+

CN110798478A - Data processing method and device - Google Patents

Data processing method and device Download PDF

Info

Publication number
CN110798478A
CN110798478A CN201911076651.8A CN201911076651A CN110798478A CN 110798478 A CN110798478 A CN 110798478A CN 201911076651 A CN201911076651 A CN 201911076651A CN 110798478 A CN110798478 A CN 110798478A
Authority
CN
China
Prior art keywords
data
css
request
sent
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911076651.8A
Other languages
Chinese (zh)
Other versions
CN110798478B (en
Inventor
陈海波
唐菁
党鹏飞
雎悦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
China Unicom System Integration Ltd Corp
Original Assignee
China United Network Communications Group Co Ltd
China Unicom System Integration Ltd Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd, China Unicom System Integration Ltd Corp filed Critical China United Network Communications Group Co Ltd
Priority to CN201911076651.8A priority Critical patent/CN110798478B/en
Publication of CN110798478A publication Critical patent/CN110798478A/en
Application granted granted Critical
Publication of CN110798478B publication Critical patent/CN110798478B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

本申请实施例提供一种数据处理方法及设备,该方法通过TTP接收用户端发送的认证请求,基于该认证请求进行用户认证,在认证通过后,如果接收到用户端发送的数据请求,则根据该数据请求发送相应数据至CSS,并根据发送的数据进行相应记录,接收CSS反馈的信息,根据接收的信息发送相应数据至用户端,并根据发送的数据进行相应记录,即引入了TTP完成对用户以及CSS的认证,只有认证的用户才可以操作,只有通过认证的CSS才可以提供云存储服务;在用户和存储服务器之间进行一定的数据处理过程,进一步增强用户数据的安全性;对用户以及CSS的行为进行记录,可以在用户和CSS之间出现问题时提供证据,解决传统情况下用户与存储服务器之间的相互诬陷的问题。

Figure 201911076651

The embodiments of the present application provide a data processing method and device. The method receives an authentication request sent by a client through TTP, and performs user authentication based on the authentication request. The data request sends the corresponding data to the CSS, and records the corresponding data according to the sent data, receives the information fed back by the CSS, sends the corresponding data to the client according to the received information, and records the corresponding data according to the sent data. User and CSS authentication, only authenticated users can operate, and only authenticated CSS can provide cloud storage services; a certain data processing process is performed between users and storage servers to further enhance the security of user data; And the behavior of CSS is recorded, which can provide evidence when there is a problem between the user and the CSS, and solve the problem of mutual framing between the user and the storage server in the traditional situation.

Figure 201911076651

Description

数据处理方法及设备Data processing method and device

技术领域technical field

本申请实施例涉及数据存储技术领域,尤其涉及一种数据处理方法及设备。The embodiments of the present application relate to the technical field of data storage, and in particular, to a data processing method and device.

背景技术Background technique

随着云计算服务模式的成熟以及用户爆炸式增长的数据量,越来越多的用户会将大量的数据存储在云存储服务(Cloud Storage Service,简称CSS)上。CSS解决了用户存储空间有限和资源不足的问题。With the maturity of the cloud computing service model and the explosive growth of the data volume of users, more and more users will store a large amount of data on a cloud storage service (Cloud Storage Service, CSS for short). CSS solves the problem of limited user storage space and insufficient resources.

随着时间以及数据量的累积,用户已经在CSS上面存储了大量的数据。对于用户来说,一个潜在的风险是用户可能忘记了存储在CSS上的数据或者不确定是否将数据存储在了CSS上,用户只能通过CSS提供的数据列表进行查看。另一方面,可能存在用户记忆的错误,用户并未存储或者已经进行了删除操作却依然向CSS要求返回数据。对于CSS来说,无法保证其是可信的。Over time and the amount of data accumulated, users have stored a lot of data on CSS. For the user, a potential risk is that the user may forget the data stored on the CSS or not sure whether the data is stored on the CSS, and the user can only view it through the list of data provided by the CSS. On the other hand, there may be errors in the user's memory, the user has not stored or has performed the delete operation but still asks the CSS to return the data. For CSS, there is no guarantee that it is trustworthy.

这样,传统的系统架构下,双方存在着相互诬告的种种情况。如何对这些诬告提供证据、进行仲裁等成为一个急需解决的问题。In this way, under the traditional system architecture, there are various situations in which the two sides falsely accuse each other. How to provide evidence and conduct arbitration for these false accusations has become an urgent problem to be solved.

发明内容SUMMARY OF THE INVENTION

本申请实施例提供一种数据处理方法及设备,以克服现有系统架构下,用户与CSS双方存在着相互诬告的问题。Embodiments of the present application provide a data processing method and device, so as to overcome the problem of mutual false accusations between the user and the CSS under the existing system architecture.

第一方面,本申请实施例提供一种数据处理方法,包括:In a first aspect, an embodiment of the present application provides a data processing method, including:

接收用户端发送的认证请求,基于所述认证请求进行用户认证;Receive the authentication request sent by the client, and perform user authentication based on the authentication request;

在认证通过后,若接收到所述用户端发送的数据请求,则根据所述数据请求发送相应数据至CSS,并根据发送的数据进行相应记录;After the authentication is passed, if a data request sent by the client is received, corresponding data is sent to the CSS according to the data request, and corresponding records are performed according to the sent data;

接收所述CSS反馈的信息,根据接收的信息发送相应数据至所述用户端,并根据发送的数据进行相应记录。Receive the information fed back by the CSS, send corresponding data to the user terminal according to the received information, and perform corresponding recording according to the sent data.

在一种可能的设计中,所述数据请求为数据上传请求,所述数据上传请求携带上传数据,所述上传数据包括数据标记、完整数据以及哈希值,其中,所述哈希值根据所述完整数据确定;In a possible design, the data request is a data upload request, the data upload request carries upload data, and the upload data includes a data tag, complete data and a hash value, wherein the hash value is based on the The complete data is determined;

所述根据所述数据请求发送相应数据至CSS,并根据发送的数据进行相应记录,包括:The sending corresponding data to the CSS according to the data request, and performing corresponding recording according to the sent data, including:

对所述完整数据进行分割,并计算分割后每一数据块的哈希值;Splitting the complete data, and calculating the hash value of each data block after splitting;

根据所述上传数据中的哈希值和计算的哈希值,判断所述完整数据是否正确;According to the hash value in the uploaded data and the calculated hash value, determine whether the complete data is correct;

若所述完整数据正确,则根据所述数据标记进行数据处理,将处理后的数据发送至所述CSS进行存储,并根据发送的数据进行相应记录。If the complete data is correct, data processing is performed according to the data mark, the processed data is sent to the CSS for storage, and corresponding recording is performed according to the sent data.

在一种可能的设计中,所述接收所述CSS反馈的信息,根据所述信息发送相应数据至所述用户端,并根据发送的数据进行相应记录,包括:In a possible design, the receiving the information fed back by the CSS, sending corresponding data to the user terminal according to the information, and performing corresponding recording according to the sent data, including:

接收所述CSS反馈的存储结果,根据所述存储结果生成数据列表,将所述数据列表发送至所述用户端,并对所述数据列表进行相应记录。Receive the storage result fed back by the CSS, generate a data list according to the storage result, send the data list to the client, and record the data list accordingly.

在一种可能的设计中,所述根据所述数据标记进行数据处理,将处理后的数据发送至所述CSS进行存储,包括:In a possible design, the performing data processing according to the data tag, and sending the processed data to the CSS for storage, includes:

根据所述数据标记判断是否需要进行数据加密;Determine whether data encryption needs to be performed according to the data mark;

若判定需要进行数据加密,则分别生成与分割后每一数据块对应的随机数;If it is determined that data encryption is required, a random number corresponding to each data block after division is generated respectively;

根据生成的随机数对分割后每一数据块进行加密,并根据加密结果获得密文数据;Encrypt each data block after division according to the generated random number, and obtain ciphertext data according to the encryption result;

将获得的密文数据发送至所述CSS进行存储。The obtained ciphertext data is sent to the CSS for storage.

在一种可能的设计中,所述数据请求为数据下载请求,所述数据下载请求由所述用户端根据数据列表确定,所述数据列表由可信第三方(Trusted Third Part,简称TTP)根据所述CSS存储的数据生成;In a possible design, the data request is a data download request, and the data download request is determined by the user terminal according to a data list, and the data list is determined by a trusted third party (Trusted Third Part, TTP for short) according to The data stored in the CSS is generated;

所述接收所述CSS反馈的信息,根据所述信息发送相应数据至所述用户端,并根据发送的数据进行相应记录,包括:The receiving the information fed back by the CSS, sending corresponding data to the client according to the information, and performing corresponding recording according to the sent data, including:

接收所述CSS反馈的待下载数据,所述待下载数据由所述CSS根据所述数据下载请求确定;receiving the data to be downloaded fed back by the CSS, where the data to be downloaded is determined by the CSS according to the data download request;

对所述待下载数据进行分割,并计算分割后每一数据块的哈希值;Splitting the data to be downloaded, and calculating the hash value of each data block after splitting;

根据储存的所述待下载数据对应的哈希值和计算的哈希值,判断所述待下载数据是否正确;According to the stored hash value corresponding to the data to be downloaded and the calculated hash value, determine whether the data to be downloaded is correct;

若所述待下载数据正确,则根据所述待下载数据对应的数据标记进行数据处理,将处理后的数据发送至所述用户端,并根据发送的数据进行相应记录。If the data to be downloaded is correct, data processing is performed according to the data tag corresponding to the data to be downloaded, the processed data is sent to the client, and corresponding records are performed according to the sent data.

在一种可能的设计中,所述根据所述待下载数据对应的数据标记进行数据处理,将处理后的数据发送至所述用户端,包括:In a possible design, performing data processing according to a data tag corresponding to the data to be downloaded, and sending the processed data to the client, includes:

根据所述数据标记判断是否需要进行数据加密;Determine whether data encryption needs to be performed according to the data mark;

若判定需要进行数据加密,则获取与分割后每一数据块对应的随机数;If it is determined that data encryption is required, obtain a random number corresponding to each data block after division;

根据获取的随机数对分割后每一数据块进行加密,并根据加密结果获得密文数据;Encrypt each divided data block according to the obtained random number, and obtain ciphertext data according to the encryption result;

将获得的密文数据发送至所述用户端。Send the obtained ciphertext data to the client.

在一种可能的设计中,所述数据请求为数据删除请求,所述数据删除请求由所述用户端根据数据列表确定,所述数据列表由TTP根据所述CSS存储的数据生成;In a possible design, the data request is a data deletion request, and the data deletion request is determined by the user terminal according to a data list, and the data list is generated by TTP according to the data stored in the CSS;

所述接收所述CSS反馈的信息,根据所述信息发送相应数据至所述用户端,并根据发送的数据进行相应记录,包括:The receiving the information fed back by the CSS, sending corresponding data to the client according to the information, and performing corresponding recording according to the sent data, including:

接收所述CSS反馈的已删除证明,所述已删除证明由所述CSS在删除与所述数据删除请求对应的数据后生成;receiving a deletion certificate fed back by the CSS, the deletion certificate being generated by the CSS after deleting the data corresponding to the data deletion request;

保存所述已删除证明,向所述用户端反馈删除成功的信息,并根据所述已删除证明更新数据列表,将更新后的数据列表发送至所述用户端,对更新后的数据列表进行相应记录。Save the deleted certificate, feedback the successful deletion information to the user terminal, update the data list according to the deleted certificate, send the updated data list to the user terminal, and perform corresponding processing on the updated data list Record.

在一种可能的设计中,所述在认证通过后,还包括:In a possible design, after the authentication is passed, the method further includes:

若接收到所述用户端发送的查询请求,则记录所述查询请求,根据所述查询请求从数据列表中确定目标数据列表,其中,所述数据列表由TTP根据所述CSS存储的数据生成;If a query request sent by the client is received, the query request is recorded, and a target data list is determined from a data list according to the query request, wherein the data list is generated by TTP according to the data stored in the CSS;

将所述目标数据列表发送至所述用户端。Sending the target data list to the client.

第二方面,本申请实施例提供一种数据处理设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机执行指令,所述处理器执行所述计算机执行指令时实现如下步骤:In a second aspect, an embodiment of the present application provides a data processing device, including a memory, a processor, and computer-executable instructions stored in the memory and executable on the processor, where the processor executes the computer-executed instructions Implement the following steps when instructing:

接收用户端发送的认证请求,基于所述认证请求进行用户认证;Receive the authentication request sent by the client, and perform user authentication based on the authentication request;

在认证通过后,若接收到所述用户端发送的数据请求,则根据所述数据请求发送相应数据至CSS,并根据发送的数据进行相应记录;After the authentication is passed, if a data request sent by the client is received, corresponding data is sent to the CSS according to the data request, and corresponding records are performed according to the sent data;

接收所述CSS反馈的信息,根据接收的信息发送相应数据至所述用户端,并根据发送的数据进行相应记录。Receive the information fed back by the CSS, send corresponding data to the user terminal according to the received information, and perform corresponding recording according to the sent data.

在一种可能的设计中,所述数据请求为数据上传请求,所述数据上传请求携带上传数据,所述上传数据包括数据标记、完整数据以及哈希值,其中,所述哈希值根据所述完整数据确定;In a possible design, the data request is a data upload request, the data upload request carries upload data, and the upload data includes a data tag, complete data and a hash value, wherein the hash value is based on the The complete data is determined;

所述根据所述数据请求发送相应数据至CSS,并根据发送的数据进行相应记录,包括:The sending corresponding data to the CSS according to the data request, and performing corresponding recording according to the sent data, including:

对所述完整数据进行分割,并计算分割后每一数据块的哈希值;Splitting the complete data, and calculating the hash value of each data block after splitting;

根据所述上传数据中的哈希值和计算的哈希值,判断所述完整数据是否正确;According to the hash value in the uploaded data and the calculated hash value, determine whether the complete data is correct;

若所述完整数据正确,则根据所述数据标记进行数据处理,将处理后的数据发送至所述CSS进行存储,并根据发送的数据进行相应记录。If the complete data is correct, data processing is performed according to the data mark, the processed data is sent to the CSS for storage, and corresponding recording is performed according to the sent data.

在一种可能的设计中,所述接收所述CSS反馈的信息,根据所述信息发送相应数据至所述用户端,并根据发送的数据进行相应记录,包括:In a possible design, the receiving the information fed back by the CSS, sending corresponding data to the user terminal according to the information, and performing corresponding recording according to the sent data, including:

接收所述CSS反馈的存储结果,根据所述存储结果生成数据列表,将所述数据列表发送至所述用户端,并对所述数据列表进行相应记录。Receive the storage result fed back by the CSS, generate a data list according to the storage result, send the data list to the client, and record the data list accordingly.

在一种可能的设计中,所述根据所述数据标记进行数据处理,将处理后的数据发送至所述CSS进行存储,包括:In a possible design, the performing data processing according to the data tag, and sending the processed data to the CSS for storage, includes:

根据所述数据标记判断是否需要进行数据加密;Determine whether data encryption needs to be performed according to the data mark;

若判定需要进行数据加密,则分别生成与分割后每一数据块对应的随机数;If it is determined that data encryption is required, a random number corresponding to each data block after division is generated respectively;

根据生成的随机数对分割后每一数据块进行加密,并根据加密结果获得密文数据;Encrypt each data block after division according to the generated random number, and obtain ciphertext data according to the encryption result;

将获得的密文数据发送至所述CSS进行存储。The obtained ciphertext data is sent to the CSS for storage.

在一种可能的设计中,所述数据请求为数据下载请求,所述数据下载请求由所述用户端根据数据列表确定,所述数据列表由TTP根据所述CSS存储的数据生成;In a possible design, the data request is a data download request, and the data download request is determined by the user terminal according to a data list, and the data list is generated by TTP according to the data stored in the CSS;

所述接收所述CSS反馈的信息,根据所述信息发送相应数据至所述用户端,并根据发送的数据进行相应记录,包括:The receiving the information fed back by the CSS, sending corresponding data to the client according to the information, and performing corresponding recording according to the sent data, including:

接收所述CSS反馈的待下载数据,所述待下载数据由所述CSS根据所述数据下载请求确定;receiving the data to be downloaded fed back by the CSS, where the data to be downloaded is determined by the CSS according to the data download request;

对所述待下载数据进行分割,并计算分割后每一数据块的哈希值;Splitting the data to be downloaded, and calculating the hash value of each data block after splitting;

根据储存的所述待下载数据对应的哈希值和计算的哈希值,判断所述待下载数据是否正确;According to the stored hash value corresponding to the data to be downloaded and the calculated hash value, determine whether the data to be downloaded is correct;

若所述待下载数据正确,则根据所述待下载数据对应的数据标记进行数据处理,将处理后的数据发送至所述用户端,并根据发送的数据进行相应记录。If the data to be downloaded is correct, data processing is performed according to the data tag corresponding to the data to be downloaded, the processed data is sent to the client, and corresponding records are performed according to the sent data.

在一种可能的设计中,所述根据所述待下载数据对应的数据标记进行数据处理,将处理后的数据发送至所述用户端,包括:In a possible design, performing data processing according to a data tag corresponding to the data to be downloaded, and sending the processed data to the client, includes:

根据所述数据标记判断是否需要进行数据加密;Determine whether data encryption needs to be performed according to the data mark;

若判定需要进行数据加密,则获取与分割后每一数据块对应的随机数;If it is determined that data encryption is required, obtain a random number corresponding to each data block after division;

根据获取的随机数对分割后每一数据块进行加密,并根据加密结果获得密文数据;Encrypt each divided data block according to the obtained random number, and obtain ciphertext data according to the encryption result;

将获得的密文数据发送至所述用户端。Send the obtained ciphertext data to the client.

在一种可能的设计中,所述数据请求为数据删除请求,所述数据删除请求由所述用户端根据数据列表确定,所述数据列表由TTP根据所述CSS存储的数据生成;In a possible design, the data request is a data deletion request, and the data deletion request is determined by the user terminal according to a data list, and the data list is generated by TTP according to the data stored in the CSS;

所述接收所述CSS反馈的信息,根据所述信息发送相应数据至所述用户端,并根据发送的数据进行相应记录,包括:The receiving the information fed back by the CSS, sending corresponding data to the client according to the information, and performing corresponding recording according to the sent data, including:

接收所述CSS反馈的已删除证明,所述已删除证明由所述CSS在删除与所述数据删除请求对应的数据后生成;receiving a deletion certificate fed back by the CSS, the deletion certificate being generated by the CSS after deleting the data corresponding to the data deletion request;

保存所述已删除证明,向所述用户端反馈删除成功的信息,并根据所述已删除证明更新数据列表,将更新后的数据列表发送至所述用户端,对更新后的数据列表进行相应记录。Save the deleted certificate, feedback the successful deletion information to the user terminal, update the data list according to the deleted certificate, send the updated data list to the user terminal, and perform corresponding processing on the updated data list Record.

在一种可能的设计中,所述在认证通过后,还包括:In a possible design, after the authentication is passed, the method further includes:

若接收到所述用户端发送的查询请求,则记录所述查询请求,根据所述查询请求从数据列表中确定目标数据列表,其中,所述数据列表由TTP根据所述CSS存储的数据生成;If a query request sent by the client is received, the query request is recorded, and a target data list is determined from a data list according to the query request, wherein the data list is generated by TTP according to the data stored in the CSS;

将所述目标数据列表发送至所述用户端。Sending the target data list to the client.

第三方面,本申请实施例提供一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机执行指令,当处理器执行所述计算机执行指令时,实现如上第一方面以及第一方面各种可能的设计所述的数据处理方法。In a third aspect, embodiments of the present application provide a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and when a processor executes the computer-executable instructions, the first aspect and the first Aspects various possible designs of the data processing method described.

本申请实施例提供的数据处理方法及设备,该方法通过TTP接收用户端发送的认证请求,基于该认证请求进行用户认证,在认证通过后,如果接收到用户端发送的数据请求,则根据该数据请求发送相应数据至CSS,并根据发送的数据进行相应记录,接收CSS反馈的信息,根据接收的信息发送相应数据至用户端,并根据发送的数据进行相应记录,即引入了TTP完成对用户以及CSS的认证,只有认证的用户才可以操作,只有通过认证的CSS才可以提供云存储服务;在用户和存储服务器之间进行一定的数据处理过程,进一步增强用户数据的安全性;对用户以及CSS的行为进行记录,可以在用户和CSS之间出现问题时提供证据,解决传统情况下用户与存储服务器之间的相互诬陷的问题。According to the data processing method and device provided by the embodiments of the present application, the method receives an authentication request sent by the client through TTP, and performs user authentication based on the authentication request. The data request sends the corresponding data to the CSS, and records the corresponding data according to the sent data, receives the information fed back by the CSS, sends the corresponding data to the client according to the received information, and records the corresponding data according to the sent data. And CSS authentication, only authenticated users can operate, and only authenticated CSS can provide cloud storage services; a certain data processing process is performed between users and storage servers to further enhance the security of user data; The behavior of CSS is recorded, which can provide evidence when there is a problem between the user and the CSS, and solve the problem of mutual framing between the user and the storage server in the traditional situation.

附图说明Description of drawings

为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the following will briefly introduce the accompanying drawings used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description These are some embodiments of the present application, and for those of ordinary skill in the art, other drawings can also be obtained from these drawings without any creative effort.

图1为本申请实施例提供的一种数据处理系统架构示意图;1 is a schematic diagram of the architecture of a data processing system provided by an embodiment of the present application;

图2为本申请实施例提供的一种用户端的结构示意图;FIG. 2 is a schematic structural diagram of a user terminal according to an embodiment of the present application;

图3为本申请实施例提供的一种TTP的结构示意图;3 is a schematic structural diagram of a TTP provided by an embodiment of the present application;

图4为本申请实施例提供的一种CSS的结构示意图;FIG. 4 is a schematic structural diagram of a CSS provided by an embodiment of the present application;

图5为本申请实施例提供的一种数据处理方法的流程示意图;5 is a schematic flowchart of a data processing method provided by an embodiment of the present application;

图6为本申请实施例提供的另一种数据处理方法的流程示意图;6 is a schematic flowchart of another data processing method provided by an embodiment of the present application;

图7为本申请实施例提供的一种数据处理设备的结构示意图;FIG. 7 is a schematic structural diagram of a data processing device according to an embodiment of the present application;

图8为本申请实施例提供的数据处理设备的硬件结构示意图。FIG. 8 is a schematic diagram of a hardware structure of a data processing device according to an embodiment of the present application.

具体实施方式Detailed ways

为使本申请实施例的目的、技术方案和优点更加清楚,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be described clearly and completely below with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments It is a part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative work fall within the protection scope of the present application.

现有用户已经在CSS上面存储了大量的数据。对于用户来说,一个潜在的风险是用户可能忘记了存储在CSS上的数据或者不确定是否将数据存储在了CSS上,用户只能通过CSS提供的数据列表进行查看。另一方面,可能存在用户记忆的错误,用户并未存储或者已经进行了删除操作却依然向CSS要求返回数据。对于CSS来说,无法保证其是可信的。这样,传统的系统架构下,双方存在着相互诬告的种种情况。Existing users already store a lot of data on CSS. For the user, a potential risk is that the user may forget the data stored on the CSS or not sure whether the data is stored on the CSS, and the user can only view it through the list of data provided by the CSS. On the other hand, there may be errors in the user's memory, the user has not stored or has performed the delete operation but still asks the CSS to return the data. For CSS, there is no guarantee that it is trustworthy. In this way, under the traditional system architecture, there are various situations in which the two sides falsely accuse each other.

因此,考虑到上述问题,本申请提供一种数据处理方法,引入TTP完成对用户以及CSS的认证,只有认证的用户才可以操作,只有通过认证的CSS才可以提供云存储服务;在用户和存储服务器之间进行一定的数据处理过程,进一步增强用户数据的安全性;对用户以及CSS的行为进行记录,可以在用户和CSS之间出现问题时提供证据,解决传统情况下用户与存储服务器之间的相互诬陷的问题。Therefore, in consideration of the above problems, this application provides a data processing method, which introduces TTP to complete the authentication of users and CSS. Only authenticated users can operate, and only authenticated CSSs can provide cloud storage services; A certain data processing process is carried out between the servers to further enhance the security of user data; the behavior of users and CSS can be recorded, which can provide evidence when problems occur between users and CSS, and solve the traditional problem between users and storage servers. the question of mutual framing.

本申请提供的一种数据处理方法,可以适用于图1所示的数据处理系统架构示意图,如图1所示,包括:用户端101、TTP102以及CSS103,TTP 102可以接收用户端101发送的认证请求,基于该认证请求进行用户认证,并在认证通过后,如果接收到用户端101发送的数据请求,则根据该数据请求发送相应数据至CSS103,并根据发送的数据进行相应记录,可以接收CSS103反馈的信息,根据接收的信息发送相应数据至用户端101,并根据发送的数据进行相应记录。A data processing method provided by the present application can be applied to the schematic diagram of the data processing system architecture shown in FIG. 1 . As shown in FIG. 1 , it includes: a user terminal 101 , a TTP 102 and a CSS 103 , and the TTP 102 can receive the authentication sent by the user terminal 101 . Request, perform user authentication based on the authentication request, and after the authentication is passed, if a data request sent by the client 101 is received, the corresponding data will be sent to CSS103 according to the data request, and corresponding records will be made according to the sent data, and CSS103 can be received. For the feedback information, corresponding data is sent to the user terminal 101 according to the received information, and corresponding recording is performed according to the sent data.

这里,用户端:数据拥有者,CSS的实际使用者。用户端可以使用CSS的服务来上传、查看、下载、更新、删除等管理自己的数据。如图2所示,它包含有数据分割与重组模块、随机数模块、数据加解密模块、完整性验证模块等,具体的:Here, the user side: the data owner, the actual user of CSS. Clients can use CSS services to upload, view, download, update, delete and manage their own data. As shown in Figure 2, it includes data segmentation and reorganization module, random number module, data encryption and decryption module, integrity verification module, etc. Specifically:

数据分割与重组模块:可以在数据上传过程,根据块大小,完成对明文数据的分块,将原始数据分割成大小相等的N块,大小不足的块用0进行填充。在数据下载过程中,完成对各块解密之后的数据进行重组,恢复完整数据。Data segmentation and reorganization module: During the data upload process, according to the block size, the plaintext data can be divided into blocks, the original data is divided into N blocks of equal size, and the blocks with insufficient size are filled with 0. During the data download process, the data after decryption of each block is reorganized to restore the complete data.

随机数模块:可以生成与块大小相等的随机数,用于加密过程。Random number module: can generate random numbers equal to the block size for use in the encryption process.

数据加解密模块:可以将文件分块与随机数进行相应运算,例如比特异或运算,生成密文数据。Data encryption and decryption module: It can perform corresponding operations on file blocks and random numbers, such as bit XOR operation, to generate ciphertext data.

完整性验证模块:可以对于明文或者密文数据,使用相应算法,例如hash算法计算出消息摘要,消息摘要值作为数据的完整性证明。Integrity verification module: For plaintext or ciphertext data, the corresponding algorithm, such as hash algorithm, can be used to calculate the message digest, and the message digest value can be used as the data integrity proof.

TTP:用户端与CSS都信任的第三方系统,它是安全级别更高的权威机构,可以完成对用户和CSS的认证,完成用户数据的中间处理,完成对用户以及CSS的审计及仲裁等。如图3所示,它包含有认证模块、存储模块、验证模块、数据分割与重组模块、随机数生成模块、加解密模块、数据列表模块、审计模块等。具体的:TTP: A third-party system trusted by both the client and CSS. It is an authoritative organization with a higher security level. It can complete the authentication of users and CSS, complete the intermediate processing of user data, and complete the audit and arbitration of users and CSS. As shown in Figure 3, it includes an authentication module, a storage module, a verification module, a data segmentation and reorganization module, a random number generation module, an encryption and decryption module, a data list module, and an audit module. specific:

认证模块:可以对来自于用户的请求进行认证,认证通过后,为用户提供服务。认证不通过,拒绝服务。另一方面,也对接入的CSS进行认证,认证通过的允许其对外提供CSS服务。Authentication module: It can authenticate the request from the user, and after the authentication is passed, it can provide services for the user. If the authentication fails, the service is refused. On the other hand, the access CSS is also authenticated, and those that pass the authentication are allowed to provide CSS services to the outside world.

存储模块:可以在数据上传过程中,临时存储接收用户上传的文件,存储文件元数据信息、随机数,完整性证明,审计信息等。在数据下载过程中,临时存储CSS返回的数据,存储解密后的数据等。Storage module: In the process of data upload, it can temporarily store the files uploaded by the receiving users, and store the metadata information of the files, random numbers, integrity certificates, audit information, etc. During the data download process, the data returned by CSS is temporarily stored, and the decrypted data is stored.

验证模块:可以利用相应算法,例如hash算法产生数据的完整性证明,验证接收到的文件是否完整,不完整时请求文件重发。Verification module: The corresponding algorithm, such as hash algorithm, can be used to generate data integrity proof, verify whether the received file is complete, and request file retransmission if it is incomplete.

数据分割与重组模块:可以在数据上传过程,根据块大小,完成对明文数据的分块,将原始数据分割成大小相等的N块,大小不足的块用0进行填充。在数据下载过程中,完成对各块解密之后的数据进行重组,恢复完整数据。Data segmentation and reorganization module: During the data upload process, according to the block size, the plaintext data can be divided into blocks, the original data is divided into N blocks of equal size, and the blocks with insufficient size are filled with 0. During the data download process, the data after decryption of each block is reorganized to restore the complete data.

随机数生成模块:可以生成与块大小相等的随机数,用于加密过程。Random number generation module: can generate random numbers equal to the block size for the encryption process.

加解密模块:可以在数据上传过程中,对用户上传的数据进行加密运算。在数据下载过程中,对来自于CSS的密文数据进行解密操作。Encryption and decryption module: can perform encryption operations on the data uploaded by the user during the data uploading process. During the data download process, decrypt the ciphertext data from CSS.

数据列表模块:可以维护关于用户数据的数据列表。它是一个可信的列表,即使时间很久,用户也可以查询该列表,获取自己在CSS上的文件列表。Data List Module: A data list about user data can be maintained. It's a trusted list that users can query to get their own list of files on CSS, even if it's old.

审计模块:可以对用户的操作以及对CSS的操作进行记录,形成审计日志。Audit module: It can record user operations and CSS operations to form audit logs.

CSS:可以对TTP上传的文件完成分布式存储,例如hadoop hdfs,openstackswift,ceph FS等。如图4所示,通常它包含一个存储控制中心和多个数据存储服务器。存储控制中心管理数据块映射,它接收来自TTP的数据上传、下载请求,根据一定的调度算法对存储服务器进行存取调度。上传过程中,将接收到的数据调度到不同的存储服务器上进行存储,在不同服务器上存储多个副本,并将调度结果记录在数据库。下载过程中,查询数据库,获取文件的存放位置,进而调度存储服务器返回相应的文件。CSS: Distributed storage can be done for files uploaded by TTP, such as hadoop hdfs, openstackswift, ceph FS, etc. As shown in Figure 4, usually it contains a storage control center and multiple data storage servers. The storage control center manages data block mapping, it receives data upload and download requests from TTP, and schedules access to the storage server according to a certain scheduling algorithm. During the uploading process, the received data is scheduled to different storage servers for storage, multiple copies are stored on different servers, and the scheduling results are recorded in the database. During the download process, query the database to obtain the storage location of the file, and then schedule the storage server to return the corresponding file.

应理解上述系统仅为一种示例性系统,具体实施时,可以根据应用需求设置。It should be understood that the above system is only an exemplary system, and can be set according to application requirements during specific implementation.

下面以具体地实施例对本申请的技术方案以及本申请的技术方案如何解决上述技术问题进行详细说明。下面这几个具体的实施例可以相互结合,对于相同或相似的概念或过程可能在某些实施例中不再赘述。下面将结合附图,对本申请的实施例进行描述。The technical solutions of the present application and how the technical solutions of the present application solve the above-mentioned technical problems will be described in detail below with specific examples. The following specific embodiments may be combined with each other, and the same or similar concepts or processes may not be repeated in some embodiments. The embodiments of the present application will be described below with reference to the accompanying drawings.

图5为本申请实施例提供的一种数据处理方法的流程示意图,本申请实施例的执行主体可以为图1所示实施例中的TTP。如图5所示,该方法可以包括:FIG. 5 is a schematic flowchart of a data processing method provided by an embodiment of the present application. The execution body of the embodiment of the present application may be the TTP in the embodiment shown in FIG. 1 . As shown in Figure 5, the method may include:

S501:接收用户端发送的认证请求,基于所述认证请求进行用户认证。S501: Receive an authentication request sent by a client, and perform user authentication based on the authentication request.

这里,用户端向TTP发送认证请求。TTP可以对用户端的认证行为进行审计,写入审计模块。TTP还可以对用户进行认证,返回认证结果。如果认证失败,拒绝服务。如果认证通过,继续后续步骤。Here, the client sends an authentication request to TTP. TTP can audit the authentication behavior of the client and write it into the audit module. TTP can also authenticate the user and return the authentication result. If authentication fails, deny service. If the authentication passes, continue with the next steps.

S502:在认证通过后,若接收到所述用户端发送的数据请求,则根据所述数据请求发送相应数据至CSS,并根据发送的数据进行相应记录。S502: After the authentication is passed, if a data request sent by the client is received, corresponding data is sent to the CSS according to the data request, and corresponding recording is performed according to the sent data.

S503:接收所述CSS反馈的信息,根据接收的信息发送相应数据至所述用户端,并根据发送的数据进行相应记录。S503: Receive the information fed back by the CSS, send corresponding data to the user terminal according to the received information, and perform corresponding recording according to the sent data.

可选地,所述数据请求为数据上传请求,所述数据上传请求携带上传数据,所述上传数据包括数据标记、完整数据以及哈希值,其中,所述哈希值根据所述完整数据确定。Optionally, the data request is a data upload request, the data upload request carries upload data, and the upload data includes a data tag, complete data and a hash value, wherein the hash value is determined according to the complete data .

这里,数据上传是指用户端通过TTP将本地数据存储到CSS的过程。Here, data upload refers to the process that the client stores local data to CSS through TTP.

具体的,用户端选择待上传的文件,记为M,进一步地,用户端可以确定文件的隐私等级,根据隐私等级确定是否需要对文件进行加密。Specifically, the user terminal selects the file to be uploaded, which is marked as M. Further, the user terminal can determine the privacy level of the file, and determine whether the file needs to be encrypted according to the privacy level.

如果需要进行加密,将数据标记设为1。这个标记值将在文件上传时一并上传,TTP会根据不同的标记值对文件进行不同处理过程。可以利用数据分割与重组模块,将文件切割成固定大小的N块,第N块长度不足时用0进行填充。分块编号从1开始,这里将文件的分块数据记为(B1_1,B1_2,B1_3......B1_N)。使用随机数模块生成与块大小相等的随机数R1。数据加解密模块利用R1分别与文件的对应块(B1_1,B1_2,B1_3......B1_N)进行异或运算,这里将结果记为(C1_1,C1_2,C1_3.......C1_N)等,这里C1_i=B_i⊕R1,C1表示第一次加密,i表示分块编号,⊕表示异或运算。完整性验证模块计算上述密文的hash值(H1_1,H1_2,H1_3......H1_N),H1_i=hash(C1_i),H1表示第一次hash,hash代表哈希算法,i表示分块的序号。用户端可以将(C1_1,C1_2,C1_3.......C1_N)进行重组,形成一个完整的文件C2。在TTP接收到文件之后,可以再利用分割算法将该文件分成对应的块。用户端还可以将(H1_1,H1_2,H1_3.......H1_N)进行重组,形成一个完整的文件H2。用户端向TTP上传[1,C2,H2],即用户端向TTP上传数据标记、完整数据以及哈希值。用户端可以本地存储R1,文件的hash值H2。Set the data flag to 1 if encryption is required. This tag value will be uploaded when the file is uploaded, and TTP will process the file differently according to different tag values. The data segmentation and reorganization module can be used to cut the file into N blocks of fixed size, and fill with 0 when the length of the Nth block is insufficient. The block number starts from 1, and the block data of the file is recorded as (B1_1, B1_2, B1_3...B1_N). Use the random number module to generate a random number R1 equal to the block size. The data encryption and decryption module uses R1 to perform XOR operation with the corresponding blocks (B1_1, B1_2, B1_3...B1_N) of the file, and the result is recorded as (C1_1, C1_2, C1_3....C1_N) ), etc., where C1_i=B_i⊕R1, C1 represents the first encryption, i represents the block number, and ⊕ represents the XOR operation. The integrity verification module calculates the hash value of the above ciphertext (H1_1, H1_2, H1_3...H1_N), H1_i=hash(C1_i), H1 represents the first hash, hash represents the hash algorithm, and i represents the block 's serial number. The client can reorganize (C1_1, C1_2, C1_3.......C1_N) to form a complete file C2. After the TTP receives the file, the file can be divided into corresponding blocks using a segmentation algorithm. The user terminal can also reorganize (H1_1, H1_2, H1_3....H1_N) to form a complete file H2. The client uploads [1, C2, H2] to TTP, that is, the client uploads the data mark, complete data and hash value to TTP. The client can locally store R1 and the hash value of the file H2.

如果不需要进行加密,将数据标记设为0,在上传过程中不做加密处理。可以利用数据分割与重组模块,将文件切割成固定大小的N块,第N块长度不足时用0进行填充。分块编号从1开始,这里将文件的分块数据记为(B1_1,B1_2,B1_3......B1_N)。完整性验证模块计算每一个分块的hash值(H1_1,H1_2,H1_3......H1_N),H1_i=hash(B1_i),hash代表哈希算法,i表示分块的序号。用户端可以将(H1_1,H1_2,H1_3.......H1_N)进行重组,形成一个完整的文件H2。用户端向TTP上传[0,M,H2]。即用户端向TTP上传数据标记、完整数据以及哈希值。用户端可以本地存储分块编号及对应的hash值H2,[0,H2]。If encryption is not required, set the data flag to 0, and no encryption will be performed during uploading. The data segmentation and reorganization module can be used to cut the file into N blocks of fixed size, and fill with 0 when the length of the Nth block is insufficient. The block number starts from 1, and the block data of the file is recorded as (B1_1, B1_2, B1_3...B1_N). The integrity verification module calculates the hash value of each block (H1_1, H1_2, H1_3...H1_N), H1_i=hash(B1_i), hash represents the hash algorithm, and i represents the serial number of the block. The client can reorganize (H1_1, H1_2, H1_3.......H1_N) to form a complete file H2. The client uploads [0, M, H2] to TTP. That is, the client uploads the data tag, complete data, and hash value to TTP. The client can locally store the block number and the corresponding hash value H2, [0, H2].

可选地,所述根据所述数据请求发送相应数据至CSS,并根据发送的数据进行相应记录,包括:Optionally, the sending corresponding data to the CSS according to the data request, and performing corresponding recording according to the sent data, including:

对所述完整数据进行分割,并计算分割后每一数据块的哈希值;Splitting the complete data, and calculating the hash value of each data block after splitting;

根据所述上传数据中的哈希值和计算的哈希值,判断所述完整数据是否正确;According to the hash value in the uploaded data and the calculated hash value, determine whether the complete data is correct;

若所述完整数据正确,则根据所述数据标记进行数据处理,将处理后的数据发送至所述CSS进行存储,并根据发送的数据进行相应记录。If the complete data is correct, data processing is performed according to the data mark, the processed data is sent to the CSS for storage, and corresponding recording is performed according to the sent data.

可选地,所述根据所述数据标记进行数据处理,将处理后的数据发送至所述CSS进行存储,包括:Optionally, the performing data processing according to the data mark, and sending the processed data to the CSS for storage, includes:

根据所述数据标记判断是否需要进行数据加密;Determine whether data encryption needs to be performed according to the data mark;

若判定需要进行数据加密,则分别生成与分割后每一数据块对应的随机数;If it is determined that data encryption is required, a random number corresponding to each data block after division is generated respectively;

根据生成的随机数对分割后每一数据块进行加密,并根据加密结果获得密文数据;Encrypt each data block after division according to the generated random number, and obtain ciphertext data according to the encryption result;

将获得的密文数据发送至所述CSS进行存储。The obtained ciphertext data is sent to the CSS for storage.

具体的,TTP将用户端的上传行为记入审计模块。TTP可以存储用户端上传数据。TTP可以对接收到的数据进行本地临时存储。这里对接收到的数据可以以列表形式表示,分为三部分。第一部分数据标记,表示数据是否加密。第二部分表示完整数据(明文或者密文数据)。第三部分代表第二部分N块hash值的重组结果。Specifically, TTP records the uploading behavior of the client in the audit module. TTP can store the data uploaded by the client. TTP can temporarily store the received data locally. Here, the received data can be represented in the form of a list, which is divided into three parts. The first part of the data flag, indicating whether the data is encrypted. The second part represents the complete data (plaintext or ciphertext data). The third part represents the reorganization result of the second part of the N block hash values.

TTP接收完成后,可以利用数据分割与重组模块重新对文件进行分割,这里的分割算法与前面一致,将这次分割的结果记为(B2_1,B2_2,B2_3......B2_N),并临时存储这些分块。利用验证模块依次对(B2_1,B2_2,B2_3......B2_N)这些分块计算hash值(H3_1,H3_2,H3_3......H3_N),H3_i=hash(B2_i),hash代表哈希算法,i表示分块的序号。利用数据分割与重组模块对接收到的H2进行分割,结果记为(H2_1,H2_2,H2_3......H2_N)。比较(H3_1,H3_2,H3_3......H3_N)与(H2_1,H2_2,H2_3......H2_N)。如果二者结果一致,说明数据正确,可以继续进行以下步骤。如果二者不一致,说明数据被破坏,要求用户端重新上传完整数据或者某一分块的数据。这里,通过分块的hash值很容易知道哪一个分块的数据不完整。After the TTP reception is completed, the data segmentation and reorganization module can be used to re-segment the file. The segmentation algorithm here is the same as the previous one. The result of this segmentation is recorded as (B2_1, B2_2, B2_3...B2_N), and Temporarily store these chunks. Use the verification module to calculate the hash value (H3_1, H3_2, H3_3...H3_N) for these blocks (B2_1, B2_2, B2_3...B2_N) in turn, H3_i=hash(B2_i), hash represents hash Algorithm, i represents the sequence number of the block. The received H2 is segmented by the data segmentation and reorganization module, and the result is recorded as (H2_1, H2_2, H2_3...H2_N). Compare (H3_1,H3_2,H3_3...H3_N) with (H2_1,H2_2,H2_3...H2_N). If the two results are consistent, the data is correct, and you can continue with the following steps. If the two are inconsistent, the data is damaged, and the client is required to re-upload the complete data or a certain block of data. Here, it is easy to know which block has incomplete data through the hash value of the block.

TTP针对接收到的数据进行数据处理。根据接收到的数据标记判断数据是否需要加密。1表示加密,0表示不加密。TTP performs data processing on the received data. Determine whether the data needs to be encrypted according to the received data tag. 1 means encrypted, 0 means no encryption.

如果需要加密,TTP生成与块大小相等的随机数R2。利用R2分别与文件的对应块(B2_1,B2_2,B2_3......B2_N)进行异或运算,这里将结果记为(C2_1,C2_2,C2_3.......C2_N)等,这里C2_i=B2_i⊕R2,i表示分块编号,⊕表示异或运算。进一步地,TTP可以计算密文的hash值(H2_1,H2_2,H2_3......H2_N),H2_i=hash(C2_i),hash代表哈希算法,i表示分块的序号。TTP将(C2_1,C2_2,C2_3.......C2_N)进行重组,形成一个完整的文件C3,然后将该文件上传至CSS。TTP将(H2_1,H2_2,H2_3......H2_N)进行重组,形成文件的完整性证明H3。TTP可以本地存储R2,数据标记及对应的hash值H3,[R2,1,H3]。If encryption is required, TTP generates a random number R2 equal to the block size. Use R2 to perform the XOR operation with the corresponding blocks (B2_1, B2_2, B2_3...B2_N) of the file respectively, here the result is recorded as (C2_1, C2_2, C2_3....C2_N), etc., here C2_i=B2_i⊕R2, i represents the block number, and ⊕ represents the XOR operation. Further, TTP can calculate the hash value of the ciphertext (H2_1, H2_2, H2_3...H2_N), H2_i=hash(C2_i), hash represents the hash algorithm, and i represents the serial number of the block. TTP will reorganize (C2_1, C2_2, C2_3....C2_N) to form a complete file C3, and then upload the file to CSS. TTP reorganizes (H2_1, H2_2, H2_3...H2_N) to form a document integrity proof H3. TTP can locally store R2, data tag and corresponding hash value H3, [R2,1,H3].

如果不需要加密,TTP可以将接收到的明文数据M上传至CSS。TTP本地存储数据标记以及文件完整性证明H3,[0,H3]。If encryption is not required, TTP can upload the received plaintext data M to the CSS. TTP locally stores data tags and file integrity proofs H3, [0, H3].

TTP可以将对CSS的上传行为记入审计模块。CSS接收TTP上传的数据并分布式存储。TTP can record the uploading behavior of CSS into the audit module. CSS receives the data uploaded by TTP and stores it in a distributed manner.

可选地,所述接收所述CSS反馈的信息,根据所述信息发送相应数据至所述用户端,并根据发送的数据进行相应记录,包括:Optionally, the receiving the information fed back by the CSS, sending corresponding data to the user terminal according to the information, and performing corresponding recording according to the sent data, including:

接收所述CSS反馈的存储结果,根据所述存储结果生成数据列表,将所述数据列表发送至所述用户端,并对所述数据列表进行相应记录。Receive the storage result fed back by the CSS, generate a data list according to the storage result, send the data list to the client, and record the data list accordingly.

这里,CSS在接收TTP上传的数据并分布式存储后,返回给TTP存储成功的响应。TTP生成数据列表,如用户名,文件名,文件类型,数据标记,修改时间,文件大小,文件完整性证明等,将生成的数据列表发送至用户端,并对生成的数据列表进行相应记录。Here, after receiving the data uploaded by TTP and storing it in a distributed manner, CSS returns a successful response to TTP storage. TTP generates a data list, such as user name, file name, file type, data tag, modification time, file size, file integrity certificate, etc., sends the generated data list to the client, and records the generated data list accordingly.

可选地,所述数据请求为数据下载请求,所述数据下载请求由所述用户端根据数据列表确定,所述数据列表由TTP根据所述CSS存储的数据生成。Optionally, the data request is a data download request, and the data download request is determined by the user terminal according to a data list, and the data list is generated by the TTP according to the data stored in the CSS.

这里,数据下载是指用户端请求TTP下载数据、TTP下载到数据进行处理并将结果返回给用户端的过程。Here, the data download refers to a process in which the client requests TTP to download data, the TTP downloads the data for processing, and returns the result to the client.

具体的,TTP可以向用户端提供数据列表。用户端可以通过数据列表,选择待下载的数据,并向TTP发送数据下载请求。TTP接收该下载请求,并将该下载请求信息写入审计模块。进一步地,TTP可以转发该下载请求到CSS。Specifically, TTP can provide a data list to the client. The client can select the data to be downloaded through the data list, and send a data download request to the TTP. The TTP receives the download request and writes the download request information into the audit module. Further, the TTP can forward the download request to the CSS.

可选地,所述接收所述CSS反馈的信息,根据所述信息发送相应数据至所述用户端,并根据发送的数据进行相应记录,包括:Optionally, the receiving the information fed back by the CSS, sending corresponding data to the user terminal according to the information, and performing corresponding recording according to the sent data, including:

接收所述CSS反馈的待下载数据,所述待下载数据由所述CSS根据所述数据下载请求确定;receiving the data to be downloaded fed back by the CSS, where the data to be downloaded is determined by the CSS according to the data download request;

对所述待下载数据进行分割,并计算分割后每一数据块的哈希值;Splitting the data to be downloaded, and calculating the hash value of each data block after splitting;

根据储存的所述待下载数据对应的哈希值和计算的哈希值,判断所述待下载数据是否正确;According to the stored hash value corresponding to the data to be downloaded and the calculated hash value, determine whether the data to be downloaded is correct;

若所述待下载数据正确,则根据所述待下载数据对应的数据标记进行数据处理,将处理后的数据发送至所述用户端,并根据发送的数据进行相应记录。If the data to be downloaded is correct, data processing is performed according to the data tag corresponding to the data to be downloaded, the processed data is sent to the client, and corresponding records are performed according to the sent data.

可选地,所述根据所述待下载数据对应的数据标记进行数据处理,将处理后的数据发送至所述用户端,包括:Optionally, performing data processing according to the data tag corresponding to the data to be downloaded, and sending the processed data to the client, includes:

根据所述数据标记判断是否需要进行数据加密;Determine whether data encryption needs to be performed according to the data mark;

若判定需要进行数据加密,则获取与分割后每一数据块对应的随机数;If it is determined that data encryption is required, obtain a random number corresponding to each data block after division;

根据获取的随机数对分割后每一数据块进行加密,并根据加密结果获得密文数据;Encrypt each divided data block according to the obtained random number, and obtain ciphertext data according to the encryption result;

将获得的密文数据发送至所述用户端。Send the obtained ciphertext data to the client.

这里,CSS接收TTP转发的请求。CSS将对应的请求数据返回给TTP。TTP可以对接收到的数据进行缓存,记为M3。TTP查询存储的信息,确定数据标记。接收完成后,TTP利用数据分割与重组模块重新对文件M3进行分割,将这次分割的结果记为(B3_1,B3_2,B3_3......B3_N),并临时存储这些分块。TTP利用验证模块依次对(B3_1,B3_2,B3_3......B3_N)这些分块计算hash值(H4_1,H4_2,H4_3......H4_N),H4_i=hash(B3_i),hash代表哈希算法,i表示分块的序号。TTP对已经存储的数据的哈希值进行分割。得到(H5_1,H5_2,H5_3......H5_N)。TTP比较(H4_1,H4_2,H4_3......H4_N)与(H5_1,H5_2,H5_3......H5_N)。如果二者结果一致,说明数据正确,可以继续进行以下步骤。如果二者不一致,TTP要求CSS重新返回数据。Here, CSS receives the request forwarded by TTP. CSS returns the corresponding request data to TTP. TTP can buffer the received data, which is recorded as M3. TTP queries stored information to determine data tags. After receiving, TTP re-segments the file M3 by using the data segmentation and reorganization module, records the result of this segmentation as (B3_1, B3_2, B3_3...B3_N), and temporarily stores these segments. TTP uses the verification module to sequentially calculate the hash values (H4_1, H4_2, H4_3...H4_N) for these blocks (B3_1, B3_2, B3_3...B3_N), H4_i=hash(B3_i), hash represents Hash algorithm, i represents the sequence number of the block. TTP splits the hash value of the data that has been stored. Get (H5_1, H5_2, H5_3...H5_N). TTP compares (H4_1, H4_2, H4_3...H4_N) with (H5_1, H5_2, H5_3...H5_N). If the two results are consistent, the data is correct, and you can continue with the following steps. If the two are inconsistent, TTP requires CSS to return the data again.

TTP根据数据标记,对数据进行处理并将数据返回给用户端。TTP processes the data according to the data tag and returns the data to the client.

如果需要加密,TTP获取加密对应的随机数,这里记为R3。TTP利用随机数R3与数据分块(B3_1,B3_2,B3_3......B3_N)依次进行异或运算,依次得到(C3_1,C3_2,C3_3.......C3_N)。TTP将(C3_1,C3_2,C3_3.......C3_N)进行重组,得到文件C4。TTP可以将数据标记及C4返回给用户端,[1,C4]。TTP还可以根据发送的数据进行相应记录。If encryption is required, TTP obtains the random number corresponding to the encryption, which is denoted as R3 here. TTP uses random number R3 to perform XOR operation with data blocks (B3_1, B3_2, B3_3... TTP reorganizes (C3_1, C3_2, C3_3....C3_N) to obtain file C4. TTP can return the data tag and C4 to the client, [1, C4]. TTP can also record accordingly according to the data sent.

如果不需要加密,TTP直接将验证通过的数据M3及数据标记发送给用户,[0,M3]。TTP还可以根据发送的数据进行相应记录。If encryption is not required, TTP directly sends the verified data M3 and data mark to the user, [0, M3]. TTP can also record accordingly according to the data sent.

用户端接收TTP返回的数据并存储。用户端利用数据分割与重组模块重新对接收到的数据进行分割,将这次分割的结果记为(B4_1,B4_2,B4_3......B4_N),并存储这些分块。用户端利用完整性验证模块依次对(B4_1,B4_2,B4_3......B4_N)这些分块计算hash值(H6_1,H6_2,H6_3......H6_N),H6_i=hash(B4_i),hash代表哈希算法,i表示分块的序号。用户端对已经存储的哈希值进行分割。得到(H7_1,H7_2,H7_3......H7_N)。用户端比较H7_1,H7_2,H7_3......H7_N)与(H6_1,H6_2,H6_3......H6_N)。如果二者结果一致,继续进行以下步骤。如果二者不一致,用户端请求TTP重新返回数据。用户端依据接收到的数据标记,对数据进行处理,恢复原始数据。The client receives the data returned by TTP and stores it. The client uses the data segmentation and reorganization module to re-segment the received data, records the result of this segmentation as (B4_1, B4_2, B4_3...B4_N), and stores these segments. The client uses the integrity verification module to sequentially calculate the hash values (H6_1, H6_2, H6_3...H6_N) for these blocks (B4_1, B4_2, B4_3...B4_N), H6_i=hash(B4_i) , hash represents the hash algorithm, and i represents the serial number of the block. The client splits the stored hash value. Get (H7_1,H7_2,H7_3...H7_N). The client compares H7_1, H7_2, H7_3...H7_N) with (H6_1, H6_2, H6_3...H6_N). If the results are the same, continue with the following steps. If the two are inconsistent, the client requests TTP to return the data again. The user terminal processes the data according to the received data mark and restores the original data.

如果加密,用户端查询加密对应的随机数,这里记为R4。用户端利用随机数R4与数据分块(B4_1,B4_2,B4_3......B4_N)依次进行异或运算,解密出每一块对应得原始数据,依次得到(C4_1,C4_2,C4_3.......C4_N)。用户端将(C4_1,C4_2,C4_3.......C4_N)进行重组,便可得到原始的数据。If encrypted, the user terminal queries the random number corresponding to the encryption, which is recorded as R4 here. The client uses random number R4 and data blocks (B4_1, B4_2, B4_3...B4_N) to perform XOR operation in turn, decrypts the original data corresponding to each block, and obtains (C4_1, C4_2, C4_3... ....C4_N). The client will reorganize (C4_1, C4_2, C4_3......C4_N) to get the original data.

如果不加密,用户端从TTP返回的数据中可直接获取原始数据。If not encrypted, the client can directly obtain the original data from the data returned by TTP.

可选地,所述在认证通过后,还包括:Optionally, after the authentication is passed, it also includes:

若接收到所述用户端发送的查询请求,则记录所述查询请求,根据所述查询请求从数据列表中确定目标数据列表,其中,所述数据列表由TTP根据所述CSS存储的数据生成;If a query request sent by the client is received, the query request is recorded, and a target data list is determined from a data list according to the query request, wherein the data list is generated by TTP according to the data stored in the CSS;

将所述目标数据列表发送至所述用户端。Sending the target data list to the client.

这里,数据查询是指用户端请求TTP返回满足条件的数据列表的过程。具体的,用户端向TTP发送查询请求。TTP接收该请求,将查询请求信息写入审计模块。TTP进行查询,获取满足查询条件的数据列表。TTP将满足查询条件的数据列表返回给用户端。Here, the data query refers to a process in which the client requests the TTP to return a list of data that meets the conditions. Specifically, the client sends a query request to the TTP. TTP receives the request and writes the query request information into the audit module. TTP performs a query to obtain a list of data that meets the query conditions. TTP returns a list of data that meets the query conditions to the client.

可选地,所述数据请求为数据删除请求,所述数据删除请求由所述用户端根据数据列表确定,所述数据列表由TTP根据所述CSS存储的数据生成。Optionally, the data request is a data deletion request, and the data deletion request is determined by the user terminal according to a data list, and the data list is generated by the TTP according to the data stored in the CSS.

这里,数据删除是指用户端请求TTP删除数据到CSS彻底删除数据的过程。Here, data deletion refers to the process from the client requesting the TTP to delete the data to the CSS completely deleting the data.

具体的,TTP可以向用户端提供数据列表。用户端通过数据列表选择待删除的文件,发送数据删除请求。TTP接收该删除请求,并将删除行为写入审计模块。TTP将上述删除请求发送给CSS。Specifically, TTP can provide a data list to the client. The client selects the file to be deleted through the data list and sends a data deletion request. TTP receives the delete request and writes the delete behavior into the audit module. TTP sends the above delete request to CSS.

可选地,接收所述CSS反馈的信息,根据所述信息发送相应数据至所述用户端,并根据发送的数据进行相应记录,包括:Optionally, receiving the information fed back by the CSS, sending corresponding data to the user terminal according to the information, and performing corresponding recording according to the sent data, including:

接收所述CSS反馈的已删除证明,所述已删除证明由所述CSS在删除与所述数据删除请求对应的数据后生成;receiving a deletion certificate fed back by the CSS, the deletion certificate being generated by the CSS after deleting the data corresponding to the data deletion request;

保存所述已删除证明,向所述用户端反馈删除成功的信息,并根据所述已删除证明更新数据列表,将更新后的数据列表发送至所述用户端,对更新后的数据列表进行相应记录。Save the deleted certificate, feedback the successful deletion information to the user terminal, update the data list according to the deleted certificate, send the updated data list to the user terminal, and perform corresponding processing on the updated data list Record.

这里,CSS接收TTP的请求并删除对应的数据。CSS向TTP发送已删除证明。TTP保存该已删除证明。TTP将CSS的动作及结果写入审计模块。TTP向用户端发送删除成功的信息。TTP删除数据列表中的记录,更新数据列表。TTP向用户端提供已更新的数据列表。Here, CSS receives the TTP request and deletes the corresponding data. CSS sends TTP a proof of deletion. The TTP saves the proof of deletion. TTP writes CSS actions and results into the audit module. TTP sends a message that the deletion is successful to the client. TTP deletes records in the data list and updates the data list. TTP provides the updated list of data to the client.

从上述描述可知,本申请实施例引入了TTP完成对用户以及CSS的认证,只有认证的用户才可以操作,只有通过认证的CSS才可以提供云存储服务;TTP在用户和存储服务器之间进行一定的数据处理过程,进一步增强用户数据的安全性;TTP对用户以及CSS的行为进行记录并审计,并在用户和CSS之间出现问题时提供证据;TTP作为用户与存储服务器之间的仲裁者,对过程中的数据进行验证,对服务器的破坏行为做出制裁,解决传统情况下用户与存储服务器之间的相互诬陷的问题。It can be seen from the above description that the embodiment of the present application introduces TTP to authenticate users and CSSs. Only authenticated users can operate, and only authenticated CSSs can provide cloud storage services; TTP performs certain operations between users and storage servers. The data processing process further enhances the security of user data; TTP records and audits the behavior of users and CSS, and provides evidence when problems occur between users and CSS; TTP acts as an arbiter between users and storage servers, Validate the data in the process, sanction the sabotage of the server, and solve the problem of mutual framing between the user and the storage server in the traditional situation.

对数据自定义安全等级(加密及不加密),两种级别对应不同的处理过程。Customize the security level (encrypted and unencrypted) for the data, and the two levels correspond to different processing procedures.

对数据的分块操作,解决大文件读写慢的问题。另外,对数据进行分块,再针对块进行计算有效提高计算效率。The block operation of data solves the problem of slow reading and writing of large files. In addition, the data is divided into blocks, and then the calculation is performed on the blocks to effectively improve the calculation efficiency.

对数据的加密操作采用简单的异或运算进行,可以实现数据的机密性要求的同时减少了计算量、提高了计算速度。The encryption operation of the data is carried out by using a simple XOR operation, which can meet the confidentiality requirements of the data, reduce the amount of calculation, and improve the calculation speed.

对数据的解密操作通过简单的异或运算就可以实现,计算量小,运算速度快;The decryption operation of the data can be realized by a simple XOR operation, the calculation amount is small, and the operation speed is fast;

异或运算的次数可扩展,可以通过次数及调整分块大小的方式提高安全性。The number of XOR operations can be extended, and security can be improved by adjusting the number of times and the block size.

TTP提供用户列表,解决用户因为时间久而忘记的情况。TTP provides a user list to solve the situation that users forget for a long time.

TTP要求CSS提供文件存在证明以及文件删除证明,有效防止CSS恶意删除用户文件。TTP requires CSS to provide proof of file existence and proof of file deletion, effectively preventing CSS from maliciously deleting user files.

CSS对数据的不同分段分布式存储,采用分片和多副本的方式,防止在一个或几个服务器出现问题后数据无法恢复的问题。CSS uses sharding and multiple copies to store data in different segments in a distributed manner to prevent data from being unrecoverable after one or several servers fail.

图6为本申请实施例提供的另一种数据处理方法的流程示意图,本申请实施例的执行主体可以为图1所示实施例中的TTP。如图6所示,该方法包括:FIG. 6 is a schematic flowchart of another data processing method provided by an embodiment of the present application, and the execution body of the embodiment of the present application may be the TTP in the embodiment shown in FIG. 1 . As shown in Figure 6, the method includes:

S601:接收用户端发送的认证请求,基于该认证请求进行用户认证。S601: Receive an authentication request sent by a client, and perform user authentication based on the authentication request.

S602:在认证通过后,若接收到用户端发送的数据上传请求,该数据上传请求携带上传数据,该上传数据包括数据标记、完整数据以及哈希值,其中,上述哈希值根据上述完整数据确定,则对上述完整数据进行分割,并计算分割后每一数据块的哈希值。S602: After the authentication is passed, if a data upload request sent by the client is received, the data upload request carries the upload data, and the upload data includes a data tag, complete data and a hash value, wherein the above-mentioned hash value is based on the above-mentioned complete data. If determined, the above complete data is divided, and the hash value of each data block after the division is calculated.

S603:根据上述上传数据中的哈希值和计算的哈希值,判断上述完整数据是否正确。S603: Determine whether the above-mentioned complete data is correct according to the hash value in the above-mentioned uploaded data and the calculated hash value.

S604:若上述完整数据正确,则根据上述数据标记进行数据处理,将处理后的数据发送至CSS进行存储,并根据发送的数据进行相应记录。S604: If the above-mentioned complete data is correct, perform data processing according to the above-mentioned data mark, send the processed data to the CSS for storage, and perform corresponding recording according to the sent data.

S605:接收CSS反馈的存储结果,根据该存储结果生成数据列表,将该数据列表发送至用户端,并对上述数据列表进行相应记录。S605: Receive the storage result fed back by the CSS, generate a data list according to the storage result, send the data list to the client, and record the above data list accordingly.

S606:在认证通过后,若接收到用户端发送的数据下载请求,该数据下载请求由用户端根据数据列表确定,该数据列表由TTP根据CSS存储的数据生成,则根据上述数据下载请求发送相应数据至CSS,并根据发送的数据进行相应记录。S606: After the authentication is passed, if a data download request sent by the client is received, the data download request is determined by the client according to the data list, and the data list is generated by the TTP according to the data stored in the CSS, and the corresponding data download request is sent according to the above-mentioned data download request. data to CSS and recorded accordingly according to the data sent.

S607:接收CSS反馈的待下载数据,该待下载数据由CSS根据上述数据下载请求确定,对上述待下载数据进行分割,并计算分割后每一数据块的哈希值。S607: Receive the data to be downloaded fed back by the CSS, the data to be downloaded is determined by the CSS according to the data download request, the data to be downloaded is divided, and the hash value of each data block after the division is calculated.

S608:根据储存的待下载数据对应的哈希值和计算的哈希值,判断待下载数据是否正确;S608: According to the stored hash value corresponding to the data to be downloaded and the calculated hash value, determine whether the data to be downloaded is correct;

S609:若待下载数据正确,则根据待下载数据对应的数据标记进行数据处理,将处理后的数据发送至用户端,并根据发送的数据进行相应记录。S609: If the data to be downloaded is correct, perform data processing according to the data tag corresponding to the data to be downloaded, send the processed data to the client, and perform corresponding recording according to the sent data.

S610:在认证通过后,若接收到用户端发送的数据删除请求,该数据删除请求由用户端根据数据列表确定,该数据列表由TTP根据CSS存储的数据生成,则根据上述数据删除请求发送相应数据至CSS,并根据发送的数据进行相应记录。S610: After the authentication is passed, if a data deletion request sent by the client is received, the data deletion request is determined by the client according to the data list, and the data list is generated by the TTP according to the data stored in the CSS, and the corresponding data deletion request is sent according to the above data deletion request. data to CSS and recorded accordingly according to the data sent.

S611:接收CSS反馈的已删除证明,该已删除证明由CSS在删除与上述数据删除请求对应的数据后生成,保存已删除证明,向用户端反馈删除成功的信息,并根据已删除证明更新数据列表,将更新后的数据列表发送至用户端,对更新后的数据列表进行相应记录。S611: Receive the deletion certificate fed back by the CSS, where the deletion certificate is generated by the CSS after deleting the data corresponding to the above data deletion request, save the deletion certificate, feed back the successful deletion information to the user, and update the data according to the deletion certificate list, send the updated data list to the client, and record the updated data list accordingly.

S612:在认证通过后,若接收到用户端发送的查询请求,则记录该查询请求,根据该查询请求从数据列表中确定目标数据列表,其中,上述数据列表由TTP根据CSS存储的数据生成。S612: After the authentication is passed, if the query request sent by the client is received, the query request is recorded, and the target data list is determined from the data list according to the query request, wherein the data list is generated by the TTP according to the data stored in the CSS.

S613:将上述目标数据列表发送至用户端。S613: Send the above target data list to the client.

本申请实施例提供的数据处理方法,引入TTP完成对用户以及CSS的认证,只有认证的用户才可以操作,只有通过认证的CSS才可以提供云存储服务;在用户和存储服务器之间进行一定的数据处理过程,进一步增强用户数据的安全性;对用户以及CSS的行为进行记录,可以在用户和CSS之间出现问题时提供证据,解决传统情况下用户与存储服务器之间的相互诬陷的问题。In the data processing method provided by the embodiment of this application, TTP is introduced to complete the authentication of users and CSSs. Only authenticated users can operate, and only authenticated CSSs can provide cloud storage services; The data processing process further enhances the security of user data; recording the behavior of users and CSS can provide evidence when problems occur between users and CSS, and solve the traditional problem of mutual framing between users and storage servers.

对应于上文实施例的数据处理方法,图7为本申请实施例提供的一种数据处理设备的结构示意图。为了便于说明,仅示出了与本申请实施例相关的部分。图7为本申请实施例提供的一种数据处理设备的结构示意图。如图7所示,该数据处理设备70包括:接收模块701、第一处理模块702以及第二处理模块703。Corresponding to the data processing method of the above embodiment, FIG. 7 is a schematic structural diagram of a data processing device provided by an embodiment of the present application. For the convenience of description, only the parts related to the embodiments of the present application are shown. FIG. 7 is a schematic structural diagram of a data processing device according to an embodiment of the present application. As shown in FIG. 7 , the data processing device 70 includes: a receiving module 701 , a first processing module 702 and a second processing module 703 .

其中,接收模块701,用于接收用户端发送的认证请求,基于所述认证请求进行用户认证。The receiving module 701 is configured to receive an authentication request sent by a user terminal, and perform user authentication based on the authentication request.

第一处理模块702,用于在认证通过后,若接收到所述用户端发送的数据请求,则根据所述数据请求发送相应数据至CSS,并根据发送的数据进行相应记录。The first processing module 702 is configured to send corresponding data to the CSS according to the data request after receiving the data request sent by the user terminal after passing the authentication, and perform corresponding recording according to the sent data.

第二处理模块703,用于接收所述CSS反馈的信息,根据接收的信息发送相应数据至所述用户端,并根据发送的数据进行相应记录。The second processing module 703 is configured to receive the information fed back by the CSS, send corresponding data to the user terminal according to the received information, and perform corresponding recording according to the sent data.

在一种可能的设计中,所述数据请求为数据上传请求,所述数据上传请求携带上传数据,所述上传数据包括数据标记、完整数据以及哈希值,其中,所述哈希值根据所述完整数据确定。In a possible design, the data request is a data upload request, the data upload request carries upload data, and the upload data includes a data tag, complete data and a hash value, wherein the hash value is based on the The complete data is determined.

所述第一处理模块702根据所述数据请求发送相应数据至CSS,并根据发送的数据进行相应记录,包括:The first processing module 702 sends corresponding data to the CSS according to the data request, and performs corresponding recording according to the sent data, including:

对所述完整数据进行分割,并计算分割后每一数据块的哈希值;Splitting the complete data, and calculating the hash value of each data block after splitting;

根据所述上传数据中的哈希值和计算的哈希值,判断所述完整数据是否正确;According to the hash value in the uploaded data and the calculated hash value, determine whether the complete data is correct;

若所述完整数据正确,则根据所述数据标记进行数据处理,将处理后的数据发送至所述CSS进行存储,并根据发送的数据进行相应记录。If the complete data is correct, data processing is performed according to the data mark, the processed data is sent to the CSS for storage, and corresponding recording is performed according to the sent data.

在一种可能的设计中,所述第二处理模块703接收所述CSS反馈的信息,根据所述信息发送相应数据至所述用户端,并根据发送的数据进行相应记录,包括:In a possible design, the second processing module 703 receives the information fed back by the CSS, sends corresponding data to the client according to the information, and performs corresponding recording according to the sent data, including:

接收所述CSS反馈的存储结果,根据所述存储结果生成数据列表,将所述数据列表发送至所述用户端,并对所述数据列表进行相应记录。Receive the storage result fed back by the CSS, generate a data list according to the storage result, send the data list to the client, and record the data list accordingly.

在一种可能的设计中,所述第一处理模块702根据所述数据标记进行数据处理,将处理后的数据发送至所述CSS进行存储,包括:In a possible design, the first processing module 702 performs data processing according to the data tag, and sends the processed data to the CSS for storage, including:

根据所述数据标记判断是否需要进行数据加密;Determine whether data encryption needs to be performed according to the data mark;

若判定需要进行数据加密,则分别生成与分割后每一数据块对应的随机数;If it is determined that data encryption is required, a random number corresponding to each data block after division is generated respectively;

根据生成的随机数对分割后每一数据块进行加密,并根据加密结果获得密文数据;Encrypt each data block after division according to the generated random number, and obtain ciphertext data according to the encryption result;

将获得的密文数据发送至所述CSS进行存储。The obtained ciphertext data is sent to the CSS for storage.

在一种可能的设计中,所述数据请求为数据下载请求,所述数据下载请求由所述用户端根据数据列表确定,所述数据列表由TTP根据所述CSS存储的数据生成。In a possible design, the data request is a data download request, and the data download request is determined by the user terminal according to a data list, and the data list is generated by the TTP according to the data stored in the CSS.

所述第二处理模块703接收所述CSS反馈的信息,根据所述信息发送相应数据至所述用户端,并根据发送的数据进行相应记录,包括:The second processing module 703 receives the information fed back by the CSS, sends corresponding data to the client according to the information, and performs corresponding records according to the sent data, including:

接收所述CSS反馈的待下载数据,所述待下载数据由所述CSS根据所述数据下载请求确定;receiving the data to be downloaded fed back by the CSS, where the data to be downloaded is determined by the CSS according to the data download request;

对所述待下载数据进行分割,并计算分割后每一数据块的哈希值;Splitting the data to be downloaded, and calculating the hash value of each data block after splitting;

根据储存的所述待下载数据对应的哈希值和计算的哈希值,判断所述待下载数据是否正确;According to the stored hash value corresponding to the data to be downloaded and the calculated hash value, determine whether the data to be downloaded is correct;

若所述待下载数据正确,则根据所述待下载数据对应的数据标记进行数据处理,将处理后的数据发送至所述用户端,并根据发送的数据进行相应记录。If the data to be downloaded is correct, data processing is performed according to the data tag corresponding to the data to be downloaded, the processed data is sent to the client, and corresponding records are performed according to the sent data.

在一种可能的设计中,所述第二处理模块703根据所述待下载数据对应的数据标记进行数据处理,将处理后的数据发送至所述用户端,包括:In a possible design, the second processing module 703 performs data processing according to the data tag corresponding to the data to be downloaded, and sends the processed data to the client, including:

根据所述数据标记判断是否需要进行数据加密;Determine whether data encryption needs to be performed according to the data mark;

若判定需要进行数据加密,则获取与分割后每一数据块对应的随机数;If it is determined that data encryption is required, obtain a random number corresponding to each data block after division;

根据获取的随机数对分割后每一数据块进行加密,并根据加密结果获得密文数据;Encrypt each divided data block according to the obtained random number, and obtain ciphertext data according to the encryption result;

将获得的密文数据发送至所述用户端。Send the obtained ciphertext data to the client.

在一种可能的设计中,所述数据请求为数据删除请求,所述数据删除请求由所述用户端根据数据列表确定,所述数据列表由TTP根据所述CSS存储的数据生成。In a possible design, the data request is a data deletion request, and the data deletion request is determined by the user terminal according to a data list, and the data list is generated by the TTP according to the data stored in the CSS.

所述第二处理模块703接收所述CSS反馈的信息,根据所述信息发送相应数据至所述用户端,并根据发送的数据进行相应记录,包括:The second processing module 703 receives the information fed back by the CSS, sends corresponding data to the client according to the information, and performs corresponding records according to the sent data, including:

接收所述CSS反馈的已删除证明,所述已删除证明由所述CSS在删除与所述数据删除请求对应的数据后生成;receiving a deletion certificate fed back by the CSS, the deletion certificate being generated by the CSS after deleting the data corresponding to the data deletion request;

保存所述已删除证明,向所述用户端反馈删除成功的信息,并根据所述已删除证明更新数据列表,将更新后的数据列表发送至所述用户端,对更新后的数据列表进行相应记录。Save the deleted certificate, feedback the successful deletion information to the user terminal, update the data list according to the deleted certificate, send the updated data list to the user terminal, and perform corresponding processing on the updated data list Record.

在一种可能的设计中,所述第一处理模块702在认证通过后,还用于:In a possible design, after passing the authentication, the first processing module 702 is further configured to:

若接收到所述用户端发送的查询请求,则记录所述查询请求,根据所述查询请求从数据列表中确定目标数据列表,其中,所述数据列表由TTP根据所述CSS存储的数据生成;If a query request sent by the client is received, the query request is recorded, and a target data list is determined from a data list according to the query request, wherein the data list is generated by TTP according to the data stored in the CSS;

将所述目标数据列表发送至所述用户端。Sending the target data list to the client.

本申请实施例提供的设备,可用于执行上述方法实施例的技术方案,其实现原理和技术效果类似,本申请实施例此处不再赘述。The devices provided in the embodiments of the present application can be used to implement the technical solutions of the foregoing method embodiments, and the implementation principles and technical effects thereof are similar, and details are not described herein again in the embodiments of the present application.

图8为本发明实施例提供的数据处理设备的硬件结构示意图。如图8所示,本实施例的数据处理设备80包括:处理器801以及存储器802;其中FIG. 8 is a schematic diagram of a hardware structure of a data processing device according to an embodiment of the present invention. As shown in FIG. 8 , the data processing device 80 in this embodiment includes: a processor 801 and a memory 802; wherein

存储器802,用于存储计算机执行指令;a memory 802 for storing computer-executed instructions;

处理器801,用于执行存储器存储的计算机执行指令,以实现如下步骤:The processor 801 is configured to execute computer-executed instructions stored in the memory to implement the following steps:

接收用户端发送的认证请求,基于所述认证请求进行用户认证;Receive the authentication request sent by the client, and perform user authentication based on the authentication request;

在认证通过后,若接收到所述用户端发送的数据请求,则根据所述数据请求发送相应数据至CSS,并根据发送的数据进行相应记录;After the authentication is passed, if a data request sent by the client is received, corresponding data is sent to the CSS according to the data request, and corresponding records are performed according to the sent data;

接收所述CSS反馈的信息,根据接收的信息发送相应数据至所述用户端,并根据发送的数据进行相应记录。Receive the information fed back by the CSS, send corresponding data to the user terminal according to the received information, and perform corresponding recording according to the sent data.

在一种可能的设计中,所述数据请求为数据上传请求,所述数据上传请求携带上传数据,所述上传数据包括数据标记、完整数据以及哈希值,其中,所述哈希值根据所述完整数据确定;In a possible design, the data request is a data upload request, the data upload request carries upload data, and the upload data includes a data tag, complete data and a hash value, wherein the hash value is based on the The complete data is determined;

所述根据所述数据请求发送相应数据至CSS,并根据发送的数据进行相应记录,包括:The sending corresponding data to the CSS according to the data request, and performing corresponding recording according to the sent data, including:

对所述完整数据进行分割,并计算分割后每一数据块的哈希值;The complete data is divided, and the hash value of each data block after the division is calculated;

根据所述上传数据中的哈希值和计算的哈希值,判断所述完整数据是否正确;According to the hash value in the uploaded data and the calculated hash value, determine whether the complete data is correct;

若所述完整数据正确,则根据所述数据标记进行数据处理,将处理后的数据发送至所述CSS进行存储,并根据发送的数据进行相应记录。If the complete data is correct, data processing is performed according to the data mark, the processed data is sent to the CSS for storage, and corresponding recording is performed according to the sent data.

在一种可能的设计中,所述接收所述CSS反馈的信息,根据所述信息发送相应数据至所述用户端,并根据发送的数据进行相应记录,包括:In a possible design, the receiving the information fed back by the CSS, sending corresponding data to the user terminal according to the information, and performing corresponding recording according to the sent data, including:

接收所述CSS反馈的存储结果,根据所述存储结果生成数据列表,将所述数据列表发送至所述用户端,并对所述数据列表进行相应记录。Receive the storage result fed back by the CSS, generate a data list according to the storage result, send the data list to the client, and record the data list accordingly.

在一种可能的设计中,所述根据所述数据标记进行数据处理,将处理后的数据发送至所述CSS进行存储,包括:In a possible design, the performing data processing according to the data tag, and sending the processed data to the CSS for storage, includes:

根据所述数据标记判断是否需要进行数据加密;Determine whether data encryption needs to be performed according to the data mark;

若判定需要进行数据加密,则分别生成与分割后每一数据块对应的随机数;If it is determined that data encryption is required, a random number corresponding to each data block after division is generated respectively;

根据生成的随机数对分割后每一数据块进行加密,并根据加密结果获得密文数据;Encrypt each data block after division according to the generated random number, and obtain ciphertext data according to the encryption result;

将获得的密文数据发送至所述CSS进行存储。The obtained ciphertext data is sent to the CSS for storage.

在一种可能的设计中,所述数据请求为数据下载请求,所述数据下载请求由所述用户端根据数据列表确定,所述数据列表由TTP根据所述CSS存储的数据生成;In a possible design, the data request is a data download request, and the data download request is determined by the user terminal according to a data list, and the data list is generated by TTP according to the data stored in the CSS;

所述接收所述CSS反馈的信息,根据所述信息发送相应数据至所述用户端,并根据发送的数据进行相应记录,包括:The receiving the information fed back by the CSS, sending corresponding data to the client according to the information, and performing corresponding recording according to the sent data, including:

接收所述CSS反馈的待下载数据,所述待下载数据由所述CSS根据所述数据下载请求确定;receiving the data to be downloaded fed back by the CSS, where the data to be downloaded is determined by the CSS according to the data download request;

对所述待下载数据进行分割,并计算分割后每一数据块的哈希值;Splitting the data to be downloaded, and calculating the hash value of each data block after splitting;

根据储存的所述待下载数据对应的哈希值和计算的哈希值,判断所述待下载数据是否正确;According to the stored hash value corresponding to the data to be downloaded and the calculated hash value, determine whether the data to be downloaded is correct;

若所述待下载数据正确,则根据所述待下载数据对应的数据标记进行数据处理,将处理后的数据发送至所述用户端,并根据发送的数据进行相应记录。If the data to be downloaded is correct, data processing is performed according to the data tag corresponding to the data to be downloaded, the processed data is sent to the client, and corresponding records are performed according to the sent data.

在一种可能的设计中,所述根据所述待下载数据对应的数据标记进行数据处理,将处理后的数据发送至所述用户端,包括:In a possible design, performing data processing according to a data tag corresponding to the data to be downloaded, and sending the processed data to the client, includes:

根据所述数据标记判断是否需要进行数据加密;Determine whether data encryption needs to be performed according to the data mark;

若判定需要进行数据加密,则获取与分割后每一数据块对应的随机数;If it is determined that data encryption is required, obtain a random number corresponding to each data block after division;

根据获取的随机数对分割后每一数据块进行加密,并根据加密结果获得密文数据;Encrypt each divided data block according to the obtained random number, and obtain ciphertext data according to the encryption result;

将获得的密文数据发送至所述用户端。Send the obtained ciphertext data to the client.

在一种可能的设计中,所述数据请求为数据删除请求,所述数据删除请求由所述用户端根据数据列表确定,所述数据列表由TTP根据所述CSS存储的数据生成;In a possible design, the data request is a data deletion request, and the data deletion request is determined by the user terminal according to a data list, and the data list is generated by TTP according to the data stored in the CSS;

所述接收所述CSS反馈的信息,根据所述信息发送相应数据至所述用户端,并根据发送的数据进行相应记录,包括:The receiving the information fed back by the CSS, sending corresponding data to the client according to the information, and performing corresponding recording according to the sent data, including:

接收所述CSS反馈的已删除证明,所述已删除证明由所述CSS在删除与所述数据删除请求对应的数据后生成;receiving a deletion certificate fed back by the CSS, the deletion certificate being generated by the CSS after deleting the data corresponding to the data deletion request;

保存所述已删除证明,向所述用户端反馈删除成功的信息,并根据所述已删除证明更新数据列表,将更新后的数据列表发送至所述用户端,对更新后的数据列表进行相应记录。Save the deleted certificate, feedback the successful deletion information to the user terminal, update the data list according to the deleted certificate, send the updated data list to the user terminal, and perform corresponding processing on the updated data list Record.

在一种可能的设计中,所述在认证通过后,还包括:In a possible design, after the authentication is passed, the method further includes:

若接收到所述用户端发送的查询请求,则记录所述查询请求,根据所述查询请求从数据列表中确定目标数据列表,其中,所述数据列表由TTP根据所述CSS存储的数据生成;将所述目标数据列表发送至所述用户端。If a query request sent by the client is received, the query request is recorded, and a target data list is determined from a data list according to the query request, wherein the data list is generated by TTP according to the data stored in the CSS; Sending the target data list to the client.

可选地,存储器802既可以是独立的,也可以跟处理器801集成在一起。Optionally, the memory 802 may be independent or integrated with the processor 801 .

当存储器802独立设置时,该数据处理设备还包括总线803,用于连接所述存储器802和处理器801。When the memory 802 is set independently, the data processing device further includes a bus 803 for connecting the memory 802 and the processor 801 .

本发明实施例提供一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机执行指令,当处理器执行所述计算机执行指令时,实现如上所述的数据处理方法。An embodiment of the present invention provides a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and when a processor executes the computer-executable instructions, the above-described data processing method is implemented.

在本发明所提供的几个实施例中,应该理解到,所揭露的设备和方法,可以通过其它的方式实现。例如,以上所描述的设备实施例仅仅是示意性的,例如,所述模块的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个模块可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或模块的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the device embodiments described above are only illustrative. For example, the division of the modules is only a logical function division. In actual implementation, there may be other division methods. For example, multiple modules may be combined or integrated. to another system, or some features can be ignored, or not implemented. On the other hand, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or modules, and may be in electrical, mechanical or other forms.

所述作为分离部件说明的模块可以是或者也可以不是物理上分开的,作为模块显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。The modules described as separate components may or may not be physically separated, and components shown as modules may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution in this embodiment.

另外,在本发明各个实施例中的各功能模块可以集成在一个处理单元中,也可以是各个模块单独物理存在,也可以两个或两个以上模块集成在一个单元中。上述模块成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。In addition, each functional module in each embodiment of the present invention may be integrated into one processing unit, or each module may exist physically alone, or two or more modules may be integrated into one unit. The units formed by the above modules can be implemented in the form of hardware, or can be implemented in the form of hardware plus software functional units.

上述以软件功能模块的形式实现的集成的模块,可以存储在一个计算机可读取存储介质中。上述软件功能模块存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)或处理器(英文:processor)执行本申请各个实施例所述方法的部分步骤。The above-mentioned integrated modules implemented in the form of software functional modules may be stored in a computer-readable storage medium. The above-mentioned software function modules are stored in a storage medium, and include several instructions to enable a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (English: processor) to execute the various embodiments of the present application. part of the method.

应理解,上述处理器可以是中央处理单元(Central Processing Unit,简称CPU),还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,简称DSP)、专用集成电路(Application Specific Integrated Circuit,简称ASIC)等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。结合发明所公开的方法的步骤可以直接体现为硬件处理器执行完成,或者用处理器中的硬件及软件模块组合执行完成。It should be understood that the above-mentioned processor may be a central processing unit (Central Processing Unit, CPU for short), or other general-purpose processors, digital signal processors (Digital Signal Processor, DSP for short), application specific integrated circuit (Application Specific Integrated Circuit, Referred to as ASIC) and so on. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in conjunction with the invention can be directly embodied as executed by a hardware processor, or executed by a combination of hardware and software modules in the processor.

存储器可能包含高速RAM存储器,也可能还包括非易失性存储NVM,例如至少一个磁盘存储器,还可以为U盘、移动硬盘、只读存储器、磁盘或光盘等。总线可以是工业标准体系结构(Industry Standard Architecture,简称ISA)总线、外部设备互连(PeripheralComponent Interconnect,简称PCI)总线或扩展工业标准体系结构(Extended IndustryStandard Architecture,简称EISA)总线等。总线可以分为地址总线、数据总线、控制总线等。为便于表示,本申请附图中的总线并不限定仅有一根总线或一种类型的总线。The memory may include high-speed RAM memory, and may also include non-volatile storage NVM, such as at least one magnetic disk memory, and may also be a U disk, a removable hard disk, a read-only memory, a magnetic disk or an optical disk, and the like. The bus may be an Industry Standard Architecture (ISA for short) bus, a Peripheral Component Interconnect (PCI for short) bus or an Extended Industry Standard Architecture (EISA for short) bus, or the like. The bus can be divided into address bus, data bus, control bus and so on. For convenience of representation, the buses in the drawings of the present application are not limited to only one bus or one type of bus.

上述存储介质可以是由任何类型的易失性或非易失性存储设备或者它们的组合实现,如静态随机存取存储器(SRAM),电可擦除可编程只读存储器(EEPROM),可擦除可编程只读存储器(EPROM),可编程只读存储器(PROM),只读存储器(ROM),磁存储器,快闪存储器,磁盘或光盘。存储介质可以是通用或专用计算机能够存取的任何可用介质。The above-mentioned storage medium may be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as static random access memory (SRAM), electrically erasable programmable read only memory (EEPROM), erasable Except programmable read only memory (EPROM), programmable read only memory (PROM), read only memory (ROM), magnetic memory, flash memory, magnetic disk or optical disk. A storage medium can be any available medium that can be accessed by a general purpose or special purpose computer.

一种示例性的存储介质耦合至处理器,从而使处理器能够从该存储介质读取信息,且可向该存储介质写入信息。当然,存储介质也可以是处理器的组成部分。处理器和存储介质可以位于专用集成电路(Application Specific Integrated Circuits,简称ASIC)中。当然,处理器和存储介质也可以作为分立组件存在于电子设备或主控设备中。An exemplary storage medium is coupled to the processor, such that the processor can read information from, and write information to, the storage medium. Of course, the storage medium can also be an integral part of the processor. The processor and the storage medium may be located in application specific integrated circuits (Application Specific Integrated Circuits, ASIC for short). Of course, the processor and the storage medium may also exist in the electronic device or the host device as discrete components.

本领域普通技术人员可以理解:实现上述各方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成。前述的程序可以存储于一计算机可读取存储介质中。该程序在执行时,执行包括上述各方法实施例的步骤;而前述的存储介质包括:ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。Those of ordinary skill in the art can understand that all or part of the steps of implementing the above method embodiments may be completed by program instructions related to hardware. The aforementioned program can be stored in a computer-readable storage medium. When the program is executed, the steps including the above method embodiments are executed; and the aforementioned storage medium includes: ROM, RAM, magnetic disk or optical disk and other media that can store program codes.

最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, but not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: The technical solutions described in the foregoing embodiments can still be modified, or some or all of the technical features thereof can be equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the technical solutions of the embodiments of the present invention. scope.

Claims (10)

1.一种数据处理方法,其特征在于,包括:1. a data processing method, is characterized in that, comprises: 接收用户端发送的认证请求,基于所述认证请求进行用户认证;Receive the authentication request sent by the client, and perform user authentication based on the authentication request; 在认证通过后,若接收到所述用户端发送的数据请求,则根据所述数据请求发送相应数据至云存储服务CSS,并根据发送的数据进行相应记录;After the authentication is passed, if a data request sent by the client is received, corresponding data is sent to the cloud storage service CSS according to the data request, and corresponding records are performed according to the sent data; 接收所述CSS反馈的信息,根据接收的信息发送相应数据至所述用户端,并根据发送的数据进行相应记录。Receive the information fed back by the CSS, send corresponding data to the user terminal according to the received information, and perform corresponding recording according to the sent data. 2.根据权利要求1所述的方法,其特征在于,所述数据请求为数据上传请求,所述数据上传请求携带上传数据,所述上传数据包括数据标记、完整数据以及哈希值,其中,所述哈希值根据所述完整数据确定;2. The method according to claim 1, wherein the data request is a data upload request, the data upload request carries upload data, and the upload data includes a data tag, complete data and a hash value, wherein, the hash value is determined according to the complete data; 所述根据所述数据请求发送相应数据至CSS,并根据发送的数据进行相应记录,包括:The sending corresponding data to the CSS according to the data request, and performing corresponding recording according to the sent data, including: 对所述完整数据进行分割,并计算分割后每一数据块的哈希值;Splitting the complete data, and calculating the hash value of each data block after splitting; 根据所述上传数据中的哈希值和计算的哈希值,判断所述完整数据是否正确;According to the hash value in the uploaded data and the calculated hash value, determine whether the complete data is correct; 若所述完整数据正确,则根据所述数据标记进行数据处理,将处理后的数据发送至所述CSS进行存储,并根据发送的数据进行相应记录。If the complete data is correct, data processing is performed according to the data mark, the processed data is sent to the CSS for storage, and corresponding recording is performed according to the sent data. 3.根据权利要求2所述的方法,其特征在于,所述接收所述CSS反馈的信息,根据所述信息发送相应数据至所述用户端,并根据发送的数据进行相应记录,包括:3. The method according to claim 2, wherein the receiving the information fed back by the CSS, sending corresponding data to the user terminal according to the information, and performing corresponding recording according to the sent data, comprising: 接收所述CSS反馈的存储结果,根据所述存储结果生成数据列表,将所述数据列表发送至所述用户端,并对所述数据列表进行相应记录。Receive the storage result fed back by the CSS, generate a data list according to the storage result, send the data list to the client, and record the data list accordingly. 4.根据权利要求2或3所述的方法,其特征在于,所述根据所述数据标记进行数据处理,将处理后的数据发送至所述CSS进行存储,包括:The method according to claim 2 or 3, wherein the performing data processing according to the data mark, and sending the processed data to the CSS for storage, comprises: 根据所述数据标记判断是否需要进行数据加密;Determine whether data encryption needs to be performed according to the data mark; 若判定需要进行数据加密,则分别生成与分割后每一数据块对应的随机数;If it is determined that data encryption is required, a random number corresponding to each data block after division is generated respectively; 根据生成的随机数对分割后每一数据块进行加密,并根据加密结果获得密文数据;Encrypt each data block after division according to the generated random number, and obtain ciphertext data according to the encryption result; 将获得的密文数据发送至所述CSS进行存储。The obtained ciphertext data is sent to the CSS for storage. 5.根据权利要求1所述的方法,其特征在于,所述数据请求为数据下载请求,所述数据下载请求由所述用户端根据数据列表确定,所述数据列表由可信第三方TTP根据所述CSS存储的数据生成;5. The method according to claim 1, wherein the data request is a data download request, and the data download request is determined by the user terminal according to a data list, and the data list is determined by a trusted third party TTP according to the The data stored in the CSS is generated; 所述接收所述CSS反馈的信息,根据所述信息发送相应数据至所述用户端,并根据发送的数据进行相应记录,包括:The receiving the information fed back by the CSS, sending corresponding data to the client according to the information, and performing corresponding recording according to the sent data, including: 接收所述CSS反馈的待下载数据,所述待下载数据由所述CSS根据所述数据下载请求确定;receiving the data to be downloaded fed back by the CSS, where the data to be downloaded is determined by the CSS according to the data download request; 对所述待下载数据进行分割,并计算分割后每一数据块的哈希值;Splitting the data to be downloaded, and calculating the hash value of each data block after splitting; 根据储存的所述待下载数据对应的哈希值和计算的哈希值,判断所述待下载数据是否正确;According to the stored hash value corresponding to the data to be downloaded and the calculated hash value, determine whether the data to be downloaded is correct; 若所述待下载数据正确,则根据所述待下载数据对应的数据标记进行数据处理,将处理后的数据发送至所述用户端,并根据发送的数据进行相应记录。If the data to be downloaded is correct, data processing is performed according to the data tag corresponding to the data to be downloaded, the processed data is sent to the client, and corresponding records are performed according to the sent data. 6.根据权利要求5所述的方法,其特征在于,所述根据所述待下载数据对应的数据标记进行数据处理,将处理后的数据发送至所述用户端,包括:6. The method according to claim 5, wherein the performing data processing according to the data tag corresponding to the data to be downloaded, and sending the processed data to the client, comprises: 根据所述数据标记判断是否需要进行数据加密;Determine whether data encryption needs to be performed according to the data mark; 若判定需要进行数据加密,则获取与分割后每一数据块对应的随机数;If it is determined that data encryption is required, obtain a random number corresponding to each data block after division; 根据获取的随机数对分割后每一数据块进行加密,并根据加密结果获得密文数据;Encrypt each divided data block according to the obtained random number, and obtain ciphertext data according to the encryption result; 将获得的密文数据发送至所述用户端。Send the obtained ciphertext data to the client. 7.根据权利要求1所述的方法,其特征在于,所述数据请求为数据删除请求,所述数据删除请求由所述用户端根据数据列表确定,所述数据列表由TTP根据所述CSS存储的数据生成;The method according to claim 1, wherein the data request is a data deletion request, and the data deletion request is determined by the user terminal according to a data list, and the data list is stored by the TTP according to the CSS data generation; 所述接收所述CSS反馈的信息,根据所述信息发送相应数据至所述用户端,并根据发送的数据进行相应记录,包括:The receiving the information fed back by the CSS, sending corresponding data to the client according to the information, and performing corresponding recording according to the sent data, including: 接收所述CSS反馈的已删除证明,所述已删除证明由所述CSS在删除与所述数据删除请求对应的数据后生成;receiving a deletion certificate fed back by the CSS, the deletion certificate being generated by the CSS after deleting the data corresponding to the data deletion request; 保存所述已删除证明,向所述用户端反馈删除成功的信息,并根据所述已删除证明更新数据列表,将更新后的数据列表发送至所述用户端,对更新后的数据列表进行相应记录。Save the deleted certificate, feedback the successful deletion information to the user terminal, update the data list according to the deleted certificate, send the updated data list to the user terminal, and perform corresponding processing on the updated data list Record. 8.根据权利要求1所述的方法,其特征在于,所述在认证通过后,还包括:8. The method according to claim 1, wherein after the authentication is passed, the method further comprises: 若接收到所述用户端发送的查询请求,则记录所述查询请求,根据所述查询请求从数据列表中确定目标数据列表,其中,所述数据列表由TTP根据所述CSS存储的数据生成;If a query request sent by the client is received, the query request is recorded, and a target data list is determined from a data list according to the query request, wherein the data list is generated by TTP according to the data stored in the CSS; 将所述目标数据列表发送至所述用户端。Sending the target data list to the client. 9.一种数据处理设备,其特征在于,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机执行指令,所述处理器执行所述计算机执行指令时实现权利要求1至8任一项所述的数据处理方法。9. A data processing device, characterized in that it comprises a memory, a processor, and a computer-executable instruction stored in the memory and executable on the processor, wherein the processor implements the computer-executable instruction when the processor executes the computer-executable instruction. The data processing method according to any one of claims 1 to 8. 10.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储有计算机执行指令,当处理器执行所述计算机执行指令时,实现如权利要求1至8任一项所述的数据处理方法。10. A computer-readable storage medium, characterized in that, computer-executable instructions are stored in the computer-readable storage medium, and when a processor executes the computer-executable instructions, the computer-executable instructions as claimed in any one of claims 1 to 8 are implemented. the data processing method described.
CN201911076651.8A 2019-11-06 2019-11-06 Data processing method and device Active CN110798478B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911076651.8A CN110798478B (en) 2019-11-06 2019-11-06 Data processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911076651.8A CN110798478B (en) 2019-11-06 2019-11-06 Data processing method and device

Publications (2)

Publication Number Publication Date
CN110798478A true CN110798478A (en) 2020-02-14
CN110798478B CN110798478B (en) 2022-04-15

Family

ID=69443166

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911076651.8A Active CN110798478B (en) 2019-11-06 2019-11-06 Data processing method and device

Country Status (1)

Country Link
CN (1) CN110798478B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113792345A (en) * 2021-09-18 2021-12-14 国网电子商务有限公司 Data access control method and device
WO2025091904A1 (en) * 2023-11-03 2025-05-08 中兴通讯股份有限公司 Data transmission methods and apparatuses

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103107985A (en) * 2012-12-04 2013-05-15 百度在线网络技术(北京)有限公司 Cloud terminal authentication method, system and device
US20130212487A1 (en) * 2012-01-09 2013-08-15 Visa International Service Association Dynamic Page Content and Layouts Apparatuses, Methods and Systems
CN104184740A (en) * 2014-09-04 2014-12-03 中电长城网际系统应用有限公司 Credible transmission method, credible third party and credible transmission system
CN105516110A (en) * 2015-12-01 2016-04-20 成都汇合乾元科技有限公司 Mobile equipment secure data transmission method
CN106130721A (en) * 2016-08-14 2016-11-16 北京数盾信息科技有限公司 A kind of express network storage encryption equipment
CN106790311A (en) * 2017-03-31 2017-05-31 青岛大学 Cloud Server stores integrality detection method and system
CN109190410A (en) * 2018-09-26 2019-01-11 华中科技大学 A kind of log behavior auditing method based on block chain under cloud storage environment
US20190087588A1 (en) * 2017-09-20 2019-03-21 Citrix Systems, Inc. Secured encrypted shared cloud storage
CN109981736A (en) * 2019-02-22 2019-07-05 南京理工大学 A kind of dynamic public audit method for supporting user and Cloud Server to trust each other
CN110224838A (en) * 2019-06-11 2019-09-10 中国联合网络通信集团有限公司 Data managing method, device and storage medium based on block chain

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130212487A1 (en) * 2012-01-09 2013-08-15 Visa International Service Association Dynamic Page Content and Layouts Apparatuses, Methods and Systems
CN103107985A (en) * 2012-12-04 2013-05-15 百度在线网络技术(北京)有限公司 Cloud terminal authentication method, system and device
CN104184740A (en) * 2014-09-04 2014-12-03 中电长城网际系统应用有限公司 Credible transmission method, credible third party and credible transmission system
CN105516110A (en) * 2015-12-01 2016-04-20 成都汇合乾元科技有限公司 Mobile equipment secure data transmission method
CN106130721A (en) * 2016-08-14 2016-11-16 北京数盾信息科技有限公司 A kind of express network storage encryption equipment
CN106790311A (en) * 2017-03-31 2017-05-31 青岛大学 Cloud Server stores integrality detection method and system
US20190087588A1 (en) * 2017-09-20 2019-03-21 Citrix Systems, Inc. Secured encrypted shared cloud storage
CN109190410A (en) * 2018-09-26 2019-01-11 华中科技大学 A kind of log behavior auditing method based on block chain under cloud storage environment
CN109981736A (en) * 2019-02-22 2019-07-05 南京理工大学 A kind of dynamic public audit method for supporting user and Cloud Server to trust each other
CN110224838A (en) * 2019-06-11 2019-09-10 中国联合网络通信集团有限公司 Data managing method, device and storage medium based on block chain

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
ANKUSH R. DESHMUKH、R. V. MANTE、P. N. CHATUR: ""Cloud Based Deduplication and Self Data Destruction"", 《2017 INTERNATIONAL CONFERENCE ON RECENT TRENDS IN ELECTRICAL, ELECTRONICS AND COMPUTING TECHNOLOGIES (ICRTEECT)》 *
柳玉东、王绪安、涂广升、王涵: ""全生命周期的云外包数据安全审计协议"", 《计算机应用》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113792345A (en) * 2021-09-18 2021-12-14 国网电子商务有限公司 Data access control method and device
WO2025091904A1 (en) * 2023-11-03 2025-05-08 中兴通讯股份有限公司 Data transmission methods and apparatuses

Also Published As

Publication number Publication date
CN110798478B (en) 2022-04-15

Similar Documents

Publication Publication Date Title
JP7044881B2 (en) Distributed storage methods and equipment, computer equipment and storage media
CN108076057B (en) Data security system and method based on block chain
US11943350B2 (en) Systems and methods for re-using cold storage keys
US8527769B2 (en) Secure messaging with read-undeniability and deletion-verifiability
US8650657B1 (en) Storing encrypted objects
JP5196883B2 (en) Information security apparatus and information security system
CN111355705A (en) Data auditing and safety duplicate removal cloud storage system and method based on block chain
CN110635906B (en) Key management method and device for distributed block storage system
CN112804217B (en) A method and device for depositing certificates based on blockchain technology
CN110175169B (en) Encrypted data deduplication method, system and related device
WO2022142112A1 (en) Blockchain-based mail processing method, and mail sending end, mail receiving end and device
CN104809407A (en) Method and system for encrypting, decrypting and verifying cloud storage front end data
CN110826092A (en) A file signature processing system
US8218763B2 (en) Method for ensuring the validity of recovered electronic documents from remote storage
US11626986B1 (en) Method and system of rescinding access to blockchain data
US20240048361A1 (en) Key Management for Cryptography-as-a-service and Data Governance Systems
WO2020000491A1 (en) File storage method and apparatus, and storage medium
CN110598429A (en) Data encryption storage and reading method, terminal equipment and storage medium
CN111970109A (en) Data transmission method and system
CN110798478B (en) Data processing method and device
US12309274B2 (en) Cryptography-as-a-service
CN116015767A (en) A data processing method, device, equipment and medium
EP4348476B1 (en) Method and system of rescinding access to blockchain data
CN108337208B (en) Cloud storage-based data protection method, replacement device, and cloud storage system
CN116346822A (en) Data sharing method, device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载