CN113014389A - Method and device for realizing data integrity protection on data blocks - Google Patents
Method and device for realizing data integrity protection on data blocks Download PDFInfo
- Publication number
- CN113014389A CN113014389A CN201911326447.7A CN201911326447A CN113014389A CN 113014389 A CN113014389 A CN 113014389A CN 201911326447 A CN201911326447 A CN 201911326447A CN 113014389 A CN113014389 A CN 113014389A
- Authority
- CN
- China
- Prior art keywords
- data
- block
- hash value
- last
- field
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000012795 verification Methods 0.000 claims abstract description 25
- 238000005192 partition Methods 0.000 claims description 34
- 238000004364 calculation method Methods 0.000 claims description 18
- 238000012545 processing Methods 0.000 claims description 9
- 230000000903 blocking effect Effects 0.000 claims description 7
- 238000000638 solvent extraction Methods 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 description 19
- 230000008569 process Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 230000009191 jumping Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000013496 data integrity verification Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 230000001131 transforming effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method and a device for realizing data integrity protection on data blocks, which comprises the following steps: dividing data to be sent into a plurality of data blocks, calculating the hash value of each data block, and storing the hash value in a corresponding data field of each data block; the data blocks are stored in a storage site in a scattered manner; acquiring a plurality of data blocks from the storage site, calculating hash values of the data blocks, and performing integrity check on the data of the data blocks; and after the verification is finished, sending the information data in the data blocks to the user site. The integrity protection of the data is realized through the front and back chaining of the hash values of the data blocks.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for implementing data integrity protection on data blocks.
Background
The hash function is a transformation algorithm for transforming an input with an arbitrary length into an output with a fixed length, the output is a hash value, the hash value is a common method for realizing data integrity protection, and the data integrity protection is used for protecting the integrity of data in the storage and transmission processes so as to prevent an illegal entity from modifying the data or preventing the data from being damaged in the storage or transmission processes.
The sending end calculates the hash value of the data to be protected according to a predetermined hash algorithm, and after the receiving end receives the data, the same hash algorithm is used for calculating the hash value of the data, and the hash value is compared with the hash value calculated by the sending end so as to judge whether the received data is modified.
In network data transmission, a receiving end cannot know the hash value of data in advance, but obtains the hash value from a transmitting end through data transmission, so a hacker in a network can compromise the receiving end by modifying the transmitted data and the hash value of the data at the same time.
In the data transmission and storage of the network, for a large data, the large data can be divided into a group of data blocks to be stored and transmitted respectively, and for each data block, the data integrity can be protected by calculating the hash value of the block. Because the method of one block and one hash value is easy to be attacked by illegal entities in network data transmission, the invention provides a method for establishing hash value linkage between blocks for a group of data blocks to realize the integrity protection of the whole data.
Disclosure of Invention
In view of this, the present invention provides a method and an apparatus for implementing data integrity protection on data blocks, wherein a front-back link is established for hash values of a plurality of data blocks, so that hash verification is performed not on a single data block but on a plurality of data blocks, and reliability of data integrity verification is greatly improved; meanwhile, the data acquired at the network edge storage site is sent to the user, so that the data transmission delay is greatly reduced.
The invention provides a method for realizing data integrity protection on data blocks, which comprises the following steps:
dividing data to be transmitted into a plurality of data blocks; calculating the hash value of each data block, and storing the hash value in a corresponding data field of each data block; each data block not only contains the hash value of the block, but also contains the hash value of the adjacent data block;
further, the data partition includes a data portion and an additional portion;
the data part is information data which needs to be transmitted in data blocks;
the additional part is a non-information data part in the data block and is used for assisting the data block to transmit information data,
optionally, the additional part includes: a segment head and/or a segment tail, etc.,
the additional part contains sequential identification of data blocks, and sequential identification of a plurality of data blocks into which the same data is divided is continuous;
further, two data fields are set in the additional part of the data block: the 'current block hash value' field and the 'last block hash value' field.
The adjacent data blocking includes:
the data blocks with similar sequence numbers in the data block sequence identification are adjacent data blocks;
the first data partition and the last data partition are adjacent data partitions.
The data are stored in storage sites in a blocking and dispersing mode;
optionally, the storage site is a group of network sites near a network edge of the user site;
the calculating the hash value of each data block and storing the hash value in the corresponding data field of each data block includes:
(1) partitioning the last data, calculating the hash value of the part of the partition except the 'last partitioned hash value' field and the 'local partitioned hash value' field by a hash algorithm, filling the calculated hash value into the 'local partitioned hash value' field of the last data partition and the 'last partitioned hash value' field of the first data partition;
(2) calculating the hash value of the part of the data block except the hash value field of the current block from the first data block to the last data block, filling the calculated hash value into the hash value field of the current block, and filling the hash value field of the last block of the next data block of the current block.
Acquiring data block data from a storage site, and performing integrity check;
the performing data integrity check includes:
calculating the hash value of each data block, and judging whether the data integrity of the current data block group is damaged;
in particular, the method comprises the following steps of,
(1) calculating hash values of parts except for the hash value field of the block from the first data block to the last but one data block, comparing the hash value of the block obtained by calculation with the data in the hash value field of the block, if the hash values are different, judging that the integrity of the data of the current data block is damaged, and if the hash values are the same, further verifying the data;
the further verification is that the hash value of the block obtained by calculation is compared with the value of the 'last block hash value' field of the next block, if the hash value is different, the data integrity of the current data block is judged to be damaged, and if the hash value is the same, the next data block is verified;
(2) for the last data block, calculating hash values of parts except the 'last block hash value' field and the 'present block hash value' field, comparing the calculated hash value of the last data block with the data in the 'present block hash value' field, and if the calculated hash value of the last data block is different from the data in the 'present block hash value' field, judging that the integrity of the data of the last data block is damaged; if the data in the current data block is the same as the data in the previous data block, the hash value of the last data block obtained by calculation is compared with the hash value of the last data block in the first data block, if the data in the last data block is not the same as the hash value of the last data block, the data integrity of the current data block is judged to be damaged, and if the data in the last data block is the same as the hash value of the last data block, the data integrity of the current data;
when the data integrity check of the last data block is completed, the data integrity check of the whole data block group is completed;
and after the verification is finished, sending the information data in the data blocks to the user site.
An apparatus for implementing data integrity protection for data partitions, comprising:
the transmitting module is used for dividing the data to be transmitted into a plurality of data blocks and dispersedly storing the data blocks in the storage module;
the sending module is further configured to calculate a hash value of each data chunk, and store the hash value of each data chunk in a corresponding data field of each data chunk;
further, the sending module includes:
a configuration unit, configured to configure an additional part for the data block, where the additional part is used to assist the data block in data transmission;
the configuration unit is further configured to set two data fields in an additional portion of each data partition: the 'local block hash value' field and the 'last block hash value' field;
the processing unit is used for calculating the hash value of each data block and storing the hash value in a corresponding data field of each data block;
the processing unit is used for calculating the hash value of the last data block, calculating the hash value of the last data block except for the 'last block hash value' field and the 'local block hash value' field by a hash algorithm, and filling the calculated hash value into the 'local block hash value' field of the last data block and the 'last block hash value' field of the first data block;
the processing unit is further configured to calculate hash values of all data chunks except the last data chunk, and includes: calculating the hash value of the part of the data block except the hash value field of the current block from the first data block to the last data block, filling the calculated hash value into the hash value field of the current block, and filling the hash value field of the last block of the next data block of the current block.
The storage module is a group of network stations close to the network edge of the receiving module and is used for receiving and storing the data block group;
the storage module is further used for sending the data blocks to the data calling module when the receiving module requests to acquire the data of the data block group;
the data calling module is used for acquiring data block data from the storage module and carrying out integrity check;
and the receiving module is used for receiving the information data sent by the data calling module.
The data calling module comprises:
the calculating unit is used for calculating the hash value of each data block;
the calculating unit calculates hash values of the parts except the 'hash value of the block' field for the data blocks from the first data block to the last data block;
the calculation unit calculates hash values of portions other than the "last block hash value" field and the "present block hash value" field for the last data block.
The judging unit is used for judging whether the data integrity of the current data block group is damaged or not;
the judging unit compares the hash value of the block obtained by the calculating unit with the data in the hash value field of the block for the other data blocks except the last data block, if the hash value of the block is different from the hash value of the block, the judging unit judges that the integrity of the data of the current data block is damaged, and if the hash value of the data of the current data block is the same as the hash value of the block, the judging unit further checks the data;
the further verification is that the hash value of the current block obtained by calculation is compared with the value of the hash value field of the last block of the next block, if the hash value is different, the data integrity of the current data block is judged to be damaged, and if the hash value is the same, the data integrity of the current data block is judged, and the next data block is verified;
the judging unit compares the hash value of the last data block obtained by the calculating unit with the data in the hash value field of the current block for the last data block, and judges that the data integrity of the current data block is damaged if the hash value of the last data block is different from the hash value of the current block; if the data in the current data block is the same as the data in the previous data block, the hash value of the last data block obtained by calculation is compared with the hash value of the last data block of the first data block, if the data in the last data block is not the same as the hash value of the last data block, the data integrity of the current data block is judged to be damaged, and if the data in the last data block is the same as the hash value of the last data block, the data integrity of the current data.
According to the invention, a large data is divided into the data block groups, the data blocks are transmitted to a plurality of storage sites, and the integrity protection of the whole data is realized by a method of linking hash values among the data blocks, so that the method of dividing one block into one hash value is effectively prevented from being easily attacked by illegal entities during network data transmission, and the data transmission is safe and reliable; meanwhile, through the dispersed storage of the data, the wireless base station or the local area network gateway can quickly call the data blocks and send the data blocks to the user, so that the transmission delay is reduced.
For the purposes of the foregoing and related ends, the one or more embodiments include the features hereinafter fully described and particularly pointed out in the claims. The following description and the annexed drawings set forth in detail certain illustrative aspects and are indicative of but a few of the various ways in which the principles of the various embodiments may be employed. Other benefits and novel features will become apparent from the following detailed description when considered in conjunction with the drawings and the disclosed embodiments are intended to include all such aspects and their equivalents.
Drawings
FIG. 1 is a flow chart of a method for implementing data integrity protection on data blocks according to the present invention;
FIG. 2 is a schematic diagram illustrating a flow of calculating a data chunking hash value by a source station according to the present invention;
FIG. 3 is a flowchart of a method for integrity checking data blocks acquired from the storage sites according to the present invention;
fig. 4 is a block diagram of an apparatus for implementing data integrity protection on data blocks according to the present invention.
Detailed Description
The following description and the drawings sufficiently illustrate specific embodiments of the invention to enable those skilled in the art to practice them. Other embodiments may incorporate structural, logical, electrical, process, and other changes. The examples merely typify possible variations. Individual components and functions are optional unless explicitly required, and the sequence of operations may vary. Portions and features of some embodiments may be included in or substituted for those of others. The scope of embodiments of the invention encompasses the full ambit of the claims, as well as all available equivalents of the claims. Embodiments of the invention may be referred to herein, individually or collectively, by the term "invention" merely for convenience and without intending to voluntarily limit the scope of this application to any single invention or inventive concept if more than one is in fact disclosed.
In the internet, a source site stores user application data, and when the user site needs to acquire the application data, a request is sent to the data source site to acquire corresponding data. This data invoking method may cause repeated transmission of user application data in the internet, thereby reducing transmission efficiency of network data, and may also cause delay to data transmission, thereby reducing service experience of the user, and when the data invoked by the user site is data with large data volume, such as: video data, the above disadvantages are more apparent.
Therefore, a group of storage sites are arranged in the network edge area close to the user site, hot data in the network are stored in the sites, when the user site applies for the data, the wireless base station or the local area network gateway calls the data, and the time delay of the user for acquiring the data is greatly reduced. Besides configuring a special storage site, a group of wireless base stations or local area network gateways in close positions can be set as the storage site;
when the hot data in the network is data with large data volume, the hot data is divided into a plurality of data blocks, and the data blocks are respectively stored on each site of the group of storage sites for being called nearby by the wireless base station or the local area network gateway. In order to prevent hackers in the network from breaking the data blocks, such as: in which trojans, etc. are inserted, data integrity protection of these data blocks is required.
The invention provides a method for realizing data integrity protection on data blocks, as shown in fig. 1, comprising the following steps:
s101, dividing data to be sent into a plurality of data blocks, calculating a hash value of each data block, and storing the hash value in a corresponding data domain of each data block.
Specifically, data to be transmitted is divided into a plurality of data blocks, and an additional part is configured for the data blocks;
the additional part is a non-information data part in the data block, and the additional part is used for assisting the data block to carry out information data transmission;
optionally, the additional part includes a block header and/or a block trailer of the data block.
Further, two data fields are set in the additional part of each data block: the 'local block hash value' field and the 'last block hash value' field;
calculating the hash value of each data block, and storing the hash value in a corresponding data field of each data block;
further, the additional part comprises a data block sequence identification; the additional part of the last data block comprises a specific identifier, and the specific identifier is used for marking the last data block as the specific identifier;
the adjacent data blocking includes:
the data blocks with similar sequence numbers in the data block sequence identification are adjacent data blocks;
the first data partition and the last data partition are adjacent data partitions.
Calculating the numerical values of the 'local block hash value' field and the 'last block hash value' field of each block according to the following method: as shown in fig. 2, includes:
s101a, partitioning the last data, calculating hash values of parts except the 'last partitioned hash value' field and the 'local partitioned hash value' field through a hash algorithm, and filling the calculated hash values into the 'local partitioned hash value' field of the partition and the 'last partitioned hash value' field of the first data partition.
S101b, starting from the first data block, calculating hash values of the data blocks except the hash value field of the current block of the data block, filling the calculated hash values into the hash value field of the current block of the data block, and filling the hash value field of the last block of the data block.
S102, storing the plurality of data blocks in storage sites in a distributed manner; the storage sites are a group of network sites close to the network edge of the user site;
a group of storage sites are arranged at positions close to user sites and used for storing popular data frequently applied by users in a network, and the storage sites are called as edge storage sites in the invention; and the source site divides the data into blocks and stores a plurality of data blocks into a group of edge storage sites.
S103, acquiring data block data from each storage station, and performing integrity check;
as shown in fig. 3, the specific steps are as follows:
s103a, a user site sends a data request, a site discovery request data for calling data is stored in a storage site in a data block group mode, and a site calling data sends the data request to the storage site.
S103b, the storage site sends the corresponding data to the site for calling the data in a blocking mode.
And S103c, the station calling the data acquires the data blocks from the storage stations and carries out integrity check.
Specifically, the hash value of each data block is calculated according to the following steps, and whether the data integrity of the current data block is damaged or not is judged;
(1) calculating hash values of parts except for the hash value field of the block from the first data block to the last but one data block, comparing the hash value of the block obtained by calculation with the data in the hash value field of the block, and if the hash values are different, judging that the integrity of the data of the current data block is damaged, and jumping out for verification; if the two are the same, further checking is carried out;
the further verification is that the hash value of the current block obtained by calculation is compared with the value of the 'last block hash value' field of the next data block, if the hash value of the current block is different from the value of the 'last block hash value', the data integrity of the current data block is judged to be damaged, and the verification is jumped out; if the data blocks are the same, checking the next data block;
this process continues until the data integrity check for the second to last partition is completed.
(2) For the last data block, calculating hash values of parts except the 'last block hash value' field and the 'local block hash value' field, comparing the calculated last data block hash value with the data in the 'local block hash value' field, and if the last data block hash value is different from the data in the 'local block hash value' field, judging that the data integrity of the current data block is damaged, and jumping out for verification; if the data blocks are the same, comparing the hash value of the last data block obtained by calculation with the value of the last block hash value field of the first block, and if the data blocks are not the same, judging that the data integrity of the current data block is damaged, and jumping out for verification; and if the data in the current data block is the same, judging that the data in the current data block is complete.
And S104, after the verification is finished, the data calling site sends the information data in the data blocks to the user site.
Example one
In network communications, a group of closely located user sites are controlled by the same superordinate central site, and they all communicate with sites in the internet via the superordinate central site. When the user station is located in the ethernet, the superior central station is an ethernet gateway, and when the user station is located in a wireless network (e.g., a mobile communication network, a wireless lan), the superior central station is a wireless base station. When a user site applies for data from a remote site through a superior central site, if the superior central site finds that the applied data is stored in an edge storage site, the central site can directly call the data in the edge storage site and send the data to the user site.
In this embodiment, a situation that a user station is in a wireless network is considered, and a station invoking data is a wireless base station at this time. The implementation of the method proposed by the present invention can be derived similarly for the case where the user station is in a wired network.
S201, a source station divides data to be sent into a plurality of data blocks, and additional parts are configured for the data blocks; the data partition includes a data portion and an additional portion; the data part is information data to be transmitted by the block;
the additional part is a non-information data part in the data block, and the additional part is used for assisting the data block to carry out information data transmission;
optionally, the additional part includes a block header and/or a block trailer of the data block;
further, the source site sets two data fields in the additional part of each data block: the 'local block hash value' field and the 'last block hash value' field;
further, calculating a hash value of each data block, and storing the hash value in a corresponding data field of each data block;
it should be noted that, the calculation of the hash value of the block not only aims at the data portion of the block, but also includes an additional portion; each data block not only contains the hash value of the block, but also contains the hash value of the adjacent data block;
further, the block header contains a data block sequence identifier; the sequential identification of a plurality of data blocks into which the same data is divided is continuous;
the adjacent data blocking includes:
the data blocks with similar sequence numbers in the data block sequence identification are adjacent data blocks;
it should be noted that the first data block and the last data block are adjacent data blocks; the adjacent data blocks of the first data block are the last data block and the second data block; similarly, the data blocks adjacent to the last data block are the penultimate data block, and the first data block.
Specifically, the source site calculates the numerical values of the 'local block hash value' field and the 'previous block hash value' field of each block according to the following method: as shown in fig. 2, includes:
and S201a, for the last data block, calculating the hash value of the part except the 'last block hash value' field and the 'present block hash value' field by a hash algorithm, and filling the calculated hash value into the 'present block hash value' field of the block and the 'last block hash value' field of the first data block.
And S201b, starting from the first data block, calculating hash values of the data blocks except the hash value field of the current block of the data block, filling the calculated hash values into the hash value field of the current block of the data block, and filling the hash value field of the last block of the next data block of the data block.
Specifically, starting from a first data block, calculating a hash value of a part of the first data block except for a hash value field of the first data block through a hash algorithm, and filling the calculated hash value into the hash value field of the first data block and the hash value field of a last block of a second data block;
for the second data block, calculating a hash value by a hash algorithm except for the hash value field of the current block, wherein the hash value field of the current block comprises the hash value field of the last block filled with a numerical value, namely the hash value of the first data block, and thus the hash value of the first data block is contained in the hash value field of the current block of the second data block; filling the calculated hash value of the second data block into the hash value field of the second data block and the hash value field of the last block of the third data block;
it should be noted that this calculation method continues until the penultimate block.
Therefore, through the front-back linkage of the hash values, a network hacker can be effectively prevented from tampering or adding data to a certain or some data blocks without finding the data blocks, and meanwhile, the edge storage site is difficult to tamper or add data to the stored block data. Illustratively, if a network hacker modifies the data of one block by recalculating the hash value of the block, but since the hash value of the block is also stored in the next block, the value of the "last block hash value" field in the next block must be modified to make the modification undetected, but modifying the value of the "last block hash value" field in the next block will cause the value of the "last block hash value" field in the next block to need to be recalculated. Similarly, it is difficult for an edge storage site storing a block to modify the stored data of the block.
Therefore, the integrity of the whole data can be protected on the whole through the front and back links between the hash values of the data blocks, and when the data blocks are stored and transmitted dispersedly, the data can be effectively prevented from being modified by lawless persons.
S202, storing the plurality of data blocks in each storage site in a distributed manner; the storage sites are a group of network sites close to the network edge of the user site;
for a wireless communication system, a group of storage sites is arranged near a wireless base station and used for storing hot data frequently applied by users in a network, and the group of storage sites provides storage services for the wireless base station. Therefore, when the user station applies hot data to the wireless base station, the wireless base station can obtain the data from a group of adjacent edge storage stations without applying the data to a source station of the data, so that the time delay of data transmission is greatly reduced, and the source station divides the data into blocks and stores the blocks into the group of edge storage stations for the adjacent group of wireless base stations to call.
S203, the wireless base station acquires data block data from the edge storage site and carries out integrity check; in particular, the method comprises the following steps of,
s203a, a user station sends a data request to a wireless base station, the wireless base station finds that the requested data is stored in an adjacent edge storage station in a data block group mode, and the wireless base station sends the data request to the edge storage station;
a typical situation where this happens is: the user site applies for data with large data volume of a certain hot point;
s203b, the edge storage station transmits the corresponding data block to the radio base station.
And S203c, the wireless base station performs data integrity check on the data blocks acquired from the edge storage station.
After receiving all the data blocks, the wireless base station carries out data integrity check on the data blocks; specifically, the hash value of each data block is calculated according to the following steps, and whether the data integrity of the current data block group is damaged or not is judged;
(1) starting from the first data block division to the last but one data block division, the wireless base station calculates the hash value of the part except the hash value field of the current block division, compares the hash value of the current block division with the data in the hash value field of the current block division, and if the hash value of the current block division is different from the hash value of the current block division, judges that the data integrity of the current data block division is damaged and jumps out for verification; if the two are the same, further checking is carried out;
the further verification is that the hash value of the current block obtained by calculation is compared with the value of the 'last block hash value' field of the next data block, if the hash value of the current block is different from the value of the 'last block hash value', the data integrity of the current data block is judged to be damaged, and the verification is jumped out; if the data blocks are the same, checking the next data block;
this process continues until the data integrity check for the second to last partition is completed.
(2) For the last data block, the wireless base station calculates the hash value of the part except the 'last block hash value' field and the 'local block hash value' field, compares the calculated hash value of the last data block with the data in the 'local block hash value' field, and if the calculated hash value of the last data block is different from the data in the 'local block hash value' field, judges that the data integrity of the current data block is damaged, and jumps out for verification; if the data blocks are the same, the last data block hash value obtained by recalculation is compared with the value of the last block hash value field of the first block, and if the data blocks are not the same, the data integrity of the current data block is judged to be damaged, and the data blocks are jumped out for verification; and if the data in the current data block is the same, judging that the data in the current data block is complete.
Further, when the data integrity check of the last data block is completed, the data integrity check of the whole group of data blocks is completed.
It should be noted that, when the data integrity of the current data block is found to be damaged in the verification process, the wireless base station continues to apply for the data to the source station of the current data, and reports the information to the relevant source station and the edge storage station, and the relevant source station and the edge storage station can search for the reason why the data integrity is damaged, thereby maintaining the network security.
And S203d, after the verification is finished, the wireless base station sends the information data in the data block group to the user station.
Example two
The present invention provides a device 300 for implementing data integrity protection on data blocks, as shown in fig. 4, including:
a sending module 310, configured to divide data to be sent into a plurality of data blocks, where the sending module 310 dispersedly stores the plurality of data blocks in the storage module 320;
the sending module 310 is further configured to calculate a hash value of each data chunk, and store the hash value in a corresponding data field of each data chunk;
the data to be sent is popular data with large data volume which is frequently applied and acquired by a user site.
Further, the sending module 310 includes:
a configuring unit 311, configured to configure an additional part for the data partition, where the additional part is a non-information data part in the data partition, and the additional part is used for assisting the data partition to perform information data transmission;
optionally, the additional part includes a block header and/or a block trailer of the data block;
the configuration unit 311 is further configured to set two data fields in an additional portion of each data partition: the 'local block hash value' field and the 'last block hash value' field;
a processing unit 312, configured to calculate a hash value of each data block, and store the hash value in a corresponding data field of each data block;
the processing unit 312 is specifically configured to calculate a hash value of the last data block, calculate a hash value of the last data block through a hash algorithm for a portion of the last data block other than the "last block hash value" field and the "present block hash value" field, and then fill the calculated hash value into the "present block hash value" field of the block and the "last block hash value" field of the first data block.
The processing unit 312 is further configured to calculate hash values of all data chunks except the last data chunk, including: starting from the first data block, calculating the hash value of the part of the data block except the hash value field of the current block, filling the calculated hash value into the hash value field of the current block, and filling the hash value field of the last block of the next data block.
A storage module 320, the storage module 320 being a group of network sites near the network edge of the user site; the device comprises a receiving unit 321, which is used for receiving and storing the data blocks;
the sending unit 322 is further included for sending the corresponding data chunk to the data invoking module when the receiving module requests to obtain the data of the data chunk group.
A data calling module 330, configured to obtain data blocks from the storage module, and perform data integrity check:
the data call module 330 includes:
the calculating unit 331 is configured to calculate a hash value of each data partition, specifically,
the calculating unit 331, for the data blocks from the first data block to the second last, the calculating unit 331 calculates the hash value for the part other than the "hash value of this block" field;
the calculation unit 331 calculates, for the last data block, a hash value for a portion other than the "last block hash value" field and the "present block hash value" field.
A decision unit 332 for determining whether the data integrity of the current data block group is damaged,
the judging unit 332 compares the hash value of the current block obtained by the calculating unit with the data in the hash value field of the current block for the other data blocks except the last data block, and if the hash value of the current block is different from the hash value of the current block, judges that the integrity of the data of the current data block is damaged and jumps out of the check; if the two are the same, further checking is carried out;
the further verification is that the hash value of the current block obtained by calculation is compared with the value of the 'last block hash value' field of the next block, if the hash value of the current block is different from the last block hash value, the data integrity of the current data block is judged to be damaged, and the verification is jumped out; if the data blocks are the same, checking the next data block;
this process continues until the data integrity check for the penultimate chunk is completed;
the determining unit 332 compares the hash value of the last data block obtained by the calculating unit 331 with the data in the "hash value of the current block" field for the last data block, and if the hash value of the last data block is different from the hash value of the current block, determines that the integrity of the data of the current data block is damaged; if the data blocks are the same, the last data block hash value obtained by recalculation is compared with the value of the last block hash value field of the first block, and if the data blocks are not the same, the data integrity of the current data block is judged to be damaged, and the data blocks are jumped out for verification; if the data blocks are the same, judging that the data of the current data block is complete;
the receiving module 340 is configured to receive the information data sent by the data invoking module 330.
According to the method and the device for realizing data integrity protection on the data blocks, the hash values of a group of data blocks are linked front and back, and the data integrity protection is carried out by taking a plurality of data blocks as a unit, so that the hash check is not carried out on a single data block but on a plurality of data blocks, and the reliability of the data integrity check is greatly improved; meanwhile, the data acquired at the network edge storage site is sent to the user, so that the data transmission delay is greatly reduced.
Those of skill in the art will understand that the various exemplary method steps and apparatus elements described in connection with the embodiments disclosed herein can be implemented as electronic hardware, software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative steps and elements have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method described in connection with the embodiments disclosed above may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC. The ASIC may reside in a subscriber station. In the alternative, the processor and the storage medium may reside as discrete components in a subscriber station.
The disclosed embodiments are provided to enable those skilled in the art to make or use the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the scope or spirit of the invention. The above-described embodiments are merely preferred embodiments of the present invention, which should not be construed as limiting the invention, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (10)
1. A method for implementing data integrity protection on data blocks, comprising:
dividing data to be transmitted into a plurality of data blocks; calculating the hash value of each data block, and storing the hash value in a corresponding data field of each data block; each data block not only contains the hash value of the block, but also contains the hash value of the adjacent data block;
the data are stored in storage sites in a distributed mode in a blocking mode;
acquiring a plurality of data blocks from each storage site, calculating hash values of the data blocks, and performing integrity check on the data of the data blocks;
and after the verification is finished, sending the information data in the data blocks to the user site.
2. The method of data integrity protection as defined in claim 1,
the data partition comprises a data portion and an additional portion; two data fields are set in the additional part: the 'current block hash value' field and the 'last block hash value' field.
3. The method of data integrity protection as defined in claim 2, wherein the additional portion contains a data block order identification.
4. The method of data integrity protection as defined in claim 1,
the storage sites are a group of network sites near the network edge of the user site.
5. The method of data integrity protection as defined in claim 1,
the adjacent data blocking includes:
the data blocks with similar sequence numbers in the data block sequence identification are adjacent data blocks;
the first data partition and the last data partition are adjacent data partitions.
6. The method of data integrity protection according to claim 1 or 2,
the calculating the hash value of each data block and storing the hash value in the corresponding data field of each data block includes:
(1) partitioning the last data, calculating the hash value of the part of the partition except the 'last partitioned hash value' field and the 'local partitioned hash value' field by a hash algorithm, filling the calculated hash value into the 'local partitioned hash value' field of the last data partition and the 'last partitioned hash value' field of the first data partition;
(2) calculating the hash value of the part of the data block except the hash value field of the current block from the first data block to the last data block, filling the calculated hash value into the hash value field of the current block, and filling the hash value field of the last block of the next data block of the current block.
7. The method of claim 1, wherein the computing the hash value of each data chunk and performing integrity check on the data of each data chunk comprises:
(1) calculating hash values of parts except for the hash value field of the block from the first data block to the last but one data block, comparing the hash value of the block obtained by calculation with the data in the hash value field of the block, if the hash values are different, judging that the integrity of the data of the current data block is damaged, and if the hash values are the same, further verifying the data;
the further verification is that the calculated hash value of the current block is compared with the value of the hash value of the last block of the next block, if the hash values are different, the data integrity of the current data block is judged to be damaged, and if the hash values are the same, the next data block is verified;
(2) for the last data block, calculating hash values of parts except the 'last block hash value' field and the 'present block hash value' field, comparing the calculated hash value of the last data block with the data in the 'present block hash value' field, and if the calculated hash value of the last data block is different from the data in the 'present block hash value' field, judging that the integrity of the data of the last data block is damaged; if the data in the current data block is the same as the data in the previous data block, the hash value of the last data block obtained by calculation is compared with the hash value of the last data block of the first data block, if the data in the last data block is not the same as the hash value of the last data block, the data integrity of the current data block is judged to be damaged, and if the data in the last data block is the same as the hash value of the last data block, the data integrity of the current data.
8. An apparatus for implementing data integrity protection for data partitions, comprising:
the transmitting module is used for dividing the data to be transmitted into a plurality of data blocks and dispersedly storing the data blocks in the storage module;
the sending module is further configured to calculate a hash value of each data chunk, and store the hash value of each data chunk in a corresponding data field of each data chunk;
the storage module is a group of network stations close to the network edge of the receiving module and is used for receiving and storing the plurality of data blocks sent by the sending module;
the storage module is further used for sending the data blocks to the data calling module when the receiving module requests to acquire the data of the data blocks;
the data calling module is used for receiving the data request of the receiving module, acquiring data block data from the storage module and carrying out integrity check;
the data calling module is also used for sending the information data in the data blocks to the receiving module after the verification is finished;
and the receiving module is used for receiving the information data sent by the data calling module.
9. The apparatus for implementing data integrity protection as defined in claim 8, wherein the sending module comprises:
a configuration unit, configured to configure an additional part for the data partition, where the additional part is a non-information data part in the data partition, and the additional part includes a data partition sequence identifier;
the configuration unit is further configured to set two data fields in an additional portion of each data partition: the 'local block hash value' field and the 'last block hash value' field;
the processing unit is used for calculating the hash value of each data block and storing the hash value in a corresponding data field of each data block;
the processing unit is further configured to calculate a hash value of the last data block, calculate a hash value of the last data block by a hash algorithm on a portion of the last data block other than the "last block hash value" field and the "present block hash value" field, and then fill the calculated hash value into the "present block hash value" field of the last block and the "last block hash value" field of the first data block;
the processing unit is further configured to calculate hash values of all data chunks except the last data chunk, and includes: calculating the hash value of the part of the data block except the hash value field of the current block from the first data block to the last data block, filling the calculated hash value into the hash value field of the current block, and filling the hash value field of the last block of the next data block of the current block.
10. The apparatus for implementing data integrity protection as defined in claim 8,
the data calling module comprises:
the calculating unit is used for calculating the hash value of each data block;
the calculating unit calculates hash values of the parts except the 'hash value of the block' field for the data blocks from the first data block to the last data block;
the calculating unit calculates the hash values of the parts except the 'last block hash value' field and the 'present block hash value' field for the last data block;
the judging unit is used for judging whether the data integrity of the current data block group is damaged or not;
the judging unit compares the hash value of the block obtained by the calculating unit with the data in the hash value field of the block for the other data blocks except the last data block, if the hash value of the block is different from the hash value of the block, the judging unit judges that the integrity of the data of the current data block is damaged, and if the hash value of the data of the current data block is the same as the hash value of the block, the judging unit further checks the data;
the further verification is that the hash value of the current block obtained by calculation is compared with the value of the hash value field of the last block of the next block, if the hash value is different, the data integrity of the current data block is judged to be damaged, and if the hash value is the same, the data integrity of the current data block is judged, and the next data block is verified;
the judging unit compares the hash value of the last data block obtained by the calculating unit with the data in the hash value field of the current block for the last data block, and judges that the data integrity of the current data block is damaged if the hash value of the last data block is different from the hash value of the current block; if the data in the current data block is the same as the data in the previous data block, the hash value of the last data block obtained by calculation is compared with the hash value of the last data block of the first data block, if the data in the last data block is not the same as the hash value of the last data block, the data integrity of the current data block is judged to be damaged, and if the data in the last data block is the same as the hash value of the last data block, the data integrity of the current data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911326447.7A CN113014389A (en) | 2019-12-20 | 2019-12-20 | Method and device for realizing data integrity protection on data blocks |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911326447.7A CN113014389A (en) | 2019-12-20 | 2019-12-20 | Method and device for realizing data integrity protection on data blocks |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113014389A true CN113014389A (en) | 2021-06-22 |
Family
ID=76382611
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911326447.7A Pending CN113014389A (en) | 2019-12-20 | 2019-12-20 | Method and device for realizing data integrity protection on data blocks |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113014389A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180165345A1 (en) * | 2016-12-09 | 2018-06-14 | Fujitsu Limited | Data processing device, computer-readable recording medium having recorded therein data processing program and data processing method |
| CN108632020A (en) * | 2018-05-15 | 2018-10-09 | 浙江鲸腾网络科技有限公司 | Data transmission method for uplink, method of reseptance and device |
| CN109889505A (en) * | 2019-01-23 | 2019-06-14 | 平安科技(深圳)有限公司 | The data property held verification method and terminal device |
| CN110162662A (en) * | 2019-04-18 | 2019-08-23 | 阿里巴巴集团控股有限公司 | Verification method, device and the equipment of data record in a kind of piece of chain type account book |
-
2019
- 2019-12-20 CN CN201911326447.7A patent/CN113014389A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180165345A1 (en) * | 2016-12-09 | 2018-06-14 | Fujitsu Limited | Data processing device, computer-readable recording medium having recorded therein data processing program and data processing method |
| CN108632020A (en) * | 2018-05-15 | 2018-10-09 | 浙江鲸腾网络科技有限公司 | Data transmission method for uplink, method of reseptance and device |
| CN109889505A (en) * | 2019-01-23 | 2019-06-14 | 平安科技(深圳)有限公司 | The data property held verification method and terminal device |
| CN110162662A (en) * | 2019-04-18 | 2019-08-23 | 阿里巴巴集团控股有限公司 | Verification method, device and the equipment of data record in a kind of piece of chain type account book |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10291586B2 (en) | Monitoring wireless data consumption | |
| WO2019062384A1 (en) | Method and device for public network user accessing private network | |
| US20120166803A1 (en) | Verification method, apparatus, and system for resource access control | |
| US9693248B2 (en) | Method and apparatus for detecting tethering in a communications network | |
| WO2013036427A1 (en) | Secure quality of service | |
| CN111865872B (en) | Method and equipment for realizing terminal security policy in network slice | |
| CN110868294B (en) | Key updating method, device and equipment | |
| US20130166905A1 (en) | Methods and arrangements for secure communication over an ip network | |
| CN105656875A (en) | Main stream connection building method and device based on MPTCP (Multi-Path Transmission Control Protocol) | |
| CN112422270A (en) | BC-LHE-based vehicle networking data sharing method and system | |
| KR20150116170A (en) | Access point apparatus for consisting multiple secure tunnel, system having the same and method thereof | |
| CN113038477B (en) | Slice routing rule tamper-proof method, terminal and medium | |
| CN110557387A (en) | cross-network equipment communication method, device, system, server and readable storage medium | |
| CN110365688A (en) | Anti-stealing-link method and device | |
| CN113014389A (en) | Method and device for realizing data integrity protection on data blocks | |
| KR101881717B1 (en) | System and method for policy control functions management mechanism | |
| CN117850837A (en) | Multi-device software upgrading method based on safety | |
| CN109429225A (en) | Message sink, sending method and device, terminal, network functional entity | |
| CN111193706B (en) | Identity verification method and device | |
| CN111614739B (en) | Network measurement data storage method, device and system | |
| CN115174264A (en) | Security-optimized single-package authentication method and system | |
| CN109428817B (en) | Service chain processing method, related network element and system | |
| WO2020103420A1 (en) | Data transmission method and receiving method, devices and system | |
| CN111163466A (en) | Method for 5G user terminal to access block chain, user terminal equipment and medium | |
| CN114257471B (en) | Authentication method, network device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |