CN110351276B - Data processing method, device and computer readable storage medium - Google Patents
Data processing method, device and computer readable storage medium Download PDFInfo
- Publication number
- CN110351276B CN110351276B CN201910627890.1A CN201910627890A CN110351276B CN 110351276 B CN110351276 B CN 110351276B CN 201910627890 A CN201910627890 A CN 201910627890A CN 110351276 B CN110351276 B CN 110351276B
- Authority
- CN
- China
- Prior art keywords
- cloud storage
- user node
- node
- storage node
- access code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 23
- 238000004891 communication Methods 0.000 claims description 41
- 238000000034 method Methods 0.000 claims description 28
- 238000004590 computer program Methods 0.000 claims description 17
- 230000015654 memory Effects 0.000 claims description 14
- 238000012795 verification Methods 0.000 claims description 10
- 238000012545 processing Methods 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 5
- 238000013500 data storage Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a data processing method, data processing equipment and a computer readable storage medium. According to the embodiment of the invention, the access code is generated by the cloud storage node, the public key of the user node is adopted to encrypt the access code to obtain the first encryption information, so that the user node can decrypt the first encryption information to obtain the access code, the user node can normally access the cloud storage node according to the access code, the user node does not need to upload data to the cloud storage node every time, or send an access application in the block chain network every time the data is read from the cloud storage node, and the load of the block chain network is reduced.
Description
Technical Field
Embodiments of the present invention relate to the field of communications technologies, and in particular, to a data processing method and device, and a computer-readable storage medium.
Background
Cloud storage is a mode of online storage (english: Cloud storage), i.e., data is stored on multiple virtual servers, usually hosted by third parties, rather than on dedicated servers. Hosting companies operate large data centers, and people who need data storage hosting meet the data storage requirements by buying or leasing storage space. The data center operator prepares the storage virtualized resources at the back end according to the needs of the user, and provides the resources in a storage resource pool (storage pool), so that the user can use the storage resource pool to store the files or objects. In practice, these resources may be distributed over numerous server hosts.
In the prior art, each time a user node uploads data to a cloud storage node, or each time the user node reads data from the cloud storage node, the user node needs to send an access application in a blockchain network, so that the burden of the blockchain network is increased.
Disclosure of Invention
Embodiments of the present invention provide a data processing method, a device, and a computer-readable storage medium, so that the user node does not need to upload data to the cloud storage node each time, or send an access application in the blockchain network each time data is read from the cloud storage node, thereby reducing a load of the blockchain network.
In a first aspect, an embodiment of the present invention provides a data processing method, including:
the cloud storage node receives service request information sent by a user node;
the cloud storage node generates an access code, and encrypts the access code by adopting a public key of the user node to obtain first encryption information;
the cloud storage node sends the first encrypted information to the user node, so that the user node decrypts the first encrypted information according to a private key of the user node to obtain the access code;
the cloud storage node receives a first hash value, second encryption information and a timestamp of target data sent by the user node, wherein the second encryption information is obtained by encrypting the first hash value and the timestamp by the user node by adopting the access code;
the cloud storage node encrypts the first hash value and the timestamp according to the access code to obtain third encryption information;
when the cloud storage node determines that the second encryption information and the third encryption information are the same, the cloud storage node determines to provide the service requested by the service request information to the user node.
In a second aspect, an embodiment of the present invention provides a data processing method, including:
the user node sends service request information to the cloud storage node;
the user node receives first encryption information sent by the cloud storage node, wherein the first encryption information is obtained by encrypting an access code by the cloud storage node by adopting a public key of the user node;
the user node decrypts the first encrypted information by adopting a private key of the user node to obtain the access code;
the user node encrypts a first hash value and a timestamp of target data by adopting the access code to obtain second encryption information;
the user node sends the first hash value, the second encryption information and the timestamp to the cloud storage node, so that the cloud storage node encrypts the first hash value and the timestamp according to the access code to obtain third encryption information, and when the cloud storage node determines that the second encryption information and the third encryption information are the same, the cloud storage node determines to provide the service requested by the service request information for the user node.
In a third aspect, an embodiment of the present invention provides a cloud storage node, including:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
receiving service request information sent by a user node through the communication interface;
generating an access code, and encrypting the access code by adopting a public key of the user node to obtain first encryption information;
sending the first encrypted information to the user node through the communication interface, so that the user node decrypts the first encrypted information according to a private key of the user node to obtain the access code;
receiving a first hash value, second encryption information and a timestamp of target data sent by the user node through the communication interface, wherein the second encryption information is obtained by encrypting the first hash value and the timestamp by the user node by adopting the access code;
encrypting the first hash value and the timestamp according to the access code to obtain third encryption information;
determining to provide the service requested by the service request information to the user node when it is determined that the second encryption information and the third encryption information are the same.
In a fourth aspect, an embodiment of the present invention provides a user node, including:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
sending service request information to a cloud storage node through the communication interface;
receiving first encryption information sent by the cloud storage node through the communication interface, wherein the first encryption information is obtained by encrypting an access code by the cloud storage node by adopting a public key of the user node;
decrypting the first encrypted information by using a private key of the user node to obtain the access code;
encrypting the first hash value and the timestamp of the target data by adopting the access code to obtain second encryption information;
the first hash value, the second encryption information and the timestamp are sent to the cloud storage node through the communication interface, so that the cloud storage node encrypts the first hash value and the timestamp according to the access code to obtain third encryption information, and when the cloud storage node determines that the second encryption information and the third encryption information are the same, the cloud storage node determines to provide the service requested by the service request information for the user node.
In a fifth aspect, the present invention provides a computer-readable storage medium, on which a computer program is stored, the computer program being executed by a processor to implement the method of the first aspect or the second aspect.
According to the data processing method, the data processing device and the computer readable storage medium provided by the embodiment of the invention, the access code is generated through the cloud storage node, the public key of the user node is adopted to encrypt the access code to obtain the first encryption information, so that the user node can obtain the access code by decrypting the first encryption information, and the user node can normally access the cloud storage node according to the access code, so that the user node does not need to upload data to the cloud storage node every time, or send an access application in a block chain network every time the data is read from the cloud storage node, and the burden of the block chain network is reduced.
Drawings
Fig. 1 is a schematic diagram of an application scenario provided in an embodiment of the present invention;
FIG. 2 is a flow chart of a data processing method according to an embodiment of the present invention;
FIG. 3 is a flow chart of a data processing method according to another embodiment of the present invention;
FIG. 4 is a flow chart of a data processing method according to another embodiment of the present invention;
fig. 5 is a schematic structural diagram of a cloud storage node according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a user node according to an embodiment of the present invention.
With the foregoing drawings in mind, certain embodiments of the disclosure have been shown and described in more detail below. These drawings and written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the concepts of the disclosure to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
The data processing method provided by the embodiment of the invention can be applied to the communication system shown in fig. 1. As shown in fig. 1, the communication system includes: the system comprises a user node, an accounting node and a cloud storage node, wherein the user node, the accounting node and the cloud storage node are participating nodes in a block chain network. It is understood that the description is only illustrative and does not limit the number and types of nodes in the blockchain network. The cloud storage node can be one or a plurality of cloud servers, the cloud servers are a server cluster, a plurality of servers are arranged, the server cluster is similar to a universal computer framework, and the cloud servers comprise processors, hard disks, memories, system buses and the like. The user node may specifically be a user terminal, e.g. a smartphone, a tablet, a personal computer, etc.
The data processing method provided by the embodiment of the invention aims to solve the technical problems in the prior art.
The following describes the technical solutions of the present invention and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present invention will be described below with reference to the accompanying drawings.
Fig. 2 is a flowchart of a data processing method according to an embodiment of the present invention. The embodiment of the invention provides a data processing method aiming at the technical problems in the prior art, and the method comprises the following specific steps:
In this embodiment, the cloud storage node may monitor the size of its free storage space in real time or periodically, and send a broadcast message in the blockchain network, where the broadcast message specifically may include at least one of a blockchain identifier of the cloud storage node, the size of the free storage space of the cloud storage node, data storage unit price information (e.g., 1 m/g.month) of the cloud storage node, an IP address of the cloud storage node, and compensation information (e.g., n times of data storage cost) when a storage error occurs in the cloud storage node.
Specifically, the cloud storage node may employ its own private key to sign the broadcast message, and then broadcast the signed broadcast message to the blockchain network. Or, the cloud storage node may sign the broadcast message by using its own private key when the size of the free storage space of the cloud storage node changes, and broadcast the signed broadcast message to the blockchain network.
After the accounting node in the blockchain network receives the broadcast message of the cloud storage node, the broadcast message of the cloud storage node may be stored in a blockchain account book. It can be understood that the blockchain ledger can record broadcast messages of a plurality of cloud storage nodes.
When the user node has data to be stored in the cloud storage node, the user node calculates a hash value of the data to be stored, and here, the hash value of the data to be stored, which is calculated by the user node, is recorded as a first hash value H1. Further, the user node broadcasts a storage application in the blockchain network, wherein the storage application comprises at least one of size information of the data to be stored, the first hash value H1 and a blockchain identifier of the user node. Specifically, the user node may sign the storage application by using its own private key, and further broadcast the signed storage application to the block chain network. In addition, the storage application may further include a blockchain identifier of the cloud storage node specified by the user node. Alternatively, the user node may not designate a cloud storage node.
In addition, if the storage application broadcast by the user node in the blockchain network is an application for uploading data to be stored, at this time, the application includes not only at least one of the size information of the data to be stored, the first hash value H1, and the blockchain identifier of the user node, but also the pre-billable amount and the duration information of the pre-used storage space.
And when the accounting node in the block chain network receives the storage application of the user node, recording the storage application into the block chain account book.
Further, the user node may send service request information to the cloud storage node, where the service request information may specifically be request information for uploading data or request information for downloading data. Correspondingly, the cloud storage node receives service request information sent by the user node.
Before the cloud storage node determines whether to accept the request information of uploading data or downloading data of the user node, the cloud storage node may generate an access code C1, and further, the cloud storage node encrypts the access code C1 according to a predetermined encryption algorithm by using a public key of the user node to obtain first encryption information, where the first encryption information is denoted as Fk (C1). The pre-agreement may specifically refer to pre-agreement between the cloud storage node and the user node.
Further, the cloud storage node sends the first encryption information to the user node. After the user node receives the first encrypted information, the user node decrypts the first encrypted information by using its own private key according to the predetermined decryption algorithm corresponding to the encryption algorithm, so as to obtain the access code C1. Further, the user node encrypts the first hash value H1 and the timestamp of the target data by using the access code C1 to obtain second encryption information, where the target data may be the data to be stored as described above, or the data to be read or downloaded by the user node from the cloud storage node. The timestamp may specifically be the current time. Here, the second encryption information is denoted as CH 1. Further, the user node transmits the first hash value H1, the second encryption information CH1, and the timestamp t1 to the cloud storage node together. Specifically, the user node may send the first hash value H1, the second encryption information CH1, and the timestamp t1 to the cloud storage node together in a peer-to-peer (P2P) manner.
Correspondingly, the cloud storage node receives the first hash value H1, the second encryption information CH1 and the timestamp t1 sent by the user node.
When the cloud storage node receives the first hash value H1, the second encryption information CH1, and the timestamp t1 sent by the user node, the cloud storage node encrypts the first hash value H1 and the timestamp t1 by using an access code C1 generated by the cloud storage node to obtain third encryption information. This third encryption information may be denoted as CH 2. Further, the cloud storage node may determine whether the second encryption information CH1 and the third encryption information CH2 are the same.
When the cloud storage node determines that the second encryption information CH1 and the third encryption information CH2 are the same, the cloud storage node determines that the access code used by the user node is the access code generated by the cloud storage node, i.e., the access code is verified. Correspondingly, the cloud storage node receives a data uploading request or a data downloading request of the user node.
Furthermore, in some embodiments, the cloud storage node may also send the access code directly to the user node by way of P2P, thereby avoiding the access code from being transmitted in a blockchain network.
According to the embodiment of the invention, the access code is generated by the cloud storage node, the public key of the user node is adopted to encrypt the access code to obtain the first encryption information, so that the user node can decrypt the first encryption information to obtain the access code, the user node can normally access the cloud storage node according to the access code, the user node does not need to upload data to the cloud storage node every time, or send an access application in the block chain network every time the data is read from the cloud storage node, and the load of the block chain network is reduced.
Fig. 3 is a flowchart of a data processing method according to another embodiment of the present invention. On the basis of the foregoing embodiment, the data processing method provided in this embodiment specifically includes the following steps:
The specific implementation process and the specific principle of step 301 are the same as those of step 201, and are not described herein again.
The specific implementation process and the specific principle of step 302 are consistent with those of step 202 described above, and are not described herein again.
For example, after the cloud storage node encrypts the access code C1 by using the public key of the user node according to a predetermined encryption algorithm to obtain first encrypted information, the cloud storage node may also sign the first encrypted information by using the private key of the cloud storage node to obtain the signed first encrypted information.
Optionally, the sending, by the cloud storage node, the signed first encryption information to the user node includes: the cloud storage node broadcasts the signed first encryption information to a blockchain network in a broadcast message mode, wherein the broadcast message comprises the signed first encryption information, a blockchain identification of the cloud storage node and a blockchain identification of the user node.
For example, the cloud storage node broadcasts the signed first encryption information to the blockchain network by sending a broadcast message. The broadcast message not only includes the signed first encryption information, but also includes a blockchain identifier of the cloud storage node and a blockchain identifier of the user node.
When the user node in the blockchain network receives the broadcast message, firstly, a public key of the cloud storage node is obtained by inquiring from the blockchain account book according to the blockchain identifier of the cloud storage node, and a signature corresponding to the first encryption information is verified by adopting the public key of the cloud storage node, and when the verification is passed, the user node further decrypts the first encryption information by adopting a private key of the user node to obtain the access code.
The specific implementation process and the specific principle of step 305 are consistent with those of step 204, and are not described herein again.
The specific implementation process and the specific principle of step 306 are the same as those of step 205, and are not described herein again.
The specific implementation process and the specific principle of step 307 are the same as those of step 206, and are not described herein again.
According to the embodiment of the invention, the access code is generated by the cloud storage node, the public key of the user node is adopted to encrypt the access code to obtain the first encryption information, so that the user node can decrypt the first encryption information to obtain the access code, the user node can normally access the cloud storage node according to the access code, the user node does not need to upload data to the cloud storage node every time, or send an access application in the block chain network every time the data is read from the cloud storage node, and the load of the block chain network is reduced.
Fig. 4 is a flowchart of a data processing method according to another embodiment of the present invention. The data processing method provided by the embodiment specifically comprises the following steps:
Before the cloud storage node determines whether to accept the request information of uploading data or downloading data of the user node, the cloud storage node may generate an access code C1, and further, the cloud storage node encrypts the access code C1 according to a predetermined encryption algorithm by using a public key of the user node to obtain first encryption information, where the first encryption information is denoted as Fk (C1). Further, the cloud storage node sends the first encryption information to the user node.
For example, the user node receives first encryption information sent by the cloud storage node.
Optionally, the receiving, by the user node, first encryption information sent by the cloud storage node includes: and the user node receives first encryption information which is sent by the cloud storage node and signed by using a private key of the cloud storage node. For example, in some embodiments, after the cloud storage node encrypts the access code C1 by using the public key of the user node according to a pre-agreed encryption algorithm to obtain first encrypted information, the cloud storage node may further sign the first encrypted information by using the private key of the cloud storage node to obtain the signed first encrypted information. For example, the cloud storage node broadcasts the signed first encryption information to the blockchain network by sending a broadcast message. The broadcast message not only includes the signed first encryption information, but also includes a blockchain identifier of the cloud storage node and a blockchain identifier of the user node.
And step 403, the user node decrypts the first encrypted information by using a private key of the user node to obtain the access code.
Optionally, before the user node decrypts the first encrypted information by using the private key of the user node to obtain the access code, the method further includes: the user node verifies the signature by adopting a public key of the cloud storage node; the user node decrypts the first encrypted information by using the private key of the user node to obtain the access code, and the method includes: and if the signature verification by the user node is passed by adopting the public key of the cloud storage node, the user node decrypts the first encrypted information by adopting the private key of the user node to obtain the access code.
When the user node in the blockchain network receives the broadcast message, firstly, a public key of the cloud storage node is obtained by inquiring from the blockchain account book according to the blockchain identifier of the cloud storage node, and a signature corresponding to the first encryption information is verified by adopting the public key of the cloud storage node, and when the verification is passed, the user node further decrypts the first encryption information by adopting a private key of the user node to obtain the access code.
And step 404, the user node encrypts the first hash value and the timestamp of the target data by using the access code to obtain second encryption information.
Further, the user node encrypts the first hash value H1 and the timestamp of the target data by using the access code C1 to obtain second encryption information, where the target data may be the data to be stored as described above, or the data to be read or downloaded by the user node from the cloud storage node. The timestamp may specifically be the current time. Here, the second encryption information is denoted as CH 1.
Further, the user node transmits the first hash value H1, the second encryption information CH1, and the timestamp t1 to the cloud storage node together. Specifically, the user node may send the first hash value H1, the second encryption information CH1, and the timestamp t1 to the cloud storage node together in a peer-to-peer (P2P) manner. Correspondingly, the cloud storage node receives the first hash value H1, the second encryption information CH1 and the timestamp t1 sent by the user node.
When the cloud storage node receives the first hash value H1, the second encryption information CH1, and the timestamp t1 sent by the user node, the cloud storage node encrypts the first hash value H1 and the timestamp t1 by using an access code C1 generated by the cloud storage node to obtain third encryption information. This third encryption information may be denoted as CH 2. Further, the cloud storage node may determine whether the second encryption information CH1 and the third encryption information CH2 are the same.
When the cloud storage node determines that the second encryption information CH1 and the third encryption information CH2 are the same, the cloud storage node determines that the access code used by the user node is the access code generated by the cloud storage node, i.e., the access code is verified. Correspondingly, the cloud storage node receives a data uploading request or a data downloading request of the user node.
According to the embodiment of the invention, the access code is generated by the cloud storage node, the public key of the user node is adopted to encrypt the access code to obtain the first encryption information, so that the user node can decrypt the first encryption information to obtain the access code, the user node can normally access the cloud storage node according to the access code, the user node does not need to upload data to the cloud storage node every time, or send an access application in the block chain network every time the data is read from the cloud storage node, and the load of the block chain network is reduced.
Fig. 5 is a schematic structural diagram of a cloud storage node according to an embodiment of the present invention. As shown in fig. 5, the cloud storage node 50 may perform the processing procedure provided in the data processing method embodiment, and includes: memory 51, processor 52, computer programs and communication interface 53; wherein the computer program is stored in the memory 51 and is configured to be executed by the processor 52 for: receiving service request information sent by a user node through a communication interface 53; generating an access code, and encrypting the access code by adopting a public key of the user node to obtain first encryption information; sending the first encrypted information to the user node through a communication interface 53, so that the user node decrypts the first encrypted information according to a private key of the user node to obtain the access code; receiving a first hash value, second encryption information and a timestamp of target data sent by the user node through a communication interface 53, wherein the second encryption information is obtained by encrypting the first hash value and the timestamp by the user node by using the access code; encrypting the first hash value and the timestamp according to the access code to obtain third encryption information; determining to provide the service requested by the service request information to the user node when it is determined that the second encryption information and the third encryption information are the same.
Optionally, the processor 52 generates an access code, and encrypts the access code by using the public key of the user node to obtain first encryption information, and is further configured to: signing the first encrypted information by using a private key of the cloud storage node to obtain signed first encrypted information; the processor 52 sends the first encrypted information to the user node through the communication interface 53, so that when the user node decrypts the first encrypted information according to the private key of the user node to obtain the access code, the processor is specifically configured to: and sending the signed first encrypted information to the user node through a communication interface 53, so that the user node verifies the signature by using the public key of the cloud storage node, and when the user node passes the verification of the signature by using the public key of the cloud storage node, the user node decrypts the first encrypted information by using the private key of the user node to obtain the access code.
Optionally, when the processor 52 sends the signed first encryption information to the user node through the communication interface 53, the processor is specifically configured to: and broadcasting the signed first encryption information to a blockchain network in a broadcast message mode through a communication interface 53, wherein the broadcast message comprises the signed first encryption information, the blockchain identifier of the cloud storage node and the blockchain identifier of the user node.
The cloud storage node in the embodiment shown in fig. 5 may be used to execute the technical solution of the above method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 6 is a schematic structural diagram of a user node according to an embodiment of the present invention. As shown in fig. 6, the user node 60 includes: memory 61, processor 62, computer programs and communication interface 63; wherein the computer program is stored in the memory 61 and is configured to be executed by the processor 62 to: sending service request information to a cloud storage node through the communication interface; receiving first encryption information sent by the cloud storage node through the communication interface, wherein the first encryption information is obtained by encrypting an access code by the cloud storage node by adopting a public key of the user node; decrypting the first encrypted information by using a private key of the user node to obtain the access code; encrypting the first hash value and the timestamp of the target data by adopting the access code to obtain second encryption information; the first hash value, the second encryption information and the timestamp are sent to the cloud storage node through the communication interface, so that the cloud storage node encrypts the first hash value and the timestamp according to the access code to obtain third encryption information, and when the cloud storage node determines that the second encryption information and the third encryption information are the same, the cloud storage node determines to provide the service requested by the service request information for the user node.
Optionally, when the processor receives the first encryption information sent by the cloud storage node through the communication interface, the processor is specifically configured to: receiving first encryption information which is sent by the cloud storage node and signed by a private key of the cloud storage node through the communication interface; before the processor decrypts the first encrypted information by using the private key of the user node to obtain the access code, the processor is further configured to: verifying the signature by adopting a public key of the cloud storage node; the processor, when decrypting the first encrypted information by using the private key of the user node to obtain the access code, is specifically configured to: and if the signature passes the verification by adopting the public key of the cloud storage node, decrypting the first encrypted information by adopting the private key of the user node to obtain the access code.
The user node in the embodiment shown in fig. 6 may be configured to execute the technical solution of the method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
In addition, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the data processing method described in the above embodiment.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working process of the device described above, reference may be made to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (11)
1. A data processing method, comprising:
the cloud storage node receives service request information sent by a user node;
the cloud storage node generates an access code, and encrypts the access code by adopting a public key of the user node to obtain first encryption information;
the cloud storage node sends the first encrypted information to the user node, so that the user node decrypts the first encrypted information according to a private key of the user node to obtain the access code;
the cloud storage node receives a first hash value, second encryption information and a timestamp of target data sent by the user node, wherein the second encryption information is obtained by encrypting the first hash value and the timestamp by the user node by adopting the access code;
the cloud storage node encrypts the first hash value and the timestamp according to the access code to obtain third encryption information;
when the cloud storage node determines that the second encryption information and the third encryption information are the same, the cloud storage node determines to provide the service requested by the service request information to the user node.
2. The method according to claim 1, wherein the cloud storage node generates an access code and encrypts the access code using a public key of the user node, and after obtaining the first encryption information, the method further comprises:
the cloud storage node signs the first encryption information by adopting a private key of the cloud storage node to obtain signed first encryption information;
the cloud storage node sends the first encrypted information to the user node so that the user node decrypts the first encrypted information according to a private key of the user node to obtain the access code, and the method includes:
the cloud storage node sends the signed first encrypted information to the user node so that the user node verifies the signature by adopting the public key of the cloud storage node, and when the user node passes the verification of the signature by adopting the public key of the cloud storage node, the user node decrypts the first encrypted information by adopting the private key of the user node to obtain the access code.
3. The method of claim 2, wherein the cloud storage node sends the signed first encryption information to the user node, and wherein the sending comprises:
the cloud storage node broadcasts the signed first encryption information to a blockchain network in a broadcast message mode, wherein the broadcast message comprises the signed first encryption information, a blockchain identification of the cloud storage node and a blockchain identification of the user node.
4. A data processing method, comprising:
the method comprises the steps that a user node sends service request information to a cloud storage node, wherein the cloud storage node is used for generating an access code before determining whether to accept the service request information, encrypting the access code by adopting a public key of the user node to obtain first encryption information, and sending the first encryption information to the user node;
the user node receives first encryption information sent by the cloud storage node;
the user node decrypts the first encrypted information by adopting a private key of the user node to obtain the access code;
the user node encrypts a first hash value and a timestamp of target data by adopting the access code to obtain second encryption information;
the user node sends the first hash value, the second encryption information and the timestamp to the cloud storage node, so that the cloud storage node encrypts the first hash value and the timestamp according to the access code to obtain third encryption information, when the cloud storage node determines that the second encryption information and the third encryption information are the same, the cloud storage node determines that the access code used by the user node is the access code generated by the cloud storage node, and the cloud storage node determines to provide the service requested by the service request information for the user node.
5. The method according to claim 4, wherein the user node receives the first encryption information sent by the cloud storage node, and comprises:
the user node receives first encryption information which is sent by the cloud storage node and signed by a private key of the cloud storage node;
before the user node decrypts the first encrypted information by using the private key of the user node to obtain the access code, the method further includes:
the user node verifies the signature by adopting a public key of the cloud storage node;
the user node decrypts the first encrypted information by using the private key of the user node to obtain the access code, and the method includes:
and if the signature verification by the user node is passed by adopting the public key of the cloud storage node, the user node decrypts the first encrypted information by adopting the private key of the user node to obtain the access code.
6. A cloud storage node, comprising:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
receiving service request information sent by a user node through the communication interface;
generating an access code, and encrypting the access code by adopting a public key of the user node to obtain first encryption information;
sending the first encrypted information to the user node through the communication interface, so that the user node decrypts the first encrypted information according to a private key of the user node to obtain the access code;
receiving a first hash value, second encryption information and a timestamp of target data sent by the user node through the communication interface, wherein the second encryption information is obtained by encrypting the first hash value and the timestamp by the user node by adopting the access code;
encrypting the first hash value and the timestamp according to the access code to obtain third encryption information;
determining to provide the service requested by the service request information to the user node when it is determined that the second encryption information and the third encryption information are the same.
7. The cloud storage node of claim 6, wherein the processor generates an access code, encrypts the access code using a public key of the user node, and after obtaining the first encryption information, is further configured to:
signing the first encrypted information by using a private key of the cloud storage node to obtain signed first encrypted information;
the processor sends the first encrypted information to the user node through the communication interface, so that when the user node decrypts the first encrypted information according to the private key of the user node to obtain the access code, the processor is specifically configured to:
and sending the signed first encrypted information to the user node through the communication interface so that the user node verifies the signature by adopting the public key of the cloud storage node, and when the user node passes the verification of the signature by adopting the public key of the cloud storage node, decrypting the first encrypted information by adopting the private key of the user node by the user node to obtain the access code.
8. The cloud storage node of claim 7, wherein when the processor sends the signed first encryption information to the user node through the communication interface, the processor is specifically configured to:
and broadcasting the signed first encryption information to a blockchain network in a mode of broadcast message through the communication interface, wherein the broadcast message comprises the signed first encryption information, the blockchain identifier of the cloud storage node and the blockchain identifier of the user node.
9. A user node, comprising:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
sending service request information to a cloud storage node through the communication interface, wherein the cloud storage node is used for generating an access code before determining whether to accept the service request information, encrypting the access code by adopting a public key of the user node to obtain first encryption information, and sending the first encryption information to the user node;
receiving first encryption information sent by the cloud storage node through the communication interface;
decrypting the first encrypted information by using a private key of the user node to obtain the access code;
encrypting the first hash value and the timestamp of the target data by adopting the access code to obtain second encryption information;
the first hash value, the second encryption information and the timestamp are sent to the cloud storage node through the communication interface, so that the cloud storage node encrypts the first hash value and the timestamp according to the access code to obtain third encryption information, when the cloud storage node determines that the second encryption information and the third encryption information are the same, the cloud storage node determines that the access code used by the user node is the access code generated by the cloud storage node, and the cloud storage node determines to provide the service requested by the service request information for the user node.
10. The user node according to claim 9, wherein when the processor receives the first encryption information sent by the cloud storage node through the communication interface, the processor is specifically configured to:
receiving first encryption information which is sent by the cloud storage node and signed by a private key of the cloud storage node through the communication interface;
before the processor decrypts the first encrypted information by using the private key of the user node to obtain the access code, the processor is further configured to:
verifying the signature by adopting a public key of the cloud storage node;
the processor, when decrypting the first encrypted information by using the private key of the user node to obtain the access code, is specifically configured to:
and if the signature passes the verification by adopting the public key of the cloud storage node, decrypting the first encrypted information by adopting the private key of the user node to obtain the access code.
11. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910627890.1A CN110351276B (en) | 2019-07-12 | 2019-07-12 | Data processing method, device and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910627890.1A CN110351276B (en) | 2019-07-12 | 2019-07-12 | Data processing method, device and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110351276A CN110351276A (en) | 2019-10-18 |
| CN110351276B true CN110351276B (en) | 2021-11-23 |
Family
ID=68175686
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910627890.1A Active CN110351276B (en) | 2019-07-12 | 2019-07-12 | Data processing method, device and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110351276B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110765147B (en) * | 2019-10-22 | 2022-09-06 | 全链通有限公司 | Content updating method based on block chain encrypted storage, user node and medium |
| CN111144755A (en) * | 2019-12-26 | 2020-05-12 | 安徽朋德信息科技有限公司 | Scientific research instrument experiment result traceability management system and method |
| CN111107550A (en) * | 2019-12-30 | 2020-05-05 | 全链通有限公司 | Dual-channel access registration method and device for 5G terminal equipment and storage medium |
| CN112306958A (en) * | 2020-10-26 | 2021-02-02 | 深圳市大富网络技术有限公司 | Information storage method, system, device and readable storage medium |
| CN114218583A (en) * | 2021-11-26 | 2022-03-22 | 中国联合网络通信集团有限公司 | File access method, block chain system, electronic device and computer readable medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103457733A (en) * | 2013-08-15 | 2013-12-18 | 中电长城网际系统应用有限公司 | Data sharing method and system under cloud computing environment |
| CN104348846A (en) * | 2013-07-24 | 2015-02-11 | 航天信息股份有限公司 | WPKI (wireless public key infrastructure)-based method and system for realizing data communication security of cloud storage system |
| CN104901968A (en) * | 2015-06-10 | 2015-09-09 | 华中科技大学 | Method for managing and distributing secret keys in secure cloud storage system |
| CN104980477A (en) * | 2014-04-14 | 2015-10-14 | 航天信息股份有限公司 | Data access control method and system in cloud storage environment |
| CN106685932A (en) * | 2016-12-08 | 2017-05-17 | 努比亚技术有限公司 | File access system and method based on cloud service |
| CN106713508A (en) * | 2017-02-24 | 2017-05-24 | 重庆第二师范学院 | Data access method and system based on cloud server |
| CN108259169A (en) * | 2018-01-09 | 2018-07-06 | 北京大学深圳研究生院 | A kind of file security sharing method and system based on block chain cloud storage |
| KR101880175B1 (en) * | 2018-02-13 | 2018-07-19 | 주식회사 마크로젠 | Bio-information data providing method, bio-information data storing method and bio-information data transferring system based on multiple block-chain |
| WO2018208426A1 (en) * | 2017-05-11 | 2018-11-15 | Microsoft Technology Licensing, Llc | Enclave pool shared key |
| CN108876611A (en) * | 2018-05-31 | 2018-11-23 | 中国联合网络通信集团有限公司 | Exchange information processing method, device and block chain node |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015142765A1 (en) * | 2014-03-17 | 2015-09-24 | Coinbase, Inc | Bitcoin host computer system |
-
2019
- 2019-07-12 CN CN201910627890.1A patent/CN110351276B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104348846A (en) * | 2013-07-24 | 2015-02-11 | 航天信息股份有限公司 | WPKI (wireless public key infrastructure)-based method and system for realizing data communication security of cloud storage system |
| CN103457733A (en) * | 2013-08-15 | 2013-12-18 | 中电长城网际系统应用有限公司 | Data sharing method and system under cloud computing environment |
| CN104980477A (en) * | 2014-04-14 | 2015-10-14 | 航天信息股份有限公司 | Data access control method and system in cloud storage environment |
| CN104901968A (en) * | 2015-06-10 | 2015-09-09 | 华中科技大学 | Method for managing and distributing secret keys in secure cloud storage system |
| CN106685932A (en) * | 2016-12-08 | 2017-05-17 | 努比亚技术有限公司 | File access system and method based on cloud service |
| CN106713508A (en) * | 2017-02-24 | 2017-05-24 | 重庆第二师范学院 | Data access method and system based on cloud server |
| WO2018208426A1 (en) * | 2017-05-11 | 2018-11-15 | Microsoft Technology Licensing, Llc | Enclave pool shared key |
| CN108259169A (en) * | 2018-01-09 | 2018-07-06 | 北京大学深圳研究生院 | A kind of file security sharing method and system based on block chain cloud storage |
| KR101880175B1 (en) * | 2018-02-13 | 2018-07-19 | 주식회사 마크로젠 | Bio-information data providing method, bio-information data storing method and bio-information data transferring system based on multiple block-chain |
| CN108876611A (en) * | 2018-05-31 | 2018-11-23 | 中国联合网络通信集团有限公司 | Exchange information processing method, device and block chain node |
Non-Patent Citations (2)
| Title |
|---|
| Block-Secure: Blockchain Based Scheme for Secure P2P Cloud Storage;Jiaxing Li;《Information Sciences (2018)》;20180623;全文 * |
| 个人云存储技术研究;刘媛;《中国优秀硕士学位论文全文数据库》;20110415;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110351276A (en) | 2019-10-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110351363B (en) | Data backup method, device and computer readable storage medium | |
| CN110351276B (en) | Data processing method, device and computer readable storage medium | |
| CN110351364B (en) | Data storage method, device and computer readable storage medium | |
| CN108241517B (en) | Software upgrading method, client and electronic equipment | |
| KR101985179B1 (en) | Blockchain based id as a service | |
| CN110830242A (en) | Key generation and management method and server | |
| CN107613316B (en) | Live network push stream verification method and system | |
| US20170171166A1 (en) | Anti-hotlinking method and electronic device | |
| CN109151507B (en) | Video playing system and method | |
| CN109194651B (en) | Identity authentication method, device, equipment and storage medium | |
| CN111414628B (en) | Data storage method and device and computing equipment | |
| CN110958253A (en) | Electronic voting method, device and storage medium based on block chain | |
| CN113472722A (en) | Data transmission method, storage medium, electronic device and automatic ticket selling and checking system | |
| CN110958107A (en) | Electronic voting method, device and storage medium based on block chain | |
| CN111132165B (en) | 5G communication card-free access method, equipment and storage medium based on block chain | |
| CN110138558B (en) | Transmission method and device of session key and computer-readable storage medium | |
| CN108289074B (en) | User account login method and device | |
| CN114666037A (en) | Auditable data deduplication method based on block chain | |
| CN118055270A (en) | Video processing method, system, device, electronic equipment and storage medium | |
| KR102622665B1 (en) | Method and apparatus for managing data based on blockchain | |
| CN110166460B (en) | Service account registration method and device, storage medium and electronic device | |
| CN111858753A (en) | Block chain-based training parameter processing method, device and storage medium | |
| CN111148098A (en) | 5G terminal equipment registration method, equipment and storage medium | |
| CN110048842B (en) | Session key processing method, device and computer readable storage medium | |
| KR102269753B1 (en) | Method for performing backup and recovery private key in consortium blockchain network, and device using them |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |