CN110417750A

CN110417750A - File based on block chain technology is read and method, terminal device and the storage medium of storage

Info

Publication number: CN110417750A
Application number: CN201910617024.4A
Authority: CN
Inventors: 刘芳璐; 王思喆; 王怡宁; 王健
Original assignee: Beijing Jianwang Future Technology Co Ltd
Priority date: 2019-07-09
Filing date: 2019-07-09
Publication date: 2019-11-05
Anticipated expiration: 2039-07-09
Also published as: CN110417750B

Abstract

This disclosure relates to which a kind of file based on block chain technology is read and method, terminal device and the storage medium of storage.This document read method includes: that client relevant to the first user sends the file read request message for being directed to file to be read to storage node network, wherein, file to be read is stored in storage node network under chain in a distributed manner in the form of multiple file fragmentations；Storage node network carries out common recognition verifying with whether the public key of the first user in storage node network matches to the signature of the first user；In the case where being verified, storage node network sends multiple file fragmentations of file to be read to client relevant to the first user；And client relevant to the first user restores file to be read from the multiple file fragmentations received.To provide a kind of highly safe, sharing data file that data capacity scalability is high scheme between the node in storage node network.

Description

File based on block chain technology is read and method, terminal device and the storage of storage Medium

Technical field

Present disclosure generally relates to the technical fields of data file access, including the write-in and reading to data file It takes, is read in particular to a kind of file based on block chain technology and the method for storage, terminal device and computer-readable Storage medium.

Background technique

In current informationized society, either mechanism is still personal, and any operation can all produce on the computer network Raw data, and in these data just include many important sensitive privacy data.Privacy data are for example, personal identity card Information, bank's card number, social security card number, the medical data (such as the medical image datas such as CT photo) of patient, individual be not With on website username and password, and the like data.These data or information are usually stored with document form On disk or other exterior storage mediums in a computer network.For private data storage and management, how to guarantee The safety of storage and the convenience of access are the primary demands of the storage and management of private data file.Especially for mechanism Speech, due to constantly there is the generation of private data file, and demand of these files to memory space is usually larger, thus is depositing It is lasting in terms of the safety of storage and the convenience of access that there is improved demands.In addition, in traditional server/customer end (C/S) in framework or browser/client framework, although certain data are considered to be what specific user exclusively enjoyed, such as the use The account and password at family, but the owner of the owner of these data, the storage medium that carry these data are not this User.

There are security risks for central data management system in traditional technology itself.On the one hand, data management system itself Vulnerable to malicious attack, usually there are data in loophole or system in system in itself may not stored cryptographically.Than Such as, using database uniformly to carry out rights management, when the database is controlled by malicious attacker, database The information managed will be revealed in batches.And even if carrying out encryption storage to data in system, if the key for encryption Still it is stored in system with sheet format, then single can be so that all keys all fall to the successful attack of system It falls into, so that the batch of data be caused to reveal.On the other hand, at the same time, data management system also faces the hidden of backdoor practice Suffer from.By taking the mechanism for using private clound as an example, using the mechanism of private clound, the main body of private clound is generally not built, i.e., mostly Number uses the private clound that third-party platform is built using the mechanism of private clound.The data management system built by third party, The permission that third party itself is possessed can become the hidden danger that data are compromised from inside, while can also become malicious attack Object.And be not only faced with using public cloud and the problem same using private clound, simultaneously because the main body of data storage does not exist It is in-house, and in third party, so that mechanism can not control the actual use situation of data completely.That is, passing Under system mode, third party is allowed to participate in data management, does not but allow third party is practical to possess data, is highly difficult.

Additionally, it is provided the problem of main body of data storage and management service is there is also in terms of confidence level.On the one hand, due to number According to owner data deficiency is controlled so that its state that can not be directly acquainted with data, thus when leaking data occurs, nothing Method effectively consults trace, is traced.Meanwhile although behavioural information can be recorded on list by some third party systems, by There is the possibility for being tampered (back door or loophole) in form data, so that these information can not be effectively as the foundation called to account.Separately On the one hand, public cloud is stored data in, huge security and privacy hidden danger and lower data service efficiency can be faced； Private clound is stored data in, there will be huge cost (costs of the various aspects such as hardware, software, O&M and management).

The redundancy backup of data file is also a traditional technology mode for guaranteeing the safety of data storage, to prevent from counting According to loss or damage.However, this aspect rises the carrying cost of data, while also allowing the computer of storage Backup Data Website becomes the object of potential malicious attack, becomes the risk point of leaking data.

In addition, having very big correlation between the performance of data management system and scalability, in different scalabilities In the case where, the performance of system has bigger difference.Even for efficiency, system expands when handling information for different Malleability can use different strategies.This aspect can allow system to have biggish limitation, while also bring to system very big Maintenance cost (handling big information with small resource) and the wasting of resources (handling small information with large resource).

Furthermore in the biggish file of transfer ratio, since data management system is used from central server to client Transmission mode, so that transmission time is too long.

Block chain is characterized by its decentralization, high security, fault tolerant, attack tolerant, collusion resistant, after proposition It rapidly develops, high matching has been shown for the foregoing problems aspect for solving to occur in data file storage.Block chain is The new application mode of the computer technologies such as Distributed Storage, point-to-point transmission, common recognition mechanism, Encryption Algorithm.Common recognition machine System is that the mathematical algorithm established between different nodes and trust, obtain equity is realized in block catenary system, is area in block chain technology The core that block chain node gains credit between each other.At present, it has been proposed that a variety of common recognition mechanism and common recognition algorithm, although it sets Meter design is varied, but the essence for mechanism of knowing together is identical always, i.e., exchanges for and trust to consume resource.

For narrow sense, block chain is a kind of be sequentially in time combined into data block in such a way that sequence is connected one Kind linked data structure, and the distributed account book that can not be distorted He can not forge guaranteed in a manner of cryptography.Broadly, area Block chain technology is to verify to know together algorithm with storing data, using distributed node to generate and more using block linked data structure New data, utilizes the intelligence being made of automatized script code at the safety for guaranteeing data transmission and access in the way of cryptography Can contract program the completely new distributed basis framework and calculation paradigm of one kind with operation data.

It is, in general, that block catenary system is made of data Layer, network layer, common recognition layer, excitation layer, contract layer and application layer. Wherein, data Layer encapsulates bottom data block and the basic datas such as relevant data encryption and timestamp and rudimentary algorithm； Network layer then includes distributed networking mechanism, data dissemination mechanism and data authentication mechanism etc.；Common recognition layer predominant package network section All kinds of common recognition algorithms of point；Economic factor is integrated into block chain technical system by excitation layer, and main includes economic incentives Issuing mechanism and distribution mechanism etc.；All kinds of scripts of contract layer predominant package, algorithm and intelligent contract, are block chain programmable features Basis；Application layer then encapsulates the various application scenarios and case of block chain.In the model, the chain type block based on timestamp Structure, the common recognition mechanism of distributed node, the intelligent contract based on the know together economic incentives and flexible programmable of calculating power are blocks The most representative innovative point of chain technology.

The technological document storage system based on block chain is had been proposed that at present.For example, Chinese patent application discloses CN109274717A proposes a kind of shared storage method based on block chain, in the method, will shared data be stored with Block chain technology is stored, and allows its at least partly memory space of each block chain nodes sharing, constructs a Distributed sharing Storage center, wherein being stored the shared data to be stored into Distributed sharing storage using redundancy encoding mode The heart.But application of these block chain technologies in private data management faces two problems: (1) not due to information transmitting Invertibity, private data are just difficult to be controlled and limited its use scope after sharing directly on chain；And (2) block chain Memory capacity is not sufficient to the private data for supporting to possess huge data volume, and private data cochain can cause block chain to be difficult to bear The congestion of lotus.

It should be pointed out that being only used for reinforcing the skill to present disclosure in the content of above-mentioned background technology part introduction The understanding of art background, natural representative's content therein must not be the prior art known to persons of ordinary skill in the art.

Summary of the invention

In view of this, the first purpose of the technical solution of disclosure description be to provide it is a kind of improved, safer The scheme of file storage and reading based on block chain technology.

In a first aspect, providing a kind of method of reading file based on block chain technology, comprising: the client of the first user The file read request message for sending to storage node network and being directed to file to be read is held, this document read requests message includes: The signature of the file identifier of file to be read, the identifier of the first user and the first user, wherein the text to be read Part is stored in storage node network under chain in a distributed manner in the form of multiple file fragmentations；The storage node network is to institute The signature for stating the first user carries out common recognition verifying with whether the public key of first user in the storage node network matches； In the case where being verified, the storage node network sends described to be read to the client relevant to the first user The multiple file fragmentation of file；And the client relevant to the first user is from the multiple file fragmentations received Restore the file to be read.

In one embodiment, file fragmentation identifier is encrypted using the public key of the first user, encrypted File fragmentation identifier is stored on block chain, and this method may further include: client relevant to the first user is from depositing The file fragmentation identifier after decryption is extracted on storage meshed network, and sends the file fragmentation after decryption to storage node network Identifier.The storage node network sends the described more of the file to be read to the client relevant to the first user The step of a file fragmentation may further include: the storage node network is according to the file fragmentation identifier received to institute State the multiple file fragmentation that client relevant to the first user sends the file to be read.

In one embodiment, the file to be read in the storage node network is added using symmetric key Close, the symmetric key is encrypted using the public key of the first user, and the encrypted symmetric key is stored in area On block chain.This method may further include: the client relevant to the first user is mentioned from the storage node network Take out the symmetric key.The client relevant to the first user restores described from the multiple file fragmentations received The step of file to be read may further include: the client relevant to the first user is using the symmetric key to also The file to be read that original goes out is decrypted.

In one embodiment, the identifier of first user is the public key of first user；Alternatively, described first The identifier of user includes the number of first user and the public key of first user.

In one embodiment, the file fragmentation of the file to be read is stored in memory node in the form of erasure code In network.The client relevant to the first user restores the file to be read from the multiple file fragmentations received May further include: client relevant to the first user is restored from the file fragmentation received by erasure code The file to be read.

In one embodiment, this method may further include: for verifying of knowing together each time, associated metadata being deposited Storage is stored on block chain on block chain, and/or by metadata relevant to each file fragmentation.

In one embodiment, metadata relevant to each file fragmentation is stored on block chain.This method can be into One step includes: that the client relevant to the first user is relevant with each file fragmentation from storage node network acquisition Metadata, to judge whether the file fragmentation is distorted.

In second aspect, a kind of method of storage file based on block chain technology is provided, comprising: related to second user Client file to be stored is divided into multiple file fragmentations；The client relevant to second user is to memory node net Network sends the write operation message for being directed to the file to be stored, and said write operation information includes: file fragmentation, broken with file The label of the relevant information of the relevant identifier of the identifier or second user of piece identifier and the first user and second user Name, wherein first user is the owner of the file to be stored；The storage node network is to the second user Signature carries out common recognition verifying with whether the public key of first user in the storage node network matches；And it is logical in verifying In the case where crossing, the multiple file fragmentation is stored in storage node network in a distributed manner under chain.

In one embodiment, write operation message further includes the write operation permission order for the file to be stored Board.Before the step for being stored in the multiple file fragmentation in storage node network in a distributed manner under chain, this method can To further comprise: the block chain meshed network is according to the said write operating right token received to second user to described The write-in permission of file to be stored carries out common recognition verifying.

In one embodiment, write operation rights token, which can be, obtains from first user, including following It is one or more in: the label of the file identifier of the file to be stored, the identifier of second user and the first user Name；The file identifier of the file to be stored, the identifier of second user, the signature of second user and the first user Signature；The identifier of the second user and the signature of first user；The identifier of the second user, described second The signature of user and the signature of first user；The mark of the file identifier of the file to be stored, the second user Know symbol and the signature of first user；And second user identifier and the first user signature.

In one embodiment, it is described in the case where being verified, the multiple file fragmentation is distributed under chain Ground is stored in storage node network and may further include: being identified using the public key of first user to each file fragmentation Symbol is encrypted, and encrypted file fragmentation identifier is stored on the first block chain.

In one embodiment, this method may further include: client relevant to second user generates symmetrical close Key, wherein the file to be stored for being divided into multiple file fragmentations is to utilize the file after the symmetric key encryption；And Each file fragmentation identifier and the encryption key are encrypted using the public key of first user, after encryption Result be stored on the second block chain.

In one embodiment, the identifier of first user is the public key of first user, and described second The identifier of user is the public key of the second user；Alternatively, the identifier of first user includes first user The public key of number and first user, the identifier of the second user includes the number and described second of the second user The public key of user.

In one embodiment, client relevant to second user file to be stored is divided into multiple file fragmentations can To further comprise: file to be stored is divided into multiple by the client relevant to second user in the form of erasure code File fragmentation.

In one embodiment, this method may further include: for verifying of knowing together each time, associated metadata being deposited Storage is stored on block chain on third block chain, and/or by metadata relevant to each file fragmentation.

In one embodiment, the storage node network is used according to the said write operating right token received second It includes: the storage node network to first user that family, which carries out common recognition verifying to the write-in permission of the file to be stored, Signature carries out common recognition verifying with whether the public key of first user in the storage node network matches.

In one embodiment, write operation rights token can have the adeditive attribute for the access times that can be allowed to.

In the third aspect, a kind of method of reading file based on block chain technology is provided, comprising: receive and come from and first The file read request message for file to be read of the relevant client of user, this document read requests message include: to Read file identifier, the identifier of the first user and the signature of the first user of file, wherein the file to be read It is stored in storage node network in a distributed manner under chain in the form of multiple file fragmentations；To the signature of first user with Whether the public key of first user in the storage node network, which matches, carries out common recognition verifying；And in the feelings being verified Under condition, one in the multiple file fragmentation from the file to be read to the client relevant to the first user that send Or multiple file fragmentations.

In one embodiment, file fragmentation identifier is encrypted using the public key of the first user, encrypted File fragmentation identifier is stored on block chain.This method may further include: receive client relevant to the first user File fragmentation identifier after the decryption of transmission.The file to be read is sent to the client relevant to the first user The step of one or more file fragmentations in the multiple file fragmentation, may further include: broken according to the file received In the multiple file fragmentation that piece identifier sends the file to be read to the client relevant to the first user One or more file fragmentations.

In fourth aspect, a kind of method of storage file based on block chain technology is provided, comprising: receive and come from and second The write operation message for file to be stored that the relevant client of user is sent, which includes: that file is broken Piece, information relevant to the identifier or second user identifier of file fragmentation identifier and the first user and second user Signature, wherein first user is the owner of the file to be stored, and the client relevant to second user File to be stored is divided into multiple file fragmentations and sent in storage node network by end；To the label of the second user Name carries out common recognition verifying with whether the public key of the second user in the storage node network matches；And it is all logical in verifying In the case where crossing, the multiple file fragmentation is stored in storage node network in a distributed manner under chain.

In one embodiment, said write operation information further includes the write operation permission for the file to be stored Token.Before being stored in the multiple file fragmentation in storage node network in a distributed manner under chain, this method can be into One step include: according to the said write operating right token that receives to second user to the write-in permission of the file to be stored into Row common recognition verifying.

In one embodiment, write operation rights token is obtained from first user, including in the following terms It is one or more: the signature of the file identifier of the file to be stored, the identifier of second user and the first user； The file identifier of the file to be stored, the identifier of second user, the signature of second user and the label of the first user Name；The identifier of the second user and the signature of first user；The identifier of the second user, described second are used The signature at family and the signature of first user；The mark of the file identifier of the file to be stored, the second user Symbol and the signature of first user；And second user identifier and the first user signature.

At the 5th aspect, a kind of terminal device of reading file based on block chain technology is provided, comprising: network interface, It is configured as being communicated with other peer terminals equipment；Memory is configured as storage program code and processor, quilt It is configured to execute method and step of the said program code to execute the aforementioned third aspect.

At the 6th aspect, a kind of terminal device of storage file based on block chain technology is provided, comprising: network interface, It is configured as being communicated with other peer terminals equipment；Memory is configured as storage program code and processor, quilt It is configured to execute method and step of the said program code to execute aforementioned fourth aspect.

At the 7th aspect, a kind of computer readable storage medium is provided, the computer including being stored thereon is executable to be referred to It enables, the executable instruction implements the method and step of the aforementioned third aspect when being executed by processor.

In eighth aspect, a kind of computer readable storage medium is provided, the computer including being stored thereon is executable to be referred to It enables, the executable instruction implements the method and step of aforementioned fourth aspect when being executed by processor.

According to various embodiments of the present invention, data file is stored in storage node network in a distributed manner under chain, The relevant information of permission of the write-in and/or read operation to file is stored in the memory node in the form of block chain simultaneously In network, for the common recognition verifying under block chain technology.It is tested by the common recognition using all participants in data management structure Card, data owner need not be the host for storing the data file for belonging to it or the control person for storing equipment, can but enjoy to it The access right of the data file of ownership possesses complete control, including the desired target user's access of authorization, storage or reading Take the data file；Meanwhile it providing a kind of highly safe, data capacity between the node in storage node network and can expand The scheme of the high sharing data file of malleability.

Detailed description of the invention

The attached drawing for constituting a part of this disclosure is used to provide further understanding of the disclosure, the schematic reality of the disclosure Example and its explanation are applied for explaining the disclosure, does not constitute the improper restriction to the disclosure.For those of ordinary skill in the art For, without creative efforts, it is also possible to obtain other drawings based on these drawings.In the accompanying drawings:

The network system that the various methods that Fig. 1 diagrammatically illustrates embodiment according to the present invention can be implemented within Synoptic chart；

Fig. 2 diagrammatically illustrates the frame for being adapted to realize the mobile terminal of the various methods of embodiment according to the present invention Figure；

Fig. 3 diagrammatically illustrates the meter for being suitable for being used to realize embodiment of the present invention according to one embodiment of the present invention The block diagram of calculation machine system；

Fig. 4 diagrammatically illustrates the signal of the storage and the system architecture read of file according to one embodiment of the present invention Figure；

Fig. 5 diagrammatically illustrates the method for the reading file based on block chain technology according to one embodiment of the present invention Flow chart；

Fig. 6 diagrammatically illustrates the method for the storage file based on block chain technology according to one embodiment of the present invention Flow chart；

Fig. 7 diagrammatically illustrates the method flow diagram of acquisition write operation authorization according to one embodiment of the present invention；

Fig. 8 diagrammatically illustrates the side of the storage file based on block chain technology of another embodiment according to the present invention The flow chart of method；

Fig. 9 diagrammatically illustrates storage based on block chain technology according to one embodiment of the present invention and reads file Process schematic diagram；And

Figure 10 diagrammatically illustrates the block diagram of computer program product according to one embodiment of the present invention.

Specific embodiment

Hereinafter, certain exemplary embodiments are simply just described.As one skilled in the art will recognize that Like that, without departing from the spirit or the scope of the present disclosure, described embodiment can be modified by various different modes. Therefore, it attached drawing and is considered essentially described below illustrative rather than restrictive.

Flow chart and block diagram in attached drawing are illustrated according to the device of various embodiments of the invention, method and computer journey The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation A part of one module, program segment or code of table, a part of the module, program segment or code include one or more For realizing the executable instruction of scheduled logic function.It should be noted that in some alternative implementations, being marked in box The function of note can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are actually It can be basically executed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.It should also be as Note that the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart, can use execution The dedicated hardware based systems of defined functions or operations realizes, or can use specialized hardware and computer instruction Combination is to realize.In addition, the optional step in following specific embodiments is shown in the form of dotted line frame for the convenience of signal Out.

It will be appreciated that though in the embodiments described herein, sometimes directly by user be described as message sender or Recipient, but this is merely to the convenience of narration is the transmission that client relevant to the user completes message for stringent And reception.Send and receive movement can in response to user input and start, be also possible to start automatically.Client is answered It is connected as broad sense, subscriber terminal equipment can be represented, the application program operated on subscriber terminal equipment can also be represented, it is right For those skilled in the art, the concrete meaning of above-mentioned term in the disclosure can be understood as the case may be.

In addition, herein, the message semantic definition that the first main body is sent to the second main body for including multiple content items, It is understood that in specific implementation, these content items can be sent in a piece of news, can also be sent out in multiple messages It send.These content items can be explicitly embodied directly in message, implicitly can also include interior with this in sending message Hold item associations, by the associations, the second main body (recipient) can be obtained from network the content to.On the other hand, The first user of terms used herein, second user etc. are terms in contrast, be used merely to distinguish have different rights or Play the part of the user of different role.Under different scenes, permission or role between the first and second users may be exchanged, This scope and spirit without departing from embodiment of the present invention.In addition, the ordinal numbers such as term " first ", " second " are only used for Purpose is described, relative importance is not understood to indicate or imply or implicitly indicates the quantity of indicated technical characteristic. " first " is defined as a result, the feature of " second " can explicitly or implicitly include one or more feature.In In the description of the disclosure, the meaning of " plurality " is two or more, unless otherwise specifically defined.

In the description of the disclosure, it should be noted that unless otherwise clearly defined and limited, term " connected " " connects Connect " it shall be understood in a broad sense, it for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected: can be machine Tool connection is also possible to be electrically connected or can mutually communicate；It can be directly connected, the indirect phase of intermediary can also be passed through Even, the connection inside two elements or the interaction relationship of two elements be can be.For those of ordinary skill in the art For, the concrete meaning of above-mentioned term in the disclosure can be understood as the case may be.

Following disclosure provides many different embodiments or example is used to realize the different structure of the disclosure.In order to The disclosure for simplifying the disclosure, is hereinafter described the component of specific examples and setting.Certainly, they are merely examples, and And purpose does not lie in the limitation disclosure.In addition, the disclosure can in different examples repeat reference numerals and/or reference letter, This repetition is for purposes of simplicity and clarity, itself not indicate between discussed various embodiments and/or setting Relationship.

It is described in detail below in conjunction with specific embodiment of the attached drawing to the disclosure, it should be understood that described herein excellent It selects embodiment to be only used for describing and explaining the disclosure, is not used to limit the disclosure.

Referring initially to Fig. 1, it illustrates the general views for the network system 100 that embodiment of the present invention can be implemented within Figure.System 100 may include network 110, the multiple terminal devices for being connected to network 110.In Fig. 1, multiple terminal devices quilt It is shown as including one or more mobile terminals 120, one or more desktop computers 130.Multiple terminal device is to be distributed Formula form networking is the network morphology of decentralization, is formed by network and is referred to herein as storage node network.It is multiple Terminal device is referred to herein as node or network node.

Only for the convenience of narration, the networking of the distribution form is known as storage node network, but it is to be understood that root According to embodiments of the present invention, in storage node network work, only subnetwork node has store function, or only sharp With the data storage function of subnetwork node.As an example, one or more desktop computers 130 constitute storage in Fig. 1 Meshed network, although node of the one or more mobile terminals 120 as storage node network, can not utilize their number According to store function.

Network 110 may include any combination of wired or wireless network, wherein these wired or wireless networks include but Be not limited to mobile telephone network, WLAN (LAN), Bluetooth personal local area network, ethernet lan, token ring lan, wide area network, Internet etc..

Mobile terminal 120 is the mobile device with wireless communication ability, the according to the present invention movement of embodiment Terminal can include but is not limited to smart phone, intelligent robot, portable digital-assistant (PDA), pager, mobile computing Machine, mobile TV, game device, laptop computer, camera, video recorder, GPS device and other kinds of voice and text This communication system.

Realizing that it is various that various communication equipments 120 and 130 involved in various embodiments of the invention can be used Medium is communicated by network 110, including but not limited to radio, infrared, laser, cable connection etc..

Fig. 2 shows be adapted to realize the block diagram of the mobile terminal 200 of the various methods of embodiment according to the present invention. As shown in Fig. 2, mobile terminal 200 may include the interface equipment with user interaction, the compiling equipment being connect with interface equipment, with And the networking module 230 being connect with compiling equipment.Wherein, to can be touch screen 240, audio with the interface equipment of user interaction defeated Equipment 250 (including loudspeaker, earphone etc.), microphone 260 out；Compiling equipment can be processor 210, memory 220.Processing Device 210 is configured as all or part of the steps for combining other elements to execute according to the method for the embodiment of the present invention.Networking module 230 are configured to enable data transmit-receive between mobile terminal 200 and other mobile terminals or remote server, such as join Net module 230 may include the components such as network adapter, modem or antenna.Memory 220 be configured as being stored in by Processor 210 is able to carry out the program of the mode of embodiment or instruction sequence according to the present invention and stores from it when executing His mobile terminal or the received information of desktop computer (for example, text, voice, picture etc.).Touch screen 240 is configured as connecing The text input for receiving user, identifies the gesture of user, and the response to request for showing that the request message of user, system provide disappears Breath and other relevant informations.Audio output apparatus 250 is configured as playing response message and/or the processing knot to response message Fruit and system prompt information.Microphone 260 is configured as the voice messaging of acquisition user.Mobile terminal 200 may be implemented as Mobile terminal 120 etc. in Fig. 1.

Fig. 3 shows the frame for being adapted to realize the computer system 300 of the various methods of embodiment according to the present invention Figure.As shown in figure 3, computer system 300 may include: CPU (Central Processing Unit) 301, RAM (random access memory) 302, ROM (read-only memory) 303, system bus 304, hard disk controller 305, keyboard controller 306, serial interface controller 307, Parallel interface controller 308, display controller 309, hard disk 310, keyboard 311, serial peripheral equipment 312, concurrent peripheral equipment 313 and display 314.In these components, what is be connected with system bus 304 has CPU 301, RAM 302, ROM 303, hard disk Controller 305, keyboard controller 306, serialization controller 307, parallel controller 308 and display controller 309.Hard disk 310 with Hard disk controller 305 is connected, and keyboard 311 is connected with keyboard controller 306, serial peripheral equipment 312 and serial interface controller 307 are connected, and concurrent peripheral equipment 313 is connected with parallel interface controller 308 and display 314 and 309 phase of display controller Even.Computer system 300 can also include networking module (not shown), be configured as enabling computer system 300 and its Data transmit-receive is carried out between his mobile terminal or computer system, such as networking module may include network adapter, modulation Demodulator etc..Computer system 300 may be implemented as desktop computer 130 shown in Fig. 1.

It should be appreciated that structural block diagram described in Fig. 2 and Fig. 3 is shown for illustrative purposes only, rather than to this The limitation of invention.In some cases, it can according to need increase or reduce some of which component.

Fig. 4 diagrammatically illustrates the system architecture 400 of the storage of file according to one embodiment of the present invention and reading Schematic diagram.Fig. 4 also illustrates the brief working principle of embodiment of the present invention.As shown in figure 4, multiple memory node composition storages Meshed network 410, different user roles 420,430 and 440 can distribute data and be disappeared by storage node network 410 Breath.Client related to user or application program related to user may operate in some for constituting storage node network On node, or also it may operate on the subscriber terminal equipment being connected with storage node network.

Broadly or for theory, there are three kinds of user roles, the i.e. write-in of owner (Owner), file of file Person (Writer), file reader (Reader).Owner is the main body for possessing data, and by possessing data, Owner can be with Xiang Yifang (including owner itself) provides write-in and reads the authorization of specific file.Writer is the main body that data are written, will Data are written to storage node network.Reader is intended to read the main body of data, only the case where Owner authorizes permission Under, Reader could read specific authority.However, the disclosure is particular for such situation, the wherein reading of file Person (Reader) or the writer (Writer) of file are the owner (Owner) of file simultaneously.In Fig. 4, solid box 460 It diagrammatically illustrates reader's user role 430 and owner's user role 440 is same user agent, dotted line frame 470 is illustrated Property shows writer's user role 420 and owner's user role 440 is same user agent.Though in this way, but in order to describe Convenience, hereinafter partial content is still directed to different user roles and is described.

Said circumstances contemplated by the disclosure are particularly suitable for solving the file storage under following scene, file reading.But It is it should be appreciated that such scene is merely exemplary, embodiment of the present disclosure can be applied to any similar scene.It lifts For example, solution according to one embodiment of the present invention particularly suitable for such scene,

Scene 1: example hospital scene one

Under the scene of hospital, attending physician or laboratory test department doctor store the case history of patient, CT images archives etc. To document storage system, patient is it can be desirable to these data files can be checked on related terminal device.Here, patient is simultaneously Play the part of the owner of file and the role (Owner=Reader) of reader.It can run on the terminal device and be read with patient Take and consult the relevant client of information.According to actual needs, file is being written to storage system or more by doctor or doctor When new file, creation file, the authorization of patient can be needed or not needed.

Scene 2: example hospital scene two

Under hospital same as scene 1 scene, it is also necessary to system design in addition.Attending physician or laboratory test department doctor It can be the case history of some patient of its generation, the owner of CT images archives, and be stored in document storage system. Here, doctor or doctor play the part of the owner of file and the role (Owner=Writer) of writer simultaneously.If A doctor (or Department where person A doctor) by data by client writing system, then A doctor is the owner of the data, is also simultaneously Writer.After A doctor (the either department where A doctor) authorizes to other doctors (other departments) or patient, other doctors (either other departments) or patient can be used as reader and read data.

Scene 3: example bank scene

In a kind of example bank credit system scenarios, i.e., banking system as write-in personal credit information writer, And individual can also be used as reader while the owner as credit information to call the credit information (Owner of oneself =Reader).Here, write-in of the banking system for personal credit information is generally understood and does not need to obtain as information User's authorization of owner.

Help to more fully understand embodiment of the present disclosure in conjunction with such exemplary scene, but it is to be understood that in this way Scene interpretation be exemplary.

Embodiment according to the present invention, it is intended to which the Owner file distribution possessed is stored in storage node network In, while by the relevant information of the permission of the write-in of Writer and/or Reader and/or read operation (if necessary) with block The form of chain is stored in the storage node network, these information can be used for the verifying of the common recognition under block chain technology.For The storage of data file does not utilize block chain technology, in contrast, also it is referred to as under chain stores herein.Herein, will Data, which are stored in storage node network in the form of block chain, to be also referred to as stored on block chain；In this sense, it deposits Storage meshed network forms block chain meshed network.

Metadata (metadata) at the same time it can also form common recognition verifying is stored on block chain.Metadata is to retouch It states other data or provides the data of the information about other data.Embodiment according to the present invention, metadata can be seen Work is to the account book entry generated after common recognition verifying each time.

Embodiment according to the present invention, memory node are the nodes of storing data file, while being responsible for operation common recognition and calculating Method generates block, maintenance one or more block chains generated.

In the fig. 4 embodiment, user role 420 is the writer of a specific file, and user role 430 is this document Reader, user role 440 is the owner of the specific file.For reader's user role 430 and owner user angle Color 440 is the situation of same user agent, and as shown in solid box 460, when reading information, which is not needed to file The authorization of reading.The user agent can authorize other main bodys to complete the write operation to the file for belonging to it.Certainly, of the invention Embodiment also considers authorization of the write operation without file owner of other main bodys.For writer's user role 420 It is same user agent with owner's user role 440, as shown in dotted line frame 470, when being written or storing information, this uses householder Body does not need the authorization that file is written.The user agent can authorize other main bodys to complete to grasp the reading for the file for belonging to it Make.

In the fig. 4 embodiment, when an information is put into system by Writer trial, all nodes can be verified Whether Owner authorizes Writer to operate.It is understood, however, that when an information is put into system by Writer trial, it can not Write-in permission is verified, and lets alone the write-in to the Owner file possessed.The file that Owner can only possess it It reads permission to be authorized, only wanting to the user being allowed to could read.

Four kinds of participants of the file storage and the system read of embodiment according to the present invention, i.e. four kinds of participation roles, Work three different layers of terminal device shown in Fig. 1.The user job of different role is in application layer；Constitute memory node net The all or part of of the node of network forms accumulation layer (Off-chain Storage Layer) under chain, for storing in a distributed manner Multiple fragments of file to be stored；It constitutes and is also formed in block chain technology between all or part of the node of storage node network Common recognition layer, be responsible for sending access (the storage and exclusive rights) permission of different files and user the user of different role The authenticity of message is verified.

The reading of file

Fig. 5 diagrammatically illustrates the method for the reading file based on block chain technology according to one embodiment of the present invention 500 flow chart.For example, the operation that method 500 is related to can be while have reader's user role in conjunction with aforementioned scene 430 and file owners' user role 440 user from storage network node in read file process.

In step S510, client relevant to the first user sends the text for being directed to file to be read to storage node network Part read requests message.File read request message may include: the mark of the file identifier of needle file to be read, the first user Know symbol and the signature of the first user.The file identifier of file to be read is used to for storage node network or net therein Network node identifies the file to be read.The signature of first user is used to verify the identity of the first user for storage node network. With reference to the technical solution of disclosure storage file described below, which is in the form of multiple file fragmentations in chain Under be stored in storage node network in a distributed manner, without formed block chain.

In step S520, public affairs of the storage node network to the first user in the signature and storage node network of the first user Whether key, which matches, carries out common recognition verifying.

In step S530, in the case where being verified, storage node network is sent out to client relevant to the first user Give multiple file fragmentations of the file to be read.

In step S540, client relevant to the first user restores this from the multiple file fragmentations received and continues Take file.

In accordance with one embodiment of the present disclosure, file fragmentation identifier is encrypted using the public key of the first user , encrypted file fragmentation identifier is stored on block chain.Preceding method 500 may further include step: with first The relevant client of user extracts the file fragmentation identifier after decryption from storage node network, and to storage node network File fragmentation identifier after sending decryption.Storage node network according to the file fragmentation identifier received, to the first user Relevant client sends file fragmentation.

In accordance with one embodiment of the present disclosure, the file to be read in storage node network, which can be, utilizes symmetric key It is encrypted.For this purpose, be stored in storage node network public key using first user to the symmetric key into The encrypted symmetric key of row encryption.Preceding method 500 may further include step: the first user is from storage node network In extract the symmetric key, and the file to be read restored is decrypted using the symmetric key.Into One step, Encryption Algorithm can be selected as, and only the first user obtains all encrypted file fragmentations, could decrypt Obtain the file to be read.To eliminate the possibility that file is partially decrypted.

In accordance with one embodiment of the present disclosure, preceding method 500 may further include: test for knowing together each time Card, associated metadata is stored on block chain, and/or, metadata relevant to each file fragmentation is stored in block chain On.

In accordance with one embodiment of the present disclosure, metadata relevant to each file fragmentation is stored on block chain, preceding Stating method 500 may further include: client relevant to the first user obtains broken with each file from storage node network The relevant metadata of piece, to judge whether the file fragmentation is distorted.

It in one embodiment, is the embodiment stored in the form of erasure code in systems in file to be read In, the first user restores the file to be read from the file fragmentation received, through erasure code.

The storage of file

Fig. 6 diagrammatically illustrates the method for the storage file based on block chain technology according to one embodiment of the present invention 600 flow chart.For example, in conjunction with aforementioned scene, the user of reader's user role 430 and file owners' user role 440 Same user agent, the operation that this method 600 is related to can be undertake another user of file writer user role 420 to Store the process of network node storage file.

In step S610, file to be stored is divided into multiple file fragmentations by client relevant to second user.

In step S620, client relevant to second user sends to storage node network and is directed to the file to be stored Write operation message, which includes: file fragmentation, the identifier with file fragmentation identifier and the first user The signature of relevant information and second user.Second user can be intended to the writer of file to be stored writing system User.First user is the owner of the file to be stored.The signature of second user is used to for storage node network verifying the The identity of one user.

In step S630, public affairs of the storage node network to the second user in the signature and storage node network of second user Whether key, which matches, carries out common recognition verifying, which can be carried out by common recognition verification algorithm.

In step S640, storage node network according to the write operation rights token received to second user to described wait deposit The write-in permission of storage file carries out common recognition verifying, which can be carried out by common recognition verification algorithm.Write operation rights token It can be what client relevant to the first user was sent, owner, such as the first user couple for representing the file to be stored Authorization of the second user to the write operation of this document, and be used to verify the authenticity of the token for storage node network.

In step S650, in the case where two verifyings all pass through, storage node network is by multiple file fragmentation in chain Under be stored in storage node network in a distributed manner.

Embodiment according to the present invention does not form block chain to the distributed storage of data file fragmentation, and with In the relevant information of public key be stored on block chain, for write-in/read operation authorization common recognition to the owner to file Verifying.For example, the corresponding relationship of the identifier of user and public key is stored on block chain.Storage node network can be by altogether Whether the signature for knowing verification algorithm verifying second user matches with the public key of the second user in storage node network, on completing State verifying.

It should be appreciated that step S640 is an optional step.It, can be with when an information is put into system by Writer trial Write-in permission is not verified, and lets alone anyone write-in to the Owner file possessed.That is, Owner can be only The reading permission of the file possessed it authorizes, and will only have the file authorizing consulted by some reader to one Reader.In this point, present disclose provides the flexibilities of the control to file access control permission.Meanwhile considering Writer It is located at the scene of same main body with Owner, such as using identical client, then step S640 is also dispensed, and The write operation message sent in S620 may include: file fragmentation, the mark with file fragmentation identifier and second user Know the signature for according with relevant information and second user.Second user is the owner of writer oneself and file.

In one embodiment, write operation rights token can be when second user wants modification file to be stored to this The owner of file, such as the first user make requests.Fig. 7 diagrammatically illustrates second according to one embodiment of the present invention User requests the flow chart of the method 700 of write operation rights token to the first user.

In step S710, client relevant to second user is sent to client relevant with the first user for wait deposit Store up the write operation authority request message of file.First user is the owner of file to be stored.Write operation authority request disappears Breath may include: the signature of the file identifier of file to be stored, the identifier of second user and second user.Second uses The signature at family is used to verify the identity of the first user for storage node network.

In step S720, client validation write operation authority request message relevant to the first user.

In step S730, in the case where being verified, client relevant to the first user is to related with second user Client send be directed to the file to be stored write operation rights token.Write operation rights token may include: described The file identifier of file to be stored, the identifier of second user, the signature of second user and the signature of the first user.Example Such as, it is the signature to the write operation authority request message entirety received that write operation rights token, which can be the first user,.The Two users are writers, and the first user is the owner of file to be stored, and the signature of the first user is used to for second user or deposits Store up the identity of meshed network verifying second user.

In an alternative embodiment, write operation rights token can not include the signature of second user, i.e. write operation is weighed Order the label that board may include: the file identifier of the file to be stored, the identifier of second user and the first user within a certain time Name.It is thus possible to save communication bandwidth, performance is more excellent in terms of the traffic.

Method 700 shown in Fig. 7 is the write operation authorization for file to be stored, it is also contemplated that the needle of bigger granularity Write operation authorization to user.In one embodiment, second user according to one embodiment of the present invention is used to first Family request write operation rights token method include:

Client relevant to second user sends the write-in for being directed to second user to client relevant with the first user Request of operation authority message, wherein first user is the owner of the file to be stored, and said write operating right is asked Seeking message includes: the identifier of second user and the signature of second user；

- the first user's checking said write request of operation authority message；

In the case where being verified, client relevant to the first user is sent out to client relevant with second user The write operation rights token for the second user is sent, said write operating right token includes: the mark of second user Symbol, the signature of second user and the signature of the first user.

In an alternative embodiment, write operation rights token can not include the signature of second user, i.e. write operation is weighed Order the signature of identifier and the first user that board may include: second user within a certain time.It is thus possible to communication bandwidth be saved, logical Performance is more excellent in terms of traffic.

In one embodiment, write operation rights token can be in the owner of this document, such as the first user certainly When authorizing certain customers' write operation permission in storage node network surely, initiatively sent to these authorized users, with It stores for these users, shows if necessary.First user can send writing for the file to be stored to second user Enter operating right token.Write operation rights token may include: the mark of the file identifier of file to be stored, second user Symbol and the signature of the first user.The signature of first user is used to verify the first user for second user or storage node network Identity.

Alternatively, the first user can send the write operation rights token for being directed to second user to second user.This is write Enter the signature of identifier and the first user that operating right token may include: second user.

In one embodiment, method 600 may further include step: client relevant to second user is deposited Storage meshed network encrypts each file fragmentation identifier using the public key of the first user, by encrypted file fragmentation mark Know symbol to be stored in storage node network in the form of block chain.To, only the first user, i.e. file owner can be from block File fragmentation identifier is checked on chain.

In one embodiment, it is broken to be divided into multiple files in the form of erasure code by second user for file to be stored Piece, and these fragments are distributed in storage node network.

In one embodiment, the common recognition each time on block chain is verified, storage node network is by associated metadata It is stored on block chain.These metadata can become the tracking clue to historical operation.

Fig. 8 diagrammatically illustrates the side of the storage file based on block chain technology of another embodiment according to the present invention The flow chart of method 800 is a variant embodiment of method 600 shown in fig. 6, wherein step S810 in method 800, S820, S830, S840 and S850 correspond respectively to step S610, S620, S630, S640 and S650 in method 600.

In step S802, client relevant to second user generates symmetric key E.Second user can be intended to will be to The writer user of storage file writing system.

In step S804, client relevant to second user encrypts file to be stored using symmetric key E.

In step S810, it is broken that encrypted file to be stored is divided into multiple files by client relevant to second user Piece.

In step S812, client relevant to second user identifies each file fragmentation using the public key of the first user Symbol and symmetric key E are encrypted, and encrypted file fragmentation identifier and symmetric key E are stored in the form of block chain In storage node network.To, only the first user, i.e. file owner can be checked from block chain file fragmentation mark Symbol, meanwhile, only the first user, i.e. file owner symmetric key E can be obtained from block chain, for later authorization, For example, being supplied to believable reader user.

In step S820, client relevant to second user sends encrypted wait deposit for this to storage node network The write operation message of file is stored up, which includes file fragmentation, the mark with file fragmentation identifier, second user Know the signature of symbol or the relevant information of the first user identifier and second user.Second user can be intended to will be wait store The writer user of file writing system.First user is the owner of the file to be stored.The signature of second user is used to For the identity of storage node network verifying second user.

In step S830, storage node network passes through the second user in the signature and storage node network to second user Public key whether match and carry out common recognition verifying, which can pass through common recognition verification algorithm and carry out.

In step S840, storage node network according to the write operation rights token received to second user to described wait deposit The write-in permission of storage file carries out common recognition verifying.

In step S850, in the case where two verifyings all pass through, storage node network is by multiple file fragmentation in chain Under be stored in storage node network in a distributed manner, without formed block chain.

It should be appreciated that S812 can be followed after any step after step S810, for example, follow step S820 it Afterwards.

Embodiment according to the present invention, processing and storage to content data file all carry out under chain, in a distributed manner It is stored in multiple memory nodes, rather than in the form of block chain.For example, the quantity for the user that can be supported due to system Greatly, the data file of user is usually magnanimity, if these data files are stored on block chain, such block Chain will be very heavy.To effectively reduce the required of storing data and deposit compared with the storage file content in block chain Store up space.In addition, guaranteeing the safety of the file of storage dependent on the common recognition verification algorithm of block chain technology and to file Permission control, and optionally realize access control and behavior record by digital signature and programmable permission, improves pair The safety of file storage.

In addition, the correlation between data safety measures and the size for the data volume to be stored is small, so that large-scale batch Measure the almost impossible generation of leaking data.Embodiment according to the present invention, the private key of user are all (such as all by user Person) saved except system, it is not present in system.The leakage of single user's private key only influences whether his number under one's name According to, other users will not be had an impact, thus, batch data leakage will not occur.

In one embodiment, for verifying of knowing together each time, associated metadata is stored in block by storage node network In chain.

Embodiment according to the present invention, the signature of user may include the private key pair and the label of the user using the user The result that total data, partial data or the additional specific data in message that name is sent together are encrypted.For example, When second user sends the write operation message for being directed to storage file to storage node network, one of the write operation message Example includes: file fragmentation, letter relevant to the identifier of file fragmentation identifier, the identifier of the first user and second user Breath, for the write operation rights token of the file to be stored and the signature of second user.The signature operation of the second user It can be to the file fragmentation therewith sent, with file fragmentation identifier, the identifier of the first user and second user The relevant information of identifier is signed for the total data of the write operation rights token of the file to be stored, can also be with It is only to sign to file fragmentation, or introduce other than storage node network with safe channel (in-house secrecy Meeting) distribution password, which only signs to the password.The guarantee of write-in message integrity may rely on additional A cryptographic Hash.

Further, authorization token, including write operation rights token can have bells and whistles, for example, can only use Finite number of time, or withdrawn and authorize by Owner.The authorization of owner can be adjusted according to the difference of application scenarios It is whole, and authorize with timeliness.It is thus possible to which preventing data from being reentried attacks (reentrancy attack), and make data Owner is limited to instantly the splitting glass opaque of data, the permission of the data without authorizing future update.

Further, storage node network is formed and is examined by the metadata record for verification operation formation of knowing together on block chain Meter tracking clue (Audit Trail).The acquisition behavior of file can all leave the trace that can not be eliminated on block chain, and should Trace can be disclosed access.To facilitate the ownership for investigating and determining responsibility when under data leak occurring online.

Embodiment according to the present invention, file can be various types of, including text file, music file, video File, image or image file, one piece of data (such as private data), a data item (data item) etc..It can be used File is divided into multiple file fragmentations and assembled in reduction by any of technology.Herein, term " storage " Be intended to such operations such as creation, write-in, the update to file, term " reading " be intended to read operation to file, Such operations such as access.

Embodiment according to the present invention, common recognition verifying are completed in common recognition layer, and the algorithm for verifying of knowing together may include but not Be limited to: proof of work PoW (ProofofWork), equity prove PoS (ProofofStake), DPoS, PBFT etc..It should manage Solution, according to the disclosure, the memory node for participating in common recognition verifying is not necessarily the node for storing file fragmentation.

In an embodiment of the invention, the identifier (UID) of user may include number and the user of user Public key.In yet another embodiment of the present invention, the identifier of user can directly be derived from the public key of user.The number of user The random number that can be user's preset format assigned when generating can be stored in storage section in the form of block chain In spot net.It is saved with the private key for user of the public key match of user by the user.The public key of user is stored in the form of block chain In storage node network, but it is to be understood that public key can be other than storage node network with safe channel (in-house guarantor Secret meeting view) it is distributed between user, or obtained using traditional central trusted certificate authority mechanism CA, the disclosure pair Distribution form of the public key between user is without limitation.

The identifier of a kind of embodiment according to the present invention, user can be stored in memory node in the form of block chain On network.A kind of embodiment according to the present invention, each node in block chain network under chain locally save it is all The identifier of user, such as be stored in file or wallet folder.

Embodiment according to the present invention, file fragmentation identifier can store on block chain, can also be not present On block chain.Embodiment according to the present invention can be stored in holder's terminal section to the write operation authorization token of file It on point, such as is stored in file or wallet folder, can also be stored on block chain.

Embodiment according to the present invention, each file have an identifier, referred to as file identifier (DID).DID packet Two parts are included, DID={ UID of owner, d }, wherein d is the identifier of specific file, such as reference number of a document in owner library. Different owners can possess the document of identical identifier.Correspondingly, file declustering is data block fragment by the disclosure, each File fragmentation has an identifier, referred to as fragment identifier (CID).CID includes two parts, CID={ DID, c }, wherein when When text document is split into C parts, c is, for example, 0 to the number between C-1.Certainly, c can be other numbers appropriate.It should Understand, the definition given here for DID and CID is only exemplary, and not restrictive.

Fig. 9 diagrammatically illustrates storage based on block chain technology according to one embodiment of the present invention and reads file Process schematic diagram.As shown in figure 9, which schematically illustrate three functions, including write operation authorization (write auth), Write operation (write) and read operation (read).

As shown in figure 9, the difference for the specific occasion that write-in authorization stages are applied according to the system, is an optional step Suddenly.Writer's client is shown it to storage node network and is obtained in advance before carrying out write operation to a file to be stored The write operation rights token to file to be stored, the block chain common recognition layer in storage node network grasp to the write-in Make the common recognition verifying of rights token, and the first metadata for indicating the result of common recognition verifying is stored in block chain.

In the write operation stage, during actual treatment file data, writer's client is responsible for the encryption of data With fragmentation, and write data into permission submit common recognition layer verified and recorded after, accumulation layer carries out write-in storage under chain； Accumulation layer will submit metadata (metadata) to common recognition layer record after by fragmentation of data write-in storage under chain.

In the embodiment shown in fig. 9, also the second metadata of the attribute for indicating file fragmentation is stored on block chain. The metadata is to describe the data of this document fragment, the mainly information of the attribute of this document fragment, such as can be this document Check number, hash value or other attribute datas appropriate of fragment.It is to verify the situation of sum, reader in the metadata The metadata can be verified, and does not have to read the fragment file, capable of obtaining the fragment file, whether there is or not be tampered.It is contemplated that arriving The metadata is saved on block chain, and the storage location of this document fragment, historical data, resource lookup, file are remembered with realizing The support of the functions such as record.Any more new capital of crumb data on memory node is recorded on this block chain.To reader It can be by verifying metadata relevant to the file fragmentation being stored on another node, to verify the reliable of this document fragment Degree.

In the read operation stage, reader's client submits read requests to common recognition layer to be tested when reading data Card and record；It will be fed back by the request of common recognition verifying to accumulation layer and and reader client be transmitted packets to by accumulation layer End；Reader's client is after obtaining all fragmentation of data, then is recombinated and decrypted.

According to embodiment of the present disclosure, file is divided into file fragmentation, so that storing data in meaningless Fragment in, only file by read Shi Caineng be redeveloped into significant content.For example, one section of private data is segmented and stores In different memory nodes, just it would make sense when these data are only reintegrated together.And only when all relevant After memory node reads authorization generation common recognition and pass through verifying for the file of reader, reading data person could obtain all Required file fragmentation, to further piece together out full document.Reading data person can not be with only to a memory node initiation The mode of request, to obtain data by back door.Therefore, block chain technology is applied to rights management, so that gathering around without data The person's of having authorization, anyone can not get the complete information of file, and potential attacker is difficult to the text in storage node network Part is distorted or is consulted.

It can cutting using any feasible file in the prior art or one piece of data according to embodiment of the present disclosure Piece and algorithm for reconstructing, the disclosure are without limitation.

According to the further embodiment of the disclosure, data file be in systems it is encrypted, thus file fragmentation It is the fragment of encrypted file.By encryption mechanism, the safety of data storage is further improved, guarantees data content not The people of not encryption key can be leaked to.

According to the further embodiment of the disclosure, encryption key is encrypted using the public key of file owner, And it is stored in storage node network.Because private key is only held by data owner, so that the embodiment ensures that data are let out Leak mutual irrelevance, that is, even if the data of some data owner are leaked, other data will not be fed through to The data that owner is held.

Present disclose provides basic embodiments and alternate embodiment abundant, so that data processing mechanism is flexible, root According to the difference of application scenarios, the access control of different stage is provided for the reader of the disclosure.For example, such as financial data, strong The degree of refinement that health data and the different usage scenarios of other Data Markets control data access has different want It asks.

Using the common recognition mechanism to encryption key of block chain technology, the encryption key reduced in the system is illegally usurped The risk changed.

Terminal device

Described above is the various methods of embodiment according to the present invention, and on the other hand, present disclosure also relates to various use Family terminal device.

In one embodiment, a kind of terminal device of reading file based on block chain technology is provided, comprising: network connects Mouthful, it is configured as being communicated with other peer terminals equipment；Memory is configured as storage program code and processor, Be configured as execute said program code to perform the following operations: receive from client relevant to the first user for The file read request message of file is read, this document read requests message includes: the file identifier of file to be read, first The identifier of user and the signature of the first user, wherein the file to be read is in the form of multiple file fragmentations under chain It is stored in storage node network in a distributed manner；Signature to first user and described the in the storage node network Whether the public key of one user, which matches, carries out common recognition verifying；And in the case where being verified, to described related to the first user Client send one or more file fragmentations in the multiple file fragmentation of the file to be read.

Further, file fragmentation identifier is encrypted using the public key of the first user, and encrypted file is broken Piece identifier is stored on block chain.Processor is additionally configured to execute program code to perform the following operations: receiving and first File fragmentation identifier after the decryption that the relevant client of user is sent.It is described to the client relevant to the first user The operation for sending one or more file fragmentations in the multiple file fragmentation of the file to be read further comprises: root It is sent described in the file to be read according to the file fragmentation identifier received to the client relevant to the first user One or more file fragmentations in multiple file fragmentations.

Further, for verifying of knowing together each time, associated metadata is stored on block chain, and/or, will with it is each The relevant metadata of file fragmentation is stored on block chain.

In one embodiment, a kind of terminal device of storage file based on block chain technology is provided, comprising: network connects Mouthful, it is configured as being communicated with other peer terminals equipment；Memory is configured as storage program code and processor, It is configured as executing said program code to perform the following operations:

The write operation message for file to be stored sent from client relevant to second user is received, this is write Entering operation information includes: file fragmentation, the identifier or second user identifier phase with file fragmentation identifier and the first user The information of pass and the signature of second user, wherein first user is the owner of the file to be stored, and institute Client relevant to second user is stated file to be stored is divided into multiple file fragmentations and is carried out in storage node network It sends；Whether progress is matched with the public key of the second user in the storage node network to the signature of the second user Common recognition verifying；And in the case where verifying all passes through, the multiple file fragmentation is stored in storage in a distributed manner under chain In meshed network.

Further, said write operation information further includes the write operation rights token for the file to be stored, Processor is configured to execute said program code to store in a distributed manner under chain by the multiple file fragmentation It before step in storage node network, performs the following operations: according to the said write operating right token received to first User carries out common recognition verifying to the write-in permission of the file to be stored.

It further, is client relevant to second user for the write operation rights token of the file to be stored It is obtained from client relevant to the first user.

Further, in the case where being verified, which is additionally configured to execute said program code to execute Following operation: the multiple file fragmentation is stored in storage node network in a distributed manner under chain further comprises: utilizing The public key of first user encrypts each file fragmentation identifier, and encrypted file fragmentation identifier is stored in On first block chain.

Further, the multiple file fragmentations received are that client relevant to second user is carried out using symmetric key Encrypted fragment file, the processor are configured to execute said program code to perform the following operations: utilizing The public key of first user encrypts each file fragmentation identifier and the encryption key, by encrypted knot Fruit is stored on the second block chain.

Further, the processor is configured to execute said program code to perform the following operations: for Common recognition verifying each time, associated metadata is stored on block chain.

Computer readable storage medium and computer program product

Described above is the various methods and subscriber terminal equipment of embodiment according to the present invention, on the other hand, this public affairs It opens and further relates to various computer readable storage mediums and computer program product.

In one embodiment, a kind of computer readable storage medium is provided, the computer including being stored thereon can be held Row instruction, the executable instruction implement the various operations of embodiment according to the present invention when being executed by processor.

In one embodiment, a kind of block diagram of computer program product 1000 is provided, as shown in Figure 10.Signaling bearer is situated between Matter 1002 may be implemented as or including computer-readable medium 1006, computer recordable media 1008, computer communication Medium 1010 or their combination are stored with all or some during the previous description of configurable processor execution Programming instruction.Only as an example, in Figure 10, these instructions may include for example for executing one or more processors The one or more executable instructions handled as follows: it receives and is directed to file to be stored from client relevant to the first user Write operation message, which includes: file fragmentation, the identifier with file fragmentation identifier, the first user The signature of information relevant with second user identifier and the first user, wherein the second user is the text to be stored The owner of part, and file to be stored is divided into multiple file fragmentations and carried out by the client relevant to the first user It sends；Whether progress is matched with the public key of first user in the storage node network to the signature of first user Common recognition verifying；And in the case where verifying all passes through, the multiple file fragmentation is stored in storage in a distributed manner under chain In meshed network.

One or more embodiment according to the present invention, has shown following advantage: (1) lifting system safety prevents Batch data leakage；(2) data-privacy is protected, data will not arbitrarily be browsed；(3) carrying cost is reduced, is taken full advantage of The memory space of all machines in system；(4) efficiency of transmission of data is promoted, the point-to-point transmission of multinode (C) will be transmitted Efficiency improves C times；(5) lifting system stability and serious forgiveness；(6) metadata is recorded on block chain, facilitates Liability Retroact.

It should be appreciated that various illustrative methods above-mentioned and device may be implemented at subscriber terminal equipment, it can benefit It realizes in various manners, for example, in some embodiments, aforementioned various devices can use software and/or firmware module It realizes, can use hardware module also to realize.Currently known or exploitation in the future other modes are also feasible, this hair Bright range is not limited in this respect.

Particularly, in addition to hardware embodiment, embodiments of the present invention can pass through the shape of computer program product Formula is realized.For example, can be realized by computer program product with reference to Fig. 5 method 500 described.The computer program product It can store in RAM, ROM, hard disk and/or any storage medium appropriate, or downloaded by network from position appropriate Onto computer system.Computer program product may include computer code part comprising can be by processing equipment appropriate The program instruction of execution.

It should be noted that embodiments of the present invention can be realized by the combination of hardware, software or software and hardware. Hardware components can use special logic to realize；Software section can store in memory, by instruction execution system appropriate System, such as microprocessor or special designs hardware execute.It will be understood by those skilled in the art that above-mentioned device Computer executable instructions can be used and/or be included in the processor control code with method and realize, such as in such as magnetic Disk, the mounting medium of CD or DVD-ROM, such as read-only memory (firmware) programmable memory or such as optics or electricity Such code is provided in the data medium of subsignal carrier.The device of the invention and its module can be by such as ultra-large The semiconductor or such as field programmable gate array of integrated circuit or gate array, logic chip, transistor etc. can be compiled The hardware circuit realization of the programmable hardware device of journey logical device etc., can also be soft with being executed by various types of processors Part is realized, can also be realized by the combination such as firmware of above-mentioned hardware circuit and software.

It should be noted that although being referred to several modules or submodule of device in the above detailed description, this stroke Divide only not enforceable.In fact, embodiment according to the present invention, the feature of two or more above-described modules It can be realized in a module with function.Conversely, the feature and function of an above-described module can be with further division To be embodied by multiple modules.

Although describing the present invention by reference to the embodiment being presently contemplated that, it should be appreciated that the present invention is not limited to Disclosed embodiment.On the contrary, the present invention is directed to cover in spirit and scope of the appended claims included various repair Change and equivalent arrangements.The scope of the following claims meets most broad interpretation, to include all such modifications and equivalent knot Structure and function.

The foregoing is merely preferred embodiment of the present disclosure, are not limited to the disclosure, although referring to aforementioned reality Example is applied the disclosure is described in detail, it for those skilled in the art, still can be to aforementioned each implementation Technical solution documented by example is modified or equivalent replacement of some of the technical features.All essences in the disclosure Within mind and principle, any modification, equivalent replacement, improvement and so on be should be included within the protection scope of the disclosure.

Claims

1. a kind of method of the reading file based on block chain technology, comprising:

Client relevant to the first user sends the file read request message for being directed to file to be read to storage node network, This document read requests message includes: the file identifier of file to be read, the identifier of the first user and the first user Signature, wherein the file to be read is stored in storage node network under chain in the form of multiple file fragmentations in a distributed manner In；

The storage node network is to the signature of first user with first user's in the storage node network Whether public key, which matches, carries out common recognition verifying；

In the case where being verified, the storage node network to relevant to the first user client send it is described to Read the multiple file fragmentation of file；And

The client relevant to the first user restores the file to be read from the multiple file fragmentations received.

2. according to the method described in claim 1, wherein, file fragmentation identifier is encrypted using the public key of the first user , encrypted file fragmentation identifier is stored on block chain, the method further includes:

Client relevant to the first user extracts the file fragmentation identifier after decryption from storage node network, and to depositing It stores up meshed network and sends the file fragmentation identifier after decryption；

The storage node network sends the multiple of the file to be read to the client relevant to the first user The step of file fragmentation, further comprises:

The storage node network is sent out according to the file fragmentation identifier received to the client relevant to the first user Send the multiple file fragmentation of the file to be read.

3. according to the method described in claim 1, wherein, the file to be read in the storage node network be using pair Key is claimed to be encrypted, the symmetric key is encrypted using the public key of the first user, encrypted described symmetrical Key storage is on block chain；

Wherein, the method further includes:

The client relevant to the first user extracts the symmetric key from the storage node network,

The client relevant to the first user restores the file to be read from the multiple file fragmentations received Step further comprises:

The client relevant to the first user solves the file to be read restored using the symmetric key It is close.

4. method according to any one of claim 1-3, wherein

The identifier of first user is the public key of first user；Alternatively,

The identifier of first user includes the number of first user and the public key of first user.

5. method according to any one of claim 1-3, further comprises:

For verifying of knowing together each time, associated metadata is stored on block chain, and/or

Metadata relevant to each file fragmentation is stored on block chain.

6. method according to any one of claim 1-3, wherein metadata relevant to each file fragmentation is stored in On block chain, the method further includes:

The client relevant to the first user obtains first number relevant with each file fragmentation from the storage node network According to judge whether the file fragmentation is distorted.

7. a kind of method of the storage file based on block chain technology, comprising:

File to be stored is divided into multiple file fragmentations by client relevant to second user；

The client relevant to second user sends the write operation for being directed to the file to be stored to storage node network Message, said write operation information include: file fragmentation, identifier or the second use with file fragmentation identifier and the first user The signature of the relevant information of the relevant identifier in family and second user, wherein first user is the file to be stored Owner；

The storage node network is to the signature of the second user with first user's in the storage node network Whether public key, which matches, carries out common recognition verifying；And

In the case where being verified, the multiple file fragmentation is stored in storage node network in a distributed manner under chain.

8. according to the method described in claim 7, wherein said write operation information further includes for the file to be stored Write operation rights token, in the step being stored in the multiple file fragmentation in a distributed manner under chain in storage node network Before, the method further includes:

The block chain meshed network is according to the said write operating right token received to second user to the text to be stored The write-in permission of part carries out common recognition verifying.

9. according to the method described in claim 8, wherein, said write operating right token is obtained from first user , including one or more of the following items:

The signature of the file identifier of the file to be stored, the identifier of second user and the first user；

The file identifier of the file to be stored, the identifier of second user, the signature of second user and the first user Signature；

The identifier of the second user and the signature of first user；

The signature of the identifier of the second user, the signature of the second user and first user；

The signature of the file identifier of the file to be stored, the identifier of the second user and first user；With And

The identifier of second user and the signature of the first user.

10. the method according to any one of claim 7-9, wherein it is described in the case where being verified, will be described more A file fragmentation is stored in storage node network in a distributed manner under chain:

Each file fragmentation identifier is encrypted using the public key of first user, encrypted file fragmentation is identified Symbol is stored on the first block chain.

11. the method according to any one of claim 7-9, further comprises:

Client relevant to second user generates symmetric key, wherein is divided into the text to be stored of multiple file fragmentations Part is the file utilized after the symmetric key encryption, and

Each file fragmentation identifier and the encryption key are encrypted using the public key of first user, will be added Result after close is stored on the second block chain.

12. the method according to any one of claim 7-9, wherein

The identifier of first user is the public key of first user, and the identifier of the second user is described The public key of two users；Alternatively,

The identifier of first user includes the number of first user and the public key of first user, and described second uses The identifier at family includes the number of the second user and the public key of the second user.

13. the method according to any one of claim 7-9, further comprises:

For verifying of knowing together each time, associated metadata is stored on third block chain, and/or,

Metadata relevant to each file fragmentation is stored on block chain.

14. the method according to any one of claim 7-9, wherein the storage node network is according to what is received Write operation rights token carries out common recognition verifying to write-in permission of the second user to the file to be stored

The storage node network is to the signature of first user with first user's in the storage node network Whether public key, which matches, carries out common recognition verifying.

15. the method according to any one of claim 7-9, wherein said write operating right token, which has, to be allowed to The adeditive attribute of access times.

16. a kind of method of the reading file based on block chain technology, comprising:

The file read request message for file to be read from client relevant to the first user is received, this document is read Taking request message includes: the signature of the file identifier of file to be read, the identifier of the first user and the first user, In, the file to be read is stored in storage node network under chain in a distributed manner in the form of multiple file fragmentations；

Whether progress is matched with the public key of first user in the storage node network to the signature of first user Common recognition verifying；And

In the case where being verified, the described more of the file to be read are sent to the client relevant to the first user One or more file fragmentations in a file fragmentation.

17. according to the method for claim 16, wherein file fragmentation identifier is added using the public key of the first user Close, encrypted file fragmentation identifier is stored on block chain, the method further includes:

File fragmentation identifier after receiving the decryption that client relevant to the first user is sent,

Wherein, the multiple file fragmentation that the file to be read is sent to the client relevant to the first user In one or more file fragmentations the step of further comprise:

The file to be read is sent to the client relevant to the first user according to the file fragmentation identifier received The multiple file fragmentation in one or more file fragmentations.

18. method according to claim 16 or 17, further comprises:

For verifying of knowing together each time, associated metadata is stored on block chain, and/or,

Metadata relevant to each file fragmentation is stored on block chain.

19. a kind of method of the storage file based on block chain technology, comprising:

Receive the write operation message for file to be stored sent from client relevant to second user, write-in behaviour It include: file fragmentation as message, it is relevant to the identifier or second user identifier of file fragmentation identifier and the first user The signature of information and second user, wherein first user is the owner of the file to be stored, and it is described with File to be stored is divided into multiple file fragmentations and sent in storage node network by the relevant client of second user；

Whether progress is matched with the public key of the second user in the storage node network to the signature of the second user Common recognition verifying；And

In the case where verifying all passes through, the multiple file fragmentation is stored in storage node network under chain in a distributed manner In.

20. according to the method for claim 19, wherein said write operation information further includes for the file to be stored Write operation rights token, the multiple file fragmentation is being stored in it in storage node network under chain in a distributed manner Before, the method further includes:

Write-in permission of the second user to the file to be stored is total to according to the said write operating right token received Know verifying.

21. method described in 9 or 20 according to claim 1, wherein said write operating right token is from first user It obtains, including one or more of the following items:

The identifier of the second user and the signature of first user；

The identifier of second user and the signature of the first user.

22. method described in 9 or 20 according to claim 1, further comprises:

Metadata relevant to each file fragmentation is stored on block chain.

23. a kind of terminal device for file access based on block chain technology, comprising:

Network interface is configured as being communicated with other peer terminals equipment；

Memory is configured as storage program code, and

Processor is configured as executing said program code to execute any one of 6-18 or 19-22 institute according to claim 1 The method stated.

24. a kind of computer readable storage medium, including the computer executable instructions being stored thereon, the executable instruction Method described in any one of 6-18 or 19-22 according to claim 1 is executed when being executed by processor.