[0047] Example 1
[0048] This embodiment provides a distributed cloud security storage method, comprising:
[0049] Step 1: dividing the object into a plurality of data blocks, preferably of the same size is divided into data blocks, the data blocks SM4 or AES block cipher encryption algorithm, the data block is encrypted, the encryption algorithm is an encryption key is arranged; Specific of:
[0050] If the target file size is not greater than the preset threshold, according to the first mode segmentation, or division according to a second mode; dividing said first mode, the second mode is divided to the target file is divided according to a preset size, and finally a tail added supplementary information data block, so that it is the same size as other data blocks. For example: For file is not greater than 1M, in accordance with the block size of 64K; greater than 1M for a data block size in accordance with 1M; 0 add enough last data block in the tail, which is the same so that other data block sizes.
[0051] Step 2: Use a preset scrambling algorithm to the encrypted data block is scrambled randomly, scrambling algorithm with a scrambling key arranged, comprising: a scramble key using the random number generated encrypted data blocks are scrambled randomly.
[0052] Step 3: the encrypted data block, the scrambled uploaded to the cloud different hosts distributed storage, and build an index stored in the local host; storing said index includes opposing each encrypted data block storage cloud corresponding to the arbitrary host.
[0053] Step 4: according to the stored index file to download encrypted data block corresponding to the target host from the cloud, according to the inverse scrambling scrambling key, decrypts the encryption key, respectively, and the recombinant target file. Comprises: comprising: memory according to the index, downloading encrypted data block corresponding to the local host, chaotic random number key generation set according to the encrypted data block inverse scrambling block to restore the original sequence; The encryption They were key to decrypt the restructuring restore the target file.
[0054] Original file to be encrypted local block encryption and random scrambling, can effectively prevent leakage of data during transmission; encrypting the data block in the cloud distributed randomly disordered plurality cloud host, the attacker can be prevented from access to the original All encrypted data file; even if the attacker obtains partial encrypted data block, since the same data block size, it is difficult to determine the corresponding original document; further, even if the cloud attacker obtains all of the encrypted data block of a file, because there is no encryption and scrambling keys, it is difficult to decrypt and reorganization of the original file. Method and system for distributed encrypted storage to protect the security of data in transmission and cloud storage process can be used to cloud storage on the government, enterprises and personal data, enabling users to cloud data security is more assured.
[0055] The present embodiment provides a security system having the above distributed cloud storage method implemented, comprising
[0056] Block encryption module configured to divide the object into a plurality of blocks of data, preferably the same size of a data block, the data blocks SM4 or AES block cipher encryption algorithm, the data block is encrypted, the encryption algorithm encryption disposed key; said encryption module comprises a block determining unit, the determination unit is configured for determining the size of the target file is not greater than a predetermined threshold value;
[0057] If the target file size is not greater than the preset threshold, according to the first mode segmentation, or division according to the second mode.
[0058] Block scrambling module configured to use the default algorithm for scrambling the encrypted random scrambling data block, comprising: a scramble key using the random number generated encrypted data blocks are scrambled randomly.
[0059] A data storage module, configured to encrypt a data block, the scrambled uploaded to the cloud different hosts distributed storage, and store the index to establish local host; comprising: encrypting each data block a scrambled storage cloud corresponding host information.
[0060] Recombinant decryption module configured to store the index in accordance with the target file to download encrypted data block corresponding to the host by the cloud, according to the inverse scrambling scrambling key, decrypts the encryption key, respectively, and the recombinant target file. For example: The index of the memory, to download encrypted data block corresponding to the local host. The home key generation chaos random number, the encrypted data inverse scrambling block, block to restore the original sequence; decrypt the file according to the target recombinant encryption key, respectively.
[0061] for example:
[0062] The present embodiment provides a document original local block cipher, encrypted data block cloud distributed storage method, a distributed cloud security storing step comprises:
[0063] Step 1: the original document in accordance with the local host fixed size block.
[0064] No greater than 1M for a file, in accordance with the block size of 64K; greater than 1M for a data block size in accordance with 1M; 0 add enough last data block in the tail, which is the same so that other data block sizes.
[0065] Step 2: Select SM4 AES encryption or block encryption algorithm
[0066] Using an encryption key block encryption of data blocks.
[0067] Step 3: scrambling algorithm using the encrypted data blocks are scrambled randomly.
[0068] Scrambling key using a random number generated encrypted data blocks are scrambled randomly.
[0069] Step 4: the encrypted data block, the scrambled uploaded to the cloud different hosts distributed storage,
[0070] And the establishment of the local host stores the index.
[0071] Local decrypt the original file intact restructuring steps include:
[0072] Step 1: Download the encrypted data block corresponding to the metafile from the cloud.
[0073] The index of the memory, to download encrypted data block corresponding to the local host.
[0074] Step 2: The scrambling key, the encrypted data block cloud after downloading inverse scrambling.
[0075] The key generates a random number, the encrypted data inverse scrambling block, block to restore the original order.
[0076] Step 3: Use the original encryption algorithm and encryption key to decrypt and reorganization of the original file.
[0077] The encryption algorithm and the encryption key used to decrypt the encrypted data block, as is a recombinant target file.
[0078] An apparatus according to the present embodiment, the apparatus comprises: one or more processors;
[0079] A memory for storing one or more programs,
[0080] When the one or more programs by the one or more processors, cause the one or more processors to perform the method of any of the above, the original file to be encrypted locally and block encryption random scrambling, can effectively prevent leakage of data during transmission; encrypting the data block in the cloud distributed randomly disordered plurality cloud host, the encrypted data can be prevented all the attacker to gain the original document; since the same data block size , even if the attacker obtains the encrypted data block portion, it is difficult to determine the corresponding original document; further, even if the attacker obtains all of the cloud encrypted data block of a file, the absence of scrambling and encryption keys, it is difficult to decrypt and recombinant Original file. Method and system for distributed encrypted storage to protect the security of data in transmission and cloud storage process can be used to cloud storage on the government, enterprises and personal data, enabling users to cloud data security is more assured.
[0081] A storage method according to the present embodiment is a computer program a computer readable storage medium, implementing the any of the above when the program is executed by the processor, the original file to be encrypted local block encryption and random scrambling, can effectively prevent leakage of data during transmission; encrypting the data block in the cloud distributed randomly disordered plurality cloud host, the encrypted data can be prevented all the attacker access to the original document; if an attacker access to encrypted data block portion, difficult to determine the corresponding original document; further, even if the attacker obtains all of the cloud encrypted data block of a file, the absence of scrambling and encryption keys, it is difficult to decrypt and reassemble the original file. Method and system for distributed encrypted storage to protect the security of data in transmission and cloud storage process can be used to cloud storage on the government, enterprises and personal data, enabling users to cloud data security is more assured. Further described as follows:
[0082] The computer system includes a central processing unit (CPU) 101, which may or load according to a program stored in a read only memory (ROM) 102 in the storage section from the random access memory (RAM) 103 a program to perform various actions and appropriate deal with. In the RAM103, also stores various programs and data required for system operation. CPU 101, ROM 102 and RAM 103 are connected to each other by a bus 104. Input / Output (I / O) interface 105 is also connected to the bus 104.
[0083] The following components are connected to the I / O interface 105: a keyboard, a mouse input section 106; an output portion comprising such as a cathode ray tube (CRT), liquid crystal display (LCD) and the like, and a speaker and the like; includes a hard disk storage section 108; and a communication portion includes such as a LAN card, a modem card such as a network interface 109. The communication section 109 performs communication processing via a network such as the Internet. Drive is also connected to I / O interface 105 as needed. Removable medium 511, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, etc., if necessary mounted on the drive 510, so that a computer program read out therefrom is installed into the storage section 108 as necessary.
[0084] In particular, according to an embodiment of the present invention, with reference to the above process figure 1 The process described herein may be implemented as a computer software program. For example, embodiments of the present invention includes a computer program product comprising a computer-readable program carrying medium on a computer, the computer program comprising program code for performing the method is shown in the flowchart. In such an embodiment, the computer program may be downloaded from the network through the communication section and installation, and / or is installed from a removable medium. When the computer program is executed a central processing unit (CPU) 101, perform the functions described in the present application is defined in the system.
[0085]Note that the computer-readable medium shown in the present invention may be a computer readable signal medium or a computer-readable storage medium or any combination of the two. Computer readable storage media can, for example, - but not limited to, systems, devices, or devices, or devices, or devices, or semiconductors, or components, or semiconductors. More specific examples of computer readable storage media can include, but are not limited to, electrical connections, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), wipedible Programmable read-only memory (EPROM or flash), fiber, portable compact disk read only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above. In the present invention, a computer-readable storage medium may be any tangible medium that can contain or store a program, the program may be an instruction execution system, apparatus, or device for use by or in connection with. In the present invention, a computer readable signal medium may include, in baseband or as part of a data signal propagated carrier which carries a computer readable program code. Such propagation data signals can be employed, including, but not limited to, electromagnetic signals, optical signals, or any suitable combination of the above. The computer readable signal medium can also be any computer readable medium other than the computer readable storage medium, which can transmit, propagate, or transmit programs for use by instruction execution system, device, or device or in combination thereof. . Computer readable program code embodied on a medium may be transmitted using any appropriate medium, including but not limited to: wireless, wireline, optical fiber cable, the RF and the like, or any suitable combination of the above.
[0086] Figures block figure 2 , Example 1 illustrates a system according to various embodiments of the present invention, the architecture of the method and computer program product may be implemented, functionality, and operation. In this regard, the flowchart or block diagrams each block may represent a module, a portion of the block, or the code of the module, segment, or which comprises one or more functions for implementing the specified logical executable instructions. It should also be noted that in some implementation of the replacement, the functions labeled in the box can occur in the order as indicated in the drawings. For example, two blocks shown in succession may in fact be executed substantially concurrently, they may sometimes be executed in the reverse order, which functions according to the set involved. Also it is noted that the block diagrams or flowcharts each block, and combinations of blocks in the block diagrams or flowchart illustration, and may be dedicated hardware-based system to achieve predetermined functions or operations performed, or may be combination of dedicated hardware and computer instructions to implement.