数据的逻辑部  Outputting and saving the new data and the source data, the source data and the original data, and the correspondence relationship between the new data and the true random key to the logic of the original data
PCT/CN2010/079332 2010-11-29 2010-12-01 Method for controlling cloud storage data WO2012071720A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/999,273 US8595512B2 (en) 2010-11-29 2010-12-01 Data control method of cloud storage

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010566288.0 2010-11-29
CN2010105662880A CN102065129A (en) 2010-11-29 2010-11-29 Cloud storage data control method

Publications (1)

Publication Number Publication Date
WO2012071720A1 true WO2012071720A1 (en) 2012-06-07

Family

ID=44000228

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/079332 WO2012071720A1 (en) 2010-11-29 2010-12-01 Method for controlling cloud storage data

Country Status (2)

Country Link
CN (1) CN102065129A (en)
WO (1) WO2012071720A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102611711A (en) * 2012-04-09 2012-07-25 中山爱科数字科技股份有限公司 Cloud data safe storing method

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080080718A1 (en) * 2006-09-29 2008-04-03 Microsoft Corporation Data security in an off-premise environment

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080080718A1 (en) * 2006-09-29 2008-04-03 Microsoft Corporation Data security in an off-premise environment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
BRUCE SCHNEIER: "Applied Cryptography: protocols, algorithms, and source code in C", CHINA MACHINE PRESS, May 2000 (2000-05-01) *

Also Published As

Publication number Publication date
CN102065129A (en) 2011-05-18

Similar Documents

Publication Publication Date Title
US8595512B2 (en) Data control method of cloud storage
WO2012071728A1 (en) Data encryption method, apparatus and system for cloud storage
US8401186B2 (en) Cloud storage data access method, apparatus and system based on OTP
Li et al. Secure deduplication with efficient and reliable convergent key management
Chen et al. BL-MLE: Block-level message-locked encryption for secure large file deduplication
Blasco et al. A tunable proof of ownership scheme for deduplication using bloom filters
WO2012071717A1 (en) Data encryption and decryption method and device
WO2012071718A1 (en) Method, apparatus and system for storing and retreving data of cloud storage
US8737606B2 (en) Method and system for high throughput blockwise independent encryption/decryption
WO2012071725A1 (en) Method and apparatus for data selective encryption and decryption
WO2012071722A1 (en) Storage method, device and system for cloud storage data based on one-time pad (otp)
WO2012071714A1 (en) Data encryption and decryption method and device
WO2012071712A1 (en) Method, device and system for accessing cloud storage data
US8156168B2 (en) Method and system for data security
CN104809407A (en) Method and system for encrypting, decrypting and verifying cloud storage front end data
CN113221155B (en) Multi-level and multi-level encrypted cloud storage system
US7802102B2 (en) Method for efficient and secure data migration between data processing systems
AU2018321922A1 (en) Cryptographic systems and methods for extending apparent size of pools of truly random numbers
CN110750796A (en) Encrypted data duplication removing method supporting public audit
US11901917B1 (en) Systems, methods and computer program products including features of transforming data involving a secure format from which the data is recoverable
US20120136836A1 (en) Cloud Storage Data Storing and Retrieving Method, Apparatus and System
CN106850211A (en) A kind of encryption method and system based on MAC Address
Mendonca Data security in cloud using AES
Gupta et al. Enhancement of Cloud Security and removal of anti-patterns using multilevel encryption algorithms.
CN104394161A (en) Algorithm reconstruction mechanism based secret key transmission method and system

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 12999273

Country of ref document: US

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10860219

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10860219

Country of ref document: EP

Kind code of ref document: A1