Secure data storage method and secure data read method based on distributed system infrastructure

Technical Field

The present invention relates to the field of cryptography technology, in particular to a basic architecture based on distributed system storage and reading method for data security.

Background Art

Encryption algorithm is mainly applied to the there are two kinds of: symmetrical encryption algorithm and an asymmetrical encryption algorithm.

The characteristics of the symmetrical encryption algorithm is the algorithm discloses, small amount of calculation, the encryption speed is fast, high-encryption efficiency; is, the encryption and decryption uses the same key, the safety is not guaranteed, and the key is difficult to manage.

The asymmetric encryption algorithm using two completely different but is totally matching of a pair of key-public and private key. Using an asymmetric encryption algorithm in the encryption file, only using the matching of a pair of public and private key, plaintext order to complete the encryption and decryption process. Asymmetric encryption diencrypting speed is slow and the efficiency is very low, not suitable for performing encryption/decryption of a large amount of data.

At present, most of the system in the application of a plurality of data sources, the huge data volume, especially for time efficiency requirements are very high. Therefore, the encryption speed is fast and high efficiency is more suitable for the encryption algorithm of the encryption/decryption of mass data.

Content of the invention

The purpose of this invention is to provide a basic architecture based on distributed system of data security storage method and its corresponding data safety reading method, suitable for diencrypting the large amount of data, and can be fully guaranteed in mass data storage/read the integrity and security of the data.

In order to achieve the above-mentioned purpose, the embodiment of the invention provides a basic architecture based on distributed system of data security storage method, comprising the steps of:

S1, generate the SUMMARY information; the message Digest algorithm to the need to store data for signature processing, so as to generate the SUMMARY information;

S2, encryption data; using secret key generation function generated random keys, the need to store the encryption processing of the data, so as to obtain the corresponding ciphertext;

S3, hidden random key; the step S2 of the random generated in the cipher key to hidden processing, random codetext so as to obtain the key information;

S4, storage codetext; the step S2 in the memory to obtain the stated codetext in the distributed file system;

S5, storage-related information; the step S1 in the SUMMARY information is generated, step S3 in the random key information is obtained and stored together with the file name in the database to the revenue.

As the above-mentioned technical scheme, the improvement of, in the stated S1 in, by the need to store various attributes of the data, and a random fillers generate the SUMMARY information; wherein the attribute comprises a user password information.

In the present invention in another embodiment, the step S3 in particular includes the steps of:

S31, the function Hash the step S1 is generated in the processing of the SUMMARY information, encryption key obtained;

S32, using the encoded key in step S2 to generate the random key to encrypt, random codetext so as to obtain the key information.

In the present invention in another embodiment, the step S3 in particular includes the steps of:

S31, SHA encryption algorithm to the need to store the various attributes of the data, and a random fillers to abstract processing, access to abstract value (byte array), and utilizing a user password information to the encrypted value of the path, so as to obtain the path information;

S32, the function Hash in step S31 of the byte array is generated in the processing of, obtain a N bit encryption key;

S33, N is using the encryption key in step S2 to generate the random key to encrypt, random codetext so as to obtain the key information.

As the above-mentioned technical scheme, the improved, in the database in the revenue, with three unit the tables to store M; respectively of the three-column unit key to the key word, the time stamp T Md and row race ; the line key word file name is used for storing the key; and hKey mD Md comprises two labels, are stored respectively key information and the SUMMARY information at random; hKey for all of the 0 said encrypted data is not required, and mD used for checking the integrity of data.

The embodiment of the invention also discloses a foundation architecture based on distributed system of data security reading method, suitable for reading storage method to store data according to Claim 1, comprising the steps of:

S01, reading codetext; from read codetext in the distributed file system;

S02, the relevant information is read; read in the database from the revenue-related information, the related information include a file name, SUMMARY information and the random cipher key information;

S03, obtaining random key; said random key to the read information of the hidden reverse processing, thus obtaining random key;

S04, decryption data; utilizing step S03 of the random key obtained in step S01 the cipher text of the decryption is read, thereby obtaining the corresponding data;

S05, check integrity; to take the message Digest algorithm in step S04 the data obtained in a signature processing, thereby generating a digital SUMMARY information; and said digital SUMMARY information and step S01 obtained in compare the SUMMARY information in order to judge whether the integrity of the data.

As the above-mentioned technical scheme, the improvement of, in said step S02 and step S03 between, also includes the steps of:

To judge the data type: by means of a step S02 the random key information obtained to judge the steps S01 to read whether the cipher text of the decryption: if the random key information is a 0, go to carry out step S05; if the random key information is not 0, then continue to step S03.

In the present invention in another embodiment, the step S03 in particular includes the steps of:

S031, the user password information Hash function and in step S02 the SUMMARY information is read in on anti-processing, so as to obtain the encryption key;

S032, using the encoded key in step S02 of the random read in decrypting the key information, so as to obtain the stated codetext random key.

In the present invention in another embodiment, the step S03 in particular includes the steps of:

S031, take SHA encryption algorithm and the user password information path information to the anti-processing, to obtain a byte array;

S032, the function Hash in step S031 of the byte array is generated in the processing of, obtain a N bit encryption key;

S033, N is using the encryption key in step S02 of the random read in decrypting the key information, so as to obtain the stated codetext random key.

Compared with the prior art, the invention is disclosed based on distributed system infrastructure data security storage and reading method, through cryptography method to realize, selecting appropriate encryption algorithm and message Digest algorithm, can fully guarantee the integrity of the mass data storage at the and confidentiality, also has the following beneficial effects:

(1) high safety. Each time the used to encrypt the data are not the same as the key, play the role of each sealing a time; even if one of the encrypted codetext is resolved, other encryption file adopts a different key, still is very safe.

(2) easy to manage. Each user every time when using the symmetrical encryption algorithm, only needs to use other who do not know that the only key may even not require password, user to use and manage is very convenient.

(3) password change convenient. When the out of system the safety angle adjustments to the security policy when the need for a user to change the password, all not be required to decrypt the encrypted data, there is no need for new change of the re-encrypting key, at the same time ensuring the efficiency of the and is brought to the user.

Description of drawings

In order to more clearly illustrate the embodiment of the invention or a technical proposal in the prior art, will be to the embodiment or the prior art to be used in the description for the simple introduction of the Figure, it is obvious that, in the description below only the Figure is some embodiments of the present invention, for one of ordinary skill in the art is concerned, without paying creative the premise of work , can also be obtained according to these with other Figures.

Figure 1 is flow chart of the embodiment of the invention 1 based on distributed system in a basic framework safe data storage method.

Figure 2 is a schematic diagram of the specific process based on distributed system infrastructure data security storage method shown in Figure 1.

Figure 3 is flowchart of the embodiment of the invention 2 in a basic architecture based on distributed system of data security storage method.

Figure 4 is a schematic diagram of specific process of data security storage key information generation of random in the method shown in Figure 3.

Figure 5 is flowchart of the embodiment of the invention 3 in a distributed system based on the data of the basic architecture of the security storage method.

Figure 6 is a schematic diagram of specific process of data security storage key information generation of random in the method shown in Figure 5.

Figure 7 is flow chart of the embodiment of the invention 4 based on distributed system in a basic framework of the method for reading data security.

Figure 8 is a schematic diagram of the specific process based on distributed system infrastructure data security storage method shown in Figure 7.

Figure 9 is flowchart of the embodiment of the invention 5 based on distributed system in a basic framework of the method for reading data security.

Figure 10 is flowchart of the embodiment of the invention 6 based on distributed system in a basic framework of the method for reading data security.

Mode of execution

Will be combined with the embodiment of the invention the Figure, in this embodiment of the invention a clear the technical scheme, complete described, obviously, the embodiment described is only a portion of the embodiment of this invention, , but not all, of the embodiment. Based on the embodiment of the invention, one of ordinary skill in the art in the absence of make creative work is obtained on the premise that all of the other embodiments, all belong to the scope of protection of this invention.

Embodiment 1

See Figure 1, is the embodiment of the invention provides a basic architecture based on distributed system of data security storage of the flow chart of the method. Based on the distributed system infrastructure data security storage method includes the steps of:

S1, generate the SUMMARY information; the message Digest algorithm to the need to store data for signature processing, so as to generate the SUMMARY information;

S2, encryption data; using secret key generation function generated random keys, the need to store the encryption processing of the data, so as to obtain the corresponding ciphertext;

S3, hidden random key; the step S2 of the random generated in the cipher key to hidden processing, random codetext so as to obtain the key information;

S4, storage codetext; the step S2 in the stated codetext obtained is stored into the distributed file system in the DFS;

S5, storage-related information; the step S1 in the SUMMARY information is generated, step S3 in the random key information is obtained and stored together with the file name in the database DB revenue.

The core memory at present, most of the data is encrypted, if not to the corresponding key information, wherein the encrypted information is only a string do not understand mojibake. For completeness, the embodiment of data needs to be stored to generate a SUMMARY information in advance, so that when the time of reading data, can be used to verify the data integrity of the SUMMARY information. Furthermore, in order to facilitate the operation of key information, key information to the ciphertext and are respectively stored, the key information will not be any operation of the impact on the cryptograph. Figure 2 shows the embodiment of the basic architecture based on distributed system of data security storage process of specific operation of the method.

Furthermore, in this embodiment, in order to be stored in key information and DB revenue SUMMARY information in the database, table M the structure of the design. Table M there are three main column, respectively row key word is used for storing the key file name, the time stamp T Md and row race , comprising Md hKey and mD two labels are stored respectively and the SUMMARY information key information. Furthermore, do not need to the encrypted data, the for the whole hKey 0 to be distinguished, mD the normal use, the integrity of the test data.

This embodiment adopts the distributed file system DFS, is suitable for mass data storage, in particular to be suitable for application in the electric system of the EMS energy management system, the data collection and storage of the same frequency is very high, the general relations database far can not meet the load. Furthermore, the rapid growth in the relational database with the data, its query efficiency is reduced significantly, and this embodiment uses a revenue database DB can keep the original high efficiency, is a kind of telescopic distributed storage system, and the mass data call, can still maintain high performance, ensure the reliability of data.

Embodiment 2

See Figure 3, is the embodiment of the invention provides a basic architecture based on distributed system of data security storage of the flow chart of the method. This embodiment of the basic architecture based on distributed system of data security storage method includes the steps of:

S1, generate the SUMMARY information; the message Digest algorithm to the need to store data for signature processing, so as to generate the SUMMARY information;

In this step, preferably by the need to store various attributes of the data, and a random fillers generate the SUMMARY information; wherein the attribute comprises a user password information, so that when the user to modify information after the password, the key information is changed at random, but does not need to re-encrypting all codetext, improving the efficiency, reduced complexity. Furthermore, system to the user and, only key information needs management, key management is simplified. Using the random fillers mainly preventing dictionary attacks and pre-calculated attack.

S2, encryption data; using secret key generation function generated random keys, the need to store the encryption processing of the data, so as to obtain the corresponding ciphertext;

S31, the function Hash the step S1 is generated in the processing of the SUMMARY information, encryption key obtained;

S32, using the encoded key in step S2 to generate the random key to encrypt, random codetext so as to obtain the key information;

S4, storage codetext; the step S2 in the stated codetext obtained is stored into the distributed file system in the DFS;

S5, storage-related information; the step S1 in the SUMMARY information is generated, step S32 in the random key information is obtained and stored together with the file name in the database DB revenue.

Combined with Figure 4, this embodiment with the embodiment 1 of the procedure of data security storage method is basically the same, different is, the embodiment of the invention utilizes encryption key of the random key is encrypted on the way to realize the information hiding random key, so as to obtain the key information corresponding to the random codetext, symmetrical encryption algorithm in order to solve the problem of key management. Moreover, the use of the encryption key Hash function is adopted in step S1 of the SUMMARY information generated in the processing. And S1 of the SUMMARY information is generated in in order to utilize the message Digest algorithm to the need to store various attributes of the data (for example, may include a user password information) and a random fillers calculate and produce the.

Embodiment 3

See Figure 5, is the embodiment of the invention provides a basic architecture based on distributed system of data security storage of the flow chart of the method. This embodiment of the basic architecture based on distributed system of data security storage method includes the steps of:

S1, generate the SUMMARY information; the message Digest algorithm to the need to store data for signature processing, so as to generate the SUMMARY information;

In this step, preferably by the need to store various attributes of the data, and a random fillers generate the SUMMARY information; wherein the attribute comprises a user password information.

S2, encryption data; using secret key generation function generated random keys, the need to store the encryption processing of the data, so as to obtain the corresponding ciphertext;

S31, SHA encryption algorithm to the need to store the various attributes of the data, and a random fillers to abstract processing, access to abstract value (byte array), and utilizing a user password information to the encrypted value of the path, so as to obtain the path information;

S32, the function Hash in step S31 of the byte array is generated in the processing of, obtain a N bit encryption key;

S33, using the ciphering keys N the step S2 of the random generated in the encryption key, so as to obtain the stated codetext random key information;

S4, storage codetext; the step S2 in the stated codetext obtained is stored into the distributed file system in the DFS;

S5, storage-related information; the step S1 in the SUMMARY information is generated, step S33 in the random key information is obtained and stored together with the file name in the database DB revenue.

Combined with Figure 6, this embodiment with the embodiment 1 of the procedure of data security storage method is basically the same, different is, the embodiment of the invention utilizes a N bit encryption key of the random key is encrypted on the way to realize the information hiding random key, so as to obtain the key information corresponding to the random codetext, symmetrical encryption algorithm in order to solve the problem of key management. Moreover, the use of the ciphering keys N the SHA Hash function to the encryption algorithm needs to be stored to the various attributes of the data, and a random fillers obtained by treating one of the byte array is obtained by processing.

Embodiment 4

See Figure 7, is the embodiment of the invention provides a framework for distributed system-based security method for reading the data of the flow chart. Based on the distributed system infrastructure data safety reading method is suitable for the embodiment of the read in a 1 the safe data storage method to store the data, in particular comprising the steps of:

S01, reading codetext; from read codetext in the distributed file system;

S02, the relevant information is read; read in the database from the revenue-related information, the related information include a file name, SUMMARY information and the random cipher key information;

S03, obtaining random key; said random key to the read information of the hidden reverse processing, thus obtaining random key;

S04, decryption data; utilizing step S03 of the random key obtained in step S01 the cipher text of the decryption is read, thereby obtaining the corresponding data;

S05, check integrity; to take the message Digest algorithm in step S04 the data obtained in a signature processing, thereby generating a digital SUMMARY information; and said digital SUMMARY information and step S01 obtained in compare the SUMMARY information in order to judge whether the integrity of the data. If the two are not the same, the storage of the data is distorted, if the two are the same, the storage data of the normal.

Preferably, in said step S02 and step S03 between, also includes the steps of: judging data type: by means of a step S02 the random key information obtained to judge the steps S01 to read whether the cipher text of the decryption: if the random key information is a 0, go to carry out step S05; if the random key information is not 0, then continue to step S03.

As shown in Figure 8, when reading the data, the work with two parts: obtaining confidential information and integrity check. First of all from the revenue DB and distributed file system database in the DFS obtain the corresponding data, then according to the key information in the distributed file system to determine whether the data DFS codetext and corresponding processing according to the actual situation, the final check the integrity of the data, in order to confirm the integrity of the data. The specific process as shown in Figure 8.

Embodiment 5

See Figure 9, is the embodiment of the invention provides a framework for distributed system-based security method for reading the data of the flow chart. Based on the distributed system infrastructure data safety reading method is suitable for reading the embodiment 2 of the data security storage method to store the data, in particular comprising the steps of:

S01, reading codetext; from read codetext in the distributed file system;

S02, the relevant information is read; read in the database from the revenue-related information, the related information include a file name, SUMMARY information and the random cipher key information;

S031, the user password information Hash function and in step S02 the SUMMARY information is read in on anti-processing, so as to obtain the encryption key;

S032, using the encoded key in step S02 of the random read in decrypting the key information, so as to obtain the stated codetext random key;

S04, decryption data; utilizing step S032 of the random key obtained in step S01 the cipher text of the decryption is read, thereby obtaining the corresponding data;

S05, check integrity; to take the message Digest algorithm in step S04 the data obtained in a signature processing, thereby generating a digital SUMMARY information; and said digital SUMMARY information and step S01 obtained in compare the SUMMARY information in order to judge whether the integrity of the data. If the two are not the same, the storage of the data is distorted, if the two are the same, the storage data of the normal.

Preferably, in said step S02 and step S031 between, also includes the steps of: judging data type: by means of a step S02 the random key information obtained to judge the steps S01 to read whether the cipher text of the decryption: if the random key information is a 0, go to carry out step S05; if the random key information is not 0, then continue to step S031.

Embodiment 6

See Figure 10, is the embodiment of the invention provides a framework for distributed system-based security method for reading the data of the flow chart. Based on the distributed system infrastructure data safety reading method is suitable for reading the embodiment of the 3 the data security storage method to store the data, in particular comprising the steps of:

S01, reading codetext; from read codetext in the distributed file system;

S02, the relevant information is read; read in the database from the revenue-related information, the related information include a file name, SUMMARY information and the random cipher key information;

S031, take SHA encryption algorithm and the user password information path information to the anti-processing, to obtain a byte array;

S032, the function Hash in step S031 of the byte array is generated in the processing of, obtain a N bit encryption key;

S033, N is using the encryption key in step S02 of the random read in decrypting the key information, so as to obtain the stated codetext random key;

S04, decryption data; utilizing step S033 of the random key obtained in step S01 the cipher text of the decryption is read, thereby obtaining the corresponding data;

S05, check integrity; to take the message Digest algorithm in step S04 the data obtained in a signature processing, thereby generating a digital SUMMARY information; and said digital SUMMARY information and step S01 obtained in compare the SUMMARY information in order to judge whether the integrity of the data. If the two are not the same, the storage of the data is distorted, if the two are the same, the storage data of the normal.

Preferably, in said step S02 and step S031 between, also includes the steps of: judging data type: by means of a step S02 the random key information obtained to judge the steps S01 to read whether the cipher text of the decryption: if the random key information is a 0, go to carry out step S05; if the random key information is not 0, then continue to step S031.

Specific, embodiment of the combination 3 example how that the implementing step S05 the integrity of the data (message) of the inspection. In the implementation of the example 3 in a data storage method, the first algorithm SHA to abstract the data needs to be stored, and then the SUMMARY value for (character array) source (the user password information) private key encryption, thus form stored in the SUMMARY information in database kaiyuan DB. In reading the data, first the step S04 (data) read of plaintext SHA algorithm for a SUMMARY of the same, to form a "quasi-product of". And the source (the user password information) the public key in step S02 in decrypting the abstract information, decrypts the of the "product of" comparing "quasi-product of", if they are the same they believe the data (message) is complete, otherwise data (message) is not complete.

To sum up, the invention is disclosed based on distributed system infrastructure data security storage and reading method, through cryptography method to realize, selecting appropriate encryption algorithm and message Digest algorithm, can fully guarantee the integrity of the mass data storage at the and confidentiality, also has the following beneficial effects:

(1) high safety. Each time the used to encrypt the data are not the same as the key, play the role of each sealing a time; even if one of the encrypted codetext is resolved, other encryption file adopts a different key, still is very safe.

(2) easy to manage. Each user every time when using the symmetrical encryption algorithm, only needs to use other who do not know that the only key may even not require password, user to use and manage is very convenient.

(3) password change convenient. When the out of system the safety angle adjustments to the security policy when the need for a user to change the password, all not be required to decrypt the encrypted data, there is no need for new change of the re-encrypting key, at the same time ensuring the efficiency of the and is brought to the user.

The above is the preferred embodiment of the invention, it should be noted that, in the technical field as the ordinary technical personnel, without breaking away from the premise of the principle of the present invention, can also be made a number of improvements and retouches, these improvements and retouches also regarded as the scope of protection of this invention.