CN104980437B - A kind of authorization third party's data integrity method of proof of identity-based - Google Patents
A kind of authorization third party's data integrity method of proof of identity-based Download PDFInfo
- Publication number
- CN104980437B CN104980437B CN201510322919.7A CN201510322919A CN104980437B CN 104980437 B CN104980437 B CN 104980437B CN 201510322919 A CN201510322919 A CN 201510322919A CN 104980437 B CN104980437 B CN 104980437B
- Authority
- CN
- China
- Prior art keywords
- authorization
- user
- party
- key
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
Abstract
The invention discloses a kind of authorization third party's data integrity methods of proof of identity-based.The design of this method is based on two-wire pair and identity ciphering technology, by the way that user's authorization evidence to be embedded into the generation of data block label to be stored, realizes and only possesses the third party of user's authorization and could complete the purpose of remote data integrity inspection.The present invention has been put forward for the first time a kind of authorization third-party authentication method of identity-based except the privately owned verifying of existing teledata and public verifying, meets the demand of secret protection while user entrusts verifying.In addition, method ensure that the justice between data owning side and data storage side, unreasonable claim is carried out to storage side to testing to data block-label that data owning side uploads to prevent malicious user from uploading wrong data by data storage side.
Description
Technical field
The present invention relates to information security technologies.
Background technique
Cloud computing is the important directions of Information Technology Development, is the basic technology of big data era.It is with possessed
Powerful calculating and storage capacity and heat of many merits such as on-demand service as current information industry development can be provided for user
Point direction, and be gradually applied to practical.
Important component of the cloud storage as cloud computing has begun and is widely accepted and uses.User can be according to certainly
Oneself needs to store data in remote cloud server, to reduce the burden of hardware purchase and maintenance, while can also obtain
The convenience accessed at any time.However, just because of user, actual storage data, this uncontrollability do not bring data to user
The risk of safety.
Cloud service provider due to its own interests or other reasons may can not correctly, completely store user
At this moment how data carry out remote data integrity and examine the extremely important of just change.
According to the difference of verifier, current cloud data integrity check scheme can be divided into privately owned verifying and public verifying two
Kind.Privately owned verifying can only complete checkout procedure by data owner itself and public verifying supports any third party to test.
But when user itself is unable to complete checkout procedure, while being not intended to the data of any third party inspection oneself again, both the above
The scheme of type will be unable to meet user demand.
In addition, existing proof scheme, which is mostly based on traditional public key certificate framework, user or third party, is carrying out data
When integrity check, need first to inquire public key certificate this to examine bring additional communication overhead and implementation complexity.Meanwhile
The management of certificate repository also expends huge with maintenance.
Summary of the invention
The technical problem to be solved by the invention is to provide a kind of identity-based, the third party that can be specified by user is complete
At, the safely and effectively remote data integrity method of inspection.
The present invention is in order to solve the above problem the technical scheme adopted is that provide a kind of authorization third number formulary of identity-based
According to integrity verification method, which is characterized in that include the following steps.
One, code key and authorization generate.
Center (PKG) selecting system private key and computing system public key are generated by private key, then according to each participant of system
ID generates public private key pair corresponding with its ID for it, and is sent to each side.In addition, generating authorization evidence by user, and to awarding
Power is signed.
Two, data block-label is to generation.
File F is divided into n data block by user, and generates label to each data block with the private key of oneself, while will award
Warrant evidence is embedded into each label.Then user saves data block-label to cloud storage service device is sent to, and will authorization
Evidence is sent to third party and authorizes.
Three, authorization third party initiates challenge.
Third party can initiate data integrity validation challenge to Cloud Server according to agreement after receiving the authorization of user,
Challenge information includes the block number that will be challenged, permutation function key value and each piece of generating random number key value.Then is authorized
Challenge information is issued Cloud Server in company with the authorization of oneself by tripartite.
Four, challenge responses.
Challenging value and permutation function and pseudorandom letter of the Cloud Server after receiving third-party challenge, first by sending
Number calculates the block and each piece of random value to be challenged.Then, Cloud Server polymerization is containing by challenge block and block label information
Proof returns to challenger.
Five, checking.
Challenger utilizes the parameter and known public affairs in the authorization of oneself, system after receiving the proof information of Cloud Server
The integrality of key verify data.It is verified and calculates the whether true completion of an equation by Bilinear map construction, due to equation
Verifying need to use authorization message, so the third party for only possessing authorization could integrity authentication.Finally, authorization third party will
Verification result informs user.
The object of the present invention is achieved like this.
User is that the third party that will be authorized generates evidence, and authorization evidence is embedded into for each data block in the present invention
In the label of generation.When carrying out remote data integrity verifying, the third party for only possessing authorization evidence could complete to verify
Process, to realize authorization third party's data integrity validation.In addition, the present invention uses the code key system of identity-based, subtract
Light traditional Public Key Infrastructure framework (PKI) gives the burden such as the certificate query of user's bring, management and maintenance, reduces use
The calculating at family and communication overhead.
Realize that remote data integrity is examined by third party the invention has the advantages that both having met lightweight user
The demand tested, and forbid any third party to test to protect privacy of user, compensate for the deficiency of existing scheme.Together
When, present invention reduces in verification process calculating and communication overhead.
Specific embodiment
The present invention will be described in detail below.
1.1 pre-knowledges-bilinear map.
If G1Being one generates p (p is Big prime) rank multiplicative cyclic group that member is g, G2It is the multiplicative cyclic group of same order.It is double
Linearly to being the mapping for meeting following property[26]E:G1×G1→G2。
(1) bilinearity: to arbitraryThere is e (g1 2, g2 b)=e (g1, g2)ab。
(2) non-degeneracy: e (g, g) ≠ 1.
(3) it computability: is constantly present effective algorithm and calculates mapping e.
The 1.2 symbol meanings used.
H, H1, h is cryptographic Hash function,For pseudo-random function, S is random permutation function.
Authorization third party's data integrity identification protocol of 1.3 identity-baseds includes 5 stages.
One, code key and authorization generate.
Private key generates center (PKG) and chooses a random numberAs main system private key, while computing system public key M
=gm, disclose M and maintain secrecy as system parameter, and by m.
Subsequent PKG is according to user (User), authorization third party (ATP), cloud service provider (CSP) tripartite identity id ∈
{ 0,1 }*, three parts cipher key is calculated, the public key of User: U=H (User is obtainedid), private key: u=mU;The public key of ATP: A=H (ATPid),
Private key: a=mA;The public key of CSP: C=H (CSPid), private key: c=mC.
Tripartite uses equation: g after receiving the key that PKG is sent from safe lane respectivelyu=MU, ga=MA, gc=McReally
The correctness for recognizing key receives key if equation is set up, otherwise request repeat.
User generates authorization v after receiving correct key, and to authorized signature Sv=Sigu(v)。
Two, data block label generates.
File F is divided into n blocks of files by userThen according to following manner pair
Each piece of generation signature: 1. k=H (e (M is calculatedA, MC)u, v);2. calculating θi=fk(i);3. calculating label
Wherein r ∈ G1By user's selection and openly.
User is by block-label pairIt is sent to CSP storage with v, by (v, Sv) be sent to ATP it is authorized.
Later, user can delete local data and block-label pair.
After CSP receives the data that user sends, block-label pair correctness is examined, process is as follows: 1. calculating k '=H (e
(MU, MA)c, v);2. calculating θi'=fk′(i);3. if equationIt sets up, receives block-label
It is right, it otherwise requires to retransmit.
ATP is after receiving the authorization that user sends, and operation AuthVerify algorithm confirms authorization, if correct
Receive authorization, otherwise requests to authorize again.
Three, authorization third party initiates challenge.
ATP requires to initiate to challenge to CSP after receiving user's authorization, according to user, and it is a that ATP chooses x (1≤x≤n) first
Block to be challenged, and select a random numberGuarantee the randomness of challenge as the key value of pseudo-random permutation function S.
Then, ATP is by challenge informationWith its authorization (v, Sv) send jointly to CSP.
Four, challenge responses.
After CSP receives the challenge that ATP is sent, first determine whether that the legitimacy of ATP authorization receives choosing for ATP if legal
War, and generate proof.
CSP calculates the block of ATP request challenge: i firstw=Sλ(w), and it is one random parameter of each piece of calculating:Wherein 1≤w≤x.
Then CSP calculates polymerization and provesWithAnd (T, X) is sent to ATP.
Five, checking.
After receiving the proof of CSP, the correctness that operation algorithm checks prove calculates: k "=H (e (M ATP firstU, MC)a,
v)。
Then ATP verifies equationWhether at Rob Roy data are judged
Integrality.If equation, which is set up, proves that data are complete, otherwise illustrate that data are wrong.
It is as follows to verify the derivation of equation.
By H (e (MA, MC) and u, v)=H (e (MU, MA) c, v)=H (e (MU, Mc) a, v)=H (e (g, g)auc, v) and know k
=k '=k ".
。
Claims (4)
1. a kind of authorization third party's data integrity method of proof of identity-based, which is characterized in that comprise the steps of:
One, code key and authorization generate;
Center PKG selecting system private key and computing system public key are generated by private key, are then it according to the ID of each participant of system
Public private key pair corresponding with its ID is generated, and is sent to each side;In addition, generating authorization evidence by user, and authorization is carried out
Signature;Authorization must be embedded into block label, and the specific method for authorizing label generation is: User is receiving correct key
Afterwards, authorization v is generated, and to authorized signature Sv=Sigu (v);Then file F is divided into n block F=(l by user1,l2,...,ln), li
∈ZP(1≤i≤n), and sign according to following manner to each piece of generation: 1. calculate k=H (e (MA, MC)u, v);2. calculating θi=fk
(i);3. calculating labelWherein r ∈ G1By user's selection and openly;End user is by block-label to { li,Ti}
1≤i≤n and v is sent to CSP storage, by (v, Sv) be sent to ATP it is authorized;
Wherein, ZPIndicate that prime number collection, Sigu indicate signature function, cryptographic Hash function H (): M: A: system public key authorizes third-party public key, C: the public key of cloud service provider, u: user is private
Key, v: authorization, Ti: label, cryptographic Hash function h (): { 0,1 } * → G1, θi: calculate the intermediate parameters of label, r: user is from G1
The open parameter of one of middle selection, G1: p rank multiplicative cyclic group, li: indicate single file;E is encryption function, MA, MCIt indicates to M
A, C power exponent arithmetic result;
Two, data block label generates;
File F is divided into n data block by user, and generates label to each data block with the private key of oneself, while by warrant
According to being embedded into each label;Then user saves data block-label to cloud storage service device is sent to, and will authorize evidence
Third party is sent to authorize;
Three, authorization third party initiates challenge;
Third party can initiate data integrity validation challenge, challenge to Cloud Server according to agreement after receiving the authorization of user
Information includes the block number that will be challenged, permutation function key value and each piece of generating random number key value;Then third party is authorized
Challenge information is issued into Cloud Server in company with the authorization of oneself;
Four, challenge responses;
Challenging value and permutation function and pseudo-random function meter of the Cloud Server after receiving third-party challenge, first by sending
Calculate the block and each piece of random value to be challenged;Then, Cloud Server polymerization is containing by the proof of challenge block and block label information
Return to challenger;
Five, checking;
Challenger is tested using the parameter in the authorization of oneself, system with known public key after receiving the proof information of Cloud Server
Demonstrate,prove the integrality of data;It is verified and calculates the whether true completion of an equation by Bilinear map construction, due to testing for equation
Card needs to use authorization message, so the third party for only possessing authorization could integrity authentication;Finally, authorization third party will verify
As a result user is informed.
2. a kind of authorization third party's data integrity method of proof of identity-based as described in claim 1, which is characterized in that secret
The specific method that key generates is:
Center PKG is generated by private key first and chooses a random number m ∈ ZPAs main system private key, while computing system public key M=
gm;G is the generation member of multiplicative cyclic group, gmIt is the result of the m power exponent arithmetic of g;Then PKG is according to identity id ∈ { 0,1 } *,
The key for calculating user User, authorizing third party ATP and cloud service provider CSP, obtains the public key of User: U=H (Userid), it is private
Key: u=mU;The public key of ATP: A=H (ATPid), private key: a=mA;The public key of CSP: C=H (CSPid), private key: c=mC;Three
Side uses equation: g after receiving the key that PKG is sent from safe lane respectivelyu=MU, ga=MA, gc=MCConfirm key just
True property receives key if equation is set up, otherwise request repeat.
3. a kind of authorization third party's data integrity method of proof of identity-based as described in claim 1, which is characterized in that choose
The specific method generated with response of fighting is:
ATP initiates to challenge after receiving user's authorization, according to user demand to CSP;It is a wait choose that ATP chooses x (1≤x≤n) first
Fight block, and one random number λ ∈ Z of selectionPKey value as pseudo-random permutation function S;Then, ATP is by challenge information Chal
=(x, λ, η) and authorization (v, Sv) it is sent to CSP;CSP first determines whether the legitimacy of ATP authorization after receiving challenge, if closed
Method then generates proof, and detailed process is as follows: CSP calculates the block of ATP request challenge: iw=Sλ(w), and each piece random is calculated
Parameter:Wherein 1≤w≤x;Then CSP is calculatedWithAnd by (T, X)
ATP is returned to as evidence;Wherein, S is pseudo-random permutation function, and λ is the random value chosen, SλRefer to using λ as pass
Key assignments calculates displacement result with S;λ: from ZPω: the random number of middle choosing individually challenges block, Yω: the random parameter of challenge block ω,Pseudo-random function, η: from ZPThe random number of middle choosing.
4. a kind of authorization third party's data integrity method of proof of identity-based as claimed in claim 1 or 2, feature exist
In, it was demonstrated that verifying must use to authorization evidence, specific method is:
ATP is calculated: k first after receiving the response of CSPn=H (e (MU, MC)a, v), MU, MCIt indicates to carry out u to M, c power refers to
The result of number operation;Then equation is verified:It is whether true,
If setting up proves that data are complete, otherwise illustrate that user data storage is wrong.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510322919.7A CN104980437B (en) | 2015-06-12 | 2015-06-12 | A kind of authorization third party's data integrity method of proof of identity-based |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510322919.7A CN104980437B (en) | 2015-06-12 | 2015-06-12 | A kind of authorization third party's data integrity method of proof of identity-based |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104980437A CN104980437A (en) | 2015-10-14 |
CN104980437B true CN104980437B (en) | 2019-02-12 |
Family
ID=54276541
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510322919.7A Active CN104980437B (en) | 2015-06-12 | 2015-06-12 | A kind of authorization third party's data integrity method of proof of identity-based |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104980437B (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105491069B (en) * | 2016-01-14 | 2018-08-21 | 西安电子科技大学 | Based on the integrity verification method for resisting active attack in cloud storage |
CN109218254A (en) * | 2017-06-29 | 2019-01-15 | 广东高电科技有限公司 | A method of detection electric network data cloud storage integrality |
CN107453865B (en) * | 2017-07-18 | 2020-09-11 | 众安信息技术服务有限公司 | Multi-party data sharing method and system for protecting privacy of data sending source |
CN107483585B (en) * | 2017-08-18 | 2020-03-10 | 西安电子科技大学 | Efficient data integrity auditing system and method supporting safe deduplication in cloud environment |
CN107948143B (en) * | 2017-11-15 | 2021-03-30 | 安徽大学 | Identity-based privacy protection integrity detection method and system in cloud storage |
CN108234504A (en) * | 2018-01-12 | 2018-06-29 | 安徽大学 | The proxy data integrality detection method of identity-based in a kind of cloud storage |
CN117094012B (en) * | 2023-08-21 | 2024-04-30 | 中胜信用管理有限公司 | Intelligent verification method and system for electronic authorization order |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103425941A (en) * | 2013-07-31 | 2013-12-04 | 广东数字证书认证中心有限公司 | Cloud storage data integrity verification method, equipment and server |
CN104135470A (en) * | 2014-07-11 | 2014-11-05 | 宇龙计算机通信科技(深圳)有限公司 | A method and system for verifying storage integrity of target data |
CN104394155A (en) * | 2014-11-27 | 2015-03-04 | 暨南大学 | Multi-user cloud encryption keyboard searching method capable of verifying integrity and completeness |
-
2015
- 2015-06-12 CN CN201510322919.7A patent/CN104980437B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103425941A (en) * | 2013-07-31 | 2013-12-04 | 广东数字证书认证中心有限公司 | Cloud storage data integrity verification method, equipment and server |
CN104135470A (en) * | 2014-07-11 | 2014-11-05 | 宇龙计算机通信科技(深圳)有限公司 | A method and system for verifying storage integrity of target data |
CN104394155A (en) * | 2014-11-27 | 2015-03-04 | 暨南大学 | Multi-user cloud encryption keyboard searching method capable of verifying integrity and completeness |
Non-Patent Citations (5)
Title |
---|
"一种云存储数据完整性验证方法";于洋洋等;《华东理工大学学报(自然科学版)》;20140625;第39卷(第2期);第211-216页正文第2节 * |
"云存储中基于SBT的数据完整性验证机制";钟婷等;《电子科技大学学报》;20141130;第43卷(第6期);第929-933页 * |
"云存储中的数据完整性证明研究及进展";谭霜等;《计算机学报》;20140821;第38卷(第1期);第164-177页 * |
"云存储服务中数据完整性审计方案综述";秦志光等;《信息网络安全》;20140710;第1-6页 * |
"关于云端群组数据完整性验证的研究";王博洋;《中国博士学位论文全文数据库信息科技辑》;20150115;第I138-6页 * |
Also Published As
Publication number | Publication date |
---|---|
CN104980437A (en) | 2015-10-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104980437B (en) | A kind of authorization third party's data integrity method of proof of identity-based | |
CN111083131B (en) | Lightweight identity authentication method for power Internet of things sensing terminal | |
CN105939191B (en) | The client secure De-weight method of ciphertext data in a kind of cloud storage | |
US10027654B2 (en) | Method for authenticating a client device to a server using a secret element | |
CN104811450B (en) | The date storage method and integrity verification method of a kind of identity-based in cloud computing | |
CN107947913B (en) | Anonymous authentication method and system based on identity | |
KR101634158B1 (en) | Method for authenticating identity and generating share key | |
CN102739401B (en) | Private key safety management method based on identity public key cryptography system | |
CN106850207B (en) | Identity identifying method and system without CA | |
CN103684766A (en) | Private key protection method and system for terminal user | |
JP2009517910A (en) | Physical shared secrets and peripheral proofs using PUFS | |
CN103414690A (en) | Publicly-verifiable cloud data possession checking method | |
CN105516119A (en) | Cross-domain identity authentication method based on proxy re-signature | |
CN103888938A (en) | PKI private key protection method of dynamically generated key based on parameters | |
JP2020530726A (en) | NFC tag authentication to remote servers with applications that protect supply chain asset management | |
CN107864037A (en) | SM9 Combination with Digital endorsement method and device | |
CN110020524A (en) | A kind of mutual authentication method based on smart card | |
CN103905388A (en) | Authentication method, authentication device, smart card, and server | |
CN104618113B (en) | The method that the authentication of a kind of mobile terminal and safe lane are set up | |
JP7294431B2 (en) | Information collation system, client terminal, server, information collation method, and information collation program | |
TWI556618B (en) | Network Group Authentication System and Method | |
CN102291396B (en) | Anonymous authentication algorithm for remote authentication between credible platforms | |
CN111245611B (en) | Anti-quantum computation identity authentication method and system based on secret sharing and wearable equipment | |
CN111753276A (en) | Traceable multi-party electronic signing method, computer equipment and storage medium | |
CN104917615A (en) | Trusted computing platform attribute verification method based on ring signature |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20200616 Address after: No. 10, 12, 14, 5 / F, building 1, No. 11, Changyi Road, Wuhou District, Chengdu, Sichuan 610000 Patentee after: Sichuan Jietong Transportation Technology Co.,Ltd. Address before: 611731 Chengdu province high tech Zone (West) West source Avenue, No. 2006 Patentee before: UNIVERSITY OF ELECTRONIC SCIENCE AND TECHNOLOGY |
|
TR01 | Transfer of patent right |