WO2021012602A1 - 文件的多云存储方法、下载方法、装置及存储介质 - Google Patents
文件的多云存储方法、下载方法、装置及存储介质 Download PDFInfo
- Publication number
- WO2021012602A1 WO2021012602A1 PCT/CN2019/127025 CN2019127025W WO2021012602A1 WO 2021012602 A1 WO2021012602 A1 WO 2021012602A1 CN 2019127025 W CN2019127025 W CN 2019127025W WO 2021012602 A1 WO2021012602 A1 WO 2021012602A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- file
- concatenated
- target
- files
- sub
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Definitions
- the present invention relates to the field of network storage, in particular to a method and device for multi-cloud storage of files, a computer-readable storage medium, and a method, device, and computer-readable storage medium for downloading multi-cloud storage files.
- cloud storage applications such as storage into the cloud have become more and more common. Users or enterprises can store related applications or data in the cloud, and are no longer restricted by time or geographical conditions. Therefore, cloud storage technology brings users a convenient and fast experience. However, storing applications and data in the cloud also brings many problems. For example, data entering the cloud inevitably increases the risk of leakage of private data. Therefore, data security issues become an obstacle for users or enterprises to enter the cloud.
- the main purpose of the present invention is to provide a multi-cloud storage method, device, and computer-readable storage medium for files, aiming to solve the technical problem that existing cloud storage data is prone to leakage.
- the present invention provides a multi-cloud storage method for files.
- the multi-cloud storage method for files is applied to an encrypted distributed storage device.
- the multi-cloud storage method for files includes the following steps:
- the encrypted distributed storage device When receiving the data upload request, the encrypted distributed storage device obtains the original file to be uploaded, divides the original file into cascaded sub-files of preset size according to preset configuration information, and saves the original file information, Concatenated sub-file information and associated information between the original file and the concatenated sub-file;
- the encrypted distributed storage device encrypts the concatenated subfile according to the preset encryption method in the configuration information, generates an encrypted encrypted concatenated subfile, and saves the encryption key corresponding to the encrypted concatenated subfile key;
- the encrypted distributed storage device correspondingly allocates the encrypted concatenated sub-files to the respective clouds for storage according to the respective cloud storage weights in the configuration information, and saves the storage path of the encrypted concatenated sub-files.
- the encrypted distributed storage device encrypts the concatenated subfile according to a preset encryption method in the configuration information, generates an encrypted concatenated subfile, and saves the encrypted concatenated subfile After the corresponding encryption key step, it also includes:
- the encrypted distributed storage device performs redundancy processing on the encrypted concatenated subfiles according to the configuration information, generates a preset number of redundant concatenated subfiles, and saves redundant concatenated subfile information and the encryption level Relevant redundant information of the concatenated sub-file and the corresponding redundant concatenated sub-file;
- the step of the encrypted distributed storage device correspondingly allocating the encrypted cascading sub-files to the respective clouds for storage according to the respective cloud storage weights in the configuration information, and saving the storage path of the encrypted cascading sub-files Specifically:
- the encrypted distributed storage device determines the number of sub-files to be allocated corresponding to each cloud according to each cloud storage weight in the configuration information and the number of encrypted cascaded sub-files and redundant cascaded sub-files;
- the encrypted distributed storage device correspondingly allocates the encrypted concatenated sub-files and redundant concatenated sub-files to the respective clouds for storage according to the number of sub-files to be allocated corresponding to each cloud, and saves the encrypted concatenated sub-files Storage path of files and redundant concatenated sub-files.
- the present invention also provides a method for downloading multi-cloud storage files.
- the method for downloading multi-cloud storage files is applied to encrypted distributed storage devices.
- the method for downloading multi-cloud storage files includes the following steps :
- the encrypted distributed storage device When the encrypted distributed storage device receives the data download request, obtains the target file information in the data download request, and determines the target concatenated subfile corresponding to the target file in the device database based on the target file information;
- the encrypted distributed storage device determines the storage path of the target concatenated subfile in the device database, and downloads the target concatenated subfile from each corresponding cloud according to the storage path;
- the encrypted distributed storage device determines the encryption key of the target concatenated subfile in the device database, and concatenates the target according to the preset decryption mode in the preset configuration information and the encryption key Decrypt the sub-file;
- the encrypted distributed storage device determines the associated information between the target file and the target concatenated subfile in the device database, and splices the decrypted target concatenated subfile into the target file according to the associated information, And feedback the target file to the data download requester.
- the encrypted distributed storage device determines the storage path of the target concatenated subfile in the device database, and downloads the target concatenated subfile from each corresponding cloud according to the storage path After the steps, it also includes:
- the encrypted distributed storage device determines whether the target concatenated subfiles are all the concatenated subfiles corresponding to the target file according to the associated information
- the encrypted distributed storage device determines that the target concatenated subfile is the all concatenated subfiles, then execute: the encrypted distributed storage device determines the encrypted secret of the target concatenated subfile in the device database Key, and the step of decrypting the target concatenated subfile according to the preset decryption method in the preset configuration information and the encryption key;
- the encrypted distributed storage device determines that the target concatenated subfile is not the all concatenated subfiles, then determine whether the target concatenated subfile meets the file restoration condition in the configuration information;
- the encrypted distributed storage device determines that the target concatenated subfile does not meet the file restoration condition, it generates a reminder message that the file download is abnormal due to the missing subfile.
- the encrypted distributed storage device determines that the target concatenated subfile is not all the concatenated subfiles, then it is determined whether the target concatenated subfile conforms to the configuration information. After the steps of file restoration conditions, it also includes:
- the encrypted distributed storage device determines that the target concatenated subfile meets the file restoration condition, it determines the target redundancy in the target concatenated subfile according to the relevant redundancy information corresponding to the target concatenated subfile Cascading sub-files and target actual cascading sub-files;
- the encrypted distributed storage device restores other actual cascaded subfiles corresponding to the target file according to the configuration information, the target redundant cascaded subfile, and the target actual cascaded subfile;
- the encrypted distributed storage device decrypts the target actual concatenated subfile and other actual concatenated subfiles, and according to the associated information, splices the decrypted target actual concatenated subfile and other actual concatenated subfiles Is the target file, and feeds back the target file to the data download requester.
- the encrypted distributed storage device when the encrypted distributed storage device receives the data download request, obtains the target file information in the data download request, and based on the target file information, determines in the device database the target cascade sub-subsystem corresponding to the target file.
- the document steps specifically include:
- the encrypted distributed storage device receives the data download request, obtain the target file information in the data download request, and determine whether the target file exists in the local device;
- the encrypted distributed storage device determines that the target file exists in the local device, obtain the target file, and feed the target file back to the data download requester;
- the encrypted distributed storage device determines that the target file does not exist in the local device, based on the target file information, determine the target concatenated subfile corresponding to the target file in the device database to download it in the corresponding cloud The target concatenated sub-files.
- the multi-cloud storage device for the file includes a processor, a memory, and a multi-cloud storage program for the file that is stored on the memory and can run on the processor, wherein the multi-cloud storage program for the file When executed by the processor, the steps of the multi-cloud storage method for files as described above are realized.
- the present invention also provides a computer-readable storage medium, characterized in that the multi-cloud storage program of the file is stored on the computer-readable storage medium, and the multi-cloud storage program of the file is processed
- the steps of the multi-cloud storage method for files as described above are implemented when the device is executed.
- the present invention also provides a multi-cloud storage file downloading device, characterized in that the multi-cloud storage device for the file includes a processor, a memory, and stored on the memory and available in the The multi-cloud storage program of the file running on the processor, wherein when the multi-cloud storage program of the file is executed by the processor, the steps of the above-mentioned multi-cloud storage method of the file are realized.
- the present invention also provides a computer-readable storage medium, wherein the computer-readable storage medium stores a download program for multi-cloud storage files, and the download program for the multi-cloud storage files When executed by the processor, the steps of the method for downloading a multi-cloud storage file as described above are realized.
- the present invention provides a multi-cloud storage method, device and computer readable storage medium for files.
- the multi-cloud storage method for files is applied to an encrypted distributed storage device.
- the multi-cloud storage method for files uses the encrypted distributed storage device.
- Upon receiving the data upload request obtain the original file to be uploaded, divide the original file into cascaded sub-files of preset size according to the preset configuration information, and save the original file information, cascaded sub-file information, and The associated information between the original file and the concatenated subfile;
- the encrypted distributed storage device encrypts the concatenated subfile according to a preset encryption method in the configuration information to generate an encrypted encrypted concatenated subfile, And save the encryption key corresponding to the encrypted cascade subfile;
- the encrypted distributed storage device allocates the encrypted cascade subfile to the respective clouds for storage according to each cloud storage weight in the configuration information , And save the storage path of the encrypted concatenated subfile.
- the present invention divides the original file to be uploaded to the cloud storage into multiple concatenated sub-files through the encrypted distributed storage device, then encrypts the multiple concatenated sub-files, and divides the multiple sub-files according to preset weights.
- Each cascaded sub-file is uploaded to the corresponding cloud for storage, making it impossible for any cloud storage provider to parse the original file, and improving the security of cloud storage files.
- the encryption key and file splicing rules are stored in the encrypted distributed storage device, so that criminals who have obtained all the sub-files cannot decrypt and splice the original files, which further improves the security of cloud storage data and solves the problem.
- cloud storage data is prone to leakage.
- FIG. 1 is a schematic flowchart of a first embodiment of a multi-cloud storage method for files of the present invention
- FIG. 2 is a schematic flowchart of a first embodiment of a method for downloading a multi-cloud storage file according to the present invention
- FIG. 3 is a schematic flowchart of a second embodiment of a method for downloading a multi-cloud storage file according to the present invention
- Figure 4 is a schematic diagram of terminal interaction of the present invention.
- FIG. 5 is a schematic diagram of modules of the encrypted distributed storage device of the present invention.
- Fig. 6 is a schematic diagram of a file upload process of the encrypted distributed storage device of the present invention.
- FIG. 7 is a schematic diagram of a file download process of the encrypted distributed storage device of the present invention.
- Fig. 8 is a schematic diagram of the uploading process of cascaded sub-files of the present invention.
- the terminal can be implemented in various forms.
- the terminal described in the present invention may include mobile phones, tablet computers, notebook computers, palmtop computers, personal digital assistants (Personal Digital Assistant, PDA), portable media players (Portable Media Player, PMP), navigation devices, Mobile terminals such as wearable devices, smart bracelets, pedometers, and fixed terminals such as digital TVs and desktop computers.
- PDA Personal Digital Assistant
- PMP portable media players
- Navigation devices Mobile terminals such as wearable devices, smart bracelets, pedometers
- Mobile terminals such as wearable devices, smart bracelets, pedometers
- fixed terminals such as digital TVs and desktop computers.
- FIG. 1 is a schematic flowchart of a first embodiment of a method for multi-cloud storage of files according to the present invention.
- the multi-cloud storage method for files is applied to an encrypted distributed storage device, and the multi-cloud storage method for files includes the following steps:
- Step S10 when the encrypted distributed storage device receives the data upload request, obtains the original file to be uploaded, divides the original file into cascaded sub-files of preset size according to preset configuration information, and saves the original file.
- the original file to be uploaded to the cloud storage is divided into multiple cascaded sub-files through the encrypted distributed storage device, and then the multiple cascaded sub-files are encrypted, and preset weights are used. Uploading the multiple cascaded sub-files to the corresponding cloud for storage respectively makes it impossible for any cloud storage provider to parse the original file, which improves the security of the cloud storage file.
- the encryption key and the file splicing rules are stored in the encrypted distributed storage device, so that criminals who obtain all the sub-files cannot decrypt and splice the original files, further improving the security of cloud storage data. Specifically, as shown in FIG.
- the EDS device specifically includes a main control module, a configuration module, a database, a file segmentation module, a file recovery module, a distribution scheduling module, and an encryption and decryption module.
- the main control module authenticates the client that sends the data upload request, that is, determines whether the client has the data upload authority.
- the EDS device establishes a connection with the multi-cloud server, that is, the EDS device establishes a connection with multiple cloud servers.
- the main control module is powered on, and when it receives the original file uploaded by the client, it obtains the preset configuration information from the configuration module.
- the configuration information includes the file size of the file, such as 8K or 256K.
- Set the segmentation unit in the configuration information call the file segmentation module to divide the original file into multiple cascaded sub-files of preset sizes, and write the file information before and after the segmentation into the database.
- the file information before and after the segmentation includes the original file Information, concatenated sub-file information, and associated information between the original file and the concatenated sub-file.
- Step S20 The encrypted distributed storage device encrypts the concatenated subfile according to the preset encryption mode in the configuration information, generates an encrypted encrypted concatenated subfile, and saves the corresponding encrypted concatenated subfile Encryption key;
- the file splitting module transmits the split multiple concatenated sub-files to the encryption and decryption module through the PCIe channel for encryption processing.
- the encryption and decryption module performs encryption processing on the multiple concatenated sub-files according to a preset encryption method in the configuration information, such as AES256 (256-bit advanced encryption standard) or other encryption algorithms, as the encrypted concatenated sub-files. And save the encryption keys corresponding to multiple encrypted cascading sub-files in the database.
- Step S30 The encrypted distributed storage device allocates the encrypted concatenated sub-files to the respective clouds for storage according to the respective cloud storage weights in the configuration information, and saves the storage of the encrypted concatenated sub-files path.
- the encryption and decryption module transmits the encrypted concatenated subfile to the distribution scheduling module through the PCIe channel.
- the main control module controls the distribution scheduling module, presets each cloud storage weight according to the configuration information, that is, the preset cloud provider weight, such as 1:1:1 or 1:2:1, and calls each cloud storage API (application program) Programming interface), distribute the encrypted concatenated sub-files to multiple clouds for storage, and write the storage path of the encrypted concatenated sub-files into the database.
- the client uploads and downloads files through local storage without changing the original user behavior habits.
- Local storage interacts with EDS devices through SFTP (Secure File Transfer Protocol), and EDS devices perform file upload and download operations in multiple clouds.
- SFTP Secure File Transfer Protocol
- This embodiment greatly simplifies the steps of enterprise multi-client data entering the cloud, and on the premise of maintaining the existing user's habitual operation, the user's unaware data can be entered into the cloud.
- the cloud provider selected in this embodiment that is, the number of clouds is greater than or equal to 3.
- the multi-cloud in this embodiment is multiple clouds served by multiple cloud providers.
- This embodiment provides a multi-cloud storage method for files.
- the multi-cloud storage method for files is applied to an encrypted distributed storage device.
- the multi-cloud storage method for files uses the encrypted distributed storage device when a data upload request is received. , Obtain the original file to be uploaded, divide the original file into cascaded sub-files of preset size according to the preset configuration information, and save the original file information, the cascaded sub-file information, and the original file and the cascade The associated information of the subfile; the encrypted distributed storage device encrypts the cascaded subfile according to the preset encryption method in the configuration information, generates an encrypted encrypted cascade subfile, and saves the encrypted cascade The encryption key corresponding to the sub-file; the encrypted distributed storage device allocates the encrypted cascaded sub-files to the respective clouds for storage according to the respective cloud storage weights in the configuration information, and saves the encryption level The storage path of the link file.
- the present invention divides the original file to be uploaded to the cloud storage into multiple concatenated sub-files through the encrypted distributed storage device, then encrypts the multiple concatenated sub-files, and divides the multiple sub-files according to preset weights.
- Each cascaded sub-file is uploaded to the corresponding cloud for storage, making it impossible for any cloud storage provider to parse the original file, and improving the security of cloud storage files.
- the encryption key and file splicing rules are stored in the encrypted distributed storage device, so that criminals who have obtained all the sub-files cannot decrypt and splice the original files, which further improves the security of cloud storage data and solves the problem.
- cloud storage data is prone to leakage.
- step S20 the method further includes:
- the encrypted distributed storage device performs redundancy processing on the encrypted concatenated subfiles according to the configuration information, generates a preset number of redundant concatenated subfiles, and saves redundant concatenated subfile information and the encryption level Relevant redundant information of the concatenated sub-file and the corresponding redundant concatenated sub-file;
- the EDS device further includes a redundancy module, and the encryption and decryption module transmits the encrypted cascade sub-file to the redundancy module according to the configuration information.
- the redundancy module generates one or more redundant cascading subfiles according to the redundancy calculation rules in the configuration information, such as generating a third redundant cascading subfile based on 2 encrypted cascading subfiles. And transmit the redundant cascading sub-files to the distribution scheduling module through the PCIe channel.
- the redundant concatenated sub-file information and the related redundant information of the encrypted concatenated sub-file and the corresponding redundant concatenated sub-file are saved to the database.
- the related redundant information includes the name, size, path, stored cloud vendor, etc. of redundant concatenated sub-files.
- the encrypted distributed storage device correspondingly allocates the encrypted cascaded sub-files to the respective clouds for storage according to the respective cloud storage weights in the configuration information, and saves the storage of the encrypted cascaded sub-files
- the steps of the path specifically include:
- the encrypted distributed storage device determines the number of sub-files to be allocated corresponding to each cloud according to each cloud storage weight in the configuration information and the number of encrypted cascaded sub-files and redundant cascaded sub-files;
- the encrypted distributed storage device correspondingly allocates the encrypted concatenated sub-files and redundant concatenated sub-files to the respective clouds for storage according to the number of sub-files to be allocated corresponding to each cloud, and saves the encrypted concatenated sub-files Storage path of files and redundant concatenated sub-files.
- the main control module sends each cloud storage weight. For example, if three cloud vendors are set to have the same weight, that is, 1:1:1, the configuration information is sent to the distribution scheduling module, and the distribution scheduling module configures it according to the storage weight. Call the cloud storage API interfaces of three cloud vendors to upload the cascaded sub-files generated by the original files to three cloud storages on average. At the same time, the main control module stores the storage path information of all cascaded sub-files, that is, encrypted cascaded sub-files and redundant cascaded sub-files into the database. In view of the modules, preset values, and execution process of the above design, the following example will further illustrate the multi-cloud storage method of files, as follows:
- the original file a is set to be divided into a sub-file of 8k;
- the EDS device configuration module delivers the preset configuration information to the main control module.
- the local storage device regularly uploads the original files to the EDS device according to the storage time of the files;
- the local storage device starts the SFTP client, and establishes a request with the SFTP server of EDS, the SFTP authentication is passed, and the connection is established;
- the local storage device uploads the original file a, and the main control module of the EDS device uses the path file name as an index, and stores the original file information in the database.
- Original file information includes: file name, file size and other information;
- the main control module obtains 3 cloud vendors, the encryption algorithm is AES256 (256-bit advanced encryption standard), and passes the configuration information to the encryption and decryption module and the distribution scheduling module;
- the main control module calls the file splitting module to cut the original file a into 8k sub-file sets, and send these sub-file data to the encryption and decryption module through the PCIe channel;
- the encryption and decryption module uses the AES256 algorithm to separately interleave and scramble each sub-file and split it into two cascaded sub-files for encryption processing, and save the generated multiple keys. Send the encrypted data of the 2 cascaded sub-files to the redundancy module;
- the redundancy module generates the third redundant cascading sub-file based on the 2 cascading sub-files, and sends these 3 cascading sub-files back to the master control module via PCIe;
- the main control module sets the weights of each cloud storage. For example, if three cloud vendors are set to have the same weight, that is, 1:1:1, the configuration information is input to the distribution scheduling module, and the distribution scheduling module calls the cloud storage of three cloud vendors according to the configuration. API interface, upload the cascaded sub-files generated by the original file to 3 cloud storages on average.
- the master control module stores all information related to the cascaded sub-files into the database, including: the name, size, path, and stored cloud vendor of the cascaded sub-files, thereby completing the cloud storage operation of uploading the original file a.
- This embodiment provides a multi-cloud storage method for files.
- the multi-cloud storage method for files divides original data, encrypts, and processes redundantly, and divides all levels of data according to preset weight values corresponding to different cloud storage providers.
- the linked files are uploaded to multiple clouds for storage.
- the original file can be split into multiple cascaded sub-files and uploaded to multiple different sub-files through technical means such as segmentation, encryption, and redundancy without changing the behavior and habits of the end user. Storing in the cloud makes it impossible for any cloud storage provider to parse out the original file.
- FIG. 2 is a schematic flowchart of a first embodiment of a method for downloading a cloud storage file according to the present invention.
- the method for downloading multi-cloud storage files is applied to an encrypted distributed storage device, and the method for downloading multi-cloud storage files includes the following steps:
- Step S40 when the encrypted distributed storage device receives the data download request, obtains the target file information in the data download request, and determines the target concatenated subfile corresponding to the target file in the device database based on the target file information ;
- the problem of easy leakage of files stored in the cloud is solved from the file download direction. That is, download the cascaded sub-files related to the original file from the multi-cloud storage terminal, perform operations such as decryption and splicing, restore the original file, and send the original file back to the client.
- the main control module receives the data download request sent by the client, it first authenticates the client and determines whether the client has file download permission, and the main control module determines that the client With file download permission, the authentication is passed.
- the main control module obtains the target file information in the data download request, such as the target file name or other identifiers.
- Step S50 the encrypted distributed storage device determines the storage path of the target concatenated subfile in the device database, and downloads the target concatenated subfile from each corresponding cloud according to the storage path;
- the main control module queries the database based on the target file information, and obtains related information about the target file, such as the associated cascading sub-file information, as the target cascading sub-file, and each target cascading sub-file is in the cloud The storage path. Then, based on the information of each cascaded sub-file and its storage path in the cloud, call each cloud storage API interface to download the target cascaded sub-file from each corresponding cloud.
- Step S60 The encrypted distributed storage device determines the encryption key of the target concatenated sub-file in the device database, and performs the verification on the encryption key according to the preset decryption method in the preset configuration information and the encryption key.
- the target cascaded sub-files are decrypted;
- the main control module transmits the target concatenated subfile to the encryption and decryption module through the PCIe channel.
- the encryption and decryption module performs the target concatenation subfile based on the encryption key in the database and the preset decryption method in the configuration information. Decryption operation.
- Step S70 The encrypted distributed storage device determines the associated information between the target file and the target concatenated subfile in the device database, and splices the decrypted target concatenated subfile into the The target file is fed back to the data download requester.
- the encryption and decryption module transmits the decrypted target concatenated subfile to the file recovery module through the PCIe channel.
- the file recovery module is based on the splicing mode in the configuration information and the associated information between the target file and the target cascading subfile stored in the database, such as the sequence of the target cascading subfiles and the file corresponding to each target cascading subfile Identification, the target cascaded sub-files are successively spliced and restored, the original file is generated, and the original file is transmitted to the client, that is, the data download requester.
- This embodiment provides a method for downloading a multi-cloud storage file.
- the method for downloading a multi-cloud storage file is applied to an encrypted distributed storage device.
- the multi-cloud storage method for the file uses the encrypted distributed storage device to download data after receiving it.
- the encrypted distributed storage device determines in the device database The storage path of the target cascade subfile, and download the target cascade subfile from each corresponding cloud according to the storage path;
- the encrypted distributed storage device determines the target level in the device database Link the encryption key of the sub-file, and decrypt the target concatenated sub-file according to the preset decryption method in the preset configuration information and the encryption key;
- the encrypted distributed storage device determines the associated information between the target file and the target concatenated subfile in the device database, and splices the decrypted target concatenated subfile into the target file according to the associated information, And feedback the target file to the data download requester.
- the present invention from the system architecture level, through the file data upload and download process, the collaboration between the EDS equipment main control module, configuration module, database, file segmentation module, file recovery module and encryption and decryption module can be On the premise of not changing the user's original usage habits, it is convenient and quick to help the user file data into the cloud storage. Compared with the self-built local storage room, the storage cost is greatly reduced.
- FIG. 3 is a schematic flowchart of a second embodiment of a method for multi-cloud storage of files according to the present invention.
- the method for downloading a multi-cloud storage file after step S50 further includes:
- Step S01 The encrypted distributed storage device judges whether the target concatenated subfiles are all concatenated subfiles corresponding to the target file according to the associated information;
- Step S02 If the encrypted distributed storage device determines that the target concatenated subfile is not all the concatenated subfiles, then determine whether the target concatenated subfile meets the file restoration condition in the configuration information;
- Step S03 If the encrypted distributed storage device determines that the target concatenated subfile does not meet the file restoration condition, it generates a reminder message that the file download is abnormal due to the missing subfile.
- the main control module downloads the target cascading subfile in the corresponding multi-cloud, and then according to the associated information corresponding to the target file read in the database, For example, all the cascaded sub-files after the segmentation corresponding to the target file are checked for data integrity of the target cascaded sub-file that is currently downloaded, that is, it is determined whether the target cascaded sub-file is all the cascaded sub-files corresponding to the target file sub file.
- step S60 that is, if the main control module determines that the target concatenated subfile is the all concatenated subfiles
- step S60 the cached and verified cascaded sub-file data is sent to the encryption and decryption module through the PCIe channel, and step S60 is executed, that is, the decryption operation is performed.
- the main control module determines that the target cascade subfile is not all the cascade subfiles, and calls the file recovery module.
- the file recovery module confirms according to the file recovery conditions set in the configuration information, that is, the recovery calculation rules for redundant data. Whether the target concatenated subfile meets the file restoration condition of the original file.
- the main control module determines that the target cascaded subfile does not meet the file restoration conditions, it generates a reminder message that the file download is abnormal due to the missing subfile, thereby reminding the user that there are too many cloud abnormalities in the multi-cloud and the target subfile cannot be Download normally, which results in the failure to splice and restore the original file, and the file download fails.
- the method for downloading the multi-cloud storage file further includes:
- the encrypted distributed storage device determines that the target concatenated subfile meets the file restoration condition, it determines the target redundancy in the target concatenated subfile according to the relevant redundancy information corresponding to the target concatenated subfile Cascading sub-files and target actual cascading sub-files;
- the encrypted distributed storage device restores other actual cascaded subfiles corresponding to the target file according to the configuration information, the target redundant cascaded subfile, and the target actual cascaded subfile;
- the encrypted distributed storage device decrypts the target actual concatenated subfile and other actual concatenated subfiles, and according to the associated information, splices the decrypted target actual concatenated subfile and other actual concatenated subfiles Is the target file, and feeds back the target file to the data download requester.
- the main control module determines that the target concatenated subfile meets the file restoration condition, that is, the target concatenated subfile has met the file restoration condition of the original file, and the target concatenated subfile is connected through the PCIe channel Transmitted to the redundancy module, according to the relevant redundancy information in the database, that is, the actual cascaded subfile information corresponding to the target file after segmentation and the redundant cascaded subfile information corresponding to the actual cascaded subfile stored in the database , Thereby determining the target redundant concatenated subfile and the target actual concatenated subfile in the target concatenated subfile.
- the redundancy module calculates and restores other actual concatenated subfiles corresponding to the target file based on the target redundant concatenated subfile and the target actual concatenated subfile according to the redundancy recovery calculation rule in the configuration information.
- the target actual concatenated sub-file and other actual concatenated sub-files are sent to the encryption and decryption module to perform the decryption operation of the sub-file.
- the encryption and decryption module transmits the decrypted sub-file data to the file recovery module through the PCIe channel.
- the file recovery module splices and restores the target actual cascaded sub-files and other actual cascaded sub-files into target files according to the configuration information, and transmits the target files to the client.
- the client user requests file a to download
- the EDS device main control module authenticates the client, and when it passes, reads the database to obtain the cascaded sub-file information associated with file a;
- the main control module uses the cloud vendor API interface to download multiple cascaded sub-files stored in the cloud of the three cloud vendors from the corresponding path to the EDS device cache. According to the file information read from the database, check the data integrity of the cascaded subfile;
- the main control module sends the cached and verified cascade subfile data or redundant data recovery cascade subfile to the encryption and decryption module through the PCIe channel, and the encryption and decryption module performs processing according to the stored corresponding cascade subfile key Decoding operation, sending the decoded cascaded sub-file data back to the master control module;
- the master control module calls the file recovery module, and according to the file-related information obtained from the database, splices and restores each sub-file to the original file a, and transmits the original file a to the local storage device;
- the local storage device receives the original file a and provides the file a to the client user.
- This embodiment provides a method for downloading a multi-cloud storage file.
- the method for downloading a multi-cloud storage file is applied to an encrypted distributed storage device.
- the multi-cloud storage method for the file uses the encrypted distributed storage device to download data after receiving it.
- the encrypted distributed storage device determines in the device database The storage path of the target cascade subfile, and download the target cascade subfile from each corresponding cloud according to the storage path;
- the encrypted distributed storage device determines the target level in the device database Link the encryption key of the sub-file, and decrypt the target concatenated sub-file according to the preset decryption method in the preset configuration information and the encryption key;
- the encrypted distributed storage device determines the associated information between the target file and the target concatenated subfile in the device database, and splices the decrypted target concatenated subfile into the target file according to the associated information, And feedback the target file to the data download requester.
- step S01 specifically includes:
- the encrypted distributed storage device receives the data download request, obtain the target file information in the data download request, and determine whether the target file exists in the local device;
- the encrypted distributed storage device determines that the target file exists in the local device, obtain the target file, and feed the target file back to the data download requester;
- the encrypted distributed storage device determines that the target file does not exist in the local device, based on the target file information, determine the target concatenated subfile corresponding to the target file in the device database to download it in the corresponding cloud The target concatenated sub-files.
- the target file information in the data download request is searched in the local path of the local storage device to determine whether the target file exists in the device database; If the main control module determines that the target file exists in the device database, then the target file in the local device can be sent to the client; if the main control module determines that the target file does not exist in the device database, Then the main control module determines the target cascading sub-file corresponding to the target file in the device database based on the target file information, so as to download the target cascading sub-file in the corresponding cloud.
- This embodiment provides a downloading method for multi-cloud storage files.
- the upload and download processes of the user only interact with the local storage, and the local storage is based on the local storage space and files.
- the preset saving time determines whether the file data saved locally is uploaded to the cloud; when the user's file download request is received, the local storage search fails, and the cloud download request is initiated through the EDS device.
- local storage does not see changes in cloud storage, but only sees EDS devices, which greatly simplifies the secondary development workload of local storage.
- the invention also provides a multi-cloud storage device for files.
- the multi-cloud storage device of the file includes a processor, a memory, and a multi-cloud storage program of the file that is stored on the memory and can run on the processor, wherein the multi-cloud storage program of the file is processed by the processing When the device is executed, the steps of the multi-cloud storage method for files as described above are realized.
- the present invention also provides a computer-readable storage medium.
- the multi-cloud storage program of the file is stored on the computer-readable storage medium of the present invention, and the multi-cloud storage program of the file is executed by the processor to realize the steps of the multi-cloud storage method of the file as described above.
- the invention also provides a downloading device for multi-cloud storage files.
- the downloading device of the multi-cloud storage file includes a processor, a memory, and a download program of the multi-cloud storage file stored on the memory and runable on the processor, wherein the download program of the multi-cloud storage file is When the processor is executed, the steps of the method for downloading a multi-cloud storage file as described above are realized.
- the method implemented when the download program of the multi-cloud storage file is executed can refer to the various embodiments of the method for downloading the multi-cloud storage file of the present invention, which will not be repeated here.
- the present invention also provides a computer-readable storage medium.
- the computer-readable storage medium of the present invention stores a download program of a multi-cloud storage file, and the download program of the multi-cloud storage file is executed by a processor to realize the steps of the method for downloading a multi-cloud storage file as described above.
- the method implemented when the download program of the multi-cloud storage file is executed can refer to the various embodiments of the method for downloading the multi-cloud storage file of the present invention, which will not be repeated here.
- the technical solution of the present invention essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, The optical disc) includes several instructions to enable a terminal (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to execute the method described in each embodiment of the present invention.
- a terminal which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
Claims (10)
- 一种文件的多云存储方法,其特征在于,所述文件的多云存储方法应用于加密分布存储设备,所述文件的多云存储方法包括以下步骤:所述加密分布存储设备在接收到数据上传请求时,获取待上传的原始文件,根据预设配置信息,将所述原始文件切分为预设大小的级联子文件,并保存原始文件信息、级联子文件信息以及所述原始文件与级联子文件的关联信息;所述加密分布存储设备根据所述配置信息中的预设加密方式将所述级联子文件进行加密,生成加密后的加密级联子文件,并保存所述加密级联子文件对应的加密密钥;所述加密分布存储设备根据所述配置信息中的各个云端存储权重,将所述加密级联子文件对应分配至所述各个云端进行存储,并保存所述加密级联子文件的存储路径。
- 如权利要求1所述的文件的多云存储方法,其特征在于,所述加密分布存储设备根据所述配置信息中的预设加密方式将所述级联子文件进行加密,生成加密后的加密级联子文件,并保存所述加密级联子文件对应的加密密钥的步骤之后,还包括:所述加密分布存储设备根据所述配置信息将所述加密级联子文件进行冗余处理,生成预设数量的冗余级联子文件,并保存冗余级联子文件信息以及所述加密级联子文件与对应的冗余级联子文件的相关冗余信息;所述加密分布存储设备根据所述配置信息中的各个云端存储权重,将所述加密级联子文件对应分配至所述各个云端进行存储,并保存所述加密级联子文件的存储路径的步骤具体包括:所述加密分布存储设备根据所述配置信息中的各个云端存储权重以及所述加密级联子文件与冗余级联子文件的文件数量,确定所述各个云端对应的待分配子文件数量;所述加密分布存储设备根据各个云端对应的待分配子文件数量,将所述加密级联子文件以及冗余级联子文件对应分配至所述各个云端进行存储,并保存所述加密级联子文件以及冗余级联子文件的存储路径。
- 一种多云存储文件的下载方法,其特征在于,所述的多云存储文件的下载方法应用于加密分布存储设备,所述多云存储文件的下载方法包括以下步骤:所述加密分布存储设备在接收到数据下载请求时,获取所述数据下载请求中的目标文件信息,并基于所述目标文件信息在设备数据库中确定目标文件对应的目标级联子文件;所述加密分布存储设备在所述设备数据库中确定所述目标级联子文件的存储路径,并 根据所述存储路径,从对应的各个云端中下载所述目标级联子文件;所述加密分布存储设备在所述设备数据库中确定所述目标级联子文件的加密密钥,并根据预设配置信息中的预设解密方式以及所述加密密钥,对所述目标级联子文件进行解密;所述加密分布存储设备在所述设备数据库中确定所述目标文件与所述目标级联子文件的关联信息,根据所述关联信息将解密后的目标级联子文件拼接为所述目标文件,并将所述目标文件反馈至数据下载请求方。
- 如权利要求3所述的多云存储文件的下载方法,其特征在于,所述加密分布存储设备在所述设备数据库中确定所述目标级联子文件的存储路径,并根据所述存储路径,从对应的各个云端中下载所述目标级联子文件的步骤之后,还包括:所述加密分布存储设备根据所述关联信息,判断所述目标级联子文件是否为所述目标文件对应的全部级联子文件;若所述加密分布存储设备判定所述目标级联子文件是所述全部级联子文件,则执行:所述加密分布存储设备在所述设备数据库中确定所述目标级联子文件的加密密钥,并根据预设配置信息中的预设解密方式以及所述加密密钥,对所述目标级联子文件进行解密的步骤;若所述加密分布存储设备判定所述目标级联子文件不是所述全部级联子文件,则判断所述目标级联子文件是否符合所述配置信息中的文件还原条件;若所述加密分布存储设备判定所述目标级联子文件不符合所述文件还原条件,则生成子文件缺失导致文件下载异常的提醒消息。
- 如权利要求1所述的多云存储文件的下载方法,其特征在于,所述若存在所述若所述加密分布存储设备判定所述目标级联子文件不是所述全部级联子文件,则判断所述目标级联子文件是否符合所述配置信息中的文件还原条件的步骤之后,还包括:若所述加密分布存储设备判定所述目标级联子文件符合所述文件还原条件,则根据所述目标级联子文件对应的相关冗余信息在所述目标级联子文件中确定目标冗余级联子文件以及目标实际级联子文件;所述加密分布存储设备根据所述配置信息、目标冗余级联子文件以及目标实际级联子文件,恢复所述目标文件对应的其他实际级联子文件;所述加密分布存储设备将所述目标实际级联子文件以及其他实际级联子文件进行解密,并根据所述关联信息,将解密后的目标实际级联子文件以及其他实际级联子文件拼接 为所述目标文件,并将所述目标文件反馈至数据下载请求方。
- 如权利要求1所述的多云存储文件的下载方法,其特征在于,所述加密分布存储设备在接收到数据下载请求时,获取所述数据下载请求中的目标文件信息,并基于所述目标文件信息在设备数据库中确定目标文件对应的目标级联子文件的步骤具体包括:所述加密分布存储设备在接收到数据下载请求时,获取所述数据下载请求中的目标文件信息,并判断本地设备中是否存在所述目标文件;若所述加密分布存储设备判定所述本地设备中存在所述目标文件,则获取所述目标文件,并将所述目标文件反馈至数据下载请求方;若所述加密分布存储设备判定所述本地设备中不存在所述目标文件,则基于所述目标文件信息在所述设备数据库中确定目标文件对应的目标级联子文件,以在对应云端中下载所述目标级联子文件。
- 一种文件的多云存储装置,其特征在于,所述文件的多云存储装置包括处理器、存储器及存储在所述存储器上并可在所述处理器上运行的文件的多云存储程序,其中所述文件的多云存储程序被所述处理器执行时,实现如所述权利要求1或2所述的文件的多云存储方法的步骤。
- 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有文件的多云存储程序,所述文件的多云存储程序被处理器执行时实现如权利要求1或2所述的文件的多云存储方法的步骤。
- 一种多云存储文件的下载装置,其特征在于,所述文件的多云存储装置包括处理器、存储器及存储在所述存储器上并可在所述处理器上运行的文件的多云存储程序,其中所述文件的多云存储程序被所述处理器执行时,实现如所述权利要求3至6中任意一项所述的文件的多云存储方法的步骤。
- 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有多云存储文件的下载程序,所述多云存储文件的下载程序被处理器执行时实现如权利要求3至6中任意一项所述的多云存储文件的下载方法的步骤。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910658965.2A CN110381061A (zh) | 2019-07-19 | 2019-07-19 | 文件的多云存储方法、下载方法、装置及存储介质 |
CN201910658965.2 | 2019-07-19 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021012602A1 true WO2021012602A1 (zh) | 2021-01-28 |
Family
ID=68254627
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2019/127025 WO2021012602A1 (zh) | 2019-07-19 | 2019-12-20 | 文件的多云存储方法、下载方法、装置及存储介质 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110381061A (zh) |
WO (1) | WO2021012602A1 (zh) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110381061A (zh) * | 2019-07-19 | 2019-10-25 | 广东省新一代通信与网络创新研究院 | 文件的多云存储方法、下载方法、装置及存储介质 |
CN111125645B (zh) * | 2019-11-15 | 2023-05-16 | 至本医疗科技(上海)有限公司 | 执行程序处理方法、系统、装置、计算机设备和介质 |
CN111814210A (zh) * | 2019-12-31 | 2020-10-23 | 北京骑胜科技有限公司 | 处理文件的方法、装置、存储介质及电子设备 |
CN111506546A (zh) * | 2020-04-08 | 2020-08-07 | 杭州天谷信息科技有限公司 | 高安全性文件云存储方法 |
CN113727184B (zh) * | 2020-05-25 | 2023-11-03 | 京东城市(北京)数字科技有限公司 | 视频播放方法、装置、系统、存储介质以及电子设备 |
CN112416450B (zh) * | 2020-06-05 | 2023-02-17 | 上海哔哩哔哩科技有限公司 | 资源加密及展示方法及系统 |
CN111752894A (zh) * | 2020-06-23 | 2020-10-09 | 深圳市得一微电子有限责任公司 | 一种基于数据拆分对存储设备中保密文件的写读方法、系统、主机及存储介质 |
CN115484249B (zh) * | 2021-05-27 | 2024-07-26 | 中国移动通信集团江苏有限公司 | 数据传输方法及装置 |
CN113656095B (zh) * | 2021-08-06 | 2023-08-04 | 北京数码大方科技股份有限公司 | 配置数据的处理方法及装置 |
CN115085900B (zh) * | 2022-08-22 | 2022-11-29 | 四川汉唐云分布式存储技术有限公司 | 一种基于分布式存储的同态加密方法 |
CN117354059B (zh) * | 2023-12-04 | 2024-03-29 | 广州汇通国信科技有限公司 | 一种基于云边端协同的数据共享方法 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103583030A (zh) * | 2011-05-25 | 2014-02-12 | 阿尔卡特朗讯公司 | 在分布式云计算环境中实现数据安全性的方法及装置 |
CN103856499A (zh) * | 2012-11-29 | 2014-06-11 | 中兴通讯股份有限公司 | 云存储方法及装置、云存储数据下载方法及装置 |
CN105426775A (zh) * | 2015-11-09 | 2016-03-23 | 北京联合大学 | 一种保护智能手机信息安全的方法和系统 |
CN109857710A (zh) * | 2019-01-04 | 2019-06-07 | 平安科技(深圳)有限公司 | 文件存储方法及终端设备 |
US10333992B2 (en) * | 2016-02-19 | 2019-06-25 | Dell Products, Lp | System and method for collection and analysis of endpoint forensic and event data |
CN110381061A (zh) * | 2019-07-19 | 2019-10-25 | 广东省新一代通信与网络创新研究院 | 文件的多云存储方法、下载方法、装置及存储介质 |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103207971A (zh) * | 2012-01-12 | 2013-07-17 | 富泰华工业(深圳)有限公司 | 基于云存储的数据安全保护系统及方法 |
CN103729470A (zh) * | 2014-01-20 | 2014-04-16 | 刘强 | 一种基于不同云存储端的安全存储方法 |
US20170048021A1 (en) * | 2014-05-13 | 2017-02-16 | Cloud Crowding Corp. | Distributed secure data storage and transmission of streaming media content |
CN107154945A (zh) * | 2017-05-31 | 2017-09-12 | 中南大学 | 一种基于纠删码的多云碎片化安全存储方法及系统 |
-
2019
- 2019-07-19 CN CN201910658965.2A patent/CN110381061A/zh active Pending
- 2019-12-20 WO PCT/CN2019/127025 patent/WO2021012602A1/zh active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103583030A (zh) * | 2011-05-25 | 2014-02-12 | 阿尔卡特朗讯公司 | 在分布式云计算环境中实现数据安全性的方法及装置 |
CN103856499A (zh) * | 2012-11-29 | 2014-06-11 | 中兴通讯股份有限公司 | 云存储方法及装置、云存储数据下载方法及装置 |
CN105426775A (zh) * | 2015-11-09 | 2016-03-23 | 北京联合大学 | 一种保护智能手机信息安全的方法和系统 |
US10333992B2 (en) * | 2016-02-19 | 2019-06-25 | Dell Products, Lp | System and method for collection and analysis of endpoint forensic and event data |
CN109857710A (zh) * | 2019-01-04 | 2019-06-07 | 平安科技(深圳)有限公司 | 文件存储方法及终端设备 |
CN110381061A (zh) * | 2019-07-19 | 2019-10-25 | 广东省新一代通信与网络创新研究院 | 文件的多云存储方法、下载方法、装置及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN110381061A (zh) | 2019-10-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2021012602A1 (zh) | 文件的多云存储方法、下载方法、装置及存储介质 | |
US11475137B2 (en) | Distributed data storage by means of authorisation token | |
US20240273231A1 (en) | Systems and Methods for a Cryptographic File System Layer | |
US11270006B2 (en) | Intelligent storage devices with cryptographic functionality | |
EP3062261B1 (en) | Community-based de-duplication for encrypted data | |
US11502824B2 (en) | Encryption by default in an elastic computing system | |
US8762743B2 (en) | Encrypting data objects to back-up | |
US8966287B2 (en) | Systems and methods for secure third-party data storage | |
US10503917B2 (en) | Performing operations on intelligent storage with hardened interfaces | |
US10375032B2 (en) | System and method for data segmentation and distribution across multiple cloud storage points | |
US20120260096A1 (en) | Method and system for monitoring a secure document | |
US10924275B1 (en) | Creating multiple encrypted volumes from a single source | |
JP7511630B2 (ja) | データ重複排除のための不透明な暗号化 | |
CA3086236A1 (en) | Encrypted storage of data | |
JP2019079280A (ja) | ファイル検証装置、ファイル移行システムおよびプログラム | |
US10785194B2 (en) | Processing intents using trusted entities in a dispersed storage network | |
US11831773B1 (en) | Secured database restoration across service regions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19938372 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19938372 Country of ref document: EP Kind code of ref document: A1 |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19938372 Country of ref document: EP Kind code of ref document: A1 |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 11.08.2022) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19938372 Country of ref document: EP Kind code of ref document: A1 |