CN-122027313-A - Vehicle-road cloud mass data safety management method and system based on distributed storage

Abstract

The invention discloses a vehicle-road cloud mass data safety management method and system based on distributed storage, and relates to the technical field of data safety. The method comprises the steps of collecting multi-source data and identifying types by an access road side and a vehicle-mounted terminal to generate a data set, carrying out distributed addressing, determining node mapping and distributing to construct a storage cluster, carrying out layered encryption on the storage cluster to generate a first encryption fragment, analyzing an access request, carrying out multi-node parallel verification on the first encryption fragment, reading a second encryption fragment, verifying the second encryption fragment and dynamically adjusting the node mapping to generate a data optimization management scheme. The method solves the technical problems that the efficient expansion, the security privacy protection and the storage cost optimization of mass data are difficult to consider in the existing vehicle-road cloud data storage, realizes the high availability and the elastic expansion of the distributed storage of the data, and achieves the technical effects of guaranteeing the full life cycle security of the data through layered encryption, dynamically optimizing the data distribution based on access verification so as to reduce the storage cost and improve the access efficiency.

Inventors

• YAN HAO
• WANG YONGFEI

Assignees

• 智慧互通科技股份有限公司

Dates

Publication Date

20260512

Application Date

20260304

Claims (8)

1. 1. The vehicle-road cloud quantity data safety management method based on distributed storage is characterized by comprising the following steps of: The access road side sensing equipment and the vehicle-mounted terminal acquire the multi-source traffic data in real time, and the type identification is carried out to generate a data set to be processed; Distributed addressing is carried out on the data set to be processed, a storage node mapping relation is determined, the data set to be processed is distributed to a plurality of storage nodes according to the storage node mapping relation, and a data storage cluster is constructed; performing hierarchical encryption processing on the data storage cluster to generate a first encrypted storage fragment; The data access request is received for analysis, multi-node parallel verification is carried out on the first encrypted storage fragment according to the analysis result, and the second encrypted storage fragment is read; and verifying the second encrypted storage fragment, and dynamically adjusting the storage node mapping relation reversely according to the verification result to generate a data distribution optimization management scheme.
2. 2. The vehicle-road cloud quantity data safety management method based on distributed storage according to claim 1, wherein the data set to be processed is subjected to distributed addressing, a storage node mapping relation is determined, the data set to be processed is distributed to a plurality of storage nodes according to the storage node mapping relation, and a data storage cluster is constructed, and the method comprises the steps of: Introducing a distributed file traversal online storage node, and extracting a plurality of node identifiers and a plurality of network addresses; mapping a plurality of node identifiers to a hash ring according to the plurality of network addresses to construct a node distribution ring; performing hash operation on the data set to be processed based on the node distribution ring to obtain a plurality of data hash values; searching according to the plurality of data hash values traversing the hash ring, determining a main storage node, continuously searching based on the main storage node traversing the hash ring, and determining a copy storage node; performing storage node mapping analysis based on the main storage node and the duplicate storage node, and constructing a storage node mapping relation table; According to the storage node mapping relation table, carrying out data segmentation on the data set to be processed to generate a plurality of data fragments; and simultaneously sending the plurality of data fragments to the main storage node and the copy storage node for storage, and constructing the data storage cluster.
3. 3. The vehicle-road cloud volume data security management method based on distributed storage according to claim 1, wherein the data storage cluster is subjected to hierarchical encryption processing to generate a first encrypted storage fragment, and the method comprises: Extracting a data type identifier from a data record of a data set to be processed; Performing data analysis based on the data type identifier, and determining a data security level label, wherein the data security level label comprises a basic perception data level, a cooperative control data level and a privacy data level; introducing an encryption strategy library, traversing the encryption strategy library according to the basic perception data grade, the cooperative control data grade and the privacy data grade to match, and determining a plurality of encryption data blocks; and combining and packaging the plurality of encrypted data blocks to construct the first encrypted storage fragment.
4. 4. The vehicle-road cloud volume data security management method based on distributed storage according to claim 3, wherein an encryption policy base is introduced, and the encryption policy base is traversed according to the basic perceived data level, the cooperative control data level and the privacy data level for matching, so as to determine a plurality of encryption data blocks, and the method comprises: When the data security level label is the basic perception data level, traversing an encryption strategy library by adopting a symmetric encryption algorithm according to the first key length to carry out encryption processing, and generating a basic level encryption data block; when the data security level label is the cooperative control data level, traversing an encryption strategy library by adopting a symmetric encryption algorithm according to a second key length to carry out encryption processing, and generating a cooperative level encryption data block, wherein the second key length is larger than the first key length; and when the data security level label is the privacy data level, traversing an encryption strategy library by adopting an attribute-based encryption algorithm according to an access control strategy tree to carry out encryption processing, and generating a privacy-level encryption data block, wherein the access control strategy tree comprises a plurality of attribute condition combinations.
5. 5. The vehicle-road cloud volume data safety management method based on distributed storage according to claim 1, wherein the method comprises the steps of receiving a data access request for analysis, performing multi-node parallel verification on the first encrypted storage fragment according to the analysis result, and reading a second encrypted storage fragment, and comprises the following steps: receiving a data access request through an access interface of a distributed storage cluster; analyzing the data access request, and determining request header information and request body information, wherein the request header information comprises a visitor digital certificate and an identity, and the request body information comprises a data record identification list for requesting access and a request operation type; Initiating a batch inquiry request to a metadata management node according to the data record identification list to acquire a data storage node mapping relation and encrypted metadata; sending the visitor digital certificate to a blockchain verification network for parallel verification, and generating a signature verification result; performing verification return statistics based on the signature verification result, and determining the number of verification nodes; And judging and analyzing according to the number of the verification nodes, performing multi-node parallel verification on the first encrypted storage fragments according to the analysis result, and reading the second encrypted storage fragments.
6. 6. The vehicle-road cloud volume data safety management method based on distributed storage according to claim 5, wherein the decision analysis is performed according to the number of verification nodes, and the method comprises: if the number of the verification nodes exceeds a preset verification passing threshold, judging that the digital certificate verification is successful, and generating a first judgment result; Traversing the metadata management node to correlate data record identification based on the first judging result, and determining an access control strategy; Matching the identity mark, the request operation type and the access control strategy, and when the access authority is matched, extracting a storage node mapping relation to match the record data to be accessed to generate an access node list; And according to the access node list, combining a plurality of storage nodes to perform data reading connection, and generating the analysis result.
7. 7. The vehicle-road cloud volume data security management method based on distributed storage as claimed in claim 1, wherein the second encrypted storage fragment is verified, the method comprising: Reading an encryption algorithm identification field from the metadata area of the second encryption storage segment, and identifying and determining a target encryption algorithm type; reading a key index field from a metadata area of the second encrypted storage segment; determining a key acquisition request based on the integration of the target encryption algorithm type and the key index field; the key acquisition request is sent to a key management service through a secure communication channel to perform index searching, and a target encryption key is determined; returning the target encryption key to the verification module through a secure channel for decryption operation, and generating an original data fragment; extracting an original integrity check value based on the second encrypted storage fragment; Performing hash operation on the original data fragments to generate a real-time integrity check value; And comparing and judging the real-time integrity check value with the original integrity check value to generate the verification result.
8. 8. The vehicle-road cloud quantity data safety management system based on distributed storage is characterized by being used for implementing the vehicle-road cloud quantity data safety management method based on distributed storage as claimed in any one of claims 1-7, and the system comprises: the data acquisition unit is connected with the road side sensing equipment and the vehicle-mounted terminal for real-time acquisition to obtain multi-source traffic data for type identification and generate a data set to be processed; The data distribution unit is used for carrying out distributed addressing on the data set to be processed, determining a storage node mapping relation, distributing the data set to be processed to a plurality of storage nodes according to the storage node mapping relation, and constructing a data storage cluster; The hierarchical encryption unit is used for performing hierarchical encryption processing on the data storage cluster to generate a first encrypted storage fragment; the parallel verification unit is used for receiving the data access request for analysis, carrying out multi-node parallel verification on the first encrypted storage fragment according to the analysis result, and reading a second encrypted storage fragment; And the dynamic adjustment unit is used for verifying the second encrypted storage fragment, and carrying out dynamic adjustment on the storage node mapping relation according to the verification result in a reverse direction to generate a data distribution optimization management scheme.

Description

Vehicle-road cloud mass data safety management method and system based on distributed storage Technical Field The invention relates to the technical field of data security, in particular to a vehicle-road cloud quantity data security management method and system based on distributed storage. Background Based on the integration of the road cloud and the acceleration of the intelligent network-connected automobile, road side sensing equipment, a vehicle-mounted terminal and a cloud platform continuously generate massive multi-source heterogeneous data such as videos, radars, tracks, signal control, interaction of the internet of vehicles, user privacy and the like, and the characteristics of high concurrency access, strong real-time performance, cross-domain sharing and long-period retention are presented. The existing centralized or traditional distributed storage has remarkable pressure in PB-level expansion, cross-node consistency, fault disaster tolerance and access performance, and meanwhile, the data island is easily caused by insufficient cooperation of industry standards and multiple main bodies. More importantly, the vehicle-road cloud data relates to public security and personal privacy and faces risks of leakage, tampering, unauthorized access, key abuse, usability reduction caused by node failure and the like. Therefore, a vehicle-road cloud data security management scheme capable of achieving high concurrency storage, hierarchical security protection, efficient access verification and dynamic optimization of storage distribution of mass data is needed, so that the technical problems of poor storage expansibility, rough security protection, low access verification efficiency and insufficient adaptability of data distribution and access modes in the prior art are solved. Disclosure of Invention The application provides a vehicle-road cloud mass data safety management method and system based on distributed storage, which solve the technical problems that the efficient expansion, the safety privacy protection and the storage cost optimization of mass data are difficult to consider in the existing vehicle-road cloud data storage. The application provides a vehicle-road cloud mass data security management method based on distributed storage, which comprises the following steps: The method comprises the steps of acquiring multi-source traffic data in real time to obtain type identification, generating a data set to be processed, carrying out distributed addressing on the data set to be processed, determining a storage node mapping relation, distributing the data set to be processed to a plurality of storage nodes according to the storage node mapping relation to construct a data storage cluster, carrying out layered encryption processing on the data storage cluster to generate a first encrypted storage fragment, receiving a data access request to analyze, carrying out multi-node parallel verification on the first encrypted storage fragment according to an analysis result, reading a second encrypted storage fragment, verifying the second encrypted storage fragment, carrying out dynamic adjustment on the storage node mapping relation according to a verification result in a reverse direction, and generating a data distribution optimization management scheme. In a second aspect of the present application, there is provided a vehicle-road cloud mass data security management system based on distributed storage, the system comprising: The system comprises a data acquisition unit, a data distribution unit, a hierarchical encryption unit, a parallel verification unit, a dynamic adjustment unit and a dynamic adjustment unit, wherein the data acquisition unit is used for acquiring access road side sensing equipment and a vehicle-mounted terminal in real time to obtain multi-source traffic data for type identification and generating a data set to be processed, the data distribution unit is used for carrying out distributed addressing on the data set to be processed, determining a storage node mapping relation, distributing the data set to be processed to a plurality of storage nodes according to the storage node mapping relation to construct a data storage cluster, the hierarchical encryption unit is used for carrying out hierarchical encryption processing on the data storage cluster to generate a first encrypted storage fragment, the parallel verification unit is used for receiving a data access request to carry out analysis, carrying out multi-node parallel verification on the first encrypted storage fragment according to an analysis result and reading a second encrypted storage fragment, and the dynamic adjustment unit is used for verifying the second encrypted storage fragment, and carrying out dynamic adjustment on the storage node mapping relation according to a verification result in a reverse direction to generate a data distribution optimization management scheme. One or more technical schemes provided by