Key management methods and data access methods for secure data access
By generating a fake data key on the client and persistently storing it on the server, and then restoring the hidden data key on the client using the account's private identifier, the system burden caused by updating the account's private identifier is solved, achieving data security while reducing system burden.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- HUBEI CENTURY NETWORK TECHNOLOGY CO LTD
- Filing Date
- 2023-02-24
- Publication Date
- 2026-06-30
AI Technical Summary
In existing technologies, updating account private identifiers leads to large-scale data access between clients and servers, client-side re-encryption of data, and overwriting of encrypted data on storage devices, thus increasing system burden.
A fake data key is generated on the client side as a substitute for the hidden data key and persistently stored on the server. The hidden data key is restored on the client side using the account private identifier and the fake data key, and the fake data key is updated in response to the update of the account private identifier, without the need to decrypt and then encrypt the data.
It reduces the system burden caused by account private identifier updates, while ensuring data security and reducing the frequency of data access and encryption operations.
Smart Images

Figure CN116155603B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of data security, and in particular to a key management method for secure data access, a data access method, a client, a server, and a data storage system. Background Technology
[0002] A client can initiate data access to the server to store data of the user account associated with the client into the storage device, and to retrieve data stored in the storage device for the user account associated with the client.
[0003] To ensure data security during storage and during transmission between the client and server, the client can use the account's private identifier, which belongs to the associated user account, as the data key to encrypt data before it is stored in the storage device and to decrypt encrypted data retrieved from the storage device. This ensures that the data is encrypted during storage and during transmission between the client and server.
[0004] Because user account private identifiers are confidential, the authority to encrypt and decrypt data rests entirely with the owner of the private identifier. However, if a user account loses the confidentiality of its private identifier for any reason, then to ensure the security of the user account's data, the user account's private identifier needs to be changed. In this case, all encrypted data stored for that user account on the storage device needs to be retrieved, decrypted using the original private identifier, re-encrypted using the new private identifier, and then stored back on the storage device, overwriting the data stored on the storage device that was encrypted using the original private identifier.
[0005] In other words, updating the account private identifier will trigger large-scale data access between the client and the server, re-encryption of data by the client, and overwriting and updating of encrypted data on the storage device. Therefore, each update of the account private identifier will place a significant system burden on the storage system.
[0006] It is evident that, while ensuring data security, reducing the system burden caused by updating account private identifiers has become a technical problem that needs to be solved in the existing technology. Summary of the Invention
[0007] In view of this, this application aims to reduce the system burden caused by the updating of account private identifiers while taking into account data security.
[0008] In one embodiment, a key management method for secure data access is provided, the key management method being applied to a client and comprising:
[0009] Using the account private identification code of the current user account obtained locally and the hidden data key assigned to the current user account, a disguised data key is generated. The hidden data key and the disguised data key are stored non-persistently on the client.
[0010] The spoofed data key is sent to the server for persistent storage;
[0011] The disguised data key, which is persistently stored in the server, is provided to the client in response to the client's request for the use of the hidden data key, so that the client can use the account private identifier and the disguised data key to recover the hidden data key;
[0012] Furthermore, the use of the hidden data key by the client includes: using the restored hidden data key to access the data container associated with the current user account, and, in response to the update of the account private identifier, using the updated account private identifier and the restored hidden data key to update the persistently stored disguised data key.
[0013] In some examples, the key management method may optionally further include: in response to a container creation request from the current user account for creating the associated data container, sending the container creation request to the server and generating a random key for the current user account to be used as the hidden data key.
[0014] Optionally, in some examples, the key management method further includes: obtaining a data access seed assigned by the server to the current user account that successfully created the associated data container, the data access seed being stored non-persistently on the client; generating a disguised data key using the account private identifier of the current user account obtained locally and the hidden data key assigned to the current user account, including: generating the disguised data key using the account private identifier, the hidden data key, and the data access seed; sending the disguised data key to the server for storage, including: sending the disguised data key to the server for persistent storage associated with the data access seed; and further utilizing the data access seed to restore the hidden data key.
[0015] In some examples, optionally, generating the disguised data key using the account private identifier, the hidden data key, and the data access seed includes: extracting information from the data access seed and the account private identifier to obtain an account access key; and encrypting the hidden data key using the account access key to obtain the disguised data key; wherein the account access key is stored non-persistently on the client; and restoring the hidden data key includes: extracting information from the data access seed and the account private identifier to obtain an account access key; and decrypting the disguised data key using the account access key to restore the hidden data key.
[0016] Optionally, in some examples, the key management method further includes: extracting an account access code using information from the account access key; sending the account access code to the server so that it is persistently stored by the server as an access verification code and associated with the data access seed and the disguised data key; wherein the account access code is not persistently stored on the client, and in response to each data access to the associated data container initiated by the client to the server, or in response to a key update initiated by the client to the disguised data key persistently stored on the server, the account access code is regenerated on the client based on the locally obtained account private identifier, and the regenerated account access code is sent to the server so that the server uses the account access code regenerated when the client requests to initiate the data access or the key update, and the consistency comparison result of the persistently stored access verification code, to perform permission verification for the data access or the key update, and / or, using the access verification code and... The client that regenerates the account access code collaborates to implement anti-replay filtering for the data access; and the access verification code persistently stored in the server is updated in conjunction with the disguised data key in response to each update of the account private identification code. The process of updating the access verification code includes: regenerating the account access key using the data access seed provided by the server and the updated account private identification code; the regenerated account access key is used to generate data key update information for the disguised data key; the data key update information is used to update the disguised data key persistently stored in the server; and, in response to the successful verification of the permission check for the key update, the access verification code persistently stored in the server is updated to access code update information obtained by extracting information from the regenerated account access key. The extraction rules for obtaining the access code update information by extracting information from the regenerated account access key are the same as the extraction rules for obtaining the account access code from the account access key.
[0017] In another embodiment, a key management method for secure data access is provided, the key management method being applied to a server and comprising:
[0018] Create an associated data container for the current user account of the client. The client is configured to generate a disguised data key using the account private identifier of the current user account and the hidden data key assigned to the current user account. The disguised data key and the hidden data key are stored non-persistently on the client.
[0019] The disguised data key of the current user account provided by the client is persistently stored;
[0020] The persistently stored disguised data key is provided to the client in response to the client's request for the use of the hidden data key, so that the client can use the account private identifier and the disguised data key to recover the hidden data key;
[0021] Furthermore, the use of the hidden data key by the client includes: using the restored hidden data key to access the data container associated with the current user account, and, in response to the update of the account private identifier, using the updated account private identifier and the restored hidden data key to update the persistently stored disguised data key.
[0022] Optionally, in some examples, the key management method further includes: in response to the successful creation of the associated data container, providing the client with a data access seed assigned to the current user account for which the associated data container was successfully created, for the client to further use the data access seed when generating the disguised data key, the data access seed being non-persistently stored on the client; the persistent storage of the disguised data key of the current user account provided by the client includes: persistently storing the disguised data key in association with the data access seed; and further utilizing the data access seed for the restoration of the hidden data key.
[0023] In some examples, optionally, the client is configured to: obtain an account access key by extracting information from the data access seed and the account private identifier, the account access key being non-persistently stored on the client; encrypt the hidden data key using the account access key to obtain the disguised data key; and obtain an account access code by extracting information from the account access key; the key management method further includes: persistently storing the account access code provided by the client as an access verification code, associated with the data access seed and the disguised data key; wherein the account access code is non-persistently stored on the client, and in response to each data access to the associated data container initiated by the client to the server, or in response to a key update initiated by the client to the disguised data key persistently stored on the server, the account access code is regenerated on the client based on the locally obtained account private identifier; and the key management method further includes: utilizing the consistency between the account access code regenerated by the client when requesting the data access or the key update, and the persistently stored access verification code. The access verification result is used to verify the access to the data or the key update, and / or, the access verification code is used in conjunction with the client that regenerates the account access code to achieve anti-replay filtering of the data access; and, the persistently stored access verification code is updated by the client along with the disguised data key in response to each update of the account private identification code. The client is further configured to implement the association update in the following manner: regenerate the account access key using the data access seed provided by the server and the updated account private identification code, the regenerated account access key is used to generate data key update information for the disguised data key, the data key update information is used to update the disguised data key persistently stored in the server, and the persistently stored access verification code in the server is updated to access code update information of the account access code obtained by extracting information from the regenerated account access key. The extraction rules when extracting information from the regenerated account access key to obtain the access code update information are the same as the extraction rules when obtaining the account access code from the account access key.
[0024] In another embodiment, a data access method is provided, the data access method being applied to a client and comprising:
[0025] Initiate an access request to the server for the associated data container of the current user account;
[0026] Obtain the disguised data key provided by the server in response to the access request, and persistently store the disguised data key on the server;
[0027] Using the disguised data key provided by the server and the account private identification code of the current user account obtained locally, the hidden data key assigned to the current user account by the client before initiating the access request can be restored;
[0028] Using the hidden data key obtained from the reconstruction, data access to the associated data container can be achieved;
[0029] The disguised data key and the hidden data key are stored non-persistently on the client.
[0030] Optionally, in some examples, the data access method further includes: obtaining a data access seed provided by the server in response to the access request, wherein the data access seed and the disguised data key are persistently stored in association with each other on the server, and the data access seed is non-persistently stored on the client; the step of restoring the hidden data key of the current user account using the disguised data key provided by the server and the account private identifier of the current user account obtained locally includes: restoring the hidden data key using the disguised data key provided by the server, the data access seed, and the account private identifier obtained locally.
[0031] In some examples, optionally, the step of restoring the hidden data key using the disguised data key and the data access seed provided by the server, as well as the locally obtained account private identification code, includes: extracting information from the data access seed and the account private identification code to obtain an account access key; decrypting the disguised data key using the account access key to restore the hidden data key; wherein the account access key is stored non-persistently on the client.
[0032] Optionally, in some examples, the server persistently stores an access verification code, which is persistently stored in association with the data access seed and the masquerading data key. The data access method further includes: extracting information from the account access key regenerated based on the account private identifier when the access request is initiated, obtaining an account access code, and carrying the account access code into the access request. This prompts the server to perform permission verification for data access by comparing the consistency of the account access code carried in the access request and the persistently stored access verification code. Access to the associated data container is enabled after successful permission verification. Furthermore, the persistently stored access verification code responds to each update of the account private identifier. The process of updating the access verification code in association with the disguised data key includes: regenerating the account access key using the data access seed provided by the server and the updated account private identifier; using the regenerated account access key to generate data key update information for the disguised data key; using the data key update information to update the disguised data key persistently stored in the server; and, in response to the successful verification of the permission check for the key update, updating the access verification code persistently stored in the server to access code update information obtained by extracting information from the regenerated account access key. The extraction rules for obtaining the access code update information by extracting information from the regenerated account access key are the same as the extraction rules for obtaining the account access code from the account access key.
[0033] Optionally, in some examples, the data access method further includes: obtaining a one-time temporary code provided by the server in response to the access request, along with the data access seed and the masquerading data key; the server being configured to obtain a dynamic access verification code by extracting information from the access verification code and the one-time temporary code using preset information extraction rules; wherein the one-time temporary code terminates during the server's lifetime in response to the generation of the dynamic access verification code, and the dynamic access verification code is updated based on the regenerated one-time temporary code in response to the end of the data access; extracting information from the one-time temporary code and the account access code obtained when initiating the access request using the preset information extraction rules to obtain a paired access verification code for identifying the access request; and sending the generated paired access verification code to the server to prompt the server to perform anti-replay filtering on the data access based on the consistency determination result between the paired access verification code and the dynamic access verification code.
[0034] In another embodiment, a data access method is provided, the data access method being applied to a server and comprising:
[0035] In response to a client's access request to the associated data container of the current user account, query the spoofed data key in persistent storage;
[0036] The client is provided with the queried disguised data key, so that the client can use the disguised data key and the account private identification code of the current user account obtained locally to restore the hidden data key assigned to the current user account before initiating the access request, and use the restored hidden data key to access the data of the associated data container.
[0037] The disguised data key and the hidden data key are stored non-persistently on the client.
[0038] In some examples, optionally, the data access method further includes: in response to the access request, querying a persistently stored data access seed associated with the masquerading data key; providing the queried data access seed together with the masquerading data key to the client for the client to further use the data access seed when generating the masquerading data key; wherein the data access seed is not persistently stored on the client, and the client further uses the data access seed and the masquerading data key to restore the hidden data key.
[0039] Optionally, in some examples, the server persistently stores an access verification code, and the access verification code is persistently stored in the server in association with the data access seed and the masquerading data key; the data access method further includes: obtaining an account access code carried in the access request, the account access code being obtained by the client extracting information from the account access key regenerated based on the account private identifier when initiating the access request; using the consistency comparison result of the account access code carried in the access request and the persistently stored access verification code to perform permission verification for the data access; wherein, the data access to the associated data container is enabled after the permission verification is successful; and the access verification code persistently stored in the server responds to each update of the account private identifier. The process of updating the access verification code in association with the disguised data key includes: regenerating the account access key using the data access seed provided by the server and the updated account private identifier; using the regenerated account access key to generate data key update information for the disguised data key; using the data key update information to update the disguised data key persistently stored in the server; and, in response to the successful verification of the permission check for the key update, updating the access verification code persistently stored in the server to access code update information obtained by extracting information from the regenerated account access key. The extraction rules for obtaining the access code update information by extracting information from the regenerated account access key are the same as the extraction rules for obtaining the account access code from the account access key.
[0040] Optionally, in some examples, the data access method further includes: in response to the access request, extracting information from the access verification code and the one-time temporary code using preset information extraction rules to obtain a dynamic access verification code for identifying the access request; and providing the one-time temporary code, whose lifecycle has not yet ended, together with the data access seed and the fake data key to the client, so as to prompt the client to extract information from the account access code and the one-time temporary code using the preset information extraction rules to obtain a paired access verification code, wherein the one-time temporary code ends in the server's lifecycle in response to the generation of the dynamic access verification code, the dynamic access verification code is updated based on the regenerated one-time temporary code in response to the end of the data access, and the account access code used by the client when obtaining the paired access verification code is obtained by the client extracting information from the account access key regenerated based on the account private identification code when initiating the access request; and performing anti-replay filtering on the data access based on the consistency determination result between the dynamic access verification code and the paired access verification code obtained from the client.
[0041] In another embodiment, a client is provided, including a first processor, a first communication component for communicating with a server, an information input component for inputting an account private identification code, and memory for non-persistent storage. The first processor is used to execute the key management method and data access method applied to the client as described in the foregoing embodiments.
[0042] In another embodiment, a server is provided, including a second processor, a second communication component for communicating with a client, and a physical disk for persistent storage, wherein the second processor is used to execute the key management method and data access method applied to the server as described in the foregoing embodiments.
[0043] In another embodiment, a data storage system is provided, including: the client and server of the foregoing embodiments; and a storage device for deploying the associated data container with any user account.
[0044] In another embodiment, a non-transitory computer-readable storage medium is provided that stores instructions, which, when executed by a processor, cause the processor to perform: a key management method and a data access method applied to the client as described in the foregoing embodiments; or a key management method and a data access method applied to the server as described in the foregoing embodiments.
[0045] Based on the above embodiments, any user account accessing data in the associated data container through a client can use a hidden data key assigned to that user account by the client. The hidden data key is not persistently stored on the client side to reduce the risk of it being stolen. Furthermore, a disguised data key generated using the hidden data key and the account's private identifier held by the user account owner can be persistently stored on the server as a replacement for the hidden data key. As long as the client can obtain the user account's private identifier, it can use the disguised data key obtained from the server to reconstruct the required hidden data key and use it to provide data security protection. Moreover, when the user account's private identifier is updated, only the disguised data key, which is persistently stored on the server as a replacement for the hidden data key, needs to be changed; there is no need to decrypt and re-encrypt all encrypted data of the user account, thereby reducing the system burden caused by updates to the account's private identifier while maintaining data security. Attached Figure Description
[0046] The following figures are for illustrative purposes only and do not limit the scope of this application:
[0047] Figure 1 This is a schematic diagram of a data security access mechanism in one embodiment of this application;
[0048] Figure 2 For the embodiments of this application, on the client side, based on, as follows Figure 1 An exemplary flowchart illustrating the key management method based on the principle shown.
[0049] Figure 3 For the embodiments of this application, on the server side, based on, as shown in the example, Figure 1 An exemplary flowchart illustrating the key management method based on the principle shown.
[0050] Figure 4 For the embodiments of this application, on the client side, based on, as follows Figure 1 An exemplary flowchart illustrating the data access method based on the principle shown.
[0051] Figure 5 For the embodiments of this application, on the server side, based on, as shown in the example, Figure 1 An exemplary flowchart illustrating the data access method based on the principle shown.
[0052] Figure 6 As shown in the embodiments of this application Figure 1 The data security access mechanism shown adopts an optimization principle diagram with bilateral parameters;
[0053] Figure 7 For the embodiments of this application, on the client side, based on, as follows Figure 6An exemplary flowchart illustrating the key management method based on the optimization principle is shown below;
[0054] Figure 8 For the embodiments of this application, on the server side, based on, as shown in the example, Figure 6 An exemplary flowchart illustrating the key management method based on the optimization principle is shown below;
[0055] Figure 9 For the embodiments of this application, on the client side, based on, as follows Figure 6 An exemplary flowchart illustrating the data access method based on the optimization principle shown.
[0056] Figure 10 For the embodiments of this application, on the server side, based on, as shown in the example, Figure 6 An exemplary flowchart illustrating the data access method based on the optimization principle shown.
[0057] Figure 11 This is a schematic diagram illustrating the optimization principle of introducing a permission verification mechanism during data access in the embodiments of this application.
[0058] Figure 12 This is a schematic diagram illustrating the optimization principle of introducing an anti-replay mechanism during data access in an embodiment of this application.
[0059] Figure 13 This is a schematic diagram of an exemplary structure of a client in an embodiment of this application;
[0060] Figure 14 This is a schematic diagram of an exemplary server structure in an embodiment of this application. Detailed Implementation
[0061] To make the objectives, technical solutions, and advantages of this application clearer, the following detailed description is provided with reference to the accompanying drawings and embodiments.
[0062] Figure 1 This is a schematic diagram illustrating the data security access mechanism in one embodiment of this application. Please refer to [link / reference]. Figure 1 In the embodiments of this application, the parameters used for secure data access include an account private identification code 90, a hidden data key 91, and a disguised data key 93.
[0063] In the embodiments of this application, any user account logged into by a client 10, such as a PC (Personal Computer) or a mobile terminal, can have a set private account identification code 90. Each user account's private account identification code 90 can be considered as an identity identifier used by the client 10 to identify the user account when initiating data access. Therefore, the private account identification code 90 can take the form of a PIN (Personal Identification Number). Furthermore, the private account identification code 90 of any user account can be set to be the same as the verification password required by the server 20 to authenticate the user account. Preferably, the private account identification code 90 of any user account can be set to be different from the user account's verification password.
[0064] The account private identifier 90 of any user account is kept solely by the owner of that user account and can be provided to the client 10 by the custodian. For example, the user private key 90 can be provided to the client 10 as input information through the client 10's human-computer interaction component, or the user private key 90 can be stored in a hot-swappable device such as a dongle and transmitted to the client 10 through the client 10's hot-swappable interface. Moreover, the account private identifier 90 of any user account can be stored non-persistently on the client 10, or the account private identifier 90 can be persistently stored on the client 10 (e.g., persistently stored on the client 10 in an encrypted state). However, the client 10 is prohibited from providing the account private identifier 90 to the server 20.
[0065] In the embodiments of this application, "non-persistent storage" means that the stored objects are only saved to volatile storage media such as RAM (Random-Access Memory) (e.g., the memory of client 10), and not to non-volatile storage media such as Flash or disk. Therefore, any information in non-persistent storage is automatically discarded after being used locally. Conversely, "persistent storage" means that the stored objects are saved to non-volatile storage media such as Flash or disk. That is, any information in persistent storage can only be lost in response to operations with the intention to discard, such as deletion, or due to objective reasons such as hardware damage.
[0066] In the embodiments of this application, server 20 can create an associated data container for each user account (e.g., each authenticated user account). The data container associated with each user account is used to store the encrypted data of that user account. The encrypted data of each user account is encrypted using a hidden data key 91 assigned to that user account by client 10. Correspondingly, the encrypted data of each user account can also be decrypted using the same hidden data key 91. That is, the hidden data key 91 is used to encrypt data to ensure that the data content is not leaked; therefore, the hidden data key 91 can also be considered a content key.
[0067] The hidden data key 91 for any user account can be generated by the client 10 when requesting the server 20 to create an associated data container for the user account. For example, when the client 10 requests the server 20 to create an associated data container for the user account, it can generate a random key as the hidden data key 91 assigned to the user account, and the hidden data key 91 is stored non-persistently in the client 10.
[0068] In other words, the hidden data key 91 is in Figure 1 The key initialization phase S_INIT shown is generated by client 10 and then automatically discarded by client 10. However, client 10... Figure 1 In each key usage phase shown, S_U needs to obtain (i.e. restore) the hidden data key 91 that was automatically discarded.
[0069] To ensure that client 10 can obtain the hidden data key 91 of any user account when it needs to use that hidden data key 91, in the embodiments of this application, a disguised data key 93 generated by client 10 can be persistently stored on server 20 as a substitute for the hidden data key 91. For example, the disguised data key 93 persistently stored on server 20 can be indexed by the plaintext identifier of the user account (such as the account name or other unique account identifier), so that client 10 can use the disguised data key 93 persistently stored on server 20 to recover the hidden data key 91 that needs to be used. Furthermore, the disguised data key 93 is also not persistently stored on client 10. That is, compared to the invisible hidden data key 91, the disguised data key 93 is a visible but not real "content key". Therefore, the disguised data key 93 can be considered as a shadow content key.
[0070] For any user account, Figure 1During the key initialization phase S_INIT shown, client 10 can use the user account's private identifier 90 and the hidden data key 91 assigned to the user account by client 10 to generate a disguised data key 93 that replaces the hidden data key 91 of the user account and is persistently stored in server 20. Furthermore, the hidden data key 91 and disguised data key 93, which are not persistently stored in client 10, can be deleted and discarded by client 10 at the end of their lifecycle in client 10. For example, client 10 can delete and discard the non-persistently stored hidden data key 91 and disguised data key 93 in response to the successful transmission of disguised data key 93 to server 20.
[0071] For any user account, Figure 1 During the key usage phases S_ACC and S_UPDT shown, client 10 can obtain the disguised data key 93, which is persistently stored on server 20 for the user account. At this time, as long as client 10 can also obtain the user account's private identification code 90, client 10 can use the obtained user account's private identification code 90 and disguised data key 93 to restore the user account's hidden data key 91 (i.e., the inverse operation of the processing algorithm that generates disguised data key 93 using account private identification code 90 and hidden data key 91). Furthermore, client 10 can delete and discard the non-persistently stored disguised data key 93 in response to the successful restoration of hidden data key 91, and delete and discard the hidden data key 91 that remains non-persistently stored after restoration in response to the completion of the use of the restored hidden data key 91.
[0072] In embodiments of this application, the use of the hidden data key 91 by the client 10 may include: using the restored hidden data key 91 to access data in the associated data container of the user account, that is, Figure 1 The key used for data access is shown in the S_ACC phase.
[0073] For example, client 10 can send a data storage request to server 20 for a user account to store data in an associated data container. In this case, client 10's access to the data in the associated data container of the user account using the hidden data key 91 obtained by restoration may include: encrypting the data to be stored in the associated data container of the user account using the hidden data key 91 of the user account, and sending the encrypted data to server 20 so that server 20 can store it in the associated data container of the user account.
[0074] For example, client 10 can send a data retrieval request to server 20 to retrieve data from the associated data container of a user account. In this case, client 10's access to the data in the associated data container of the user account using the hidden data key 91 obtained by restoration can include: obtaining specified encrypted data in the associated data container of the user account provided by server 20, and decrypting the obtained specified encrypted data using the hidden data key 91 of the user account.
[0075] Based on the above embodiments, any user account accessing data in the associated data container through client 10 can use the hidden data key 91 assigned to that user account by client 10. The hidden data key 91 is not persistently stored on client 10 to reduce the risk of it being stolen. Furthermore, a disguised data key 93 generated using the hidden data key 91 and the account private identification code 90 held by the user account owner can be persistently stored on server 20 as a replacement for the hidden data key 91. As long as client 10 can obtain the user account's account private identification code 90, it can use the disguised data key 93 obtained from server 20 to reconstruct the required hidden data key 91 and use it to provide data security protection.
[0076] In embodiments of this application, the use of the hidden data key 91 by the client 10 may further include: in response to an update of the account private identifier 90 of any user account, updating the disguised data key 93 persistently stored in the server 20 using the updated account private identifier 90' and the restored hidden data key 91, that is, Figure 1 The key usage phase S_UPDT shown here for key updates refers to the key update initiated by client 10 on the masquerading data key 93 persistently stored on server 20 due to the update of account private identifier 90.
[0077] For example, in response to an update of the account private identifier 90 of any user account, client 10 can obtain the disguised data key 93 that is persistently stored for the user account on server 20; use the disguised data key 93 obtained from server 20 and the account private identifier 90 before the user account update to restore the hidden data key 91 of the user account; use the updated account private identifier 90' of the user account and the restored hidden data key 91 of the user account to regenerate the updated disguised data key 93' of the user account; and send the updated disguised data key 93' of the user account as data key update information to server 20, so that server 20 replaces the original disguised data key 93 that is persistently stored for the user account with the updated disguised data key 93'.
[0078] It is understandable that the process of updating the masquerading data key 93 persistently stored in the server 20 in response to an update of the account private identifier 90 of any user account can be unlimited in the number of updates. That is, the updated account private identifier 90' of a user account can be updated again, and correspondingly, the updated masquerading data key 93' can also be updated again.
[0079] Therefore, based on the above embodiments, the hidden data key 91 of any user account is only stored non-persistently on the client side. Furthermore, the account private identification code 90 of the user account serves as the credential for restoring the hidden data key 91 on the client 10 when it is needed, rather than serving as the data key for encrypting and decrypting the user account's data. Thus, when the account private identification code 90 of any user account is updated, only the disguised data key 93, which is the replacement for the hidden data key 91 and is persistently stored on the server, needs to be changed. There is no need to re-encrypt all the encrypted data of the user account after decryption. This reduces the system burden caused by the update of the account private identification code while ensuring data security.
[0080] Figure 2 For the embodiments of this application, on the client side, based on, as follows Figure 1 The diagram illustrates an exemplary flow of the key management method based on the illustrated principle. Please refer to [link / reference]. Figure 2 In embodiments of this application, the key management method applied to the client may include:
[0081] S210: In response to a container creation request from the current user account for creating an associated data container, send the container creation request to the server and assign a hidden data key to the current user account, wherein the hidden data key is stored non-persistently on the client side.
[0082] For example, S210 may respond to a container creation request from the current user account to create an associated data container, generate a random key for non-persistent storage, and determine the random key as a hidden data key to be assigned to the current user account. That is, S210 may generate a random key to be used as a hidden data key.
[0083] S230: Using the account private identification code of the current user account obtained locally and the hidden data key assigned to the current user account, generate the disguised data key of the current user account. The hidden data key and the disguised data key of the current user account are stored non-persistently on the client side.
[0084] S250: The disguised data key generated for the current user account is sent to the server for persistent storage. The disguised data key, which is persistently stored on the server, is provided to the client in response to the client's request for the use of the hidden data key, so that the client can use the account private identifier of the current user account and the disguised data key to restore the hidden data key of the current user account.
[0085] For example, the use of the hidden data key by the client includes: using the restored hidden data key to access the data container associated with the current user account, and, in response to an update of the account private identifier, using the updated account private identifier and the restored hidden data key to update the persistently stored disguised data key.
[0086] S270: In response to the update of the account private identifier of the current user account, the hidden data key of the current user account is restored by using the account private identifier of the current user account before the update and the disguised data key of the current user account obtained from the server. Furthermore, the disguised data key that is persistently stored in the server is updated by using the account private identifier of the current user account after the update and the restored hidden data key of the current user account.
[0087] For example, S270 may specifically include: in response to an update of the account private identifier of the current user account, obtaining a disguised data key that is persistently stored on the server for the current user account; restoring (i.e. regenerating) the hidden data key of the current user account using the disguised data key of the current user account and the account private identifier before the update; regenerating the updated disguised data key of the current user account using the updated account private identifier of the current user account and the restored hidden data key of the current user account; and sending the updated disguised data key of the current user account as data key update information to the server, so as to prompt the server to use the data key update information to replace the disguised data key that is persistently stored for the current user account with the updated disguised data key of the current user account.
[0088] Furthermore, the client can access the data of the associated data container of the current user account by using the hidden data key obtained from the restoration. This can happen between S250 and S270, or it can happen after S270.
[0089] Figure 3 For the embodiments of this application, on the server side, based on, as shown in the example, Figure 1 The diagram illustrates an exemplary flow of the key management method based on the illustrated principle. Please refer to [link / reference]. Figure 3 In embodiments of this application, the key management method applied to the server may include:
[0090] S310: Create an associated data container for the current user account of the client, wherein the client is configured to generate a disguised data key for the current user account using the account private identifier of the current user account and the hidden data key assigned to the current user account, and the disguised data key and the hidden data key of the current user account are stored non-persistently on the client.
[0091] S330: Persistently store the disguised data key of the current user account provided by the client. The persistently stored disguised data key is provided to the client in response to the client's request for the use of the hidden data key, so that the client can use the account private identifier of the current user account and the disguised data key to restore the hidden data key.
[0092] For example, the use of hidden data keys by clients includes: using the hidden data key of the current user account obtained through restoration to access the data container associated with the current user account; and, in response to the update of the account private identifier of the current user account, using the updated account private identifier of the current user account and the hidden data key of the current user account obtained through restoration to update the disguised data key of the current user account that is persistently stored.
[0093] S350: In response to a key update request initiated by the client when the account private identifier of the current user account is updated, provide the client with a disguised data key that is persistently stored for the current user account, so that the client can use the updated account private identifier and the restored hidden data key to regenerate the disguised data key for the current user account.
[0094] S370: Update the spoofing data key, which is regenerated by the client in response to the update of the account private identifier of the current user account, to the spoofing data key that is not persistently stored in the current user account.
[0095] For example, S370 can use the spoofed data key (i.e., data key update information) updated by the client for the current user account to overwrite the spoofed data key that is not persistently stored locally for the current user account.
[0096] Furthermore, the client can access the data of the associated data container of the current user account by using the hidden data key obtained from the restoration. This can happen between S330 and S370, or it can happen after S370.
[0097] Figure 4 For the embodiments of this application, on the client side, based on, as follows Figure 1 The diagram illustrates an exemplary flow of a data access method based on the principle shown. Please refer to [link / reference]. Figure 4In embodiments of this application, the data access method applied to the client may include:
[0098] S410: Initiate an access request to the server for the associated data container of the current user account.
[0099] For example, the access request initiated by S410 may include a data storage request to store data into the associated data container of the current user account, or the access request initiated by S410 may include a data retrieval request to retrieve data from the associated data container of the current user account. Furthermore, if the disguised data key 93 persistently stored in the server 20 can be indexed by the account plaintext identifier (such as the account name or other unique account identifier) of the user account to which it belongs, then the access request initiated by S410 may carry the account plaintext identifier of the current user account.
[0100] S430: Obtain the spoofing key of the current user account provided by the server in response to the access request, wherein the spoofing key of the current user account is persistently stored on the server and non-persistently stored on the client.
[0101] S450: Using the disguised data key of the current user account provided by the server and the account private identification code of the current user account obtained locally, the hidden data key assigned to the current user account by the client before initiating the access request is restored. The hidden data key of the current user account is stored non-persistently on the client.
[0102] As mentioned earlier, the client may assign a hidden data key to the current user account before initiating an access request. This can happen when the client sends a container creation request to the server for the current user account to create an associated data container. However, it is understandable that the client may assign a hidden data key to the current user account at any time before initiating the access request.
[0103] S470: Using the hidden data key of the current user account obtained through restoration, data access to the associated data container of the current user account is achieved.
[0104] For example, if the access request initiated by S410 is a data storage request to store data into the associated data container of the current user account, then S470 may specifically include: using the hidden data key of the current user account obtained by restoration, encrypting the data to be stored into the associated data container of the current user account, and sending the encrypted data of the current user account to the server, so as to cause the encrypted data of the current user account to be persistently stored by the server in the associated data container of the current user account.
[0105] For example, if the access request initiated by S410 is a data retrieval request to retrieve data from the associated data container of the current user account, then S470 may specifically include: obtaining the specified encrypted data in the associated data container of the current user account provided by the server, and decrypting the obtained specified encrypted data using the hidden data key of the current user account obtained through restoration.
[0106] The above are as follows Figure 4 The process shown can be triggered an unlimited number of times, and can occur in situations such as... Figure 2 Between S250 and S270 and / or after S270 in the process shown.
[0107] Figure 5 For the embodiments of this application, on the server side, based on, as shown in the example, Figure 1 The diagram illustrates an exemplary flow of a data access method based on the principle shown. Please refer to [link / reference]. Figure 5 In embodiments of this application, the data access method applied to the server may include:
[0108] S510: In response to a client's access request to the associated data container of the current user account, query the disguised data key that is persistently stored for the current user account.
[0109] For example, the access request responded to by S510 may include a data storage request to store data into the associated data container of the current user account, or the access request responded to by S510 may include a data retrieval request to retrieve data from the associated data container of the current user account. Furthermore, if the disguised data key 93 persistently stored in the server 20 can be indexed by the account plaintext identifier (such as the account name or other unique account identifier) of the user account to which it belongs, then the access request initiated by S410 may carry the account plaintext identifier of the current user account.
[0110] S530: Provide the client with the spoofed data key of the current user account obtained from the server, so that the client can use the spoofed data key of the current user account obtained from the server and the account private identification code of the current user account obtained locally on the client to restore the hidden data key assigned to the current user account before the client initiated the access request, and use the restored hidden data key to realize data access to the associated data container of the current user account. The spoofed data key and the hidden data key of the current user account are stored non-persistently on the client.
[0111] The above are as follows Figure 5 The process shown can be triggered an unlimited number of times, and can occur in situations such as... Figure 3 Between S330 and S370 and / or after S370 in the process shown.
[0112] Figure 6 As shown in the embodiments of this application Figure 1 The data security access mechanism shown employs an optimization principle diagram based on multiple parameters. Please refer to [link / reference]. Figure 6 In the embodiments of this application, the parameters for secure data access may include, in addition to the account private identification code 90 belonging to the account owner, and the hidden data key 91 and disguised data key 93 generated by the client 10, a data access seed 92 generated by the server 20. That is, the parameters for secure data access include multiple parameters from the account owner, the client 10 side, and the server 20 side.
[0113] Specifically, in the embodiments of this application, server 20 can allocate a data access seed 92 for the associated data container of any successfully created user account and provide it to client 10. Furthermore, the data access seed 92 allocated by server 20 for each user account's associated data container can be persistently stored on server 20. Correspondingly, when client 10 generates a disguised data key 93 for any user account, it can further use the data access seed 92 allocated by server 20 for that user account. In this case, client 10 also needs to further use the data access seed 92 allocated by server 20 for that user account when restoring the hidden data key 91 of any user account and updating the disguised data key 93 of that user account.
[0114] For any user account, Figure 6 During the key initialization phase S_INIT shown, client 10 can use the user account's private identifier 90, the data access seed 92 assigned to the user account by server 20, and the hidden data key 91 assigned to the user account by client 10 to generate a disguised data key 93 that replaces the hidden data key 91 of the user account and is persistently stored on server 20. Furthermore, the hidden data key 91, data access seed 92, and disguised data key 93 that are not persistently stored on client 10 can be deleted and discarded by client 10 at the end of their lifecycle in client 10. For example, client 10 can delete and discard the non-persistently stored hidden data key 91, data access seed 92, and disguised data key 93 in response to the successful transmission of disguised data key 93 to server 20.
[0115] For any user account, Figure 1During the key usage phases S_ACC and S_UPDT shown, client 10 can obtain from server 20 the data access seed 92 and the disguised data key 93 that are persistently stored in association with each other for the user account on server 20. For example, the data access seed 92 and the disguised data key 93 that are persistently stored in server 20 can both be indexed by the plaintext identifier of the user account (such as the account name or other unique identifier of the account). At this time, as long as client 10 can also obtain the account private identification code 90 of the user account, client 10 can use the obtained account private identification code 90 of the user account, as well as the data access seed 92 and the disguised data key 93 provided by server 20 to restore the hidden data key 91 of the user account. Furthermore, client 10 can delete and discard the non-persistently stored data access seed 92 and the disguised data key 93 in response to the successful restoration of the hidden data key 91, and delete and discard the hidden data key 91 that remains non-persistently stored after restoration in response to the completion of the use of the restored hidden data key 91.
[0116] In embodiments of this application, the use of the hidden data key 91 by the client 10 may include: using the restored hidden data key 91 to access data in the associated data container of the user account, that is, Figure 1 The key usage phase S_ACC for data access is shown in the diagram; this phase can be found in the previous section on... Figure 1 The description section will not be repeated here.
[0117] Compared to Figure 1 The principle shown is as follows: Figure 6 The optimization principle shown uses a key combination of the account private identifier 90 kept by the user account owner and the data access seed 92 allocated by the server 20 when generating the disguised data key 93 to replace the hidden data key 91 for persistent storage, and when using the disguised data key 93 to restore the hidden data key 91. Therefore, the conversion logic between the hidden data key 91 and the disguised data key 93 can be further strengthened to increase the difficulty of deciphering the hidden data key 91 from the disguised data key 93, thereby further enhancing the confidentiality protection of the hidden data key 91.
[0118] In some examples, client 10 can extract information from the account private identifier 90 and data access seed 92 of any user account to obtain the account access key 94 of that user account. For example, information extraction can be achieved through a hash operation of the account private identifier 90 and data access seed 92 of any user account to obtain the account access key 94 of that user account. The hidden data key 91 of the user account is then encrypted using the account access key 94 to obtain the disguised data key 93 of the user account. This application does not intend to limit the encryption algorithm used to encrypt the account access key 94 and the hidden data key, but supports any encryption algorithm with a reversible decryption algorithm. In other words, the account access key 94 can be seen as a composite key of the account private identifier 90 and the data access seed 92, as well as an intermediary key for conversion between the hidden data key 91 and the disguised data key 93. The account access key 94 of any user account is not persistently stored on the client 10, and the client 10 is prohibited from providing the account access key 94 to the server 20. Therefore, the introduction of the account access key 94 can increase the difficulty of deciphering the hidden data key 91 from the disguised data key 93, thereby further enhancing the confidentiality protection of the hidden data key 91.
[0119] If an account access key 94 is introduced, the process of restoring the hidden data key by the client 10 may include: extracting information (e.g., hashing) from the data access seed provided by the server 20 and the account private identification code 90 of the user account obtained locally, and restoring the account access key 94; and using the restored account access key 94 to decrypt the disguised data key 93 obtained from the server 20, and restoring the hidden data key 91 of the user account.
[0120] As described above, in the embodiments of this application, the use of the hidden data key 91 by the client 10 may further include: in response to an update of the account private identifier 90 of any user account, using the updated account private identifier 90', and the restored account access key 94 and hidden data key 91, updating the disguised data key 93 persistently stored in the server 20, that is, Figure 6 The key usage phase S_UPDT for key updates is shown in the diagram.
[0121] For example, in response to an update of the account private identifier 90 of any user account, client 10 can obtain the data access seed 92 and the disguised data key 93 that are persistently stored in association between the user accounts on server 20; using the data access seed 92 and the disguised data key 93 obtained from server 20, and the account private identifier 90 of the user account before the update, it can restore the hidden data key 91 of the user account; using the data access seed 92 obtained from server 20, the updated account private identifier 90' of the user account, and the restored hidden data key 91 of the user account, it can regenerate the updated disguised data key 90' of the user account. 3' If an account access key 94 is introduced, a new account access key 94' will also be regenerated during the process of regenerating the disguised data key 93'. That is, the regenerated account access key 94' is used to regenerate the disguised data key 93', and the process of regenerating the disguised data key 93' can be regarded as the process of generating data key update information for the disguised data key 93; and the updated disguised data key 93' of the user account is sent to the server 20 as the data key update information for the disguised data key 93, so that the server 20 will replace the original disguised data key 93 that is persistently stored for the user account with the updated disguised data key 93'.
[0122] and Figure 1 The principle shown is the same, based on, as Figure 6 The optimization principle shown describes a process where the masquerading key 93, persistently stored in server 20, is updated in response to an update of the account private identifier 90 of any user account. This process can be repeated an unlimited number of times. That is, the updated account private identifier 90' of a user account can be updated again, and correspondingly, the updated masquerading key 93' can also be updated again.
[0123] Therefore, as Figure 6 The optimization principle shown further enhances the confidentiality protection of the hidden data key 91, while still supporting the reduction of system burden caused by the update of the account private identification code.
[0124] Figure 7 For the embodiments of this application, on the client side, based on, as follows Figure 6 The diagram illustrates an exemplary flow of the key management method based on the optimization principle. Please refer to [link / reference]. Figure 7 In embodiments of this application, the key management method applied to the client may include:
[0125] S710: In response to a container creation request from the current user account for creating an associated data container, the container creation request is sent to the server and a hidden data key is assigned to the current user account, wherein the hidden data key is stored non-persistently on the client side.
[0126] In other words, the S710 can be considered to be similar to... Figure 2 S210 in the process shown is basically the same.
[0127] S730: Obtain the data access seed assigned by the server to the current user account that successfully created the associated data container, wherein the data access seed of the current user account obtained from the server is stored in non-persistent storage on the client.
[0128] In other words, compared to Figure 2 The process shown, S730 can be a further step included in the key management method applied to the client.
[0129] S750: Using the data access seed of the current user account obtained from the server, the account private identification code of the current user account obtained locally, and the hidden data key assigned to the current user account, a disguised data key is generated. The hidden data key and the disguised data key of the current user account are stored non-persistently on the client.
[0130] In other words, compared to Figure 2 In the process shown, S230 and S750 further utilize the data access seed allocated by the server to the current user account when generating the disguised data key for the current user account. Correspondingly, the restoration of the hidden data key for the current user account after S750 can also further utilize the data access seed of the current user account.
[0131] For example, S750 may specifically include: obtaining the account access key of the current user account by extracting information from the account private identification code and data access seed of the current user account (such as any information extraction algorithm that supports irreversible operation, such as a hash algorithm); and encrypting the hidden data key of the current user account using the account access key of the current user account to obtain the disguised data key of the current user account.
[0132] Accordingly, when restoring the hidden data key of the current user account after S750, it can specifically include:
[0133] S770: The disguised data key generated for the current user account is sent to the server and persistently stored in association with the data access seed of the current user account. The data access seed and disguised data key, which are persistently stored in association with each other in the server, are provided to the client in response to the client's request for the use of the hidden data key, so that the client can use the data access seed of the current user account, the account private identifier, and the disguised data key to restore the hidden data key of the current user account.
[0134] Similarly, the use of the hidden data key by the client includes: using the restored hidden data key to access the data container associated with the current user account, and, in response to the update of the account private identifier, using the updated account private identifier and the restored hidden data key to update the persistently stored disguised data key.
[0135] S790: In response to the update of the account private identifier of the current user account, the hidden data key of the current user account is restored by using the account private identifier of the current user account before the update, and the data access seed and disguised data key of the current user account obtained from the server. Furthermore, the disguised data key that is persistently stored in the server is updated by using the data access seed of the current user account obtained from the server, the updated account private identifier of the current user account, and the restored hidden data key of the current user account.
[0136] For example, S790 may specifically include: in response to an update of the account private identifier of the current user account, obtaining a data access seed and a disguised data key that are persistently stored on the server in association with each other for the current user account; using the data access seed and disguised data key of the current user account, and the account private identifier before the update, restoring the hidden data key of the current user account; using the data access seed of the current user account and the updated account private identifier of the current user account, regenerating the account access key, and using the regenerated account access key and the restored hidden data key of the current user account, regenerating the updated disguised data key of the current user account; and sending the updated disguised data key of the current user account as data key update information for the disguised data key to the server, so as to cause the server to replace the disguised data key persistently stored in the current user account with the updated disguised data key of the current user account using the data key update information for the disguised data key.
[0137] Furthermore, the client can use the hidden data key obtained from the restoration to access the data container associated with the current user account. This can happen between S770 and S790, or it can happen after S790.
[0138] Figure 8 For the embodiments of this application, on the server side, based on, as shown in the example, Figure 6 The diagram illustrates an exemplary flow of the key management method based on the optimization principle. Please refer to [link / reference]. Figure 8 In embodiments of this application, the key management method applied to the server may include:
[0139] S810: Create an associated data container for the current user account of the client, wherein the client is configured to generate a disguised data key for the current user account using the account private identifier of the current user account and the hidden data key assigned to the current user account, and the disguised data key and the hidden data key of the current user account are stored non-persistently on the client.
[0140] S830: In response to the successful creation of the associated data container for the current user account, the client is provided with a data access seed assigned to the current user account, which the client can further use when generating a fake data key for the current user account. The data access seed of the current user account is stored non-persistently on the client.
[0141] S850: Persistently stores the disguised data key of the current user account provided by the client, in association with the data access seed of the current user account. The persistently stored data access seed and disguised data key are provided to the client in response to the client's request for the use of the hidden data key, so that the client can use the account private identifier of the current user account, as well as the data access seed and disguised data key, to recover the hidden data key.
[0142] Similarly, the use of the hidden data key by the client includes: using the hidden data key of the current user account obtained by restoration to access the data container associated with the current user account, and, in response to the update of the account private identifier of the current user account, using the updated account private identifier of the current user account and the hidden data key of the current user account obtained by restoration to update the disguised data key of the current user account that is persistently stored.
[0143] S870: In response to a key update request initiated by the client when the account private identifier of the current user account is updated, the client is provided with a data access seed and a disguised data key that are persistently stored in association with each other for the current user account, so that the client can use the data access seed of the current user account, the updated account private identifier of the current user account, and the restored hidden data key to regenerate the disguised data key for the current user account.
[0144] S890: The masquerading data key, regenerated by the client in response to an update of the account private identifier of the current user account, is updated to a masquerading data key that is persistently stored in association with the data access seed of the current user account.
[0145] For example, S890 can use a fake data key updated by the client for the current user account to overwrite the fake data key that is persistently stored locally in association with the data access seed of the current user account.
[0146] Furthermore, the client can use the hidden data key obtained from the restoration to access the data container associated with the current user account. This can happen between S850 and S890, or it can happen after S890.
[0147] Figure 9 For the embodiments of this application, on the client side, based on, as follows Figure 6 The diagram illustrates an exemplary flow of the data access method based on the optimization principle. Please refer to [link / reference]. Figure 9 In embodiments of this application, the data access method applied to the client may include:
[0148] S910: Initiate an access request to the server for the associated data container of the current user account.
[0149] For example, the access request initiated by S910 can be basically the same as the access request initiated by S410 mentioned above, which will not be elaborated here.
[0150] S930: Obtain the data access seed and spoofing data key of the current user account provided by the server in response to the access request, wherein the data access seed and spoofing data key of the current user account are persistently stored in association with each other on the server, and the data access seed and spoofing data key of the current user account are non-persistently stored on the client.
[0151] In other words, compared to Figure 4 The process shown, S930 can be seen as a further step included in the data access method applied to the client.
[0152] S950: Using the data access seed and disguised data key of the current user account provided by the server, as well as the account private identification code of the current user account obtained locally, the hidden data key assigned to the current user account by the client before initiating the access request is restored. The data access seed and hidden data key of the current user account are stored non-persistently on the client.
[0153] In other words, compared to Figure 4 S450 and S950 of the process shown can be seen as further using the data access seed of the current user account when restoring the hidden data key of the current user account.
[0154] For example, S950 may specifically include: obtaining the account access key of the current user account by extracting information from the data access seed and account private identification code of the current user account (such as any information extraction algorithm that supports irreversible operation, such as a hash algorithm); and decrypting the disguised data key of the current user account using the account access key of the current user account to restore the hidden data key of the current user account, wherein the account access key of the current user account is not persistently stored on the client side.
[0155] S970: By using the hidden data key of the current user account obtained through restoration, data access to the associated data container of the current user account can be achieved.
[0156] For an example of S970, please refer to the previous section on... Figure 4 The description of S470 shown will not be repeated here.
[0157] The above are as follows Figure 9 The process shown can be triggered an unlimited number of times, and can occur in situations such as... Figure 7 Between S770 and S790 and / or after S790 in the process shown.
[0158] Figure 10 For the embodiments of this application, on the server side, based on, as shown in the example, Figure 6 The diagram illustrates an exemplary flow of the data access method based on the optimization principle. Please refer to [link / reference]. Figure 10 In embodiments of this application, the data access method applied to the server may include:
[0159] S1010: In response to a client's access request to the associated data container of the current user account, query the persistent data access seed and spoofing data key that are associated with each other for the current user account.
[0160] For example, the access request in the S1010 response can be basically the same as the access request in the S510 response mentioned above, and will not be repeated here.
[0161] S1030: Provide the client with the data access seed and disguised data key of the current user account obtained from the server, so that the client can use the data access seed and disguised data key of the current user account obtained from the server, as well as the account private identification code of the current user account obtained locally by the client, to restore the hidden data key assigned to the current user account before the client initiated the access request, and use the restored hidden data key to realize data access to the associated data container of the current user account. The data access seed, disguised data key and hidden data key of the current user account are stored non-persistently on the client.
[0162] The above are as follows Figure 10The process shown can be triggered an unlimited number of times, and can occur in situations such as... Figure 8 Between S850 and S890 and / or after S890 in the process shown.
[0163] In the embodiments of this application, if the following is adopted... Figure 6 The optimization principle shown is used to introduce an account access key 94. The account access key 94 can also be used to obtain an account access code. The account access code 95 can be used for permission verification of access initiated by the server 20 to the client 10, and / or for anti-replay filtering of data access initiated by the server 20 to the client 10.
[0164] Figure 11 This is a schematic diagram illustrating the optimization principle of introducing a permission verification mechanism during data access in an embodiment of this application. Please refer to [link / reference]. Figure 11 In the embodiments of this application, as described above, the client 10 can extract information from the data access seed 92 and the account private identification code 90 to obtain the account access key 94, which is not persistently stored on the client 10. Furthermore, the client 10 can also extract information from the account access key 94 to obtain the account access code 95, which is not persistently stored on the client 10, and send the account access code 95 to the server 20. The server can use the account access code 95 provided by the client 10, which belongs to any user account, as the access verification code 99 of that user account, and persistently store it in association with the data access seed 92 and the disguised data key 93. For example, the data access seed 92, the disguised data key 93, and the access verification code 99, which are persistently stored on the server 20, are all indexed by the plaintext identifier of the user account to which they belong (such as the account name or other unique account identifier).
[0165] Whether it's a data access request initiated by client 10 or a key update request initiated by access verification code 99 persistently stored on server 20, server 20 can use the consistency comparison result between the account access code 95 regenerated by client 10 when requesting data access or key update, and the access verification code 99 persistently stored on server 20, to perform permission verification for data access or key update, that is:
[0166] If the account access code 95 generated by client 10 when requesting data access or key update is consistent with the access verification code 99 persistently stored in server 20, then the permission verification is successful, and the data access or key update initiated by client 10 is enabled accordingly.
[0167] If the account access code 95 generated by client 10 when requesting data access or key update is different from the access verification code 99 persistently stored in server 20, then the permission verification fails, and the data access or key update initiated by client 10 is rejected by server 20 accordingly.
[0168] See also Figure 11 The persistent access verification code 99 stored in server 20 is updated synchronously with each update of the account private identification code 90 of the user account to which it belongs. That is, after the account private identification code 90 of any user account is updated, in the process of regenerating the updated disguised data key 93' of the user account using the updated account private identification code 90' and the restored hidden data key 91 of the user account, a new account access key 94' will be regenerated. Furthermore, by extracting the information of the newly generated account access key 94', a new account access code 95' can also be obtained. At this time, the new account access code 95' can be regarded as the access code update information of the currently used account access code 95. Therefore, the access verification code 99 that is the same as the account access code 95 and is persistently stored in server 20 for the user account will also be updated to the new access verification code 99' using the new account access code 95'. That is, in the embodiments of this application, the account access code 95 is not persistently stored on the client 10 but persistently stored on the server 20. The access verification code persistently stored on the server 20 is updated in response to each update of the account private identification code 90 by the key update association initiated by the client 10. The process of the access verification code 99 persistently stored on the server 20 being associated with the spoofed data key 93 may include: the client 10 regenerating the account access key 94' using the data access seed 92 provided by the server 20 and the updated account private identification code 90'. The regenerated account access key 94' is used to generate data key update information for the spoofed data key 93 (i.e., the updated spoofed data key 93'). This data key update information is used to update the spoofed data key 93 persistently stored on the server. Furthermore, the access verification code 99 persistently stored on the server is updated to access code update information obtained by extracting information from the regenerated account access key 94' (i.e., the new account access code 95').
[0169] In other words, when the access verification code 99 is associated with the fake data key 93 for update, the client 10 must not only regenerate the currently used account access code 95 for verification, but also generate a new account access code 95' as the access code update information for the currently used account access code 95.
[0170] After the association update is completed, whether it's a data access initiated by client 10 or a key update initiated by the access verification code 99 persistently stored on server 20, the consistency comparison result used for permission verification in server 20 becomes the consistency comparison result between the account access code 95' regenerated by client 10 when requesting data access or key update, and the access verification code 99' persistently stored in server 20, that is:
[0171] If the account access code 95' generated by client 10 when requesting data access or key update is consistent with the access verification code 99' persistently stored in server 20, then the permission verification is successful, and the data access or key update initiated by client 10 is enabled accordingly.
[0172] If the account access code 95' generated by client 10 when requesting data access or key update is different from the access verification code 99' persistently stored in server 20, then the permission verification fails, and the data access or key update initiated by client 10 is rejected by server 20 accordingly.
[0173] For example Figure 7 The key management method applied to the client shown, if an authorization verification mechanism is introduced, then S750 of the key management method may further include: obtaining an account access code by extracting information from the account access key; S770 of the key management method may further include: sending the account access code and the disguised data key together to the server, so that the server can use it as an access verification code and persistently store it in association with the data access seed and the disguised data key; S790 of the key management method may further include the process mentioned above where a key update triggers an associated update of the disguised data key 93 and the access verification code 99 persistently stored in the server 20.
[0174] For example Figure 8 The key management method applied to the server shown, if an authorization verification mechanism is introduced, can further include the following steps in S850: persistently storing the account access code provided by the client as an access verification code, associated with the data access seed and the disguised data key; and further include the following steps in S890: using the consistency comparison result between the account access code regenerated by the client when requesting a key update and the persistently stored access verification code to perform authorization verification for the key update, so that the persistently stored access verification code is updated in association with the key update initiated by the client in response to each update of the account private identification code.
[0175] For example Figure 9The data access method applied to the client shown, if an authorization verification mechanism is introduced, can further include S910 of the data access method as follows: extracting information from the account access key regenerated based on the account private identification code when initiating the access request, obtaining the account access code, and carrying the account access code into the access request, so that the server can use the consistency comparison result of the account access code carried in the access request and the persistently stored access verification code to realize authorization verification of data access; correspondingly, S970 data access to the associated data container is enabled after the server's authorization verification is successful, that is, storing data into the associated data container of the current user account and retrieving data from the associated data container of the current user account are both enabled after the server's authorization verification is successful. If the authorization verification fails, the data stored into the associated data container will be rejected or discarded by the server, and data cannot be retrieved from the associated data container of the current user account through the server.
[0176] For example Figure 10 The data access method applied to the server shown, if an authorization verification mechanism is introduced, may further include the following after S1010: obtaining the account access code carried in the access request, which is obtained by the client extracting information from the account access key regenerated based on the account private identification code when initiating the access request; and verifying the authorization of data access by using the consistency comparison result of the account access code carried in the access request and the persistently stored access verification code; wherein, the client's data access to the associated data container after S1030 is enabled after successful authorization verification.
[0177] In addition to permission verification, server 20 can also use persistently stored access verification code 99 or 99' to work with client 10, which generates account access code 95 or 95' for data access, to achieve anti-replay filtering of data access.
[0178] Figure 12 This is a schematic diagram illustrating the principle of the anti-replay mechanism used in the data access process according to an embodiment of this application. Please refer to... Figure 12 In the embodiments of this application, the client 10, which can generate account access code 95, and the server 20, which persistently stores access verification code 99, can implement anti-replay filtering for data access based on a one-time temporary code 96 provided by the server 20. Specifically:
[0179] Server 20 can generate a one-time temporary code 96 and provide it to client 10 (for example, a one-time temporary code 96 in response to an access request initiated by client 10 for any user account can be provided to client 10 together with the user account's data access seed 92 and a fake data key 93). The one-time temporary code 96 generated by server 20 can be a random number (Salt). Therefore, the one-time temporary code 96 generated by server 20 is likely to be different each time. Furthermore, the one-time temporary code 96 generated by server 20 is deleted and discarded after being used once.
[0180] Server 20 can extract information from the access verification code 99 of any user account and the one-time temporary code 96 generated by the current access request initiated for that user account according to the preset information extraction rules (using any information extraction algorithm that supports irreversible operation, such as a hash algorithm), and obtain a dynamic access verification code 98.
[0181] Client 10 can extract information from the user account's access code 95 and the one-time temporary code 96 provided by server 20 according to the same preset information extraction rules as server 20, and obtain the matching access verification code 97 and send it to server 20.
[0182] Since the one-time temporary code 96 can end its lifecycle on server 20 in response to the generation of dynamic access verification code 98, and dynamic access verification code 98 is updated based on the regenerated one-time temporary code in response to the end of the current data access, server 20 can use the consistency comparison result between the current dynamic access verification code 98 and the paired access verification code 97 provided by client 10 to achieve anti-replay filtering of data access.
[0183] For example, if the access request initiated by the client includes a data storage request to store data into the associated data container of the current user account, then the process of the client 10 sending the generated paired access verification code 97 to the server 20 may include: sending the generated paired access verification code 97 and the encrypted data obtained by encrypting the data to be stored into the associated data container together to the server 20, so that the server 20 can perform anti-replay filtering on whether to allow the encrypted data of the current user account to be stored into the associated data container based on the consistency determination result of the paired access verification code 97 and the dynamic access verification code 98. If the paired access verification code 97 and the dynamic access verification code 98 are consistent, it means that the encrypted data is a normal data storage corresponding to the data storage request of the current user account, and therefore the encrypted data is allowed to be stored into the associated data container. However, if the paired access verification code 97 and the dynamic access verification code 98 are inconsistent, it means that the encrypted data is a duplicate data storage after the encrypted data corresponding to the data storage request of the current user account has been stored, and therefore the duplicate storage of the encrypted data in the associated data container is prohibited.
[0184] For example, if the access request includes a data retrieval request to retrieve data from the associated data container of the current user account, then the process of the client 10 sending the generated paired access verification code 97 to the server 20 may include: before obtaining the specified encrypted data in the associated data container of the current user account, sending the paired access verification code 97 to the server 20, so that the server 20 can perform anti-replay filtering based on the consistency determination result of the paired access verification code 97 and the dynamic access verification code 98, to determine whether to allow the client 10 to provide the specified encrypted data in the associated data container of the current user account. If the paired access verification code 97 and the dynamic access verification code 98 are consistent, it means that the current data retrieval behavior for the specified encrypted data is a normal data retrieval behavior corresponding to the data retrieval request of the current user account, and therefore the retrieval of the specified encrypted data from the associated data container is allowed. However, if the paired access verification code 97 and the dynamic access verification code 98 are inconsistent, it means that the current data retrieval behavior is a duplicate data retrieval after the data retrieval behavior corresponding to the data retrieval request of the current user account has been completed and stored, and therefore the duplicate retrieval of the specified encrypted data from the associated data container is prohibited.
[0185] Therefore, server 20 can filter the data access initiated by client 10 by judging the consistency of paired access verification code 97 and dynamic access verification code 98.
[0186] For example Figure 9The data access method applied to the client shown, if an anti-replay mechanism is introduced, can further include S930 of the data access method as follows: obtaining a one-time temporary code provided by the server in response to the access request, along with a data access seed and a fake data key. The server is configured to use preset information extraction rules to obtain a dynamic access verification code by extracting information from the access verification code and the one-time temporary code. The one-time temporary code ends its lifecycle in response to the generation of the dynamic access verification code, and the dynamic access verification code is updated based on the regenerated one-time temporary code in response to the end of data access. The data access method can further include, before S970: using the same preset information extraction rules as the server, extracting information from the one-time temporary code and the account access code obtained when initiating the access request to obtain a paired access verification code for identifying the access request. Furthermore, S970 of the data access method can further include: sending the generated paired access verification code to the server, so that the server performs anti-replay filtering on the data access based on the consistency determination result between the paired access verification code and the dynamic access verification code obtained by the server from extracting information from the account access code and the one-time temporary code.
[0187] For example Figure 10 The data access method applied to the server shown, if an anti-replay mechanism is introduced, then S1030 of the data access method may further include: in response to an access request, extracting information from the access verification code and the one-time temporary code using preset information extraction rules to obtain a dynamic access verification code for identifying the access request; and providing the one-time temporary code, which has not yet ended within its lifecycle, together with the data access seed and the disguised data key to the client, so that the client can use the same preset information extraction rules to extract information from the account access code and the one-time temporary code to obtain a paired access verification code. The one-time temporary code ends within the server's lifecycle in response to the generation of the dynamic access verification code, and the dynamic access verification code is updated based on the regenerated one-time temporary code in response to the end of the data access. Furthermore, the account access code used by the client when obtaining the paired access verification code is obtained by the client extracting information from the account access key regenerated based on the account private identification code when initiating the access request. The data access method may also further include, after S1030, anti-replay filtering of the current data access based on the consistency determination result between the current dynamic access verification code and the paired access verification code obtained from the client.
[0188] As can be seen above, in this embodiment of the application, in response to each data access to the associated data container initiated by the client to the server, or in response to the key update initiated by the client to the access verification code persistently stored on the server, the account access code not persistently stored on the client can be regenerated on the client based on the account private identification code obtained locally. The regenerated account access code is sent to the server so that the server can use the consistency comparison result of the account access code regenerated by the client when requesting the data access or key update and the persistently stored access verification code to realize the permission verification of data access or key update, and / or, use the access verification code and the client that regenerated the account access code to cooperate in realizing the anti-replay filtering of data access.
[0189] Figure 13 This is a schematic diagram illustrating an exemplary structure of a client in an embodiment of this application. Please refer to [link / reference]. Figure 13 In embodiments of this application, the client may include a first processor 1210, a first communication component 1220 for communicating with the server, an information input component 1230 for inputting an account private identification code, and memory 1240 for non-persistent storage. The first processor 1210 can be used to execute the key management method and data access method applied to the client in the aforementioned embodiments. The first communication component 1220 may include functional components supporting wired and / or wireless communication, and the information input component 1230 may include functional components such as those supporting human-computer interaction and / or hot-plugging interfaces. Additionally, the client may include a first non-transitory computer-readable storage medium 1200, which stores instructions for inducing the first processor 1210 to execute the key management method and data access method applied to the client in the aforementioned embodiments.
[0190] Figure 14 This is a schematic diagram of an exemplary server structure according to an embodiment of this application. Please refer to... Figure 14 In embodiments of this application, the server may include a second processor 1310, a second communication component 1320 for communicating with a client, a data interface component 1330 for communicating with a storage device, and a physical disk 1340 for persistent storage. The second processor 1310 may be used to execute the key management method and data access method applied to the server in the foregoing embodiments, and the second communication component 1320 may include functional components supporting wired and / or wireless communication. Additionally, the client may include a second non-transitory computer-readable storage medium 1300, which stores instructions for inducing the second processor 1310 to execute the key management method and data access method applied to the server in the foregoing embodiments.
[0191] In another embodiment of this application, a data storage system is also provided, including, as Figure 13 The client shown, such as Figure 14 The server and storage device shown are used to deploy associated data containers for any user account, at least one of which is the associated data container for the current user account mentioned in the foregoing embodiments.
[0192] The above description is merely a preferred embodiment of this application and is not intended to limit this application. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this application should be included within the scope of protection of this application.
Claims
1. A key management method for secure data access, characterized in that, The key management method is applied to the client and includes: Obtain the data access seed assigned by the server to the current user account that successfully created the associated data container, the data access seed being stored non-persistently on the client. Using the account private identification code of the current user account obtained locally, the hidden data key generated locally for the current user account, and the data access seed, a disguised data key is generated. The hidden data key and the disguised data key are stored non-persistently on the client. The spoofed data key is sent to the server and persistently stored in association with the data access seed; The disguised data key, which is persistently stored in the server, is provided to the client in response to the client's request for the use of the hidden data key, so that the client can use the account private identifier, the disguised data key, and the data access seed to recover the hidden data key; Furthermore, the use of the hidden data key by the client includes: using the restored hidden data key to access the associated data container of the current user account, and, in response to the update of the account private identifier, using the updated account private identifier and the restored hidden data key to update the persistently stored disguised data key.
2. The key management method according to claim 1, characterized in that, The key management method further includes: In response to the container creation request from the current user account for creating the associated data container, the container creation request is sent to the server, and a random key is generated for the current user account to be used as the hidden data key.
3. The key management method according to claim 1, characterized in that, The step of generating the disguised data key using the account private identifier, the hidden data key, and the data access seed includes: extracting information from the data access seed and the account private identifier to obtain the account access key; and encrypting the hidden data key using the account access key to obtain the disguised data key. The account access key is stored non-persistently on the client side. Furthermore, the restoration of the hidden data key includes: extracting information from the data access seed and the account private identification code to obtain the account access key; and decrypting the disguised data key using the account access key to restore the hidden data key.
4. The key management method according to claim 3, characterized in that, The key management method further includes: The account access code is obtained by extracting information from the account access key; The account access code is sent to the server so that it can be used by the server as an access verification code and persistently stored in association with the data access seed and the fake data key; Wherein, the account access code is not persistently stored on the client. In response to each data access to the associated data container initiated by the client to the server, or in response to the key update initiated by the client to the fake data key persistently stored on the server, the account access code is regenerated on the client based on the account private identification code obtained locally. The regenerated account access code is sent to the server so that the server can use the account access code regenerated by the client when requesting the data access or the key update, and the consistency comparison result of the persistently stored access verification code, to realize the permission verification of the data access or the key update, and / or, use the access verification code and the client that regenerated the account access code to cooperate in realizing the anti-replay filtering of the data access. Furthermore, the access verification code persistently stored in the server is updated in conjunction with the disguised data key in response to each update of the account private identifier. The process of updating the access verification code includes: regenerating the account access key using the data access seed provided by the server and the updated account private identifier; the regenerated account access key is used to generate data key update information for the disguised data key; the data key update information is used to update the disguised data key persistently stored in the server; and, in response to successful verification of the permission check for the key update, updating the access verification code persistently stored in the server to access code update information obtained by extracting information from the regenerated account access key. The extraction rules for obtaining the access code update information by extracting information from the regenerated account access key are the same as the extraction rules for obtaining the account access code from the account access key.
5. A key management method for secure data access, characterized in that, The key management method is applied to a server and includes: An associated data container is created for the current user account of the client, and in response to the successful creation of the associated data container, a data access seed allocated to the current user account for which the associated data container was successfully created is provided to the client; wherein the client is configured to generate a disguised data key using the account private identifier of the current user account, a hidden data key generated for the current user account, and the data access seed, and the disguised data key, the hidden data key, and the data access seed are stored non-persistently on the client; The fake data key of the current user account provided by the client is persistently stored in association with the data access seed; The persistently stored disguised data key is provided to the client in response to the client's request for the use of the hidden data key, so that the client can use the account private identifier, the disguised data key, and the data access seed to restore the hidden data key; Furthermore, the use of the hidden data key by the client includes: using the restored hidden data key to access the associated data container of the current user account, and, in response to the update of the account private identifier, using the updated account private identifier and the restored hidden data key to update the persistently stored disguised data key.
6. The key management method according to claim 5, characterized in that, The client is configured to: extract information from the data access seed and the account private identifier to obtain an account access key, which is stored non-persistently on the client; and encrypt the hidden data key using the account access key to obtain the disguised data key. Furthermore, the account access code is obtained by extracting information from the account access key; The key management method further includes: persistently storing the account access code provided by the client as an access verification code, associated with the data access seed and the fake data key; The account access code is not persistently stored on the client. In response to each data access to the associated data container initiated by the client to the server, or in response to the key update initiated by the client to the disguised data key persistently stored on the server, the account access code is regenerated on the client based on the account private identification code obtained locally. Furthermore, the key management method further includes: using the consistency comparison result between the account access code regenerated by the client when requesting the data access or the key update, and the persistently stored access verification code, to realize the permission verification of the data access or the key update, and / or, using the access verification code and the client that regenerated the account access code to collaboratively realize the anti-replay filtering of the data access. Furthermore, the persistently stored access verification code is updated in response to each update of the account private identifier, and is associated with and updated by the client along with the spoofed data key. The client is further configured to implement the associated update in the following manner: regenerating the account access key using the data access seed provided by the server and the updated account private identifier; the regenerated account access key is used to generate data key update information for the spoofed data key; the data key update information is used to update the spoofed data key persistently stored in the server; and updating the persistently stored access verification code in the server to access code update information obtained by extracting information from the regenerated account access key. The extraction rules for obtaining the access code update information by extracting information from the regenerated account access key are the same as the extraction rules for obtaining the account access code from the account access key.
7. A data access method, characterized in that, The data access method is applied to a client and includes: Initiate an access request to the server for the associated data container of the current user account; Obtain the spoofed data key and data access seed provided by the server in response to the access request, wherein the spoofed data key and the data access seed are persistently stored in association with each other on the server, and the data access seed is non-persistently stored on the client. Using the disguised data key provided by the server, the data access seed, and the account private identification code of the current user account obtained locally, the hidden data key generated by the client for the current user account before initiating the access request can be restored; The disguised data key and the hidden data key are stored non-persistently on the client. Furthermore, the use of the hidden data key by the client includes: using the restored hidden data key to access the associated data container of the current user account, and, in response to the update of the account private identifier, using the updated account private identifier and the restored hidden data key to update the persistently stored disguised data key.
8. The data access method according to claim 7, characterized in that, The process of restoring the hidden data key using the disguised data key and data access seed provided by the server, as well as the locally obtained account private identification code, includes: The account access key is obtained by extracting information from the data access seed and the account private identification code; The hidden data key is obtained by decrypting the disguised data key using the account access key. The account access key is stored non-persistently on the client side.
9. The data access method according to claim 8, characterized in that, The server persistently stores an access verification code, and the access verification code is persistently stored in the server in association with the data access seed and the spoofed data key. The data access method further includes: Information is extracted from the account access key generated again based on the account private identification code when the access request is initiated to obtain the account access code. The account access code is then carried into the access request so that the server can use the consistency comparison result of the account access code carried in the access request and the persistently stored access verification code to perform permission verification for the data access. The data access to the associated data container is enabled after the permission verification is successful. Furthermore, the access verification code persistently stored in the server is updated in conjunction with the disguised data key in response to each update of the account private identifier. The process of updating the access verification code includes: regenerating the account access key using the data access seed provided by the server and the updated account private identifier; the regenerated account access key is used to generate data key update information for the disguised data key; the data key update information is used to update the disguised data key persistently stored in the server; and, in response to successful verification of the permission check for the key update, updating the access verification code persistently stored in the server to access code update information obtained by extracting information from the regenerated account access key. The extraction rules for obtaining the access code update information by extracting information from the regenerated account access key are the same as the extraction rules for obtaining the account access code from the account access key.
10. The data access method according to claim 9, characterized in that, The data access method further includes: The server obtains a one-time temporary code provided by the server in response to the access request, along with the data access seed and the disguised data key. The server is configured to obtain a dynamic access verification code by extracting information from the access verification code and the one-time temporary code using preset information extraction rules. The one-time temporary code ends in the lifetime of the server in response to the generation of the dynamic access verification code. Furthermore, the dynamic access verification code is updated based on the regenerated one-time temporary code in response to the end of the data access. The preset information extraction rules are used to extract information from the one-time temporary code and the account access code obtained when the access request is initiated, to obtain a paired access verification code used to identify the access request; The generated paired access verification code is sent to the server, prompting the server to perform anti-replay filtering on the data access based on the consistency determination result between the paired access verification code and the dynamic access verification code.
11. A data access method, characterized in that, The data access method is applied to a server and includes: In response to a client's access request to the associated data container of the current user account, query the persistently stored masquerading data key and the persistently stored data access seed associated with the masquerading data key; The client is provided with the queried disguised data key and the data access seed, so that the client can use the disguised data key, the data access seed and the account private identification code of the current user account obtained locally to restore the hidden data key generated for the current user account before initiating the access request; The disguised data key, the data access seed, and the hidden data key are stored non-persistently on the client. Furthermore, the use of the hidden data key by the client includes: using the restored hidden data key to access the associated data container of the current user account, and, in response to the update of the account private identifier, using the updated account private identifier and the restored hidden data key to update the persistently stored disguised data key.
12. The data access method according to claim 11, characterized in that, The server persistently stores an access verification code, and the access verification code is persistently stored in the server in association with the data access seed and the spoofed data key. The data access method further includes: Obtain the account access code carried in the access request. The account access code is obtained by the client extracting information from the account access key that is regenerated based on the account private identification code when the access request is initiated. By comparing the consistency of the account access code carried in the access request and the persistently stored access verification code, permission verification for data access is achieved; wherein, access to the data in the associated data container is enabled after the permission verification is successful. Furthermore, the access verification code persistently stored in the server is updated in conjunction with the disguised data key in response to each update of the account private identifier. The process of updating the access verification code includes: regenerating the account access key using the data access seed provided by the server and the updated account private identifier; the regenerated account access key is used to generate data key update information for the disguised data key; the data key update information is used to update the disguised data key persistently stored in the server; and, in response to successful verification of the permission check for the key update, updating the access verification code persistently stored in the server to access code update information obtained by extracting information from the regenerated account access key. The extraction rules for obtaining the access code update information by extracting information from the regenerated account access key are the same as the extraction rules for obtaining the account access code from the account access key.
13. The data access method according to claim 12, characterized in that, The data access method further includes: In response to the access request, information is extracted from the access verification code and the one-time temporary code using preset information extraction rules to obtain a dynamic access verification code for identifying the access request. The one-time temporary code, whose lifecycle has not yet ended, is provided to the client along with the data access seed and the disguised data key. This prompts the client to use the preset information extraction rules to extract information from the account access code and the one-time temporary code to obtain a paired access verification code. The one-time temporary code ends its lifecycle on the server in response to the generation of the dynamic access verification code. The dynamic access verification code is updated based on the regenerated one-time temporary code in response to the end of the data access. Furthermore, the account access code used by the client when obtaining the paired access verification code is obtained by the client extracting information from the account access key regenerated based on the account private identifier when initiating the access request. Based on the consistency determination result between the dynamic access verification code and the paired access verification code obtained from the client, the data access is filtered to prevent replay.
14. A client, characterized in that, The device includes a first processor, a first communication component for communicating with a server, an information input component for inputting an account private identification code, and memory for non-persistent storage. The first processor is used to execute the key management method as described in any one of claims 1 to 4 and the data access method as described in any one of claims 7 to 10.
15. A server, characterized in that, It includes a second processor, a second communication component for communicating with a client, and a physical disk for persistent storage, wherein the second processor is used to execute the key management method as described in claim 5 or 6, and the data access method as described in any one of claims 11 to 13.
16. A data storage system, characterized in that, include: The client as described in claim 14; The server as described in claim 15; as well as A storage device for deploying the associated data container with any user account.