[go: up one dir, main page]

TWI856887B - A distribution backup system, method non-volatile computer-readable storage medium thereof based on object storage gateway - Google Patents

A distribution backup system, method non-volatile computer-readable storage medium thereof based on object storage gateway Download PDF

Info

Publication number
TWI856887B
TWI856887B TW112145640A TW112145640A TWI856887B TW I856887 B TWI856887 B TW I856887B TW 112145640 A TW112145640 A TW 112145640A TW 112145640 A TW112145640 A TW 112145640A TW I856887 B TWI856887 B TW I856887B
Authority
TW
Taiwan
Prior art keywords
public cloud
file
shared
files
object storage
Prior art date
Application number
TW112145640A
Other languages
Chinese (zh)
Other versions
TW202522935A (en
Inventor
黃永玄
曲華榮
柯弼舜
王冠鈞
陳柏澄
黃耀德
Original Assignee
中華電信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中華電信股份有限公司 filed Critical 中華電信股份有限公司
Priority to TW112145640A priority Critical patent/TWI856887B/en
Application granted granted Critical
Publication of TWI856887B publication Critical patent/TWI856887B/en
Publication of TW202522935A publication Critical patent/TW202522935A/en

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present invention provides a distribution backup system, method and non-volatile computer-readable storage medium thereof based on object storage gateway, including a user device with distribution encryption module and an object storage gateway, wherein the distribution encryption module transmits a plurality of fragmented files to the object storage gateway, and then the object storage gateway calculates the distribution locations of a plurality of public cloud servers where these fragmented files are intended to be sent. In this way, the object storage gateway to call a plurality of public cloud storage interfaces to separately upload these fragmented files to their respective public cloud servers, thereby enhancing the confidentiality and reliability of file backups.

Description

一種基於物件儲存閘道器之分持備份系統、方法及其非揮發性電腦可讀儲存媒介 A distributed backup system, method and non-volatile computer-readable storage medium based on an object storage gateway

本發明係關於一種儲存技術,尤其指一種基於物件儲存閘道器之分持備份系統、方法及其非揮發性電腦可讀儲存媒介。 The present invention relates to a storage technology, and more particularly to a distributed backup system, method and non-volatile computer-readable storage medium based on an object storage gateway.

在現今社會中,由於智慧型手機的普及以及性能的提升,人們已習慣利用智慧型手機透過照片、影片等多媒體資料記錄自己生活、工作或創作,但隨著時間增加,逐漸地累積了大量的多媒體資料,使得智慧型手機沒有足夠的儲存空間能提供給用戶。 In today's society, due to the popularity and performance improvement of smartphones, people have become accustomed to using smartphones to record their lives, work or creations through multimedia data such as photos and videos. However, as time goes by, a large amount of multimedia data is gradually accumulated, making smartphones lack sufficient storage space to provide users.

對此,目前許多業者提供了雲端儲存空間服務,使用戶將其大量的多媒體資料上傳至雲端儲存空間中,以解決資料儲存上的困擾。 In response to this, many operators currently provide cloud storage space services, allowing users to upload their large amounts of multimedia data to cloud storage space to solve data storage problems.

然而,對使用者而言,單一的業者所提供的雲端儲存空間服務已無法滿足需求,且安全性也較低。 However, for users, the cloud storage space services provided by a single operator can no longer meet their needs, and their security is also low.

因此,如何能提供一種整合多個公有雲儲存服務之技術,以提供使用者更加靈活性的儲存方式,且提升資訊安全,遂成為業界亟待解決的課題。 Therefore, how to provide a technology that integrates multiple public cloud storage services to provide users with more flexible storage methods and improve information security has become an issue that the industry urgently needs to solve.

為解決上述問題,本發明提供一種基於物件儲存閘道器之分持備份系統,係包括:一具有分持加密模組之使用者裝置,係提供一使用者選擇至少一欲備份之原始檔案,以由該分持加密模組對該原始檔案進行加密,再將該經加密之原始檔案進行切割,以得到複數分檔;以及一具有複數公雲儲存介面之物件儲存閘道器,係通訊連接該使用者裝置,以接收來自該分持加密模組之該複數分檔,且計算出該複數分檔欲送至的複數公雲伺服器之分持位置,俾呼叫該複數公雲儲存介面分別將該複數分檔上傳至相對應之複數公雲伺服器中。 To solve the above problems, the present invention provides a distributed backup system based on an object storage gateway, which includes: a user device with a distributed encryption module, which allows a user to select at least one original file to be backed up, so that the distributed encryption module encrypts the original file and then splits the encrypted original file to obtain multiple partitions; and an object storage gateway with multiple public cloud storage interfaces, which is communicatively connected to the user device to receive the multiple partitions from the distributed encryption module and calculate the distributed locations of the multiple public cloud servers to which the multiple partitions are to be sent, so as to call the multiple public cloud storage interfaces to upload the multiple partitions to the corresponding multiple public cloud servers respectively.

本發明復提供一種基於物件儲存閘道器之分持備份方法,係包括:由一具有分持加密模組之使用者裝置提供一使用者選擇至少一欲備份之原始檔案;由該分持加密模組對該原始檔案進行加密,再將該經加密之原始檔案進行切割,以得到複數分檔;由一具有複數公雲儲存介面之物件儲存閘道器接收來自該分持加密模組之該複數分檔;以及由該物件儲存閘道器計算出該複數分檔欲送至的複數公雲伺服器之分持位置,俾呼叫該複數公雲儲存介面分別將該複數分檔上傳至相對應之複數公雲伺服器中。 The present invention further provides a method for distributed backup based on an object storage gateway, comprising: a user device having a distributed encryption module provides a user with at least one original file to be backed up; the distributed encryption module encrypts the original file and then splits the encrypted original file to obtain multiple partitions; an object storage gateway having multiple public cloud storage interfaces receives the multiple partitions from the distributed encryption module; and the object storage gateway calculates the distribution locations of multiple public cloud servers to which the multiple partitions are to be sent, so as to call the multiple public cloud storage interfaces to upload the multiple partitions to the corresponding multiple public cloud servers respectively.

前述實施例中,該使用者裝置提供該使用者編輯一分持設定檔,以送出一包含該分持設定檔之供裝請求,且該分持設定檔係包含該使用者所選擇之公雲伺服器、備份之區域及該原始檔案的副本數量。 In the aforementioned embodiment, the user device allows the user to edit a shared configuration file to send a request for installation including the shared configuration file, and the shared configuration file includes the public cloud server selected by the user, the backup area, and the number of copies of the original file.

前述實施例中,該物件儲存閘道器係包含一控制中心模組、一備份模組、一分檔校驗模組及一通訊連接該分檔校驗模組之第一資料庫,且其中,該第一資料庫儲存有一分持規則資料表及一分持檔案關聯資料表,而該分持檔案關聯資料表包含該複數分檔之分檔檔名及識別碼、該複數公雲伺服器之名稱及其公雲儲存貯體之代號。 In the aforementioned embodiment, the object storage gateway includes a control center module, a backup module, a partition verification module, and a first database that is communicatively connected to the partition verification module, wherein the first database stores a shared rule data table and a shared file association data table, and the shared file association data table includes the file names and identification codes of the plurality of partitions, the names of the plurality of public cloud servers, and the codes of their public cloud storage containers.

前述實施例中,由該控制中心模組接收一供裝請求中之分持設定檔,且依據該分持設定檔透過該複數公雲儲存介面呼叫相對應之該複數公雲伺服器,以於該複數公雲伺服器中之區域中分別建立公雲儲存貯體,俾供儲存,再將該分持設定檔及該複數公雲儲存貯體之間的關係儲存至該分持規則資料表中。 In the aforementioned embodiment, the control center module receives a shared configuration file in a provisioning request, and calls the corresponding multiple public cloud servers through the multiple public cloud storage interfaces according to the shared configuration file, so as to respectively establish public cloud storage containers in the regions of the multiple public cloud servers for storage, and then stores the relationship between the shared configuration file and the multiple public cloud storage containers in the shared rule data table.

前述實施例中,由該控制中心模組依據該分持規則資料表建立一雜湊環,且將該複數公雲伺服器經過雜湊計算後,放到該雜湊環的相對位置上,以作為該雜湊環上之複數節點,再由該控制中心模組依據該複數分檔之分檔檔名與分檔序號計算出相對應之位置數值,以將該複數分檔之位置數值匹配至該雜湊環所相對應之複數節點上,俾將匹配到的該複數節點所代表之複數公雲伺服器作為該複數分檔之分持位置。 In the above-mentioned embodiment, the control center module establishes a hash ring according to the sharing rule data table, and places the plurality of public cloud servers at relative positions of the hash ring after hash calculation to serve as the plurality of nodes on the hash ring. The control center module then calculates the corresponding position values according to the file names and file numbers of the plurality of files, so as to match the position values of the plurality of files to the corresponding plurality of nodes of the hash ring, so as to use the plurality of public cloud servers represented by the matched plurality of nodes as the sharing positions of the plurality of files.

前述實施例中,當該使用者欲還原該原始檔案時,由該分持加密模組發出一下載請求,且於該控制中心模組接收該下載請求後,依據該下載請求中之該原始檔案之檔名及該分持檔案關聯資料表,以取得該原 始檔案所相對的該複數分檔之識別碼,俾透過該複數公雲儲存介面向該複數公雲伺服器取得該複數分檔,且回傳至該使用者裝置中,再由該分持加密模組將該複數分檔進行組合及解密,以得到該原始檔案。 In the aforementioned embodiment, when the user wants to restore the original file, the shared encryption module sends a download request, and after the control center module receives the download request, it obtains the identification code of the multiple sub-files corresponding to the original file according to the file name of the original file in the download request and the shared file association table, so as to obtain the multiple sub-files from the multiple public cloud servers through the multiple public cloud storage interfaces and return them to the user device, and then the shared encryption module combines and decrypts the multiple sub-files to obtain the original file.

前述實施例中,由該分檔校驗模組查詢該分持檔案關聯資料表,以取得該複數公雲儲存貯體與各該分檔之識別碼,俾將該複數公雲儲存貯體進行分群,再由該分檔校驗模組呼叫該複數公雲儲存介面,以令該複數公雲儲存介面依據該分持檔案關聯資料表分別檢驗該複數公雲儲存貯體中是否存在所有對應之該複數分檔之識別碼,進而產出統計報表。 In the aforementioned embodiment, the file division verification module queries the shared file association data table to obtain the identification codes of the multiple public cloud storage volumes and each of the files, so as to group the multiple public cloud storage volumes. The file division verification module then calls the multiple public cloud storage interfaces to make the multiple public cloud storage interfaces check whether all the corresponding identification codes of the multiple files exist in the multiple public cloud storage volumes according to the shared file association data table, and then generate a statistical report.

前述實施例中,由該備份模組向該第一資料庫取得該分持規則資料表及該分持檔案關聯資料表,以定期地匯出該分持規則資料表及該分持檔案關聯資料表,俾對該分持規則資料表及該分持檔案關聯資料表進行加密後,備份於境外之複數第二資料庫。 In the aforementioned embodiment, the backup module obtains the shareholding rule data table and the shareholding file associated data table from the first database, and periodically exports the shareholding rule data table and the shareholding file associated data table, so that the shareholding rule data table and the shareholding file associated data table are encrypted and backed up in multiple second databases outside the country.

本發明係提供一種非揮發式電腦可讀儲存媒介,應用於計算裝置或電腦中,係儲存有指令,以執行如前述實施例所述之基於物件儲存閘道器之分持備份方法。 The present invention provides a non-volatile computer-readable storage medium, which is applied to a computing device or a computer and stores instructions for executing the object storage gateway-based shared backup method as described in the above-mentioned embodiment.

由上述可知,本發明之基於物件儲存閘道器之分持備份系統、方法及其非揮發性電腦可讀儲存媒介,主要透過一使用者裝置中之分持加密模組將至少一欲備份之原始檔案加密及切割後,以得到複數分檔,並傳送至一物件儲存閘道器,再由該物件儲存閘道器計算出該複數分檔欲送至的各該公雲伺服器之分持位置,藉此呼叫各該公雲儲存介面分別將該複數分檔上傳至各該公雲伺服器中,以提高檔案備份之機密性及可靠性。 As can be seen from the above, the object storage gateway-based distributed backup system, method and non-volatile computer-readable storage medium of the present invention mainly encrypts and splits at least one original file to be backed up through a distributed encryption module in a user device to obtain multiple partitions, and transmits them to an object storage gateway. The object storage gateway then calculates the distribution locations of each public cloud server to which the multiple partitions are to be sent, thereby calling each public cloud storage interface to upload the multiple partitions to each public cloud server, so as to improve the confidentiality and reliability of file backup.

1:基於物件儲存閘道器之分持備份系統 1: Distributed backup system based on object storage gateway

1a:使用者裝置 1a: User device

10:分持加密模組 10: Shared encryption module

1b:物件儲存閘道器 1b: Object storage gateway

11:控制中心模組 11: Control center module

111:閘道器應用程式介面、閘道器API 111: Gateway Application Programming Interface, Gateway API

112:儲存服務管控模組 112: Storage service control module

113:儲存分配模組 113: Storage allocation module

1141~114n:公雲儲存介面 114 1 ~114 n : Public cloud storage interface

12:備份模組 12: Backup module

13:分檔校驗模組 13: Bin verification module

C1,C2,C3~Cn:公有雲儲存伺服器、公雲伺服器 C 1 ,C 2 ,C 3 ~C n : Public cloud storage servers, public cloud servers

D1:第一資料庫 D1: First database

D2:第二資料庫 D2: Second database

S31至S35:步驟 S31 to S35: Steps

圖1係為本發明之基於物件儲存閘道器之分持備份系統之架構示意圖。 Figure 1 is a schematic diagram of the architecture of the distributed backup system based on the object storage gateway of the present invention.

圖2係為雜湊環之示意圖。 Figure 2 is a schematic diagram of a hash ring.

圖3係為本發明之基於物件儲存閘道器之分持備份方法之流程示意圖 Figure 3 is a schematic diagram of the process of the object storage gateway-based shared backup method of the present invention.

以下藉由特定的具體實施例說明本發明之實施方式,熟悉此技藝之人士可由本說明書所揭示之內容輕易地瞭解本發明之其他優點及功效。 The following is a specific and concrete example to illustrate the implementation of the present invention. People familiar with this technology can easily understand other advantages and effects of the present invention from the content disclosed in this manual.

須知,本說明書所附圖式所繪示之結構、比例、大小等,均僅用以配合說明書所揭示之內容,以供熟悉此技藝之人士之瞭解與閱讀,並非用以限定本發明可實施之限定條件,故不具技術上之實質意義,任何結構之修飾、比例關係之改變或大小之調整,在不影響本發明所能產生之功效及所能達成之目的下,均應仍落在本發明所揭示之技術內容得能涵蓋之範圍內。同時,本說明書中所引用之如「一」、「第一」、「第二」、「上」及「下」等之用語,亦僅為便於敘述之明瞭,而非用以限定本發明可實施之範圍,其相對關係之改變或調整,在無實質變更技術內容下,當視為本發明可實施之範疇。 It should be noted that the structures, proportions, sizes, etc. depicted in the drawings attached to this specification are only used to match the contents disclosed in the specification for understanding and reading by people familiar with this technology, and are not used to limit the restrictive conditions for the implementation of the present invention. Therefore, they have no substantial technical significance. Any modification of the structure, change of the proportion relationship or adjustment of the size should still fall within the scope of the technical content disclosed by the present invention without affecting the effects and purposes that can be achieved by the present invention. At the same time, the terms such as "one", "first", "second", "upper" and "lower" used in this specification are only used to facilitate the clarity of the description, and are not used to limit the scope of the implementation of the present invention. The changes or adjustments in their relative relationships shall be regarded as the scope of the implementation of the present invention without substantially changing the technical content.

圖1係為本發明之基於物件儲存閘道器之分持備份系統1之架構示意圖。如圖1所示,該系統係為基於物件儲存閘道器之檔案分持加 密結合公有雲的架構,且包括:一具有分持加密模組10之使用者裝置1a、一物件儲存閘道器1b以及複數公有雲儲存伺服器(public cloud storage service,以下簡稱:公雲伺服器)C1~Cn,其中,該物件儲存閘道器1b係包含一控制中心模組11、一備份模組12、一分檔校驗模組13及一通訊連接該備份模組12之第一資料庫D1及複數第二資料庫D2。 FIG1 is a schematic diagram of the structure of the object storage gateway-based shared backup system 1 of the present invention. As shown in FIG1, the system is a file shared encryption combined with a public cloud structure based on an object storage gateway, and includes: a user device 1a with a shared encryption module 10, an object storage gateway 1b, and a plurality of public cloud storage servers (public cloud storage service, hereinafter referred to as: public cloud server) C1 ~ Cn , wherein the object storage gateway 1b includes a control center module 11, a backup module 12, a file division verification module 13, and a first database D1 and a plurality of second databases D2 that are communicatively connected to the backup module 12.

再者,該控制中心模組11係包含一閘道器應用程式介面(Application Programming Interface,以下簡稱:閘道器API)111;一通訊連接該閘道器API 111之儲存服務管控模組112;一通訊連接該閘道器API 111、該儲存服務管控模組112及該第一資料庫D1之儲存分配模組113;以及通訊連接該分檔校驗模組13及該儲存服務管控模組112之複數公雲儲存介面1141~114nFurthermore, the control center module 11 includes a gateway application programming interface (Application Programming Interface, hereinafter referred to as: gateway API) 111; a storage service control module 112 communicating with the gateway API 111; a storage allocation module 113 communicating with the gateway API 111, the storage service control module 112 and the first database D1; and a plurality of public cloud storage interfaces 114 1 ~114 n communicating with the file verification module 13 and the storage service control module 112.

具體而言,該使用者裝置1a係可為智慧型手機、個人電腦及筆記型電腦等電子設備,及該物件儲存閘道器1b係可建立於伺服器(如通用型伺服器、檔案型伺服器、儲存單元型伺服器等)及電腦等具有適當演算機制之電子設備中,其中,該使用者裝置1a及該物件儲存閘道器1b中之各個模組(即該分持加密模組10、該閘道器API 111、該儲存服務管控模組112、該儲存分配模組113以及該複數公雲儲存介面1141~114n)均可為軟體、硬體或韌體;若為硬體,則可為具有資料處理與運算能力之處理單元、處理器、電腦或伺服器;若為軟體或韌體,則可包括處理單元、處理器、電腦或伺服器可執行之指令,且可安裝於同一硬體裝置或分布於不同的複數硬體裝置。另一方面,該複數公雲伺服器C1~Cn係包含Google Cloud Nearline Storage(GCS nearline)、AWS IA、Azure blob storage、hicloud S3等公有雲儲存伺服器。 Specifically, the user device 1a can be an electronic device such as a smart phone, a personal computer, and a laptop, and the object storage gateway 1b can be established in an electronic device such as a server (such as a general-purpose server, a file server, a storage unit server, etc.) and a computer with an appropriate computing mechanism, wherein each module in the user device 1a and the object storage gateway 1b (i.e., the shared encryption module 10, the gateway API 111, the storage service management module 112, the storage allocation module 113, and the plurality of public cloud storage interfaces 114 1 ~114 n) ) can be software, hardware or firmware; if it is hardware, it can be a processing unit, processor, computer or server with data processing and computing capabilities; if it is software or firmware, it can include instructions that can be executed by a processing unit, processor, computer or server, and can be installed on the same hardware device or distributed on different multiple hardware devices. On the other hand, the multiple public cloud servers C 1 ~C n include public cloud storage servers such as Google Cloud Nearline Storage (GCS nearline), AWS IA, Azure blob storage, hicloud S3, etc.

所述之使用者裝置1a,係包含的該分持加密模組10為一種分持加密工具,如分持加密應用程式,以安裝於該使用者裝置1a中,其中,該使用者裝置1a係提供一使用者編輯一分持設定檔,以送出一包含該分持設定檔之供裝請求;以及該使用者裝置1a係提供該使用者選擇至少一(如一個或複數個)欲備份之原始檔案,以由該分持加密模組10利用一加密金鑰對該原始檔案進行加密,再將該經加密之原始檔案進行切割,以得到複數分檔。 The user device 1a includes the shared encryption module 10, which is a shared encryption tool, such as a shared encryption application, installed in the user device 1a, wherein the user device 1a provides a user with the ability to edit a shared configuration file, and to send an installation request including the shared configuration file; and the user device 1a provides the user with the ability to select at least one (such as one or more) original files to be backed up, so that the shared encryption module 10 uses an encryption key to encrypt the original file, and then splits the encrypted original file to obtain multiple files.

在一實施例中,該分持設定檔係包含該使用者所選擇之公雲伺服器C1~Cn、備份之區域及該原始檔案的副本數量。 In one embodiment, the shared configuration file includes the public cloud servers C 1 -C n selected by the user, the backup area, and the number of copies of the original file.

在一實施例中,該分持加密模組10係採用如對稱加密演算法之加密方式對該原始檔案進行加密。舉例而言,該對稱加密演算法採用AES256 GCM,其中,AES(Advanced Encryption Standard,進階加密標準)係為一種對稱加密演算法;256係指256位的金鑰;以及GCM(Galois/Counter Mode)係指的是該對稱加密演算法採用Counter模式。再者,加解密過程中使用的金鑰(Key)是相同的,故接收方可以使用相同的金鑰對密文進行解密得到明文,且金鑰越長,破解的難度也就越大,其中,此實施例選擇256位的金鑰以提高加密的安全性,加密流程如下: In one embodiment, the shared encryption module 10 uses an encryption method such as a symmetric encryption algorithm to encrypt the original file. For example, the symmetric encryption algorithm uses AES256 GCM, where AES (Advanced Encryption Standard) is a symmetric encryption algorithm; 256 refers to a 256-bit key; and GCM (Galois/Counter Mode) refers to the symmetric encryption algorithm using a counter mode. Furthermore, the key used in the encryption and decryption process is the same, so the receiver can use the same key to decrypt the ciphertext to obtain the plaintext, and the longer the key, the more difficult it is to crack. In this embodiment, a 256-bit key is selected to improve the security of encryption. The encryption process is as follows:

步驟1:明文被分成多個固定大小(如128bit)的塊。 Step 1: The plaintext is divided into multiple blocks of fixed size (such as 128 bits).

步驟2:初始化一個計數器,並設初始值為C。 Step 2: Initialize a counter and set its initial value to C.

步驟3:使用金鑰K及計數器C生成加密用的金鑰。 Step 3: Use key K and counter C to generate encryption key.

步驟4:將明文塊及加密用的金鑰進行互斥或(XOR)運算,以得到密文塊。同時,使用一多項式乘法對密文塊進行運算,得到一標籤作為認證使用。 Step 4: Perform an exclusive OR (XOR) operation on the plaintext block and the encryption key to obtain the ciphertext block. At the same time, use a polynomial multiplication to operate on the ciphertext block to obtain a label for authentication.

步驟5:遞增計數器C,重複步驟3及步驟4,直到完成所有明文塊的加密。 Step 5: Increment counter C and repeat steps 3 and 4 until all plaintext blocks are encrypted.

步驟6:將所有的密文塊及認證標籤組合得到完整的密文。 Step 6: Combine all ciphertext blocks and authentication tags to get the complete ciphertext.

上述加密流程中,每個明文塊與加密用的金鑰各自獨立,因而可進行平行化提升處理速度,相較無法平行化之加密模式(如CBC)有較高的效能。另外,藉由認證標籤可以確保密文的完整性及保密性。 In the above encryption process, each plaintext block and the encryption key are independent of each other, so they can be parallelized to improve the processing speed, and have higher performance than encryption modes that cannot be parallelized (such as CBC). In addition, the integrity and confidentiality of the text can be confirmed by the authentication tag.

所述之物件儲存閘道器1b,係通訊連接(如利用網際網路(Internet)或各種無線、行動網路)該使用者裝置1a,以接收來自該使用者裝置1a的該供裝請求,其中,由該閘道器API 111接收該供裝請求中的該分持設定檔,再由該儲存服務管控模組112依據該分持設定檔,以透過該複數公雲儲存介面1141~114n呼叫相對應之該複數公雲伺服器C1~Cn,藉此於各該公雲伺服器C1~Cn中之區域中分別建立公雲儲存貯體(Bucket),以供儲存,並將該分持設定檔及各該公雲儲存貯體所相對應之關係儲存至一分持規則資料表。 The object storage gateway 1b is connected to the user device 1a by communication (e.g., using the Internet or various wireless or mobile networks) to receive the provisioning request from the user device 1a, wherein the gateway API 111 receives the shared configuration file in the provisioning request, and then the storage service control module 112 calls the corresponding plurality of public cloud servers C 1 ~C n through the plurality of public cloud storage interfaces 114 1 ~114 n according to the shared configuration file, thereby each of the public cloud servers C 1 ~C n Public cloud storage buckets are respectively established in the areas of n for storage, and the corresponding relationship between the shared configuration file and each public cloud storage bucket is stored in a shared rule data table.

在一實施例中,該複數公雲儲存介面1141~114n提供統一操作介面供該儲存服務管控模組112呼叫,分別令各該公雲伺服器C1~Cn進行工作,例如:儲存貯體建立/刪除、檔案上傳/下載/刪除等,且於此不限。 In one embodiment, the plurality of public cloud storage interfaces 114 1 -114 n provide a unified operation interface for the storage service control module 112 to call, respectively instructing each of the public cloud servers C 1 -C n to perform tasks, such as: storage container creation/deletion, file upload/download/deletion, etc., and the present invention is not limited thereto.

具體而言,各該公雲伺服器C1~Cn(如GCS nearline、AWS IA、Azure blob storage、hicloud S3)所提供之物件儲存、認證或存取方 式皆不盡相同,為簡化該儲存服務管控模組112之操作邏輯,該複數公雲儲存介面1141~114n提供一層抽象化之設計,以將各該公雲伺服器C1~Cn之存取操作進行封裝實作。具言之,該複數公雲儲存介面1141~114n皆基於共同的存取介面規範進行實作,故對於該儲存服務管控模組112來說,僅需要知道該共同的存取介面規範為何,即可得知如何操作該複數公雲儲存介面1141~114n,因而稱之為抽象化。例如,以認證機制為例,AWS以accesskey/secretkey對儲存服務API呼叫進行簽章計算,而GCP/Azure使用OAuth 2.0認證取得token(符記)後進行儲存服務API呼叫,其中,該儲存服務API係為AWS、GCP或Azure所提供之。 Specifically, the object storage, authentication or access methods provided by each public cloud server C 1 ~C n (such as GCS nearline, AWS IA, Azure blob storage, hicloud S3) are not the same. In order to simplify the operation logic of the storage service control module 112, the multiple public cloud storage interfaces 114 1 ~114 n provide a layer of abstract design to encapsulate and implement the access operations of each public cloud server C 1 ~C n . Specifically, the plurality of public cloud storage interfaces 114 1 ~114 n are implemented based on a common access interface specification, so the storage service control module 112 only needs to know the common access interface specification to know how to operate the plurality of public cloud storage interfaces 114 1 ~114 n , which is called abstraction. For example, taking the authentication mechanism as an example, AWS uses accesskey/secretkey to sign and calculate the storage service API call, and GCP/Azure uses OAuth 2.0 authentication to obtain a token (token) to make a storage service API call, wherein the storage service API is provided by AWS, GCP or Azure.

第一實施態樣係為檔案備份之實施態樣。 The first implementation is for file backup.

於此實施態樣中,當該使用者裝置1a上傳該複數分檔時,由該閘道器API 111接收該複數分檔,且於該閘道器API 111接收到該複數分檔後,由該儲存服務管控模組112將該複數分檔所相對應之分檔檔名及分檔序號提供給該儲存分配模組113,以由該儲存分配模組113計算出該複數分檔欲送至的各該公雲伺服器C1~Cn之分持位置,且產生各該分檔所相對應之識別碼。 In this implementation, when the user device 1a uploads the multiple files, the gateway API 111 receives the multiple files. After the gateway API 111 receives the multiple files, the storage service control module 112 provides the file names and file numbers corresponding to the multiple files to the storage allocation module 113, so that the storage allocation module 113 calculates the storage locations of the public cloud servers C1 ~ Cn to which the multiple files are to be sent, and generates identification codes corresponding to each of the files.

再者,該儲存分配模組113依據該複數分檔的分持位置,以呼叫各該公雲儲存介面1141~114n分別將該複數分檔上傳至各該公雲伺服器C1~Cn中,再將各該分檔之分檔名稱設定為其相對應之識別碼,且記錄於一分持檔案關聯資料表中,藉此執行儲存備份。 Furthermore, the storage allocation module 113 calls each of the public cloud storage interfaces 114 1 -114 n according to the distribution locations of the plurality of files to upload the plurality of files to each of the public cloud servers C 1 -C n , and then sets the file name of each file to its corresponding identification code and records it in a distribution file association table, thereby performing storage backup.

在一實施例中,該閘道器API 111係可為一種S3 API,其具有分檔上傳功能(Multipart Upload),且包含一系列的API呼叫,例如: CreateMultipartUpload→UploadPart(多個)→CompleteMultipartUpload,且於完成CompleteMultipartUpload後,將該複數分檔視為一個儲存物件。 In one embodiment, the gateway API 111 may be an S3 API that has a multipart upload function and includes a series of API calls, such as: CreateMultipartUpload→UploadPart(multiple)→CompleteMultipartUpload, and after the completion of CompleteMultipartUpload, the multiple files are treated as a storage object.

在一實施例中,該儲存分配模組113係依據該分持規則資料表建立一雜湊環(hash ring),以供備份時選擇目的地的該複數公雲伺服器C1~Cn所使用,其中,運用該雜湊環之概念,以將各該公雲伺服器C1~Cn經過雜湊(hash)計算放到該雜湊環上的相對位置,俾視為該雜湊環上的節點(node)。於計算各該分檔之分持位置時,該儲存分配模組113依據各該分檔之分檔檔名與分檔序號,以經由雜湊計算取得各該分檔之位置數值,若該複數分檔之一者的位置數值對應至該雜湊環中存在的節點上,即使用該節點所代表之公雲伺服器作為該複數分檔之一者的儲存目的地(即分持位置);反之,若該複數分檔之一者的位置數值未對應至該雜湊環中存在的節點上,則在該雜湊環上以順時鐘方向找到最接近的節點,以將該節點所代表之公雲伺服器作為該複數分檔之一者的儲存目的地(即分持位置)。 In one embodiment, the storage allocation module 113 establishes a hash ring according to the sharing rule data table for use by the plurality of public cloud servers C 1 ~C n for selecting a destination during backup. The concept of the hash ring is used to place each of the public cloud servers C 1 ~C n at a relative position on the hash ring through hash calculation so that they are regarded as nodes on the hash ring. When calculating the share position of each of the partitions, the storage allocation module 113 obtains the position value of each of the partitions through hash calculation according to the partition file name and the partition serial number of each of the partitions. If the position value of one of the multiple partitions corresponds to a node existing in the hash ring, the public cloud server represented by the node is used as the storage destination (i.e., the share position) of one of the multiple partitions; on the contrary, if the position value of one of the multiple partitions does not correspond to a node existing in the hash ring, the closest node is found in a clockwise direction on the hash ring to use the public cloud server represented by the node as the storage destination (i.e., the share position) of one of the multiple partitions.

在一實施例中,若該分持設定檔中設定副本數量為2(或以上)份,則於進行分檔上傳時,該儲存分配模組113除了計算各該分檔之第一副本在該雜湊環上位於的節點(即公雲伺服器)外,還於該雜湊環上以順時鐘方向(或可依需求採逆時鐘方向)的下一個節點(即另一公雲伺服器),以作為各該分檔之第二副本的儲存目的地。 In one embodiment, if the number of copies is set to 2 (or more) in the shared configuration file, when uploading the split files, the storage allocation module 113 not only calculates the node (i.e., the public cloud server) where the first copy of each split file is located on the hash ring, but also selects the next node (i.e., another public cloud server) in the clockwise direction (or counterclockwise direction as required) on the hash ring as the storage destination for the second copy of each split file.

藉此,可平均分散該複數分檔至各該公雲伺服器C1~Cn,並能確保在該複數公雲伺服器C1~Cn的個數大於副本的個數之情況下,任一公雲伺服器C1~Cn不會包含所有的該複數分檔。 Thereby, the plurality of files can be evenly distributed to each of the public cloud servers C 1 -C n , and it can be ensured that when the number of the plurality of public cloud servers C 1 -C n is greater than the number of replicas, any public cloud server C 1 -C n will not contain all of the plurality of files.

在一實施例中,該分檔序號係可為1~10000的整數,上傳分檔(UploadPart)時須包含此資訊;以及該分持規則資料表及該分持檔案關聯資料表係儲存於該第一資料庫D1。 In one embodiment, the file sequence number can be an integer between 1 and 10000, and this information must be included when uploading the file (UploadPart); and the shareholding rule data table and the shareholding file association data table are stored in the first database D1.

第二實施態樣係為檔案還原之實施態樣。 The second implementation is for file restoration.

於此實施態樣中,當該使用者欲還原該原始檔案時,該使用者裝置1a提供該使用者於線上選擇欲還原的該原始檔案,且由該分持加密模組10提供該使用者設定解密金鑰及儲存位置,以發出一下載請求,其中,由該閘道器API 111接收該下載請求,且依據該下載請求中的該原始檔案之檔名及該分持檔案關聯資料表,以取得該原始檔案所相對的該複數分檔之識別碼。藉此,該儲存服務管控模組112依據該複數分檔之識別碼,且透過各該公雲儲存介面1141~114n向各該公雲伺服器C1~Cn取得該複數分檔,進而傳送至該使用者裝置1a中。再者,由該分持加密模組10將該複數分檔進行組合,以利用該解密金鑰進行解密,俾得到該原始檔案,並將該原始檔案儲存至該使用者所設定之儲存位置。 In this implementation, when the user wants to restore the original file, the user device 1a allows the user to select the original file to be restored online, and the shared encryption module 10 allows the user to set the decryption key and storage location to issue a download request, wherein the gateway API 111 receives the download request and obtains the identification code of the multiple sub-files corresponding to the original file according to the file name of the original file in the download request and the shared file association table. Thus, the storage service control module 112 obtains the multiple sub-files from each of the public cloud servers C 1 ~C n according to the identification code of the multiple sub-files through each of the public cloud storage interfaces 114 1 ~114 n , and then transmits them to the user device 1a. Furthermore, the multiple sub-files are combined by the sub-encryption module 10 to be decrypted using the decryption key to obtain the original file, and the original file is stored in the storage location set by the user.

第三實施態樣係為檔案校驗之實施態樣。 The third implementation is the implementation of file verification.

於此實施態樣中,由該分檔校驗模組13定期地執行該複數分檔的可用性校驗,其中,由該分檔校驗模組13查詢該分持檔案關聯資料表,以取得該複數公雲儲存貯體與各該分檔之識別碼,俾將該複數公雲儲存貯體進行分群,再由該分檔校驗模組13呼叫各該公雲儲存介面1141~114n,以令各該公雲儲存介面1141~114n依據該分持檔案關聯資料表檢驗各該公雲儲存貯體中是否存在所有對應之各該分檔之識別碼,進而產出統計報表。 In this implementation, the file verification module 13 periodically performs availability verification of the plurality of files, wherein the file verification module 13 queries the shared file association data table to obtain the identification codes of the plurality of public cloud storage volumes and each of the files, so as to group the plurality of public cloud storage volumes, and then the file verification module 13 calls each of the public cloud storage interfaces 114 1 ~114 n to make each of the public cloud storage interfaces 114 1 ~114 n check whether all corresponding identification codes of each of the files exist in each of the public cloud storage volumes according to the shared file association data table, and then generate a statistical report.

第四實施態樣係為分持規則資料表與分持檔案關聯資料表的檔案之實施態樣。 The fourth implementation form is the implementation form of the shareholding rules data table and the shareholding file association data table.

於此實施態樣中,由該備份模組12向第一資料庫D1取得該分持規則資料表及該分持檔案關聯資料表,以定期地匯出該分持規則資料表及該分持檔案關聯資料表,並對該分持規則資料表及該分持檔案關聯資料表進行如上述實施例之分持加密流程,藉此將經分持加密之該分持規則資料表及該分持檔案關聯資料表備份於境外之複數第二資料庫D2。 In this implementation, the backup module 12 obtains the shareholding rule data table and the shareholding file associated data table from the first database D1, and exports the shareholding rule data table and the shareholding file associated data table regularly, and performs the shareholding encryption process of the above-mentioned embodiment on the shareholding rule data table and the shareholding file associated data table, thereby backing up the shareholding rule data table and the shareholding file associated data table after shareholding encryption in multiple second databases D2 outside the country.

下列第一實施例係為本發明之分持設定及檔案備份之具體實施例,且一併參閱圖1說明之。此外,本實施例與上述實施例相同處,不再贅述。 The following first embodiment is a specific embodiment of the shared settings and file backup of the present invention, and is also described with reference to Figure 1. In addition, the similarities between this embodiment and the above embodiment will not be repeated.

於本實施例中,當一使用者利用一具有分持加密模組10之電腦(即使用者裝置1a)設定三家公雲伺服器(如第一公雲伺服器C1、第二公雲伺服器C2、第三公雲伺服器C3)及其區域作為儲存目的地,且設定副本數量為2,藉此編輯出一分持設定檔,以向一物件儲存閘道器1b送出一包含該分持設定檔之供裝請求。 In this embodiment, when a user uses a computer (i.e., user device 1a) with a shared encryption module 10 to set three public cloud servers (such as the first public cloud server C1 , the second public cloud server C2 , and the third public cloud server C3 ) and their areas as storage destinations, and sets the number of copies to 2, a shared configuration file is edited to send a supply request containing the shared configuration file to an object storage gateway 1b.

於該物件儲存閘道器1b接收到該供裝請求後,由一閘道器API 111接收該供裝請求中的該分持設定檔,再由一儲存服務管控模組112依據該分持設定檔,以透過該公雲儲存介面1141~1143呼叫相對應之第一公雲伺服器C1、第二公雲伺服器C2、第三公雲伺服器C3,進而於各該公雲伺服器C1~C3中之區域(即Region 1、Region 2、Region 3)分別建立各自的公雲儲存貯體(即Bucket 1、Bucket 2、Bucket 3),藉此依據該 分持設定檔及各該公雲儲存貯體所相對應之關係形成一分持規則資料表(如下表一所示)。 After the object storage gateway 1b receives the provisioning request, a gateway API 111 receives the shared configuration file in the provisioning request, and then a storage service management module 112 calls the corresponding first public cloud server C1, second public cloud server C2 , and third public cloud server C3 through the public cloud storage interface 1141 ~ 1143 according to the shared configuration file, and then establishes respective public cloud storage buckets (i.e., Bucket 1 , Bucket 2, Bucket 3 ) in the regions (i.e., Region 1, Region 2, Region 3) in each of the public cloud servers C1 ~ C3 , thereby forming a shared rule data table (as shown in Table 1 below) based on the shared configuration file and the corresponding relationship between each of the public cloud storage buckets.

表一:分持規則資料表

Figure 112145640-A0101-12-0013-1
Table 1: Shareholding Rules Data Table
Figure 112145640-A0101-12-0013-1

於完成上述關於備分之分持設定後,如圖2所示,由一儲存分配模組113依據該分持規則資料表建立一雜湊環(hash ring),以供後續備份用。在一實施例中,該雜湊環視為一非負整數的數值空間,其範圍為0~3,依順時針方向遞增,0及3皆代表為該雜湊環上的同一點(即第一公雲伺服器C1);1代表為該雜湊環上的第二公雲伺服器C1;以及2代表為該雜湊環上的第三公雲伺服器C3After completing the above backup sharing settings, as shown in FIG2 , a storage allocation module 113 creates a hash ring according to the sharing rule data table for subsequent backup. In one embodiment, the hash ring is regarded as a non-negative integer value space, which ranges from 0 to 3 and increases in a clockwise direction. 0 and 3 both represent the same point on the hash ring (i.e., the first public cloud server C 1 ); 1 represents the second public cloud server C 1 on the hash ring; and 2 represents the third public cloud server C 3 on the hash ring.

再者,於該使用者利用該電腦選擇一第一檔案及一第二檔案後,由該分持加密模組10將該第一檔案及該第二檔案組成一欲備份之檔案A(如下表二所示),並進行加密。再由該分持加密模組10以5MB為一分檔將該欲備份之檔案A拆分為5個分檔A_1~A_5(如下表三所示),進而向該物件儲存閘道器1b發出一供裝請求,再分別上傳各該分檔A_1~A_5至該物件儲存閘道器1b。 Furthermore, after the user selects a first file and a second file using the computer, the shared encryption module 10 combines the first file and the second file into a file A to be backed up (as shown in Table 2 below) and encrypts it. The shared encryption module 10 then splits the file A to be backed up into 5 sub-files A_1 to A_5 (as shown in Table 3 below) with 5MB per sub-file, and then sends a loading request to the object storage gateway 1b, and then uploads each of the sub-files A_1 to A_5 to the object storage gateway 1b.

表二:欲備份之檔案A列表

Figure 112145640-A0101-12-0014-3
Table 2: List of files A to be backed up
Figure 112145640-A0101-12-0014-3

表三:欲備份之檔案A之分檔列表

Figure 112145640-A0101-12-0014-10
Table 3: List of files to be backed up in file A
Figure 112145640-A0101-12-0014-10

於該物件儲存閘道器1b中之該閘道器API 111接收到該供裝請求及該些分檔A_1~A_5後,該儲存服務管控模組112提供該些分檔A_1~A_5之分檔檔名及分檔序號給該儲存分配模組113,藉此計算目標的公雲(即分持位置)。在此實施例中,該儲存分配模組113依據該些分檔A_1~A_5之分檔檔名及分檔序號,以計算各該分檔A_1~A_5之雜湊值。藉此,於先前已建立之雜湊環中尋找得到分檔A_1、分檔A_4之分持位置係對應至該第一公雲伺服器C1;分檔A_2、分檔A_5之分持位置係對應至該第二公雲伺服器C2;以及分檔A_3之分持位置係對應至該第三公雲伺服器C3After the gateway API 111 in the object storage gateway 1b receives the provisioning request and the sub-files A_1 to A_5, the storage service control module 112 provides the sub-file names and sub-file serial numbers of the sub-files A_1 to A_5 to the storage allocation module 113 to calculate the target public cloud (i.e., the distribution location). In this embodiment, the storage allocation module 113 calculates the hash value of each of the sub-files A_1 to A_5 based on the sub-file names and sub-file serial numbers of the sub-files A_1 to A_5. Thus, it is found in the previously established hash ring that the locations of files A_1 and A_4 correspond to the first public cloud server C 1 ; the locations of files A_2 and A_5 correspond to the second public cloud server C 2 ; and the location of files A_3 corresponds to the third public cloud server C 3 .

是以,該儲存分配模組113依據各該分檔A_1~A_5之分持位置,以呼叫各該公雲儲存介面1141~1143分別將各該分檔A_1~A_5上傳至該第一公雲伺服器C1、該第二公雲伺服器C2及該第三公雲伺服器C3中。此 外,該儲存分配模組113分別生成各該分檔A_1~A_5之識別碼,再將各該分檔A_1~A_5之分檔名稱設定為其相對應之識別碼,且記錄於一分持檔案關聯資料表(如下表四所示)中,藉此執行儲存備份。 Therefore, the storage allocation module 113 calls each of the public cloud storage interfaces 114 1 to 114 3 according to the location of each of the sub-files A_1 to A_5 to upload each of the sub-files A_1 to A_5 to the first public cloud server C 1 , the second public cloud server C 2 and the third public cloud server C 3. In addition, the storage allocation module 113 generates identification codes for each of the sub-files A_1 to A_5, sets the sub-file names of each of the sub-files A_1 to A_5 to the corresponding identification codes, and records them in a shared file association data table (as shown in Table 4 below), thereby performing storage backup.

表四:分持檔案關聯資料表

Figure 112145640-A0101-12-0015-6
Table 4: Shareholding file related data table
Figure 112145640-A0101-12-0015-6

完成上傳後,該分持加密模組10透過該電腦顯示一線上檔案列表,且該線上檔案列表包含已完成備份之檔案A,並已可供使用者下載。 After the upload is completed, the shared encryption module 10 displays an online file list through the computer, and the online file list includes the file A that has been backed up and is available for the user to download.

下列第二實施例係為本發明之檔案還原之具體實施例,且一併參閱圖1說明之。此外,本實施例與上述實施例相同處,不再贅述。 The following second embodiment is a specific embodiment of the file restoration of the present invention, and is also described with reference to FIG1. In addition, the similarities between this embodiment and the above embodiment are not repeated here.

當該使用者欲還原該檔案A時,該使用者透過該電腦點選該分持加密模組10所顯示的該線上檔案列表中之檔案A,以向該物件儲存閘 道器1b發出一下載請求,進而執行檔案下載,且由該分持加密模組10提供該使用者設定解密金鑰及儲存位置。 When the user wants to restore the file A, the user clicks on the file A in the online file list displayed by the shared encryption module 10 through the computer to send a download request to the object storage gateway 1b, thereby executing the file download, and the shared encryption module 10 provides the user with the decryption key and storage location.

對此,由該閘道器API 111接收該下載請求,且依據該下載請求中的該檔案A之檔名及該分持檔案關聯資料表(如上述之表四所示),以取得該檔案A所相對的各該分檔A_1~A_5之識別碼a~j,藉此依據各該分檔A_1~A_5之識別碼a~j,且透過各該公雲儲存介面1141~1143向該第一公雲伺服器C1、該第二公雲伺服器C2及該第三公雲伺服器C3取得該複數分檔A_1~A_5,進而傳送至該使用者裝置1a中,再由該分持加密模組10將該複數分檔A_1~A_5進行組合,且利用該解密金鑰進行解密,藉此得到該檔案A,並將該檔案A儲存至該使用者所設定之儲存位置。 In response to this, the gateway API 111 receives the download request, and obtains the identification codes a~j of the sub-files A_1~A_5 corresponding to the file A according to the file name of the file A in the download request and the sub-file association table (as shown in Table 4 above), thereby downloading the sub-files A_1~A_5 to the first public cloud server C 1 , the second public cloud server C 2 and the third public cloud server C 3 according to the identification codes a~j of the sub-files A_1~A_5 and through the public cloud storage interfaces 114 1 ~114 3. 3 obtains the plurality of files A_1~A_5 and transmits them to the user device 1a, and then the plurality of files A_1~A_5 are combined by the shared encryption module 10 and decrypted using the decryption key to obtain the file A, and the file A is stored in the storage location set by the user.

此外,該分持加密模組10執行下載時,可代入Http Range標頭(Http Range Header)進行特定區段下載,故得以並行向該物件儲存閘道器1b發出多個片段的請求。於該物件儲存閘道器1b處理下載請求時,以該檔案A之檔名及Http Range標頭(若存在)向該分持檔案關聯資料表查找該檔案A及其Range所對應之分檔資訊,並使用各該公雲儲存介面1141~1143,且透過識別碼取得該些分檔A_1~A_5,而後返還資料給客戶端。 In addition, when the shared encryption module 10 executes the download, the Http Range Header can be substituted to download a specific segment, so that multiple segment requests can be sent to the object storage gateway 1b in parallel. When the object storage gateway 1b processes the download request, the file name of the file A and the Http Range Header (if it exists) are used to search the shared file association table for the file A and the corresponding file information of its Range, and the public cloud storage interfaces 114 1 ~114 3 are used to obtain the files A_1~A_5 through the identification code, and then the data is returned to the client.

由於客戶端工具已知分檔上傳時所使用的大小(5MB),進行並行請求時,設定各該Range為分檔大小,可達到分檔下載的功用,並能確保每一個下載請求皆只會對某一公雲上之檔案進行請求,以降低存取公雲的次數。以檔案A並行下載為例說明,共有5次下載請求,各該Range(bytes)分別為0-4999999,5000000-9999999,10000000-14999999, 15000000-19999999,20000000-23999999,進行並行下載,待所有請求完成,再將資料合併儲存後解密,即完成檔案A還原。 Since the client tool knows the size (5MB) used for file upload, when making parallel requests, each Range is set as the file size, which can achieve the function of file download and ensure that each download request will only request a file on a public cloud to reduce the number of public cloud accesses. Take the parallel download of file A as an example. There are 5 download requests in total. The Range (bytes) are 0-4999999, 5000000-9999999, 10000000-14999999, 15000000-19999999, 20000000-23999999. After all requests are completed, the data is merged and stored and then decrypted to complete the restoration of file A.

下列第三實施例係為本發明之檔案校驗之具體實施例,且一併參閱圖1說明之。此外,本實施例與上述實施例相同處,不再贅述。 The following third embodiment is a specific embodiment of the file verification of the present invention, and is also described with reference to FIG. 1. In addition, the similarities between this embodiment and the above embodiment are not repeated.

由該分檔校驗模組13定期地執行該複數分檔的可用性校驗。 The bin verification module 13 periodically performs availability verification of the multiple bins.

具體而言,由該分檔校驗模組13查詢該分持檔案關聯資料表(如上述之表四所示),以取得該複數公雲儲存貯體與各該分檔之識別碼,俾將該複數公雲儲存貯體進行分群,再由該分檔校驗模組13呼叫各該公雲儲存介面1141~114n檢驗各該公雲儲存貯體中是否存在所有對應之各該分檔之識別碼。 Specifically, the file division verification module 13 queries the shared file association data table (as shown in Table 4 above) to obtain the identification codes of the plurality of public cloud storage volumes and each of the files, so as to group the plurality of public cloud storage volumes. The file division verification module 13 then calls each of the public cloud storage interfaces 114 1 ~ 114 n to check whether all the corresponding identification codes of each of the files exist in each of the public cloud storage volumes.

舉例而言,該分檔校驗模組13指派該公雲儲存介面1141向該第一公雲伺服器C1之儲存貯體Bucket 1請求檢驗識別碼a、d、h之檔案是否存在;指派該公雲儲存介面1142向該第二公雲伺服器C2之儲存貯體Bucket 2請求檢驗識別碼b、e、f、i之檔案是否存在;以及指派該公雲儲存介面1143向該第三公雲伺服器C3之儲存貯體Bucket 3請求檢驗識別碼c、g、j之檔案是否存在。是以,該分檔校驗模組13統整校驗結果後,產出報表供管理者檢閱。 For example, the file verification module 13 assigns the public cloud storage interface 114 1 to request the storage bucket 1 of the first public cloud server C 1 to check whether the files with identification codes a, d, and h exist; assigns the public cloud storage interface 114 2 to request the storage bucket 2 of the second public cloud server C 2 to check whether the files with identification codes b, e, f, and i exist; and assigns the public cloud storage interface 114 3 to request the storage bucket 3 of the third public cloud server C 3 to check whether the files with identification codes c, g, and j exist. Therefore, after the file verification module 13 integrates the verification results, it generates a report for the administrator to review.

圖3係為本發明之基於物件儲存閘道器之分持備份方法之流程示意圖。同時,此檔案備份方法之主要內容如下,其餘內容相同於上述圖1說明之,於此不再重覆敘述。是以,此檔案備份方法之流程包含下列步驟S31至步驟S35: FIG3 is a flowchart of the object storage gateway-based shared backup method of the present invention. Meanwhile, the main contents of this file backup method are as follows, and the rest of the contents are the same as those described in FIG1 above, and will not be repeated here. Therefore, the process of this file backup method includes the following steps S31 to S35:

於步驟S31中,由一使用者裝置1a提供一使用者透過一分持加密模組10編輯一分持設定檔,以送出一包含該分持設定檔之供裝請求。 In step S31, a user device 1a provides a user with the ability to edit a shared configuration file through a shared encryption module 10, thereby sending a request for installation containing the shared configuration file.

於步驟S32中,一物件儲存閘道器1b接收該供裝請求,以依據該供裝請求中之分持設定檔,且透過複數公雲儲存介面1141~114n呼叫相對應之複數公雲伺服器C1~Cn,藉此於各該公雲伺服器C1~Cn中之區域中分別建立公雲儲存貯體,以供儲存,再將該分持設定檔及各該公雲儲存貯體所相對應之關係儲存至一分持規則資料表。 In step S32, an object storage gateway 1b receives the provisioning request, and based on the shared configuration file in the provisioning request, calls the corresponding plurality of public cloud servers C1 ~ Cn through a plurality of public cloud storage interfaces 1141 ~ 114n , thereby establishing public cloud storage containers in the areas of each of the public cloud servers C1 ~ Cn for storage, and then stores the corresponding relationship between the shared configuration file and each of the public cloud storage containers in a shared rule data table.

於步驟S33中,由該使用者裝置1a係提供該使用者選擇至少一欲備份之原始檔案,以由該分持加密模組10利用一加密金鑰對該原始檔案進行加密,再將該經加密之原始檔案進行切割,以得到複數分檔,且進行上傳。 In step S33, the user device 1a provides the user with the option of selecting at least one original file to be backed up, so that the backup encryption module 10 uses an encryption key to encrypt the original file, and then splits the encrypted original file to obtain multiple sub-files, which are then uploaded.

於步驟S34中,由該物件儲存閘道器1b接收該複數分檔,且計算出該複數分檔欲送至的各該公雲伺服器C1~Cn的分持位置,以產生各該分檔所相對應之識別碼。 In step S34, the object storage gateway 1b receives the plurality of sub-files and calculates the locations of the public cloud servers C1 - Cn to which the plurality of sub-files are to be sent, so as to generate identification codes corresponding to the sub-files.

於步驟S35中,由該物件儲存閘道器1b依據該複數分檔之分持位置,以呼叫各該公雲儲存介面1141~114n分別將該複數分檔上傳至各該公雲伺服器C1~Cn中,再將各該分檔之分檔名稱設定為其相對應之識別碼,且記錄於一分持檔案關聯資料表中,藉此執行儲存備份。 In step S35, the object storage gateway 1b calls each of the public cloud storage interfaces 1141 ~ 114n according to the distribution location of the plurality of files to upload the plurality of files to each of the public cloud servers C1 ~ Cn respectively, and then sets the file name of each file to its corresponding identification code and records it in a distribution file association data table, thereby performing storage backup.

此外,本發明還揭示一種非揮發式電腦可讀儲存媒介,係應用於具有處理器(例如,CPU、GPU等)及/或記憶體的計算裝置或電腦中,且儲存有指令,並可利用此計算裝置或電腦透過處理器及/或記憶體執行此非揮發式電腦可讀儲存媒介,以於執行此非揮發式電腦可讀儲存媒介時執 行上述之方法及各步驟。在一實施例中,本發明揭示一種非暫態(non-transitory)的電腦可讀儲存媒介,以執行上述之方法及各步驟。 In addition, the present invention also discloses a non-volatile computer-readable storage medium, which is applied to a computing device or computer having a processor (e.g., CPU, GPU, etc.) and/or memory, and stores instructions, and can be used by the computing device or computer to execute the non-volatile computer-readable storage medium through the processor and/or memory to execute the above-mentioned method and each step when executing the non-volatile computer-readable storage medium. In one embodiment, the present invention discloses a non-transitory computer-readable storage medium to execute the above-mentioned method and each step.

綜上所述,本發明之基於物件儲存閘道器之分持備份系統、方法及其非揮發性電腦可讀儲存媒介,藉由一使用者裝置中之分持加密模組將至少一欲備份之原始檔案加密及切割後,以得到複數分檔,並傳送至一物件儲存閘道器,再由該物件儲存閘道器計算出該複數分檔欲送至的各該公雲伺服器的分持位置,藉此呼叫各該公雲儲存介面分別將該複數分檔上傳至各該公雲伺服器中。是以,本發明能單一檔案分解成多個小檔案後,安全且有效地分散儲存於多個公有雲儲存服務中,以提高檔案備份之機密性及可靠性。 In summary, the object storage gateway-based distributed backup system, method and non-volatile computer-readable storage medium of the present invention encrypts and splits at least one original file to be backed up by a distributed encryption module in a user device to obtain multiple partitions, and transmits them to an object storage gateway. The object storage gateway then calculates the distribution locations of each public cloud server to which the multiple partitions are to be sent, and calls each public cloud storage interface to upload the multiple partitions to each public cloud server. Therefore, the present invention can decompose a single file into multiple small files, and safely and effectively store them in multiple public cloud storage services to improve the confidentiality and reliability of file backup.

此外,本發明之基於物件儲存閘道器之分持備份系統、方法及其非揮發性電腦可讀儲存媒介,更具備下列優點或技術功效: In addition, the object storage gateway-based shared backup system, method, and non-volatile computer-readable storage medium of the present invention have the following advantages or technical effects:

一、本發明將單一大型備份檔案透過檔案拆分工具(分持加密模組)分解成多個小檔案後,分散地儲存於多個符合法規要求之境外公有雲儲存服務中,進而提高檔案備份的機密性及可靠性。 1. This invention decomposes a single large backup file into multiple small files through a file splitting tool (shared encryption module), and then stores them in multiple offshore public cloud storage services that meet regulatory requirements, thereby improving the confidentiality and reliability of file backup.

二、本發明在分持檔案派送至多個公有雲儲存服務前,先進行AES 256位元或更高等級的加密處理,藉此更確保其機密性。 Second, the present invention performs AES 256-bit or higher encryption before sending the shared files to multiple public cloud storage services, thereby further ensuring their confidentiality.

三、本發明之物件儲存閘道器係為一種轉換工具或設備,其可將傳統檔案儲存系統轉換為物件儲存模式,以適應各個公雲儲存的環境,且該物件儲存閘道器提供一統一界面,能夠整合多個公有雲儲存服務,這大幅增加了儲存的靈活性,且提供用戶更多公有雲儲存服務的選擇。 3. The object storage gateway of the present invention is a conversion tool or device that can convert the traditional file storage system into an object storage mode to adapt to the environment of various public cloud storage. The object storage gateway provides a unified interface and can integrate multiple public cloud storage services, which greatly increases the flexibility of storage and provides users with more choices of public cloud storage services.

上述實施形態僅例示性說明本發明之原理及其功效,而非用於限制本發明。任何熟習此項技藝之人士均可在不違背本發明之精神及範疇下,對上述實施形態進行修飾與改變。因此,本發明之權利保護範圍應如申請專利範圍所列。 The above implementation forms are merely illustrative of the principles and effects of the present invention, and are not intended to limit the present invention. Anyone familiar with this art may modify and change the above implementation forms without violating the spirit and scope of the present invention. Therefore, the scope of protection of the present invention should be as listed in the scope of the patent application.

1:基於物件儲存閘道器之分持備份系統 1: Distributed backup system based on object storage gateway

1a:使用者裝置 1a: User device

10:分持加密模組 10: Shared encryption module

1b:物件儲存閘道器 1b: Object storage gateway

11:控制中心模組 11: Control center module

111:閘道器應用程式介面、閘道器API 111: Gateway Application Programming Interface, Gateway API

112:儲存服務管控模組 112: Storage service control module

113:儲存分配模組 113: Storage allocation module

1141~114n:公雲儲存介面 114 1 ~114 n : Public cloud storage interface

12:備份模組 12: Backup module

13:分檔校驗模組 13: Bin verification module

C1,C2,C3~Cn:公有雲儲存伺服器、公雲伺服器 C 1 ,C 2 ,C 3 ~C n : Public cloud storage servers, public cloud servers

D1:第一資料庫 D1: First database

D2:第二資料庫 D2: Second database

Claims (11)

一種基於物件儲存閘道器之分持備份系統,係包括:一具有分持加密模組之使用者裝置,係提供一使用者選擇至少一欲備份之原始檔案,以由該分持加密模組對該原始檔案進行加密,再將該經加密之原始檔案進行切割,以得到複數分檔;以及一具有複數公雲儲存介面之物件儲存閘道器,係通訊連接該使用者裝置,以接收來自該分持加密模組之該複數分檔,且計算出該複數分檔欲送至的複數公雲伺服器之分持位置,俾呼叫該複數公雲儲存介面分別將該複數分檔上傳至相對應之複數公雲伺服器中,其中,該物件儲存閘道器係包含一控制中心模組、一備份模組、一分檔校驗模組及一通訊連接該分檔校驗模組之第一資料庫,且其中,該第一資料庫儲存有一分持規則資料表及一分持檔案關聯資料表,而該分持檔案關聯資料表包含該複數分檔之分檔檔名及識別碼、該複數公雲伺服器之名稱及其公雲儲存貯體之代號,其中,由該控制中心模組依據該分持規則資料表建立一雜湊環,且將該複數公雲伺服器經過雜湊計算後,放到該雜湊環的相對位置上,以作為該雜湊環上之複數節點,再由該控制中心模組依據該複數分檔之分檔檔名與分檔序號計算出相對應之位置數值,以將該複數分檔之位置數值匹配至該雜湊環所相對應之複數節點上,俾將匹配到的該複數節點所代表之複數公雲伺服器作為該複數分檔之分持位置。 A distributed backup system based on an object storage gateway includes: a user device with a distributed encryption module, which allows a user to select at least one original file to be backed up, so that the distributed encryption module encrypts the original file and then splits the encrypted original file to obtain multiple sub-files; and an object storage gateway with multiple public cloud storage interfaces, which is connected to the user device to communicate with the user device. The user device receives the plurality of files from the shared encryption module and calculates the shared locations of the plurality of public cloud servers to which the plurality of files are to be sent, so as to call the plurality of public cloud storage interfaces to upload the plurality of files to the corresponding plurality of public cloud servers respectively, wherein the object storage gateway includes a control center module, a backup module, a file verification module and a communication connection to the file verification module The first database stores a share rule data table and a share file association data table, and the share file association data table includes the file names and identification codes of the plurality of files, the names of the plurality of public cloud servers and the codes of their public cloud storage volumes, wherein the control center module establishes a hash ring according to the share rule data table, and hashes the plurality of public cloud servers. After calculation, it is placed at the relative position of the hash ring as the multiple nodes on the hash ring. Then the control center module calculates the corresponding position value according to the file name and file sequence number of the multiple files, so as to match the position value of the multiple files to the multiple nodes corresponding to the hash ring, so that the multiple public cloud servers represented by the matched multiple nodes are used as the share positions of the multiple files. 如請求項1所述之基於物件儲存閘道器之分持備份系統,其中,該使用者裝置提供該使用者編輯一分持設定檔,以送出一包含該分 持設定檔之供裝請求,且該分持設定檔係包含該使用者所選擇之公雲伺服器、備份之區域及該原始檔案的副本數量。 The object storage gateway-based shared backup system as described in claim 1, wherein the user device allows the user to edit a shared configuration file to send a request for installation containing the shared configuration file, and the shared configuration file includes the public cloud server selected by the user, the backup area, and the number of copies of the original file. 如請求項1所述之基於物件儲存閘道器之分持備份系統,其中,由該控制中心模組接收一供裝請求中之分持設定檔,且依據該分持設定檔透過該複數公雲儲存介面呼叫相對應之該複數公雲伺服器,以於該複數公雲伺服器中之區域中分別建立公雲儲存貯體,俾供儲存,再將該分持設定檔及該複數公雲儲存貯體之間的關係儲存至該分持規則資料表中。 The shared backup system based on the object storage gateway as described in claim 1, wherein the control center module receives a shared configuration file in a provisioning request, and calls the corresponding plurality of public cloud servers through the plurality of public cloud storage interfaces according to the shared configuration file, so as to respectively establish public cloud storage containers in the regions of the plurality of public cloud servers for storage, and then stores the relationship between the shared configuration file and the plurality of public cloud storage containers in the shared rule data table. 如請求項1所述之基於物件儲存閘道器之分持備份系統,其中,當該使用者欲還原該原始檔案時,由該分持加密模組發出一下載請求,且於該控制中心模組接收該下載請求後,依據該下載請求中之該原始檔案之檔名及該分持檔案關聯資料表,以取得該原始檔案所相對的該複數分檔之識別碼,俾透過該複數公雲儲存介面向該複數公雲伺服器取得該複數分檔,且回傳至該使用者裝置中,再由該分持加密模組將該複數分檔進行組合及解密,以得到該原始檔案。 As described in claim 1, the shared backup system based on the object storage gateway, wherein when the user wants to restore the original file, the shared encryption module sends a download request, and after the control center module receives the download request, it obtains the identification codes of the multiple sub-files corresponding to the original file according to the file name of the original file in the download request and the shared file association table, so as to obtain the multiple sub-files from the multiple public cloud servers through the multiple public cloud storage interfaces, and returns them to the user device, and then the shared encryption module combines and decrypts the multiple sub-files to obtain the original file. 如請求項1所述之基於物件儲存閘道器之分持備份系統,其中,由該分檔校驗模組查詢該分持檔案關聯資料表,以取得該複數公雲儲存貯體與各該分檔之識別碼,俾將該複數公雲儲存貯體進行分群,再由該分檔校驗模組呼叫該複數公雲儲存介面,以令該複數公雲儲存介面依據該分持檔案關聯資料表分別檢驗該複數公雲儲存貯體中是否存在所有對應之該複數分檔之識別碼,進而產出統計報表。 As described in claim 1, the shared backup system based on the object storage gateway, wherein the file verification module queries the shared file association data table to obtain the identification codes of the multiple public cloud storage volumes and each of the files, so as to group the multiple public cloud storage volumes, and then the file verification module calls the multiple public cloud storage interfaces to make the multiple public cloud storage interfaces check whether all the corresponding identification codes of the multiple files exist in the multiple public cloud storage volumes according to the shared file association data table, and then generate a statistical report. 一種基於物件儲存閘道器之分持備份方法,係包括: 由一具有分持加密模組之使用者裝置提供一使用者選擇至少一欲備份之原始檔案;由該分持加密模組對該原始檔案進行加密,再將該經加密之原始檔案進行切割,以得到複數分檔;由一具有複數公雲儲存介面之物件儲存閘道器接收來自該分持加密模組之該複數分檔;由該物件儲存閘道器計算出該複數分檔欲送至的複數公雲伺服器之分持位置,俾呼叫該複數公雲儲存介面分別將該複數分檔上傳至相對應之複數公雲伺服器中;由一第一資料庫儲存一分持規則資料表及一分持檔案關聯資料表,其中,該分持檔案關聯資料表包含該複數分檔之分檔檔名及識別碼、該複數公雲伺服器之名稱及其公雲儲存貯體之代號;由該物件儲存閘道器中之控制中心模組依據該分持規則資料表建立一雜湊環,且將該複數公雲伺服器經過雜湊計算後,放到該雜湊環的相對位置上,以作為該雜湊環上之複數節點;以及由該控制中心模組依據該複數分檔之分檔檔名與分檔序號計算出相對應之位置數值,以將該複數分檔之位置數值匹配至該雜湊環所相對應之複數節點上,俾將匹配到的該複數節點所代表之複數公雲伺服器作為該複數分檔之分持位置。 A method for distributed backup based on an object storage gateway includes: A user device with a distributed encryption module provides a user with the choice of at least one original file to be backed up; the distributed encryption module encrypts the original file and then cuts the encrypted original file to obtain multiple partitions; an object storage gateway with multiple public cloud storage interfaces receives the multiple partitions from the distributed encryption module; the object storage gateway calculates the distribution locations of multiple public cloud servers to which the multiple partitions are to be sent, so as to call the multiple public cloud storage interfaces to upload the multiple partitions to the corresponding multiple public cloud servers respectively; a first database stores a distributed rule data table and a distributed file-related data The shared file association data table includes the file names and identification codes of the multiple files, the names of the multiple public cloud servers and the codes of their public cloud storage containers; the control center module in the object storage gateway establishes a hash ring according to the shared rule data table, and places the multiple public cloud servers at relative positions in the hash ring after hash calculation. , as multiple nodes on the hash ring; and the control center module calculates the corresponding position value according to the file name and file sequence number of the multiple files, so as to match the position value of the multiple files to the multiple nodes corresponding to the hash ring, so as to use the multiple public cloud servers represented by the matched multiple nodes as the share positions of the multiple files. 如請求項6所述之基於物件儲存閘道器之分持備份方法,更包括由該使用者裝置提供該使用者編輯一分持設定檔,以送出一包含該 分持設定檔之供裝請求,且該分持設定檔係包含該使用者所選擇之公雲伺服器、備份之區域及該原始檔案的副本數量。 The object storage gateway-based shared backup method as described in claim 6 further includes providing the user with a shared configuration file edited by the user device to send a request for installation containing the shared configuration file, and the shared configuration file includes the public cloud server selected by the user, the backup area, and the number of copies of the original file. 如請求項6所述之基於物件儲存閘道器之分持備份方法,更包括:由該物件儲存閘道器中之控制中心模組接收一供裝請求中之分持設定檔,且依據該分持設定檔透過該複數公雲儲存介面呼叫相對應之該複數公雲伺服器,以於該複數公雲伺服器中之區域中分別建立公雲儲存貯體,俾供儲存;及由該控制中心模組將該分持設定檔及該複數公雲儲存貯體之間的關係儲存至該分持規則資料表中。 The object storage gateway-based shared backup method as described in claim 6 further includes: receiving a shared configuration file in a request for installation by a control center module in the object storage gateway, and calling the corresponding plurality of public cloud servers through the plurality of public cloud storage interfaces according to the shared configuration file to respectively establish public cloud storage containers in the regions of the plurality of public cloud servers for storage; and storing the relationship between the shared configuration file and the plurality of public cloud storage containers in the shared rule data table by the control center module. 如請求項6所述之基於物件儲存閘道器之分持備份方法,更包括:當該使用者欲還原該原始檔案時,由該物件儲存閘道器中之分持加密模組發出一下載請求;於該物件儲存閘道器中之控制中心模組接收該下載請求後,依據該下載請求中之該原始檔案之檔名及該分持檔案關聯資料表,以取得該原始檔案所相對的該複數分檔之識別碼,俾透過該複數公雲儲存介面向該複數公雲伺服器取得該複數分檔,且回傳至該使用者裝置中;及由該分持加密模組將該複數分檔進行組合及解密,以得到該原始檔案。 The object storage gateway-based shared backup method as described in claim 6 further includes: when the user wants to restore the original file, the shared encryption module in the object storage gateway sends a download request; after the control center module in the object storage gateway receives the download request, it obtains the identification code of the multiple sub-files corresponding to the original file according to the file name of the original file in the download request and the shared file association table, so as to obtain the multiple sub-files from the multiple public cloud servers through the multiple public cloud storage interfaces and return them to the user device; and the shared encryption module combines and decrypts the multiple sub-files to obtain the original file. 如請求項6所述之基於物件儲存閘道器之分持備份方法,更包括: 由該物件儲存閘道器中之分檔校驗模組查詢該分持檔案關聯資料表,以取得該複數公雲儲存貯體與各該分檔之識別碼,俾將該複數公雲儲存貯體進行分群;及由該分檔校驗模組呼叫該複數公雲儲存介面,以令該複數公雲儲存介面依據該分持檔案關聯資料表分別檢驗該複數公雲儲存貯體中是否存在所有對應之該複數分檔之識別碼,進而產出統計報表。 The object storage gateway-based distributed backup method as described in claim 6 further includes: The partition verification module in the object storage gateway queries the distributed file association data table to obtain the identification codes of the multiple public cloud storage volumes and each of the partitions, so as to group the multiple public cloud storage volumes; and the partition verification module calls the multiple public cloud storage interfaces to make the multiple public cloud storage interfaces check whether all corresponding identification codes of the multiple partitions exist in the multiple public cloud storage volumes according to the distributed file association data table, thereby generating a statistical report. 一種非揮發式電腦可讀儲存媒介,應用於具有處理器及/或記憶體的計算裝置或電腦中,係儲存有指令,以執行如請求項6至10之任一者所述之基於物件儲存閘道器之分持備份方法。 A non-volatile computer-readable storage medium is used in a computing device or a computer having a processor and/or a memory, and stores instructions for executing a shared backup method based on an object storage gateway as described in any one of claims 6 to 10.
TW112145640A 2023-11-24 2023-11-24 A distribution backup system, method non-volatile computer-readable storage medium thereof based on object storage gateway TWI856887B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW112145640A TWI856887B (en) 2023-11-24 2023-11-24 A distribution backup system, method non-volatile computer-readable storage medium thereof based on object storage gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW112145640A TWI856887B (en) 2023-11-24 2023-11-24 A distribution backup system, method non-volatile computer-readable storage medium thereof based on object storage gateway

Publications (2)

Publication Number Publication Date
TWI856887B true TWI856887B (en) 2024-09-21
TW202522935A TW202522935A (en) 2025-06-01

Family

ID=93649183

Family Applications (1)

Application Number Title Priority Date Filing Date
TW112145640A TWI856887B (en) 2023-11-24 2023-11-24 A distribution backup system, method non-volatile computer-readable storage medium thereof based on object storage gateway

Country Status (1)

Country Link
TW (1) TWI856887B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI729508B (en) * 2019-09-26 2021-06-01 國立台灣大學 Cloud secured storage system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI729508B (en) * 2019-09-26 2021-06-01 國立台灣大學 Cloud secured storage system

Also Published As

Publication number Publication date
TW202522935A (en) 2025-06-01

Similar Documents

Publication Publication Date Title
US11783056B2 (en) Systems and methods for cryptographic-chain-based group membership content sharing
EP4222630B1 (en) Efficient deduplication using block-based convergent encryption
US9680809B2 (en) Secure data storage on a cloud environment
US9037870B1 (en) Method and system for providing a rotating key encrypted file system
JP5894155B2 (en) Method of file transmission based on distributed storage in a wireless communication system
CN106657267B (en) Cloud storage system based on Edge Server
US8762743B2 (en) Encrypting data objects to back-up
CN106101257B (en) A method and device for cloud storage data management based on Bloom filter
CN110224814A (en) A kind of block chain data sharing method and device
US10623186B1 (en) Authenticated encryption with multiple contexts
WO2019061983A1 (en) Blockchain data uploading method, system, computer system and storage medium
US11329803B2 (en) Redundancy controls in convergent encryption using dynamic salt values
CN103107889A (en) System and method for cloud computing environment data encryption storage and capable of searching
US11005663B2 (en) Secure audit scheme in a distributed data storage system
CN104809407A (en) Method and system for encrypting, decrypting and verifying cloud storage front end data
US11455103B2 (en) Cloud secured storage system utilizing multiple cloud servers with processes of file segmentation, encryption and generation of data chunks
CN110175169A (en) A kind of encryption data De-weight method, system and relevant apparatus
WO2023216987A1 (en) Container image construction method and apparatus
CN112307504A (en) Secure multi-party computing method and device, electronic equipment and storage medium
CN109871698B (en) Data processing method, data processing device, computer equipment and storage medium
TWI856887B (en) A distribution backup system, method non-volatile computer-readable storage medium thereof based on object storage gateway
TWI723622B (en) Data management method and system capable of safely accessing and deleting data
CN105159919A (en) Data multi-copy correlation method and system
JP7745896B2 (en) File management method, file management program, and file management system
CN121098849A (en) File transmission method and device, electronic equipment and storage medium