WO2021072881A1 - Procédé, appareil et dispositif de traitement de demande fondée sur un stockage d'objet, et support de stockage - Google Patents

Procédé, appareil et dispositif de traitement de demande fondée sur un stockage d'objet, et support de stockage Download PDF

Info

Publication number
WO2021072881A1
WO2021072881A1 PCT/CN2019/118550 CN2019118550W WO2021072881A1 WO 2021072881 A1 WO2021072881 A1 WO 2021072881A1 CN 2019118550 W CN2019118550 W CN 2019118550W WO 2021072881 A1 WO2021072881 A1 WO 2021072881A1
Authority
WO
WIPO (PCT)
Prior art keywords
request
target
access request
value
access
Prior art date
Application number
PCT/CN2019/118550
Other languages
English (en)
Chinese (zh)
Inventor
周波
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2021072881A1 publication Critical patent/WO2021072881A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/13File access structures, e.g. distributed indices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/08Error detection or correction by redundancy in data representation, e.g. by using checking codes
    • G06F11/10Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
    • G06F11/1004Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's to protect a block of data words, e.g. CRC or checksum
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/172Caching, prefetching or hoarding of files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/182Distributed file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Definitions

  • This application relates to the field of computer technology, and in particular to a request processing method, device, device and storage medium based on object storage.
  • the mainstream cloud service providers all provide image archive storage, and the archive storage is charged according to the storage access frequency and capacity. It is found in the application that the access of image data has certain time characteristics. In most of the systems connected, the possibility of data uploaded to the back-end storage is more than 90% accessed within 2 days, and the access after more than 2 days is less than 5%, and the cycle of cloud vendors converting ordinary storage to archive storage Statistics are done on a monthly basis, and the data needs to be charged according to the size of the data when the data is retrieved. Therefore, how to simplify the transmission of file data on the network and the query and retrieval on the server to the greatest extent, and reduce the network when the enterprise is acquiring data Cost has become an urgent problem to be solved.
  • the main purpose of this application is to provide a request processing method, device, equipment and storage medium based on object storage, which aims to solve the inability of the prior art to simplify the transmission of file data in the network and the query and retrieval process on the server side, and reduce the data The technical problem of the network cost at the time of acquisition.
  • this application provides a request processing method based on object storage, and the method includes the following steps:
  • the target data is returned to the initiator of the access request.
  • this application also proposes a request processing device based on object storage, the device including:
  • the request parsing module is used to parse the received access request, and read the request parameters of the preset dimensions from the parsing result;
  • the request authentication module is configured to call a preset object storage gateway function based on the request parameters to perform user authentication on the access request;
  • the parameter acquisition module is configured to search for the local cache field carried in the request header of the access request when the user is authenticated, and read the parameter value corresponding to the local cache field;
  • Numerical value detection module for detecting whether the parameter value is a preset value
  • a data acquisition module configured to acquire the target data requested by the access request from the local storage space when the parameter value is the preset value
  • the data acquisition module is further configured to calculate the current cyclic redundancy check value of the target data using a cyclic redundancy check algorithm, and read the historical cyclic redundancy corresponding to the target data from the local storage space Check value
  • the data acquisition module is further configured to perform a data integrity check on the target data according to the current cyclic redundancy check value and the historical cyclic redundancy check value;
  • the data acquisition module is further configured to return the target data to the initiator of the access request when the verification is passed.
  • this application also proposes a request processing device based on object storage, the device including: a memory, a processor, and a computer readable that is stored on the memory and can run on the processor. Instructions, the computer-readable instructions are configured to implement the steps of the object storage-based request processing method as described above.
  • this application also proposes a storage medium with computer-readable instructions stored on the storage medium, and when the computer-readable instructions are executed by a processor, the object storage-based request as described above is realized. Processing method steps.
  • this application first authenticates the request when it receives an access request, when the user is authenticated, it directly determines whether the target data accessed by the request is stored locally according to the parameter value of the local cache field in the request header when the user authentication is passed.
  • the target data is transmitted back to the initiator of the access request, so that the system does not have to obtain and return data from the remote when receiving each access request, thus simplifying the data transmission in the network and the query and retrieval process on the server. Reduce the network cost of data acquisition.
  • FIG. 1 is a schematic structural diagram of a request processing device based on object storage in a hardware operating environment related to a solution of an embodiment of the present application;
  • FIG. 2 is a schematic flowchart of a first embodiment of a request processing method based on object storage according to this application;
  • FIG. 3 is a schematic flowchart of a second embodiment of a request processing method based on object storage according to this application;
  • FIG. 4 is a schematic flowchart of a third embodiment of a request processing method based on object storage according to this application;
  • Fig. 5 is a structural block diagram of a first embodiment of a request processing apparatus based on object storage in this application.
  • FIG. 1 is a schematic structural diagram of a request processing device based on object storage in a hardware operating environment involved in a solution of an embodiment of the application.
  • the request processing device based on object storage may include a processor 1001, such as a central processing unit (Central Processing Unit). Processing Unit, CPU), communication bus 1002, user interface 1003, network interface 1004, memory 1005.
  • the communication bus 1002 is used to implement connection and communication between these components.
  • the user interface 1003 may include a display screen (Display) and an input unit such as a keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface and a wireless interface.
  • the network interface 1004 may optionally include a standard wired interface and a wireless interface (such as a wireless fidelity (WIreless-FIdelity, WI-FI) interface).
  • WIreless-FIdelity WI-FI
  • the memory 1005 may be a high-speed random access memory (Random Access Memory, RAM) memory, can also be a stable non-volatile memory (Non-Volatile Memory, NVM), such as disk storage.
  • RAM Random Access Memory
  • NVM Non-Volatile Memory
  • the memory 1005 may also be a storage device independent of the aforementioned processor 1001.
  • FIG. 1 does not constitute a limitation on the request processing device based on object storage, and may include more or less components than those shown in the figure, or a combination of certain components, or different components. Component arrangement.
  • the memory 1005 as a storage medium may include an operating system, a data storage module, a network communication module, a user interface module, and computer readable instructions.
  • the network interface 1004 is mainly used for data communication with a network server; the user interface 1003 is mainly used for data interaction with users; the request processing device based on object storage of this application
  • the processor 1001 and the memory 1005 may be set in a request processing device based on object storage.
  • the request processing device based on object storage uses the processor 1001 to call computer-readable instructions stored in the memory 1005 and execute the The request processing method based on object storage.
  • the embodiment of the present application provides a request processing method based on object storage.
  • FIG. 2 is a schematic flowchart of the first embodiment of the request processing method based on object storage in this application.
  • the request processing method based on object storage includes the following steps:
  • Step S10 Parse the received access request, and read the request parameters of the preset dimensions from the parsing result;
  • the execution subject of the method in this embodiment may be a distributed file system or a cluster (Ceph) that can provide object storage, block storage, and file storage.
  • Ceph has been widely used because of its ability to provide three types of storage: object storage, block storage, and file storage, as well as open source features.
  • cloud storage clusters built using Ceph There are more and more cloud storage clusters built using Ceph, and the storage capacity of a single cluster is also increasing. getting bigger.
  • Ceph object storage is usually used to store massive medical pictures.
  • the object storage-based request processing method proposed in this embodiment is mainly used to optimize user access conditions involved in the medical image storage system, and improve user access efficiency and the security of the medical image storage system.
  • the request parameters of the preset dimensions may include: Uniform Resource Locator (Uniform Resource Locator) carried in the access request.
  • Locator URL
  • Locator in the object name
  • operation action bucket
  • bucket bucket
  • authentication type field message header declaration field
  • Signature signature value field and other parameters.
  • the distributed file system Ceph (hereinafter referred to as the Ceph system) in this embodiment may roughly include: a hypertext transfer protocol (HTTP) front-end module, a presentation layer state transfer application program interface (REST API) Five modules: general processing layer, application program interface operation execution layer, interface adaptation layer and interface layer. For each access request received, the above modules in the Ceph system can work together to respond to the access request.
  • HTTP hypertext transfer protocol
  • REST API presentation layer state transfer application program interface
  • Five modules general processing layer, application program interface operation execution layer, interface adaptation layer and interface layer.
  • the HTTP front-end module in the Ceph system first parses the access request when it receives the access request sent by the application client, and then reads the request parameters of the aforementioned preset dimensions from the analysis result, and then transfers these requests Parameters sent to REST API general processing layer.
  • the operation of reading the request parameters of the preset dimensions from the analysis result can also be performed by REST
  • the API is executed by the general processing layer, which is not limited in this embodiment.
  • Step S20 Call a preset object storage gateway function based on the request parameters to perform user authentication on the access request;
  • the user authentication in this embodiment is to verify whether the access user corresponding to the access request is legal, whether the operation action (read/write/modify of data, etc.) is allowed, and the request URL Whether the name of the access object exists, whether the access user has the access authority to the access object, etc.
  • the preset object storage gateway function may be the rgw_process_authenticated function in the pre-written process_request method.
  • the REST of this embodiment When the API general processing layer performs user authentication operations, it can be implemented based on the information contained in the authentication type field, the message header declaration (SignedHeaders) field, and the signature value (Signature) field.
  • the authentication type field defines the user authentication method or type, such as Basic-Basic authentication method or AWS4 (AWS Signature Version4) Server authentication method, etc., and the authentication type field also specifies the target signature algorithm used for request signature value calculation.
  • the message header declaration field specifies which message headers are used to calculate the signature value of the access request.
  • the signature value field gives the exact signature value that should be obtained after calculating the requested signature value.
  • REST in the Ceph system The API general processing layer can call the rgw_process_authenticated function in the process_request method based on the read request parameters to perform user authentication on the access request.
  • Step S30 when the user is authenticated, search for the local cache field carried in the request header of the access request, and read the parameter value corresponding to the local cache field;
  • this embodiment extends the application program interface of the Ceph system, that is, in the request header (HTTP header, An important part of the Hypertext Transfer Protocol, used for parameter transfer) adds the local cache "Local-cached" field, so that it can be judged whether the local is locally based on the parameter value corresponding to the Local-cached field in the request header of each access request The data required for the access request exists, and follow-up operations are performed according to the judgment result.
  • HTTP header Hypertext Transfer Protocol
  • the application program interface operation execution layer in the Ceph system can query the local cache field carried in the request header of the access request when the user is authenticated, and read the parameter value corresponding to the local cache field.
  • Step S40 Detect whether the parameter value is a preset value
  • the parameter value in this embodiment is True or False, and the preset value is True. If the parameter value corresponding to the local cache field is False, it indicates that the data or access object required by the access request does not exist in the database corresponding to the Ceph system. At this time, the Ceph system needs to obtain the data first, and then send it back to the client. ; If the parameter value corresponding to the local cache field is True, it indicates that the data or access object required by the access request exists in the database corresponding to the Ceph system. At this time, it is only necessary to verify the integrity of the data or access object required by the access request. Then return the access result to the client.
  • the application program interface operation execution layer in the Ceph system can detect whether the parameter value is a preset value when it reads the parameter value corresponding to the local cache field, and then execute the corresponding request response operation according to the detection result.
  • Step S50 If yes, obtain the target data requested by the access request from the local storage space;
  • the target data may be the resource to be accessed by the access request, or the access result returned by the Ceph system to the client after the resource is accessed. Further, it is considered that errors may occur during data transmission or storage, and such errors will cause the original structure of the data to be destroyed, so that the data receiver or the data saver may receive or save the wrong data. Therefore, after reading the target data from the local storage space, the Ceph system of this embodiment will also perform a cyclic redundancy check on the read target data to ensure the integrity of the target data.
  • Step S60 Calculate the current cyclic redundancy check value of the target data using a cyclic redundancy check algorithm, and read the historical cyclic redundancy check value corresponding to the target data from the local storage space;
  • the cyclic redundancy check (Cyclic Redundancy Check) Check, CRC) is a hash function that generates a short fixed-digit check code based on data such as network data packets or computer files. It is mainly used to detect or verify possible errors after data transmission or storage.
  • the historical cyclic redundancy check value is the cyclic redundancy check value calculated by the cyclic redundancy check algorithm before the target data is stored in the local storage space. In practical applications, the check value can be associated with the target data and then saved for subsequent reading and verification.
  • step (3) If the LSB is 0, repeat step (3); if the LSB is 1, it means that the CRC register is XORed with 0x31;
  • the CRC value is the CRC value after the NOR operation is performed on the data of the CRC register and the "exclusive OR value result".
  • Step S70 Perform a data integrity check on the target data according to the current cyclic redundancy check value and the historical cyclic redundancy check value;
  • Step S80 When the verification is passed, the target data is returned to the initiator of the access request.
  • the application program interface operation execution layer in the Ceph system detects that the parameter value corresponding to the local cache field is True, it obtains the target data requested by the access request from the local storage space, and then uses the CRC algorithm to After the integrity check of the target data is performed and the verification is passed, the target data is returned to the initiator of the access request to realize a quick response to the access request.
  • this embodiment first authenticates the request when the access request is received, and when the user is authenticated, it directly determines whether the target data accessed by the request is stored locally according to the parameter value of the local cache field in the request header when the user authentication is passed. Directly return the target data to the initiator of the access request, so that the system does not have to obtain and return the data from the remote when receiving each access request, thus simplifying the data transmission in the network and the query and retrieval process on the server , Which reduces the network cost of data acquisition.
  • FIG. 3 is a schematic flowchart of a second embodiment of a request processing method based on object storage in this application.
  • the step S20 includes:
  • Step S201 Read the authentication type field, the message header declaration field, and the signature value field included in the request parameter;
  • the authentication type field defines the method or type of user authentication, such as Basic-Basic authentication method or AWS4 (AWS Signature Version4) Server authentication method, etc., and the authentication type field also specifies the target signature algorithm used for request signature value calculation.
  • the message header declaration field specifies which message headers are used to calculate the signature value of the access request.
  • the signature value field gives the exact signature value that should be obtained after the request signature value calculation is performed. If the calculated signature value is consistent with the exact signature value given in the signature value field, it indicates that the access request is authentic, and vice versa. It is not credible.
  • REST in the Ceph system The API general processing layer can perform user authentication on the access request based on the read request parameters.
  • Step S202 Determine a user authentication method corresponding to the access request according to the authentication type field, where the user authentication method includes a target signature algorithm;
  • the API general processing layer can determine the user authentication method corresponding to the access request and the target signature algorithm used for request signature value calculation according to the authentication type field.
  • the authentication field read by the REST API general processing layer is Authorization: AWS4-HMAC-SHA256 indicates that the authentication method corresponding to the access request is the server identity verification method based on the AWS4 algorithm.
  • the target signature algorithm used in this authentication is the AWS4 algorithm; Hash-based message authentication code (Hash-based Message Authentication Code, HMAC), it stipulates that HMAC operation needs to be performed on the data in the declaration field of the request message header; SHA256 means that the hash value length used by the signature algorithm is 256 bits.
  • Step S203 Calculate the target signature value corresponding to the access request according to the message header declaration field and the target signature algorithm through a preset object storage gateway function;
  • the message header declaration field specifies which message headers are used to calculate the signature value of the access request. At the same time, it also specifies the order of these message headers, so that the subsequent signature calculation will be Canonical.
  • the sequence of message headers spliced by the Request function is consistent with the sequence specified in the message header declaration field. And for access requests, in order to prevent tampering with the request address, the SHA256 value of the requested content, the request timestamp and other information, the host; x-amz-content-sha256; x-amz-date and other parameters in the message header declaration field are required Carry.
  • REST After the API general processing layer obtains the message header declaration field, it first calls the preset object storage gateway function (rgw_process_authenticated function) to extract valid signature data from the request parameters according to the message header declaration field (that is, the message participating in the calculation of the signature value) Header), and then calculate the target signature value corresponding to the access request through the target signature algorithm based on these valid signature data.
  • the API general processing layer can call a preset object storage gateway function to extract valid signature data from the request parameters according to the message header declaration field; and then calculate the access request corresponding to the access request according to the target signature algorithm and the valid signature data. The target signature value.
  • the target signature algorithm is a hash (SHA256) algorithm
  • Step S204 Perform user authentication on the access request based on the signature value field and the target signature value.
  • the signature value field gives the exact signature value that should be obtained after the request signature value calculation is performed.
  • the signature value field Signature 6ab57bc9beb4e6558dc4c9824aa156bdc9a357260150dbabd0a589c74910b624, where the signature value "6ab57bc9beb4e6558dc4c9824aac156bdc9a357589 is the exact value of the signature.
  • REST After the API general processing layer calculates the target signature value, it can compare the target signature value with the exact signature value contained in the signature value field. If the two are exactly the same, it indicates that the access request is credible and the user is authenticated. .
  • the authentication type field, the message header declaration field, and the signature value field contained in the request parameters are read; and then the user authentication method corresponding to the access request is determined according to the authentication type field.
  • the user authentication method includes the target signature algorithm; Suppose the object storage gateway function calculates the target signature value corresponding to the access request according to the message header declaration field and the target signature algorithm; and then authenticates the access request based on the signature value field and the target signature value, thus realizing effective authentication of the access request and avoiding The occurrence of malicious access has ensured the information security of the Ceph system.
  • FIG. 4 is a schematic flowchart of a third embodiment of a request processing method based on object storage in this application.
  • the method further includes:
  • Step S401 If the parameter value is not the preset value, perform data preprocessing on the request parameter to obtain the target request parameter;
  • the data preprocessing in this step may be permission processing on request parameters.
  • the client the initiator of the access request
  • needs to follow corresponding access rules such as bucket access rules or object access rules, when accessing resources/data in the Ceph system.
  • bucket access rules specify the users who have access rights to the objects in the bucket and the types of access rights that these users have.
  • Object access rules specify the users who have object access rights and the types of access rights that these users have. For example, one user may only have read permissions, while another user may have read and write permissions.
  • the application program interface operation execution layer in the Ceph system detects that the parameter value corresponding to the local cache field is False, it will perform data preprocessing on the request parameter carried in the access request to obtain the target request parameter.
  • the identification information corresponding to the initiator of the access request may be extracted from the request parameters; then the corresponding target access rule is searched in the preset access rule table according to the identification information, and the preset access The corresponding relationship between the identification information and the access rule is stored in the rule table; the request parameter is then assigned according to the target access rule to obtain the target request parameter.
  • the identification information may be information that can distinguish the initiators of different access requests, such as Internet Protocol addresses, device serial numbers, and so on.
  • the target access rule may be a pre-created bucket access rule or an object access rule, and these access rules may be associated with the identification information of the initiator and then stored in a preset access rule table.
  • the application program interface operation execution layer detects that the parameter value is not the preset value, it indicates that the data or access object required by the access request does not exist in the database corresponding to the Ceph system.
  • the Ceph system needs to perform the above-mentioned data preprocessing on the request parameters to obtain the target request parameters, and then perform subsequent data pull operations based on the target request parameters.
  • Step S402 Perform authority authentication on the access request based on the target request parameter
  • the authorization authentication is to verify whether the authorization type (such as read, write, change, check, etc.) possessed by the client to access the access object is the same or partially the same as the authorization requested by the access request. If it is, it is determined that the authority authentication is passed.
  • the authorization type such as read, write, change, check, etc.
  • the application program interface operation execution layer after the application program interface operation execution layer assigns the request parameters according to the target access rules to obtain the target request parameters, it can authenticate the access request according to the target request parameters. Specifically, you can read the attribute value corresponding to the host field in the target request parameter (usually Internet Protocol address, IP address), and then query the corresponding permission type in the user permission list according to the attribute value, and then query the corresponding permission type. The permission type is matched with the permission type requested by the access request. If the match is successful, the permission authentication is passed, otherwise, the permission authentication is not passed.
  • the target request parameter usually Internet Protocol address, IP address
  • Step S403 When the authority authentication is passed, encapsulate the access request to obtain a data acquisition request;
  • the rados interface adaptation layer reads the data stored in the underlying rados and obtains the original data of the accessed object, such as target data such as read_version, write_version, status, and size.
  • the application program interface operation execution layer may obtain the access permission corresponding to the access request when the permission authentication is passed; and then add the access permission as a parameter to be added to the request parameter to obtain a new Request parameters; the original request parameters of the access request are replaced with new request parameters to obtain the data acquisition request.
  • Step S404 Send the data acquisition request to the interface adaptation layer, so that the interface adaptation layer returns corresponding target data according to the data acquisition request;
  • the application program interface operation execution layer can send the repackaged data acquisition request to the rados interface adaptation layer, and the rados interface adaptation layer reads the target data stored in the underlying rados according to the data acquisition request.
  • Step S405 Return the target data to the initiator of the access request.
  • the application program interface operation execution layer after the application program interface operation execution layer obtains the target data stored in the bottom layer of rados, it can transmit the target data back to the initiator of the access request to complete the response to the access request.
  • the access request when it is detected that the parameter value is not a preset value, data preprocessing is performed on the request parameter to obtain the target request parameter; the access request is authenticated based on the target request parameter; when the authorization is passed, the access request is performed Encapsulate to obtain the data acquisition request; send the data acquisition request to the interface adaptation layer so that the interface adaptation layer returns the corresponding target data according to the data acquisition request; the target data is returned to the initiator of the access request, so that it can be locally When the target data requested by the access request does not exist in the storage space, the target data can be obtained safely and conveniently, ensuring a smooth response to the access request.
  • the embodiment of the present application also proposes a storage medium, and the storage medium may be a non-volatile readable storage medium or a volatile readable storage medium.
  • the storage medium stores computer-readable instructions, and when the computer-readable instructions are executed by a processor, the steps of the request processing method based on object storage as described above are realized.
  • FIG. 5 is a structural block diagram of a first embodiment of a request processing apparatus based on object storage in this application.
  • the object storage-based request processing apparatus proposed in the embodiment of the present application includes:
  • the request parsing module 501 is used for parsing the received access request, and reading request parameters of preset dimensions from the parsing result;
  • the request authentication module 502 is configured to call a preset object storage gateway function based on the request parameters to perform user authentication on the access request;
  • the parameter acquisition module 503 is configured to search for the local cache field carried in the request header of the access request when the user is authenticated, and read the parameter value corresponding to the local cache field;
  • the value detection module 504 is configured to detect whether the parameter value is a preset value
  • the data acquisition module 505 is configured to acquire the target data requested by the access request from the local storage space when the parameter value is the preset value;
  • the data acquisition module 505 is further configured to use a cyclic redundancy check algorithm to calculate the current cyclic redundancy check value of the target data, and to read the historical cyclic redundancy check value corresponding to the target data from the local storage space. Residual check value;
  • the data acquisition module 505 is further configured to perform a data integrity check on the target data according to the current cyclic redundancy check value and the historical cyclic redundancy check value;
  • the data acquisition module 505 is further configured to return the target data to the initiator of the access request when the verification is passed.
  • this embodiment first authenticates the request when the access request is received, and when the user is authenticated, it directly determines whether the target data accessed by the request is stored locally according to the parameter value of the local cache field in the request header when the user authentication is passed. Directly return the target data to the initiator of the access request, so that the system does not have to obtain and return the data from the remote when receiving each access request, thus simplifying the data transmission in the network and the query and retrieval process on the server , Which reduces the network cost of data acquisition.
  • the request authentication module 502 is also used to read the authentication type field, the message header declaration field, and the signature value field contained in the request parameter; determine the corresponding access request according to the authentication type field
  • the user authentication method includes a target signature algorithm; the target signature value corresponding to the access request is calculated according to the message header declaration field and the target signature algorithm through a preset object storage gateway function; based on the signature The value field and the target signature value perform user authentication on the access request.
  • the request authentication module 502 is also used to call a preset object storage gateway function to extract valid signature data from the request parameters according to the message header declaration field; according to the target signature algorithm and the valid signature data Calculate the target signature value corresponding to the access request.
  • the data acquisition module 505 is further configured to perform data preprocessing on the request parameter when the parameter value is not the preset value to obtain the target request parameter; based on the target request parameter pair Perform permission authentication on the access request; when the permission authentication is passed, encapsulate the access request to obtain a data acquisition request; send the data acquisition request to the interface adaptation layer, so that the interface adaptation layer Return corresponding target data according to the data acquisition request; and return the target data to the initiator of the access request.
  • the data acquisition module 505 is further configured to extract the identification information corresponding to the initiator of the access request from the request parameters;
  • the data acquisition module 505 is further configured to obtain the access permission corresponding to the access request when the permission authentication is passed; add the access permission as a parameter to be added to the request parameter to obtain A new request parameter; the access request is encapsulated according to the new request parameter to obtain a data acquisition request.
  • the data acquisition module 505 is also configured to acquire the target data requested by the access request from a local storage space; use a cyclic redundancy check algorithm to calculate the current cyclic redundancy check value of the target data, And read the historical cyclic redundancy check value corresponding to the target data from the local storage space; perform the target data according to the current cyclic redundancy check value and the historical cyclic redundancy check value Data integrity check; when the check passes, the target data is returned to the initiator of the access request.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Quality & Reliability (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé, un appareil et un dispositif de traitement de demande fondée sur un stockage d'objet, et un support de stockage. Le procédé comprend les étapes consistant à : analyser une demande d'accès reçue et lire un paramètre de demande d'une dimension prédéfinie à partir du résultat d'analyse (S10) ; appeler, sur la base du paramètre de demande, une fonction de passerelle de stockage d'objet prédéfinie pour effectuer une authentification d'utilisateur sur la demande d'accès (S20) ; si l'authentification d'utilisateur réussit, rechercher un champ de mémoire cache local transporté par un en-tête de demande de la demande d'accès, et lire une valeur de paramètre correspondant au champ de mémoire cache local (S30) ; tester si la valeur de paramètre est une valeur prédéfinie (S40) ; si la valeur de paramètre est la valeur prédéfinie, obtenir, à partir d'un espace de stockage local, des données cibles demandées par la demande d'accès (S50) ; calculer une valeur de contrôle par redondance cyclique actuelle des données cibles au moyen d'un algorithme de contrôle par redondance cyclique, et lire une valeur de contrôle par redondance cyclique historique correspondant aux données cibles à partir de l'espace de stockage local (S60) ; effectuer, en fonction de la valeur de contrôle par redondance cyclique actuelle et de la valeur de contrôle par redondance cyclique historique, une vérification d'intégrité de données sur les données cibles (S70) ; et si la vérification réussit, renvoyer les données cibles à une extrémité d'initiation de la demande d'accès (S80). Une authentification d'utilisateur est d'abord effectuée sur la demande d'accès. Si l'authentification réussit, il est déterminé, en fonction de la valeur de paramètre du champ de mémoire cache local dans l'en-tête de demande, si les données cibles à accéder sont stockées localement ; et si tel est le cas, lesdites données cibles sont renvoyées à l'extrémité d'initiation de la demande d'accès, de telle sorte qu'un système n'a pas besoin d'obtenir des données à partir d'une extrémité distale et de renvoyer celles-ci lors de la réception d'une quelconque demande d'accès, ce qui simplifie la transmission de données dans un réseau et le processus de recherche de requête au niveau d'un serveur, et réduit le coût, pour le réseau, de l'acquisition de données.
PCT/CN2019/118550 2019-10-16 2019-11-14 Procédé, appareil et dispositif de traitement de demande fondée sur un stockage d'objet, et support de stockage WO2021072881A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910985628.4 2019-10-16
CN201910985628.4A CN110888838B (zh) 2019-10-16 2019-10-16 基于对象存储的请求处理方法、装置、设备及存储介质

Publications (1)

Publication Number Publication Date
WO2021072881A1 true WO2021072881A1 (fr) 2021-04-22

Family

ID=69746247

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/118550 WO2021072881A1 (fr) 2019-10-16 2019-11-14 Procédé, appareil et dispositif de traitement de demande fondée sur un stockage d'objet, et support de stockage

Country Status (2)

Country Link
CN (1) CN110888838B (fr)
WO (1) WO2021072881A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113660096A (zh) * 2021-08-11 2021-11-16 挂号网(杭州)科技有限公司 一种请求签名方法、装置、电子设备及存储介质
CN113973139A (zh) * 2021-10-20 2022-01-25 北京沃东天骏信息技术有限公司 一种消息处理的方法和装置
US20220100878A1 (en) * 2020-09-25 2022-03-31 EMC IP Holding Company LLC Facilitating an object protocol based access of data within a multiprotocol environment
CN116032652A (zh) * 2023-01-31 2023-04-28 湖南创亿达实业发展有限公司 基于智能交互触控平板的网关认证方法及系统

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111835523B (zh) * 2020-05-25 2023-05-30 北京齐尔布莱特科技有限公司 一种数据请求方法、系统及计算设备
CN112699294A (zh) * 2020-12-30 2021-04-23 深圳前海微众银行股份有限公司 软件头像管理方法、系统、设备及计算机存储介质
CN114489486B (zh) * 2021-12-28 2023-07-14 无锡宇宁智能科技有限公司 行业数据长存储方法、设备及存储介质
CN114428591A (zh) * 2022-01-27 2022-05-03 北京海纳川汽车部件股份有限公司 车载网关的数据存储方法、读取方法及装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150067001A1 (en) * 2013-08-30 2015-03-05 International Business Machines Corporation Cache management in a computerized system
CN107807792A (zh) * 2017-10-27 2018-03-16 郑州云海信息技术有限公司 一种基于副本存储系统的数据处理方法及相关装置
CN108710639A (zh) * 2018-04-17 2018-10-26 桂林电子科技大学 一种基于Ceph的海量小文件存取优化方法
CN108833369A (zh) * 2018-05-28 2018-11-16 郑州云海信息技术有限公司 一种访问文件系统的方法、装置及设备

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110232292A (zh) * 2019-05-06 2019-09-13 平安科技(深圳)有限公司 数据访问权限认证方法、服务器及存储介质

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150067001A1 (en) * 2013-08-30 2015-03-05 International Business Machines Corporation Cache management in a computerized system
CN107807792A (zh) * 2017-10-27 2018-03-16 郑州云海信息技术有限公司 一种基于副本存储系统的数据处理方法及相关装置
CN108710639A (zh) * 2018-04-17 2018-10-26 桂林电子科技大学 一种基于Ceph的海量小文件存取优化方法
CN108833369A (zh) * 2018-05-28 2018-11-16 郑州云海信息技术有限公司 一种访问文件系统的方法、装置及设备

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220100878A1 (en) * 2020-09-25 2022-03-31 EMC IP Holding Company LLC Facilitating an object protocol based access of data within a multiprotocol environment
US11928228B2 (en) * 2020-09-25 2024-03-12 EMC IP Holding Company LLC Facilitating an object protocol based access of data within a multiprotocol environment
CN113660096A (zh) * 2021-08-11 2021-11-16 挂号网(杭州)科技有限公司 一种请求签名方法、装置、电子设备及存储介质
CN113973139A (zh) * 2021-10-20 2022-01-25 北京沃东天骏信息技术有限公司 一种消息处理的方法和装置
CN116032652A (zh) * 2023-01-31 2023-04-28 湖南创亿达实业发展有限公司 基于智能交互触控平板的网关认证方法及系统
CN116032652B (zh) * 2023-01-31 2023-08-25 湖南创亿达实业发展有限公司 基于智能交互触控平板的网关认证方法及系统

Also Published As

Publication number Publication date
CN110888838A (zh) 2020-03-17
CN110888838B (zh) 2024-03-08

Similar Documents

Publication Publication Date Title
WO2021072881A1 (fr) Procédé, appareil et dispositif de traitement de demande fondée sur un stockage d'objet, et support de stockage
WO2016169410A1 (fr) Procédé et dispositif d'ouverture de session, serveur et système d'ouverture de session
WO2021060853A1 (fr) Système de contrôle d'accès au réseau et procédé associé
WO2021002692A1 (fr) Procédé de fourniture de service d'actifs virtuels sur la base d'un identifiant décentralisé et serveur de fourniture de service d'actifs virtuels les utilisant
WO2020220413A1 (fr) Procédé et système de preuve à divulgation nulle de connaissance pour informations personnelles, et support de données
WO2017135670A1 (fr) Procédé et serveur permettant de fournir un service de notaire pour un dossier et de vérifier un dossier enregistré par un service de notaire
WO2017135669A1 (fr) Procédé et serveur permettant de fournir un service de notaire pour un dossier et de vérifier un dossier enregistré par un service de notaire
WO2021003975A1 (fr) Procédé de test d'interface de passerelle, dispositif terminal, support de stockage et appareil
WO2014101023A1 (fr) Procédé et dispositif de prévention d'un accès illégal à un service
WO2014069777A1 (fr) Commande de transit pour des données
WO2019127973A1 (fr) Procédé, système et dispositif d'authentification d'autorité pour référentiel de miroirs et support de stockage
WO2015069018A1 (fr) Système d'ouverture de session sécurisée et procédé et appareil pour celui-ci
WO2020164280A1 (fr) Procédé de chiffrement de transmission de données, dispositif, support de stockage et serveur
WO2020233073A1 (fr) Procédé, dispositif et appareil de traitement de test d'environnement de chaîne de blocs, et support de stockage
WO2014185594A1 (fr) Système et procédé à authentification unique dans un environnement vdi
WO2020077832A1 (fr) Procédé, appareil et dispositif d'accès à un bureau dans le nuage et support de stockage
WO2020253120A1 (fr) Procédé, système et dispositif d'enregistrement de page web, et support de stockage informatique
WO2017054444A1 (fr) Procédé d'ouverture de session de système, serveur, système, et dispositif de stockage en réseau
WO2018035929A1 (fr) Procédé et appareil de traitement de code de vérification
WO2020042464A1 (fr) Procédé, appareil et dispositif d'interaction de données, et support d'informations lisible
WO2020141660A1 (fr) Appareil électronique gérant des données sur la base d'une chaîne de blocs et procédé de gestion de données
WO2020062644A1 (fr) Procédé, appareil et dispositif de détection du bogue de détournement json et support d'enregistrement
WO2013094837A1 (fr) Procédé de gestion d'une distribution de charge de serveur par utilisation de résultats de fonction de hachage, et appareil correspondant
WO2015194829A2 (fr) Procédé de détection d'un certain nombre de dispositifs sélectionnés parmi une pluralité de terminaux clients dans un réseau privé à l'aide du même ip public par un serveur web doté d'un nom de domaine non spécifié supplémentaire à partir d'un trafic de demandes d'accès à l'internet du terminal client faisant une demande d'accès à l'internet, et système de détection sélective pour un dispositif dans un état dans lequel un ip public est partagé
WO2015199271A1 (fr) Procédé et système de partage de fichiers sur p2p

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19949013

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19949013

Country of ref document: EP

Kind code of ref document: A1