CN115220666B - Independent cloud storage device and data circulation method applying same - Google Patents

Independent cloud storage device and data circulation method applying same Download PDF

Info

Publication number
CN115220666B
CN115220666B CN202211147825.7A CN202211147825A CN115220666B CN 115220666 B CN115220666 B CN 115220666B CN 202211147825 A CN202211147825 A CN 202211147825A CN 115220666 B CN115220666 B CN 115220666B
Authority
CN
China
Prior art keywords
data
storage
unit
channel
control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211147825.7A
Other languages
Chinese (zh)
Other versions
CN115220666A (en
Inventor
徐波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Main Road Technology Co ltd
Nanjing Zhongdaide Storage Technology Co ltd
Original Assignee
Shanghai Main Road Technology Co ltd
Nanjing Zhongdaide Storage Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Main Road Technology Co ltd, Nanjing Zhongdaide Storage Technology Co ltd filed Critical Shanghai Main Road Technology Co ltd
Priority to CN202211147825.7A priority Critical patent/CN115220666B/en
Publication of CN115220666A publication Critical patent/CN115220666A/en
Application granted granted Critical
Publication of CN115220666B publication Critical patent/CN115220666B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1448Management of the data involved in backup or backup restore
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • G06F3/0644Management of space entities, e.g. partitions, extents, pools
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0655Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
    • G06F3/0658Controller construction arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/067Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Quality & Reliability (AREA)
  • Techniques For Improving Reliability Of Storages (AREA)

Abstract

The invention discloses an independent cloud storage device and a data circulation method applying the same, and belongs to the field of electronic information and data storage. The storage area stores data, the storage area is accessed to the micro-control group, and an execution instruction is sent by the control unit so that the storage area reads and writes the data. The method and the system at least synchronously build the contents of an early warning mechanism, a safe bastion mechanism and a loss reducing mechanism, and realize the safe storage of data of the data center in the data center; setting third party audit at the data input and output end to monitor the safety of the data; according to the scale of the data center, local storage is built, so that the data center can independently control the data of the data center; due to accidental events, illegal intrusion succeeds, and data loss of the data center can be reduced through time-sharing and segmented storage.

Description

Independent cloud storage device and data circulation method applying same
Technical Field
The invention belongs to the field of electronic information and data storage, and particularly relates to an independent cloud storage device and a data circulation method using the same.
Background
Most of the existing data are stored in a hard disk of a data center, part of the data are still used to be reserved as paper documents, and part of small and medium-sized data centers locally store the data, namely the data are stored in units with storage functions, such as traditional computer components, hard disks and the like, by taking the specified position of the data center as a storage place, so that personnel in the data center can search or share the data.
Based on the multiple data storage modes, at least multiple problems are refracted, for example, in terms of the problem of safe storage of data, a medium-large data center stores data locally and stores the data in the data center, but few data centers of modern data centers do not have access to the internet, once the data is leaked, the data can easily enter the storage center in the data center through information such as a safe address of the data, and then all the data can be acquired.
Based on the high efficiency of modern cloud storage and the rapid development of a cloud storage technology, a plurality of medium and small data centers purchase cloud storage services for convenience and cost saving, data of the data centers are uploaded to the cloud, the data centers can be conveniently consulted at any time, sharing of the data centers is facilitated, the cloud storage is still local storage of another place, and once an illegal visitor acquires contents such as a security address of one piece of data, the contents can be traced back to a storage end; meanwhile, in a big data era, data name leakage events often occur, the frequency of the events seems to be higher and higher, and sometimes, whether part of cloud storage can bear the data storage of a data center has to be doubted; meanwhile, the data of the data center has a cloud end, other people still have checking capability and a method for realizing quick checking under the condition that the data center is not aware of the data, and whether the security of the data center can be ensured or not when the data among the data centers are shared.
Therefore, how to construct a local storage end with independent storage and auditing capability is one of the requirements of modern storage technology; how to further realize the security of the storage in many aspects and prevent illegal invasion; under very special conditions, when strong illegal invasion is suddenly realized through a certain BUG, the loss of data is further reduced, and the safety of most of data is ensured; and how to set data read-only and prohibit illegal writing at a sharing end during data sharing are all problems to be solved by modern storage technology.
Disclosure of Invention
The invention provides an independent cloud storage device and a data circulation method using the same, which aim to solve the technical problems in the background art.
The invention adopts the following technical scheme: an standalone cloud storage, the storage comprising:
a storage area including at least two storage units; the storage unit independently stores data according to a preset requirement;
a first channel provided corresponding to the number of the memory cells; each storage unit is at least connected with two first channels and is respectively used for inputting and outputting data;
the micro control group at least comprises an MCU, a first channel control circuit and a storage unit control circuit, wherein the MCU is respectively and electrically connected with the first channel control circuit and the storage unit control circuit; the first channel control circuit is electrically connected with the first channel; the storage unit control circuit is electrically connected with the storage unit;
the control unit is embedded into the MCU; the control unit at least comprises a first channel through which control data pass in a single direction and manages the data in the storage unit;
the backup end is connected with the storage unit; and the backup terminal backs up the data in the storage unit in real time.
In a further embodiment, further comprising:
at least one first cache unit, the output end of which is connected to the first write-only data channel; the first cache unit is used for temporarily storing external data;
the second write-only data channel is arranged corresponding to the number of the first cache units and is connected with the first cache units; the second write-only data channel is used for accessing an external data center;
the audit group comprises a second channel control circuit and a first cache unit control circuit; the second channel control circuit and the first cache unit control circuit are respectively and electrically connected with the MCU;
the auditing unit is embedded into the MCU; the auditing unit is interactive with the control unit, and the control unit controls the storage unit to store after the auditing unit judges the safety of external data.
According to the technical scheme, the auditing unit and the auditing group are set up, the data input externally is audited in at least one stage, the data security content is checked from the data input, the security address of the data is checked at least, the security of the data is judged, when the data is illegal, the content of the data is reported, the data in the first cache unit is emptied, and the data is blocked from being further stored.
In a further embodiment, further comprising:
the second cache unit is connected to the first channel; the second cache unit is used for caching specified data;
the third channel is connected with the second cache unit and used for outputting the specified data to the external storage;
the output group at least comprises a third channel control circuit and a second cache unit control circuit; the third channel control circuit and the second cache unit control circuit are respectively and electrically connected with the MCU;
the output unit is embedded into the MCU; the output unit interacts with the control unit, and the output unit simultaneously carries out safety processing on the output designated data, so that the data after the safety processing is output to the external storage within the preset time.
According to the technical scheme, a method of combining software and hardware is adopted to temporarily store output data, meanwhile, desensitization, replacement and other processing are carried out on the output data, safety information of output shared data is removed, meanwhile, based on the read-write characteristics of the existing storage unit, designated time early warning is set to serve as a further early warning mechanism, namely, sharing of the data is completed within designated time, once phenomena such as delay and the like occur during data sharing, immediate warning and reporting are carried out, when the delay is serious, data output is interrupted, and data in the second cache unit are emptied.
In a further embodiment, the method further comprises the steps of taking the storage area as a storage unit, expanding the number of the storage units and constructing a large-scale safe storage center;
corresponding to the number of the storage units, deploying the corresponding number of the micro control groups, and simultaneously constructing the corresponding number of the control units;
and constructing a unified control system for all the control units.
By the technical scheme, the data can be stored in a super-large capacity, the data storage device can be used for storing data of a designated order, and various classified storage of the data can be realized, such as multi-time-interval storage, multi-type storage, data storage requirements based on the inside of a data center and the like.
In a further embodiment, the first channel control circuit is configured to control opening and closing of the first channel; the storage unit control circuit is configured to control the start and stop of the storage unit.
Through the technical scheme, unidirectional data, namely unidirectional data circulation, is realized through the circuit arrangement taking the MCU as the core, wherein through the micro control group arrangement, the first channels are all set to be unidirectional channels, and the memory cell respectively realizes the read-only and write-only capabilities through the first channel at the input end and the first channel at the output end. The second channel is also set to be one-way, the corresponding circuit setting can adopt the setting similar to that of the micro control group, the micro control group is simultaneously used for switching the channels of data with the same functions, the first channel control circuit is set to control the opening and closing of the first channel, and the storage unit control circuit is set to control the starting and stopping of the storage unit, so that the storage in different modes is realized.
In a further embodiment, the control unit comprises at least:
the storage instruction module sends a designated storage instruction to the MCU;
the data management module at least comprises a data storage mode and a data storage period;
and the backup instruction module sends a backup instruction to enable the backup end to perform data backup.
Through the technical scheme, the storage instruction module is used for programming the MCU and at least comprises the contents of a one-way circulation mode of data, read-write separation of the data and the like; the data management module is used for carrying out classification management on the data based on modern data storage requirements, such as the life cycle of the data, the type of the data and the attribute of the data, namely storing the data at a specific time, then eliminating the data and updating the content of the data; meanwhile, based on higher data storage, the management requirements are met only by correspondingly modifying the content of the data management module and updating the requirements of the iterative data management module, so that a new management mode for the data can be completed without modifying other modules.
In a further embodiment, the store instruction module includes at least:
storage area management, at least including addition, deletion, modification and check of the storage units;
authority management, including at least authority check and authority distribution to the storage unit;
interface management, at least comprising parameter configuration and address configuration of the channel;
and recording at least the use log of the storage area.
Through the technical scheme, the micro control group simultaneously switches data channels with a plurality of functions, so that the contents of storage area management, authority management, interface management and the like are realized, and the storage area needs to be controlled independently based on the safety content of data storage; meanwhile, each modification and data storage record have records, and the minimum module setting of the control unit is used for storing data.
In a further embodiment, the backup side comprises at least:
the backup end is connected with the storage unit and used for writing data in the storage unit in real time;
the backup center is embedded into the MCU; and the backup center controls the backup end to read and write, wherein the backup center controls the backup end to write data only from the storage unit.
The technical scheme is used for data recovery, data calling and the like.
The data circulation system based on the independent cloud storage device comprises the following steps:
s1, an auditing unit and an output unit interact with a control unit respectively, when data are stored, external data are temporarily stored in a first cache unit through a second channel, auditing is performed through the auditing unit, the auditing unit feeds back an auditing result to the control unit based on judgment of an auditing result of the data, the control unit controls a first write-only data channel to execute one value, and the type of the value at least comprises blocking and releasing;
s2, when the executed value is a release value, the storage area unidirectionally receives the data which is safely audited by the auditing unit and stores the data according to a preset requirement; the backup end simultaneously backs up the data;
s3, when the data need to be shared, the first channel at the output end of the storage unit is in a release state, and the shared data is read from the storage area to the second cache unit; the output unit performs one-way output of the data after performing security processing on the data;
and S4, setting an output time period, and when the output time of the data exceeds the set time period, sending out a warning by the output unit.
When the auditing unit audits data, the control unit controls data storage and management, and the output unit controls data sharing, the auditing unit, the control unit and the output unit are in mutually independent working states, and when the storage area receives and stores data in a unidirectional mode, the data are stored in a classified mode at least according to time and types.
When the auditing unit audits data, the control unit controls data storage and management, and the output unit controls data sharing, the auditing unit, the control unit and the output unit are in mutually independent working states, and when the storage area receives and stores data in a unidirectional mode, the data are stored in a classified mode at least according to time and types.
Through the technical scheme, the independent channel is set to be a one-way channel, only data are allowed to flow in one way, namely after the audit unit judges the type of the data, the data flow is in one way, and the channel connected with an external network is forbidden to be simultaneously used for the inflow and outflow of the data; the storage area in the application adopts a physical mode to operate, namely, the time-sharing and classification work of the storage area is realized through a power-on method. When an illegal intrusion is encountered, the loss can be reduced by powering off, wherein the storage area is set to power on the appointed storage unit and store the appointed storage unit in a preset time period, and the rest storage units in the preset time period are in a power-off state.
Has the advantages that: the method and the system at least synchronously build the contents of an early warning mechanism, a safe bastion mechanism and a loss reducing mechanism, and realize the safe storage of data of the data center in the data center; setting third party audit at the data input end to supervise the data security; according to the scale of the data center, local storage is built, so that the data center can independently control the data of the data center; even if the illegal invasion succeeds due to accidental events, the data loss of the data center can be reduced by time-sharing and sectional storage, and meanwhile, the illegal invasion of the Internet is isolated physically by adopting a power-on and power-off idea; when data are shared, on the basis of data encryption and desensitization to remove data security information, the outside can only read data, and a data sharing time period is further set for immediately giving an alarm when a part of storage units are read and written.
Drawings
FIG. 1 is a schematic diagram of data flow according to the present invention.
FIG. 2 is a schematic structural diagram of a memory device according to the present invention.
Detailed Description
Based on the problems mentioned in the background art, the application provides an independent cloud deployment method, namely, at least three aspects of synchronously constructing an early warning mechanism, a safe bastion mechanism and a loss reduction mechanism, so as to realize the safe storage of data of a data center in a data center, and the invention is further described with reference to the accompanying drawing description and specific embodiments.
Example 1
The cloud service data center is applied to independent and safe storage of small and medium-sized data centers, the data volume of the modern small and medium-sized data centers is low in magnitude order, the data centers do not have the capacity of independently building the storage centers or are high in building cost, when cloud service is selected, data of the data centers are actually stored in another place, namely, a third-party data center, most of the data centers are business data centers, and the service obligation is only in the legal allowable range. When the third-party data center unintentionally leaks the data information of its storage client, the storage client cannot know the specific leakage condition, and the data problem that may be refracted out is far more than that.
Therefore, the embodiment discloses an independent cloud deployment method, as shown in fig. 1 and fig. 2, values 1, n, and m in fig. 2 all represent numbers of a first channel, which includes the following contents:
constructing a data storage end, wherein the content of the data storage end comprises:
a storage area including at least two storage units; the storage unit independently stores data according to a preset requirement;
the first channel is classified into two types of a first write-only data channel and a first read-only data channel, is connected to two ends of the storage unit and is used for inputting and outputting data, wherein the number of the first write-only data channel and the number of the first read-only data channel are respectively set corresponding to the number of the storage unit; the first write-only data channel and the first read-only data channel are connected to the storage unit at the same time and used for realizing the unidirectional circulation of data;
the micro-control group comprises an MCU, a first channel control circuit and a storage unit control circuit, wherein the MCU is respectively and electrically connected with the first channel control circuit and the storage unit control circuit, and the first channel control circuit is respectively used for realizing the switching of a specified number of first write-only data channels and the switching of a specified number of first read-only data channels; the switching mode in the application can be realized by selecting a power-on and power-off circuit, and the storage unit control circuit is used for starting and stopping the storage unit;
the control unit is embedded into the MCU and used for controlling a read-write path of data, namely controlling the data to pass through the first channel in a single direction and managing the data in the storage unit;
the backup end is connected with the storage unit; and the backup terminal backs up the data in the storage unit in real time.
The specific deployment process of embodiment 1 is as follows:
s1, deploying a storage area, wherein the storage area at least comprises two storage units and independently stores data according to preset settings; the storage unit in this embodiment takes a conventional hard disk or an SSD of another type as an example, and combines 4 to 6 hard disks for use, so as to expand the storage capacity, and set it as a storage area; if more advanced storage units exist along with the development of the technology, the existing hard disk is replaced;
based on the data independent storage requirement, for example, based on the number of storage units, deploying a corresponding number of first write-only data channels and a corresponding number of first read-only data channels at the same time, wherein the first write-only data channels and the first read-only data channels are accessed to the storage units, so as to realize unidirectional input and unidirectional output of data;
s2, constructing a micro-control group, respectively accessing the storage unit, the first write-only data channel and the first read-only data channel into the micro-control group, and realizing integrated control through the MCU;
s3, the micro control group changes the traditional data circulation mode into one-way thread circulation, so that the data can be circulated in one way; the MCU is taken as a core, a control circuit for the 4-6 hard disks is designed, the storage unit, namely the hard disk in the embodiment, is combined with the first write-only data channel and the first read-only data channel to realize the read-only and write-only capabilities through programming, the original data is read and written by the hard disk into read-only and write-only functions, at least two first channels are correspondingly arranged and respectively undertake the input and output of the data, so that the hard disk can respectively read and write the data to realize the storage, the reading and the writing of the data; that is, data is written from the first write-only data channel to the hard disk, and data is read from the hard disk and output via the first read-only data channel; the micro-control group is designed to realize physical blocking and switching by adopting a power-on and power-off circuit, for example, the hard disk is powered on and off, and the first channel is powered on and off, so that when the storage unit does not work, the circulation of data cannot be realized, the safety of the data is further ensured, and the loss is reduced;
in connection with S1, data is stored dispersedly according to a predetermined setting, and in connection with the attribute and security requirement of the data itself, the scattered data is stored as a set of a plurality of storage requirements, such as the capacity of the data, the number of first channels for the data to enter and exit from the storage area, and the order of the first channels, the release of the data, the blocking of the data, the suspension of the data, the time period for storing the data dispersedly, and the like. For example, only data is allowed to enter the memory from the first write-only data channel and read from the first read-only data channel, and the first write-only data channel is set to a release state. For example, the circulation is performed by taking one week as a time unit, data is stored in time intervals, the required storage units are powered on, the rest of the storage units are powered off, only the specified storage units work in a preset time interval, and most of data can be stored safely when the storage units are invaded.
S4, constructing a control unit, wherein the control unit comprises a control requirement on data storage and a management requirement on the data, and the control unit sends a data storage instruction, interprets and executes the storage instruction by taking the MCU as a core as a control group, so that the data sequentially pass through a first write-only data channel according to a preset rule and are stored in a storage area;
the first channel type in this embodiment includes at least: read-only, write-only; the assigned content of the first channel at least comprises: blocking and releasing; the micro control group controls a plurality of first channels with the same function, and the micro control group realizes the function of switching ports by electrifying the specified data channels and the storage units, thereby realizing the contents.
S5, a control unit is constructed, the control unit sends out a data storage instruction, the micro control unit receives the data storage instruction, and data are stored in a storage area through a first write-only data channel in order according to a preset rule;
the control unit is a software part, is provided with a storage instruction module, is programmed in the module, and is embedded with a new data processing program, so that the MCU can process instructions for storing data, for example, the programmed contents comprise that a hard disk is combined with a first channel to realize read only and write only, the time for storing data in the hard disk is appointed, whether the appointed hard disk is powered on or off or not, and the like, and then the control unit sends out an appointed execution instruction, and finally, the classification of data and the safety of data are realized.
S6, constructing a backup end, wherein the backup end is electrically connected to the micro-control group; and the backup end receives a backup instruction sent by the backup center and backs up the data in real time. The backup end in this embodiment is a backup of data, the backup end is another independent storage area, the backup end performs real-time backup, and has independent storage authority, and the storage type of the data is preferably only in and out.
Example 2
The difference between the embodiment 1 and the embodiment 1 is that, in the deployment based on the storage in embodiment 1, when the storage end of the data is transmitted to the outside, a data auditing end is set up, and at least one stage of auditing, namely, an early warning mechanism, is performed on the input data, and before the data is stored, the security of the data is audited. And judging the safety, risk and danger of the data, further feeding back the audited result to the control unit, and further adjusting the state of the first write-only data channel by the control unit. The embodiment can further enhance the safety of data storage at the data center end.
The data audit end comprises: the output end of the at least one first cache unit is connected to the first write-only data channel; the first cache unit is used for temporarily storing external data;
the second channels are arranged corresponding to the number of the first cache units, and the second write-only data channels are connected to the first cache units; the second write-only data channel is used for accessing an external data center;
the auditing group comprises a second channel control circuit and a first cache unit control circuit; the second channel control circuit and the first cache unit control circuit are respectively and electrically connected with the MCU;
the auditing unit is embedded into the MCU; the auditing unit is interactive with the control unit, and the control unit controls the storage unit to store after the auditing unit is used for judging the safety of external data.
The process of establishing the audit end is as follows:
s1, deploying a plurality of first cache units, wherein the output ends of the first cache units are connected with a first write-only data channel; setting a second channel, wherein the second channel is connected with the first cache unit, the stage of writing data into the first cache unit through the second channel is a write-only stage, the simultaneous read-write is forbidden, and the second channel is externally connected with an external data center;
laying an audit group, wherein the audit group respectively controls the first cache unit and the second channel; when data enters a local storage end from the Internet or other places, the data firstly reaches a first cache unit through a second channel for temporary storage; copying the file to a buffer area to wait for auditing; the second channel control circuit and the first cache unit control circuit have the capability of powering on and powering off the second channel and the first cache unit;
s2, an auditing unit is constructed, the auditing unit is embedded into the MCU and used for auditing the safety of the data, and a result signal is fed back to the control unit based on the result of the auditing data, wherein the auditing unit in the embodiment mainly adopts software to establish a check function, and the safety of the data is judged by auditing an ip address, a safety address and the like of the data in the first cache unit; for example, if the data is safe, the control unit receives a signal of a safety result, opens the first write-only data channel, and enters the next data storage; the file is subjected to related operations such as auditing and the like, the file is safe, and the file in the buffer area is written into the next hard disk; wherein the second channel is set to a blocked state during auditing data by the auditing unit; that is, in the case of batch input data, when the data is audited in a batch, the corresponding second write-only data channel is prohibited from being opened, that is, new data is prohibited from entering the buffer area from the second channel.
S3, interacting the audit unit with the control unit, and controlling the circulation state of data through an audit group to further construct a unified audit and data storage management system; the auditing unit feeds back the result of data auditing to the control unit, and when the data is safe, the first write-only data channel is opened to store the data; when the data is illegal, warning is given, or the corresponding illegal data in the first cache unit is cleared; and third-party auditing is further added on the basis of the control unit, so that data auditing and storage are integrated.
Example 3
Modern data sharing is often sharing on the internet, the risk is high, meanwhile, a hardware part is ignored, the hardware is used as a carrier of software, the continuous working time of the hardware theoretically means the time that illegal intrusion can continuously attack, a method combining software and hardware is adopted in the embodiment, and the specified time early warning is set as a further early warning mechanism based on the read-write characteristics of the existing storage unit.
Unlike embodiment 1, this embodiment is the construction of a data output terminal.
When data is shared, the corresponding setting comprises: the second cache unit is connected with the first read-only data channel; the second cache unit is used for caching the appointed data;
the second channel is connected with the second cache unit and used for externally storing the specified data output value;
the output group at least comprises a second channel control circuit and a second cache unit control circuit; the second channel control circuit and the second cache unit control circuit are respectively and electrically connected with the MCU;
and the output unit is embedded into the MCU, the data output unit interacts with the control unit, and the output unit simultaneously carries out safety processing on the output specified data, so that the specified data after the safety processing is output to the external storage within preset time.
The specific setting process is as follows:
s1, deploying a second cache unit, wherein the second cache unit is connected to a first read-only data channel; the second channel is connected with the second cache unit, and an output group is distributed and electrically connected with the third channel and the second cache unit;
reading appointed data from the storage area, writing the appointed data into the second cache unit through the first read-only data channel, wherein the process is an independent process, the first read-only data channel is closed after the writing is finished, the physical closing is preferably carried out, namely, the circuit of the first read-only data channel is powered off, and the system is also set to prohibit the writing after the data writing is finished;
s2, an output unit is built and connected with the MCU, the output unit sends a reading instruction, specified data are read from the storage area to a second cache unit, and a second channel is connected with an external storage unit; the output unit also comprises the safety processing of data, the time setting of data output and the one-way circulation of data.
The output unit conducts privacy removal processing such as encryption and desensitization on the data, then opens the third channel and outputs the data; when the existing second cache unit is matched with the second channel to perform unidirectional output, external data is often written into the second cache unit suddenly, for example, after the hard disk and the port work for a period of time, the external data is written into the hard disk and the port while the internal data is read out, which is a common phenomenon, so that time setting for data output is set in the output unit to warn the phenomenon of the type, the external data is prevented from being written into the output end of the data again, and the safety data of the data is realized; when data is output, the first write-only data channel is closed, and the secrecy of internal data is physically protected.
Example 4
The difference between this embodiment and embodiment 1 is that based on the content shown in fig. 2, the application object of this embodiment is an ultra-large data center or a large organization department, which can realize comprehensive storage of data, that is, the capacity is very large, and can be used for storing data in a number order, and can store data in various categories, such as multi-period storage, multi-type storage, data storage based on the inside of the data center, and the like.
Step one, strengthening the storage requirement of data, expanding the quantity of the storage areas by taking the storage areas as units, refining the data storage types and constructing a large-scale safe storage center;
for example, the 4-6 hard disks are used as a storage unit, and the number of the storage units is increased, so that the plurality of storage units share the security content of the data, such as time-sharing storage, classified storage and the like, namely the core lies in dispersing the data.
Step two, corresponding to the number of the storage areas, deploying corresponding number of micro control sets, and simultaneously constructing corresponding number of control units;
the embodiment has two technical schemes, namely, a super processor is adopted to centrally control a plurality of MCUs as in embodiment 1 so as to control a storage unit; 2. a software system is adopted to control a plurality of control units in the embodiment 1 in a centralized way so as to control the storage;
and step three, directionally integrating all the control units to construct a unified control system.
The method comprises the steps of designing an integration scheme for a storage area so as to construct an integrated circuit with a micro-control group as a unit, and using a control unit as a control unit to control a plurality of control units in a centralized manner so as to construct a unified system for centralized control.
Example 5
Unlike embodiment 1, in order to implement data security, this embodiment sets a rule, that is, unidirectionality of data. The control of the storage area, the switching of the independent channels, namely the power on and off, and the programming of the MCU and the setting of other contents of the control unit are realized, so that the unidirectionality of the independent channels is realized, the independent channels are set to be unidirectional channels, and the unidirectional circulation of data is only allowed.
Further, a specific implementation scheme may be implemented by a circuit using the MCU as a core, and the micro control group in this embodiment at least includes:
the circuit control board is a fixed electronic component installation unit;
the MCU is installed on the circuit control board; the MCU executes corresponding actions based on the data storage instruction; namely, the MCU executes corresponding actions based on the data instructions; programming in the control unit so that the MCU handles data storage in a specified manner;
the first channel control circuit is electrically connected to the MCU; the first channel control circuit is used for respectively controlling the opening and closing of the plurality of first write-only data channels and the opening and closing of the plurality of first read-only data channels; the first channel control circuit in this embodiment is mainly used to implement switching of the independent port;
the storage unit control circuit is electrically connected with the MCU and used for controlling the storage unit to read and write data; the memory cell control circuit in this embodiment is mainly used for storing data, for example, controlling writing of data in a hard disk.
Example 6
Based on the requirements of embodiment 1, the control unit in this embodiment at least includes programming, data management and backup of the micro control groups.
Wherein the unit at least comprises:
the storage instruction module is used for carrying out function setting on the micro control group;
the data management module at least comprises a data storage mode and a data storage period;
and the backup instruction module is used for sending a backup instruction to enable the backup end to perform data backup.
When the storage instruction module realizes the setting of writing-in and output states of data, the storage instruction module also comprises the starting and stopping of a specified data channel, the starting and stopping of a storage area and the like, so that the classified storage of the data is realized, the data management module is used for setting the management of the data, and the data is classified and managed based on the modern storage requirements of the data, such as the life cycle of the data, the type of the data and the attribute of the data, for example, the data can be stored at a specific time, then the data is eliminated, and the content of the data is updated; and updating and iterating the data management module, and further modifying the new storage management of the data.
Example 7
Based on the requirements of embodiment 1 and embodiment 6, the storage instruction module in the control unit relates to the control of the microcomputer control circuit, and this embodiment proposes a specific control scheme, which includes:
memory area management, at least including adding, deleting, changing and searching memory units;
the authority management at least comprises authority check and authority distribution on the storage unit;
interface management, at least comprising parameter configuration and address configuration of the channel;
and logging, namely logging the use log of at least the storage area.
The micro control group switches a plurality of data channels at the same time, the switching mode is preferably realized through a power-on circuit, so that the contents of storage area management, authority management, interface management and the like are realized, and the storage area needs to be controlled independently based on the safety content of data storage; meanwhile, each modification and data storage record is recorded, so that the data storage is convenient to look up.
Example 8
Based on the backup requirement of embodiment 1, the backup side includes:
the backup end is connected with the storage area and used for writing data in the storage unit in real time;
a backup center, wherein MCU is embedded; the backup center controls the backup end to read and write, wherein the backup center controls the backup end to preferentially write only data from the storage unit.
Here, it is set as a separate storage area, and is a necessary setting for data storage, for recovery and recall of data, and the like.
Example 9
As shown in fig. 1, a first channel 1 and a first channel 2 in fig. 1 respectively refer to a first write-only data channel and a first read-only data channel, and this embodiment is a data circulation method, including the following steps:
s1, an auditing unit and an output unit are respectively interacted with a control unit, when data are stored, external data are temporarily stored to a first cache unit through a second write-only data channel, auditing is carried out through the auditing unit, the auditing unit feeds back an auditing result to the control unit based on judgment of an auditing result of the data, the control unit controls the first write-only data channel to execute one value, and the type of the value at least comprises blocking and releasing;
s2, when the auditing result is safe, the control unit receives the safety feedback of the auditing unit, the value executed by the second write-only data channel is released, and the storage area unidirectionally receives the data which is audited safely by the auditing unit;
when the auditing result is a risk, the value executed by the second write-only data channel is blocked, and the auditing unit reports the blocking value and informs an administrator to check;
when the auditing result is illegal, the value executed by the second write-only data channel is termination, and the auditing unit reports the termination and informs an administrator to check;
the backup end is connected with the storage unit and is used for backing up data in real time;
s3, when the data need to be shared, reading the data from the storage area to a second cache unit; after the data is safely processed, the data is output in one way;
and S4, setting an output time period, and when the output time of the data exceeds the set time period, sending an alarm by the output unit to inform an administrator of checking.
When the auditing unit audits data, the storage area stores the data and the second cache unit shares the data, the auditing unit is in an independent working state, and when the storage area receives and stores the data in a unidirectional mode in S2, the data are stored in a classified mode at least according to time and types; the storage area is set to power on and store the appointed storage unit in a preset time period, and the rest storage units in the preset time period are in a power-off state; for example, when the hard disk in the independent secure storage end writes data, the data are classified and stored according to at least time and type, the hard disk of the independent secure storage end is set to be powered on for a specified number of hard disks for writing in a preset time period, and the rest of the hard disks without specified settings in the preset time period are in a power-off state.
The preferred embodiments of the present invention have been described in detail with reference to the accompanying drawings, however, the present invention is not limited to the specific details of the embodiments, and various equivalent changes can be made to the technical solution of the present invention within the technical idea of the present invention, and these equivalent changes are within the protection scope of the present invention.

Claims (6)

1. An independent cloud storage device, comprising:
a storage area including at least two storage units; the storage unit independently stores data according to a preset requirement;
a first channel provided corresponding to the number of the memory cells; each storage unit is at least connected with two first channels and is respectively used for inputting and outputting data;
the micro control group at least comprises an MCU, a first channel control circuit and a storage unit control circuit, wherein the MCU is respectively and electrically connected with the first channel control circuit and the storage unit control circuit; the first channel control circuit is electrically connected with the first channel; the storage unit control circuit is electrically connected with the storage unit;
the control unit is embedded into the MCU; the control unit at least comprises a first channel through which control data pass in a single direction and manages the data in the storage unit;
the control unit includes at least:
the storage instruction module sends a designated storage instruction to the MCU;
the data management module at least comprises a data storage mode and a data storage period; based on the higher management requirement of data storage, correspondingly modifying the content of the data management module, updating the requirement of the iterative data management module,
the backup instruction module sends a backup instruction;
the backup end is connected with the storage unit; the backup terminal backs up the data in the storage unit in real time;
further comprising:
the output end of the at least one first cache unit is connected to the first channel; the first cache unit is used for temporarily storing external data;
the second channels are arranged corresponding to the number of the first cache units and connected to the first cache units; the second channel is used for accessing an external data center;
the audit group at least comprises a second channel control circuit and a first cache unit control circuit; the second channel control circuit and the first cache unit control circuit are respectively and electrically connected with the MCU;
the auditing unit is embedded into the MCU; the auditing unit is interacted with the control unit, the auditing unit is used for feeding back safety information to the control unit after judging the safety of external data, and the control unit controls the storage unit to store the safety information;
further comprising:
the second cache unit is connected to the first channel; the second cache unit is used for caching specified data;
the third channel is connected with the second cache unit and used for outputting the specified data to the external storage;
the output group at least comprises a third channel control circuit and a second cache unit control circuit; the third channel control circuit and the second cache unit control circuit are respectively and electrically connected with the MCU;
the output unit is embedded into the MCU; the output sheet interacts with the control unit, the output unit simultaneously carries out safety processing on the output specified data, and an output time early warning mechanism is additionally arranged, so that the data after the safety processing is output to the outside for storage within preset time, and the output end of the data is prevented from being written into the external data;
the system is used for auditing, storing and safely sharing external data;
the storage area is used as a storage unit, the number of the storage units is expanded, and the storage is performed at least based on the data type, the data storage time, the data storage type and the storage requirement of the specified data, so that the safe dispersion of the data is realized;
constructing a large-scale safe storage center;
corresponding to the number of the storage units, deploying the corresponding number of the micro control groups, and simultaneously constructing the corresponding number of the control units;
and constructing a unified control system for all the control units.
2. The standalone cloud storage device of claim 1, wherein the first channel control circuit is configured to control opening and closing of the first channel; the storage unit control circuit is configured to control the start and stop of the storage unit.
3. The standalone cloud storage device of claim 1, wherein the storage instruction module comprises at least:
storage management, at least including addition, deletion, modification and check of the storage unit;
the authority management at least comprises authority check and authority distribution on the storage unit;
interface management, at least comprising parameter configuration and address configuration of the channel;
and recording a log of at least the use of the storage area.
4. The standalone cloud storage device of claim 1, wherein the backup side comprises at least:
the backup unit is connected with the storage unit and used for writing the data in the storage unit in real time;
the backup center is embedded into the MCU; and the backup center controls the backup unit to read and write, wherein the backup center controls the backup unit to write data only from the storage unit.
5. The data circulation method of the independent cloud storage device according to any one of claims 1 to 4, comprising the following steps:
s1, an auditing unit and an output unit interact with a control unit respectively, when data are stored, external data are temporarily stored in a first cache unit through a second channel, auditing is performed through the auditing unit, the auditing unit feeds back an auditing result to the control unit based on judgment of an auditing result of the data, the control unit controls a first write-only data channel to execute one value, and the type of the value at least comprises blocking and releasing;
s2, when the executed value is a release value, the storage area unidirectionally receives the data which is safely audited by the auditing unit and stores the data according to a preset requirement; the backup end simultaneously backs up the data;
s3, when the data need to be shared, the first channel at the output end of the storage unit is in a release state, and the shared data is read from the storage area to the second cache unit; the output unit performs one-way output of the data after performing security processing on the data;
and S4, setting an output time period, and when the output time of the data exceeds the set time period, sending out a warning by the output unit.
6. The data circulation method of the independent cloud storage device according to claim 5, wherein the auditing unit performs data auditing, the control unit controls data storage and management, and the output unit controls data sharing, which are independent from each other, and when the storage area receives and stores data in a unidirectional manner, the data is stored in a classified manner at least according to time and type.
CN202211147825.7A 2022-09-21 2022-09-21 Independent cloud storage device and data circulation method applying same Active CN115220666B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211147825.7A CN115220666B (en) 2022-09-21 2022-09-21 Independent cloud storage device and data circulation method applying same

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211147825.7A CN115220666B (en) 2022-09-21 2022-09-21 Independent cloud storage device and data circulation method applying same

Publications (2)

Publication Number Publication Date
CN115220666A CN115220666A (en) 2022-10-21
CN115220666B true CN115220666B (en) 2022-12-23

Family

ID=83617576

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211147825.7A Active CN115220666B (en) 2022-09-21 2022-09-21 Independent cloud storage device and data circulation method applying same

Country Status (1)

Country Link
CN (1) CN115220666B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115988008A (en) * 2022-12-29 2023-04-18 江苏倍鼎网络科技有限公司 High-density storage method and system for cloud storage system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN210006050U (en) * 2019-08-26 2020-01-31 南京尖端信息科技有限公司 time-sharing type computer external hard disk management equipment
CN113111393A (en) * 2020-01-13 2021-07-13 华为技术有限公司 Component system, terminal equipment and dual-operating-system isolation method
CN215450156U (en) * 2021-03-08 2022-01-07 吴曼青 Secure storage device
CN114500068A (en) * 2022-02-10 2022-05-13 广州云羲网络科技有限公司 Information data exchange system based on safety isolation network gate

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN210006050U (en) * 2019-08-26 2020-01-31 南京尖端信息科技有限公司 time-sharing type computer external hard disk management equipment
CN113111393A (en) * 2020-01-13 2021-07-13 华为技术有限公司 Component system, terminal equipment and dual-operating-system isolation method
CN215450156U (en) * 2021-03-08 2022-01-07 吴曼青 Secure storage device
CN114500068A (en) * 2022-02-10 2022-05-13 广州云羲网络科技有限公司 Information data exchange system based on safety isolation network gate

Also Published As

Publication number Publication date
CN115220666A (en) 2022-10-21

Similar Documents

Publication Publication Date Title
EP1783594B1 (en) Dynamic change of the storage capacity of a storage system comprising virtual volumes
CN106295355B (en) A kind of active safety support method towards Linux server
CN101594360B (en) Local area network system and method for maintaining safety thereof
KR100740682B1 (en) Secure file server system prevent data save from local pc, and and method thereof and media that can record computer program for method thereof
US7895394B2 (en) Storage system
US7865688B2 (en) Method and system for controlling information of logical division in a storage controller
RU2693188C1 (en) Control method and unit for portable storage devices and storage medium
JP4537022B2 (en) A data processing method, a storage area control method, and a data processing system that limit data arrangement.
US7712127B1 (en) Method and system of access control based on a constraint controlling role assumption
CN103870749B (en) A kind of safety monitoring system and method for realizing dummy machine system
CN115220666B (en) Independent cloud storage device and data circulation method applying same
CN108038384B (en) High-safety cluster shared storage virtualization method
CN101004767A (en) Control method for accessing computer system and I/0 ports
CN102567667A (en) Intelligent information equipment and operation system thereof
US20060150247A1 (en) Protection of stored data
DE102012203521A1 (en) Architecture with two trustworthiness levels
US7272848B1 (en) Method for device security in a heterogeneous storage network environment
CN102663321B (en) For security enhancement system and the method for software
US11755374B2 (en) Cloud resource audit system
CN115525924A (en) Information safety system based on cloud computing
KR100602180B1 (en) Security management system and its method of Banking Auto-Machine using network
US20200012802A1 (en) File system lock down
Dean Jr Data privacy and integrity requirements for online data management systems
CN115774651B (en) Security monitoring method, device, equipment and chip based on microkernel operating system
KR102679212B1 (en) Method, apparatus and computer-readable medium for control distribution and execition of container image based on secure kernel

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant