CN108038128A - A kind of search method, system, terminal device and storage medium for encrypting file - Google Patents

A kind of search method, system, terminal device and storage medium for encrypting file Download PDF

Info

Publication number
CN108038128A
CN108038128A CN201711089073.2A CN201711089073A CN108038128A CN 108038128 A CN108038128 A CN 108038128A CN 201711089073 A CN201711089073 A CN 201711089073A CN 108038128 A CN108038128 A CN 108038128A
Authority
CN
China
Prior art keywords
key
target
file
terminal
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711089073.2A
Other languages
Chinese (zh)
Other versions
CN108038128B (en
Inventor
王翼
吴逸明
黄度新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201711089073.2A priority Critical patent/CN108038128B/en
Priority to PCT/CN2017/112600 priority patent/WO2019090841A1/en
Publication of CN108038128A publication Critical patent/CN108038128A/en
Application granted granted Critical
Publication of CN108038128B publication Critical patent/CN108038128B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/176Support for shared access to files; File sharing support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention is suitable for electronic technology field, there is provided a kind of search method, system, terminal device and storage medium for encrypting file, the described method includes:First terminal is encrypted shared file using the first user key, and encryption file and the corresponding index information of shared file are sent to server-side, server-side is encrypted using first service end key pair encryption file, target keywords information is sent to server-side by second terminal, server-side is according to target keywords information, the two re-encryption file of target for the target keywords information match for obtaining and retrieving, and two re-encryption file of target is decrypted using second service end key, target encryption file is sent to second terminal by server-side, second terminal is decrypted target encryption file using second user key.Technical scheme realizes multiple authorized users and shared file can be retrieved by each different keys, so as to improve the Information Security of shared file.

Description

A kind of search method, system, terminal device and storage medium for encrypting file
Technical field
The present invention relates to electronic technology field, more particularly to a kind of search method for encrypting file, system, terminal device and Storage medium.
Background technology
With the continuous development of cloud computing, file is stored in Cloud Server by more and more users, in order to ensure high in the clouds The security of data on server, it will usually will be uploaded to again in Cloud Server after file encryption.Add when user needs to search for During ciphertext part, the search voucher of search key can be sent to Cloud Server, Cloud Server is using search voucher to each Encryption file is matched, and the encryption file of successful match returned to user, user the file of return is decrypted after i.e. This document can be read.
But although traditional encryption method that can search for can realize the function of being retrieved to encryption file, its Only support the mode of shared key, i.e. data set provider and user shares encryption and decryption and inspection of the same key realization to file Rope operates, and the mode of this shared key easily causes Key Exposure, Information Security is impacted.
The content of the invention
The embodiment of the present invention provides a kind of search method for encrypting file, existing real by shared key mode to solve The problem of now causing Information Security relatively low the retrieval for encrypting file.
In a first aspect, the embodiment of the present invention provides a kind of search method for encrypting file, including:
First terminal is encrypted shared file using the first user key, obtains encryption file, and by the encryption File and the corresponding index information of the shared file are sent to server-side, wherein, first user key is by key management Center is generated according to default root key;
The server-side is encrypted the encryption file using first service end key, obtains two re-encryption files, Wherein, first service end key is generated by the Key Management Center according to default root key, and is used with described first Family key uniquely corresponds to;
Second terminal obtains target keywords information, and the target keywords information is sent to the server-side, its In, the second terminal is the authorized user end of the first terminal;
The server-side is retrieved in the index information according to the target keywords information, obtains and retrieve The two re-encryption file of target of the target keywords information match arrived, and using second service end key to the target Two re-encryption files are decrypted, and obtain target encryption file, wherein, second service end key is by the key management The heart is generated according to the root key;
Target encryption file is sent to the second terminal by the server-side;
The second terminal is decrypted target encryption file using second user key, obtains mesh and shares mark text Part, wherein, the second user key is generated by the Key Management Center according to the root key, and with the second service End key uniquely corresponds to.
Second aspect, the embodiment of the present invention provides a kind of searching system for encrypting file, including first terminal, second are eventually End, server-side and Key Management Center;Between the first terminal and the server, the second terminal and the server Between, and the Key Management Center passes through between the first terminal, the second terminal, the server-side respectively Network is attached;
The first terminal includes:
Encrypting module, for shared file to be encrypted using the first user key, obtains encryption file, and by described in Encryption file and the corresponding index information of the shared file are sent to server-side, wherein, first user key is by key Administrative center generates according to default root key;
The second terminal includes:
Target critical word modules, institute is sent to for obtaining target keywords information, and by the target keywords information Server-side is stated, wherein, the second terminal is the authorized user end of the first terminal;
The server-side includes:
Double encrypting module, for the encryption file to be encrypted using first service end key, obtains double add Ciphertext part, wherein, first service end key is generated by the Key Management Center according to default root key, and with it is described First user key uniquely corresponds to;
Module is retrieved, for according to the target keywords information, being retrieved in the index information, obtaining and examine The two re-encryption file of target for the target keywords information match that rope arrives, and using second service end key to the mesh Mark two re-encryption files to be decrypted, obtain target encryption file, wherein, second service end key is by the key management Center is generated according to the root key;
Sending module, for target encryption file to be sent to the second terminal;
The second terminal further includes:
Deciphering module, for target encryption file to be decrypted using second user key, is obtained target and shared File, wherein, the second user key is generated by the Key Management Center according to the root key, and is taken with described second Business end key uniquely corresponds to;
The Key Management Center, for generating first user key, described the according to the default root key One server-side key, the second user key and second service end key.
The third aspect, the embodiment of the present invention provide a kind of terminal device, including memory, processor and are stored in described In memory and the computer program that can run on the processor, the processor are realized when performing the computer program The step of search method of the encryption file.
Fourth aspect, the embodiment of the present invention provide a kind of computer-readable recording medium, the computer-readable storage medium Matter is stored with computer program, and the computer program realizes the search method of the invoice encryption file when being executed by processor The step of.
The embodiment of the present invention has the following advantages that compared with prior art:First terminal as data set provider uses One user key uploads to server-side after shared file is encrypted, server-side is carried out using first service end key pair encryption file Encryption, authorized user end of the second terminal as first terminal, it will be sent to service for the target keywords information of retrieval End, after server-side retrieves corresponding two re-encryptions file according to the target keywords information, uses second service end key pair The two re-encryptions file is decrypted, and obtained target encryption file is sent to second terminal, second terminal is used using second Target encryption file is decrypted in family key, target shared file is obtained, due to the first user key and first service end Key uniquely corresponds to, and second user key and second service end key uniquely correspond to, also, the first user key and first service End key and second user key and second service end key are generated by Key Management Center according to root key, so that First terminal and second terminal can use different keys to carry out encryption and decryption to shared file, and different second terminals it Between key can also be different, it is achieved thereby that multiple authorized users can be by each different key to shared file Retrieved, improve the Information Security of shared file, simultaneously as server-side carries out secondary encryption to encryption file, into one Step improves the Information Security of shared file.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below by institute in the description to the embodiment of the present invention Attached drawing to be used is needed to be briefly described, it should be apparent that, drawings in the following description are only some implementations of the present invention Example, for those of ordinary skill in the art, without having to pay creative labor, can also be according to these attached drawings Obtain other attached drawings.
Fig. 1 is the application scenarios schematic diagram of the search method of encryption file provided in an embodiment of the present invention;
Fig. 2 is that the search method of encryption file provided in an embodiment of the present invention realizes flow chart;
Fig. 3 be encryption file provided in an embodiment of the present invention search method in step S1 realize flow chart;
Fig. 4 be encryption file provided in an embodiment of the present invention search method in step S2 realize flow chart;
Fig. 5 be encryption file provided in an embodiment of the present invention search method in step S4 realize flow chart;
Fig. 6 is the schematic diagram of the searching system of encryption file provided in an embodiment of the present invention;
Fig. 7 is the schematic diagram of terminal device provided in an embodiment of the present invention.
Embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is part of the embodiment of the present invention, instead of all the embodiments.Based on this hair Embodiment in bright, the every other implementation that those of ordinary skill in the art are obtained without creative efforts Example, belongs to the scope of protection of the invention.
Referring to Fig. 1, Fig. 1 shows the application scenarios of the search method of encryption file provided in an embodiment of the present invention, should First terminal, second terminal, server-side and Key Management Center are arrived involved in the application scenarios for encrypting the search method of file, its In, first terminal is data set provider, and second terminal is the authorized user end of first terminal, and first terminal can authorize more at the same time A second terminal is unified by Key Management Center as authorized user end, either first terminal or each second terminal Key is distributed, Key Management Center completes the pipes such as generation and the distribution to whole keys used in encryption file retrieval process Reason operation, and the key between first terminal and each second terminal differs, and each terminal is complete using the key of oneself The encryption and decryption of paired shared file.
Referring to Fig. 2, Fig. 2 shows that the search method of encryption file provided in an embodiment of the present invention realizes flow.In detail State as follows:
S1:First terminal is encrypted shared file using the first user key, obtains encryption file, and this is encrypted File and the corresponding index information of shared file are sent to server-side, wherein, the first user key by Key Management Center according to Default root key generation.
In embodiments of the present invention, Key Management Center generates the first user key and the previously according to default root key One server-side key, and the first user key and first service end key uniquely correspond to, Key Management Center is by the first user Key is sent to first terminal, and corresponding first service end key is sent to server-side.
It should be noted that second terminal is when successfully applying to become the authorized user end of first terminal, in key management The heart can be used based on the root key identical with the first user key of generation and first service end key, the second of generation authorized user end Family key and second service end key, second terminal is sent to by second user key, while corresponding second service end is close Key is sent to server-side.
The each server-side key received is associated and preserved by server-side with the user identity information of corresponding user terminal.
Specifically, key generates and that distributes realizes that process includes (a1) to (a5), describes in detail as follows:
(a1) Key Management Center randomly chooses a number x as root key from foundation key set;
(a2) for user k, including the user of the first user terminal or second user terminal, Key Management Center is from base A number x is randomly choosed in plinth cipher key setsk1, and calculate xk2=x-xk1;Wherein, k is the user identity information of user terminal;
(a3) Key Management Center is by Kuk=(xk1) key as user k, by Ksk=(xk2) corresponding as user k Server-side key;
(a4) Key Management Center is by KukIt is sent to user k, and by KskIt is sent to server-side;
(a5) server-side receives KskAfterwards, by user identity information k and KskAssociation saves as (k, Ksk)。
When the first terminal as data set provider needs shared data, to be uploaded is total to using the first user key Enjoy file to be encrypted, obtain encryption file.
Specifically, first terminal is encrypted shared file using the proxy-encrypted algorithms of ElGamal, obtained encryption text Part is C (file)=(gx,grxi1File), wherein, file is shared file, and x is root key, and i is the user identifier of first terminal Information, xi1 are the first user key, and g is a life of the cyclic group that Key Management Center is generated according to default security parameter Cheng Yuan, r are the randomly selected random number in basic cipher key sets, and Key Management Center is sending first to first terminal During user key, g and r are synchronously sent to first terminal.
The corresponding index information of shared file is used to search for the shared file, and first terminal can be by shared file Content recognition determines corresponding index information, can also directly acquire index key input by user and establish index information, this Place is not limited.
While first terminal will encrypt file and index information and be sent to server-side, by the user identity information of itself It is sent to server-side.
S2:Server-side is encrypted using first service end key pair encryption file, obtains two re-encryption files, wherein, First service end key is generated by Key Management Center according to default root key, and uniquely corresponding with the first user key.
In embodiments of the present invention, server-side is after the encryption file of first terminal transmission is received, according to first terminal User identity information, obtain the corresponding first service end of user identity information of the first terminal in the record preserved from association Key, and secondary encryption is carried out using the first service end key pair encryption file, obtain two re-encryption file C*(file)= (gx,(gr)xi2*grxi1File), wherein, xi2 is first service end key, and xi1+xi2=x, due to (gr)xi2*grxi1file =grxi2+rxi1File=gr(xi2+xi1)File=grxFile, therefore the two re-encryption files finally obtained are C*(file)=(gx, grxFile), although it follows that first terminal is encrypted shared file using the first user key, then server-side is again Secondary encryption is carried out using first service end key, the two re-encryption files finally obtained are directly related with root key x.
Server-side preserves index information and two re-encryption file associations, can be searched pair with will pass through the index information The two re-encryption files answered.
S3:Second terminal obtains target keywords information, and the target keywords information is sent to server-side, wherein, Second terminal is the authorized user end of first terminal.
In embodiments of the present invention, when the second terminal as authorized user end needs to retrieve the shared file, obtain The target keywords information retrieved, the target keywords information are given birth to by the search key input by user of second terminal Into.
While target keywords information is sent to server-side by second terminal, the identification information of itself is also sent to clothes Business end.
S4:Server-side is retrieved, the target for obtaining and retrieving is closed according to target keywords information in index information The two re-encryption file of target of key word information match, and the two re-encryption file of target is carried out using second service end key Decryption, obtains target encryption file, wherein, second service end key is generated by Key Management Center according to default root key.
In embodiments of the present invention, server-side receives the target keywords information of second terminal transmission, in the rope to prestore Retrieved in fuse breath, if retrieving the target keywords information, obtain the corresponding target two of the target keywords information Re-encryption file.
Server-side obtains the mark letter of the second terminal according to the identification information of second terminal in the record preserved from association Corresponding second service end key is ceased, two re-encryption file of target is decrypted using the second service end key, obtains mesh Mark encryption file.
Specifically, two re-encryption file of target is C*(file)=(gx,grxFile), it is assumed that the identification information of second terminal For j, second service end key is xj2, and second user key is xj1, xj1+xj2=x, then using second service end key to mesh Mark two re-encryption files to be decrypted, obtain target encryption file C'(file)=(gx,(gr)-xj2*grxFile), due to (gr )-xj2*grxFile=gr(x-xj2)File=grxj1File, therefore the target encryption file C'(file finally obtained)=(gx, grxj1file).It follows that target encryption file at this time has changed into and encrypts to obtain by second user key xj1, i.e. the mesh Mark encryption file is different from the encryption file encrypted by the first user key xi1.
S5:Target encryption file is sent to second terminal by server-side.
In embodiments of the present invention, the target that server-side obtains step S4 encrypts file C'(file)=(gx, grxj1File) it is sent to second terminal.
S6:Second terminal is decrypted target encryption file using second user key, obtains target shared file, its In, second user key is generated by Key Management Center according to default root key, and uniquely corresponding with second service end key.
In embodiments of the present invention, the target encryption file that second terminal receives is had been changed to according to the second second user Key xj1 encrypts to obtain, and therefore, second terminal completes the solution to target encryption file using the second user key xj1 of oneself It is close, i.e. grxj1file*(gr)-xj1=grxj1-rxj1File=file, so as to obtain target shared file file, which shares text Part is the shared file shared in step S1 as the first terminal of data set provider.
It should be noted that the first user key xi1 and first service end key xi2 that are used in ciphering process, and The second user key xj1 and second service end key xi2 used in decrypting process, can be different, but due to xi1+xi2 =xj1+xj2=x, it is ensured that two final re-encryption files are only directly related with root key x, therefore enable to first terminal Encryption and decryption is carried out to shared file using different keys respectively with second terminal, so as to improve the data safety of shared file Property.
In the corresponding embodiments of Fig. 2, the first terminal as data set provider uses the first user key by shared text Server-side is uploaded to after part encryption, server-side is encrypted using first service end key pair encryption file, second terminal conduct The authorized user end of first terminal, it will be sent to server-side for the target keywords information of retrieval, and server-side is according to the mesh After mark keyword message retrieves corresponding two re-encryptions file, the two re-encryptions file is carried out using second service end key Decryption, is sent to second terminal, second terminal encrypts the target using second user key by obtained target encryption file File is decrypted, and obtains target shared file, and since the first user key and first service end key uniquely correspond to, second uses Family key and second service end key uniquely correspond to, also, the first user key and first service end key and second user Key and second service end key are generated by Key Management Center according to root key, so that first terminal and second terminal Different keys can be used to carry out encryption and decryption to shared file, and the key between different second terminals can also mutually not It is identical, it is achieved thereby that multiple authorized users can retrieve shared file by each different keys, improve shared The Information Security of file, simultaneously as server-side carries out secondary encryption to encryption file, further increases shared file Information Security.
Next, on the basis of the corresponding embodiments of Fig. 2, below by a specific embodiment in step S1 Mentioned first terminal is encrypted shared file using the first user key, obtains encryption file, and the encryption is literary The concrete methods of realizing that part and the corresponding index information of shared file are sent to server-side is described in detail.
Referring to Fig. 3, Fig. 3 shows the specific implementation flow of step S1 provided in an embodiment of the present invention, details are as follows:
S11:First terminal obtains shared file search key corresponding with the shared file.
In embodiments of the present invention, the shared file that first terminal acquisition user provides, and the shared file are corresponding Search key.
First terminal can also be obtained directly by determining corresponding search key to the content recognition of shared file Search key input by user is taken, is not limited herein.
S12:First terminal is encrypted shared file using the first user key, obtains encryption file.
In embodiments of the present invention, first terminal is encrypted shared file using the first user key, is encrypted The process of file is identical with the implementation method for obtaining encryption file described in above-mentioned steps S1, and details are not described herein again.
S13:First terminal generates fuzzy keyword set according to search key.
In embodiments of the present invention, first terminal generates fuzzy keyword set, obscures and close according to definite search key Keyword collection is used to carry out fuzzy search to shared file, obscures and is included in keyword set based on a series of of search key generation Fuzzy keyword, is retrieved using the fuzzy keyword in fuzzy keyword set, disclosure satisfy that retrieval in larger scope needs Ask.
Further, for first terminal according to the search key, the specific implementation for generating fuzzy keyword set is detailed State as follows:
First terminal constructs fuzzy keyword set according to search key by the way of asterisk wildcard.
Specifically, the mode of asterisk wildcard is used to establish a fuzzy keyword set to editing distance for the search key w of d Sw,d, the edit operation in search key on some position is represented using asterisk wildcard.Wherein, edit operation includes three kinds of behaviour Make mode:
(1) insertion operation:Character is inserted into the word of search key;
(2) delete operation:Character is deleted from the word of search key;
(3) modification operation:It is other characters by the character change in the word of search key.
Editing distance is expressed as S by the search key w of the d fuzzy keyword sets constructedw,d={ S'w,0,S 'w,1,...,S'w,d, wherein S'w,nRepresent one group of word that n asterisk wildcard is had based on w, each asterisk wildcard represents to close in retrieval Edit operation on key word w.
For example, it is 1 for editing distance d, search key w is student, the fuzzy keyword set S of foundationstudent,1 ={ student, * student, s*tudent, * tudent, s*udent ..., studen*, student* }, the fuzzy key Word quantity in word set is 16.Under normal conditions, for the search key w that search key length is l, if it is edited Distance d is 1, then the fuzzy keyword set S constructedw,1Size be (2l+1)+1.With the increase of editing distance d, what it was constructed Fuzzy keyword set Sw,dSize be consequently increased.When editing distance d is respectively 2 and 3, its fuzzy keyword set constructed For l and compiled for search key length The pass search key that distance is d is collected, the size of the fuzzy keyword word set constructed by the way of asterisk wildcard is answered by data Miscellaneous degree is expressed as O (ld)。
S14:First terminal is encrypted using the first index key to obscuring each keyword in keyword set, is obtained First trapdoor set, wherein, the first index key is produced by the first user key.
In embodiments of the present invention, first terminal uses the first index key of the first user key xi1 generations KI, KI=f (xi1), wherein, f is hash function.
First index key is used for being encrypted to obscuring each keyword in keyword set, obtains the first trapdoor set FuzzyEnc1,Wherein, Sw1,d1It is d1 for editing distance, search key is the fuzzy pass of w1 Keyword collection, and T can be realized by public key encryption algorithm RSA.
S15:First terminal is encrypted the identification information of shared file using the first index key, and will be encrypted Identification information, the first trapdoor set and the first index key composition index information.
In embodiments of the present invention, first terminal uses the first index key K generated in step S14I, to shared file Identification information be encrypted, obtain encrypted identification information F, F=Enc (KI,fidw), wherein, fidwTo include fuzzy pass The identification information of the shared file of keyword w, Enc by Advanced Encryption Standard (Advanced Encryption Standard, AES) or data encryption standards (Data Encryption Standard, DES) is realized.
For the identification information of shared file for the unique mark shared file, which can be that file is uniquely compiled Number, but be not limited to this, it can be specifically configured according to the needs of application, be not limited herein.
First terminal is by encrypted identification information F, the first trapdoor set FuzzyEnc1With the first index key KIForm rope Fuse ceases Index, Index={ KI,<FuzzyEnc1,F>, i.e.,
S16:First terminal will encrypt file and index information is sent to server-side.
In embodiments of the present invention, first terminal will encrypt file C (file) and index information Index is sent to service End.
In the corresponding embodiments of Fig. 3, first terminal is encrypted shared file using the first user key, is added Ciphertext part, and according to search key, fuzzy keyword set is constructed by the way of asterisk wildcard, then using the first index key It is encrypted to obscuring each keyword in keyword set, obtains the first trapdoor set, and using the first index key to altogether The identification information for enjoying file is encrypted, and encrypted identification information, the first trapdoor set and the first index key are formed Index information, server-side is jointly sent to by encryption file and index information, fuzzy by constructing so that server-side is retrieved The mode of keyword set realizes the fuzzy search to search key, can effectively improve retrieval success rate and accuracy rate, and The fuzzy keyword set constructed by the way of asterisk wildcard is more complete, disclosure satisfy that fuzzy search demand in larger scope.
On the basis of the corresponding embodiments of Fig. 3, below by a specific embodiment to mentioned in step S2 Second terminal obtain target keywords information, and by the target keywords information be sent to the concrete methods of realizing of server-side into Row describes in detail.
In embodiments of the present invention, the target keywords information that second terminal obtains includes target trapdoor set.
Referring to Fig. 4, Fig. 4 shows the specific implementation flow of step S2 provided in an embodiment of the present invention, details are as follows:
S21:Second terminal obtains keyword to be retrieved.
In embodiments of the present invention, second terminal obtains keyword to be retrieved input by user.
S22:Second terminal generates objective fuzzy keyword set according to keyword to be retrieved.
In embodiments of the present invention, second terminal is according to keyword to be retrieved, the process of generation objective fuzzy keyword set With first terminal in step S13 according to search key, identical method can be used by generating fuzzy keyword set, herein no longer Repeat.
Specifically, keyword to be retrieved is w2, and editing distance d2, the objective fuzzy keyword set of generation is Sw2,d2
S23:Second terminal is encrypted each keyword in objective fuzzy keyword set using the second index key, Target trapdoor set is obtained, wherein, which is produced by second user key, and the second user key is by key pipe Reason center is generated according to root key.
In embodiments of the present invention, second terminal uses the second index key of second user key xi2 generations KJ, KJ=f (xi2), wherein, f is hash function.
Second index key is used for objective fuzzy keyword set Sw2,d2In each keyword be encrypted, obtain target Trapdoor set FuzzyEnc2,
S24:Target trapdoor set is sent to server-side by second terminal.
In embodiments of the present invention, second terminal is by target trapdoor set FuzzyEnc2Sent as target keywords information To server-side.
In the corresponding embodiments of Fig. 4, when the authorized user of second terminal is needed using key search to be retrieved correlation Encryption file when, second terminal generates objective fuzzy keyword set, the objective fuzzy keyword set according to keyword to be retrieved The generating process method and the first terminal that use obscured according to search key generation keyword set generation method it is identical, so Each keyword in objective fuzzy keyword set is encrypted using the second index key afterwards, obtains target trapdoor set, Server-side is sent to using the target trapdoor set as target keywords information, so that server-side is retrieved, realizes and passes through The mode of the fuzzy keyword set of construction carries out fuzzy search, can effectively improve retrieval success rate and accuracy rate, and using logical The fuzzy keyword set that mode with symbol constructs is more complete, disclosure satisfy that fuzzy search demand in larger scope.
On the basis of the corresponding embodiments of Fig. 4, below by a specific embodiment to mentioned in step S4 Server-side according to target keywords information, retrieved in index information, the target keywords information for obtaining and retrieving The two re-encryption file of target to match, and the two re-encryption file of target is decrypted using second service end key, obtain Concrete methods of realizing to target encryption file is described in detail.
Referring to Fig. 5, Fig. 5 shows the specific implementation flow of step S4 provided in an embodiment of the present invention, details are as follows:
S41:If server-side retrieves the target encrypted indexes to match with target trapdoor set, root in index information Corresponding target index key and the identification information of encrypted target shared file are obtained according to the target encrypted indexes.
In embodiments of the present invention, after server-side receives the target trapdoor set of second terminal transmission, according to the target Trapdoor set, carries out fuzzy search in index information, and index information is sent to server-side by first terminal, after containing encryption The identification information of shared file, the first trapdoor set and the first index key.If server-side retrieves and the target trapdoor collection The the first trapdoor set to match is closed, then encrypts rope using the index information where the first trapdoor set retrieved as target Draw.
Assuming that the target encrypted indexes retrieved areThen According to target encrypted indexes Index', the first index key K included in the index information is obtainedIIndexed as target close Identification information Enc (the K of the encrypted shared file included in key, and the index informationI,fidw1) it is used as encrypted mesh Mark the identification information of shared file.
It should be noted that, although the target trapdoor set that second terminal is sent is encrypted using the second index key Arrive, and the first trapdoor set in the index information that the first terminal preserved in server-side is sent is encrypted by the first index key Arriving, i.e. the first trapdoor set is different with the encryption key of target trapdoor set, but since the first index key is close by the first user Key produces, and the second index key is produced by second user key, and the first user key and second user key are by key pipe Reason center is generated according to identical root key, and therefore, the fuzzy search process that server-side carries out can be realized in index information Retrieve the first trapdoor set to match with target trapdoor set.
S42:Server-side is decrypted the identification information of target shared file using target index key, and according to decryption Identification information afterwards obtains two re-encryption file of target.
In embodiments of the present invention, the target that server-side is obtained using step S41 indexes key, i.e., the first index key KI, to the identification information Enc (K of target shared fileI,fidw1) be decrypted, the identification information fid after being decryptedw
Since server-side has preserved index information and two re-encryption file associations in step s 2, server-side According to the identification information fid after decryptionw, two re-encryption file C of target corresponding to the identification information can be got*(file)。
S43:Server-side is decrypted two re-encryption file of target using second service end key, obtains target encryption text Part.
In embodiments of the present invention, server-side is decrypted two re-encryption file of target using second service end key, It is identical with the implementation method for obtaining target encryption file described in above-mentioned steps S4 to obtain the process of target encryption file, herein Repeat no more.
In the corresponding embodiments of Fig. 5, target trapdoor set that server-side is sent according to second terminal, in index information The target encrypted indexes to match with the target trapdoor set are retrieved, and corresponding target is obtained according to the target encrypted indexes Key and the identification information of encrypted target shared file are indexed, and then key is indexed to target shared file using the target Identification information be decrypted, and according to after decryption identification information obtain two re-encryption file of target, use second service end Key obtains target encryption file so that second terminal can use oneself to the two re-encryption file of target is decrypted Second user key to the target encryption file be decrypted, the target shared file finally retrieved, so as to fulfill Multiple authorized users can retrieve shared file by each different keys, improve the data safety of shared file Property.
It is to be understood that the size of the sequence number of each step is not meant to the priority of execution sequence, each process in above-described embodiment Execution sequence should determine that the implementation process without tackling the embodiment of the present invention forms any limit with its function and internal logic It is fixed.
Corresponding to the search method of the encryption file described in foregoing embodiments, Fig. 6 shows provided in an embodiment of the present invention The structure diagram of the searching system of file is encrypted, for convenience of description, illustrate only and the relevant part of the embodiment of the present invention.
Referring to Fig. 6, the searching system of the encryption file includes first terminal 61, second terminal 62, server-side 63 and close Key administrative center 64, wherein, between first terminal and server, between second terminal and server, and Key Management Center It is attached respectively between first terminal, second terminal, server-side by network.
Key Management Center 64, for generating the first user key, first service end key, the according to default root key Two user keys and second service end key.
First terminal 61 includes encrypting module 611, and second terminal 62 includes target critical word modules 621 and deciphering module 622, server-side 63 includes double encrypting module 631, retrieval module 632 and sending module 633, and each function module describes in detail such as Under:
Encrypting module 611, for shared file to be encrypted using the first user key, obtains encryption file, and will Encryption file index information corresponding with the shared file is sent to server-side, wherein, the first user key is by key management Center is generated according to default root key;
Target critical word modules 621, service is sent to for obtaining target keywords information, and by target keywords information End, wherein, the second terminal 62 is the authorized user end of first terminal 61;
Deciphering module 622, for target encryption file to be decrypted using second user key, is obtained target and shares text Part, wherein, second user key is generated by Key Management Center according to root key, and uniquely corresponding with second service end key;
Double encrypting module 631, for being encrypted using first service end key pair encryption file, obtains two re-encryptions File, wherein, first service end key is generated by Key Management Center according to default root key, and with the first user key only One corresponds to;
Module 632 is retrieved, for according to target keywords information, being retrieved in index information, obtaining and retrieve Target keywords information match two re-encryption file of target, and using second service end key to two re-encryption of target File is decrypted, and obtains target encryption file, wherein, second service end key is given birth to by Key Management Center according to root key Into;
Sending module 633, for target encryption file to be sent to second terminal 62.
Further, encrypting module 611 includes:
First acquisition submodule 6111, for obtaining shared file search key corresponding with the shared file;
File encryption submodule 6112, for shared file to be encrypted using the first user key, obtains encryption text Part;
First word set generates submodule 6113, for according to search key, generating fuzzy keyword set;
Keyword encrypts submodule 6114, for indexing key to obscuring each keyword in keyword set using first It is encrypted, obtains the first trapdoor set, wherein, the first index key is produced by the first user key;
Mark encryption submodule 6115, for the identification information of shared file to be encrypted using the first index key, And encrypted identification information, the first trapdoor set and the first index key are formed into index information;
First sending submodule 6116, for encryption file and index information to be sent to server-side 63.
Further, the first word set generation submodule 6113, is additionally operable to according to search key, by the way of asterisk wildcard The fuzzy keyword set of construction.
Further, target keywords information includes target trapdoor set, and target critical word modules 621 include:
Second acquisition submodule 6211, for obtaining keyword to be retrieved;
Second word set generates submodule 6212, for according to keyword to be retrieved, generating objective fuzzy keyword set;
Second encryption submodule 6213, for indexing key to each key in objective fuzzy keyword set using second Word is encrypted, and obtains target trapdoor set, wherein, the second index key is produced by second user key, second user key Generated by Key Management Center according to root key;
Second sending submodule 6214, for target trapdoor set to be sent to server-side 63.
Further, retrieval module 632 includes:
Matched sub-block 6321, if being encrypted for retrieving the target to match with target trapdoor set in index information Index, the then mark that corresponding target index key and encrypted target shared file are obtained according to the target encrypted indexes are believed Breath;
First decryption submodule 6322, for being solved using target index key to the identification information of target shared file It is close, and two re-encryption file of target is obtained according to the identification information after decryption;.
Second decryption submodule 6323, for two re-encryption file of target to be decrypted using second service end key, Obtain target encryption file.
Each module realizes the process of respective function, tool in a kind of searching system for encrypting file provided in an embodiment of the present invention Body refers to the description of preceding method embodiment, and details are not described herein again.
The embodiment of the present invention provides a computer-readable recording medium, and calculating is stored with the computer-readable recording medium Machine program, the computer program realize the search method of the encryption file in preceding method embodiment when being executed by processor, or Person, encrypts each module/unit in the searching system of file in aforementioned means embodiment when which is executed by processor Function, to avoid repeating, which is not described herein again.
Referring to Fig. 7, Fig. 7 is the schematic diagram of terminal device provided in an embodiment of the present invention.As shown in fig. 7, the embodiment Terminal device 70 include:Processor 71, memory 72 and it is stored in memory 72 and can be run on processor 71 Computer program 73, such as the search program of encryption file.Processor 71 perform computer program 73 when realize it is above-mentioned it is each plus Step in the search method embodiment of ciphertext part, such as the step S1 to step S6 shown in Fig. 1.Alternatively, processor 71 performs Realize the function of each module/unit in above-mentioned each device embodiment during computer program 73, such as first terminal 61 shown in Fig. 6, The function of each module/unit in second terminal 62, server-side 63 and Key Management Center 64.
Exemplary, computer program 73 can be divided into one or more module/units, one or more mould Block/unit is stored in memory 72, and is performed by processor 71, to complete the present invention.One or more module/units can To be the series of computation machine programmed instruction section that can complete specific function, the instruction segment is for describing computer program 73 at end Implementation procedure in end equipment 70.For example, computer program 73 can be divided into the encrypting module on first terminal, second eventually Target critical word modules on end and decryption module, double encrypting module, retrieval module and sending module in server-side, key Program in administrative center.Each function module concrete function is as follows:
Key Management Center, for generating the first user key, first service end key, second according to default root key User key and second service end key.
Encrypting module, for shared file to be encrypted using the first user key, obtains encryption file, and this is added Ciphertext part index information corresponding with the shared file is sent to server-side, wherein, the first user key is by Key Management Center Generated according to default root key;
Target critical word modules, server-side is sent to for obtaining target keywords information, and by target keywords information, Wherein, the second terminal is the authorized user end of first terminal;
Deciphering module, for target encryption file to be decrypted using second user key, obtains target shared file, Wherein, second user key is generated by Key Management Center according to root key, and uniquely corresponding with second service end key;
Double encrypting module, for being encrypted using first service end key pair encryption file, obtains two re-encryptions text Part, wherein, first service end key is generated by Key Management Center according to default root key, and unique with the first user key It is corresponding;
Module is retrieved, for according to target keywords information, being retrieved in index information, the mesh for obtaining and retrieving The two re-encryption file of target that mark keyword message matches, and using second service end key to the two re-encryption file of target It is decrypted, obtains target encryption file, wherein, second service end key is generated by Key Management Center according to root key;
Sending module, for target encryption file to be sent to second terminal.
Further, encrypting module includes:
First acquisition submodule, for obtaining shared file search key corresponding with the shared file;
File encryption submodule, for shared file to be encrypted using the first user key, obtains encryption file;
First word set generates submodule, for according to search key, generating fuzzy keyword set;
Keyword encrypts submodule, for being carried out using the first index key to each keyword obscured in keyword set Encryption, obtains the first trapdoor set, wherein, the first index key is produced by the first user key;
Mark encryption submodule, for the identification information of shared file to be encrypted using the first index key, and will Encrypted identification information, the first trapdoor set and the first index key composition index information;
First sending submodule, for encryption file and index information to be sent to server-side.
Further, the first word set generation submodule, is additionally operable to, according to search key, construct by the way of asterisk wildcard Fuzzy keyword set.
Further, target keywords information includes target trapdoor set, and target critical word modules include:
Second acquisition submodule, for obtaining keyword to be retrieved;
Second word set generates submodule, for according to keyword to be retrieved, generating objective fuzzy keyword set;
Second encryption submodule, for using second index key to each keyword in objective fuzzy keyword set into Row encryption, obtains target trapdoor set, wherein, the second index key is produced by second user key, and second user key is by close Key administrative center generates according to root key;
Second sending submodule, for target trapdoor set to be sent to server-side.
Further, retrieval module includes:
Matched sub-block, if encrypting rope for retrieving the target to match with target trapdoor set in index information Draw, then the mark that corresponding target index key and encrypted target shared file are obtained according to the target encrypted indexes is believed Breath;
First decryption submodule, for the identification information of target shared file to be decrypted using target index key, And two re-encryption file of target is obtained according to the identification information after decryption;.
Second decryption submodule, for two re-encryption file of target to be decrypted using second service end key, is obtained Target encrypts file.
Terminal device 70 can be the computing devices such as desktop PC, notebook, palm PC and cloud server.Eventually End equipment 70 may include, but be not limited only to, processor 71, memory 72.It will be understood by those skilled in the art that Fig. 7 is only The example of terminal device 70, does not form the restriction to terminal device 70, can include components more more or fewer than diagram, or Person combines some components, or different components, such as terminal device 70 can also include input-output equipment, network insertion is set Standby, bus etc..
Alleged processor 71 can be central processing unit (Central Processing Unit, CPU), can also be Other general processors, digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field- Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic, Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor Deng.
Memory 72 can be the internal storage unit of terminal device 70, such as the hard disk or memory of terminal device 60.Deposit Reservoir 72 can also be the plug-in type hard disk being equipped with the External memory equipment of terminal device 70, such as terminal device 70, intelligence Storage card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card) Deng.Further, memory 72 can also both include the internal storage unit of terminal device 70 or including External memory equipment.Deposit Reservoir 72 is used to store computer program and other programs and data needed for terminal device 70.Memory 72 can be also used for Temporarily store the data that has exported or will export.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each work( Can unit, module division progress for example, in practical application, can be as needed and by above-mentioned function distribution by different Functional unit, module are completed, i.e., the internal structure of described device are divided into different functional units or module, more than completion The all or part of function of description.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also That unit is individually physically present, can also two or more units integrate in a unit.Above-mentioned integrated list Member can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If the integrated module/unit realized in the form of SFU software functional unit and as independent production marketing or In use, it can be stored in a computer read/write memory medium.Based on such understanding, the present invention realizes above-mentioned implementation All or part of flow in example method, can also instruct relevant hardware to complete, the meter by computer program Calculation machine program can be stored in a computer-readable recording medium, the computer program when being executed by processor, it can be achieved that on The step of stating each embodiment of the method.Wherein, the computer program includes computer program code, the computer program generation Code can be source code form, object identification code form, executable file or some intermediate forms etc..The computer-readable medium It can include:Any entity or device, recording medium, USB flash disk, mobile hard disk, the magnetic of the computer program code can be carried Dish, CD, computer storage, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It is it should be noted that described The content that computer-readable medium includes can carry out appropriate increasing according to legislation in jurisdiction and the requirement of patent practice Subtract, such as in some jurisdictions, according to legislation and patent practice, computer-readable medium do not include be electric carrier signal and Telecommunication signal.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although with reference to foregoing reality Example is applied the present invention is described in detail, it will be understood by those of ordinary skill in the art that:It still can be to foregoing each Technical solution described in embodiment is modified, or carries out equivalent substitution to which part technical characteristic;And these are changed Or replace, the essence of appropriate technical solution is departed from the spirit and scope of various embodiments of the present invention technical solution, should all Within protection scope of the present invention.

Claims (10)

1. a kind of search method for encrypting file, it is characterised in that the search method includes:
First terminal is encrypted shared file using the first user key, obtains encryption file, and by the encryption file Index information corresponding with the shared file is sent to server-side, wherein, first user key is by Key Management Center Generated according to default root key;
The server-side is encrypted the encryption file using first service end key, obtains two re-encryption files, wherein, First service end key is generated by the Key Management Center according to default root key, and with first user key It is unique corresponding;
Second terminal obtains target keywords information, and the target keywords information is sent to the server-side, wherein, institute State the authorized user end that second terminal is the first terminal;
The server-side is retrieved in the index information according to the target keywords information, obtains and retrieve The two re-encryption file of target of the target keywords information match, and it is double to the target using second service end key Encryption file is decrypted, and obtains target encryption file, wherein, second service end key is by the Key Management Center root Generated according to the root key;
Target encryption file is sent to the second terminal by the server-side;
The second terminal is decrypted target encryption file using second user key, obtains target shared file, Wherein, the second user key is generated by the Key Management Center according to the root key, and with the second service end Key uniquely corresponds to.
2. search method as claimed in claim 1, it is characterised in that the first terminal is using the first user key to shared File is encrypted, and obtains encryption file, and the encryption file and the corresponding index information of the shared file are sent to Server-side includes:
The first terminal obtains the shared file and the corresponding search key of the shared file;
The first terminal is encrypted the shared file using first user key, obtains the encryption file;
The first terminal generates fuzzy keyword set according to the search key;
The first terminal is encrypted each keyword in the fuzzy keyword set using the first index key, obtains First trapdoor set, wherein, the first index key is produced by first user key;
The first terminal is encrypted the identification information of the shared file using the described first index key, and will encryption Identification information, the first trapdoor set and the first index key afterwards forms the index information;
The encryption file and the index information are sent to the server-side by the first terminal.
3. search method as claimed in claim 2, it is characterised in that the first terminal is raw according to the search key Include into fuzzy keyword set:
The first terminal constructs the fuzzy keyword set according to the search key by the way of asterisk wildcard.
4. search method as claimed in claim 2 or claim 3, it is characterised in that the target keywords information includes target trapdoor Set, the second terminal obtains target keywords information, and the target keywords information is sent to the server-side bag Include:
The second terminal obtains keyword to be retrieved;
The second terminal generates objective fuzzy keyword set according to the keyword to be retrieved;
The second terminal is encrypted each keyword in the objective fuzzy keyword set using the second index key, Target trapdoor set is obtained, wherein, the second index key is produced by second user key, and the second user key is by institute Key Management Center is stated to be generated according to the root key;
The target trapdoor set is sent to the server-side by the second terminal.
5. search method as claimed in claim 4, it is characterised in that the server-side according to the target keywords information, Retrieved in the index information, two re-encryption of target for the target keywords information match for obtaining and retrieving File, and the two re-encryption file of target is decrypted using second service end key, obtaining target encryption file includes:
If the server-side retrieves the target encrypted indexes to match with the target trapdoor set in the index information, Then corresponding target index key and the identification information of encrypted target shared file are obtained according to the target encrypted indexes;
The server-side is decrypted the identification information of the target shared file using target index key, and according to Identification information after decryption obtains two re-encryption file of target;.
The server-side is decrypted the two re-encryption file of target using second service end key, obtains the mesh Mark encryption file.
6. a kind of searching system for encrypting file, it is characterised in that the searching system includes first terminal, second terminal, clothes Business end and Key Management Center;Between the first terminal and the server, between the second terminal and the server, And the Key Management Center passes through network between the first terminal, the second terminal, the server-side respectively It is attached;
The first terminal includes:
Encrypting module, for shared file to be encrypted using the first user key, obtains encryption file, and by the encryption File and the corresponding index information of the shared file are sent to server-side, wherein, first user key is by key management Center is generated according to default root key;
The second terminal includes:
Target critical word modules, the clothes are sent to for obtaining target keywords information, and by the target keywords information Business end, wherein, the second terminal is the authorized user end of the first terminal;
The server-side includes:
Double encrypting module, for the encryption file to be encrypted using first service end key, obtains two re-encryptions text Part, wherein, first service end key is generated by the Key Management Center according to default root key, and with described first User key uniquely corresponds to;
Module is retrieved, for according to the target keywords information, being retrieved in the index information, obtaining and retrieve The target keywords information match two re-encryption file of target, and using second service end key to the target two Re-encryption file is decrypted, and obtains target encryption file, wherein, second service end key is by the Key Management Center Generated according to the root key;
Sending module, for target encryption file to be sent to the second terminal;
The second terminal further includes:
Deciphering module, for target encryption file to be decrypted using second user key, obtains target shared file, Wherein, the second user key is generated by the Key Management Center according to the root key, and with the second service end Key uniquely corresponds to;
The Key Management Center, for generating first user key, first clothes according to the default root key Business end key, the second user key and second service end key.
7. retrieval as claimed in claim 6, it is characterised in that the encrypting module includes:
First acquisition submodule, for obtaining the shared file and the corresponding search key of the shared file;
File encryption submodule, for the shared file to be encrypted using first user key, obtains described add Ciphertext part;
First word set generates submodule, for according to the search key, generating fuzzy keyword set;
Keyword encrypts submodule, for being carried out using the first index key to each keyword in the fuzzy keyword set Encryption, obtains the first trapdoor set, wherein, the first index key is produced by first user key;
Mark encryption submodule, for the identification information of the shared file to be encrypted using the described first index key, And encrypted identification information, the first trapdoor set and the first index key are formed into the index information;
First sending submodule, for the encryption file and the index information to be sent to the server-side.
8. searching system as claimed in claim 7, it is characterised in that the target keywords information includes target trapdoor collection Close, the target critical word modules include:
Second acquisition submodule, for obtaining keyword to be retrieved;
Second word set generates submodule, for according to the keyword to be retrieved, generating objective fuzzy keyword set;
Second encryption submodule, for using second index key to each keyword in the objective fuzzy keyword set into Row encryption, obtains target trapdoor set, wherein, the second index key is produced by second user key, the second user Key is generated by the Key Management Center according to the root key;
Second sending submodule, for the target trapdoor set to be sent to the server-side.
9. a kind of terminal device, including memory, processor and it is stored in the memory and can be on the processor The computer program of operation, it is characterised in that the processor realizes such as claim 1 to 5 when performing the computer program The step of search method of any one encryption file.
10. a kind of computer-readable recording medium, the computer-readable recording medium storage has computer program, its feature exists In the search method of realization encryption file as described in any one of claim 1 to 5 when the computer program is executed by processor The step of.
CN201711089073.2A 2017-11-08 2017-11-08 Retrieval method, system, terminal equipment and storage medium of encrypted file Active CN108038128B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201711089073.2A CN108038128B (en) 2017-11-08 2017-11-08 Retrieval method, system, terminal equipment and storage medium of encrypted file
PCT/CN2017/112600 WO2019090841A1 (en) 2017-11-08 2017-11-23 Encrypted file retrieval method and system, terminal device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711089073.2A CN108038128B (en) 2017-11-08 2017-11-08 Retrieval method, system, terminal equipment and storage medium of encrypted file

Publications (2)

Publication Number Publication Date
CN108038128A true CN108038128A (en) 2018-05-15
CN108038128B CN108038128B (en) 2020-02-14

Family

ID=62092782

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711089073.2A Active CN108038128B (en) 2017-11-08 2017-11-08 Retrieval method, system, terminal equipment and storage medium of encrypted file

Country Status (2)

Country Link
CN (1) CN108038128B (en)
WO (1) WO2019090841A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109040109A (en) * 2018-08-31 2018-12-18 国鼎网络空间安全技术有限公司 Data trade method and system based on key management mechanism
CN109660555A (en) * 2019-01-09 2019-04-19 上海交通大学 Content safety sharing method and system based on proxy re-encryption
CN111191266A (en) * 2019-12-31 2020-05-22 中国广核电力股份有限公司 File encryption method and system and decryption method and system
CN111737720A (en) * 2020-07-21 2020-10-02 腾讯科技(深圳)有限公司 Data processing method and device and electronic equipment
CN112822255A (en) * 2020-12-31 2021-05-18 平安科技(深圳)有限公司 Block chain-based mail processing method, mail sending end, receiving end and equipment
CN112887087A (en) * 2021-01-20 2021-06-01 成都质数斯达克科技有限公司 Data management method and device, electronic equipment and readable storage medium
CN113315626A (en) * 2020-02-27 2021-08-27 阿里巴巴集团控股有限公司 Communication method, key management method, device, system and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040117621A1 (en) * 2002-12-12 2004-06-17 Knight Erik A. System and method for managing resource sharing between computer nodes of a network
CN103457733A (en) * 2013-08-15 2013-12-18 中电长城网际系统应用有限公司 Data sharing method and system under cloud computing environment
CN103731432A (en) * 2014-01-11 2014-04-16 西安电子科技大学昆山创新研究院 Multi-user supported searchable encryption system and method
CN107077469A (en) * 2014-10-21 2017-08-18 三菱电机株式会社 Server unit, searching system, terminal installation, search method, server program and terminal program
CN107330340A (en) * 2017-06-19 2017-11-07 国家计算机网络与信息安全管理中心 File encrypting method, equipment, file decryption method, equipment and storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102176709B (en) * 2010-12-13 2013-11-13 北京交通大学 Method and device with privacy protection function for data sharing and publishing
CN103281377B (en) * 2013-05-31 2016-06-08 北京创世泰克科技股份有限公司 A kind of encrypt data storage and querying method of facing cloud
EP3210157B1 (en) * 2014-10-23 2020-04-01 Pageproof.com Limited Encrypted collaboration system and method
CN105320896B (en) * 2015-10-21 2018-04-06 成都卫士通信息产业股份有限公司 A kind of cloud storage encryption and its cipher text retrieval method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040117621A1 (en) * 2002-12-12 2004-06-17 Knight Erik A. System and method for managing resource sharing between computer nodes of a network
CN103457733A (en) * 2013-08-15 2013-12-18 中电长城网际系统应用有限公司 Data sharing method and system under cloud computing environment
CN103731432A (en) * 2014-01-11 2014-04-16 西安电子科技大学昆山创新研究院 Multi-user supported searchable encryption system and method
CN107077469A (en) * 2014-10-21 2017-08-18 三菱电机株式会社 Server unit, searching system, terminal installation, search method, server program and terminal program
CN107330340A (en) * 2017-06-19 2017-11-07 国家计算机网络与信息安全管理中心 File encrypting method, equipment, file decryption method, equipment and storage medium

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109040109A (en) * 2018-08-31 2018-12-18 国鼎网络空间安全技术有限公司 Data trade method and system based on key management mechanism
CN109660555A (en) * 2019-01-09 2019-04-19 上海交通大学 Content safety sharing method and system based on proxy re-encryption
CN109660555B (en) * 2019-01-09 2020-07-14 上海交通大学 Content secure sharing method and system based on proxy re-encryption
CN111191266A (en) * 2019-12-31 2020-05-22 中国广核电力股份有限公司 File encryption method and system and decryption method and system
CN113315626A (en) * 2020-02-27 2021-08-27 阿里巴巴集团控股有限公司 Communication method, key management method, device, system and storage medium
CN111737720A (en) * 2020-07-21 2020-10-02 腾讯科技(深圳)有限公司 Data processing method and device and electronic equipment
CN112822255A (en) * 2020-12-31 2021-05-18 平安科技(深圳)有限公司 Block chain-based mail processing method, mail sending end, receiving end and equipment
CN112822255B (en) * 2020-12-31 2023-02-28 平安科技(深圳)有限公司 Block chain-based mail processing method, mail sending end, receiving end and equipment
CN112887087A (en) * 2021-01-20 2021-06-01 成都质数斯达克科技有限公司 Data management method and device, electronic equipment and readable storage medium

Also Published As

Publication number Publication date
WO2019090841A1 (en) 2019-05-16
CN108038128B (en) 2020-02-14

Similar Documents

Publication Publication Date Title
CN108038128A (en) A kind of search method, system, terminal device and storage medium for encrypting file
CN106127075B (en) Encryption method can search for based on secret protection under a kind of cloud storage environment
CN109784931B (en) Query method of data query platform based on blockchain
CN108632248A (en) Data ciphering method, data query method, apparatus, equipment and storage medium
Wang et al. Search in my way: Practical outsourced image retrieval framework supporting unshared key
CN108377189A (en) User&#39;s communication encrypting method, device, terminal device and storage medium on block chain
CN109361644B (en) Fuzzy attribute based encryption method supporting rapid search and decryption
US8995655B2 (en) Method for creating asymmetrical cryptographic key pairs
CN109117662B (en) Block chain-based electronic medical record security searching method
CN108171066A (en) The cross-domain searching method of keyword and system in a kind of medical treatment cloud under secret protection
CN110061840A (en) Data ciphering method, device, computer equipment and storage medium
CN109150903A (en) A kind of account management method, device, storage medium and terminal device
CN108462574A (en) A kind of lightweight cipher encrypting method and system
CN107196840B (en) Data processing method, device and equipment
CN114048448A (en) Block chain based dynamic searchable encryption method and device
CN112000632B (en) Ciphertext sharing method, medium, sharing client and system
Sun et al. Research on logistics information blockchain data query algorithm based on searchable encryption
CN109672521A (en) Safe storage system and method based on encription algorithms approved by the State Password Administration Committee Office engine implementation
Xu et al. DNA similarity search with access control over encrypted cloud data
CN104967693A (en) Document similarity calculation method facing cloud storage based on fully homomorphic password technology
KR102483369B1 (en) The user data storage and sharing system based on DID
CN109344637A (en) A kind of data sharing cloud auxiliary electron medical system can search for and protect privacy
CN108170753A (en) A kind of method of Key-Value data base encryptions and Safety query in shared cloud
CN111475690B (en) Character string matching method and device, data detection method and server
Li et al. Electronic certificate sharing scheme with searchable attribute-based encryption on blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant