CN105208007A

CN105208007A - Data sharing system

Info

Publication number: CN105208007A
Application number: CN201510532407.3A
Authority: CN
Inventors: 朱健伟; 黄粟; 姜春林; 申利飞
Original assignee: China Standard Software Co Ltd
Current assignee: China Standard Software Co Ltd
Priority date: 2015-08-26
Filing date: 2015-08-26
Publication date: 2015-12-30

Abstract

The invention discloses a data sharing method and system. The method comprises the following steps that: a plurality of secret key distribution center is constructed by using a unified common parameter; on the basis of the common parameter, each secret key distribution center generates an attribute public key corresponding to an attribute of a user; a corresponding secret key is generated based on a user attribute of a data visitor; a data sharer constructs an access strategy according to an access limit demand of shared data; encryption is carried out on the shared data by using an encryption secret key to generate a ciphertext; on the basis of the access strategy and the corresponding attribute public key, the encryption secret key is encrypted to generate a ciphertext public key; and the ciphertext is decrypted according to the ciphertext public key and a private key of the data visitor meeting the access strategy. Compared with the prior art, the safety performance of the system can be substantially improved with the method; and on the premise that safety is not reduced, the computational work of the method can be substantially reduced.

Description

A kind of data-sharing systems

Technical field

The present invention relates to areas of information technology, relate to a kind of data sharing method and system specifically.

Background technology

Along with the continuous progress of network technology, cloud stores service is widely used.By cloud stores service, user can store data easily to remote server, and shares data with other users.Cloud stores service is very powerful, but also brings the challenge of new privacy and safety simultaneously.After user's uploading data, trustship is on server, and the control of data has not just suffered in the grasp of user.Therefore, Information Security and privacy are that cloud stores the key issue needing to solve.

In the prior art, realize cloud store in one of means of safe access control of data be control (CiphertextpolicyAttribute-basedAccessControl) based on the attribute access of Ciphertext policy.The attribute access control strategy of ciphertext comprises user, data and KDC three parts.Wherein:

User: user has one group of property value, and this attribute is authorized by trusted third party;

Data: data have access control policy (specify possess which type of attribute could decipher), and this strategy is determined by data set provider;

KDC: for user generates private key (for different users and different property values, PKI is not identical), for access control policy generates PKI.

In the attribute access based on Ciphertext policy controls, user and community set binding, each attribute of user distributes a corresponding private key by KDC.Every part of encrypt data has been endowed access strategy in the form of a tree, and the leaf node of tree is property value, and the intermediate node of tree is thresholding.

A key issue of design safety access control system is computational efficiency.Have user and the data of magnanimity a large-scale storage system, encrypting and decrypting operation must be efficient.For deciphering, user can cause polynomial interopolation and index calculates.But, multiplication and at finite field operations time-consuming operation.That is, the bottleneck of the performance whole system of deciphering.Due to the deciphering of the inefficiency of the method and dumb, in prior art, most of beam-based alignment scheme is not suitable for realizing distributed data-sharing systems.

In addition, encryption attribute method of the prior art all depends on a believable KDC, the fail safe of whole system is caused to place single KDC on, if this key-distribution server is attacked, assailant has administered key distribution procedure, the key of whole system all can be revealed, and data confidentiality can not be guaranteed.

Therefore, for attribute access control method Problems existing of the prior art, a kind of new data sharing method is needed.

Summary of the invention

For attribute access control method Problems existing of the prior art, the invention provides a kind of data sharing method, said method comprising the steps of:

KDC's constitution step, unified common parameter is adopted to construct multiple KDC, a user property in each described KDC respective user community set, different described KDCs is separate and the described user property of correspondence is different;

Attribute PKI generation step, generates the attribute PKI of corresponding described user property based on each described KDC of described common parameter;

Private key generation step, when data access person adds shared system, generate corresponding private key to described KDC corresponding to the described user property of described data access person based on the described user property of described data access person and described common parameter and described private key sent to corresponding described data access person;

Access strategy constitution step, data sharer according to the restrict access demand structure access strategy being shared data, thus is shared the described user property of the described data access person of data described in determining to may have access to;

Encrypting step, utilizes encryption key to be encrypted with generating ciphertext to the described data that are shared;

Ciphertext PKI generation step, utilize to be shared described in may have access to described KDC corresponding to the described user property of the described data access person of data based on described access strategy and corresponding described attribute PKI to described encryption keys with generating ciphertext PKI;

Decryption step, the private key based on described ciphertext PKI and the described data access person that meets described access strategy is decrypted described ciphertext.

In one embodiment, in described KDC constitution step, distributed system is utilized to construct described multiple KDC.

In one embodiment, each described data access person comprises a or many parts of different described user properties, in described private key generation step, described user property based on described data access person chooses corresponding one or more described KDC, each described KDC generates a corresponding attribute private key, using the set of all described attribute private keys as the private key of described data access person.

In one embodiment, in the process generating described attribute private key, the identity based on described data access person generates corresponding described attribute private key, and the described attribute private key that the same described user property of different described data access person is corresponding is different.

In one embodiment, described method also comprises data access authority and cancels step, wherein:

Determine the described user property that the data access authority that needs to cancel is corresponding and upgrade described common parameter corresponding to described user property;

Upgrade based on the described common parameter after upgrading and do not cancel in the described private key of the described data access person of data access authority described attribute private key corresponding to described user property corresponding to the data access authority that needs to cancel;

The described shared data corresponding to the data access authority needing to cancel carry out re-encrypted to upgrade described ciphertext and described ciphertext PKI.

In one embodiment:

In described ciphertext PKI generation step, be encrypted to generate described ciphertext PKI to described encryption key based on encoder matrix;

In described decryption step, based on coding/decoding method, described ciphertext is decrypted.

The invention allows for a kind of data-sharing systems, described system comprises multiple KDC, access strategy constructing module, encrypting module, memory module and deciphering module, wherein:

All described KDCs adopt unified common parameter, a user property in the corresponding described user property set of each described KDC, and different described KDCs is separate and the described user property of correspondence is different;

Described KDC comprises the public key generation unit of the attribute PKI generating described user property corresponding to described KDC and generates the private key generation unit of private key corresponding to the described user property of data access person;

Described access strategy constructing module is used for the restrict access demand structure access strategy according to being shared data, thus is shared the described user property of the described data access person of data described in determining to may have access to;

Described encrypting module is used for utilizing encryption key to be encrypted with generating ciphertext to the described data that are shared;

Described public key generation unit is also for generating based on described encryption key and described access strategy and exporting ciphertext PKI;

Described memory module is for storing described ciphertext PKI, described access strategy and described ciphertext;

Described deciphering module is used for being decrypted described ciphertext based on the private key of described ciphertext PKI, described access strategy and the described data access person that meets described access strategy.

In one embodiment, described multiple KDC is configured to distributed system.

In one embodiment, each described data access person comprises a or many parts of different described user properties, the corresponding described user property that described KDC is configured to for described data access person generates a corresponding attribute private key, and the set of all described attribute private key that all described KDC that all described user property of described data access person is corresponding generates is the private key of described data access person.

In one embodiment, described KDC is configured to generate corresponding described attribute private key based on the identity of described data access person, and the described attribute private key that the same described user property of different described data access person is corresponding is different.

In one embodiment:

Described public key generation unit is configured to be encrypted to generate described ciphertext PKI to described encryption key based on encoder matrix;

Described deciphering module is configured to be decrypted described ciphertext based on coding/decoding method.

Compared with prior art, system according to the present invention has stronger anti-attack ability, greatly can improve the security performance of system according to method of the present invention; Meanwhile, do not reducing on the basis of fail safe, the amount of calculation of method of the present invention reduces greatly.

Further feature of the present invention or advantage will be set forth in the following description.Further, Partial Feature of the present invention or advantage will be become apparent by specification, or be understood by implementing the present invention.Object of the present invention and certain advantages realize by step specifically noted in specification, claims and accompanying drawing or obtain.

Accompanying drawing explanation

Accompanying drawing is used to provide a further understanding of the present invention, and forms a part for specification, with embodiments of the invention jointly for explaining the present invention, is not construed as limiting the invention.In the accompanying drawings:

Fig. 1 is method flow diagram according to an embodiment of the invention;

Fig. 2 is system configuration sketch according to an embodiment of the invention.

Embodiment

Embodiments of the present invention are described in detail below with reference to drawings and Examples, enforcement personnel of the present invention whereby can fully understand how application technology means solve technical problem in the present invention, and reach the implementation procedure of technique effect and specifically implement the present invention according to above-mentioned implementation procedure.It should be noted that, only otherwise form conflict, each embodiment in the present invention and each feature in each embodiment can be combined with each other, and the technical scheme formed is all within protection scope of the present invention.

For attribute access control method Problems existing of the prior art, the present invention proposes a kind of data sharing method.Perform method of the present invention first to need to construct KDC.Common encryption attribute method all depends on a believable KDC, this causes the fail safe of whole system to place single KDC on, if this key-distribution server is attacked, assailant has administered key distribution procedure, the key of whole system all can be revealed, and data confidentiality can not be guaranteed.In order to improve the security performance of system, in one embodiment of this invention, multiple KDC is first constructed.

In the attribute access based on Ciphertext policy controls, user has one group of property value, user and community set binding, and each attribute of user distributes a corresponding PKI by KDC.In one embodiment of this invention, first based on all properties (creating user property set) that feature and the attribute access demand for control determination data access person of customer group may have, then multiple KDC is constructed, a user property in each KDC respective user community set, different KDCs is separate and the user property of correspondence different.

In order to ensure different KDC's collaborative works, in one embodiment of this invention, distributed system is utilized to construct multiple KDC.Further, further, unified common parameter is adopted to construct different KDCs.Common parameter is set up for community set, total total N number of KDC A={A in supposing the system in distributed KDC ₁, A ₂..., A _n, each KDC manages a community set independently, and all community sets are L={L ₁, L ₂..., L _n.These KDCs generate the attribute PKI T of corresponding each user property based on unified common parameter and each self-corresponding user property _a,iwith main key t _a,i, attribute PKI be open in system everyone, and main key is secret.

Concrete, in the present embodiment, the first common parameter of selecting system:

g ₁,g ₂,q,β,G ₁,G ₂,G _T,e:G ₁×G ₂→G _T.(1)

Here e:G ₁× G ₂→ G _tbe Bilinear map, q is crowd G ₁, G ₂, G _tprime Orders, g ₁, g ₂crowd G respectively ₁, G ₂generator, β is finite field Z _qon random number.

Then, each KDC a ∈ A random selecting integer τ _a∈ Z _q, then calculate by Y _abe broadcast to other KDC.Finally, all KDCs can calculate:

Y = \underset{a &Element; A}{Π} Y_{a} = e {(g_{1}, g_{2})}^{τ} - - - (2)

Then, hash function H:{0 is chosen, 1} ^*→ Z _q, this function is mapped in finite field by the binary data of random length.Each key pipe Distribution Center a ∈ A, supposes that managed community set is L _a. kDC a calculates τ _a,i=H (i) is then that this attribute i selects initialization version number V randomly _i∈ Z _q.In conjunction with above-mentioned all steps, obtain total system common parameter:

< Y = e {(g_{1}, g_{2})}^{τ}, g_{2}, g_{2}^{β}, {T_{a, i} = g_{1}^{t_{a, i}}, {g_{1}}^{V_{i}}}_{i &Element; L_{a}, a &Element; A} > - - - (3)

These common parameters are that each KDC has, and in system, all users also know.Said process is the initial work of system, and initial work has KDCs all in whole system jointly to complete, and relevant algorithm parameter is all randomness.

Like this, divide according to community set, key distribution service is split into distributed system (multiple KDC).Multiple KDC can work simultaneously, and at any time by adding and deleting KDC to increase and delete the user property in user property set, can greatly reduce the expansion difficulty of system.Further, key distribution is made up of distributed system, fail safe and anti-attack ability more Gao Gengqiang.The task of KDC is with Attribute transposition, and key server manages separately oneself community set, minimum alternately before Deterministic service device, there is not certain server and is attacked and affect other servers.This addresses the problem unit as the Single Point of Faliure of key server and the problem such as fail safe is fragile.The task of server divides according to community set, and different servers does not interfere with each other mutually.

Just can distributed key after KDC's structure.In one embodiment of this invention, key packet is containing the private key be distributed in each data access person hand.When data access person adds shared system, system needs the to authorize data access corresponding data access authority of person, this behavior is by providing corresponding private key to realize to data visitor.Namely corresponding to the user property of data access person KDC generates corresponding private key based on the user property of data access person and private key is sent to corresponding data access person.

Because each described data access person comprises a or many parts of different user properties, therefore in private key generation step, user property based on data access person chooses corresponding one or more KDC, each KDC generates a corresponding attribute private key, using the set of all attribute private keys as the private key of data access person.

In order to prevent user from conspiring, share private key, in the process generating attribute private key, the identity based on data access person generates corresponding attribute private key, and the attribute private key that the same user property of different pieces of information visitor is corresponding is different.Like this, the attribute private key of user is all that is for different users, the private key of same attribute is different, and the private key of user A is skimble-skamble for user B, and shared private key can not bring any harm with the identity binding of user oneself.

Concrete, in one embodiment of this invention, when new user j application joins in system time, the unique identity number of user is u _j, all KDCs will generate private key for user, and the user having private key could data decryption.The generative process of private key is as follows: suppose that the community set of user j is S _j, for i ∈ S _jif, i ∈ L _a, so user j will obtain by the following formula of the private key of KDC a:

{SK}_{a} = (&ForAll; i &Element; S_{j} \cap L_{a} : D_{i} = g_{1}^{u_{j} V_{i}} \cdot T_{a, i}) - - - (4)

So whole private keys of user's acquisition are as follows:

S K = < D = g_{1}^{(t + u_{j}) / β}, g_{2}^{u_{j}}, &ForAll; a &Element; A : {SK}_{a} > - - - (5)

In order to improve data confidentiality degree, in the method for the invention, cryptographic operation will be done before upload file by data sharer (data owner).In one embodiment of this invention, data sharer first according to the restrict access demand structure access strategy being shared data, thus determines to may have access to the described user property being shared the data access person of data.Access strategy is a tree structure be made up of multiple thresholding, and the leaf node of tree has property value, and non-leaf nodes is by encoding the thresholding formed, and defining the user possessing which attribute can decipher.Meanwhile, data sharer utilizes encryption key to be encrypted being shared data with generating ciphertext.

Next, utilize the KDC that may have access to user property (being determined by the access strategy) correspondence being shared the data access person of data according to access strategy and encryption key generating ciphertext PKI.Concrete, need the attribute PKI corresponding according to corresponding user property to calculate when generating ciphertext PKI.Finally ciphertext, ciphertext PKI and access strategy are uploaded and disclosed, wherein, encryption key is covert.

Concrete, suppose that clear data is M, the encryption of clear-text message M is done by data sharer, and data ownership is data sharer.Data sharer is data formulation access strategy Γ, and namely data sharer is the access control tree that this plaintext is given is Γ.Given source data file M and corresponding access strategy tree Γ, data sharer is encrypted according to following steps:

1) random selecting seed s ∈ Z _q, calculate Y ^s, with Y ^scarry out data file encryption as symmetric key and obtain ciphertext MY ^s.

2) encryption attribute algorithm Encode (k, the v based on coding is used _k, Γ) and carry out encrypted symmetric key Y ^s.This algorithm is the recursive algorithm on access strategy tree, is encoded layer by layer by private information, down transmits, get to leaf node always, leaf node calculates ciphertext PKI, the property value one_to_one corresponding of the user property of this ciphertext PKI and leaf node representative.

3) form calling this algorithm is Encode (0, s, Γ), and 0 represents that access strategy sets the root node of Γ, and represents that the initial data that will encrypt is s.Finally, data owner, by cipher-text information, access strategy tree and the packing of ciphertext public key information, obtains:

C T = < Γ, M \cdot Y^{s}, C = g_{2}^{β s}, &ForAll; i &Element; I : C_{i} = g_{2}^{v_{i}}, C_{i}^{'} = T_{a, i}^{v_{i}}, C_{i}^{''} = g_{1}^{v_{i} (V_{i} - 1)} > - - - (6)

The data of whole packing are public, and data owner by this bag trustship on cloud service platform, and can not need the leakage of concern of data, only have the user of mandate could obtain M according to CT deciphering.Owing to just openly sharing after data encryption, in system, all data of transmission that need do not need additional encryption.Ciphertext after comprising encryption is on the one hand can directly in transmission over networks, and it is also safe for being put in any incredible third party's storage.In addition, public key is also directly in transmission over networks.

In the prior art, polynomial computation and Lagrange's interpolation algorithm is usually adopted to be encrypted calculating.Above-mentioned algorithm can bring sizable amount of calculation.In an embodiment of the present invention, the encryption attribute algorithm based on coding is used to be encrypted calculating.Namely be encrypted being shared data with realization based on encoder matrix generating ciphertext PKI.According to method of the present invention, do not reducing on the basis of fail safe, substantially reducing the amount of calculation of encryption.

Access control tree is any intermediate node k of Γ is all [a d _k, n _k] thresholding, then associate [a n _k, d _k] maximum distance separable codes on this thresholding.This encoder matrix is the sparse matrix of least density

Here I is identical element.B ₁, B ₂... B _dkmutually different.Cryptographic algorithm is carried out based on above-mentioned encoder matrix, and input is k is respectively the node serial number that access strategy is set, v _kthe input data of node, namely will by the data of encoding, meeting Γ is access strategy tree.Specific algorithm is as follows:

Input: tree node k, privacy information v _k(data that will share), access control tree Γ

Export: the ciphertext public key information of leaf node

Algorithm coding (Encode) describes: (

1: if k is leaf node, so

2：

C_{k} &LeftArrow; g_{2}^{v_{k}}, C_{k}^{'} &LeftArrow; T_{a, i}^{v_{k}};

3: otherwise

4: Stochastic choice vector S=(s ₁, s ₂..., s _d), meeting vector sum is v _k;

5: calculate (v _{k, 1}, v _{k, 2}..., v _k,n)=S × G _{d × n};

6: each element one_to_one corresponding of the above results vector is distributed to n child node.

7: suppose child node k _iobtain v _k,i, recursive call Encode (k _i, v _k,i, Γ); v ₀=s)

After ciphertext is uploaded and shared, the data access person meeting access strategy just can download ciphertext and private key based on ciphertext PKI and data access person is decrypted ciphertext.Further, for the encryption attribute algorithm based on coding, based on coding/decoding method, ciphertext is decrypted.

Concrete, in an embodiment of the present invention, given encrypt data bag CT, user j will according to the community set S of oneself _jtrial solution ciphertext data is carried out with the private key SK of correspondence.Decryption step is as follows:

1) obtain the access strategy tree Γ in ciphertext, suppose that the community set of the leaf node representative of this tree is I.Property value i in all for I, if i ∈ is S _j, so calculate:

\begin{matrix} e (D_{i}, C_{i}) / (e (C_{i}^{'}, g_{2}) \cdot e (C_{i}^{''}, g_{2}^{u_{j}})) \\ = \frac{e {(g_{1}, g_{2})}^{v_{i} \cdot (t_{a, i} + u_{j} V_{i})}}{e {(g_{1}, g_{2})}^{v_{i} \cdot (t_{a, i} + u_{j} \cdot (V_{i} - 1))}} \\ = e {(g_{1}, g_{2})}^{v_{i} \cdot u_{j}} \end{matrix} - - - (8)

This result of calculation is returned to father node by leaf node.

2) after father node takes the calculated value returned from child node, call algorithm NodeDecode (k, X), the input of this algorithm is the numbering k of this node respectively, and from the vectorial X that the result of calculation that child node obtains is formed.The core thinking of algorithm NodeDecode (k, X) carries out decode operation according to vectorial X, and then obtain decoded former vector, summation obtains this algorithm specific as follows:

Input: tree node k, the decoded vector X of the information structure that all child nodes return

Export: return decoded information

Algorithm NodeDecode (k, X) describes:

1: if vectorial X length is less than d, return sky;

2: for element x in vectorial X _i, i ∈ [1, d], if x _ifrom a jth child node, j ∈ [1, n], selects generator matrix G _{d × n}jth row, form submatrix H _{d × d};

3: to H _{d × d}finding the inverse matrix, and the addition of the column vector of inverse matrix is obtained vector (h _1,h ₂..., h _d) ^t;

4: return value is

e {(g_{1}, g_{2})}^{u_{j} v_{k}} &LeftArrow; \underset{i &Element; [1, n]}{Π} x_{i}^{h_{i}};

Bottom-up, repeat step (2), calculate root node, the result finally obtained should be always

e {(g_{1}, g_{2})}^{u_{j} \cdot v_{0}} = e {(g_{1}, g_{2})}^{u_{j} \cdot s} .

This result is utilized to calculate:

\begin{matrix} Y^{s} = e (C, D) / e {(g_{1}, g_{2})}^{u_{j} \cdot v_{0}} \\ = e {(g_{1}, g_{2})}^{τ \cdot s + u_{j} \cdot s} / e {(g_{1}, g_{2})}^{u_{j} \cdot s} \\ = e {(g_{1}, g_{2})}^{τ \cdot s} \end{matrix} - - - (9)

Take Y ^safter, directly can decipher MY ^sobtain plaintext M.

Because the thresholding in access strategy is constructed by encoder matrix.During encryption, in access control structure, the generation of ciphertext PKI is by having encoded.During deciphering, coding/decoding method is utilized to obtain privacy information.Polynomial computation compared to existing technology and Lagrange's interpolation algorithm, the scheme based on Code And Decode is more simple, efficiently.

Next the implementation of method is according to an embodiment of the invention described in detail based on flow chart.Step shown in the flow chart of accompanying drawing can perform in the computer system comprising such as one group of computer executable instructions.Although show the logical order of each step in flow charts, in some cases, can be different from the step shown or described by order execution herein.

As shown in Figure 1, first perform method of the present invention needs to perform step S110, structure KDC.For convenience of describing, suppose that user property set comprises two parts of user properties (attribute A and attribute B) here.KDC 101 (corresponding attribute A) and 102 (corresponding attribute B) are generated through step S110.KDC 101 and 102 performs step S115 and step S116 based on common parameter and each self-corresponding user property (attribute A and attribute B) respectively, generates each self-corresponding attribute PKI.

Tentation data sharer 103 has data M _a, first it perform step S121, and structure access strategy, determines to consult data M _athe user property of data access person be attribute A.Then perform step S123, encrypting step, based on access strategy and encryption key t _ato data M _aencryption generating ciphertext.KDC 101 performs step S111, according to access strategy and attribute PKI to encryption key t _aencryption is with generating ciphertext PKI T _a(corresponding attribute A).Final data sharer 103 performs step S124, will comprise ciphertext, ciphertext PKI T _aand the encrypt data bag CT of access strategy _aupload shared.

Data access person 104 has user property A, and when it adds data-sharing systems, KDC 101 performs step S112, generates and sends corresponding private key SK _a(corresponding attribute A the subscriber data of binding data visitor 104).Data access person 104 performs step S141, receives private key SK _a.When data access person 104 needs to consult data M _atime, it performs step S142, downloads CT _a.Then perform step S143, utilize CT _ain ciphertext PKI and one's own private key SK _aciphertext is decrypted.

Tentation data sharer 103 also has data M again _b, first it perform step S121, and structure access strategy, determines to consult data M _bthe user property of data access person be attribute B.Then perform step S123, encrypting step, based on access strategy and encryption key t _bto data M _bencryption generating ciphertext.KDC 102 performs step S113, according to access strategy and attribute PKI to encryption key t _bencryption is with generating ciphertext PKI T _b(corresponding attribute B).Final data sharer 103 performs step S124, will comprise ciphertext, ciphertext PKI T _band the encrypt data bag CT of access strategy _bupload shared.

Data access person 105 has user property B, and when it adds data-sharing systems, KDC 102 performs step S114, generates and sends corresponding private key SK _b(corresponding attribute B the subscriber data of binding data visitor 105).Data access person 105 performs step S151, receives private key SK _b.When data access person 105 needs to consult data M _btime, it performs step S152, downloads CT _b.Then perform step S153, utilize CT _bin ciphertext PKI and one's own private key SK _bciphertext is decrypted.

In data-sharing systems, the access rights of data access person are not unalterable.In the method for the invention, the change of user property that has of the change of the access rights of the data access person person that is just equivalent to data access.

If certain legal user adds attribute, the user property set that namely data access person has changes, and only needs the private key upgrading data access person.Upgrading for simplifying private key, in one embodiment of this invention, only needing the user property for increasing generate corresponding attribute private key and new attribute private key added old private key (combination of attribute private key).

The unique identities being assumed to be user j is u _j, need the new attribute i ∈ L added _a, the identity of a ∈ A, KDC a first authentication of users, after confirming that user is legal, calculates this result is sent to user j.User j receives D _iafter, upgrade the private key (SK of oneself _a) _new=(SK _a) _old∪ { D _i.

In system cloud gray model, also there is the situation of the data access authority of the person that needs to cancel data access.In the method for the invention, the user property that data access authority that first data access authority will determine to need to cancel is corresponding is cancelled.Simple example, data access person 1 and data access person 2 own user property A together, and the data access person having user property A can decipher CT _athus visit data M _a.Cancel data access person 1 couple of data M _aaccess rights be namely make data access person 1 has user property A no longer.

In one embodiment of this invention, attribute private key corresponding to user property corresponding to the data access authority that needs to cancel (upgrading the attribute private key of data access person 2 corresponding to user property A) is first upgraded in the private key of the data access person not cancelling data access authority.Then to needing shared data corresponding to the data access authority of cancelling to carry out re-encrypted to upgrade ciphertext and ciphertext PKI (to M _are-encrypted generates and uploads new CT _a).Because the private key of data access person 1 does not upgrade, it can not with old private key to new CT _abe decrypted, therefore just cancelled data access person 1 couple of M _adata access authority.

Concrete, suppose that active user needs the attribute of cancelling to be i ∈ L _a, a ∈ A.The attribute of cancelling this user will perform following steps:

Common parameter upgrades: KDC a is the version number V that attribute i stochastic generation is new _i' and the part (simultaneously upgrading corresponding attribute PKI) upgraded about this attribute in the common parameter of system.

Private key for user upgrades: according to formula, the non-user cancelling attribute needs the private key upgrading this attribute.Validated user j needs to apply for new private key to KDC.

{(D_{i})}_{n e w} = {(D_{i})}_{o l d} \cdot g_{1}^{u_{j} \cdot (V_{i}^{'} - V_{i})} - - - (10)

Wherein, subscript n ew refers to new private key, and subscript old refers to old private key.

This method is safe, prevents disabled user from conspiring.Because new private key contains the identity information u of validated user _jeven if the data of key updating are intercepted by disabled user, and disabled user also does nothing.

Ciphertext re-encryption: because common parameter (attribute PKI) changes, so ciphertext also needs re-encrypted, and the user that the follow-up new interpolation of guarantee is come in can decipher these data, and the user having cancelled this attribute can not data decryption.Every encrypt data relevant with attribute i all needs to upgrade, and the part of renewal is exactly the C in formula ", it represent the version number information of attribute PKI.

{(C_{i}^{''})}_{n e w} = {({(C_{i}^{''})}_{o l d})}^{\frac{V_{i}^{'} - 1}{V_{i} - 1}} - - - (11)

Wherein, subscript n ew refers to new ciphertext, and subscript old refers to old ciphertext.

After above step, the old private key that the user cancelling attribute has just has cancelled, and the private key of other users is upgraded simultaneously.Based on method of the present invention, no matter be for user increases delete property, or Add New Attribute for system, or the increase of key server is deleted all very simple, substantially increases the autgmentability of system.

Based on method of the present invention, the invention allows for a kind of data-sharing systems.System of the present invention comprises multiple KDC, access strategy constructing module, encrypting module, memory module and deciphering module.

All KDCs adopt unified common parameter, and a user property in each KDC respective user community set, different KDCs is separate and the user property of correspondence different.Concrete, in one embodiment of this invention, multiple KDC is configured to distributed system, is namely made up of the distributed server of multiple stage.Each KDC manages a user property, and the user property of any two key distribution center server is disjoint.

KDC comprises the public key generation unit of the attribute PKI generating user property corresponding to KDC and generates the private key generation unit of private key corresponding to the described user property of data access person.In an embodiment of the present invention, each data access person comprises a or many parts of different user properties, the corresponding user property that KDC is configured to for data access person generates a corresponding attribute private key, and the set of all properties private key that all KDCs that all user properties of data access person are corresponding generate is the private key of data access person.

Further, KDC is configured to generate corresponding attribute private key based on the identity of data access person, and the attribute private key that the same user property of different pieces of information visitor is corresponding is different.

Access strategy constructing module is used for the restrict access demand structure access strategy according to being shared data, thus determines to may have access to the user property being shared the data access person of data.Concrete, the access strategy of data is made up of some thresholdings, and this thresholding realizes based on coding, and these thresholdings determine can the user property set of visit data.Once access strategy is designated, anyone must not revise.

Encrypting module is used for utilizing encryption key to be encrypted being shared data with generating ciphertext.Concrete, in one embodiment of this invention, be encrypted data symmetric encipherment algorithm, symmetric key is also that this data set provider generates.

Public key generation unit is also for generating based on encryption key and access strategy and exporting ciphertext PKI.Concrete, adopt encryption attribute algorithm to be encrypted symmetric key, this encryption attribute algorithm is the encoding scheme based on maximum distance separable codes.Symmetric key is encrypted by the method for key-distribution server based on attribute, and according to access strategy tree and symmetric key, key server can calculate one group of ciphertext PKI, the leaf node of each PKI relative strategy tree.Data after ciphertext PKI and encryption packagedly upload in memory module.

Memory module is for storing described ciphertext PKI, described access strategy and described ciphertext.

Deciphering module is used for being decrypted ciphertext based on the private key of ciphertext PKI, access strategy and the data access person that meets access strategy.Deciphering module is configured to be decrypted ciphertext based on coding/decoding method.

Can the system shown in structural map 2 based on the method shown in Fig. 1.As shown in Figure 2, system comprises KDC 201 (corresponding attribute A) and 202 (corresponding attribute B).KDC 201 and 202 comprises private key generation unit 211,213 and public key generation unit 212,214 respectively.Public key generation unit 212,214 generates each self-corresponding attribute PKI respectively based on common parameter and each self-corresponding user property (attribute A and attribute B).

Tentation data sharer 203 has data M _a, be configured with access strategy constructing module 221 and encrypting module 223 at data sharer 203 place.Access strategy constructing module 221 constructs access strategy, determines to consult data M _athe user property of data access person be attribute A.Encrypting module 223 is connected with access strategy constructing module 221, based on access strategy and encryption key t _ato data M _aencryption generating ciphertext.

The public key generation unit 212 of KDC 201 according to access strategy and attribute PKI to encryption key t _aencryption is with generating ciphertext PKI T _a(corresponding attribute A).Finally comprise ciphertext, ciphertext PKI T _aand the encrypt data bag CT of access strategy _abe uploaded to memory module 230 to share.

Data access person 204 has user property A, and when it adds data-sharing systems, the private key generation unit 211 of KDC 201 generates and sends corresponding private key SK _a(corresponding attribute A the subscriber data of binding data visitor 204).Data access person 204 place is configured with private key receiver module 241 and deciphering module 242.Private key receiver module 241 receives private key SK _a.When data access person 204 needs to consult data M _atime, deciphering module 242 downloads CT from memory module 230 _a.Then deciphering module 242 utilizes CT _ain ciphertext PKI and one's own private key SK _aciphertext is decrypted.

Tentation data sharer 203 also has data M again _b.Access strategy constructing module 221 constructs access strategy, determines to consult data M _bthe user property of data access person be attribute B.Encrypting module 223 is based on access strategy and encryption key t _bto data M _bencryption generating ciphertext.

The public key generation unit 214 of KDC 202 according to access strategy and attribute PKI to encryption key t _bencryption is with generating ciphertext PKI T _b(corresponding attribute B).Finally comprise ciphertext, ciphertext PKI T _band the encrypt data bag CT of access strategy _bbe uploaded to memory module 230 to share.

Data access person 205 has user property B, and when it adds data-sharing systems, the private key generation unit 213 of KDC 202 generates and sends corresponding private key SK _b(corresponding attribute B the subscriber data of binding data visitor 205).Data access person 205 place is configured with private key receiver module 251 and deciphering module 252.Private key receiver module 251 receives private key SK _b.When data access person 205 needs to consult data M _btime, deciphering module 252 downloads CT from memory module 230 _b.Then deciphering module 252 utilizes CT _bin ciphertext PKI and one's own private key SK _bciphertext is decrypted.

To sum up, compared with prior art, system according to the present invention has stronger anti-attack ability, greatly can improve the security performance of system according to method of the present invention; Meanwhile, do not reducing on the basis of fail safe, the amount of calculation of method of the present invention reduces greatly.

Although execution mode disclosed in this invention is as above, the execution mode that described content just adopts for the ease of understanding the present invention, and be not used to limit the present invention.Method of the present invention also can have other various embodiments.When not deviating from essence of the present invention, those of ordinary skill in the art are when making various corresponding change or distortion according to the present invention, but these change accordingly or are out of shape the protection range that all should belong to claim of the present invention.

Claims

1. a data sharing method, is characterized in that, said method comprising the steps of:

2. method according to claim 1, is characterized in that, in described KDC constitution step, utilizes distributed system to construct described multiple KDC.

3. method according to claim 1, it is characterized in that, each described data access person comprises a or many parts of different described user properties, in described private key generation step, described user property based on described data access person chooses corresponding one or more described KDC, each described KDC generates a corresponding attribute private key, using the set of all described attribute private keys as the private key of described data access person.

4. method according to claim 3, it is characterized in that, in the process generating described attribute private key, the identity based on described data access person generates corresponding described attribute private key, and the described attribute private key that the same described user property of different described data access person is corresponding is different.

5. method according to claim 3, is characterized in that, described method also comprises data access authority and cancels step, wherein:

6. the method according to any one of claim 1-5, is characterized in that:

7. a data-sharing systems, is characterized in that, described system comprises multiple KDC, access strategy constructing module, encrypting module, memory module and deciphering module, wherein:

8. system according to claim 7, is characterized in that, described multiple KDC is configured to distributed system.

9. system according to claim 7, it is characterized in that, each described data access person comprises a or many parts of different described user properties, the corresponding described user property that described KDC is configured to for described data access person generates a corresponding attribute private key, and the set of all described attribute private key that all described KDC that all described user property of described data access person is corresponding generates is the private key of described data access person.

10. system according to claim 9, it is characterized in that, described KDC is configured to generate corresponding described attribute private key based on the identity of described data access person, and the described attribute private key that the same described user property of different described data access person is corresponding is different.

11. systems according to any one of claim 7-10, is characterized in that: