Data storage system and data encryption device, distributed storage system

By introducing data encryption devices and distributed storage systems into the data storage system, and utilizing blockchain encryption and public/private key management of accounts, the problem of insufficient security in traditional data storage is solved, and high-security and integrity storage of data is achieved.

CN115514487BActive Publication Date: 2026-06-09ZHIXIN MUTUAL CHAIN (BEIJING) TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
ZHIXIN MUTUAL CHAIN (BEIJING) TECH CO LTD
Filing Date
2022-09-29
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

Traditional data storage methods are limited and therefore prone to leakage and theft, resulting in insufficient security.

Method used

The data encryption device uses blockchain to encrypt the data and stores it through a distributed storage system. It combines symmetric and asymmetric encryption algorithms and uses account public and private keys for decryption management.

Benefits of technology

It improves data security and storage difficulty, making stolen data difficult to decrypt, thus enhancing the security and integrity of data storage.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN115514487B_ABST
    Figure CN115514487B_ABST
Patent Text Reader

Abstract

The application provides a data storage system, a data encryption device and a distributed storage system. The data storage system comprises a data encryption device and a distributed storage system. The data encryption device is used for receiving first data written and performing encryption processing on the first data written based on a block chain to obtain encrypted data. The distributed storage system is used for receiving the encrypted data output by the data encryption device and distributing the encrypted data. The data is encrypted first and then distributed for storage according to the method used in the application, which not only improves the security of the data itself, so that the data is not easy to be decrypted after being stolen, but more importantly, increases the difficulty of data theft, thereby improving the security of data storage.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to data storage technology, and more particularly to a data storage system, a data encryption device, and a distributed storage system. Background Technology

[0002] In the field of storage technology, the need to protect data security when storing data is well-known. Especially with the rapid increase in the number of users, the amount of data they need to store is also increasing, making it crucial to consider how to ensure more secure data storage.

[0003] Traditional data storage methods accept user-written data and store it in a database. This method is simplistic and prone to data leaks. Specifically, it merely stores data, making it vulnerable to theft and easy misuse.

[0004] Therefore, improving the security of data storage remains a concern. Summary of the Invention

[0005] This application provides a data storage system, a data encryption device, and a distributed storage system to address the problem of how to improve the security of data storage.

[0006] On the one hand, this application provides a data storage system, including:

[0007] A data encryption device is used to receive the first data written and encrypt the first data written based on blockchain to obtain encrypted data;

[0008] A distributed storage system is used to receive encrypted data output by the data encryption device and to store the encrypted data in a distributed manner.

[0009] In one embodiment, the data encryption device supports symmetric encryption algorithms and asymmetric encryption algorithms.

[0010] In one embodiment, the data encryption device is specifically used for:

[0011] Obtain the symmetric key of the first data;

[0012] The first data is encrypted using the symmetric key and the symmetric encryption algorithm to obtain encrypted data, and the encrypted data is uploaded to the distributed storage system for distributed storage.

[0013] The symmetric key is encrypted using the account public key and the asymmetric encryption algorithm to obtain a first ciphertext, which is then stored in a preset database. The account public key is the account public key stored in the data encryption device corresponding to the administrator information logged in to the data encryption management system of the data encryption device.

[0014] In one embodiment, the data encryption device is further used for:

[0015] After receiving the data access request sent by the terminal device, the data delivery request interface is displayed, and the data delivery request interface displays at least the information of the terminal device;

[0016] When a data delivery instruction is received, the first ciphertext is retrieved from the preset database, and the encrypted data is retrieved from the distributed storage system;

[0017] The first ciphertext is decrypted based on the account's private key to obtain the symmetric key, wherein the account's private key and the account's public key are a key pair;

[0018] The encrypted data is decrypted using the symmetric key to obtain the first data;

[0019] The first data is sent to the terminal device.

[0020] In one embodiment, the data encryption device is further used for;

[0021] The administrator login interface is displayed. The administrator login interface is used to receive the entered administrator information and authorize the administrator to log in to the data encryption management system of the data encryption device.

[0022] In one embodiment, the distributed storage system is further configured to: receive written second data and distribute the second data.

[0023] In one embodiment, the distributed storage system includes N distributed storage nodes, and the distributed storage system is specifically used for:

[0024] Based on the reception time of the first data, a random number P is generated. The random number P ranges from 1 to N, where N is a natural number greater than 1.

[0025] The encrypted data is stored in the Pth distributed storage node.

[0026] On the other hand, this application provides a method for writing and reading data, applied to a data encryption device, including:

[0027] The system receives the first data to be written, encrypts the first data to be written based on the blockchain to obtain encrypted data, and uploads the encrypted data to a distributed storage system, which is used to distribute the encrypted data.

[0028] After receiving the data access request sent by the terminal device, the data delivery request interface is displayed, and the data delivery request interface displays at least the information of the terminal device;

[0029] When a data delivery instruction is received, the encrypted data is read from the distributed storage system, and the encrypted data is decrypted to obtain the first data, which is then sent to the terminal device.

[0030] In one embodiment, the encrypted data obtained by encrypting the first data written based on the blockchain includes:

[0031] Obtain the symmetric key of the first data;

[0032] The first data is encrypted using the symmetric key and symmetric encryption algorithm to obtain encrypted data.

[0033] The symmetric key is encrypted using an account public key and an asymmetric encryption algorithm to obtain a first ciphertext, which is then stored in a preset database. The account public key is the account public key stored in the data encryption device corresponding to the administrator information logged in to the data encryption management system of the data encryption device.

[0034] The first data obtained after decrypting the encrypted data includes:

[0035] The first ciphertext is obtained from the preset database, and the encrypted data is obtained from the distributed storage system;

[0036] The first ciphertext is decrypted based on the account's private key to obtain the symmetric key, wherein the account's private key and the account's public key are a key pair;

[0037] The encrypted data is decrypted using the symmetric key to obtain the first data.

[0038] On the other hand, this application provides a data encryption device, including: a processor, and a memory communicatively connected to the processor, the memory storing a computer program;

[0039] The processor is used to execute the computer program to perform the data writing and reading methods as described in the second aspect.

[0040] On the other hand, this application provides a distributed storage system, including: a processing device and multiple distributed storage nodes;

[0041] The processing device is used to receive encrypted data, and the plurality of distributed storage nodes are used to store the encrypted data.

[0042] The data encryption device in the data storage system provided in this application, after receiving data written by a user, first encrypts the written data based on blockchain to obtain encrypted data. Then, the distributed storage system distributes and stores the encrypted data or the written data. This method of encrypting data before distributing it not only improves the security of the data itself, making it difficult to decrypt if the data is stolen, but more importantly, it increases the difficulty of data theft, thereby improving the security of data storage. Attached Figure Description

[0043] The accompanying drawings, which are incorporated in and form a part of this specification, illustrate embodiments consistent with this disclosure and, together with the description, serve to explain the principles of this disclosure.

[0044] Figure 1 A schematic diagram of a data storage system provided for one embodiment of this application;

[0045] Figure 2 A schematic diagram illustrating the storage of data in a data storage system provided in another embodiment of this application;

[0046] Figure 3 A schematic diagram illustrating data storage in a data storage system provided for yet another embodiment of this application;

[0047] Figure 4 A schematic diagram illustrating the data storage system reading data according to an embodiment of this application;

[0048] Figure 5 A flowchart illustrating a data writing and reading method provided in one embodiment of this application;

[0049] Figure 6 A schematic diagram of a data encryption device provided for one embodiment of this application;

[0050] Figure 7 This is a schematic diagram of a distributed storage system provided in one embodiment of this application.

[0051] The accompanying drawings have illustrated specific embodiments of this disclosure, which will be described in more detail below. These drawings and descriptions are not intended to limit the scope of the concept in any way, but rather to illustrate the concepts of this disclosure to those skilled in the art through reference to particular embodiments. Detailed Implementation

[0052] Exemplary embodiments will now be described in detail, examples of which are illustrated in the accompanying drawings. When the following description relates to the drawings, unless otherwise indicated, the same numerals in different drawings denote the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with this disclosure. Rather, they are merely examples of apparatuses and methods consistent with some aspects of this disclosure as detailed in the appended claims.

[0053] In the description of this application, it should be understood that the terms "first" and "second" are used for descriptive purposes only and should not be construed as indicating or implying relative importance or implicitly specifying the number of technical features indicated. Therefore, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of this application, "multiple" means two or more, unless otherwise explicitly specified.

[0054] In the field of storage technology, the need to protect data security when storing data is well-known. Especially with the rapid increase in the number of users, the amount of data they need to store is also increasing, making it crucial to consider how to ensure more secure data storage.

[0055] Traditional data storage methods accept user-written data and store it in a database. This method is simplistic and prone to data leaks. Specifically, this method merely stores data, making it vulnerable to theft and easy misuse. Therefore, improving data storage security remains a crucial consideration.

[0056] Based on this, this application provides a data storage system, a data encryption device, and a distributed storage system. The data storage system includes a data encryption device and a distributed storage system. The data encryption device receives first data to be written and encrypts the first data based on a blockchain to obtain encrypted data. The distributed storage system receives the encrypted data output by the data encryption device and stores the encrypted data in a distributed manner. This method of encrypting data before distributing it not only improves the security of the data itself, making it difficult to decrypt even if stolen, but more importantly, it increases the difficulty of data theft, thereby improving the security of data storage.

[0057] Please see Figure 1 One embodiment of this application provides a data storage system 10, which includes a data encryption device 11 and a distributed storage system 12.

[0058] like Figure 1As shown, when a user wants to store data in the data storage system 10, the user writes the data to the data encryption device 11. The data encryption device 11 first receives the first data to be written and encrypts the first data based on the blockchain to obtain encrypted data. The distributed storage system 12 is used to receive the encrypted data output by the data encryption device 11 and distribute the encrypted data.

[0059] In an optional embodiment, when encrypting the first data written based on the blockchain, the encryption process can be symmetric encryption, asymmetric encryption, or other forms of encryption; this embodiment is not limited to any particular method. The symmetric encryption used can be Data Encryption Standard (DES), Triple Data Encryption Standard (3DES), IDEA (International Data Encryption Algorithm), AES (Advanced Encryption Standard), or other symmetric encryption methods. The asymmetric encryption used can be Digital Signature Algorithm (DSA), Elliptic Curve Digital Signature Algorithm (ECDSA), or other asymmetric encryption methods.

[0060] In an optional embodiment, the data encryption device 11 supports both symmetric and asymmetric encryption algorithms. See also... Figure 2 When encrypting the first data, the data encryption device 11 is specifically used to obtain the symmetric key of the first data. The symmetric key of the first data is determined based on the information (random number) carried when the first data is uploaded. After obtaining the symmetric key, the first data is encrypted based on the symmetric key and the symmetric encryption algorithm to obtain encrypted data, and the encrypted data is uploaded to the distributed storage system 12 for distributed storage.

[0061] The distributed storage system 12 can store the encrypted data in a distributed, sharded, multi-node distributed storage manner, which can not only meet the needs of storing large amounts of content, but also achieve complete storage of encrypted data, thereby improving the security of data storage.

[0062] like Figure 1As shown, in an optional embodiment, the distributed storage system 12 includes N (N is a natural number greater than 1) distributed storage nodes, such as IPFS (InterPlanetary File System) nodes or other distributed storage nodes. When storing the encrypted data, the encrypted data can be stored on any one of the distributed storage nodes. Alternatively, when storing the encrypted data, a random number P (ranging from 1 to N) is first generated based on the reception time of the first data, and then the encrypted data is stored on the Pth distributed storage node. In other words, the distributed storage system 12 stores the encrypted data sequentially to the distributed storage nodes arranged in order of the data reception time.

[0063] For example, if the first data is received at a specific time (e.g., 10:00 AM), and the corresponding random number is 3, then the encrypted data is stored on the third distributed storage node. The relationship between the first data's reception time and the random number P can be pre-defined. For instance, if N is greater than or equal to 24, then a day is divided into 24 hours, starting from 0:00. The random number P for the first hour (0:00–1:00) is 1, for the second hour (1:00–2:00) it is 2, for the third hour (2:00–3:00) it is 3, and so on. Alternatively, to ensure all distributed storage nodes can store encrypted data, the random number P for the first hour (0:00–1:00) is defined as 1, and the random number P for the 1.5th hour (0:00–1:30) is 2.

[0064] The relationship between the reception time of the first data and the random number P can be set according to the actual data transmission time, the number of N, etc., and this embodiment does not limit it.

[0065] In an optional embodiment, the distributed storage system 12 can also store unencrypted data. For example, the distributed storage system 12 receives written second data, which is unencrypted data, and then distributes and stores the second data. The method by which the distributed storage system 12 stores unencrypted data can be selected according to actual needs, and this embodiment does not limit it.

[0066] Please see Figure 3In an optional embodiment, to prevent the encrypted data from being leaked, a ciphertext can be set for the encrypted data. That is, after obtaining the encrypted data, it needs to be decrypted according to the ciphertext. On the data encryption device 11 side, the data encryption device 11 is used to encrypt the symmetric key based on the account public key and the asymmetric encryption algorithm to obtain the first ciphertext, and store the first ciphertext in a preset database. The account public key is the account public key corresponding to the administrator information logged in in the data encryption management system of the data encryption device 11, which is stored in the data encryption device 11. The data encryption device 11 is also used to display an administrator login interface, which is used to authorize the administrator to log in to the data encryption management system of the data encryption device 11 after receiving the input administrator information. That is to say, the administrator can only obtain the account public key corresponding to the administrator information after logging in. Correspondingly, the administrator can also obtain the account private key after logging in.

[0067] An account's public key and private key are a key pair. The public key can be publicly disclosed, while the private key is kept secret. This key pair, obtained through this algorithm, is guaranteed to be unique worldwide. When using this key pair, if data is encrypted with one key, it must be decrypted with the other. For example, data encrypted with the public key must be decrypted with the private key, and vice versa; otherwise, decryption will fail.

[0068] For the corresponding information, please refer to [link / reference]. Figure 4 After receiving a data access request from a terminal device, the data encryption device 11 displays a data delivery request interface, which at least displays information about the terminal device. This interface is used by the administrator to decide whether to deliver data to the terminal device. When a data delivery instruction is received, the device retrieves the first ciphertext from the preset database and the encrypted data from the distributed storage system. The data delivery instruction is triggered by the administrator, for example, by selecting the data delivery button on the data delivery request interface. After obtaining the encrypted data and the first ciphertext, the device decrypts the first ciphertext using the account's private key to obtain the symmetric key. Then, it decrypts the encrypted data using the symmetric key to obtain the first data, which is then delivered to the terminal device.

[0069] In summary, this embodiment provides a data storage system 10, which includes a data encryption device 11 and a distributed storage system 12 (which may include multiple distributed storage nodes). The data encryption device 11 receives first data to be written and encrypts the first data based on blockchain to obtain encrypted data. The distributed storage system 12 receives the encrypted data output by the data encryption device 11 and stores the encrypted data in a distributed manner. This method of encrypting data before distributing it not only improves the security of the data itself, making it difficult to decrypt after the data is stolen, but more importantly, it increases the difficulty of data theft, thereby improving the security of data storage. In addition, using the distributed storage system 12 for data storage can also improve the integrity and security of data storage.

[0070] Please see Figure 5 An embodiment of this application also provides a method for writing and reading data, applied to a data encryption device 11, the method comprising:

[0071] S510 receives the first data to be written, encrypts the first data to be written based on the blockchain to obtain encrypted data, and uploads the encrypted data to the distributed storage system, which is used to distribute the encrypted data.

[0072] In an optional embodiment, when encrypting the first data written based on the blockchain, the encryption process can be symmetric encryption, asymmetric encryption, or other forms of encryption; this embodiment is not limited to any particular method. The symmetric encryption used can be Data Encryption Standard (DES), Triple Data Encryption Standard (3DES), IDEA (International Data Encryption Algorithm), AES (Advanced Encryption Standard), or other symmetric encryption methods. The asymmetric encryption used can be Digital Signature Algorithm (DSA), Elliptic Curve Digital Signature Algorithm (ECDSA), or other asymmetric encryption methods.

[0073] In an optional embodiment, the data encryption device 11 supports both symmetric and asymmetric encryption algorithms. When encrypting the first data, the data encryption device 11 specifically obtains the symmetric key of the first data, then encrypts the first data based on the symmetric key and the symmetric encryption algorithm to obtain encrypted data, and uploads the encrypted data to the distributed storage system for distributed storage.

[0074] The distributed storage system 12 can store the encrypted data in a distributed, sharded, multi-node distributed storage manner, which can not only meet the needs of storing large amounts of content, but also achieve complete storage of encrypted data, thereby improving the security of data storage.

[0075] In one optional embodiment, the distributed storage system 12 includes multiple distributed storage nodes, and the encrypted data can be stored on any one of these nodes. Alternatively, the distributed storage system 12 includes N (N is a natural number greater than 1) distributed storage nodes. When storing the encrypted data, a random number P (ranging from 1 to N) is first generated based on the reception time of the first data, and then the encrypted data is stored on the Pth distributed storage node. In other words, the distributed storage system 12 stores the encrypted data sequentially to the distributed storage nodes arranged in order of the data reception time.

[0076] For example, if the first data is received at a specific time (e.g., 10:00 AM), and the corresponding random number is 3, then the encrypted data is stored on the third distributed storage node. The relationship between the first data's reception time and the random number P can be pre-defined. For instance, if N is greater than or equal to 24, then a day is divided into 24 hours, starting from 0:00. The random number P for the first hour (0:00–1:00) is 1, for the second hour (1:00–2:00) it is 2, for the third hour (2:00–3:00) it is 3, and so on. Alternatively, to ensure all distributed storage nodes can store encrypted data, the random number P for the first hour (0:00–1:00) is defined as 1, and the random number P for the 1.5th hour (0:00–1:30) is 2.

[0077] The relationship between the reception time of the first data and the random number P can be set according to the actual data transmission time, the number of N, etc., and this embodiment does not limit it.

[0078] In an optional embodiment, the distributed storage system 12 can also store unencrypted data. For example, the distributed storage system 12 receives written second data, which is unencrypted data, and then distributes and stores the second data. The method by which the distributed storage system 12 stores unencrypted data can be selected according to actual needs, and this embodiment does not limit it.

[0079] In an optional embodiment, to prevent the encrypted data from being leaked, a ciphertext can also be set for the encrypted data. That is, the symmetric key is encrypted based on the account public key and the asymmetric encryption algorithm to obtain a first ciphertext, and the first ciphertext is stored in a preset database. As described above, the account public key is the account public key stored in the data encryption device corresponding to the administrator information logged in to the data encryption management system of the data encryption device.

[0080] An account's public key and private key are a key pair. The public key can be publicly disclosed, while the private key is kept secret. This key pair, obtained through this algorithm, is guaranteed to be unique worldwide. When using this key pair, if data is encrypted with one key, it must be decrypted with the other. For example, data encrypted with the public key must be decrypted with the private key, and vice versa; otherwise, decryption will fail.

[0081] S520: After receiving the data access request sent by the terminal device, the data delivery request interface is displayed. The data delivery request interface displays at least the information of the terminal device.

[0082] After receiving a data access request from a terminal device, the data encryption device 11 displays a data delivery request interface, which at least displays information about the terminal device. This data delivery request interface is used by the administrator to decide whether to deliver data to the terminal device.

[0083] S530: When a data delivery instruction is received, the encrypted data is read from the distributed storage system, and the encrypted data is decrypted to obtain the first data, which is then sent to the terminal device.

[0084] In an optional embodiment, upon receiving a data delivery instruction, the system retrieves the first ciphertext from the preset database and the encrypted data from the distributed storage system. The data delivery instruction is triggered by an administrator, for example, by selecting the data delivery button on the data delivery request interface. After retrieving the encrypted data and the first ciphertext, the first ciphertext is decrypted using the account's private key to obtain the symmetric key. The encrypted data is then decrypted using the symmetric key to obtain the first data, which is then delivered to the terminal device.

[0085] Please see Figure 6 One embodiment of this application also provides a data encryption device 20, including a processor 21 and a memory 22 communicatively connected to the processor 21, the memory 22 storing a computer program. The processor 21 is used to execute the computer program to perform the data writing and reading method as provided in any of the preceding embodiments.

[0086] Please see Figure 7 One embodiment of this application also provides a distributed storage system 30, including a processing device 31 and a plurality of distributed storage nodes 32. The processing device 31 is used to receive encrypted data, and the plurality of distributed storage nodes 32 are used to store the encrypted data.

[0087] This application also provides a computer-readable storage medium storing computer-executable instructions, which, when executed, cause the computer-executable instructions to be executed by a processor to implement the data storage method provided in any of the preceding embodiments.

[0088] This application also provides a computer program product, including a computer program that, when executed by a processor, implements the data storage method as provided in any of the preceding embodiments.

[0089] It should be noted that the aforementioned computer-readable storage media can be read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), magnetic random access memory (FRAM), flash memory, magnetic surface memory, optical disc, or compact disc read-only memory (CD-ROM), etc. It can also be various electronic devices that include one or any combination of the above-mentioned memories, such as mobile phones, computers, tablet devices, personal digital assistants, etc.

[0090] It should be noted that, in this document, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Unless otherwise specified, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes that element.

[0091] The sequence numbers of the embodiments in this application are for descriptive purposes only and do not represent the superiority or inferiority of the embodiments.

[0092] Through the above description of the embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus necessary general-purpose hardware platforms. Of course, they can also be implemented by hardware, but in many cases the former is a better implementation method. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product is stored in a storage medium (such as ROM / RAM, magnetic disk, optical disk) and includes several instructions to cause a terminal device (which may be a mobile phone, computer, server, air conditioner, or network device, etc.) to execute the methods described in the various embodiments of this application.

[0093] This application is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of this application. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart... Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.

[0094] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.

[0095] These computer program instructions may also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.

[0096] The above are merely preferred embodiments of this application and do not limit the patent scope of this application. Any equivalent structural or procedural transformations made using the content of this application's specification and drawings, or direct or indirect applications in other related technical fields, are similarly included within the patent protection scope of this application.

Claims

1. A data storage system, characterized in that, include: A data encryption device is used to receive the first data written and encrypt the first data written based on blockchain to obtain encrypted data; The data encryption device supports symmetric encryption algorithms and asymmetric encryption algorithms; A distributed storage system is used to receive encrypted data output by the data encryption device and to store the encrypted data in a distributed manner. The data encryption device is specifically used for: Obtain the symmetric key of the first data; the symmetric key of the first data is determined based on the information carried when the first data was uploaded; The first data is encrypted using the symmetric key and the symmetric encryption algorithm to obtain encrypted data, and the encrypted data is uploaded to the distributed storage system for distributed storage. The symmetric key is encrypted using the account public key and the asymmetric encryption algorithm to obtain the first ciphertext, which is then stored in a preset database. The account public key is the account public key stored on the data encryption device corresponding to the administrator information logged in to the data encryption management system of the data encryption device. The account public key is bound to the administrator's identity information and can only be obtained after the administrator is authenticated. The data encryption device is also used for; The administrator login interface is displayed. The administrator login interface is used to receive the entered administrator information and authorize the administrator to log in to the data encryption management system of the data encryption device. The distributed storage system includes N distributed storage nodes, and the distributed storage system is specifically used for: Based on the reception time of the first data, a random number P is generated. The random number P ranges from 1 to N, where N is a natural number greater than 1. The encrypted data is stored in the Pth distributed storage node; The data encryption device is also used for: After receiving the data access request sent by the terminal device, a data delivery request interface is displayed. The data delivery request interface displays at least the information of the terminal device, as well as information for the administrator to decide whether to send data to the terminal device. When a data delivery instruction is received, the first ciphertext is retrieved from the preset database, and the encrypted data is retrieved from the distributed storage system; The first ciphertext is decrypted based on the account's private key to obtain the symmetric key, wherein the account's private key and the account's public key are a key pair; The encrypted data is decrypted using the symmetric key to obtain the first data; The first data is sent to the terminal device.

2. The data storage system according to claim 1, characterized in that, The distributed storage system is also used to: receive the written second data and distribute the second data.

3. A method for writing and reading data, characterized in that, Applications in data encryption devices include: The system receives the first data to be written, encrypts the first data based on blockchain to obtain encrypted data, and the data encryption device supports symmetric encryption algorithms and asymmetric encryption algorithms; the encrypted data is then uploaded to a distributed storage system, which is used to distribute the encrypted data. The distributed storage system includes N distributed storage nodes. The distributed storage system generates a random number P based on the reception time of the first data. The random number P is obtained by calculating the reception time using a hash algorithm. The random number P ranges from 1 to N, where N is a natural number greater than 1; the distributed storage system stores the encrypted data in the Pth distributed storage node. After receiving the data access request sent by the terminal device, a data delivery request interface is displayed. The data delivery request interface displays at least the information of the terminal device, as well as information for the administrator to decide whether to send data to the terminal device. When a data delivery instruction is received, the encrypted data is read from the distributed storage system, and the encrypted data is decrypted to obtain the first data, which is then sent to the terminal device. The encrypted data obtained by encrypting the first data written based on blockchain includes: Obtain the symmetric key of the first data; The first data is encrypted using the symmetric key and symmetric encryption algorithm to obtain encrypted data. The symmetric key is encrypted using an account public key and an asymmetric encryption algorithm to obtain a first ciphertext, which is then stored in a preset database. The account public key is the account public key stored on the data encryption device corresponding to the administrator information logged in to the data encryption management system of the data encryption device. The account public key is bound to the administrator's identity information and can only be obtained after the administrator is authenticated. The first data obtained after decrypting the encrypted data includes: The first ciphertext is obtained from the preset database, and the encrypted data is obtained from the distributed storage system; The first ciphertext is decrypted based on the account's private key to obtain the symmetric key, wherein the account's private key and the account's public key are a key pair; The encrypted data is decrypted using the symmetric key to obtain the first data.

4. A data encryption device, characterized in that, include: A processor, and a memory communicatively connected to the processor, the memory storing a computer program; The processor is used to execute the computer program to perform the data writing and reading method as described in claim 3.

5. A distributed storage system, characterized in that, include: Processing equipment and multiple distributed storage nodes; The processing device is used to receive encrypted data, and the plurality of distributed storage nodes are used to store the encrypted data; the encrypted data is obtained by encrypting the data using the data encryption device described in claim 4.