WO2021012602A1 - 文件的多云存储方法、下载方法、装置及存储介质 - Google Patents

文件的多云存储方法、下载方法、装置及存储介质 Download PDF

Info

Publication number
WO2021012602A1
WO2021012602A1 PCT/CN2019/127025 CN2019127025W WO2021012602A1 WO 2021012602 A1 WO2021012602 A1 WO 2021012602A1 CN 2019127025 W CN2019127025 W CN 2019127025W WO 2021012602 A1 WO2021012602 A1 WO 2021012602A1
Authority
WO
WIPO (PCT)
Prior art keywords
file
concatenated
target
files
sub
Prior art date
Application number
PCT/CN2019/127025
Other languages
English (en)
French (fr)
Inventor
卢华
朱伏生
张继栋
Original Assignee
广东省新一代通信与网络创新研究院
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 广东省新一代通信与网络创新研究院 filed Critical 广东省新一代通信与网络创新研究院
Publication of WO2021012602A1 publication Critical patent/WO2021012602A1/zh

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Definitions

  • the present invention relates to the field of network storage, in particular to a method and device for multi-cloud storage of files, a computer-readable storage medium, and a method, device, and computer-readable storage medium for downloading multi-cloud storage files.
  • cloud storage applications such as storage into the cloud have become more and more common. Users or enterprises can store related applications or data in the cloud, and are no longer restricted by time or geographical conditions. Therefore, cloud storage technology brings users a convenient and fast experience. However, storing applications and data in the cloud also brings many problems. For example, data entering the cloud inevitably increases the risk of leakage of private data. Therefore, data security issues become an obstacle for users or enterprises to enter the cloud.
  • the main purpose of the present invention is to provide a multi-cloud storage method, device, and computer-readable storage medium for files, aiming to solve the technical problem that existing cloud storage data is prone to leakage.
  • the present invention provides a multi-cloud storage method for files.
  • the multi-cloud storage method for files is applied to an encrypted distributed storage device.
  • the multi-cloud storage method for files includes the following steps:
  • the encrypted distributed storage device When receiving the data upload request, the encrypted distributed storage device obtains the original file to be uploaded, divides the original file into cascaded sub-files of preset size according to preset configuration information, and saves the original file information, Concatenated sub-file information and associated information between the original file and the concatenated sub-file;
  • the encrypted distributed storage device encrypts the concatenated subfile according to the preset encryption method in the configuration information, generates an encrypted encrypted concatenated subfile, and saves the encryption key corresponding to the encrypted concatenated subfile key;
  • the encrypted distributed storage device correspondingly allocates the encrypted concatenated sub-files to the respective clouds for storage according to the respective cloud storage weights in the configuration information, and saves the storage path of the encrypted concatenated sub-files.
  • the encrypted distributed storage device encrypts the concatenated subfile according to a preset encryption method in the configuration information, generates an encrypted concatenated subfile, and saves the encrypted concatenated subfile After the corresponding encryption key step, it also includes:
  • the encrypted distributed storage device performs redundancy processing on the encrypted concatenated subfiles according to the configuration information, generates a preset number of redundant concatenated subfiles, and saves redundant concatenated subfile information and the encryption level Relevant redundant information of the concatenated sub-file and the corresponding redundant concatenated sub-file;
  • the step of the encrypted distributed storage device correspondingly allocating the encrypted cascading sub-files to the respective clouds for storage according to the respective cloud storage weights in the configuration information, and saving the storage path of the encrypted cascading sub-files Specifically:
  • the encrypted distributed storage device determines the number of sub-files to be allocated corresponding to each cloud according to each cloud storage weight in the configuration information and the number of encrypted cascaded sub-files and redundant cascaded sub-files;
  • the encrypted distributed storage device correspondingly allocates the encrypted concatenated sub-files and redundant concatenated sub-files to the respective clouds for storage according to the number of sub-files to be allocated corresponding to each cloud, and saves the encrypted concatenated sub-files Storage path of files and redundant concatenated sub-files.
  • the present invention also provides a method for downloading multi-cloud storage files.
  • the method for downloading multi-cloud storage files is applied to encrypted distributed storage devices.
  • the method for downloading multi-cloud storage files includes the following steps :
  • the encrypted distributed storage device When the encrypted distributed storage device receives the data download request, obtains the target file information in the data download request, and determines the target concatenated subfile corresponding to the target file in the device database based on the target file information;
  • the encrypted distributed storage device determines the storage path of the target concatenated subfile in the device database, and downloads the target concatenated subfile from each corresponding cloud according to the storage path;
  • the encrypted distributed storage device determines the encryption key of the target concatenated subfile in the device database, and concatenates the target according to the preset decryption mode in the preset configuration information and the encryption key Decrypt the sub-file;
  • the encrypted distributed storage device determines the associated information between the target file and the target concatenated subfile in the device database, and splices the decrypted target concatenated subfile into the target file according to the associated information, And feedback the target file to the data download requester.
  • the encrypted distributed storage device determines the storage path of the target concatenated subfile in the device database, and downloads the target concatenated subfile from each corresponding cloud according to the storage path After the steps, it also includes:
  • the encrypted distributed storage device determines whether the target concatenated subfiles are all the concatenated subfiles corresponding to the target file according to the associated information
  • the encrypted distributed storage device determines that the target concatenated subfile is the all concatenated subfiles, then execute: the encrypted distributed storage device determines the encrypted secret of the target concatenated subfile in the device database Key, and the step of decrypting the target concatenated subfile according to the preset decryption method in the preset configuration information and the encryption key;
  • the encrypted distributed storage device determines that the target concatenated subfile is not the all concatenated subfiles, then determine whether the target concatenated subfile meets the file restoration condition in the configuration information;
  • the encrypted distributed storage device determines that the target concatenated subfile does not meet the file restoration condition, it generates a reminder message that the file download is abnormal due to the missing subfile.
  • the encrypted distributed storage device determines that the target concatenated subfile is not all the concatenated subfiles, then it is determined whether the target concatenated subfile conforms to the configuration information. After the steps of file restoration conditions, it also includes:
  • the encrypted distributed storage device determines that the target concatenated subfile meets the file restoration condition, it determines the target redundancy in the target concatenated subfile according to the relevant redundancy information corresponding to the target concatenated subfile Cascading sub-files and target actual cascading sub-files;
  • the encrypted distributed storage device restores other actual cascaded subfiles corresponding to the target file according to the configuration information, the target redundant cascaded subfile, and the target actual cascaded subfile;
  • the encrypted distributed storage device decrypts the target actual concatenated subfile and other actual concatenated subfiles, and according to the associated information, splices the decrypted target actual concatenated subfile and other actual concatenated subfiles Is the target file, and feeds back the target file to the data download requester.
  • the encrypted distributed storage device when the encrypted distributed storage device receives the data download request, obtains the target file information in the data download request, and based on the target file information, determines in the device database the target cascade sub-subsystem corresponding to the target file.
  • the document steps specifically include:
  • the encrypted distributed storage device receives the data download request, obtain the target file information in the data download request, and determine whether the target file exists in the local device;
  • the encrypted distributed storage device determines that the target file exists in the local device, obtain the target file, and feed the target file back to the data download requester;
  • the encrypted distributed storage device determines that the target file does not exist in the local device, based on the target file information, determine the target concatenated subfile corresponding to the target file in the device database to download it in the corresponding cloud The target concatenated sub-files.
  • the multi-cloud storage device for the file includes a processor, a memory, and a multi-cloud storage program for the file that is stored on the memory and can run on the processor, wherein the multi-cloud storage program for the file When executed by the processor, the steps of the multi-cloud storage method for files as described above are realized.
  • the present invention also provides a computer-readable storage medium, characterized in that the multi-cloud storage program of the file is stored on the computer-readable storage medium, and the multi-cloud storage program of the file is processed
  • the steps of the multi-cloud storage method for files as described above are implemented when the device is executed.
  • the present invention also provides a multi-cloud storage file downloading device, characterized in that the multi-cloud storage device for the file includes a processor, a memory, and stored on the memory and available in the The multi-cloud storage program of the file running on the processor, wherein when the multi-cloud storage program of the file is executed by the processor, the steps of the above-mentioned multi-cloud storage method of the file are realized.
  • the present invention also provides a computer-readable storage medium, wherein the computer-readable storage medium stores a download program for multi-cloud storage files, and the download program for the multi-cloud storage files When executed by the processor, the steps of the method for downloading a multi-cloud storage file as described above are realized.
  • the present invention provides a multi-cloud storage method, device and computer readable storage medium for files.
  • the multi-cloud storage method for files is applied to an encrypted distributed storage device.
  • the multi-cloud storage method for files uses the encrypted distributed storage device.
  • Upon receiving the data upload request obtain the original file to be uploaded, divide the original file into cascaded sub-files of preset size according to the preset configuration information, and save the original file information, cascaded sub-file information, and The associated information between the original file and the concatenated subfile;
  • the encrypted distributed storage device encrypts the concatenated subfile according to a preset encryption method in the configuration information to generate an encrypted encrypted concatenated subfile, And save the encryption key corresponding to the encrypted cascade subfile;
  • the encrypted distributed storage device allocates the encrypted cascade subfile to the respective clouds for storage according to each cloud storage weight in the configuration information , And save the storage path of the encrypted concatenated subfile.
  • the present invention divides the original file to be uploaded to the cloud storage into multiple concatenated sub-files through the encrypted distributed storage device, then encrypts the multiple concatenated sub-files, and divides the multiple sub-files according to preset weights.
  • Each cascaded sub-file is uploaded to the corresponding cloud for storage, making it impossible for any cloud storage provider to parse the original file, and improving the security of cloud storage files.
  • the encryption key and file splicing rules are stored in the encrypted distributed storage device, so that criminals who have obtained all the sub-files cannot decrypt and splice the original files, which further improves the security of cloud storage data and solves the problem.
  • cloud storage data is prone to leakage.
  • FIG. 1 is a schematic flowchart of a first embodiment of a multi-cloud storage method for files of the present invention
  • FIG. 2 is a schematic flowchart of a first embodiment of a method for downloading a multi-cloud storage file according to the present invention
  • FIG. 3 is a schematic flowchart of a second embodiment of a method for downloading a multi-cloud storage file according to the present invention
  • Figure 4 is a schematic diagram of terminal interaction of the present invention.
  • FIG. 5 is a schematic diagram of modules of the encrypted distributed storage device of the present invention.
  • Fig. 6 is a schematic diagram of a file upload process of the encrypted distributed storage device of the present invention.
  • FIG. 7 is a schematic diagram of a file download process of the encrypted distributed storage device of the present invention.
  • Fig. 8 is a schematic diagram of the uploading process of cascaded sub-files of the present invention.
  • the terminal can be implemented in various forms.
  • the terminal described in the present invention may include mobile phones, tablet computers, notebook computers, palmtop computers, personal digital assistants (Personal Digital Assistant, PDA), portable media players (Portable Media Player, PMP), navigation devices, Mobile terminals such as wearable devices, smart bracelets, pedometers, and fixed terminals such as digital TVs and desktop computers.
  • PDA Personal Digital Assistant
  • PMP portable media players
  • Navigation devices Mobile terminals such as wearable devices, smart bracelets, pedometers
  • Mobile terminals such as wearable devices, smart bracelets, pedometers
  • fixed terminals such as digital TVs and desktop computers.
  • FIG. 1 is a schematic flowchart of a first embodiment of a method for multi-cloud storage of files according to the present invention.
  • the multi-cloud storage method for files is applied to an encrypted distributed storage device, and the multi-cloud storage method for files includes the following steps:
  • Step S10 when the encrypted distributed storage device receives the data upload request, obtains the original file to be uploaded, divides the original file into cascaded sub-files of preset size according to preset configuration information, and saves the original file.
  • the original file to be uploaded to the cloud storage is divided into multiple cascaded sub-files through the encrypted distributed storage device, and then the multiple cascaded sub-files are encrypted, and preset weights are used. Uploading the multiple cascaded sub-files to the corresponding cloud for storage respectively makes it impossible for any cloud storage provider to parse the original file, which improves the security of the cloud storage file.
  • the encryption key and the file splicing rules are stored in the encrypted distributed storage device, so that criminals who obtain all the sub-files cannot decrypt and splice the original files, further improving the security of cloud storage data. Specifically, as shown in FIG.
  • the EDS device specifically includes a main control module, a configuration module, a database, a file segmentation module, a file recovery module, a distribution scheduling module, and an encryption and decryption module.
  • the main control module authenticates the client that sends the data upload request, that is, determines whether the client has the data upload authority.
  • the EDS device establishes a connection with the multi-cloud server, that is, the EDS device establishes a connection with multiple cloud servers.
  • the main control module is powered on, and when it receives the original file uploaded by the client, it obtains the preset configuration information from the configuration module.
  • the configuration information includes the file size of the file, such as 8K or 256K.
  • Set the segmentation unit in the configuration information call the file segmentation module to divide the original file into multiple cascaded sub-files of preset sizes, and write the file information before and after the segmentation into the database.
  • the file information before and after the segmentation includes the original file Information, concatenated sub-file information, and associated information between the original file and the concatenated sub-file.
  • Step S20 The encrypted distributed storage device encrypts the concatenated subfile according to the preset encryption mode in the configuration information, generates an encrypted encrypted concatenated subfile, and saves the corresponding encrypted concatenated subfile Encryption key;
  • the file splitting module transmits the split multiple concatenated sub-files to the encryption and decryption module through the PCIe channel for encryption processing.
  • the encryption and decryption module performs encryption processing on the multiple concatenated sub-files according to a preset encryption method in the configuration information, such as AES256 (256-bit advanced encryption standard) or other encryption algorithms, as the encrypted concatenated sub-files. And save the encryption keys corresponding to multiple encrypted cascading sub-files in the database.
  • Step S30 The encrypted distributed storage device allocates the encrypted concatenated sub-files to the respective clouds for storage according to the respective cloud storage weights in the configuration information, and saves the storage of the encrypted concatenated sub-files path.
  • the encryption and decryption module transmits the encrypted concatenated subfile to the distribution scheduling module through the PCIe channel.
  • the main control module controls the distribution scheduling module, presets each cloud storage weight according to the configuration information, that is, the preset cloud provider weight, such as 1:1:1 or 1:2:1, and calls each cloud storage API (application program) Programming interface), distribute the encrypted concatenated sub-files to multiple clouds for storage, and write the storage path of the encrypted concatenated sub-files into the database.
  • the client uploads and downloads files through local storage without changing the original user behavior habits.
  • Local storage interacts with EDS devices through SFTP (Secure File Transfer Protocol), and EDS devices perform file upload and download operations in multiple clouds.
  • SFTP Secure File Transfer Protocol
  • This embodiment greatly simplifies the steps of enterprise multi-client data entering the cloud, and on the premise of maintaining the existing user's habitual operation, the user's unaware data can be entered into the cloud.
  • the cloud provider selected in this embodiment that is, the number of clouds is greater than or equal to 3.
  • the multi-cloud in this embodiment is multiple clouds served by multiple cloud providers.
  • This embodiment provides a multi-cloud storage method for files.
  • the multi-cloud storage method for files is applied to an encrypted distributed storage device.
  • the multi-cloud storage method for files uses the encrypted distributed storage device when a data upload request is received. , Obtain the original file to be uploaded, divide the original file into cascaded sub-files of preset size according to the preset configuration information, and save the original file information, the cascaded sub-file information, and the original file and the cascade The associated information of the subfile; the encrypted distributed storage device encrypts the cascaded subfile according to the preset encryption method in the configuration information, generates an encrypted encrypted cascade subfile, and saves the encrypted cascade The encryption key corresponding to the sub-file; the encrypted distributed storage device allocates the encrypted cascaded sub-files to the respective clouds for storage according to the respective cloud storage weights in the configuration information, and saves the encryption level The storage path of the link file.
  • the present invention divides the original file to be uploaded to the cloud storage into multiple concatenated sub-files through the encrypted distributed storage device, then encrypts the multiple concatenated sub-files, and divides the multiple sub-files according to preset weights.
  • Each cascaded sub-file is uploaded to the corresponding cloud for storage, making it impossible for any cloud storage provider to parse the original file, and improving the security of cloud storage files.
  • the encryption key and file splicing rules are stored in the encrypted distributed storage device, so that criminals who have obtained all the sub-files cannot decrypt and splice the original files, which further improves the security of cloud storage data and solves the problem.
  • cloud storage data is prone to leakage.
  • step S20 the method further includes:
  • the encrypted distributed storage device performs redundancy processing on the encrypted concatenated subfiles according to the configuration information, generates a preset number of redundant concatenated subfiles, and saves redundant concatenated subfile information and the encryption level Relevant redundant information of the concatenated sub-file and the corresponding redundant concatenated sub-file;
  • the EDS device further includes a redundancy module, and the encryption and decryption module transmits the encrypted cascade sub-file to the redundancy module according to the configuration information.
  • the redundancy module generates one or more redundant cascading subfiles according to the redundancy calculation rules in the configuration information, such as generating a third redundant cascading subfile based on 2 encrypted cascading subfiles. And transmit the redundant cascading sub-files to the distribution scheduling module through the PCIe channel.
  • the redundant concatenated sub-file information and the related redundant information of the encrypted concatenated sub-file and the corresponding redundant concatenated sub-file are saved to the database.
  • the related redundant information includes the name, size, path, stored cloud vendor, etc. of redundant concatenated sub-files.
  • the encrypted distributed storage device correspondingly allocates the encrypted cascaded sub-files to the respective clouds for storage according to the respective cloud storage weights in the configuration information, and saves the storage of the encrypted cascaded sub-files
  • the steps of the path specifically include:
  • the encrypted distributed storage device determines the number of sub-files to be allocated corresponding to each cloud according to each cloud storage weight in the configuration information and the number of encrypted cascaded sub-files and redundant cascaded sub-files;
  • the encrypted distributed storage device correspondingly allocates the encrypted concatenated sub-files and redundant concatenated sub-files to the respective clouds for storage according to the number of sub-files to be allocated corresponding to each cloud, and saves the encrypted concatenated sub-files Storage path of files and redundant concatenated sub-files.
  • the main control module sends each cloud storage weight. For example, if three cloud vendors are set to have the same weight, that is, 1:1:1, the configuration information is sent to the distribution scheduling module, and the distribution scheduling module configures it according to the storage weight. Call the cloud storage API interfaces of three cloud vendors to upload the cascaded sub-files generated by the original files to three cloud storages on average. At the same time, the main control module stores the storage path information of all cascaded sub-files, that is, encrypted cascaded sub-files and redundant cascaded sub-files into the database. In view of the modules, preset values, and execution process of the above design, the following example will further illustrate the multi-cloud storage method of files, as follows:
  • the original file a is set to be divided into a sub-file of 8k;
  • the EDS device configuration module delivers the preset configuration information to the main control module.
  • the local storage device regularly uploads the original files to the EDS device according to the storage time of the files;
  • the local storage device starts the SFTP client, and establishes a request with the SFTP server of EDS, the SFTP authentication is passed, and the connection is established;
  • the local storage device uploads the original file a, and the main control module of the EDS device uses the path file name as an index, and stores the original file information in the database.
  • Original file information includes: file name, file size and other information;
  • the main control module obtains 3 cloud vendors, the encryption algorithm is AES256 (256-bit advanced encryption standard), and passes the configuration information to the encryption and decryption module and the distribution scheduling module;
  • the main control module calls the file splitting module to cut the original file a into 8k sub-file sets, and send these sub-file data to the encryption and decryption module through the PCIe channel;
  • the encryption and decryption module uses the AES256 algorithm to separately interleave and scramble each sub-file and split it into two cascaded sub-files for encryption processing, and save the generated multiple keys. Send the encrypted data of the 2 cascaded sub-files to the redundancy module;
  • the redundancy module generates the third redundant cascading sub-file based on the 2 cascading sub-files, and sends these 3 cascading sub-files back to the master control module via PCIe;
  • the main control module sets the weights of each cloud storage. For example, if three cloud vendors are set to have the same weight, that is, 1:1:1, the configuration information is input to the distribution scheduling module, and the distribution scheduling module calls the cloud storage of three cloud vendors according to the configuration. API interface, upload the cascaded sub-files generated by the original file to 3 cloud storages on average.
  • the master control module stores all information related to the cascaded sub-files into the database, including: the name, size, path, and stored cloud vendor of the cascaded sub-files, thereby completing the cloud storage operation of uploading the original file a.
  • This embodiment provides a multi-cloud storage method for files.
  • the multi-cloud storage method for files divides original data, encrypts, and processes redundantly, and divides all levels of data according to preset weight values corresponding to different cloud storage providers.
  • the linked files are uploaded to multiple clouds for storage.
  • the original file can be split into multiple cascaded sub-files and uploaded to multiple different sub-files through technical means such as segmentation, encryption, and redundancy without changing the behavior and habits of the end user. Storing in the cloud makes it impossible for any cloud storage provider to parse out the original file.
  • FIG. 2 is a schematic flowchart of a first embodiment of a method for downloading a cloud storage file according to the present invention.
  • the method for downloading multi-cloud storage files is applied to an encrypted distributed storage device, and the method for downloading multi-cloud storage files includes the following steps:
  • Step S40 when the encrypted distributed storage device receives the data download request, obtains the target file information in the data download request, and determines the target concatenated subfile corresponding to the target file in the device database based on the target file information ;
  • the problem of easy leakage of files stored in the cloud is solved from the file download direction. That is, download the cascaded sub-files related to the original file from the multi-cloud storage terminal, perform operations such as decryption and splicing, restore the original file, and send the original file back to the client.
  • the main control module receives the data download request sent by the client, it first authenticates the client and determines whether the client has file download permission, and the main control module determines that the client With file download permission, the authentication is passed.
  • the main control module obtains the target file information in the data download request, such as the target file name or other identifiers.
  • Step S50 the encrypted distributed storage device determines the storage path of the target concatenated subfile in the device database, and downloads the target concatenated subfile from each corresponding cloud according to the storage path;
  • the main control module queries the database based on the target file information, and obtains related information about the target file, such as the associated cascading sub-file information, as the target cascading sub-file, and each target cascading sub-file is in the cloud The storage path. Then, based on the information of each cascaded sub-file and its storage path in the cloud, call each cloud storage API interface to download the target cascaded sub-file from each corresponding cloud.
  • Step S60 The encrypted distributed storage device determines the encryption key of the target concatenated sub-file in the device database, and performs the verification on the encryption key according to the preset decryption method in the preset configuration information and the encryption key.
  • the target cascaded sub-files are decrypted;
  • the main control module transmits the target concatenated subfile to the encryption and decryption module through the PCIe channel.
  • the encryption and decryption module performs the target concatenation subfile based on the encryption key in the database and the preset decryption method in the configuration information. Decryption operation.
  • Step S70 The encrypted distributed storage device determines the associated information between the target file and the target concatenated subfile in the device database, and splices the decrypted target concatenated subfile into the The target file is fed back to the data download requester.
  • the encryption and decryption module transmits the decrypted target concatenated subfile to the file recovery module through the PCIe channel.
  • the file recovery module is based on the splicing mode in the configuration information and the associated information between the target file and the target cascading subfile stored in the database, such as the sequence of the target cascading subfiles and the file corresponding to each target cascading subfile Identification, the target cascaded sub-files are successively spliced and restored, the original file is generated, and the original file is transmitted to the client, that is, the data download requester.
  • This embodiment provides a method for downloading a multi-cloud storage file.
  • the method for downloading a multi-cloud storage file is applied to an encrypted distributed storage device.
  • the multi-cloud storage method for the file uses the encrypted distributed storage device to download data after receiving it.
  • the encrypted distributed storage device determines in the device database The storage path of the target cascade subfile, and download the target cascade subfile from each corresponding cloud according to the storage path;
  • the encrypted distributed storage device determines the target level in the device database Link the encryption key of the sub-file, and decrypt the target concatenated sub-file according to the preset decryption method in the preset configuration information and the encryption key;
  • the encrypted distributed storage device determines the associated information between the target file and the target concatenated subfile in the device database, and splices the decrypted target concatenated subfile into the target file according to the associated information, And feedback the target file to the data download requester.
  • the present invention from the system architecture level, through the file data upload and download process, the collaboration between the EDS equipment main control module, configuration module, database, file segmentation module, file recovery module and encryption and decryption module can be On the premise of not changing the user's original usage habits, it is convenient and quick to help the user file data into the cloud storage. Compared with the self-built local storage room, the storage cost is greatly reduced.
  • FIG. 3 is a schematic flowchart of a second embodiment of a method for multi-cloud storage of files according to the present invention.
  • the method for downloading a multi-cloud storage file after step S50 further includes:
  • Step S01 The encrypted distributed storage device judges whether the target concatenated subfiles are all concatenated subfiles corresponding to the target file according to the associated information;
  • Step S02 If the encrypted distributed storage device determines that the target concatenated subfile is not all the concatenated subfiles, then determine whether the target concatenated subfile meets the file restoration condition in the configuration information;
  • Step S03 If the encrypted distributed storage device determines that the target concatenated subfile does not meet the file restoration condition, it generates a reminder message that the file download is abnormal due to the missing subfile.
  • the main control module downloads the target cascading subfile in the corresponding multi-cloud, and then according to the associated information corresponding to the target file read in the database, For example, all the cascaded sub-files after the segmentation corresponding to the target file are checked for data integrity of the target cascaded sub-file that is currently downloaded, that is, it is determined whether the target cascaded sub-file is all the cascaded sub-files corresponding to the target file sub file.
  • step S60 that is, if the main control module determines that the target concatenated subfile is the all concatenated subfiles
  • step S60 the cached and verified cascaded sub-file data is sent to the encryption and decryption module through the PCIe channel, and step S60 is executed, that is, the decryption operation is performed.
  • the main control module determines that the target cascade subfile is not all the cascade subfiles, and calls the file recovery module.
  • the file recovery module confirms according to the file recovery conditions set in the configuration information, that is, the recovery calculation rules for redundant data. Whether the target concatenated subfile meets the file restoration condition of the original file.
  • the main control module determines that the target cascaded subfile does not meet the file restoration conditions, it generates a reminder message that the file download is abnormal due to the missing subfile, thereby reminding the user that there are too many cloud abnormalities in the multi-cloud and the target subfile cannot be Download normally, which results in the failure to splice and restore the original file, and the file download fails.
  • the method for downloading the multi-cloud storage file further includes:
  • the encrypted distributed storage device determines that the target concatenated subfile meets the file restoration condition, it determines the target redundancy in the target concatenated subfile according to the relevant redundancy information corresponding to the target concatenated subfile Cascading sub-files and target actual cascading sub-files;
  • the encrypted distributed storage device restores other actual cascaded subfiles corresponding to the target file according to the configuration information, the target redundant cascaded subfile, and the target actual cascaded subfile;
  • the encrypted distributed storage device decrypts the target actual concatenated subfile and other actual concatenated subfiles, and according to the associated information, splices the decrypted target actual concatenated subfile and other actual concatenated subfiles Is the target file, and feeds back the target file to the data download requester.
  • the main control module determines that the target concatenated subfile meets the file restoration condition, that is, the target concatenated subfile has met the file restoration condition of the original file, and the target concatenated subfile is connected through the PCIe channel Transmitted to the redundancy module, according to the relevant redundancy information in the database, that is, the actual cascaded subfile information corresponding to the target file after segmentation and the redundant cascaded subfile information corresponding to the actual cascaded subfile stored in the database , Thereby determining the target redundant concatenated subfile and the target actual concatenated subfile in the target concatenated subfile.
  • the redundancy module calculates and restores other actual concatenated subfiles corresponding to the target file based on the target redundant concatenated subfile and the target actual concatenated subfile according to the redundancy recovery calculation rule in the configuration information.
  • the target actual concatenated sub-file and other actual concatenated sub-files are sent to the encryption and decryption module to perform the decryption operation of the sub-file.
  • the encryption and decryption module transmits the decrypted sub-file data to the file recovery module through the PCIe channel.
  • the file recovery module splices and restores the target actual cascaded sub-files and other actual cascaded sub-files into target files according to the configuration information, and transmits the target files to the client.
  • the client user requests file a to download
  • the EDS device main control module authenticates the client, and when it passes, reads the database to obtain the cascaded sub-file information associated with file a;
  • the main control module uses the cloud vendor API interface to download multiple cascaded sub-files stored in the cloud of the three cloud vendors from the corresponding path to the EDS device cache. According to the file information read from the database, check the data integrity of the cascaded subfile;
  • the main control module sends the cached and verified cascade subfile data or redundant data recovery cascade subfile to the encryption and decryption module through the PCIe channel, and the encryption and decryption module performs processing according to the stored corresponding cascade subfile key Decoding operation, sending the decoded cascaded sub-file data back to the master control module;
  • the master control module calls the file recovery module, and according to the file-related information obtained from the database, splices and restores each sub-file to the original file a, and transmits the original file a to the local storage device;
  • the local storage device receives the original file a and provides the file a to the client user.
  • This embodiment provides a method for downloading a multi-cloud storage file.
  • the method for downloading a multi-cloud storage file is applied to an encrypted distributed storage device.
  • the multi-cloud storage method for the file uses the encrypted distributed storage device to download data after receiving it.
  • the encrypted distributed storage device determines in the device database The storage path of the target cascade subfile, and download the target cascade subfile from each corresponding cloud according to the storage path;
  • the encrypted distributed storage device determines the target level in the device database Link the encryption key of the sub-file, and decrypt the target concatenated sub-file according to the preset decryption method in the preset configuration information and the encryption key;
  • the encrypted distributed storage device determines the associated information between the target file and the target concatenated subfile in the device database, and splices the decrypted target concatenated subfile into the target file according to the associated information, And feedback the target file to the data download requester.
  • step S01 specifically includes:
  • the encrypted distributed storage device receives the data download request, obtain the target file information in the data download request, and determine whether the target file exists in the local device;
  • the encrypted distributed storage device determines that the target file exists in the local device, obtain the target file, and feed the target file back to the data download requester;
  • the encrypted distributed storage device determines that the target file does not exist in the local device, based on the target file information, determine the target concatenated subfile corresponding to the target file in the device database to download it in the corresponding cloud The target concatenated sub-files.
  • the target file information in the data download request is searched in the local path of the local storage device to determine whether the target file exists in the device database; If the main control module determines that the target file exists in the device database, then the target file in the local device can be sent to the client; if the main control module determines that the target file does not exist in the device database, Then the main control module determines the target cascading sub-file corresponding to the target file in the device database based on the target file information, so as to download the target cascading sub-file in the corresponding cloud.
  • This embodiment provides a downloading method for multi-cloud storage files.
  • the upload and download processes of the user only interact with the local storage, and the local storage is based on the local storage space and files.
  • the preset saving time determines whether the file data saved locally is uploaded to the cloud; when the user's file download request is received, the local storage search fails, and the cloud download request is initiated through the EDS device.
  • local storage does not see changes in cloud storage, but only sees EDS devices, which greatly simplifies the secondary development workload of local storage.
  • the invention also provides a multi-cloud storage device for files.
  • the multi-cloud storage device of the file includes a processor, a memory, and a multi-cloud storage program of the file that is stored on the memory and can run on the processor, wherein the multi-cloud storage program of the file is processed by the processing When the device is executed, the steps of the multi-cloud storage method for files as described above are realized.
  • the present invention also provides a computer-readable storage medium.
  • the multi-cloud storage program of the file is stored on the computer-readable storage medium of the present invention, and the multi-cloud storage program of the file is executed by the processor to realize the steps of the multi-cloud storage method of the file as described above.
  • the invention also provides a downloading device for multi-cloud storage files.
  • the downloading device of the multi-cloud storage file includes a processor, a memory, and a download program of the multi-cloud storage file stored on the memory and runable on the processor, wherein the download program of the multi-cloud storage file is When the processor is executed, the steps of the method for downloading a multi-cloud storage file as described above are realized.
  • the method implemented when the download program of the multi-cloud storage file is executed can refer to the various embodiments of the method for downloading the multi-cloud storage file of the present invention, which will not be repeated here.
  • the present invention also provides a computer-readable storage medium.
  • the computer-readable storage medium of the present invention stores a download program of a multi-cloud storage file, and the download program of the multi-cloud storage file is executed by a processor to realize the steps of the method for downloading a multi-cloud storage file as described above.
  • the method implemented when the download program of the multi-cloud storage file is executed can refer to the various embodiments of the method for downloading the multi-cloud storage file of the present invention, which will not be repeated here.
  • the technical solution of the present invention essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, The optical disc) includes several instructions to enable a terminal (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to execute the method described in each embodiment of the present invention.
  • a terminal which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

本发明提供一种文件的多云存储方法、装置及计算机可读存储介质,所述文件的多云存储方法应用于加密分布存储设备,本发明通过加密分布存储设备将待上传至云端存储的原始文件切分为多个级联子文件,然后将多个级联子文件进行加密,并按照预设权重将所述多个级联子文件分别上传至对应云端进行存储,使得任何一个云存储提供商无法解析出原始文件,提升云端存储文件的安全性。另外,将加密密钥以及文件的拼接规则存储在加密分布存储设备中,使得获取全部子文件的不法分子也无法解密及拼接出所述原始文件,进一步提高云端存储数据的安全性,解决了现有云端存储数据容易发生泄露的技术问题。

Description

文件的多云存储方法、下载方法、装置及存储介质 技术领域
本发明涉及网络存储领域,尤其涉及一种文件的多云存储方法、装置及计算机可读存储介质以及多云存储文件的下载方法、装置及计算机可读存储介质。
背景技术
随着云存储技术的快速发展,存储入云等云存储应用已经越来越普遍。用户或企业可以将相关应用或者数据存储入云,不再受时间或地域等条件的限制,因此,云存储技术给用户带来了方便快捷的使用体验。但是将应用以及数据存储到云端同样也会带来很多问题,例如,数据入云不可避免的增加了隐私数据的泄漏风险,因此,数据安全问题成为了用户或者企业进行数据入云的障碍。
发明内容
本发明的主要目的在于提出一种文件的多云存储方法、装置及计算机可读存储介质,旨在解决现有云端存储数据容易发生泄露的技术问题。
为实现上述目的,本发明提供一种文件的多云存储方法,所述文件的多云存储方法应用于加密分布存储设备,所述文件的多云存储方法包括以下步骤:
所述加密分布存储设备在接收到数据上传请求时,获取待上传的原始文件,根据预设配置信息,将所述原始文件切分为预设大小的级联子文件,并保存原始文件信息、级联子文件信息以及所述原始文件与级联子文件的关联信息;
所述加密分布存储设备根据所述配置信息中的预设加密方式将所述级联子文件进行加密,生成加密后的加密级联子文件,并保存所述加密级联子文件对应的加密密钥;
所述加密分布存储设备根据所述配置信息中的各个云端存储权重,将所述加密级联子文件对应分配至所述各个云端进行存储,并保存所述加密级联子文件的存储路径。
可选地,所述加密分布存储设备根据所述配置信息中的预设加密方式将所述级联子文件进行加密,生成加密后的加密级联子文件,并保存所述加密级联子文件对应的加密密钥的步骤之后,还包括:
所述加密分布存储设备根据所述配置信息将所述加密级联子文件进行冗余处理,生成预设 数量的冗余级联子文件,并保存冗余级联子文件信息以及所述加密级联子文件与对应的冗余级联子文件的相关冗余信息;
所述加密分布存储设备根据所述配置信息中的各个云端存储权重,将所述加密级联子文件对应分配至所述各个云端进行存储,并保存所述加密级联子文件的存储路径的步骤具体包括:
所述加密分布存储设备根据所述配置信息中的各个云端存储权重以及所述加密级联子文件与冗余级联子文件的文件数量,确定所述各个云端对应的待分配子文件数量;
所述加密分布存储设备根据各个云端对应的待分配子文件数量,将所述加密级联子文件以及冗余级联子文件对应分配至所述各个云端进行存储,并保存所述加密级联子文件以及冗余级联子文件的存储路径。
此外,为实现上述目的,本发明还提供一种多云存储文件的下载方法,所述的多云存储文件的下载方法应用于加密分布存储设备,所述多云存储文件的下载方法包括以下步骤:
所述加密分布存储设备在接收到数据下载请求时,获取所述数据下载请求中的目标文件信息,并基于所述目标文件信息在设备数据库中确定目标文件对应的目标级联子文件;
所述加密分布存储设备在所述设备数据库中确定所述目标级联子文件的存储路径,并根据所述存储路径,从对应的各个云端中下载所述目标级联子文件;
所述加密分布存储设备在所述设备数据库中确定所述目标级联子文件的加密密钥,并根据预设配置信息中的预设解密方式以及所述加密密钥,对所述目标级联子文件进行解密;
所述加密分布存储设备在所述设备数据库中确定所述目标文件与所述目标级联子文件的关联信息,根据所述关联信息将解密后的目标级联子文件拼接为所述目标文件,并将所述目标文件反馈至数据下载请求方。
可选地,所述加密分布存储设备在所述设备数据库中确定所述目标级联子文件的存储路径,并根据所述存储路径,从对应的各个云端中下载所述目标级联子文件的步骤之后,还包括:
所述加密分布存储设备根据所述关联信息,判断所述目标级联子文件是否为所述目标文件对应的全部级联子文件;
若所述加密分布存储设备判定所述目标级联子文件是所述全部级联子文件,则执行:所述加密分布存储设备在所述设备数据库中确定所述目标级联子文件的加密密钥,并根据预设配置信息中的预设解密方式以及所述加密密钥,对所述目标级联子文件进行解密的步骤;
若所述加密分布存储设备判定所述目标级联子文件不是所述全部级联子文件,则判断所述目标级联子文件是否符合所述配置信息中的文件还原条件;
若所述加密分布存储设备判定所述目标级联子文件不符合所述文件还原条件,则生成子文件缺失导致文件下载异常的提醒消息。
可选地,所述若存在所述若所述加密分布存储设备判定所述目标级联子文件不是所述全部级联子文件,则判断所述目标级联子文件是否符合所述配置信息中的文件还原条件的步骤之后,还包括:
若所述加密分布存储设备判定所述目标级联子文件符合所述文件还原条件,则根据所述目标级联子文件对应的相关冗余信息在所述目标级联子文件中确定目标冗余级联子文件以及目标实际级联子文件;
所述加密分布存储设备根据所述配置信息、目标冗余级联子文件以及目标实际级联子文件,恢复所述目标文件对应的其他实际级联子文件;
所述加密分布存储设备将所述目标实际级联子文件以及其他实际级联子文件进行解密,并根据所述关联信息,将解密后的目标实际级联子文件以及其他实际级联子文件拼接为所述目标文件,并将所述目标文件反馈至数据下载请求方。
可选地,所述加密分布存储设备在接收到数据下载请求时,获取所述数据下载请求中的目标文件信息,并基于所述目标文件信息在设备数据库中确定目标文件对应的目标级联子文件的步骤具体包括:
所述加密分布存储设备在接收到数据下载请求时,获取所述数据下载请求中的目标文件信息,并判断本地设备中是否存在所述目标文件;
若所述加密分布存储设备判定所述本地设备中存在所述目标文件,则获取所述目标文件,并将所述目标文件反馈至数据下载请求方;
若所述加密分布存储设备判定所述本地设备中不存在所述目标文件,则基于所述目标文件信息在所述设备数据库中确定目标文件对应的目标级联子文件,以在对应云端中下载所述目标级联子文件。
可选地,所述文件的多云存储装置包括处理器、存储器及存储在所述存储器上并可在所述处理器上运行的文件的多云存储程序,其中所述文件的多云存储程序被所述处理器执行时,实现如上所述的文件的多云存储方法的步骤。
此外,为实现上述目的,本发明还提供一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有文件的多云存储程序,所述文件的多云存储程序被处理器执行时实现如上所述的文件的多云存储方法的步骤。
此外,为实现上述目的,本发明还提供一种多云存储文件的下载装置,其特征在于,所述文件的多云存储装置包括处理器、存储器及存储在所述存储器上并可在所述处理器上运行的文件的多云存储程序,其中所述文件的多云存储程序被所述处理器执行时,实现如上所述的文件的多云存储方法的步骤。
此外,为实现上述目的,本发明还提供一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有多云存储文件的下载程序,所述多云存储文件的下载程序被处理器执行时实现如上所述的多云存储文件的下载方法的步骤。
本发明提供一种文件的多云存储方法、装置及计算机可读存储介质,所述文件的多云存储方法应用于加密分布存储设备,所述文件的多云存储方法通过所述加密分布存储设备在接收到数据上传请求时,获取待上传的原始文件,根据预设配置信息,将所述原始文件切分为预设大小的级联子文件,并保存原始文件信息、级联子文件信息以及所述原始文件与级联子文件的关联信息;所述加密分布存储设备根据所述配置信息中的预设加密方式将所述级联子文件进行加密,生成加密后的加密级联子文件,并保存所述加密级联子文件对应的加密密钥;所述加密分布存储设备根据所述配置信息中的各个云端存储权重,将所述加密级联子文件对应分配至所述各个云端进行存储,并保存所述加密级联子文件的存储路径。通过上述方式,本发明通过加密分布存储设备将待上传至云端存储的原始文件切分为多个级联子文件,然后将多个级联子文件进行加密,并按照预设权重将所述多个级联子文件分别上传至对应云端进行存储,使得任何一个云存储提供商无法解析出原始文件,提升云端存储文件的安全性。另外,将加密密钥以及文件的拼接规则存储在加密分布存储设备中,使得获取全部子文件的不法分子也无法解密及拼接出所述原始文件,进一步提高云端存储数据的安全性,解决了现有云端存储数据容易发生泄露的技术问题。
附图说明
图1为本发明文件的多云存储方法第一实施例的流程示意图;
图2为本发明多云存储文件的下载方法第一实施例的流程示意图;
图3为本发明多云存储文件的下载方法第二实施例的流程示意图;
图4为本发明终端交互示意图;
图5为本发明的加密分布存储设备的模块示意图;
图6为本发明的加密分布存储设备的文件上传流程示意图;
图7为本发明的加密分布存储设备的文件下载流程示意图;
图8为本发明的级联子文件的上传流程示意图。
本发明目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。
具体实施方式
应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。
在后续的描述中,使用用于表示元件的诸如“模块”、“部件”或“单元”的后缀仅为了有利于本发明的说明,其本身没有特定的意义。因此,“模块”、“部件”或“单元”可以混合地使用。
终端可以以各种形式来实施。例如,本发明中描述的终端可以包括诸如手机、平板电脑、笔记本电脑、掌上电脑、个人数字助理(Personal Digital Assistant,PDA)、便捷式媒体播放器(Portable Media Player,PMP)、导航装置、可穿戴设备、智能手环、计步器等移动终端,以及诸如数字TV、台式计算机等固定终端。
后续描述中将以移动终端为例进行说明,本领域技术人员将理解的是,除了特别用于移动目的的元件之外,根据本发明的实施方式的构造也能够应用于固定类型的终端。
参照图1,图1为本发明文件的多云存储方法第一实施例的流程示意图。
本实施例中,所述文件的多云存储方法应用于加密分布存储设备,所述文件的多云存储方法包括以下步骤:
步骤S10,所述加密分布存储设备在接收到数据上传请求时,获取待上传的原始文件,根据预设配置信息,将所述原始文件切分为预设大小的级联子文件,并保存原始文件信息、级联子文件信息以及所述原始文件与级联子文件的关联信息;
目前,云存储技术给用户带来了方便快捷的使用体验的同时,也同样带来很多问题,例如,数据入云不可避免的增加了隐私数据的泄漏风险,纵观近5年,用户数据泄露事件频频发生,牵涉用户规模也非常庞大,这加大了拥有敏感数据企业入云的担忧。因此,数据安全问题成为 了用户或者企业进行数据入云的障碍。
本实施例中,为了解决上述问题,通过加密分布存储设备将待上传至云端存储的原始文件切分为多个级联子文件,然后将多个级联子文件进行加密,并按照预设权重将所述多个级联子文件分别上传至对应云端进行存储,使得任何一个云存储提供商无法解析出原始文件,提升云端存储文件的安全性。另外,将加密密钥以及文件的拼接规则存储在加密分布存储设备中,使得获取全部子文件的不法分子也无法解密及拼接出所述原始文件,进一步提高云端存储数据的安全性。具体地,如图4所示,用户可通过客户端上传数据请求至加密分布存储设备(Encrypt Distributed Storage,EDS)。如图5所示,该EDS设备具体包括主控模块、配置模块、数据库、文件切分模块、文件恢复模块、分发调度模块、加解密模块。如图6所示,主控模块对发送数据上传请求的客户端进行鉴权,即判断所述客户端是否具有数据上传权限。在该客户端通过该主控模块的鉴权时,EDS设备与多云服务器建立连接,即EDS设备与多个云服务器建立连接。主控模块上电,并在接收到客户端上传的原始文件时,从配置模块获取预设配置信息,该配置信息包括切分子文件的文件大小,如8K或256K,主控模块根据所述预设配置信息中的切分单位,调用文件切分模块将原始文件切分为多个预设大小的级联子文件,并将切分前后文件信息写入数据库,切分前后文件信息包括原始文件信息、级联子文件信息以及所述原始文件与级联子文件的关联信息。
步骤S20,所述加密分布存储设备根据所述配置信息中的预设加密方式将所述级联子文件进行加密,生成加密后的加密级联子文件,并保存所述加密级联子文件对应的加密密钥;
本实施例中,文件切分模块将切分后的多个级联子文件通过PCIe通道传送给加解密模块,进行加密处理。该加解密模块根据配置信息中的预设加密方式,如AES256(256位高级加密标准)或其他加密算法等,对该多个级联子文件进行加密处理,作为加密级联子文件。并将多个加密级联子文件对应的加密密钥保存至数据库中。
步骤S30,所述加密分布存储设备根据所述配置信息中的各个云端存储权重,将所述加密级联子文件对应分配至所述各个云端进行存储,并保存所述加密级联子文件的存储路径。
本实施例中,加解密模块将所述加密级联子文件通过PCIe通道将加密级联子文件传送给分发调度模块。主控模块控制该分发调度模块,根据配置信息中预设各个云端存储权重,即预先设置的云提供商权重,如1:1:1或1:2:1,调用各云存储API(应用程序编程接口),分发加密级联子文件到多个云端进行存储,并将所述加密级联子文件的存储路径写入数据库。具体实施例中,客户端通过本地存储上传、下载文件,不改变原有用户行为习惯。本地存储通过SFTP(安全文件传送协议)同EDS设备交互,EDS设备在多个云端中进行文件的上传、下载 操作。本实施例极大简化了企业多客户端数据入云的步骤,在维持现有用户习惯操作的前提下,可做到用户无感知的数据入云。为了实现单云提供商无法破解文件数据,本实施例中所选取云提供商,即云端数目大于等于3。本实施例中的多云,为多个云提供商服务的多个云端。
本实施例提供一种文件的多云存储方法,所述文件的多云存储方法应用于加密分布存储设备,所述文件的多云存储方法通过所述加密分布存储设备在接收到数据上传请求时,获取待上传的原始文件,根据预设配置信息,将所述原始文件切分为预设大小的级联子文件,并保存原始文件信息、级联子文件信息以及所述原始文件与级联子文件的关联信息;所述加密分布存储设备根据所述配置信息中的预设加密方式将所述级联子文件进行加密,生成加密后的加密级联子文件,并保存所述加密级联子文件对应的加密密钥;所述加密分布存储设备根据所述配置信息中的各个云端存储权重,将所述加密级联子文件对应分配至所述各个云端进行存储,并保存所述加密级联子文件的存储路径。通过上述方式,本发明通过加密分布存储设备将待上传至云端存储的原始文件切分为多个级联子文件,然后将多个级联子文件进行加密,并按照预设权重将所述多个级联子文件分别上传至对应云端进行存储,使得任何一个云存储提供商无法解析出原始文件,提升云端存储文件的安全性。另外,将加密密钥以及文件的拼接规则存储在加密分布存储设备中,使得获取全部子文件的不法分子也无法解密及拼接出所述原始文件,进一步提高云端存储数据的安全性,解决了现有云端存储数据容易发生泄露的技术问题。
图中未示的,基于上述图1所述实施例,步骤S20之后,还包括:
所述加密分布存储设备根据所述配置信息将所述加密级联子文件进行冗余处理,生成预设数量的冗余级联子文件,并保存冗余级联子文件信息以及所述加密级联子文件与对应的冗余级联子文件的相关冗余信息;
除了数据入云的安全性问题,数据入云的可靠性问题也是非常重要的。云提供商因内外因素暂停服务,甚至数据丢失等原因导致的云端数据丢失或者下载异常等问题,对入云企业、用户都可能会带来严重后果。
本实施例中,为了解决上述问题,通过冗余技术以及多云存储,防止单云提供商故障导致的云端数据不可用。具体地,如图8所示,该EDS设备还包括冗余模块,加解密模块根据配置信息,将加密后的加密级联子文件传送给冗余模块。冗余模块根据配置信息中的冗余计算规则,生成一个或多个冗余级联子文件,如根据2个加密级联子文件生成第3个冗余级联子文件。并通过PCIe通道将冗余级联子文件传送给分发调度模块。然后将冗余级联子文件信息以及所 述加密级联子文件与对应的冗余级联子文件的相关冗余信息进行保存至数据库。其中,所述相关冗余信息包括冗余级联子文件名称、大小、路径、所存储云厂商等。
进一步地,所述加密分布存储设备根据所述配置信息中的各个云端存储权重,将所述加密级联子文件对应分配至所述各个云端进行存储,并保存所述加密级联子文件的存储路径的步骤具体包括:
所述加密分布存储设备根据所述配置信息中的各个云端存储权重以及所述加密级联子文件与冗余级联子文件的文件数量,确定所述各个云端对应的待分配子文件数量;
所述加密分布存储设备根据各个云端对应的待分配子文件数量,将所述加密级联子文件以及冗余级联子文件对应分配至所述各个云端进行存储,并保存所述加密级联子文件以及冗余级联子文件的存储路径。
本实施例中,主控模块将各个云端存储权重,如设置3个云厂商是相同权重,即:1:1:1,等配置信息发送至分发调度模块,由分发调度模块根据存储权重配置,调用3个云厂商云存储API接口,将原始文件所生成的级联子文件平均上传至3个云端存储。同时,主控模块将所有级联子文件,即加密级联子文件以及冗余级联子文件的存储路径信息存入数据库。针对上述设计的模块、预设值以及执行流程,下面举例对文件的多云存储方法做进一步的说明,具体如下:
设定云供应商数目N=3;
原始文件a设置为切分为一个为8k的子文件;
EDS设备上电后启动SFTP服务端,EDS设备配置模块将预设配置信息下发主控模块。
本地存储设备根据文件存储时间先后,将原始文件定时上传给EDS设备;
本地存储设备启动SFTP客户端,同EDS的SFTP服务端建立请求,SFTP鉴权通过,建立连接;
本地存储设备上传原始文件a,EDS设备的主控模块使用带路径文件名作为索引,并将原始文件信息存入数据库。原始文件信息包括:文件名、文件大小等信息;
主控模块根据配置,获取云厂商数目为3家,加密算法为AES256(256位高级加密标准),并将该配置信息传递给加解密模块和分发调度模块;
主控模块调用文件切分模块,将原始文件a切割为8k大小的子文件集,并将这些子文件数据通过PCIe通道送至加解密模块;
加解密模块使用AES256算法分别对每个子文件使用交织、加扰后拆分为2个级联子文件进行加密处理,并保存所生成的多个密钥。将加密后的2个级联子文件数据送至冗余模块;
冗余模块根据2个级联子文件生成第3个冗余级联子文件,将这3个级联子文件通过PCIe 送回给总控模块;
主控模块将各云存储权重,如设置3个云厂商是相同权重,即:1:1:1,等配置信息输入给分发调度模块,由分发调度模块根据配置,调用3个云厂商云存储API接口,将原始文件所生成的级联子文件平均上传至3个云端存储。同时,总控模块将所有级联子文件相关的信息存入数据库,包括:级联子文件名称、大小、路径、所存储云厂商等,由此完成原始文件a的上传云端存储操作。
本实施例提供一种文件的多云存储方法,所述文件的多云存储方法将原始数据切分、加密、冗余处理,并根据不同云存储提供商对应的预设权重值,将所有级联子文件上传至多云端分别进行存储。本实施例中通过加设EDS设备,可在不改变终端用户行为习惯的前提下,通过切分、加密、冗余等技术手段,将原始文件拆分为多个级联子文件上传至多个不同的云端中进行存储,使得任何一个云存储提供商无法解析出原始文件。即使所有级联子文件是放在同一个云存储提供商的几个云端中,由于密钥及拼接规则存储在EDS设备中,所以仍是无法拼接、解密出原始文件。同时,即使有个别云存储端发生异常,只要满足预置还原条件,从其他多个云存储端下载的冗余级联子文件以及加密级联子文件也能成功解码还原出原始文件。
参照图2,图2为本发明多云存储文件的下载方法第一实施例的流程示意图。
本实施例中,基于上述图1所述实施例,所述多云存储文件的下载方法应用于加密分布存储设备,所述多云存储文件的下载方法包括以下步骤:
步骤S40,所述加密分布存储设备在接收到数据下载请求时,获取所述数据下载请求中的目标文件信息,并基于所述目标文件信息在设备数据库中确定目标文件对应的目标级联子文件;
为了提升云端存储文件的安全性,基于上述文件的多云存储方法实施例,本实施例中,从文件下载方向解决云端存储文件容易发生泄露的问题。即从多云存储端下载同原始文件相关的级联子文件,进行解密、拼接等操作,恢复原始文件,并将原始文件送反馈至客户端。具体地,如图7所示,主控模块在接收到客户端发送的数据下载请求时,首先对该客户端进行鉴权,判断该客户端是否具有文件下载权限,主控模块判定该客户端具有文件下载权限,则鉴权通过。主控模块获取所述所述数据下载请求中的目标文件信息,如目标文件名称或者其他标示符。
步骤S50,所述加密分布存储设备在所述设备数据库中确定所述目标级联子文件的存储路径,并根据所述存储路径,从对应的各个云端中下载所述目标级联子文件;
本实施例中,主控模块基于所述目标文件信息查询数据库,获取该目标文件的相关信息,如关联级联子文件信息,作为目标级联子文件,以及各个目标级联子文件在云端中的存储路径。然后基于所述各个级联子文件信息及其在云端中的存储路径,调用各云存储API接口,从对应的各个云端中下载所述目标级联子文件。
步骤S60,所述加密分布存储设备在所述设备数据库中确定所述目标级联子文件的加密密钥,并根据预设配置信息中的预设解密方式以及所述加密密钥,对所述目标级联子文件进行解密;
本实施例中,主控模块通过PCIe通道将目标级联子文件传送给加解密模块,加解密模块基于数据库中的加密密钥以及配置信息中的预设解密方式,进行目标级联子文件的解密操作。
步骤S70,所述加密分布存储设备在所述设备数据库中确定所述目标文件与所述目标级联子文件的关联信息,根据所述关联信息将解密后的目标级联子文件拼接为所述目标文件,并将所述目标文件反馈至数据下载请求方。
本实施例中,加解密模块通过PCIe通道将解密后的目标级联子文件传送给文件恢复模块。文件恢复模块根据配置信息中的拼接方式以及数据库中存储的所述目标文件与所述目标级联子文件的关联信息,如目标级联子文件的先后顺序以及各目标级联子文件对应的文件标识,将目标级联子文件依次进行拼接恢复,生成原始文件,并将原始文件传送至客户端,即数据下载请求方。
本实施例提供一种多云存储文件的下载方法,所述多云存储文件的下载方法应用于加密分布存储设备,所述文件的多云存储方法通过所述加密分布存储设备在接收到数据下载请求时,获取所述数据下载请求中的目标文件信息,并基于所述目标文件信息在设备数据库中确定目标文件对应的目标级联子文件;所述加密分布存储设备在所述设备数据库中确定所述目标级联子文件的存储路径,并根据所述存储路径,从对应的各个云端中下载所述目标级联子文件;所述加密分布存储设备在所述设备数据库中确定所述目标级联子文件的加密密钥,并根据预设配置信息中的预设解密方式以及所述加密密钥,对所述目标级联子文件进行解密;
所述加密分布存储设备在所述设备数据库中确定所述目标文件与所述目标级联子文件的关联信息,根据所述关联信息将解密后的目标级联子文件拼接为所述目标文件,并将所述目标文件反馈至数据下载请求方。通过上述方式,本发明从系统架构层面,通过文件数据上传、下载流程,对EDS设备主控模块、配置模块、数据库、文件切分模块、文件恢复模块和加解密模块之间的协作,能在不改变用户原有使用习惯的前提下,方便快捷的帮助用户文件数据入云端存 储,同自建本地存储机房相比,极大降低了存储成本。并且,通过切分、加密原始文件数据,并将加密密钥保存在客户本地EDS设备中,能有效保证存储在各云厂商云端存储中的数据都是不可读的、无法恢复的无效数据,极大提高了用户数据入云的安全性,解决了现有云端存储数据容易发生泄露的技术问题。
参照图3,图3为本发明文件的多云存储方法第二实施例的流程示意图。
本实施例中,基于上述图2所述实施例,所述多云存储文件的下载方法在步骤S50之后,还包括:
步骤S01,所述加密分布存储设备根据所述关联信息,判断所述目标级联子文件是否为所述目标文件对应的全部级联子文件;
步骤S02,若所述加密分布存储设备判定所述目标级联子文件不是所述全部级联子文件,则判断所述目标级联子文件是否符合所述配置信息中的文件还原条件;
步骤S03,若所述加密分布存储设备判定所述目标级联子文件不符合所述文件还原条件,则生成子文件缺失导致文件下载异常的提醒消息。
本实施例中,为了防止单个云端中的数据无法下载或者数据发生异常,主控模块在对应多云端中下载所述目标级联子文件之后,根据数据库中读取的目标文件对应的关联信息,如目标文件对应的切分后的全部级联子文件,对当前下载的目标级联子文件进行数据完整性检查,即判断所述目标级联子文件是否为所述目标文件对应的全部级联子文件。也就是校验所述目标级联子文件是否全部为所述目标文件切分后的级联子文件,以及校验所述目标级联子文件是否为所述目标文件切分后的全部级联子文件。若所述加密分布存储设备判定所述目标级联子文件是所述全部级联子文件,则执行:步骤S60;即若主控模块判定所述目标级联子文件是所述全部级联子文件,通过PCIe通道,将缓存并校验无误的级联子文件数据送至加解密模块,并执行步骤S60,即进行解密操作。
由于上传文件时有冗余处理操作,所以当某个云厂商发生异常时,只要3个云厂商中的2个云厂商能正常下载级联子文件数据,就能够完整的恢复原始数据。即主控模块判定所述目标级联子文件不是所述全部级联子文件,调用文件恢复模块,文件恢复模块根据配置信息中设定的文件还原条件,即冗余数据的恢复计算规则,确认所述目标级联子文件是否符合该原始文件的文件还原条件。若主控模块判定所述目标级联子文件不符合所述文件还原条件,则生成子文件缺失导致文件下载异常的提醒消息,由此提醒用户多云中的云端异常数量过多,目标子文件无法正常下载,从而导致无法拼接恢复原始文件,文件下载失败。
进一步地,图中未示的,所述多云存储文件的下载方法在步骤S03之后,还包括:
若所述加密分布存储设备判定所述目标级联子文件符合所述文件还原条件,则根据所述目标级联子文件对应的相关冗余信息在所述目标级联子文件中确定目标冗余级联子文件以及目标实际级联子文件;
所述加密分布存储设备根据所述配置信息、目标冗余级联子文件以及目标实际级联子文件,恢复所述目标文件对应的其他实际级联子文件;
所述加密分布存储设备将所述目标实际级联子文件以及其他实际级联子文件进行解密,并根据所述关联信息,将解密后的目标实际级联子文件以及其他实际级联子文件拼接为所述目标文件,并将所述目标文件反馈至数据下载请求方。
本实施例中,若主控模块判定所述目标级联子文件符合所述文件还原条件,即所述目标级联子文件已经满足原始文件的文件还原条件,通过PCIe通道将目标级联子文件传送给冗余模块,根据数据库中的相关冗余信息,即数据库中存储目标文件对应的切分后的实际级联子文件信息以及所述实际级联子文件对应的冗余级联子文件信息,由此在所述目标级联子文件中确定目标冗余级联子文件以及目标实际级联子文件。冗余模块根据配置信息中的冗余恢复计算规则,基于所述目标冗余级联子文件以及目标实际级联子文件,计算恢复所述目标文件对应的其他实际级联子文件。并将所述目标实际级联子文件以及其他实际级联子文件发送至加解密模块,进行子文件的解密操作。然后加解密模块通过PCIe通道将解密后的子文件数据传送给文件恢复模块。文件恢复模块根据配置信息,将目标实际级联子文件以及其他实际级联子文件拼接恢复为目标文件,并将所述目标文件传送至客户端。针对上述设计的模块、预设值以及执行流程,下面举例对多云存储文件的下载方法做进一步的说明,具体如下:
客户端用户请求文件a下载;
本地存储设备本地路径搜索文件a未果,则同EDS设备建立SFTP连接,请求文件a下载;
EDS设备主控模块对客户端进行鉴权,通过时,读取数据库,获取文件a相关联的级联子文件信息;
主控模块调用使用云厂商API接口,从对应路径下载3个云厂商云端所保存的多个级联子文件至EDS设备缓存中。根据从数据库中读取的文件信息,对级联子文件进行数据完整性检查;
由于上传文件时有冗余操作,所以只要3个云厂商中的2个云厂商能正常下载级联子文件数据,就能够完整的恢复原始数据;即若该多个级联子文件不符合完整性,则将该多个级联子文件发送至文件恢复模块进行冗余数据恢复操作。
主控模块通过PCIe通道,将缓存并校验无误的级联子文件数据或冗余数据恢复的级联子文件送至加解密模块,加解密模块根据已存储的对应级联子文件密钥进行解码操作,将解码后的级联子文件数据送回总控模块;
总控模块调用文件恢复模块,根据从数据库中获取的文件相关信息,将各子文件拼接恢复为原始文件a,并将原始文件a传输至本地存储设备;
本地存储设备收到原始文件a,将文件a提供给客户端用户。
本实施例提供一种多云存储文件的下载方法,所述多云存储文件的下载方法应用于加密分布存储设备,所述文件的多云存储方法通过所述加密分布存储设备在接收到数据下载请求时,获取所述数据下载请求中的目标文件信息,并基于所述目标文件信息在设备数据库中确定目标文件对应的目标级联子文件;所述加密分布存储设备在所述设备数据库中确定所述目标级联子文件的存储路径,并根据所述存储路径,从对应的各个云端中下载所述目标级联子文件;所述加密分布存储设备在所述设备数据库中确定所述目标级联子文件的加密密钥,并根据预设配置信息中的预设解密方式以及所述加密密钥,对所述目标级联子文件进行解密;
所述加密分布存储设备在所述设备数据库中确定所述目标文件与所述目标级联子文件的关联信息,根据所述关联信息将解密后的目标级联子文件拼接为所述目标文件,并将所述目标文件反馈至数据下载请求方。通过上述方式,本发明从系统架构层面,通过文件数据上传、下载流程,对EDS设备主控模块、配置模块、数据库、文件切分模块、文件恢复模块、加解密模块和冗余模块之间的协作,能在不改变用户原有使用习惯的前提下,方便快捷的帮助用户文件数据入云端存储,同自建本地存储机房相比,极大降低了存储成本。并且,通过切分、加密原始文件数据,并将加密密钥保存在客户本地EDS设备中,能有效保证存储在各云厂商云端存储中的数据都是不可读的、无法恢复的无效数据,极大提高了用户数据入云的安全性,解决了现有云端存储数据容易发生泄露的技术问题。再者,由于对文件数据使用了冗余操作,能保证在个别云厂商云端异常时,并不会影响用户下载文件的恢复,提高了用户数据入云的可靠性。
进一步地,图中未示的,所述步骤S01具体包括:
所述加密分布存储设备在接收到数据下载请求时,获取所述数据下载请求中的目标文件信息,并判断本地设备中是否存在所述目标文件;
若所述加密分布存储设备判定所述本地设备中存在所述目标文件,则获取所述目标文件,并将所述目标文件反馈至数据下载请求方;
若所述加密分布存储设备判定所述本地设备中不存在所述目标文件,则基于所述目标文件信息在所述设备数据库中确定目标文件对应的目标级联子文件,以在对应云端中下载所述目标级联子文件。
本实施例中,在接收到客户端发送的数据下载请求时,在本地存储设备的本地路径中搜索所述数据下载请求中的目标文件信息,判断所述设备数据库中是否存在所述目标文件;若主控模块判定所述设备数据库中存在所述目标文件,则将所述本地设备中的目标文件发送至客户端即可;若主控模块判定所述设备数据库中不存在所述目标文件,则主控模块基于所述目标文件信息在设备数据库中确定目标文件对应的目标级联子文件,以在对应云端中下载所述目标级联子文件。
本实施例提供一种多云存储文件的下载方法,为保证客户端用户使用习惯,EDS设备串联在本地存储之后,用户的上传、下载流程仅跟本地存储交互,本地存储根据本地存储空间及文件预设保存时长,决定本地所保存文件数据是否上传云端;接收到用户的文件下载请求,本地存储搜索未果,则通过EDS设备发起云端下载请求。整个流程中,本地存储看不到云端存储的变化,只看到EDS设备,极大简化了本地存储的二次开发工作量。
本发明还提供一种文件的多云存储装置。
所述文件的多云存储装置包括处理器、存储器及存储在所述存储器上并可在所述处理器上运行的文件的多云存储程序,其中所述文件的多云存储程序被所述处理器执行时,实现如上所述的文件的多云存储方法的步骤。
其中,所述文件的多云存储程序被执行时所实现的方法可参照本发明文件的多云存储方法各个实施例,此处不再赘述。
本发明还提供一种计算机可读存储介质。
本发明计算机可读存储介质上存储有文件的多云存储程序,所述文件的多云存储程序被处理器执行时实现如上所述的文件的多云存储方法的步骤。
其中,所述文件的多云存储程序被执行时所实现的方法可参照本发明文件的多云存储方法各个实施例,此处不再赘述。
本发明还提供一种多云存储文件的下载装置。
所述多云存储文件的下载装置包括处理器、存储器及存储在所述存储器上并可在所述处理器上运行的多云存储文件的下载程序,其中所述多云存储文件的下载程序被所述处理器执行时,实现如上所述的多云存储文件的下载方法的步骤。
其中,所述多云存储文件的下载程序被执行时所实现的方法可参照本发明多云存储文件的下载方法各个实施例,此处不再赘述。
本发明还提供一种计算机可读存储介质。
本发明计算机可读存储介质上存储有多云存储文件的下载程序,所述多云存储文件的下载程序被处理器执行时实现如上所述的多云存储文件的下载方法的步骤。
其中,所述多云存储文件的下载程序被执行时所实现的方法可参照本发明多云存储文件的下载方法各个实施例,此处不再赘述。
需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。
上述本发明实施例序号仅仅为了描述,不代表实施例的优劣。
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本发明各个实施例所述的方法。
上面结合附图对本发明的实施例进行了描述,但是本发明并不局限于上述的具体实施方式,上述的具体实施方式仅仅是示意性的,而不是限制性的,本领域的普通技术人员在本发明的启示下,在不脱离本发明宗旨和权利要求所保护的范围情况下,还可做出很多形式,这些均属于本发明的保护之内。

Claims (10)

  1. 一种文件的多云存储方法,其特征在于,所述文件的多云存储方法应用于加密分布存储设备,所述文件的多云存储方法包括以下步骤:
    所述加密分布存储设备在接收到数据上传请求时,获取待上传的原始文件,根据预设配置信息,将所述原始文件切分为预设大小的级联子文件,并保存原始文件信息、级联子文件信息以及所述原始文件与级联子文件的关联信息;
    所述加密分布存储设备根据所述配置信息中的预设加密方式将所述级联子文件进行加密,生成加密后的加密级联子文件,并保存所述加密级联子文件对应的加密密钥;
    所述加密分布存储设备根据所述配置信息中的各个云端存储权重,将所述加密级联子文件对应分配至所述各个云端进行存储,并保存所述加密级联子文件的存储路径。
  2. 如权利要求1所述的文件的多云存储方法,其特征在于,所述加密分布存储设备根据所述配置信息中的预设加密方式将所述级联子文件进行加密,生成加密后的加密级联子文件,并保存所述加密级联子文件对应的加密密钥的步骤之后,还包括:
    所述加密分布存储设备根据所述配置信息将所述加密级联子文件进行冗余处理,生成预设数量的冗余级联子文件,并保存冗余级联子文件信息以及所述加密级联子文件与对应的冗余级联子文件的相关冗余信息;
    所述加密分布存储设备根据所述配置信息中的各个云端存储权重,将所述加密级联子文件对应分配至所述各个云端进行存储,并保存所述加密级联子文件的存储路径的步骤具体包括:
    所述加密分布存储设备根据所述配置信息中的各个云端存储权重以及所述加密级联子文件与冗余级联子文件的文件数量,确定所述各个云端对应的待分配子文件数量;
    所述加密分布存储设备根据各个云端对应的待分配子文件数量,将所述加密级联子文件以及冗余级联子文件对应分配至所述各个云端进行存储,并保存所述加密级联子文件以及冗余级联子文件的存储路径。
  3. 一种多云存储文件的下载方法,其特征在于,所述的多云存储文件的下载方法应用于加密分布存储设备,所述多云存储文件的下载方法包括以下步骤:
    所述加密分布存储设备在接收到数据下载请求时,获取所述数据下载请求中的目标文件信息,并基于所述目标文件信息在设备数据库中确定目标文件对应的目标级联子文件;
    所述加密分布存储设备在所述设备数据库中确定所述目标级联子文件的存储路径,并 根据所述存储路径,从对应的各个云端中下载所述目标级联子文件;
    所述加密分布存储设备在所述设备数据库中确定所述目标级联子文件的加密密钥,并根据预设配置信息中的预设解密方式以及所述加密密钥,对所述目标级联子文件进行解密;
    所述加密分布存储设备在所述设备数据库中确定所述目标文件与所述目标级联子文件的关联信息,根据所述关联信息将解密后的目标级联子文件拼接为所述目标文件,并将所述目标文件反馈至数据下载请求方。
  4. 如权利要求3所述的多云存储文件的下载方法,其特征在于,所述加密分布存储设备在所述设备数据库中确定所述目标级联子文件的存储路径,并根据所述存储路径,从对应的各个云端中下载所述目标级联子文件的步骤之后,还包括:
    所述加密分布存储设备根据所述关联信息,判断所述目标级联子文件是否为所述目标文件对应的全部级联子文件;
    若所述加密分布存储设备判定所述目标级联子文件是所述全部级联子文件,则执行:所述加密分布存储设备在所述设备数据库中确定所述目标级联子文件的加密密钥,并根据预设配置信息中的预设解密方式以及所述加密密钥,对所述目标级联子文件进行解密的步骤;
    若所述加密分布存储设备判定所述目标级联子文件不是所述全部级联子文件,则判断所述目标级联子文件是否符合所述配置信息中的文件还原条件;
    若所述加密分布存储设备判定所述目标级联子文件不符合所述文件还原条件,则生成子文件缺失导致文件下载异常的提醒消息。
  5. 如权利要求1所述的多云存储文件的下载方法,其特征在于,所述若存在所述若所述加密分布存储设备判定所述目标级联子文件不是所述全部级联子文件,则判断所述目标级联子文件是否符合所述配置信息中的文件还原条件的步骤之后,还包括:
    若所述加密分布存储设备判定所述目标级联子文件符合所述文件还原条件,则根据所述目标级联子文件对应的相关冗余信息在所述目标级联子文件中确定目标冗余级联子文件以及目标实际级联子文件;
    所述加密分布存储设备根据所述配置信息、目标冗余级联子文件以及目标实际级联子文件,恢复所述目标文件对应的其他实际级联子文件;
    所述加密分布存储设备将所述目标实际级联子文件以及其他实际级联子文件进行解密,并根据所述关联信息,将解密后的目标实际级联子文件以及其他实际级联子文件拼接 为所述目标文件,并将所述目标文件反馈至数据下载请求方。
  6. 如权利要求1所述的多云存储文件的下载方法,其特征在于,所述加密分布存储设备在接收到数据下载请求时,获取所述数据下载请求中的目标文件信息,并基于所述目标文件信息在设备数据库中确定目标文件对应的目标级联子文件的步骤具体包括:
    所述加密分布存储设备在接收到数据下载请求时,获取所述数据下载请求中的目标文件信息,并判断本地设备中是否存在所述目标文件;
    若所述加密分布存储设备判定所述本地设备中存在所述目标文件,则获取所述目标文件,并将所述目标文件反馈至数据下载请求方;
    若所述加密分布存储设备判定所述本地设备中不存在所述目标文件,则基于所述目标文件信息在所述设备数据库中确定目标文件对应的目标级联子文件,以在对应云端中下载所述目标级联子文件。
  7. 一种文件的多云存储装置,其特征在于,所述文件的多云存储装置包括处理器、存储器及存储在所述存储器上并可在所述处理器上运行的文件的多云存储程序,其中所述文件的多云存储程序被所述处理器执行时,实现如所述权利要求1或2所述的文件的多云存储方法的步骤。
  8. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有文件的多云存储程序,所述文件的多云存储程序被处理器执行时实现如权利要求1或2所述的文件的多云存储方法的步骤。
  9. 一种多云存储文件的下载装置,其特征在于,所述文件的多云存储装置包括处理器、存储器及存储在所述存储器上并可在所述处理器上运行的文件的多云存储程序,其中所述文件的多云存储程序被所述处理器执行时,实现如所述权利要求3至6中任意一项所述的文件的多云存储方法的步骤。
  10. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有多云存储文件的下载程序,所述多云存储文件的下载程序被处理器执行时实现如权利要求3至6中任意一项所述的多云存储文件的下载方法的步骤。
PCT/CN2019/127025 2019-07-19 2019-12-20 文件的多云存储方法、下载方法、装置及存储介质 WO2021012602A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910658965.2A CN110381061A (zh) 2019-07-19 2019-07-19 文件的多云存储方法、下载方法、装置及存储介质
CN201910658965.2 2019-07-19

Publications (1)

Publication Number Publication Date
WO2021012602A1 true WO2021012602A1 (zh) 2021-01-28

Family

ID=68254627

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/127025 WO2021012602A1 (zh) 2019-07-19 2019-12-20 文件的多云存储方法、下载方法、装置及存储介质

Country Status (2)

Country Link
CN (1) CN110381061A (zh)
WO (1) WO2021012602A1 (zh)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110381061A (zh) * 2019-07-19 2019-10-25 广东省新一代通信与网络创新研究院 文件的多云存储方法、下载方法、装置及存储介质
CN111125645B (zh) * 2019-11-15 2023-05-16 至本医疗科技(上海)有限公司 执行程序处理方法、系统、装置、计算机设备和介质
CN111814210A (zh) * 2019-12-31 2020-10-23 北京骑胜科技有限公司 处理文件的方法、装置、存储介质及电子设备
CN111506546A (zh) * 2020-04-08 2020-08-07 杭州天谷信息科技有限公司 高安全性文件云存储方法
CN113727184B (zh) * 2020-05-25 2023-11-03 京东城市(北京)数字科技有限公司 视频播放方法、装置、系统、存储介质以及电子设备
CN112416450B (zh) * 2020-06-05 2023-02-17 上海哔哩哔哩科技有限公司 资源加密及展示方法及系统
CN111752894A (zh) * 2020-06-23 2020-10-09 深圳市得一微电子有限责任公司 一种基于数据拆分对存储设备中保密文件的写读方法、系统、主机及存储介质
CN115484249B (zh) * 2021-05-27 2024-07-26 中国移动通信集团江苏有限公司 数据传输方法及装置
CN113656095B (zh) * 2021-08-06 2023-08-04 北京数码大方科技股份有限公司 配置数据的处理方法及装置
CN115085900B (zh) * 2022-08-22 2022-11-29 四川汉唐云分布式存储技术有限公司 一种基于分布式存储的同态加密方法
CN117354059B (zh) * 2023-12-04 2024-03-29 广州汇通国信科技有限公司 一种基于云边端协同的数据共享方法

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103583030A (zh) * 2011-05-25 2014-02-12 阿尔卡特朗讯公司 在分布式云计算环境中实现数据安全性的方法及装置
CN103856499A (zh) * 2012-11-29 2014-06-11 中兴通讯股份有限公司 云存储方法及装置、云存储数据下载方法及装置
CN105426775A (zh) * 2015-11-09 2016-03-23 北京联合大学 一种保护智能手机信息安全的方法和系统
CN109857710A (zh) * 2019-01-04 2019-06-07 平安科技(深圳)有限公司 文件存储方法及终端设备
US10333992B2 (en) * 2016-02-19 2019-06-25 Dell Products, Lp System and method for collection and analysis of endpoint forensic and event data
CN110381061A (zh) * 2019-07-19 2019-10-25 广东省新一代通信与网络创新研究院 文件的多云存储方法、下载方法、装置及存储介质

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103207971A (zh) * 2012-01-12 2013-07-17 富泰华工业(深圳)有限公司 基于云存储的数据安全保护系统及方法
CN103729470A (zh) * 2014-01-20 2014-04-16 刘强 一种基于不同云存储端的安全存储方法
US20170048021A1 (en) * 2014-05-13 2017-02-16 Cloud Crowding Corp. Distributed secure data storage and transmission of streaming media content
CN107154945A (zh) * 2017-05-31 2017-09-12 中南大学 一种基于纠删码的多云碎片化安全存储方法及系统

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103583030A (zh) * 2011-05-25 2014-02-12 阿尔卡特朗讯公司 在分布式云计算环境中实现数据安全性的方法及装置
CN103856499A (zh) * 2012-11-29 2014-06-11 中兴通讯股份有限公司 云存储方法及装置、云存储数据下载方法及装置
CN105426775A (zh) * 2015-11-09 2016-03-23 北京联合大学 一种保护智能手机信息安全的方法和系统
US10333992B2 (en) * 2016-02-19 2019-06-25 Dell Products, Lp System and method for collection and analysis of endpoint forensic and event data
CN109857710A (zh) * 2019-01-04 2019-06-07 平安科技(深圳)有限公司 文件存储方法及终端设备
CN110381061A (zh) * 2019-07-19 2019-10-25 广东省新一代通信与网络创新研究院 文件的多云存储方法、下载方法、装置及存储介质

Also Published As

Publication number Publication date
CN110381061A (zh) 2019-10-25

Similar Documents

Publication Publication Date Title
WO2021012602A1 (zh) 文件的多云存储方法、下载方法、装置及存储介质
US11475137B2 (en) Distributed data storage by means of authorisation token
US20240273231A1 (en) Systems and Methods for a Cryptographic File System Layer
US11270006B2 (en) Intelligent storage devices with cryptographic functionality
EP3062261B1 (en) Community-based de-duplication for encrypted data
US11502824B2 (en) Encryption by default in an elastic computing system
US8762743B2 (en) Encrypting data objects to back-up
US8966287B2 (en) Systems and methods for secure third-party data storage
US10503917B2 (en) Performing operations on intelligent storage with hardened interfaces
US10375032B2 (en) System and method for data segmentation and distribution across multiple cloud storage points
US20120260096A1 (en) Method and system for monitoring a secure document
US10924275B1 (en) Creating multiple encrypted volumes from a single source
JP7511630B2 (ja) データ重複排除のための不透明な暗号化
CA3086236A1 (en) Encrypted storage of data
JP2019079280A (ja) ファイル検証装置、ファイル移行システムおよびプログラム
US10785194B2 (en) Processing intents using trusted entities in a dispersed storage network
US11831773B1 (en) Secured database restoration across service regions

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19938372

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19938372

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 19938372

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 11.08.2022)

122 Ep: pct application non-entry in european phase

Ref document number: 19938372

Country of ref document: EP

Kind code of ref document: A1