WO2020140626A1 - Salt-based data possession verification method and terminal device - Google Patents

Salt-based data possession verification method and terminal device Download PDF

Info

Publication number
WO2020140626A1
WO2020140626A1 PCT/CN2019/118156 CN2019118156W WO2020140626A1 WO 2020140626 A1 WO2020140626 A1 WO 2020140626A1 CN 2019118156 W CN2019118156 W CN 2019118156W WO 2020140626 A1 WO2020140626 A1 WO 2020140626A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
stored
target node
target
digest
Prior art date
Application number
PCT/CN2019/118156
Other languages
French (fr)
Chinese (zh)
Inventor
雷琼
郑映锋
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2020140626A1 publication Critical patent/WO2020140626A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Definitions

  • the present application belongs to the field of computer application technology, and particularly relates to a salt value-based data possession verification method, terminal device, and computer non-volatile readable storage medium.
  • the node that stores the data can modify or delete the stored data after saving the data summary, so that when the data is all verified for data possession, the saved data can be directly
  • the abstract is sent to the terminal of the data owner for verification, and the verification process of the data owner is deceived by forging the data summary, and the reliability of data integrity verification cannot be guaranteed.
  • the embodiments of the present application provide a salt value-based data possession verification method, terminal device, and computer non-volatile readable storage medium, to solve the problem of integrity of stored data in verification fragments in the prior art The problem of low reliability during sex.
  • the first aspect of the embodiments of the present application provides a salt value-based data possession verification method, including:
  • the target node is a node that stores the source data
  • the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data;
  • a second aspect of an embodiment of the present application provides a terminal device, including a memory, a processor, and computer-readable instructions stored in the memory and executable on the processor, and the processor executes the computer
  • the following steps are realized when the instructions are readable:
  • the target node is a node that stores the source data
  • the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data;
  • a third aspect of the embodiments of the present application provides a terminal device, including:
  • a first summary unit for randomly generating a salt value, and generating a first data summary according to the salt value and the source data held by the data owner;
  • a sending unit configured to send the salt value to a target node;
  • the target node is a node that stores the source data;
  • a second summary unit configured to receive a second data summary sent by the target node; the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data;
  • the verification unit is configured to compare the first data digest with the second data digest, and verify whether the stored data stored by the target node is complete according to the comparison result.
  • a fourth aspect of the embodiments of the present application provides a computer nonvolatile readable storage medium.
  • the computer storage medium stores computer readable instructions.
  • the computer readable instructions include program instructions. When the processor executes, the processor is caused to execute the method of the first aspect.
  • a salt value is randomly generated, a first data summary is generated according to the salt value and the source data stored locally, and then the salt value is sent to the target node storing the source data, and the target node according to the stored data and The second data summary obtained by calculating the salt value, and finally comparing the first data summary with the second data summary, and determining whether the data stored by the target node is complete according to the comparison result, by adding salinity to the original data and the stored data And perform data summary.
  • the data summary is also accompanied by a certain degree of randomness, and the storage node cannot retain the data summary of the original data, ensuring the reliability of data integrity verification and improving P2P The security and integrity of the data stored by the nodes.
  • FIG. 1 is a flowchart of a salt value-based data possession verification method provided in Embodiment 1 of the present application;
  • FIG. 2 is a flowchart of a salt value-based data possession verification method provided by Embodiment 2 of the present application;
  • FIG. 3 is a schematic diagram of a terminal device provided in Embodiment 3 of this application.
  • FIG. 4 is a schematic diagram of a terminal device provided in Embodiment 4 of the present application.
  • FIG. 1 is a flowchart of a salt value-based data possession verification method provided in Embodiment 1 of the present application.
  • the execution subject of the data possession verification method based on the salt value is a terminal.
  • Terminals include but are not limited to mobile terminals such as smart phones, tablet computers, and wearable devices, and may also be desktop computers.
  • the salt value-based data possession verification method may include the following steps:
  • S101 Randomly generate a salt value, and generate a first data summary according to the salt value and the source data held by the data owner.
  • Peer-to-peer Peer to Peer, P2P
  • P2P Peer to Peer
  • This embodiment is mainly directed to the problem of data integrity, because in many cases, we store data with a large amount of data in a P2P node, and the node cannot guarantee the security, privacy and integrity of the data, but is complete Sex is a more important data attribute than privacy. If integrity is threatened, our data processing system will not have a complete and safe data operation foundation, and P2P nodes are vulnerable to attacks or storage and processing. In the event of a failure, the integrity of the data in the P2P node currently storing the source data needs to be detected in a timely manner. By adding the salinity value to the data in the P2P node, it is verified whether the data stored in the current node is the same as the source data, and whether the original data is completely stored. In this scheme, the source data is used to represent the initial data, that is, the standard data for data storage. These data are stored in the local server, used to compare these data with the data stored in the P2P node, and verify the P2P node. Data integrity.
  • the data owner is used to represent the owner and user of the source data.
  • the data owner can process the data and send the data, but because of the large amount of source data, the data owner will All data is sent to other storage nodes. Therefore, in this solution, the storage node is the node used to store the source data of all the data winners.
  • salt refers to inserting a specific string at any fixed position of the password to let the hashed result and the original password be scattered. The results do not match, this process is called adding salt.
  • a field is hashed, for example, the MD5 algorithm
  • a hash value is generated, and the hashed value is generally unable to obtain the original field through a specific algorithm.
  • searching the MD5 value in the table it is possible to find the real field content corresponding to the hash value in a very short time.
  • the hashed value after salting can greatly reduce the risk of password leakage caused by the theft of user data. Even though the original content corresponding to the hashed value is found through the rainbow table, but because of the salting, The inserted character string disturbs the real password, which greatly reduces the probability of obtaining the real password.
  • the implementation process of salting is usually to add specific characters at specific positions of the field that needs to be hashed, to disrupt the original string, and to change the hash result generated by it.
  • the source data owned by the data owner is: x7faqgjw.
  • the result is 455e0e5c2bc109deae749e7ce0cdd397.
  • the hash result of short data is easily cracked by the rainbow table. Therefore, add a specific string at the end of the source data owned by the data owner: x7faqgjwabcdefghijklmnopqrstuvwxyz.
  • the number of source data digits after salt addition is longer, and the result of hashing has also changed: 4a1690d5eb6c126ef68606dda68c2f79.
  • the source data owned by the data owner can also be fixed and salted by inserting a specific number of digits, in reverse order, or by multiple methods, making the hash result less likely to be cracked or the original data. And can prevent the storage node from saving and denying the summary of the source data.
  • S102 Send the salt value to a target node; the target node is a node that stores the source data.
  • the salt value is sent to the target node.
  • the target node is a node that stores source data.
  • the average amount of data may be calculated according to the size of the source data.
  • the storage node stores the same amount of data, or it can be stored according to the data block or directory in the source data. Therefore, when there are at least two target nodes that store source data, the same salt value can be sent to each target node. This can ensure the efficiency of data integrity verification, but it cannot guarantee that the target nodes can communicate with each other. In the case of, other nodes will also obtain the same salt value, and then generate or compile the same data digest as the first data digest based on the modified stored data, and submit it to the data owner's expiration behavior.
  • S103 Receive a second data summary sent by the target node; the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data.
  • the target node After receiving the salt value sent by the terminal of the data owner, the target node generates a second data summary based on the current stored data corresponding to the source data and the received salt value, and sends the data summary to the data owner for processing terminal.
  • the target node may first add the salt value to the stored storage data to obtain the target data, and then generate the data summary according to the target data.
  • the way to generate the data digest can be through the message digest algorithm.
  • the main feature is that the encryption process does not require a key, and the encrypted data cannot be decrypted. Only the input of the same plaintext data through the same message digest algorithm can get the same ciphertext. .
  • the message digest algorithm has no key management and distribution problems and is suitable for use on distributed networks. Because the workload of encryption calculation is quite huge, the previous algorithm is usually only used for encryption when the amount of data is limited. For example, the password of the computer is encrypted with an irreversible encryption algorithm.
  • S104 Compare the first data summary with the second data summary, and verify whether the stored data stored by the target node is complete according to the comparison result.
  • the first data summary and the second data summary are compared to obtain a comparison result, and the stored data stored in the target node is verified based on the comparison result.
  • the process of comparing the first data digest and the second data digest if the first data digest and the second data digest are the same, it is determined that the storage data currently stored by the target node is complete; If the second data summary is different, it is determined that the storage data currently stored by the target node is incomplete or tampered.
  • a salt value is randomly generated, and a first data summary is generated based on the salt value and the source data held by the data owner; the salt value is sent to a target node; the target node stores the source A node of data; receiving a second data summary sent by the target node; the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data; the first The data summary is compared with the second data summary, and based on the comparison result, it is verified whether the stored data stored by the target node is complete.
  • FIG. 2 is a flowchart of a salt value-based data possession verification method provided in Embodiment 2 of the present application.
  • the execution subject of the data possession verification method based on the salt value is a terminal.
  • Terminals include but are not limited to mobile terminals such as smart phones, tablet computers, and wearable devices, and may also be desktop computers.
  • the salt value-based data possession verification method may include the following steps:
  • the salinity value in this scheme is randomly generated by the system, and only the system knows it. In this way, even if two nodes store the same data, because the system generates different salinity values for them, their hash values are also different. Even if a hacker can find a user with a specific password through his own password and the hash value generated by himself, this chance is too small.
  • ASCII American Standard Code for Information Interchange
  • the salt value in order to prevent an attacker from constructing a lookup table containing all possible salt values, the salt value must be sufficiently long.
  • the salt value is a randomly generated set of strings, which can include random upper and lower case letters, numbers, and characters. The number of digits can be different according to requirements.
  • a salt value equal to the string output by the hash function can be used.
  • the output of the Secure Hash Algorithm (SHA) is a string of 256 bits, then the salt value should also be at least 32 random byte.
  • S202 Combine the salt value with the source data held by the data owner to obtain target data.
  • Some storage node databases manage user IDs and passwords. Passwords exist in encrypted form such as MD5, but sometimes the database may be leaked and the data digest is obtained by the attacker. If the password corresponding to this data digest is a weak password, the hacker You can use this hash function HASH brute force cracking to obtain the IDs and passwords of other users and destroy the confidentiality of the data.
  • salt value that is, salinization
  • the salt value is a set of random character strings.
  • the hash algorithm is inserted after the password is inserted, so that even if the password is the same, the data digest generated after inserting different salt values is also different. Due to the irreversibility of MD5, I want to reverse Cracking MD5 is also very time-consuming.
  • the salt value is a randomly generated set of character strings, which can include random upper and lower case letters, numbers, and characters.
  • the final ciphertext produced using different salting values is different.
  • the specific combination method can be to add the salt value to the front or back of the source data, or to disassemble the salt value to obtain a piece of data, and add these data to the source data randomly. Get the target data.
  • S203 Generate a first data summary according to the target data.
  • a first data summary is generated according to the target data.
  • step S203 may specifically include steps S2031 to S2033:
  • the message is generally treated as a bit string.
  • the smallest unit is called a bit, 8 bits form a byte, and two bytes form a word.
  • the string "abc" is converted into a bit string of 01100001 01100010 01100011, and the string converted into a hexadecimal string is 0x616263.
  • S2032 Perform bit complement processing on the bit string to obtain a string with a preset number of digits, and add a character representing the length of the bit string to the string with a preset number of digits to obtain a target character string.
  • the length of the message is added at the end, and the length of the original message is added to the back of the message that has been filled. Specifies the use of 128-bit data to represent the length of the original message. In this way, the length of the processed message becomes a multiple of 1024.
  • the message In the data digest algorithm, the message must be complemented so that the remainder after the modulus is modulo 512 is 448, that is, the remainder after the complemented message length is divided by 512 is 448.
  • complementing the message first add a 1 to the back, and if it does not meet the requirements, then add 0 until the modulus remainder of 512 is 448. This means that at least one bit is filled, and the original message digits are 512n+447, at most 512 bits, and the original message digits are 512n+448.
  • the original information is 01100001 01100010 01100011; the first step of complementing, first fill one 1: 01100001 01100010 01100011 1; what can be determined is that if a byte is used to represent a character, after complementing 1, the condition will definitely not be met, and the supplement needs to continue.
  • the second step of padding zeros are added until the total length modulo 512 is 448.
  • 423 0s are filled to make the total length 448; the data after the padding is converted to hexadecimal.
  • the original message that is, the length of the binary digits before the complement operation is appended to the already complemented message.
  • a 64-bit data is usually used to represent the length of the original message. If the message length is not greater than 2 ⁇ 64, then the first word is 0. Then, the entire message is split into 512-bit data blocks M1, M2, ..., Mi, ..., Mn, and each data block Mi (1 ⁇ i ⁇ n) is processed separately to obtain a message digest.
  • S2033 Process the target character string according to a digest function to obtain the first data digest.
  • the data digest algorithm of this solution includes 80 64-bit constants, K0, K1, K2, ..., K79, where these constants are obtained by cube the first 80 prime numbers and take the first 64 of the fractional part Bit, used to eliminate the statistical law in the data during subsequent message digest calculation.
  • each function operates on 64-bit integers x, y, z, and produces 64-bit data as the result output after calculation.
  • the initialization operation needs to be performed first.
  • the eight 64-bit data is used as the algorithm initialization vector, which is the original input of the digest calculation, and is marked as H 0 , H 1 , H 2 , ..., H 7 .
  • Nine 64-bit spaces are used as intermediate variables during iteration, marked as A, B, C, D, E, F, G, H, I.
  • the initial value of H 0 , H 1 , H 2 , ..., H 7 is a fixed value, and the value is the first 8 prime numbers whose squared fractional part is converted into the first 64 bits of binary.
  • the 512-bit plaintext is divided into 16 32-bit long packets, denoted as M 0 , M 1 , M 2 , ..., M 10 ..., M 15 , and the packet is expanded to become 80 32-bit data blocks.
  • H 0 , H 1 , H 2 , ..., H 7 be added to At, Bt, Ct, Dt, Et, Ft, Gt, It respectively, and the result is stored in H 0 , H 1 , H 2 , ..., In H 7 , the calculation of the following 1024-bit message is used until the calculation of the last message block is completed, and the final 512-bit data result is the message digest calculated from the original message.
  • the role of salinity value is very important.
  • the system randomly generates a salinity value for the storage node and combines it with the data stored by the storage node, so that The storage data is highly random. Even if the storage node provides a data summary of the original data, the data summary generated by the storage node based on the storage data and the salinity value is also different due to the difference in the salinity value randomly generated by the system. In this way, the data holder can verify the integrity of the data stored by the storage node through the randomly generated salinity value, and improve the reliability of the verification process and verification results.
  • S204 Send the salt value to a target node; the target node is a node that stores the source data.
  • S204 is implemented in exactly the same way as S102 in the embodiment corresponding to FIG. 1.
  • S102 in the embodiment corresponding to FIG. 1
  • S204 is implemented in exactly the same way as S102 in the embodiment corresponding to FIG. 1.
  • S205 Receive a second data summary sent by the target node; the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data.
  • the P2P node that stores the source data is the target node, that is, the challenger.
  • the challenger can detect the completeness of the data stored by the challenger at any time by sending the same salinity value to the target node. After receiving the salinity value, the target node according to the stored data and The second data summary calculated from the salinity value.
  • S206 Compare the first data summary with the second data summary, and verify whether the stored data stored by the target node is complete according to the comparison result.
  • the two summaries are compared. If the two data summaries are the same, the data stored in the target node is determined to be complete. If the two data summaries are different, the target node is summarized. Of data is incomplete or has been tampered with. Further, when the first data summary and the second data summary are different, you can further directly view the data in the node, or you can directly replace the source data with the corresponding data in the node.
  • the first data digest is different from the second data digest, it is determined that the storage data currently stored by the target node is incomplete or tampered, and then may further include steps S2061 to S2062:
  • S2061 Obtain the currently stored storage data of the target node, and determine the reason for the change of the second data summary according to the storage data, and process the target node according to the cause of the change of the second data summary .
  • the storage data currently stored by the target node may be obtained, and the reason for the change in the second data summary may be determined according to the storage data.
  • the reasons for the change may include, but are not limited to, malicious deletion or modification of the storage node, failure of the storage node, such as hard disk damage, downtime, etc.
  • the target node is processed accordingly.
  • the data stored in the target node may be deleted, and the target node will not be enabled to store data in the future; if the target node is because If the change occurs in the second data summary caused by a hard disk damage or a downtime, after the operation of the target node returns to normal, the stored data may be sent to the target node again for storage.
  • step S2062 the source node can directly replace the currently stored storage data of the target node, continue to use the target node and the stored data stored in it, and can also add a series of security mechanisms, such as setting the target node
  • the processing authority for the stored data prevents the target node from deleting or modifying the stored data, thereby ensuring the security and integrity of the stored data.
  • a salt value is randomly generated according to a hash function algorithm; the salt value is combined with the source data held by the data owner to obtain target data; and a first data summary is generated according to the target data.
  • Randomly generate a salt value and generate a first data summary based on the salt value and the source data held by the data owner; send the salt value to a target node; the target node is a node that stores the source data; Receiving a second data summary sent by the target node; the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data; Compare the second data summary, and verify whether the stored data stored by the target node is complete according to the comparison result.
  • the data summary is also accompanied by a certain randomness, and the storage node cannot retain the data summary of the original data, ensuring the data
  • the reliability of integrity verification improves the security and integrity of data stored by P2P nodes.
  • FIG. 3 is a schematic diagram of a terminal device provided in Embodiment 3 of the present application.
  • Each unit included in the terminal device is used to execute each step in the embodiments corresponding to FIG. 1 to FIG. 2.
  • the terminal device 300 of this embodiment includes:
  • the first summary unit 301 is configured to randomly generate a salt value, and generate a first data summary according to the salt value and the source data held by the data owner;
  • the sending unit 302 is configured to send the salt value to a target node; the target node is a node that stores the source data;
  • the second summary unit 303 is configured to receive a second data summary sent by the target node; the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data;
  • the verification unit 304 is configured to compare the first data digest with the second data digest, and verify whether the stored data stored by the target node is complete according to the comparison result.
  • the first summary unit 301 may include:
  • the salt value generating unit is used to randomly generate a salt value according to the hash function algorithm
  • the data combining unit is used to combine the salt value with the source data held by the data owner to obtain target data;
  • the first summary generating unit is configured to generate a first data summary based on the target data.
  • the first summary generating unit may include:
  • a bit complementing unit used to perform bit complement processing on the bit character string to obtain a character string with a preset number of digits, and adding characters representing the length of the bit character string to the character string with a preset number of digits To get the target string;
  • the first generating unit is configured to process the target character string according to a summary function to obtain the first data summary.
  • the verification unit 304 may include:
  • a comparison unit configured to compare the first data summary with the second data summary
  • a first determining unit configured to determine that the stored data currently stored by the target node is complete if the first data digest and the second data digest are the same;
  • the second determining unit is configured to determine that the stored data currently stored by the target node is incomplete or tampered if the first data digest and the second data digest are different.
  • the terminal device may include:
  • a processing unit configured to obtain the stored data currently stored by the target node, and determine the cause of the change in the second data summary according to the stored data, and to the target according to the cause of the change in the second data summary Node for processing;
  • a data replacement unit is used to replace the stored data stored in the target node with the source data.
  • a salt value is randomly generated according to a hash function algorithm; the salt value is combined with the source data held by the data owner to obtain target data; and a first data summary is generated according to the target data.
  • Randomly generate a salt value and generate a first data summary based on the salt value and the source data held by the data owner; send the salt value to a target node; the target node is a node that stores the source data; Receiving a second data summary sent by the target node; the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data; Compare the second data summary, and verify whether the stored data stored by the target node is complete according to the comparison result.
  • the data summary is also accompanied by a certain randomness, and the storage node cannot retain the data summary of the original data, ensuring the data
  • the reliability of integrity verification improves the security and integrity of data stored by P2P nodes.
  • the terminal device 4 of this embodiment includes: a processor 40, a memory 41, and computer-readable instructions 42 stored in the memory 41 and executable on the processor 40.
  • the processor 40 executes the computer-readable instructions 42
  • the steps in the above embodiments of the salt value-based data possession verification method are implemented, for example, steps 101 to 104 shown in FIG. 1.
  • the processor 40 executes the computer-readable instructions 42
  • the functions of each module/unit in the foregoing device embodiments are realized, for example, the functions of the units 301 to 304 shown in FIG. 3.
  • the computer-readable instructions 42 may be divided into one or more modules/units, the one or more modules/units are stored in the memory 41, and executed by the processor 40, To complete this application.
  • the one or more modules/units may be a series of computer-readable instruction instruction segments capable of performing specific functions, and the instruction segments are used to describe the execution process of the computer-readable instructions 42 in the terminal device 4.
  • the terminal device 4 may be a computing device such as a desktop computer, a notebook, a palmtop computer and a cloud server.
  • the terminal device may include, but is not limited to, the processor 40 and the memory 41.
  • FIG. 4 is only an example of the terminal device 4 and does not constitute a limitation on the terminal device 4, and may include more or less components than the illustration, or a combination of certain components or different components.
  • the terminal device may further include an input and output device, a network access device, a bus, and the like.
  • the processor 40 may be a central processing unit (Central Processing Unit (CPU), can also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application-specific integrated circuits (Application Specific Integrated Circuit (ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components, etc.
  • the general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • the memory 41 may be an internal storage unit of the terminal device 4, such as a hard disk or a memory of the terminal device 4.
  • the memory 41 may also be an external storage device of the terminal device 4, such as a plug-in hard disk equipped on the terminal device 4, a smart memory card (Smart Media Card, SMC), and a secure digital (SD) Cards, flash cards (Flash Card, FC), etc.
  • the memory 41 may include both an internal storage unit of the terminal device 4 and an external storage device.
  • the memory 41 is used to store the computer-readable instructions and other programs and data required by the terminal device.
  • the memory 41 can also be used to temporarily store data that has been or will be output.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place or may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
  • the integrated module/unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a computer-readable storage medium.
  • this application implements all or part of the processes in the methods of the above embodiments, and can also be completed by instructing relevant hardware through computer-readable instructions, which can be stored in a computer non-volatile Readable storage medium.
  • Non-volatile memory may include read-only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
  • Volatile memory can include random access memory (RAM) or external cache memory.
  • RAM random access memory
  • DRAM dynamic RAM
  • SDRAM synchronous DRAM
  • DDRSDRAM double data rate SDRAM
  • ESDRAM enhanced SDRAM
  • SLDRAM synchronous chain (Synchlink) DRAM
  • RDRAM direct RAM
  • DRAM direct memory bus dynamic RAM
  • RDRAM memory bus dynamic RAM

Abstract

The present application is applicable to the technical field of computer applications, and provides a salt-based data possession verification method, a terminal device, and a computer non-volatile readable storage medium. The method comprises: by randomly generating a salt, generating a first data abstract according to the salt and source data stored in the local; then sending the salt to a target node storing the source data; calculating by the target node according to the data and salt stored in the target node so as to obtain a second data abstract; finally, comparing the first data abstract and the second data abstract, and determining whether data stored in the target node is complete according to a comparison result. Salt degree of the original data and the storage data is increased and abstracts thereof are extracted, and salts randomly generated by a system are different, so that data abstracts are random at a certain degree, and a storage node cannot retain the data abstract of the original data. Therefore, the reliability of data integrity verification is ensured, and the security and integrity of data stored by a peer-to-peer network (P2P) node are improved.

Description

基于盐值的数据持有性验证方法及终端设备Salt value-based data possession verification method and terminal equipment
本申请要求于2019年1月4日提交中国专利局、申请号为201910008653.7、发明名称为“基于盐值的数据持有性验证方法及终端设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application requires the priority of the Chinese patent application submitted to the China Patent Office on January 4, 2019, with the application number 201910008653.7 and the invention titled "Data Holdability Verification Method and Terminal Equipment Based on Salt Value." The reference is incorporated in this application.
技术领域Technical field
本申请属于计算机应用技术领域,尤其涉及一种基于盐值的数据持有性验证方法、终端设备及计算机非易失性可读存储介质。The present application belongs to the field of computer application technology, and particularly relates to a salt value-based data possession verification method, terminal device, and computer non-volatile readable storage medium.
背景技术Background technique
当云平台的存储服务所面临的数据量越来越大,所需的存储代价越来越高的情况下,现有技术中通过对等网络P2P的方式将整个的数据文件分开存储在不同的节点中,但是P2P具有不可信任的特性,如何验证P2P存储点诚实的存储了你的数据,现有的一些做法是通过使用全文内容HASH等方式处理。但是,这种方式在应用过程中,存储数据的节点可以在保存数据摘要之后,对所存储的数据进行修改或者删除,以在数据所有在进行数据持有性验证的时候,直接将保存的数据摘要发送至数据所有者的终端来进行验证,通过伪造的数据摘要的方式欺骗数据所有者的验证过程,进而不能保证数据完整性验证的可靠性。When the amount of data faced by the storage service of the cloud platform is getting larger and larger, and the required storage cost is getting higher and higher, in the prior art, the entire data file is stored separately in different In the node, but P2P has untrustworthy characteristics, how to verify that the P2P storage point honestly stores your data, some existing practices are handled by using full-text content HASH and other methods. However, in this way, in the application process, the node that stores the data can modify or delete the stored data after saving the data summary, so that when the data is all verified for data possession, the saved data can be directly The abstract is sent to the terminal of the data owner for verification, and the verification process of the data owner is deceived by forging the data summary, and the reliability of data integrity verification cannot be guaranteed.
技术问题technical problem
有鉴于此,本申请实施例提供了一种基于盐值的数据持有性验证方法、终端设备及计算机非易失性可读存储介质,以解决现有技术中在验证分片存储数据的完整性时可靠性低的问题。In view of this, the embodiments of the present application provide a salt value-based data possession verification method, terminal device, and computer non-volatile readable storage medium, to solve the problem of integrity of stored data in verification fragments in the prior art The problem of low reliability during sex.
技术解决方案Technical solution
本申请实施例的第一方面提供了一种基于盐值的数据持有性验证方法,包括:The first aspect of the embodiments of the present application provides a salt value-based data possession verification method, including:
随机生成一个盐值,并根据所述盐值和数据所有者所持有的源数据生成第一数据摘要;Randomly generate a salt value, and generate a first data summary based on the salt value and the source data held by the data owner;
发送所述盐值至目标节点;所述目标节点为存储所述源数据的节点;Sending the salt value to a target node; the target node is a node that stores the source data;
接收所述目标节点发送的第二数据摘要;所述第二数据摘要为所述目标节点根据所述盐值和当前与所述源数据对应的存储数据生成;Receiving a second data summary sent by the target node; the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data;
将所述第一数据摘要与所述第二数据摘要进行对比,并根据对比结果验证所述目标节点所存储的所述存储数据是否完整。Comparing the first data summary with the second data summary, and verifying whether the stored data stored by the target node is complete according to the comparison result.
本申请实施例的第二方面提供了一种终端设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,所述处理器执行所述计算机可读指令时实现以下步骤:A second aspect of an embodiment of the present application provides a terminal device, including a memory, a processor, and computer-readable instructions stored in the memory and executable on the processor, and the processor executes the computer The following steps are realized when the instructions are readable:
随机生成一个盐值,并根据所述盐值和数据所有者所持有的源数据生成第一数据摘要;Randomly generate a salt value, and generate a first data summary based on the salt value and the source data held by the data owner;
发送所述盐值至目标节点;所述目标节点为存储所述源数据的节点;Sending the salt value to a target node; the target node is a node that stores the source data;
接收所述目标节点发送的第二数据摘要;所述第二数据摘要为所述目标节点根据所述盐值和当前与所述源数据对应的存储数据生成;Receiving a second data summary sent by the target node; the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data;
将所述第一数据摘要与所述第二数据摘要进行对比,并根据对比结果验证所述目标节点所存储的所述存储数据是否完整。Comparing the first data summary with the second data summary, and verifying whether the stored data stored by the target node is complete according to the comparison result.
本申请实施例的第三方面提供了一种终端设备,包括:A third aspect of the embodiments of the present application provides a terminal device, including:
第一摘要单元,用于随机生成一个盐值,并根据所述盐值和数据所有者所持有的源数据生成第一数据摘要;A first summary unit for randomly generating a salt value, and generating a first data summary according to the salt value and the source data held by the data owner;
发送单元,用于发送所述盐值至目标节点;所述目标节点为存储所述源数据的节点;A sending unit, configured to send the salt value to a target node; the target node is a node that stores the source data;
第二摘要单元,用于接收所述目标节点发送的第二数据摘要;所述第二数据摘要为所述目标节点根据所述盐值和当前与所述源数据对应的存储数据生成;A second summary unit, configured to receive a second data summary sent by the target node; the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data;
验证单元,用于将所述第一数据摘要与所述第二数据摘要进行对比,并根据对比结果验证所述目标节点所存储的所述存储数据是否完整。The verification unit is configured to compare the first data digest with the second data digest, and verify whether the stored data stored by the target node is complete according to the comparison result.
本申请实施例的第四方面提供了一种计算机非易失性可读存储介质,所述计算机存储介质存储有计算机可读指令,所述计算机可读指令包括程序指令,所述程序指令当被处理器执行时使所述处理器执行上述第一方面的方法。A fourth aspect of the embodiments of the present application provides a computer nonvolatile readable storage medium. The computer storage medium stores computer readable instructions. The computer readable instructions include program instructions. When the processor executes, the processor is caused to execute the method of the first aspect.
有益效果Beneficial effect
本申请实施例与现有技术相比存在的有益效果是:Compared with the prior art, the beneficial effects of the embodiments of the present application are:
本申请实施例通过随机生成一个盐值,根据盐值和存储在本地的源数据生成第一数据摘要,再将该盐值发送至存储源数据的目标节点,目标节点根据其所存储的数据和盐值计算得到的第二数据摘要,最后将第一数据摘要和所述第二数据摘要进行对比,根据对比结果确定所述目标节点存储的数据是否完整,通过对原始数据和存储数据加盐度并进行数据摘要,由于系统随机生成的盐值不同,使得数据摘要也伴有一定的随机性,进而存储节点不能保留原有数据的数据摘要,保证了数据完整性验证的可靠性,提高了P2P节点存储数据的安全性和完整性。In the embodiment of the present application, a salt value is randomly generated, a first data summary is generated according to the salt value and the source data stored locally, and then the salt value is sent to the target node storing the source data, and the target node according to the stored data and The second data summary obtained by calculating the salt value, and finally comparing the first data summary with the second data summary, and determining whether the data stored by the target node is complete according to the comparison result, by adding salinity to the original data and the stored data And perform data summary. Due to the different salt values randomly generated by the system, the data summary is also accompanied by a certain degree of randomness, and the storage node cannot retain the data summary of the original data, ensuring the reliability of data integrity verification and improving P2P The security and integrity of the data stored by the nodes.
附图说明BRIEF DESCRIPTION
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly explain the technical solutions in the embodiments of the present application, the following will briefly introduce the drawings used in the embodiments or the description of the prior art. Obviously, the drawings in the following description are only for the application In some embodiments, for those of ordinary skill in the art, without paying creative labor, other drawings may be obtained based on these drawings.
图1是本申请实施例一提供的基于盐值的数据持有性验证方法的流程图;FIG. 1 is a flowchart of a salt value-based data possession verification method provided in Embodiment 1 of the present application;
图2是本申请实施例二提供的基于盐值的数据持有性验证方法的流程图;FIG. 2 is a flowchart of a salt value-based data possession verification method provided by Embodiment 2 of the present application;
图3是本申请实施例三提供的终端设备的示意图;3 is a schematic diagram of a terminal device provided in Embodiment 3 of this application;
图4是本申请实施例四提供的终端设备的示意图。4 is a schematic diagram of a terminal device provided in Embodiment 4 of the present application.
本发明的实施方式Embodiments of the invention
以下描述中,为了说明而不是为了限定,提出了诸如特定系统结构、技术之类的具体细节,以便透彻理解本申请实施例。然而,本领域的技术人员应当清楚,在没有这些具体细节的其它实施例中也可以实现本申请。在其它情况中,省略对众所周知的系统、装置、电路以及方法的详细说明,以免不必要的细节妨碍本申请的描述。In the following description, for the purpose of illustration rather than limitation, specific details such as specific system structures and technologies are proposed to thoroughly understand the embodiments of the present application. However, those skilled in the art should understand that the present application can also be implemented in other embodiments without these specific details. In other cases, detailed descriptions of well-known systems, devices, circuits, and methods are omitted to avoid unnecessary details hindering the description of the present application.
为了说明本申请所述的技术方案,下面通过具体实施例来进行说明。In order to explain the technical solutions described in the present application, the following will be described with specific embodiments.
参见图1,图1是本申请实施例一提供的基于盐值的数据持有性验证方法的流程图。本实施例中基于盐值的数据持有性验证方法的执行主体为终端。终端包括但不限于智能手机、平板电脑、可穿戴设备等移动终端,还可以是台式电脑等。如图所示的基于盐值的数据持有性验证方法可以包括以下步骤:Referring to FIG. 1, FIG. 1 is a flowchart of a salt value-based data possession verification method provided in Embodiment 1 of the present application. In this embodiment, the execution subject of the data possession verification method based on the salt value is a terminal. Terminals include but are not limited to mobile terminals such as smart phones, tablet computers, and wearable devices, and may also be desktop computers. As shown in the figure, the salt value-based data possession verification method may include the following steps:
S101:随机生成一个盐值,并根据所述盐值和数据所有者所持有的源数据生成第一数据摘要。S101: Randomly generate a salt value, and generate a first data summary according to the salt value and the source data held by the data owner.
对于传统的分布式系统,无非是在不同的区域搭建一些服务器,然后再在这些服务器上存储数据。它解决了一些集中式存储的问题,但是也存在着比如服务器成为瓶颈、由于带宽而带来的访问不便等问题。因此,P2P分布式存储应运而生。对等网络(Peer to Peer,P2P)分布式存储就是让客户也成为服务器,当在存储数据的同时,也提供空间让别人来存储。这就很好的解决了由于服务器很少而产生的瓶颈,也能在速度上加以改进。但是同样它也带来了很多的问题,例如数据稳定性、一致性、安全性、隐私性以及防攻击性都会受到或多或少的影响。本实施例主要针对的是数据的完整性问题,因为在很多情况下,我们将数据量较大的数据存储至P2P节点中,节点并不能保证数据的安全性、私密性和完整性,而完整性相比于私密性是更加重要的数据属性,如果完整性收到威胁,则我们的数据处理系统将没有一个完整、安全的数据操作基础,在P2P节点很容易遭到攻击或者发生存储、处理故障的情况下,需要及时的检测当前存储源数据的P2P节点中数据的完整性。通过给P2P节点中的数据加盐度值的方式,验证当前节点所存储的数据是否与源数据相同,是否完整的保存有原始的全部数据。在本方案中源数据用于表示最初始的数据,即数据存储的标准数据,这些数据存储在本地的服务器中,用于通过这些数据与存储在P2P节点中的数据进行对比,检验P2P节点中数据的完整性。For traditional distributed systems, it is nothing more than to build some servers in different areas, and then store data on these servers. It solves some of the problems of centralized storage, but there are also problems such as the server becoming the bottleneck and the inconvenience of access due to bandwidth. Therefore, P2P distributed storage came into being. Peer-to-peer (Peer to Peer, P2P) distributed storage is to let customers also become servers. When storing data, it also provides space for others to store. This is a good solution to the bottleneck caused by the lack of servers, and it can be improved in speed. But it also brings a lot of problems, such as data stability, consistency, security, privacy and anti-attack will be affected more or less. This embodiment is mainly directed to the problem of data integrity, because in many cases, we store data with a large amount of data in a P2P node, and the node cannot guarantee the security, privacy and integrity of the data, but is complete Sex is a more important data attribute than privacy. If integrity is threatened, our data processing system will not have a complete and safe data operation foundation, and P2P nodes are vulnerable to attacks or storage and processing. In the event of a failure, the integrity of the data in the P2P node currently storing the source data needs to be detected in a timely manner. By adding the salinity value to the data in the P2P node, it is verified whether the data stored in the current node is the same as the source data, and whether the original data is completely stored. In this scheme, the source data is used to represent the initial data, that is, the standard data for data storage. These data are stored in the local server, used to compare these data with the data stored in the P2P node, and verify the P2P node. Data integrity.
在本实施例中,数据所有者用于表示源数据的所有者和使用者,数据所有者可以处理数据、发送数据,但是可能因为源数据的数据量较大的原因,数据所有者会将自己所有的数据发送至其他存储节点,因此,在本方案中,存储节点便是用来存储数据所有得者的源数据的节点。In this embodiment, the data owner is used to represent the owner and user of the source data. The data owner can process the data and send the data, but because of the large amount of source data, the data owner will All data is sent to other storage nodes. Therefore, in this solution, the storage node is the node used to store the source data of all the data winners.
在生成个第一数据摘要的过程中,先是随机生成一个盐值,在密码学中,盐是指通过在密码任意固定位置插入特定的字符串,让散列后的结果和使用原始密码的散列结果不相符,这种过程称之为加盐。通常情况下,当字段经过散列处理,例如MD5算法,会生成一段散列值,而散列后的值一般是无法通过特定算法得到原始字段的。但是某些情况,比如一个大型的彩虹表,通过在表中搜索该MD5值,很有可能在极短的时间内找到该散列值对应的真实字段内容。加盐后的散列值,可以极大的降低由于用户数据被盗而带来的密码泄漏风险,即使通过彩虹表寻找到了散列后的数值所对应的原始内容,但是由于经过了加盐,插入的字符串扰乱了真正的密码,使得获得真实密码的概率大大降低。In the process of generating the first data summary, a salt value is randomly generated first. In cryptography, salt refers to inserting a specific string at any fixed position of the password to let the hashed result and the original password be scattered. The results do not match, this process is called adding salt. Normally, when a field is hashed, for example, the MD5 algorithm, a hash value is generated, and the hashed value is generally unable to obtain the original field through a specific algorithm. But in some cases, such as a large rainbow table, by searching the MD5 value in the table, it is possible to find the real field content corresponding to the hash value in a very short time. The hashed value after salting can greatly reduce the risk of password leakage caused by the theft of user data. Even though the original content corresponding to the hashed value is found through the rainbow table, but because of the salting, The inserted character string disturbs the real password, which greatly reduces the probability of obtaining the real password.
加盐的实现过程通常是在需要散列的字段的特定位置增加特定的字符,打乱原始的字符串,使其生成的散列结果产生变化。比如,数据所有者所有的源数据为:x7faqgjw,经过MD5散列后,可以得出结果:455e0e5c2bc109deae749e7ce0cdd397。但是由于数据所有者所有的源数据位数不足,短数据的散列结果很容易被彩虹表破解,因此,在数据所有者所有的源数据末尾添加特定字符串:x7faqgjwabcdefghijklmnopqrstuvwxyz。综上可知,加盐后的源数据位数更长了,散列的结果也发生了变化:4a1690d5eb6c126ef68606dda68c2f79。The implementation process of salting is usually to add specific characters at specific positions of the field that needs to be hashed, to disrupt the original string, and to change the hash result generated by it. For example, the source data owned by the data owner is: x7faqgjw. After MD5 hashing, the result is 455e0e5c2bc109deae749e7ce0cdd397. However, due to insufficient number of source data bits in the data owner, the hash result of short data is easily cracked by the rainbow table. Therefore, add a specific string at the end of the source data owned by the data owner: x7faqgjwabcdefghijklmnopqrstuvwxyz. In summary, the number of source data digits after salt addition is longer, and the result of hashing has also changed: 4a1690d5eb6c126ef68606dda68c2f79.
在实际使用过程中,还可以通过特定位数插入、倒序或多种方法对数据所有者所有的源数据进行固定的加盐处理,使得散列的结果更加不容易被破解或轻易得到原始数据,并能防止存储节点对源数据摘要的保存和抵赖。In actual use, the source data owned by the data owner can also be fixed and salted by inserting a specific number of digits, in reverse order, or by multiple methods, making the hash result less likely to be cracked or the original data. And can prevent the storage node from saving and denying the summary of the source data.
S102:发送所述盐值至目标节点;所述目标节点为存储所述源数据的节点。S102: Send the salt value to a target node; the target node is a node that stores the source data.
在生成第一数据摘要之后,将盐值发送至目标节点。在本实施例中,目标节点为存储源数据的节点。After generating the first data summary, the salt value is sent to the target node. In this embodiment, the target node is a node that stores source data.
需要说明的是,本实施例中存储源数据的存储节点可以为一个,也可以为至少两个,当存储节点为多个时,可以是根据源数据的大小进行数据量的平均计算,每个存储节点存储相同数据量的数据,也可以是根据源数据中的数据分块或者目录等,进行存储。因此,当存储源数据的目标节点有至少两个时,可以是将相同的盐值发送至每个目标节点处,这种可以保证数据完整性验证的效率,但不能保证在目标节点可以相互通信的情况下,其他节点也会获取到相同的盐值,进而根据修改之后的存储数据生成或者杜撰出与第一数据摘要相同的数据摘要,并将其提交给数据所有者的期满行为。It should be noted that, in this embodiment, there may be one storage node storing source data, or at least two storage nodes. When there are multiple storage nodes, the average amount of data may be calculated according to the size of the source data. The storage node stores the same amount of data, or it can be stored according to the data block or directory in the source data. Therefore, when there are at least two target nodes that store source data, the same salt value can be sent to each target node. This can ensure the efficiency of data integrity verification, but it cannot guarantee that the target nodes can communicate with each other. In the case of, other nodes will also obtain the same salt value, and then generate or compile the same data digest as the first data digest based on the modified stored data, and submit it to the data owner's expiration behavior.
为了保证在多个目标节点存储源数据,在验证过程中的安全性和可靠性,我们也可以在验证每个目标节点的存储数据完整性时,每次都随机生成一个不同的盐值,并根据这些不同的盐值生成不同的数据摘要,根据不同的数据摘要来分别验证不同的目标节点所存储的存储数据的完整性,保证验证过程的安全性和私密性。In order to ensure the security and reliability of the source data stored in multiple target nodes, we can also randomly generate a different salt value each time when verifying the integrity of the stored data of each target node, and Different data summaries are generated based on these different salt values, and the integrity of the stored data stored by different target nodes is verified according to the different data summaries to ensure the security and privacy of the verification process.
S103:接收所述目标节点发送的第二数据摘要;所述第二数据摘要为所述目标节点根据所述盐值和当前与所述源数据对应的存储数据生成。S103: Receive a second data summary sent by the target node; the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data.
目标节点在接收到数据所有者的终端发送的盐值之后,根据当前与源数据对应的存储数据以及接收到的盐值,生成第二数据摘要,并将该数据摘要发送至数据所有者的处理终端。After receiving the salt value sent by the terminal of the data owner, the target node generates a second data summary based on the current stored data corresponding to the source data and the received salt value, and sends the data summary to the data owner for processing terminal.
具体的,目标节点在生成第二数据摘要的过程中,可以是先将盐值添加进所存储的存储数据中,得到目标数据,再根据目标数据生成数据摘要。其生成数据摘要的方式可以是通过消息摘要算法的主要特征是加密过程不需要密钥,并且经过加密的数据无法被解密,只有输入相同的明文数据经过相同的消息摘要算法才能得到相同的密文。消息摘要算法不存在密钥的管理与分发问题,适合于分布式网络上使用。由于其加密计算的工作量相当巨大,所以以前的这种算法通常只用于数据量有限的情况下的加密,例如计算机的口令就是用不可逆加密算法加密的。Specifically, in the process of generating the second data summary, the target node may first add the salt value to the stored storage data to obtain the target data, and then generate the data summary according to the target data. The way to generate the data digest can be through the message digest algorithm. The main feature is that the encryption process does not require a key, and the encrypted data cannot be decrypted. Only the input of the same plaintext data through the same message digest algorithm can get the same ciphertext. . The message digest algorithm has no key management and distribution problems and is suitable for use on distributed networks. Because the workload of encryption calculation is quite huge, the previous algorithm is usually only used for encryption when the amount of data is limited. For example, the password of the computer is encrypted with an irreversible encryption algorithm.
S104:将所述第一数据摘要与所述第二数据摘要进行对比,并根据对比结果验证所述目标节点所存储的所述存储数据是否完整。S104: Compare the first data summary with the second data summary, and verify whether the stored data stored by the target node is complete according to the comparison result.
在生成第一数据摘要和第二数据摘要之后,将第一数据摘要和第二数据摘要进行对比,得到对比结果,并根据对比结果验证目标节点所存储的存储数据是否完整。After generating the first data summary and the second data summary, the first data summary and the second data summary are compared to obtain a comparison result, and the stored data stored in the target node is verified based on the comparison result.
具体的,在将第一数据摘要与第二数据摘要进行对比的过程中,若第一数据摘要与第二数据摘要相同,则判定目标节点当前所存储的存储数据完整;若第一数据摘要与第二数据摘要不同,则判定目标节点当前所存储的存储数据不完整或者被篡改。Specifically, in the process of comparing the first data digest and the second data digest, if the first data digest and the second data digest are the same, it is determined that the storage data currently stored by the target node is complete; If the second data summary is different, it is determined that the storage data currently stored by the target node is incomplete or tampered.
上述方案,通过随机生成一个盐值,并根据所述盐值和数据所有者所持有的源数据生成第一数据摘要;发送所述盐值至目标节点;所述目标节点为存储所述源数据的节点;接收所述目标节点发送的第二数据摘要;所述第二数据摘要为所述目标节点根据所述盐值和当前与所述源数据对应的存储数据生成;将所述第一数据摘要与所述第二数据摘要进行对比,并根据对比结果验证所述目标节点所存储的所述存储数据是否完整。通过对原始数据和存储数据加盐度并进行数据摘要,保证了数据完整性验证的可靠性,提高了P2P节点存储数据的安全性和完整性。In the above solution, a salt value is randomly generated, and a first data summary is generated based on the salt value and the source data held by the data owner; the salt value is sent to a target node; the target node stores the source A node of data; receiving a second data summary sent by the target node; the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data; the first The data summary is compared with the second data summary, and based on the comparison result, it is verified whether the stored data stored by the target node is complete. By adding salinity to the original data and stored data and performing data summarization, the reliability of data integrity verification is ensured, and the security and integrity of the stored data of P2P nodes are improved.
参见图2,图2是本申请实施例二提供的基于盐值的数据持有性验证方法的流程图。本实施例中基于盐值的数据持有性验证方法的执行主体为终端。终端包括但不限于智能手机、平板电脑、可穿戴设备等移动终端,还可以是台式电脑等。如图所示的基于盐值的数据持有性验证方法可以包括以下步骤:Referring to FIG. 2, FIG. 2 is a flowchart of a salt value-based data possession verification method provided in Embodiment 2 of the present application. In this embodiment, the execution subject of the data possession verification method based on the salt value is a terminal. Terminals include but are not limited to mobile terminals such as smart phones, tablet computers, and wearable devices, and may also be desktop computers. As shown in the figure, the salt value-based data possession verification method may include the following steps:
S201:根据散列函数算法随机生成一个盐值。S201: Generate a salt value randomly according to the hash function algorithm.
本方案中的盐度值是由系统随机生成的,并且只有系统知道。这样,即便两个节点存储了相同的数据,由于系统为它们生成的盐度值不同,他们的散列值也是不同的。即便黑客可以通过自己的密码和自己生成的散列值来找具有特定密码的用户,但这个几率太小了。在生成盐值时,如果盐值太短,攻击者可以构造一个查询表包含所有可能的盐值。示例性地,如果一个盐值只包含3个美国信息交换标准代码(American Standard Code for Information Interchange,ASCII)字符,则一共有95*95*95=857375种可能。这看起来很多,但是如果对于每个盐值查询表只包含1MB最常见的密码,那么总共只需要837GB的储存空间。同样地,用户名也不应该被用作盐值。尽管在一个网站中用户名是唯一的,但是它们是可预测的,并且经常重复用于其他服务中。攻击者可以针对常见用户名构建查询表,然后对用户名盐值哈希发起进攻。The salinity value in this scheme is randomly generated by the system, and only the system knows it. In this way, even if two nodes store the same data, because the system generates different salinity values for them, their hash values are also different. Even if a hacker can find a user with a specific password through his own password and the hash value generated by himself, this chance is too small. When generating salt values, if the salt value is too short, the attacker can construct a lookup table containing all possible salt values. Exemplarily, if a salt value contains only 3 American Standard Code for Information Interchange (ASCII) characters, there are 95*95*95=857375 possibilities. This looks a lot, but if only 1MB of the most common password is included for each salt lookup table, then only a total of 837GB of storage space is required. Similarly, the username should not be used as a salt value. Although user names are unique in a website, they are predictable and are often used repeatedly in other services. An attacker can build a lookup table for common usernames and then attack the hash of the username salt.
本实施例中,为了使攻击者无法构造包含所有可能盐值的查询表,盐值必须足够长。加盐值是随机生成的一组字符串,可以包括随机的大小写字母、数字、字符,位数可以根据要求而不一样。优选的,可以使用和哈希函数输出的字符串等长的盐值,比如安全散列256算法(Secure Hash Algorithm,SHA)的输出是256bits的字符串,那么盐值也至少应该是32个随机字节。In this embodiment, in order to prevent an attacker from constructing a lookup table containing all possible salt values, the salt value must be sufficiently long. The salt value is a randomly generated set of strings, which can include random upper and lower case letters, numbers, and characters. The number of digits can be different according to requirements. Preferably, a salt value equal to the string output by the hash function can be used. For example, the output of the Secure Hash Algorithm (SHA) is a string of 256 bits, then the salt value should also be at least 32 random byte.
S202:将所述盐值和数据所有者所持有的源数据结合,得到目标数据。S202: Combine the salt value with the source data held by the data owner to obtain target data.
一些存储节点的数据库管理着用户的ID及口令,口令以MD5等加密后的形式存在,但是有些时候可能数据库泄露,数据摘要被攻击者获取,如果此数据摘要对应的口令是弱口令,则黑客可以通过此散列函数HASH暴力破解获取其他用户的ID及口令,破坏数据的机密性。通过加入盐值即盐化可以很好的防治这种攻击手段。盐值是一组随机的字符串,通过插入在口令后进行HASH算法,这样即使是相同的口令,插入不同的盐值后生成的数据摘要也是不相同的,由于MD5的不可逆性,想要逆向破解MD5也是非常耗时间的。Some storage node databases manage user IDs and passwords. Passwords exist in encrypted form such as MD5, but sometimes the database may be leaked and the data digest is obtained by the attacker. If the password corresponding to this data digest is a weak password, the hacker You can use this hash function HASH brute force cracking to obtain the IDs and passwords of other users and destroy the confidentiality of the data. By adding salt value, that is, salinization, this attack method can be well prevented. The salt value is a set of random character strings. The hash algorithm is inserted after the password is inserted, so that even if the password is the same, the data digest generated after inserting different salt values is also different. Due to the irreversibility of MD5, I want to reverse Cracking MD5 is also very time-consuming.
为了加强MD5的安全性,从而加入了新的算法部分即加盐值,加盐值是随机生成的一组字符串,可以包括随机的大小写字母、数字、字符,位数可以根据要求而不一样,使用不同的加盐值产生的最终密文是不一样的。我们可以通过将盐值和数据所有者所持有的源数据结合的方式,得到目标数据。其中,具体的结合方式可以是将盐值全部添加在源数据的前部或者后部,还可以是将盐值拆解,得到一段一段的数据,并将这些的数据随机添加进源数据中,得到目标数据。In order to strengthen the security of MD5, a new algorithm is added to add salt value. The salt value is a randomly generated set of character strings, which can include random upper and lower case letters, numbers, and characters. Similarly, the final ciphertext produced using different salting values is different. We can get the target data by combining the salt value with the source data held by the data owner. Among them, the specific combination method can be to add the salt value to the front or back of the source data, or to disassemble the salt value to obtain a piece of data, and add these data to the source data randomly. Get the target data.
S203:根据所述目标数据生成第一数据摘要。S203: Generate a first data summary according to the target data.
在确定由盐值和数据所有者所持有的源数据组成的目标数据之后,根据目标数据生成第一数据摘要。After determining the target data composed of the salt value and the source data held by the data owner, a first data summary is generated according to the target data.
进一步的,步骤S203可以具体包括步骤S2031~S2033:Further, step S203 may specifically include steps S2031 to S2033:
S2031:将所述目标数据转换为位字符串。S2031: Convert the target data into a bit string.
在数据摘要算法中,一般把消息当做位字符串进行处理。最小单位称为位,8位组成一个字节,两个字节组成一个字。示例性的,字符串“abc”转换成位字符串是01100001 01100010 01100011,转换成16进制字符串是0x616263。因为数据摘要算法只接受位作为输入,所以进行计算前必须把目标数据转换成位字符串。示例性的,比如,对字符串“abc”产生消息摘要,‘a’=97、‘b’=98、‘c’=99,先转换成24位的字符串:01100001 01100010 01100011。In the data digest algorithm, the message is generally treated as a bit string. The smallest unit is called a bit, 8 bits form a byte, and two bytes form a word. Exemplarily, the string "abc" is converted into a bit string of 01100001 01100010 01100011, and the string converted into a hexadecimal string is 0x616263. Because the data digest algorithm only accepts bits as input, the target data must be converted to a bit string before calculation. Exemplary, for example, to generate a message digest for the character string "abc", ‘a’=97, ‘b’=98, ‘c’=99, first converted to a 24-bit character string: 01100001 01100010 01100011.
S2032:对所述位字符串进行补位处理,得到预设位数的字符串,并在所述预设位数的字符串中加入用于表示所述位字符串长度的字符,得到目标字符串。S2032: Perform bit complement processing on the bit string to obtain a string with a preset number of digits, and add a character representing the length of the bit string to the string with a preset number of digits to obtain a target character string.
在进行消息填充后,要在最后添加消息的长度,将原始消息的长度补充到已经进行了补位操作的消息后面。规定使用128位的数据表示原始消息的长度。这样,处理后的消息的长度就成为了1024的倍数。After the message is filled, the length of the message is added at the end, and the length of the original message is added to the back of the message that has been filled. Specifies the use of 128-bit data to represent the length of the original message. In this way, the length of the processed message becomes a multiple of 1024.
在数据摘要算法中消息必须进行补位,使其长度在对512取模以后的余数是448,即补位后的消息长度除以512之后的余数是448。对消息进行补位时,先在后面补一个1,如果不满足要求,再补0直到满足对512取模余数为448。这就意味着,补位至少补一位,原消息位数为512n+447,最多补512位,原消息位数为512n+448。In the data digest algorithm, the message must be complemented so that the remainder after the modulus is modulo 512 is 448, that is, the remainder after the complemented message length is divided by 512 is 448. When complementing the message, first add a 1 to the back, and if it does not meet the requirements, then add 0 until the modulus remainder of 512 is 448. This means that at least one bit is filled, and the original message digits are 512n+447, at most 512 bits, and the original message digits are 512n+448.
示例性地,以之前的“abc”为例显示补位的过程:原始信息为01100001 01100010 01100011;补位第一步,首先补一个1:01100001 01100010 01100011 1;可以确定的是,如果用一个字节来表示一个字符,补1之后肯定不满足条件,仍需继续补位。补位第二步,后面补0直到总长度对512取模余数为448,这里补423个0,使总长度达到为448;补位完成后的数据转换为16进制。从16进制数据里可以看到,我们也可以直接采用16进制的方式进行补位,我们先补80,看是否满足长度对64取余的结果为56,不满足则继续补0,这样便可得到预设位数的字符串。Exemplarily, taking the previous "abc" as an example to show the process of bit complementation: the original information is 01100001 01100010 01100011; the first step of complementing, first fill one 1: 01100001 01100010 01100011 1; what can be determined is that if a byte is used to represent a character, after complementing 1, the condition will definitely not be met, and the supplement needs to continue. In the second step of padding, zeros are added until the total length modulo 512 is 448. Here, 423 0s are filled to make the total length 448; the data after the padding is converted to hexadecimal. As can be seen from the hexadecimal data, we can also directly use the hexadecimal method to fill in bits. We first fill in 80 to see if the length meets the 64 and the result is 56. If it is not satisfied, continue to fill in 0. You can get a string of preset digits.
在得到预设位数的字符串之后,在预设位数的字符串中加入用于表示位字符串长度的字符,得到目标字符串。这一步中,要将原始消息,即没有进行补位操作之前的二进制位数的长度附加到已经补位的消息之后。通常用一个64位的数据来表示原始消息的长度。如果消息长度不大于2^64,那么第一个字就是0。然后,将整个消息拆分为一个一个的512位的数据块M1,M2,…,Mi,…,Mn,分别对每一个数据块Mi(1≤i≤n)做处理,得到消息摘要。After obtaining the character string of the preset number of digits, add a character representing the length of the character string to the character string of the preset number of digits to obtain the target character string. In this step, the original message, that is, the length of the binary digits before the complement operation is appended to the already complemented message. A 64-bit data is usually used to represent the length of the original message. If the message length is not greater than 2^64, then the first word is 0. Then, the entire message is split into 512-bit data blocks M1, M2, ..., Mi, ..., Mn, and each data block Mi (1≤i≤n) is processed separately to obtain a message digest.
S2033:根据摘要函数对所述目标字符串进行处理,得到所述第一数据摘要。S2033: Process the target character string according to a digest function to obtain the first data digest.
本方案的数据摘要算法中包括80个64位长度的常量,K0,K1,K2,...,K79,其中这些常量的获取方式为对前80个素数进行开立方,取小数部分的前64位,用于消除后续的消息摘要计算时的数据中的统计规律。使用6个逻辑函数,每个函数都对64位的整数x,y,z进行运算操作,计算后产生64位数据作为结果输出。The data digest algorithm of this solution includes 80 64-bit constants, K0, K1, K2, ..., K79, where these constants are obtained by cube the first 80 prime numbers and take the first 64 of the fractional part Bit, used to eliminate the statistical law in the data during subsequent message digest calculation. Using 6 logic functions, each function operates on 64-bit integers x, y, z, and produces 64-bit data as the result output after calculation.
对消息进行计算时首先需初进行始化操作,其中8个64位空间的数据作为算法初始化向量,为摘要计算的原始输入,标记为H 0,H 1,H 2,…,H 7。9个64位的空间作为迭代时的中间变量,标记为A,B,C,D,E,F,G,H,I。其中,H 0,H 1,H 2,…,H 7的初始化值为固定值,其值为前8个素数进行开平方的小数部分化作二进制的前64位。将512位的明文分为16个32位长的分组,记为M 0,M 1,M 2,…,M 10…,M 15,对分组进行扩展运算,成为80个32位的数据块。对缓冲区A,B,C,D,E,F,G,H进行赋值,令A=H 0,B=H 1,C=H 2,D=H 3,E=H 4,F=H 5,G=H 6,I=H 7,然后对扩展运算得到的Wt(0≤t≤79)进行迭代运算,得到。之后,令H 0,H 1,H 2,…,H 7分别与At,Bt,Ct,Dt,Et,Ft,Gt,It相加,结果保存在H 0,H 1,H 2,…,H 7中,用以下一块1024位消息的计算,直至最后一个消息块计算完毕,最后得到的512位数据结果为原始消息计算得到的消息摘要。 When the message is calculated, the initialization operation needs to be performed first. Among them, the eight 64-bit data is used as the algorithm initialization vector, which is the original input of the digest calculation, and is marked as H 0 , H 1 , H 2 , ..., H 7 . Nine 64-bit spaces are used as intermediate variables during iteration, marked as A, B, C, D, E, F, G, H, I. Among them, the initial value of H 0 , H 1 , H 2 , ..., H 7 is a fixed value, and the value is the first 8 prime numbers whose squared fractional part is converted into the first 64 bits of binary. The 512-bit plaintext is divided into 16 32-bit long packets, denoted as M 0 , M 1 , M 2 , ..., M 10 ..., M 15 , and the packet is expanded to become 80 32-bit data blocks. Assign values to buffers A, B, C, D, E, F, G, H, let A=H 0 , B=H 1 , C=H 2 , D=H 3 , E=H 4 , F=H 5 , G=H 6 , I=H 7 , and then iteratively calculate Wt (0≤t≤79) obtained by the expansion operation to obtain. After that, let H 0 , H 1 , H 2 , ..., H 7 be added to At, Bt, Ct, Dt, Et, Ft, Gt, It respectively, and the result is stored in H 0 , H 1 , H 2 , ..., In H 7 , the calculation of the following 1024-bit message is used until the calculation of the last message block is completed, and the final 512-bit data result is the message digest calculated from the original message.
在带有盐度值的P2P节点存储数据的完整性验证中,盐度值的作用及其重要,通过系统为存储节点随机生成一个盐度值,并与存储节点所存储的数据相结合,使得存储数据具有高度的随机性,即便存储节点提供了原始数据的数据摘要,但是由于系统为其随机生成的盐度值的不同,使得存储节点根据存储数据和盐度值生成的数据摘要也是不同的,这样,数据持有者便可以通过随机生成的盐度值来验证存储节点所存储的数据的完整性,提高验证过程和验证结果的可靠性。In the integrity verification of the stored data of P2P nodes with salinity value, the role of salinity value is very important. The system randomly generates a salinity value for the storage node and combines it with the data stored by the storage node, so that The storage data is highly random. Even if the storage node provides a data summary of the original data, the data summary generated by the storage node based on the storage data and the salinity value is also different due to the difference in the salinity value randomly generated by the system. In this way, the data holder can verify the integrity of the data stored by the storage node through the randomly generated salinity value, and improve the reliability of the verification process and verification results.
S204:发送所述盐值至目标节点;所述目标节点为存储所述源数据的节点。S204: Send the salt value to a target node; the target node is a node that stores the source data.
在本实施例中S204与图1对应的实施例中S102的实现方式完全相同,具体可参考图1对应的实施例中的S102的相关描述,在此不再赘述。In this embodiment, S204 is implemented in exactly the same way as S102 in the embodiment corresponding to FIG. 1. For details, reference may be made to the relevant description of S102 in the embodiment corresponding to FIG. 1, and details are not described herein again.
S205:接收所述目标节点发送的第二数据摘要;所述第二数据摘要为所述目标节点根据所述盐值和当前与所述源数据对应的存储数据生成。S205: Receive a second data summary sent by the target node; the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data.
本方案中,与挑战者对应的,存储该源数据的P2P节点为目标节点,即被挑战者。挑战者可以随时检测被挑战者所存储的数据完整情况,其检测的方式就是通过将相同的盐度值发送至目标节点,目标节点在接收到该盐度值之后,根据其所存储的数据和所述盐度值计算得到的第二数据摘要。In this solution, corresponding to the challenger, the P2P node that stores the source data is the target node, that is, the challenger. The challenger can detect the completeness of the data stored by the challenger at any time by sending the same salinity value to the target node. After receiving the salinity value, the target node according to the stored data and The second data summary calculated from the salinity value.
S206:将所述第一数据摘要与所述第二数据摘要进行对比,并根据对比结果验证所述目标节点所存储的所述存储数据是否完整。S206: Compare the first data summary with the second data summary, and verify whether the stored data stored by the target node is complete according to the comparison result.
在得到第一数据摘要和第二数据摘要之后,将两个摘要进行对比,若两个数据摘要相同,则确定目标节点中所存储的数据完整,若两个数据摘要不同,则说明目标节点中的数据不完整或者发生了篡改。进一步的,当第一数据摘要和第二数据摘要不同时,可以进一步直接查看该节点中的数据情况,也可以直接将源数据替换该节点中对应的数据。After the first data summary and the second data summary are obtained, the two summaries are compared. If the two data summaries are the same, the data stored in the target node is determined to be complete. If the two data summaries are different, the target node is summarized. Of data is incomplete or has been tampered with. Further, when the first data summary and the second data summary are different, you can further directly view the data in the node, or you can directly replace the source data with the corresponding data in the node.
进一步的,若第一数据摘要与第二数据摘要不同,则判定目标节点当前所存储的存储数据不完整或者被篡改,之后还可以包括步骤S2061~S2062:Further, if the first data digest is different from the second data digest, it is determined that the storage data currently stored by the target node is incomplete or tampered, and then may further include steps S2061 to S2062:
S2061:获取所述目标节点当前所存储的存储数据,并根据所述存储数据确定所述第二数据摘要发生变化的原因,根据所述第二数据摘要发生变化的原因对所述目标节点进行处理。S2061: Obtain the currently stored storage data of the target node, and determine the reason for the change of the second data summary according to the storage data, and process the target node according to the cause of the change of the second data summary .
在将第一数据摘要和第二数据摘要进行对比之后,若第一数据摘要与第二数据摘要不同,则判定目标节点当前所存储的存储数据不完整或者被篡改。这种情况下,可以获取目标节点当前多存储的存储数据,并根据该存储数据确定第二数据摘要发生变化的原因。其中,发生变化的原因可能包括但不限于,存储节点恶意删除或者修改、存储节点出现故障,例如硬盘损坏、宕机等情况。After comparing the first data digest and the second data digest, if the first data digest and the second data digest are different, it is determined that the storage data currently stored by the target node is incomplete or tampered. In this case, the storage data currently stored in the target node may be obtained, and the reason for the change in the second data summary may be determined according to the storage data. Among them, the reasons for the change may include, but are not limited to, malicious deletion or modification of the storage node, failure of the storage node, such as hard disk damage, downtime, etc.
根据目标节点发生第二数据摘要变化的原因,对目标节点进行对应的处理。示例性的,当目标节点是通过恶意删除或者修改导致第二数据摘要发生变化时,可以将对目标节点中所存储的数据删除,并以后再不启用该目标节点来存储数据;若目标节点是因为硬盘损坏或者宕机等情况导致的第二数据摘要发生该变化,则可以在目标节点的运行恢复正常之后重新将存储数据发送至目标节点进行存储。According to the reason for the second data summary change of the target node, the target node is processed accordingly. Exemplarily, when the target node changes the second data summary through malicious deletion or modification, the data stored in the target node may be deleted, and the target node will not be enabled to store data in the future; if the target node is because If the change occurs in the second data summary caused by a hard disk damage or a downtime, after the operation of the target node returns to normal, the stored data may be sent to the target node again for storage.
S2062:用所述源数据替换所述目标节点中存储的所述存储数据。S2062: Replace the stored data stored in the target node with the source data.
与步骤S2061并列的,步骤S2062中,可以通过源数据直接替换目标节点当前存储的存储数据的方式,继续使用目标节点及其中存储的存储数据,还可以增加一些列的安全机制,例如设置目标节点对该存储数据的处理权限,使目标节点没有删除或者修改该存储数据的权限,进而保证存储数据的安全性和完整性。In parallel with step S2061, in step S2062, the source node can directly replace the currently stored storage data of the target node, continue to use the target node and the stored data stored in it, and can also add a series of security mechanisms, such as setting the target node The processing authority for the stored data prevents the target node from deleting or modifying the stored data, thereby ensuring the security and integrity of the stored data.
上述方案,通过根据散列函数算法随机生成一个盐值;将所述盐值和数据所有者所持有的源数据结合,得到目标数据;根据所述目标数据生成第一数据摘要。随机生成一个盐值,并根据所述盐值和数据所有者所持有的源数据生成第一数据摘要;发送所述盐值至目标节点;所述目标节点为存储所述源数据的节点;接收所述目标节点发送的第二数据摘要;所述第二数据摘要为所述目标节点根据所述盐值和当前与所述源数据对应的存储数据生成;将所述第一数据摘要与所述第二数据摘要进行对比,并根据对比结果验证所述目标节点所存储的所述存储数据是否完整。通过对原始数据和存储数据加盐度并进行数据摘要,由于系统随机生成的盐值不同,使得数据摘要也伴有一定的随机性,进而存储节点不能保留原有数据的数据摘要,保证了数据完整性验证的可靠性,提高了P2P节点存储数据的安全性和完整性。In the above solution, a salt value is randomly generated according to a hash function algorithm; the salt value is combined with the source data held by the data owner to obtain target data; and a first data summary is generated according to the target data. Randomly generate a salt value, and generate a first data summary based on the salt value and the source data held by the data owner; send the salt value to a target node; the target node is a node that stores the source data; Receiving a second data summary sent by the target node; the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data; Compare the second data summary, and verify whether the stored data stored by the target node is complete according to the comparison result. By adding salinity to the original data and the stored data and performing a data summary, due to the different salt values randomly generated by the system, the data summary is also accompanied by a certain randomness, and the storage node cannot retain the data summary of the original data, ensuring the data The reliability of integrity verification improves the security and integrity of data stored by P2P nodes.
参见图3,图3是本申请实施例三提供的一种终端设备的示意图。终端设备包括的各单元用于执行图1~图2对应的实施例中的各步骤。具体请参阅图1~图2各自对应的实施例中的相关描述。为了便于说明,仅示出了与本实施例相关的部分。本实施例的终端设备300包括:Referring to FIG. 3, FIG. 3 is a schematic diagram of a terminal device provided in Embodiment 3 of the present application. Each unit included in the terminal device is used to execute each step in the embodiments corresponding to FIG. 1 to FIG. 2. For details, please refer to the related descriptions in the corresponding embodiments of FIG. 1 to FIG. 2. For ease of explanation, only parts related to this embodiment are shown. The terminal device 300 of this embodiment includes:
第一摘要单元301,用于随机生成一个盐值,并根据所述盐值和数据所有者所持有的源数据生成第一数据摘要;The first summary unit 301 is configured to randomly generate a salt value, and generate a first data summary according to the salt value and the source data held by the data owner;
发送单元302,用于发送所述盐值至目标节点;所述目标节点为存储所述源数据的节点;The sending unit 302 is configured to send the salt value to a target node; the target node is a node that stores the source data;
第二摘要单元303,用于接收所述目标节点发送的第二数据摘要;所述第二数据摘要为所述目标节点根据所述盐值和当前与所述源数据对应的存储数据生成;The second summary unit 303 is configured to receive a second data summary sent by the target node; the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data;
验证单元304,用于将所述第一数据摘要与所述第二数据摘要进行对比,并根据对比结果验证所述目标节点所存储的所述存储数据是否完整。The verification unit 304 is configured to compare the first data digest with the second data digest, and verify whether the stored data stored by the target node is complete according to the comparison result.
进一步的,所述第一摘要单元301可以包括:Further, the first summary unit 301 may include:
盐值生成单元,用于根据散列函数算法随机生成一个盐值;The salt value generating unit is used to randomly generate a salt value according to the hash function algorithm;
数据结合单元,用于将所述盐值和数据所有者所持有的源数据结合,得到目标数据;The data combining unit is used to combine the salt value with the source data held by the data owner to obtain target data;
第一摘要生成单元,用于根据所述目标数据生成第一数据摘要。The first summary generating unit is configured to generate a first data summary based on the target data.
进一步的,所述第一摘要生成单元可以包括:Further, the first summary generating unit may include:
字符转换单元,用于将所述目标数据转换为位字符串;A character conversion unit for converting the target data into a bit string;
补位单元,用于对所述位字符串进行补位处理,得到预设位数的字符串,并在所述预设位数的字符串中加入用于表示所述位字符串长度的字符,得到目标字符串;A bit complementing unit, used to perform bit complement processing on the bit character string to obtain a character string with a preset number of digits, and adding characters representing the length of the bit character string to the character string with a preset number of digits To get the target string;
第一生成单元,用于根据摘要函数对所述目标字符串进行处理,得到所述第一数据摘要。The first generating unit is configured to process the target character string according to a summary function to obtain the first data summary.
进一步的,所述验证单元304可以包括:Further, the verification unit 304 may include:
对比单元,用于将所述第一数据摘要与所述第二数据摘要进行对比;A comparison unit, configured to compare the first data summary with the second data summary;
第一判定单元,用于若所述第一数据摘要与所述第二数据摘要相同,则判定所述目标节点当前所存储的所述存储数据完整;A first determining unit, configured to determine that the stored data currently stored by the target node is complete if the first data digest and the second data digest are the same;
第二判定单元,用于若所述第一数据摘要与所述第二数据摘要不同,则判定所述目标节点当前所存储的所述存储数据不完整或者被篡改。The second determining unit is configured to determine that the stored data currently stored by the target node is incomplete or tampered if the first data digest and the second data digest are different.
进一步的,所述终端设备可以包括:Further, the terminal device may include:
处理单元,用于获取所述目标节点当前所存储的存储数据,并根据所述存储数据确定所述第二数据摘要发生变化的原因,根据所述第二数据摘要发生变化的原因对所述目标节点进行处理;或A processing unit, configured to obtain the stored data currently stored by the target node, and determine the cause of the change in the second data summary according to the stored data, and to the target according to the cause of the change in the second data summary Node for processing; or
数据替换单元,用于用所述源数据替换所述目标节点中存储的所述存储数据。A data replacement unit is used to replace the stored data stored in the target node with the source data.
上述方案,通过根据散列函数算法随机生成一个盐值;将所述盐值和数据所有者所持有的源数据结合,得到目标数据;根据所述目标数据生成第一数据摘要。随机生成一个盐值,并根据所述盐值和数据所有者所持有的源数据生成第一数据摘要;发送所述盐值至目标节点;所述目标节点为存储所述源数据的节点;接收所述目标节点发送的第二数据摘要;所述第二数据摘要为所述目标节点根据所述盐值和当前与所述源数据对应的存储数据生成;将所述第一数据摘要与所述第二数据摘要进行对比,并根据对比结果验证所述目标节点所存储的所述存储数据是否完整。通过对原始数据和存储数据加盐度并进行数据摘要,由于系统随机生成的盐值不同,使得数据摘要也伴有一定的随机性,进而存储节点不能保留原有数据的数据摘要,保证了数据完整性验证的可靠性,提高了P2P节点存储数据的安全性和完整性。In the above solution, a salt value is randomly generated according to a hash function algorithm; the salt value is combined with the source data held by the data owner to obtain target data; and a first data summary is generated according to the target data. Randomly generate a salt value, and generate a first data summary based on the salt value and the source data held by the data owner; send the salt value to a target node; the target node is a node that stores the source data; Receiving a second data summary sent by the target node; the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data; Compare the second data summary, and verify whether the stored data stored by the target node is complete according to the comparison result. By adding salinity to the original data and the stored data and performing a data summary, due to the different salt values randomly generated by the system, the data summary is also accompanied by a certain randomness, and the storage node cannot retain the data summary of the original data, ensuring the data The reliability of integrity verification improves the security and integrity of data stored by P2P nodes.
图4是本申请实施例四提供的终端设备的示意图。如图4所示,该实施例的终端设备4包括:处理器40、存储器41以及存储在所述存储器41中并可在所述处理器40上运行的计算机可读指令42。所述处理器40执行所述计算机可读指令42时实现上述各个基于盐值的数据持有性验证方法实施例中的步骤,例如图1所示的步骤101至104。或者,所述处理器40执行所述计算机可读指令42时实现上述各装置实施例中各模块/单元的功能,例如图3所示单元301至304的功能。4 is a schematic diagram of a terminal device provided in Embodiment 4 of the present application. As shown in FIG. 4, the terminal device 4 of this embodiment includes: a processor 40, a memory 41, and computer-readable instructions 42 stored in the memory 41 and executable on the processor 40. When the processor 40 executes the computer-readable instructions 42, the steps in the above embodiments of the salt value-based data possession verification method are implemented, for example, steps 101 to 104 shown in FIG. 1. Alternatively, when the processor 40 executes the computer-readable instructions 42, the functions of each module/unit in the foregoing device embodiments are realized, for example, the functions of the units 301 to 304 shown in FIG. 3.
示例性的,所述计算机可读指令42可以被分割成一个或多个模块/单元,所述一个或者多个模块/单元被存储在所述存储器41中,并由所述处理器40执行,以完成本申请。所述一个或多个模块/单元可以是能够完成特定功能的一系列计算机可读指令指令段,该指令段用于描述所述计算机可读指令42在所述终端设备4中的执行过程。Exemplarily, the computer-readable instructions 42 may be divided into one or more modules/units, the one or more modules/units are stored in the memory 41, and executed by the processor 40, To complete this application. The one or more modules/units may be a series of computer-readable instruction instruction segments capable of performing specific functions, and the instruction segments are used to describe the execution process of the computer-readable instructions 42 in the terminal device 4.
所述终端设备4可以是桌上型计算机、笔记本、掌上电脑及云端服务器等计算设备。所述终端设备可包括,但不仅限于,处理器40、存储器41。本领域技术人员可以理解,图4仅仅是终端设备4的示例,并不构成对终端设备4的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如所述终端设备还可以包括输入输出设备、网络接入设备、总线等。The terminal device 4 may be a computing device such as a desktop computer, a notebook, a palmtop computer and a cloud server. The terminal device may include, but is not limited to, the processor 40 and the memory 41. Those skilled in the art may understand that FIG. 4 is only an example of the terminal device 4 and does not constitute a limitation on the terminal device 4, and may include more or less components than the illustration, or a combination of certain components or different components. For example, the terminal device may further include an input and output device, a network access device, a bus, and the like.
所称处理器40可以是中央处理单元(Central Processing Unit,CPU),还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The processor 40 may be a central processing unit (Central Processing Unit (CPU), can also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application-specific integrated circuits (Application Specific Integrated Circuit (ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components, etc. The general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
所述存储器41可以是所述终端设备4的内部存储单元,例如终端设备4的硬盘或内存。所述存储器41也可以是所述终端设备4的外部存储设备,例如所述终端设备4上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card,FC)等。进一步地,所述存储器41还可以既包括所述终端设备4的内部存储单元也包括外部存储设备。所述存储器41用于存储所述计算机可读指令以及所述终端设备所需的其他程序和数据。所述存储器41还可以用于暂时地存储已经输出或者将要输出的数据。The memory 41 may be an internal storage unit of the terminal device 4, such as a hard disk or a memory of the terminal device 4. The memory 41 may also be an external storage device of the terminal device 4, such as a plug-in hard disk equipped on the terminal device 4, a smart memory card (Smart Media Card, SMC), and a secure digital (SD) Cards, flash cards (Flash Card, FC), etc. Further, the memory 41 may include both an internal storage unit of the terminal device 4 and an external storage device. The memory 41 is used to store the computer-readable instructions and other programs and data required by the terminal device. The memory 41 can also be used to temporarily store data that has been or will be output.
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单元、模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元、模块完成,即将所述装置的内部结构划分成不同的功能单元或模块,以完成以上描述的全部或者部分功能。实施例中的各功能单元、模块可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中,上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。另外,各功能单元、模块的具体名称也只是为了便于相互区分,并不用于限制本申请的保护范围。上述系统中单元、模块的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for convenience and conciseness of description, only the above-mentioned division of each functional unit and module is used as an example for illustration. In practical applications, the above-mentioned functions may be allocated by different functional units, Module completion means that the internal structure of the device is divided into different functional units or modules to complete all or part of the functions described above. The functional units and modules in the embodiments may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above integrated unit may use hardware It can also be implemented in the form of software functional units. In addition, the specific names of the functional units and modules are only for the purpose of distinguishing each other, and are not intended to limit the protection scope of the present application. For the specific working processes of the units and modules in the above system, reference may be made to the corresponding processes in the foregoing method embodiments, which will not be repeated here.
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述或记载的部分,可以参见其它实施例的相关描述。In the above embodiments, the description of each embodiment has its own emphasis. For a part that is not detailed or recorded in an embodiment, you can refer to the related descriptions of other embodiments.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place or may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
所述集成的模块/单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请实现上述实施例方法中的全部或部分流程,也可以通过计算机可读指令来指令相关的硬件来完成,所述的计算机可读指令可存储于一计算机非易失性可读存储介质中。If the integrated module/unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a computer-readable storage medium. Based on this understanding, this application implements all or part of the processes in the methods of the above embodiments, and can also be completed by instructing relevant hardware through computer-readable instructions, which can be stored in a computer non-volatile Readable storage medium.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机可读指令来指令相关的硬件来完成,所述的计算机可读指令可存储于一计算机非易失性可读取存储介质中,该计算机可读指令在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink) DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。A person of ordinary skill in the art may understand that all or part of the process in the method of the foregoing embodiments may be completed by instructing relevant hardware through computer-readable instructions, and the computer-readable instructions may be stored in a computer non-volatile In a readable storage medium, when the computer-readable instructions are executed, they may include the processes of the foregoing method embodiments. Wherein, any reference to the memory, storage, database or other media used in the embodiments provided in this application may include non-volatile and/or volatile memory. Non-volatile memory may include read-only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory can include random access memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
以上所述实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围,均应包含在本申请的保护范围之内。The above-mentioned embodiments are only used to illustrate the technical solutions of the present application, not to limit them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that they can still implement the foregoing The technical solutions described in the examples are modified, or some of the technical features are equivalently replaced; and these modifications or replacements do not deviate from the spirit and scope of the technical solutions of the embodiments of the present application. Within the scope of protection of this application.

Claims (20)

  1. 一种基于盐值的数据持有性验证方法,其特征在于,包括:A method for verifying data possession based on salt value, which includes:
    随机生成一个盐值,并根据所述盐值和数据所有者所持有的源数据生成第一数据摘要;Randomly generate a salt value, and generate a first data summary based on the salt value and the source data held by the data owner;
    发送所述盐值至目标节点;所述目标节点为存储所述源数据的节点;Sending the salt value to a target node; the target node is a node that stores the source data;
    接收所述目标节点发送的第二数据摘要;所述第二数据摘要为所述目标节点根据所述盐值和当前与所述源数据对应的存储数据生成;Receiving a second data summary sent by the target node; the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data;
    将所述第一数据摘要与所述第二数据摘要进行对比,并根据对比结果验证所述目标节点所存储的所述存储数据是否完整。Comparing the first data summary with the second data summary, and verifying whether the stored data stored by the target node is complete according to the comparison result.
  2. 如权利要求1所述的基于盐值的数据持有性验证方法,其特征在于,所述随机生成一个盐值,并根据所述盐值和数据所有者所持有的源数据生成第一数据摘要,包括:The method for verifying data possession based on salt value according to claim 1, wherein the salt value is randomly generated, and the first data is generated according to the salt value and the source data held by the data owner Summary, including:
    根据散列函数算法随机生成一个盐值;Randomly generate a salt value according to the hash function algorithm;
    将所述盐值和数据所有者所持有的源数据结合,得到目标数据;Combine the salt value with the source data held by the data owner to obtain the target data;
    根据所述目标数据生成第一数据摘要。Generate a first data summary based on the target data.
  3. 如权利要求2所述的基于盐值的数据持有性验证方法,其特征在于,所述根据所述目标数据生成第一数据摘要,包括:The method for verifying data possession based on salt value according to claim 2, wherein the generating the first data summary according to the target data includes:
    将所述目标数据转换为位字符串;Convert the target data into a bit string;
    对所述位字符串进行补位处理,得到预设位数的字符串,并在所述预设位数的字符串中加入用于表示所述位字符串长度的字符,得到目标字符串;Perform bit complement processing on the bit string to obtain a string with a preset number of digits, and add a character representing the length of the bit string to the string with a preset number of digits to obtain a target string;
    根据摘要函数对所述目标字符串进行处理,得到所述第一数据摘要。The target character string is processed according to a digest function to obtain the first data digest.
  4. 如权利要求1-3任一项所述的基于盐值的数据持有性验证方法,其特征在于,所述将所述第一数据摘要与所述第二数据摘要进行对比,并根据对比结果验证所述目标节点所存储的所述存储数据是否完整,包括:The method for verifying data possession based on salt value according to any one of claims 1 to 3, wherein the first data summary is compared with the second data summary, and the comparison result is based on Verifying that the stored data stored by the target node is complete, including:
    将所述第一数据摘要与所述第二数据摘要进行对比;Compare the first data summary with the second data summary;
    若所述第一数据摘要与所述第二数据摘要相同,则判定所述目标节点当前所存储的所述存储数据完整;If the first data digest is the same as the second data digest, it is determined that the stored data currently stored by the target node is complete;
    若所述第一数据摘要与所述第二数据摘要不同,则判定所述目标节点当前所存储的所述存储数据不完整或者被篡改。If the first data digest is different from the second data digest, it is determined that the stored data currently stored by the target node is incomplete or tampered.
  5. 如权利要求4所述的基于盐值的数据持有性验证方法,其特征在于,所述若所述第一数据摘要与所述第二数据摘要不同,则判定所述目标节点当前所存储的所述存储数据不完整或者被篡改之后,还包括:The method for verifying data possession based on a salt value according to claim 4, wherein if the first data digest is different from the second data digest, it is determined that the target node currently stores After the stored data is incomplete or tampered, it also includes:
    获取所述目标节点当前所存储的存储数据,并根据所述存储数据确定所述第二数据摘要发生变化的原因,根据所述第二数据摘要发生变化的原因对所述目标节点进行处理;或Acquiring stored data currently stored by the target node, and determining the reason for the change in the second data digest according to the stored data, and processing the target node according to the reason for the change in the second data digest; or
    用所述源数据替换所述目标节点中存储的所述存储数据。Replacing the stored data stored in the target node with the source data.
  6. 一种终端设备,其特征在于,包括存储器以及处理器,所述存储器中存储有可在所述处理器上运行的计算机可读指令,其特征在于,所述处理器执行所述计算机可读指令时,实现如下步骤:A terminal device, characterized in that it includes a memory and a processor, and the memory stores computer-readable instructions executable on the processor, wherein the processor executes the computer-readable instructions , The following steps are implemented:
    随机生成一个盐值,并根据所述盐值和数据所有者所持有的源数据生成第一数据摘要;Randomly generate a salt value, and generate a first data summary based on the salt value and the source data held by the data owner;
    发送所述盐值至目标节点;所述目标节点为存储所述源数据的节点;Sending the salt value to a target node; the target node is a node that stores the source data;
    接收所述目标节点发送的第二数据摘要;所述第二数据摘要为所述目标节点根据所述盐值和当前与所述源数据对应的存储数据生成;Receiving a second data summary sent by the target node; the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data;
    将所述第一数据摘要与所述第二数据摘要进行对比,并根据对比结果验证所述目标节点所存储的所述存储数据是否完整。Comparing the first data summary with the second data summary, and verifying whether the stored data stored by the target node is complete according to the comparison result.
  7. 如权利要求6所述的终端设备,其特征在于,所述随机生成一个盐值,并根据所述盐值和数据所有者所持有的源数据生成第一数据摘要,包括:The terminal device according to claim 6, wherein the randomly generating a salt value, and generating the first data summary according to the salt value and the source data held by the data owner includes:
    根据散列函数算法随机生成一个盐值;Randomly generate a salt value according to the hash function algorithm;
    将所述盐值和数据所有者所持有的源数据结合,得到目标数据;Combine the salt value with the source data held by the data owner to obtain the target data;
    根据所述目标数据生成第一数据摘要。Generate a first data summary based on the target data.
  8. 如权利要求7所述的终端设备,其特征在于,所述根据所述目标数据生成第一数据摘要,包括:The terminal device according to claim 7, wherein the generating the first data summary according to the target data includes:
    将所述目标数据转换为位字符串;Convert the target data into a bit string;
    对所述位字符串进行补位处理,得到预设位数的字符串,并在所述预设位数的字符串中加入用于表示所述位字符串长度的字符,得到目标字符串;Perform bit complement processing on the bit string to obtain a string with a preset number of digits, and add a character representing the length of the bit string to the string with a preset number of digits to obtain a target string;
    根据摘要函数对所述目标字符串进行处理,得到所述第一数据摘要。The target character string is processed according to a digest function to obtain the first data digest.
  9. 如权利要求6-8任一项所述的终端设备,其特征在于,所述将所述第一数据摘要与所述第二数据摘要进行对比,并根据对比结果验证所述目标节点所存储的所述存储数据是否完整,包括:The terminal device according to any one of claims 6-8, wherein the first data summary is compared with the second data summary, and the stored result of the target node is verified according to the comparison result Whether the stored data is complete, including:
    将所述第一数据摘要与所述第二数据摘要进行对比;Compare the first data summary with the second data summary;
    若所述第一数据摘要与所述第二数据摘要相同,则判定所述目标节点当前所存储的所述存储数据完整;If the first data digest is the same as the second data digest, it is determined that the stored data currently stored by the target node is complete;
    若所述第一数据摘要与所述第二数据摘要不同,则判定所述目标节点当前所存储的所述存储数据不完整或者被篡改。If the first data digest is different from the second data digest, it is determined that the stored data currently stored by the target node is incomplete or tampered.
  10. 如权利要求9所述的终端设备,其特征在于,所述若所述第一数据摘要与所述第二数据摘要不同,则判定所述目标节点当前所存储的所述存储数据不完整或者被篡改之后,还包括:The terminal device according to claim 9, wherein if the first data digest is different from the second data digest, it is determined that the stored data currently stored by the target node is incomplete or After tampering, it also includes:
    获取所述目标节点当前所存储的存储数据,并根据所述存储数据确定所述第二数据摘要发生变化的原因,根据所述第二数据摘要发生变化的原因对所述目标节点进行处理;或Acquiring stored data currently stored by the target node, and determining the reason for the change in the second data digest according to the stored data, and processing the target node according to the reason for the change in the second data digest; or
    用所述源数据替换所述目标节点中存储的所述存储数据。Replacing the stored data stored in the target node with the source data.
  11. 一种终端设备,其特征在于,包括:A terminal device is characterized by comprising:
    第一摘要单元,用于随机生成一个盐值,并根据所述盐值和数据所有者所持有的源数据生成第一数据摘要;A first summary unit for randomly generating a salt value, and generating a first data summary according to the salt value and the source data held by the data owner;
    发送单元,用于发送所述盐值至目标节点;所述目标节点为存储所述源数据的节点;A sending unit, configured to send the salt value to a target node; the target node is a node that stores the source data;
    第二摘要单元,用于接收所述目标节点发送的第二数据摘要;所述第二数据摘要为所述目标节点根据所述盐值和当前与所述源数据对应的存储数据生成;A second summary unit, configured to receive a second data summary sent by the target node; the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data;
    验证单元,用于将所述第一数据摘要与所述第二数据摘要进行对比,并根据对比结果验证所述目标节点所存储的所述存储数据是否完整。The verification unit is configured to compare the first data digest with the second data digest, and verify whether the stored data stored by the target node is complete according to the comparison result.
  12. 如权利要求11所述的终端设备,其特征在于,所述第一摘要单元包括:The terminal device according to claim 11, wherein the first summary unit comprises:
    盐值生成单元,用于根据散列函数算法随机生成一个盐值;The salt value generating unit is used to randomly generate a salt value according to the hash function algorithm;
    数据结合单元,用于将所述盐值和数据所有者所持有的源数据结合,得到目标数据;The data combining unit is used to combine the salt value with the source data held by the data owner to obtain target data;
    第一摘要生成单元,用于根据所述目标数据生成第一数据摘要。The first summary generating unit is configured to generate a first data summary based on the target data.
  13. 如权利要求12所述的终端设备,其特征在于,所述第一摘要生成单元包括:The terminal device according to claim 12, wherein the first digest generating unit includes:
    字符转换单元,用于将所述目标数据转换为位字符串;A character conversion unit for converting the target data into a bit string;
    补位单元,用于对所述位字符串进行补位处理,得到预设位数的字符串,并在所述预设位数的字符串中加入用于表示所述位字符串长度的字符,得到目标字符串;A bit complementing unit, used to perform bit complement processing on the bit character string to obtain a character string with a preset number of digits, and adding characters representing the length of the bit character string to the character string with a preset number of digits To get the target string;
    第一生成单元,用于根据摘要函数对所述目标字符串进行处理,得到所述第一数据摘要。The first generating unit is configured to process the target character string according to a summary function to obtain the first data summary.
  14. 如权利要求11-13任一项所述的终端设备,其特征在于,所述验证单元包括:The terminal device according to any one of claims 11 to 13, wherein the verification unit comprises:
    对比单元,用于将所述第一数据摘要与所述第二数据摘要进行对比;A comparison unit, configured to compare the first data summary with the second data summary;
    第一判定单元,用于若所述第一数据摘要与所述第二数据摘要相同,则判定所述目标节点当前所存储的所述存储数据完整;A first determining unit, configured to determine that the stored data currently stored by the target node is complete if the first data digest and the second data digest are the same;
    第二判定单元,用于若所述第一数据摘要与所述第二数据摘要不同,则判定所述目标节点当前所存储的所述存储数据不完整或者被篡改。The second determining unit is configured to determine that the stored data currently stored by the target node is incomplete or tampered if the first data digest and the second data digest are different.
  15. 如权利要求14所述的终端设备,其特征在于,还包括:The terminal device according to claim 14, further comprising:
    处理单元,用于获取所述目标节点当前所存储的存储数据,并根据所述存储数据确定所述第二数据摘要发生变化的原因,根据所述第二数据摘要发生变化的原因对所述目标节点进行处理;或A processing unit, configured to obtain the stored data currently stored by the target node, and determine the cause of the change in the second data summary according to the stored data, and to the target according to the cause of the change in the second data summary Node for processing; or
    数据替换单元,用于用所述源数据替换所述目标节点中存储的所述存储数据。A data replacement unit is used to replace the stored data stored in the target node with the source data.
  16. 一种计算机非易失性可读存储介质,所述计算机非易失性可读存储介质存储有计算机可读指令,其特征在于,所述计算机可读指令被处理器执行时实现如下步骤:A computer non-volatile readable storage medium, the computer non-volatile readable storage medium stores computer readable instructions, characterized in that, when the computer readable instructions are executed by a processor, the following steps are implemented:
    随机生成一个盐值,并根据所述盐值和数据所有者所持有的源数据生成第一数据摘要;Randomly generate a salt value, and generate a first data summary based on the salt value and the source data held by the data owner;
    发送所述盐值至目标节点;所述目标节点为存储所述源数据的节点;Sending the salt value to a target node; the target node is a node that stores the source data;
    接收所述目标节点发送的第二数据摘要;所述第二数据摘要为所述目标节点根据所述盐值和当前与所述源数据对应的存储数据生成;Receiving a second data summary sent by the target node; the second data summary is generated by the target node according to the salt value and currently stored data corresponding to the source data;
    将所述第一数据摘要与所述第二数据摘要进行对比,并根据对比结果验证所述目标节点所存储的所述存储数据是否完整。Comparing the first data summary with the second data summary, and verifying whether the stored data stored by the target node is complete according to the comparison result.
  17. 如权利要求16所述的计算机非易失性可读存储介质,其特征在于,所述随机生成一个盐值,并根据所述盐值和数据所有者所持有的源数据生成第一数据摘要,包括:The computer non-volatile storage medium according to claim 16, wherein the random generation of a salt value, and the first data summary is generated according to the salt value and the source data held by the data owner ,include:
    根据散列函数算法随机生成一个盐值;Randomly generate a salt value according to the hash function algorithm;
    将所述盐值和数据所有者所持有的源数据结合,得到目标数据;Combine the salt value with the source data held by the data owner to obtain the target data;
    根据所述目标数据生成第一数据摘要。Generate a first data summary based on the target data.
  18. 如权利要求17所述的计算机非易失性可读存储介质,其特征在于,所述根据所述目标数据生成第一数据摘要,包括:The computer non-volatile readable storage medium of claim 17, wherein the generating the first data summary according to the target data includes:
    将所述目标数据转换为位字符串;Convert the target data into a bit string;
    对所述位字符串进行补位处理,得到预设位数的字符串,并在所述预设位数的字符串中加入用于表示所述位字符串长度的字符,得到目标字符串;Perform bit complement processing on the bit string to obtain a string with a preset number of digits, and add a character representing the length of the bit string to the string with a preset number of digits to obtain a target string;
    根据摘要函数对所述目标字符串进行处理,得到所述第一数据摘要。The target character string is processed according to a digest function to obtain the first data digest.
  19. 如权利要求16-18任一项所述的计算机非易失性可读存储介质,其特征在于,所述将所述第一数据摘要与所述第二数据摘要进行对比,并根据对比结果验证所述目标节点所存储的所述存储数据是否完整,包括:The computer non-volatile storage medium according to any one of claims 16 to 18, wherein the first data summary and the second data summary are compared and verified according to the comparison result Whether the stored data stored by the target node is complete includes:
    将所述第一数据摘要与所述第二数据摘要进行对比;Compare the first data summary with the second data summary;
    若所述第一数据摘要与所述第二数据摘要相同,则判定所述目标节点当前所存储的所述存储数据完整;If the first data digest is the same as the second data digest, it is determined that the stored data currently stored by the target node is complete;
    若所述第一数据摘要与所述第二数据摘要不同,则判定所述目标节点当前所存储的所述存储数据不完整或者被篡改。If the first data digest is different from the second data digest, it is determined that the stored data currently stored by the target node is incomplete or tampered.
  20. 如权利要求19所述的计算机非易失性可读存储介质,其特征在于,所述若所述第一数据摘要与所述第二数据摘要不同,则判定所述目标节点当前所存储的所述存储数据不完整或者被篡改之后,还包括:The computer non-volatile storage medium according to claim 19, wherein if the first data digest is different from the second data digest, it is determined that the target node currently stores After the stored data is incomplete or tampered, it also includes:
    获取所述目标节点当前所存储的存储数据,并根据所述存储数据确定所述第二数据摘要发生变化的原因,根据所述第二数据摘要发生变化的原因对所述目标节点进行处理;或Acquiring stored data currently stored by the target node, and determining the reason for the change in the second data digest according to the stored data, and processing the target node according to the reason for the change in the second data digest; or
    用所述源数据替换所述目标节点中存储的所述存储数据。Replacing the stored data stored in the target node with the source data.
PCT/CN2019/118156 2019-01-04 2019-11-13 Salt-based data possession verification method and terminal device WO2020140626A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910008653.7 2019-01-04
CN201910008653.7A CN109639436A (en) 2019-01-04 2019-01-04 The data property held verification method and terminal device based on salt figure

Publications (1)

Publication Number Publication Date
WO2020140626A1 true WO2020140626A1 (en) 2020-07-09

Family

ID=66058160

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/118156 WO2020140626A1 (en) 2019-01-04 2019-11-13 Salt-based data possession verification method and terminal device

Country Status (2)

Country Link
CN (1) CN109639436A (en)
WO (1) WO2020140626A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109639436A (en) * 2019-01-04 2019-04-16 平安科技(深圳)有限公司 The data property held verification method and terminal device based on salt figure
CN110263572B (en) * 2019-05-15 2022-03-18 苏宁易购集团股份有限公司 Safe collision method and system for two-party data
CN111541733B (en) * 2020-03-06 2022-09-20 杜晓楠 Method for testing message storage in P2P network, computer readable storage medium and P2P network
CN111682961B (en) * 2020-05-18 2023-03-07 杜晓楠 Method for eliminating low-bandwidth nodes in I2P network, computer readable storage medium and I2P network
CN113472533A (en) * 2021-06-30 2021-10-01 四川新网银行股份有限公司 Data processing method and device based on limited domain key agreement and differential privacy
CN116361860B (en) * 2022-12-27 2024-02-09 深圳市网新新思软件有限公司 Information storage and verification method, device, equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012098543A2 (en) * 2011-01-18 2012-07-26 Fortress Gb Ltd. System and method for computerized negotiations based on coded integrity
CN103166931A (en) * 2011-12-15 2013-06-19 华为技术有限公司 Method, device and system of transmitting data safely
CN107204852A (en) * 2017-06-23 2017-09-26 郑州云海信息技术有限公司 A kind of optimized algorithm based on consistency verification of data algorithm
CN107423630A (en) * 2017-07-31 2017-12-01 腾讯科技(深圳)有限公司 Data processing method and device
CN109639436A (en) * 2019-01-04 2019-04-16 平安科技(深圳)有限公司 The data property held verification method and terminal device based on salt figure

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7228417B2 (en) * 2002-02-26 2007-06-05 America Online, Inc. Simple secure login with multiple-authentication providers
CN100394393C (en) * 2006-03-10 2008-06-11 四川大学 Information system data consistency detection
GB2459662B (en) * 2008-04-29 2012-05-23 Cryptomathic Ltd Secure data cache
CN103279718B (en) * 2013-05-20 2015-10-21 电子科技大学 Based on the data integrity verification method of SBT during a kind of cloud stores
CN106656476B (en) * 2017-01-18 2020-12-01 腾讯科技(深圳)有限公司 Password protection method and device and computer readable storage medium
CN107273514A (en) * 2017-06-21 2017-10-20 杭州云证网络科技有限公司 A kind of inspection method and application its inspect subsystem and data deposit signed certificate administration chain-circuit system
CN107480076A (en) * 2017-07-31 2017-12-15 北京小米移动软件有限公司 Protection processing method, device and the terminal of system partitioning
CN107919953A (en) * 2017-11-24 2018-04-17 上海百事通信息技术股份有限公司 Data notarization method, apparatus, equipment, medium and server
CN108494775B (en) * 2018-03-26 2020-12-15 四川长虹电器股份有限公司 Method for preventing network attack by using legal data or tampering legal data

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012098543A2 (en) * 2011-01-18 2012-07-26 Fortress Gb Ltd. System and method for computerized negotiations based on coded integrity
CN103166931A (en) * 2011-12-15 2013-06-19 华为技术有限公司 Method, device and system of transmitting data safely
CN107204852A (en) * 2017-06-23 2017-09-26 郑州云海信息技术有限公司 A kind of optimized algorithm based on consistency verification of data algorithm
CN107423630A (en) * 2017-07-31 2017-12-01 腾讯科技(深圳)有限公司 Data processing method and device
CN109639436A (en) * 2019-01-04 2019-04-16 平安科技(深圳)有限公司 The data property held verification method and terminal device based on salt figure

Also Published As

Publication number Publication date
CN109639436A (en) 2019-04-16

Similar Documents

Publication Publication Date Title
CN111095256B (en) Securely executing smart contract operations in a trusted execution environment
US20210099287A1 (en) Cryptographic key generation for logically sharded data stores
CN109716375B (en) Block chain account processing method, device and storage medium
CN110915164B (en) Processing blockchain data based on smart contract operations performed in trusted execution environments
WO2020140626A1 (en) Salt-based data possession verification method and terminal device
AU2018367363B2 (en) Processing data queries in a logically sharded data store
US10284372B2 (en) Method and system for secure management of computer applications
WO2020238694A1 (en) Key management method and related device
US7694147B2 (en) Hashing method and system
CN111130757A (en) Multi-cloud CP-ABE access control method based on block chain
CN108737374A (en) The method for secret protection that data store in a kind of block chain
CN111476573B (en) Account data processing method, device, equipment and storage medium
WO2021042851A1 (en) Data signature method and device for use in blockchain, computer apparatus, and storage medium
WO2020215685A1 (en) Block chain-based information processing and acquisition methods and apparatus, device, and medium
CA3065767C (en) Cryptographic key generation for logically sharded data stores
WO2022068360A1 (en) Shared root key-based information processing method and apparatus, and device and medium
Sultan et al. Internet of Things security issues and their solutions with blockchain technology characteristics: A systematic literature review
CN114244508A (en) Data encryption method, device, equipment and storage medium
WO2022068234A1 (en) Encryption method and apparatus based on shared root key, device and medium
CN114430321B (en) DFA self-adaptive security-based black box traceable key attribute encryption method and device
CN114510734B (en) Data access control method, device and computer readable storage medium
CN114553557A (en) Key calling method, key calling device, computer equipment and storage medium
WO2024088082A1 (en) Method and device for auditing data integrity, and storage medium
CN114329627A (en) Signature method, signature device, computer equipment and storage medium
Wang et al. Lightweight Secure Deduplication Based on Data Popularity

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19907030

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 16/11/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 19907030

Country of ref document: EP

Kind code of ref document: A1