CN106936819B - Cloud storage subsystem and safe storage system - Google Patents
Cloud storage subsystem and safe storage system Download PDFInfo
- Publication number
- CN106936819B CN106936819B CN201710118524.4A CN201710118524A CN106936819B CN 106936819 B CN106936819 B CN 106936819B CN 201710118524 A CN201710118524 A CN 201710118524A CN 106936819 B CN106936819 B CN 106936819B
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- protection wall
- memory block
- encryption protection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1479—Generic software techniques for error detection or fault masking
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Quality & Reliability (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of cloud storage subsystems, not safe enough problem is stored for existing data, following technical scheme is provided, including the encryption data memory block for storing top-secret data, high-frequency data memory block, the routine data memory block for storing routine data for storing high frequency access data;Encrypt memory block by multiple encryption protection walleds at protective net surround, any encryption protection wall need to only be passed through when reading and writing data, if any encryption protection wall is under attack, the series winding in information channel forms encryption chain to encryption protection wall at once, the per pass encryption protection wall that effractor only cracks in encryption chain can just obtain data, to enhance the safety of information storage.
Description
Technical field
The present invention relates to technical field of information storage, more specifically, it relates to cloud storage subsystem and secure storage system
System.
Background technique
The development of the Internet network technology is so that the interaction of information data is convenient and efficient.Access the Internet network can it is in office where
Side obtains the Internet network information needed, so that use of information is more convenient.
Currently, cloud computing (including cloud storage) has become the generally acknowledged development priority of global ICT industrial circle, and data leak
It is the problem of cloud storage most enables the public worry, and keeps off the huge obstacle on cloud computing Commercial road.Many threaten all may
Lead to the loss of data and leakage of client's cloud disk (Dropbox), such as hacker attack etc., and further causes client to cloud storage
The trust problem of service.It reports and shows according further to related data leakage investigation, 48% data leak is due in malice
Carried out by portion personage, such as the management service personnel of cloud computing service quotient, provider personnel etc..
Technically, due to service network, data centralization, platform sharedization and participation role is diversified asks
Topic, the security breaches of cloud computing system are difficult to avoid that;In addition key management is also a problem.In short, what cloud computing was faced
Data safety risk is more complicated relative to conventional information system, and there are many for the guarantee of implementation client data secure beyond the clouds
Technical difficulty.
Therefore, for drawbacks described above present in currently available technology, it is really necessary to be studied, to provide a kind of side
Case solves safety defect existing in the prior art.
Summary of the invention
In view of the deficienciess of the prior art, the first object of the present invention is to provide a kind of cloud storage subsystem, have
Information stores safer advantage.
To achieve the above object, the present invention provides the following technical scheme that
A kind of cloud storage subsystem, including for storing top-secret data encryption data memory block, for store high frequency visit
High-frequency data memory block, the routine data memory block for storing routine data for asking data;
It is described encryption memory block by multiple encryption protection walleds at protective net surround, when read and write data only need to by times
One encryption protection wall, if any encryption protection wall is under attack, the encryption protection wall is contacted in information channel at once
Encryption chain is formed, the per pass encryption protection wall that effractor only cracks in encryption chain can just obtain data.
By adopting the above technical scheme, subregion is carried out according to different functions in cloud storage subsystem, improves data storage effect
Rate, and to for storing the encryption data memory block of top-secret data with high level security protection, in encryption memory block peripheral hardware
There is encryption protection wall, encryption protection wall surrounds anti-skid mesh outside encryption memory block, external every time to communicate progress with encryption memory block
When reading and writing data, it is only necessary to each block encryption protect it is strong carry out key authentication, as long as and by an encryption protection wall being
It can verify that and pass through, and any one encryption protection wall is by attack when having wherein, then these encryption protection walls can then connect shape
It at encryption chain, needs to carry out the flying formation of geese to each encryption protection wall if mutually entering again, to enhance the safety of information storage.
Preferably, after any encryption protection wall cracks mistake, all encryption protection walls encrypted in chain rearrange combination
It forms new encryption chain and carries out information obstruction.
By adopting the above technical scheme, after the encryption protection wall in encryption chain is cracked, it will continue to crack next stage
Encryption protection wall, if but there is cracking the situation of mistake in any one layer of protecting wall, the encryption protection wall cracked with
And the encryption protection wall not cracked can rearrange combination and form new encryption chain, invader needs to re-start to crack, undoubtedly
The difficulty cracked is enhanced, the safety of data storage is further enhanced.
Preferably, constantly dynamically become when normal condition by the encryption protection wall that encryption memory block storing data is led in selection
Change.
By adopting the above technical scheme, in normal condition, i.e., need to only verify an encryption protection wall code key can by when,
The selection of dynamic protection wall is dynamic change, anyone is unable to control, and is conducive to that protecting wall static state setting is avoided to be broken into
Person repeatedly sounds out know well after swarm into.
Preferably, by data storage person, oneself selection certain amount from protecting wall library is constituted the encryption protection wall, number
It is unique person of knowing of which kind of encryption protection wall and counterpart keys according to storage person.
By adopting the above technical scheme, by the data of oneself store to encryption memory block when, data storage person need first from
Selection uses which kind of encryption protection wall and corresponding quantity in protecting wall library, and such data storage person is exactly encryption protection wall
Unique person of knowing of key, reduces the risk that protecting wall key is known by other people.
In view of the deficienciess of the prior art, the second object of the present invention is to provide a kind of safe storage system, have
Information stores safer advantage.
To achieve the above object, the present invention provides the following technical scheme that
A kind of safe storage system, including cloud storage subsystem as described above.
Preferably, cloud storage subsystem, which is connected with, is locally stored server for back up encryption data storage area data.
By adopting the above technical scheme, for the loss of encryption data, cloud storage subsystem, which is connected with, is locally stored server,
The data backup that local server will store in encryption data memory block causes data to be lost accordingly even when cloud storage is broken down
It loses, can also be regained by the way that server is locally stored, enhance the safety in terms of Missing data.
Preferably, described the encryption hard disk that server be stored with top-secret data immediately when by invading is locally stored to lead to
The software for crossing third party's exploitation carries out data and erases.
By adopting the above technical scheme, when server is locally stored by invading, the encryption being locally stored in server is used
Hard disk log-on data erasing procedure immediately, even if invader invades successfully, then the encryption data for wanting to obtain will also will become
Blank, to enhance the safety of encryption data storage.
Preferably, the encryption hard disk can be by being equally third party's exploitation and controlling the data run by four directions extensive
Multiple software carries out data recovery.
By adopting the above technical scheme, after hard disc data is erased, the software by then passing through third party's exploitation is erased,
It not being damaged as long as hard disk is not lost, the data recovery software that can be developed by third party carries out data recovery, but due to number
It is by being developed independently of the third party outside data storage person, storage network operator according to software of erasing, and software is the 4th
Control lower data carried out in side's are restored, and are conducive to avoid the occurrence of defalcating.
Preferably, the server that is locally stored is connected with cloud computing center.
Preferably, it is described be locally stored server be equipped with for temporarily store routine data memory block and or high-frequency data
The ephemeral data hard disk of data to be calculated in memory block.
By adopting the above technical scheme, when being calculated, ephemeral data for data to be calculated to be stored in advance, need into
It is directly allocated and uses when row storage, shorten the time of data transmission, thus the covert calculating speed that realizes
It is promoted.
In conclusion the invention has the following advantages:
1. ought have wherein, any one encryption protection wall then can connect to form encryption chain by attack, encryption protection wall,
It needs to carry out the flying formation of geese to each encryption protection wall if mutually entering again, to enhance the safety of information storage;
If 2. there is cracking the situation of mistake in any one layer of protecting wall, the encryption protection wall cracked and not
The encryption protection wall cracked can rearrange combination and form new encryption chain, and invader needs to re-start to crack, undoubtedly enhance
The difficulty that cracks further enhances the safety of data storage;
3. cloud storage subsystem, which is connected with, is locally stored server, local server will store in encryption data memory block
Data backup can also be regained accordingly even when cloud storage, which is broken down, leads to loss of data by the way that server is locally stored,
Enhance the safety in terms of Missing data.
Detailed description of the invention
Fig. 1 is the schematic illustration of safe storage system in the present invention;
Schematic illustration when Fig. 2 is medium cloud storage subsystem safe condition of the present invention;
Fig. 3 is schematic illustration when medium cloud storage subsystem of the present invention is broken into.
In figure: 1, encryption protection wall;2, chain is encrypted.
Specific embodiment
With reference to the accompanying drawings and embodiments, the present invention will be described in detail.
A kind of safe storage system, referring to Fig.1, including the cloud storage subsystem for providing the user with data storage service
System, cloud storage subsystem are connected with the server that is locally stored of backup storing data, and local server is connected to cloud computing center
To provide data storage service to cloud computing center.
Referring to figs. 1 to Fig. 3, cloud storage subsystem includes for storing the encryption data memory block of top-secret data, for depositing
Store up high frequency access data high-frequency data memory block, the routine data memory block for storing routine data, encryption memory block by
The protective net that multiple encryption protection walls 1 surround surrounds, only need to be by any encryption protection wall 1, if appointing when reading and writing data
One encryption protection wall 1 is under attack, and the series connection in information channel forms encryption chain 2 to encryption protection wall 1 at once, and effractor is only broken
Per pass encryption protection wall 1 in solution encryption chain 2 can just obtain data.
Subregion is carried out according to different functions in cloud storage subsystem, improves data storage efficiency, and to for storing
The encryption data memory block of top-secret data is externally provided with encryption protection wall 1 with high level security protection, in encryption memory block, encrypts
Protecting wall 1 surrounds anti-skid mesh outside encryption memory block, every time it is external with encrypt memory block communicate be written and read data when, it is only necessary to
Strong progress key authentication is protected to each block encryption, as long as and can be verified by an encryption protection wall 1, and working as has
Wherein any one encryption protection wall 1 is by attack, then these encryption protection walls 1 can then connect to form encryption chain 2, if phase again
Into then need to each encryption protection wall 1 carry out the flying formation of geese, thus enhance information storage safety.
After the encryption protection wall 1 in encryption chain 2 is cracked, it will continue to crack the encryption protection wall 1 of next stage, still
If any one layer of protecting wall occurs cracking the situation of mistake, the encryption protection wall 1 cracked and the encryption not cracked
Protecting wall 1 can rearrange combination and form new encryption chain 2, invader needs to re-start to crack, and undoubtedly enhance and crack
Difficulty further enhances the safety of data storage.
In addition, in normal condition, i.e., need to only verify an encryption protection wall 1 code key can by when, dynamic protection wall
Selection be dynamic change, anyone is unable to control, and is conducive to that the protecting wall static state setting person of being broken into is avoided repeatedly to sound out
It swarms into, stores by the data of oneself to when encrypting memory block, data storage person needs first to select from protecting wall library after knowing well
Which kind of encryption protection wall 1 and corresponding quantity are used, such data storage person is exactly uniquely knowing for 1 key of encryption protection wall
Dawn person reduces the risk that protecting wall key is known by other people.
Referring to Fig.1, server is locally stored immediately to pass through the encryption hard disk for being stored with top-secret data when by invading
The software of erasing of third party's exploitation carries out data and erases, and encryption hard disk can be controlled by being equally third party's exploitation and by the four directions
The data of system operation restore software and carry out data recovery;Server is locally stored to be equipped with for temporarily storing routine data memory block
With or high-frequency data memory block in data to be calculated ephemeral data hard disk.
When server is locally stored by invading, with hard disk, log-on data is smeared immediately for the encryption being locally stored in server
Except program, even if invader invades successfully, then the encryption data for wanting to obtain will also will become blank, to enhance encryption
The safety of data storage;After hard disc data is erased, the software by then passing through third party's exploitation is erased, as long as hard disk
Do not lose and do not damage, can by third party develop data recovery software carry out data recovery, but due to data erase it is soft
Part is by developing independently of the third party outside data storage person, storage network operator, and software is under the four directions control
The data of progress are restored, and are conducive to avoid the occurrence of defalcating;When being calculated, ephemeral data for depositing in advance
Data to be calculated are stored up, is directly allocated and uses when being stored, the time of data transmission are shortened, to become
The promotion for realizing calculating speed of phase.
The above is only a preferred embodiment of the present invention, protection scope of the present invention is not limited merely to above-mentioned implementation
Example, all technical solutions belonged under thinking of the present invention all belong to the scope of protection of the present invention.It should be pointed out that for the art
Those of ordinary skill for, several improvements and modifications without departing from the principles of the present invention, these improvements and modifications
It should be regarded as protection scope of the present invention.
Claims (10)
1. a kind of cloud storage subsystem, it is characterized in that: including for storing the encryption data memory block of top-secret data, for storing
High-frequency data memory block, the routine data memory block for storing routine data of high frequency access data;
The encryption memory block is surrounded by the protective net that multiple encryption protection walls (1) surround, only need to be by appointing when reading and writing data
One encryption protection wall (1), if any encryption protection wall (1) is under attack, the encryption protection wall (1) is logical in information at once
Series connection forms encryption chain (2) in road, and the per pass encryption protection wall (1) that effractor only cracks in encryption chain (2) can just obtain number
According to.
2. cloud storage subsystem according to claim 1, it is characterized in that: adding after any encryption protection wall (1) cracks mistake
All encryption protection walls (1) in close chain (2) rearrange combination and form new encryption chain (2) progress information obstruction.
3. cloud storage subsystem according to claim 1, it is characterized in that: leading to encryption memory block by selection when normal condition
Encryption protection wall (1) continuous dynamic change of storing data.
4. cloud storage subsystem according to claim 1, it is characterized in that: the encryption protection wall (1) is by data storage person
Oneself selection certain amount is constituted from protecting wall library, and data storage person is which kind of encryption protection wall (1) and counterpart keys
Unique person of knowing.
5. a kind of safe storage system, it is characterized in that: including the cloud storage subsystem as described in Claims 1-4 is any.
6. safe storage system according to claim 5, it is characterized in that: cloud storage subsystem is connected with for backing up encryption
Server is locally stored in cloud storage area data.
7. safe storage system according to claim 6, it is characterized in that: the server that is locally stored is when by invading
The encryption hard disk for being stored with top-secret data data are carried out by the software of erasing that third party develops immediately to erase.
8. safe storage system according to claim 7, it is characterized in that: the encryption hard disk can be by being equally third party
It develops and restores software by the data of four directions control operation and carry out data recovery.
9. safe storage system according to claim 6, it is characterized in that: described be locally stored server and cloud computing center
It is connected.
10. safe storage system according to claim 9, it is characterized in that: the server that is locally stored is equipped with for facing
When storage routine data memory block and or high-frequency data memory block in data to be calculated ephemeral data hard disk.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710118524.4A CN106936819B (en) | 2017-03-01 | 2017-03-01 | Cloud storage subsystem and safe storage system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710118524.4A CN106936819B (en) | 2017-03-01 | 2017-03-01 | Cloud storage subsystem and safe storage system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106936819A CN106936819A (en) | 2017-07-07 |
| CN106936819B true CN106936819B (en) | 2019-11-01 |
Family
ID=59424327
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710118524.4A Active CN106936819B (en) | 2017-03-01 | 2017-03-01 | Cloud storage subsystem and safe storage system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106936819B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107957920A (en) * | 2017-10-31 | 2018-04-24 | 清远恒成智道信息科技有限公司 | Database backup system |
| CN108415794A (en) * | 2018-01-30 | 2018-08-17 | 河南职业技术学院 | File backup method and file backup device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102687480A (en) * | 2009-12-12 | 2012-09-19 | 阿卡麦科技公司 | Cloud-based firewall system and service |
| CN104468089A (en) * | 2013-09-22 | 2015-03-25 | 华邦电子股份有限公司 | Data protection device and method thereof |
| CN105554127A (en) * | 2015-12-22 | 2016-05-04 | 内蒙古农业大学 | Private cloud backup mechanism of multilayer data security encryption method |
| CN105847305A (en) * | 2016-06-21 | 2016-08-10 | 新昌县七星街道明盛模具厂 | Safe processing and accessing method of cloud resource |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8205098B2 (en) * | 2008-02-25 | 2012-06-19 | Microsoft Corporation | Secure and usable protection of a roamable credentials store |
-
2017
- 2017-03-01 CN CN201710118524.4A patent/CN106936819B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102687480A (en) * | 2009-12-12 | 2012-09-19 | 阿卡麦科技公司 | Cloud-based firewall system and service |
| CN104468089A (en) * | 2013-09-22 | 2015-03-25 | 华邦电子股份有限公司 | Data protection device and method thereof |
| CN105554127A (en) * | 2015-12-22 | 2016-05-04 | 内蒙古农业大学 | Private cloud backup mechanism of multilayer data security encryption method |
| CN105847305A (en) * | 2016-06-21 | 2016-08-10 | 新昌县七星街道明盛模具厂 | Safe processing and accessing method of cloud resource |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106936819A (en) | 2017-07-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102945355B (en) | Fast Data Encipherment strategy based on sector map is deferred to | |
| US6268789B1 (en) | Information security method and apparatus | |
| EP3622431B1 (en) | Crypto-ransomware compromise detection | |
| US11489660B2 (en) | Re-encrypting data on a hash chain | |
| US10110383B1 (en) | Managing embedded and remote encryption keys on data storage systems | |
| US9910791B1 (en) | Managing system-wide encryption keys for data storage systems | |
| US10015015B1 (en) | Method and apparatus for verifying system log integrity | |
| JP2022531497A (en) | Transfer of digital asset ownership over a one-way connection | |
| CN202795383U (en) | Device and system for protecting data | |
| CN106446705A (en) | Cyclic writing method and system of data on the basis of block chain | |
| CN112753196B (en) | HSM self-destruction method, system and storage medium in hybrid cloud KMS solution | |
| CN111310213A (en) | Service data protection method, device, equipment and readable storage medium | |
| US10733306B2 (en) | Write-only limited-read filesystem | |
| JP5691418B2 (en) | Storage device, storage device, control device, and storage device control method | |
| US9984085B2 (en) | Cluster storage system, process for secure erasure of data, and computer program product | |
| WO2013109504A1 (en) | System and method for secure erase in copy-on-write file systems | |
| CN109190401A (en) | A kind of date storage method, device and the associated component of Qemu virtual credible root | |
| CN106845261A (en) | A kind of method and device of destruction SSD hard disc datas | |
| KR102703040B1 (en) | Virtual Machine Perfect Forward Secrecy | |
| CN110569650A (en) | mobile storage device authority management method and system based on domestic operating system | |
| CN109214204A (en) | Data processing method and storage equipment | |
| CN106936819B (en) | Cloud storage subsystem and safe storage system | |
| JP2006301849A (en) | Electronic information storage system | |
| CN101382919A (en) | Storage data isolating method based on identity | |
| US11231988B1 (en) | Systems and methods for secure deletion of information on self correcting secure computer systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |