CN108038128A - A kind of search method, system, terminal device and storage medium for encrypting file - Google Patents
A kind of search method, system, terminal device and storage medium for encrypting file Download PDFInfo
- Publication number
- CN108038128A CN108038128A CN201711089073.2A CN201711089073A CN108038128A CN 108038128 A CN108038128 A CN 108038128A CN 201711089073 A CN201711089073 A CN 201711089073A CN 108038128 A CN108038128 A CN 108038128A
- Authority
- CN
- China
- Prior art keywords
- key
- target
- file
- terminal
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/176—Support for shared access to files; File sharing support
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
The present invention is suitable for electronic technology field, there is provided a kind of search method, system, terminal device and storage medium for encrypting file, the described method includes:First terminal is encrypted shared file using the first user key, and encryption file and the corresponding index information of shared file are sent to server-side, server-side is encrypted using first service end key pair encryption file, target keywords information is sent to server-side by second terminal, server-side is according to target keywords information, the two re-encryption file of target for the target keywords information match for obtaining and retrieving, and two re-encryption file of target is decrypted using second service end key, target encryption file is sent to second terminal by server-side, second terminal is decrypted target encryption file using second user key.Technical scheme realizes multiple authorized users and shared file can be retrieved by each different keys, so as to improve the Information Security of shared file.
Description
Technical field
The present invention relates to electronic technology field, more particularly to a kind of search method for encrypting file, system, terminal device and
Storage medium.
Background technology
With the continuous development of cloud computing, file is stored in Cloud Server by more and more users, in order to ensure high in the clouds
The security of data on server, it will usually will be uploaded to again in Cloud Server after file encryption.Add when user needs to search for
During ciphertext part, the search voucher of search key can be sent to Cloud Server, Cloud Server is using search voucher to each
Encryption file is matched, and the encryption file of successful match returned to user, user the file of return is decrypted after i.e.
This document can be read.
But although traditional encryption method that can search for can realize the function of being retrieved to encryption file, its
Only support the mode of shared key, i.e. data set provider and user shares encryption and decryption and inspection of the same key realization to file
Rope operates, and the mode of this shared key easily causes Key Exposure, Information Security is impacted.
The content of the invention
The embodiment of the present invention provides a kind of search method for encrypting file, existing real by shared key mode to solve
The problem of now causing Information Security relatively low the retrieval for encrypting file.
In a first aspect, the embodiment of the present invention provides a kind of search method for encrypting file, including:
First terminal is encrypted shared file using the first user key, obtains encryption file, and by the encryption
File and the corresponding index information of the shared file are sent to server-side, wherein, first user key is by key management
Center is generated according to default root key;
The server-side is encrypted the encryption file using first service end key, obtains two re-encryption files,
Wherein, first service end key is generated by the Key Management Center according to default root key, and is used with described first
Family key uniquely corresponds to;
Second terminal obtains target keywords information, and the target keywords information is sent to the server-side, its
In, the second terminal is the authorized user end of the first terminal;
The server-side is retrieved in the index information according to the target keywords information, obtains and retrieve
The two re-encryption file of target of the target keywords information match arrived, and using second service end key to the target
Two re-encryption files are decrypted, and obtain target encryption file, wherein, second service end key is by the key management
The heart is generated according to the root key;
Target encryption file is sent to the second terminal by the server-side;
The second terminal is decrypted target encryption file using second user key, obtains mesh and shares mark text
Part, wherein, the second user key is generated by the Key Management Center according to the root key, and with the second service
End key uniquely corresponds to.
Second aspect, the embodiment of the present invention provides a kind of searching system for encrypting file, including first terminal, second are eventually
End, server-side and Key Management Center;Between the first terminal and the server, the second terminal and the server
Between, and the Key Management Center passes through between the first terminal, the second terminal, the server-side respectively
Network is attached;
The first terminal includes:
Encrypting module, for shared file to be encrypted using the first user key, obtains encryption file, and by described in
Encryption file and the corresponding index information of the shared file are sent to server-side, wherein, first user key is by key
Administrative center generates according to default root key;
The second terminal includes:
Target critical word modules, institute is sent to for obtaining target keywords information, and by the target keywords information
Server-side is stated, wherein, the second terminal is the authorized user end of the first terminal;
The server-side includes:
Double encrypting module, for the encryption file to be encrypted using first service end key, obtains double add
Ciphertext part, wherein, first service end key is generated by the Key Management Center according to default root key, and with it is described
First user key uniquely corresponds to;
Module is retrieved, for according to the target keywords information, being retrieved in the index information, obtaining and examine
The two re-encryption file of target for the target keywords information match that rope arrives, and using second service end key to the mesh
Mark two re-encryption files to be decrypted, obtain target encryption file, wherein, second service end key is by the key management
Center is generated according to the root key;
Sending module, for target encryption file to be sent to the second terminal;
The second terminal further includes:
Deciphering module, for target encryption file to be decrypted using second user key, is obtained target and shared
File, wherein, the second user key is generated by the Key Management Center according to the root key, and is taken with described second
Business end key uniquely corresponds to;
The Key Management Center, for generating first user key, described the according to the default root key
One server-side key, the second user key and second service end key.
The third aspect, the embodiment of the present invention provide a kind of terminal device, including memory, processor and are stored in described
In memory and the computer program that can run on the processor, the processor are realized when performing the computer program
The step of search method of the encryption file.
Fourth aspect, the embodiment of the present invention provide a kind of computer-readable recording medium, the computer-readable storage medium
Matter is stored with computer program, and the computer program realizes the search method of the invoice encryption file when being executed by processor
The step of.
The embodiment of the present invention has the following advantages that compared with prior art:First terminal as data set provider uses
One user key uploads to server-side after shared file is encrypted, server-side is carried out using first service end key pair encryption file
Encryption, authorized user end of the second terminal as first terminal, it will be sent to service for the target keywords information of retrieval
End, after server-side retrieves corresponding two re-encryptions file according to the target keywords information, uses second service end key pair
The two re-encryptions file is decrypted, and obtained target encryption file is sent to second terminal, second terminal is used using second
Target encryption file is decrypted in family key, target shared file is obtained, due to the first user key and first service end
Key uniquely corresponds to, and second user key and second service end key uniquely correspond to, also, the first user key and first service
End key and second user key and second service end key are generated by Key Management Center according to root key, so that
First terminal and second terminal can use different keys to carry out encryption and decryption to shared file, and different second terminals it
Between key can also be different, it is achieved thereby that multiple authorized users can be by each different key to shared file
Retrieved, improve the Information Security of shared file, simultaneously as server-side carries out secondary encryption to encryption file, into one
Step improves the Information Security of shared file.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below by institute in the description to the embodiment of the present invention
Attached drawing to be used is needed to be briefly described, it should be apparent that, drawings in the following description are only some implementations of the present invention
Example, for those of ordinary skill in the art, without having to pay creative labor, can also be according to these attached drawings
Obtain other attached drawings.
Fig. 1 is the application scenarios schematic diagram of the search method of encryption file provided in an embodiment of the present invention;
Fig. 2 is that the search method of encryption file provided in an embodiment of the present invention realizes flow chart;
Fig. 3 be encryption file provided in an embodiment of the present invention search method in step S1 realize flow chart;
Fig. 4 be encryption file provided in an embodiment of the present invention search method in step S2 realize flow chart;
Fig. 5 be encryption file provided in an embodiment of the present invention search method in step S4 realize flow chart;
Fig. 6 is the schematic diagram of the searching system of encryption file provided in an embodiment of the present invention;
Fig. 7 is the schematic diagram of terminal device provided in an embodiment of the present invention.
Embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is part of the embodiment of the present invention, instead of all the embodiments.Based on this hair
Embodiment in bright, the every other implementation that those of ordinary skill in the art are obtained without creative efforts
Example, belongs to the scope of protection of the invention.
Referring to Fig. 1, Fig. 1 shows the application scenarios of the search method of encryption file provided in an embodiment of the present invention, should
First terminal, second terminal, server-side and Key Management Center are arrived involved in the application scenarios for encrypting the search method of file, its
In, first terminal is data set provider, and second terminal is the authorized user end of first terminal, and first terminal can authorize more at the same time
A second terminal is unified by Key Management Center as authorized user end, either first terminal or each second terminal
Key is distributed, Key Management Center completes the pipes such as generation and the distribution to whole keys used in encryption file retrieval process
Reason operation, and the key between first terminal and each second terminal differs, and each terminal is complete using the key of oneself
The encryption and decryption of paired shared file.
Referring to Fig. 2, Fig. 2 shows that the search method of encryption file provided in an embodiment of the present invention realizes flow.In detail
State as follows:
S1:First terminal is encrypted shared file using the first user key, obtains encryption file, and this is encrypted
File and the corresponding index information of shared file are sent to server-side, wherein, the first user key by Key Management Center according to
Default root key generation.
In embodiments of the present invention, Key Management Center generates the first user key and the previously according to default root key
One server-side key, and the first user key and first service end key uniquely correspond to, Key Management Center is by the first user
Key is sent to first terminal, and corresponding first service end key is sent to server-side.
It should be noted that second terminal is when successfully applying to become the authorized user end of first terminal, in key management
The heart can be used based on the root key identical with the first user key of generation and first service end key, the second of generation authorized user end
Family key and second service end key, second terminal is sent to by second user key, while corresponding second service end is close
Key is sent to server-side.
The each server-side key received is associated and preserved by server-side with the user identity information of corresponding user terminal.
Specifically, key generates and that distributes realizes that process includes (a1) to (a5), describes in detail as follows:
(a1) Key Management Center randomly chooses a number x as root key from foundation key set;
(a2) for user k, including the user of the first user terminal or second user terminal, Key Management Center is from base
A number x is randomly choosed in plinth cipher key setsk1, and calculate xk2=x-xk1;Wherein, k is the user identity information of user terminal;
(a3) Key Management Center is by Kuk=(xk1) key as user k, by Ksk=(xk2) corresponding as user k
Server-side key;
(a4) Key Management Center is by KukIt is sent to user k, and by KskIt is sent to server-side;
(a5) server-side receives KskAfterwards, by user identity information k and KskAssociation saves as (k, Ksk)。
When the first terminal as data set provider needs shared data, to be uploaded is total to using the first user key
Enjoy file to be encrypted, obtain encryption file.
Specifically, first terminal is encrypted shared file using the proxy-encrypted algorithms of ElGamal, obtained encryption text
Part is C (file)=(gx,grxi1File), wherein, file is shared file, and x is root key, and i is the user identifier of first terminal
Information, xi1 are the first user key, and g is a life of the cyclic group that Key Management Center is generated according to default security parameter
Cheng Yuan, r are the randomly selected random number in basic cipher key sets, and Key Management Center is sending first to first terminal
During user key, g and r are synchronously sent to first terminal.
The corresponding index information of shared file is used to search for the shared file, and first terminal can be by shared file
Content recognition determines corresponding index information, can also directly acquire index key input by user and establish index information, this
Place is not limited.
While first terminal will encrypt file and index information and be sent to server-side, by the user identity information of itself
It is sent to server-side.
S2:Server-side is encrypted using first service end key pair encryption file, obtains two re-encryption files, wherein,
First service end key is generated by Key Management Center according to default root key, and uniquely corresponding with the first user key.
In embodiments of the present invention, server-side is after the encryption file of first terminal transmission is received, according to first terminal
User identity information, obtain the corresponding first service end of user identity information of the first terminal in the record preserved from association
Key, and secondary encryption is carried out using the first service end key pair encryption file, obtain two re-encryption file C*(file)=
(gx,(gr)xi2*grxi1File), wherein, xi2 is first service end key, and xi1+xi2=x, due to (gr)xi2*grxi1file
=grxi2+rxi1File=gr(xi2+xi1)File=grxFile, therefore the two re-encryption files finally obtained are C*(file)=(gx,
grxFile), although it follows that first terminal is encrypted shared file using the first user key, then server-side is again
Secondary encryption is carried out using first service end key, the two re-encryption files finally obtained are directly related with root key x.
Server-side preserves index information and two re-encryption file associations, can be searched pair with will pass through the index information
The two re-encryption files answered.
S3:Second terminal obtains target keywords information, and the target keywords information is sent to server-side, wherein,
Second terminal is the authorized user end of first terminal.
In embodiments of the present invention, when the second terminal as authorized user end needs to retrieve the shared file, obtain
The target keywords information retrieved, the target keywords information are given birth to by the search key input by user of second terminal
Into.
While target keywords information is sent to server-side by second terminal, the identification information of itself is also sent to clothes
Business end.
S4:Server-side is retrieved, the target for obtaining and retrieving is closed according to target keywords information in index information
The two re-encryption file of target of key word information match, and the two re-encryption file of target is carried out using second service end key
Decryption, obtains target encryption file, wherein, second service end key is generated by Key Management Center according to default root key.
In embodiments of the present invention, server-side receives the target keywords information of second terminal transmission, in the rope to prestore
Retrieved in fuse breath, if retrieving the target keywords information, obtain the corresponding target two of the target keywords information
Re-encryption file.
Server-side obtains the mark letter of the second terminal according to the identification information of second terminal in the record preserved from association
Corresponding second service end key is ceased, two re-encryption file of target is decrypted using the second service end key, obtains mesh
Mark encryption file.
Specifically, two re-encryption file of target is C*(file)=(gx,grxFile), it is assumed that the identification information of second terminal
For j, second service end key is xj2, and second user key is xj1, xj1+xj2=x, then using second service end key to mesh
Mark two re-encryption files to be decrypted, obtain target encryption file C'(file)=(gx,(gr)-xj2*grxFile), due to (gr
)-xj2*grxFile=gr(x-xj2)File=grxj1File, therefore the target encryption file C'(file finally obtained)=(gx,
grxj1file).It follows that target encryption file at this time has changed into and encrypts to obtain by second user key xj1, i.e. the mesh
Mark encryption file is different from the encryption file encrypted by the first user key xi1.
S5:Target encryption file is sent to second terminal by server-side.
In embodiments of the present invention, the target that server-side obtains step S4 encrypts file C'(file)=(gx,
grxj1File) it is sent to second terminal.
S6:Second terminal is decrypted target encryption file using second user key, obtains target shared file, its
In, second user key is generated by Key Management Center according to default root key, and uniquely corresponding with second service end key.
In embodiments of the present invention, the target encryption file that second terminal receives is had been changed to according to the second second user
Key xj1 encrypts to obtain, and therefore, second terminal completes the solution to target encryption file using the second user key xj1 of oneself
It is close, i.e. grxj1file*(gr)-xj1=grxj1-rxj1File=file, so as to obtain target shared file file, which shares text
Part is the shared file shared in step S1 as the first terminal of data set provider.
It should be noted that the first user key xi1 and first service end key xi2 that are used in ciphering process, and
The second user key xj1 and second service end key xi2 used in decrypting process, can be different, but due to xi1+xi2
=xj1+xj2=x, it is ensured that two final re-encryption files are only directly related with root key x, therefore enable to first terminal
Encryption and decryption is carried out to shared file using different keys respectively with second terminal, so as to improve the data safety of shared file
Property.
In the corresponding embodiments of Fig. 2, the first terminal as data set provider uses the first user key by shared text
Server-side is uploaded to after part encryption, server-side is encrypted using first service end key pair encryption file, second terminal conduct
The authorized user end of first terminal, it will be sent to server-side for the target keywords information of retrieval, and server-side is according to the mesh
After mark keyword message retrieves corresponding two re-encryptions file, the two re-encryptions file is carried out using second service end key
Decryption, is sent to second terminal, second terminal encrypts the target using second user key by obtained target encryption file
File is decrypted, and obtains target shared file, and since the first user key and first service end key uniquely correspond to, second uses
Family key and second service end key uniquely correspond to, also, the first user key and first service end key and second user
Key and second service end key are generated by Key Management Center according to root key, so that first terminal and second terminal
Different keys can be used to carry out encryption and decryption to shared file, and the key between different second terminals can also mutually not
It is identical, it is achieved thereby that multiple authorized users can retrieve shared file by each different keys, improve shared
The Information Security of file, simultaneously as server-side carries out secondary encryption to encryption file, further increases shared file
Information Security.
Next, on the basis of the corresponding embodiments of Fig. 2, below by a specific embodiment in step S1
Mentioned first terminal is encrypted shared file using the first user key, obtains encryption file, and the encryption is literary
The concrete methods of realizing that part and the corresponding index information of shared file are sent to server-side is described in detail.
Referring to Fig. 3, Fig. 3 shows the specific implementation flow of step S1 provided in an embodiment of the present invention, details are as follows:
S11:First terminal obtains shared file search key corresponding with the shared file.
In embodiments of the present invention, the shared file that first terminal acquisition user provides, and the shared file are corresponding
Search key.
First terminal can also be obtained directly by determining corresponding search key to the content recognition of shared file
Search key input by user is taken, is not limited herein.
S12:First terminal is encrypted shared file using the first user key, obtains encryption file.
In embodiments of the present invention, first terminal is encrypted shared file using the first user key, is encrypted
The process of file is identical with the implementation method for obtaining encryption file described in above-mentioned steps S1, and details are not described herein again.
S13:First terminal generates fuzzy keyword set according to search key.
In embodiments of the present invention, first terminal generates fuzzy keyword set, obscures and close according to definite search key
Keyword collection is used to carry out fuzzy search to shared file, obscures and is included in keyword set based on a series of of search key generation
Fuzzy keyword, is retrieved using the fuzzy keyword in fuzzy keyword set, disclosure satisfy that retrieval in larger scope needs
Ask.
Further, for first terminal according to the search key, the specific implementation for generating fuzzy keyword set is detailed
State as follows:
First terminal constructs fuzzy keyword set according to search key by the way of asterisk wildcard.
Specifically, the mode of asterisk wildcard is used to establish a fuzzy keyword set to editing distance for the search key w of d
Sw,d, the edit operation in search key on some position is represented using asterisk wildcard.Wherein, edit operation includes three kinds of behaviour
Make mode:
(1) insertion operation:Character is inserted into the word of search key;
(2) delete operation:Character is deleted from the word of search key;
(3) modification operation:It is other characters by the character change in the word of search key.
Editing distance is expressed as S by the search key w of the d fuzzy keyword sets constructedw,d={ S'w,0,S
'w,1,...,S'w,d, wherein S'w,nRepresent one group of word that n asterisk wildcard is had based on w, each asterisk wildcard represents to close in retrieval
Edit operation on key word w.
For example, it is 1 for editing distance d, search key w is student, the fuzzy keyword set S of foundationstudent,1
={ student, * student, s*tudent, * tudent, s*udent ..., studen*, student* }, the fuzzy key
Word quantity in word set is 16.Under normal conditions, for the search key w that search key length is l, if it is edited
Distance d is 1, then the fuzzy keyword set S constructedw,1Size be (2l+1)+1.With the increase of editing distance d, what it was constructed
Fuzzy keyword set Sw,dSize be consequently increased.When editing distance d is respectively 2 and 3, its fuzzy keyword set constructed For l and compiled for search key length
The pass search key that distance is d is collected, the size of the fuzzy keyword word set constructed by the way of asterisk wildcard is answered by data
Miscellaneous degree is expressed as O (ld)。
S14:First terminal is encrypted using the first index key to obscuring each keyword in keyword set, is obtained
First trapdoor set, wherein, the first index key is produced by the first user key.
In embodiments of the present invention, first terminal uses the first index key of the first user key xi1 generations KI, KI=f
(xi1), wherein, f is hash function.
First index key is used for being encrypted to obscuring each keyword in keyword set, obtains the first trapdoor set
FuzzyEnc1,Wherein, Sw1,d1It is d1 for editing distance, search key is the fuzzy pass of w1
Keyword collection, and T can be realized by public key encryption algorithm RSA.
S15:First terminal is encrypted the identification information of shared file using the first index key, and will be encrypted
Identification information, the first trapdoor set and the first index key composition index information.
In embodiments of the present invention, first terminal uses the first index key K generated in step S14I, to shared file
Identification information be encrypted, obtain encrypted identification information F, F=Enc (KI,fidw), wherein, fidwTo include fuzzy pass
The identification information of the shared file of keyword w, Enc by Advanced Encryption Standard (Advanced Encryption Standard,
AES) or data encryption standards (Data Encryption Standard, DES) is realized.
For the identification information of shared file for the unique mark shared file, which can be that file is uniquely compiled
Number, but be not limited to this, it can be specifically configured according to the needs of application, be not limited herein.
First terminal is by encrypted identification information F, the first trapdoor set FuzzyEnc1With the first index key KIForm rope
Fuse ceases Index, Index={ KI,<FuzzyEnc1,F>, i.e.,
S16:First terminal will encrypt file and index information is sent to server-side.
In embodiments of the present invention, first terminal will encrypt file C (file) and index information Index is sent to service
End.
In the corresponding embodiments of Fig. 3, first terminal is encrypted shared file using the first user key, is added
Ciphertext part, and according to search key, fuzzy keyword set is constructed by the way of asterisk wildcard, then using the first index key
It is encrypted to obscuring each keyword in keyword set, obtains the first trapdoor set, and using the first index key to altogether
The identification information for enjoying file is encrypted, and encrypted identification information, the first trapdoor set and the first index key are formed
Index information, server-side is jointly sent to by encryption file and index information, fuzzy by constructing so that server-side is retrieved
The mode of keyword set realizes the fuzzy search to search key, can effectively improve retrieval success rate and accuracy rate, and
The fuzzy keyword set constructed by the way of asterisk wildcard is more complete, disclosure satisfy that fuzzy search demand in larger scope.
On the basis of the corresponding embodiments of Fig. 3, below by a specific embodiment to mentioned in step S2
Second terminal obtain target keywords information, and by the target keywords information be sent to the concrete methods of realizing of server-side into
Row describes in detail.
In embodiments of the present invention, the target keywords information that second terminal obtains includes target trapdoor set.
Referring to Fig. 4, Fig. 4 shows the specific implementation flow of step S2 provided in an embodiment of the present invention, details are as follows:
S21:Second terminal obtains keyword to be retrieved.
In embodiments of the present invention, second terminal obtains keyword to be retrieved input by user.
S22:Second terminal generates objective fuzzy keyword set according to keyword to be retrieved.
In embodiments of the present invention, second terminal is according to keyword to be retrieved, the process of generation objective fuzzy keyword set
With first terminal in step S13 according to search key, identical method can be used by generating fuzzy keyword set, herein no longer
Repeat.
Specifically, keyword to be retrieved is w2, and editing distance d2, the objective fuzzy keyword set of generation is Sw2,d2。
S23:Second terminal is encrypted each keyword in objective fuzzy keyword set using the second index key,
Target trapdoor set is obtained, wherein, which is produced by second user key, and the second user key is by key pipe
Reason center is generated according to root key.
In embodiments of the present invention, second terminal uses the second index key of second user key xi2 generations KJ, KJ=f
(xi2), wherein, f is hash function.
Second index key is used for objective fuzzy keyword set Sw2,d2In each keyword be encrypted, obtain target
Trapdoor set FuzzyEnc2,
S24:Target trapdoor set is sent to server-side by second terminal.
In embodiments of the present invention, second terminal is by target trapdoor set FuzzyEnc2Sent as target keywords information
To server-side.
In the corresponding embodiments of Fig. 4, when the authorized user of second terminal is needed using key search to be retrieved correlation
Encryption file when, second terminal generates objective fuzzy keyword set, the objective fuzzy keyword set according to keyword to be retrieved
The generating process method and the first terminal that use obscured according to search key generation keyword set generation method it is identical, so
Each keyword in objective fuzzy keyword set is encrypted using the second index key afterwards, obtains target trapdoor set,
Server-side is sent to using the target trapdoor set as target keywords information, so that server-side is retrieved, realizes and passes through
The mode of the fuzzy keyword set of construction carries out fuzzy search, can effectively improve retrieval success rate and accuracy rate, and using logical
The fuzzy keyword set that mode with symbol constructs is more complete, disclosure satisfy that fuzzy search demand in larger scope.
On the basis of the corresponding embodiments of Fig. 4, below by a specific embodiment to mentioned in step S4
Server-side according to target keywords information, retrieved in index information, the target keywords information for obtaining and retrieving
The two re-encryption file of target to match, and the two re-encryption file of target is decrypted using second service end key, obtain
Concrete methods of realizing to target encryption file is described in detail.
Referring to Fig. 5, Fig. 5 shows the specific implementation flow of step S4 provided in an embodiment of the present invention, details are as follows:
S41:If server-side retrieves the target encrypted indexes to match with target trapdoor set, root in index information
Corresponding target index key and the identification information of encrypted target shared file are obtained according to the target encrypted indexes.
In embodiments of the present invention, after server-side receives the target trapdoor set of second terminal transmission, according to the target
Trapdoor set, carries out fuzzy search in index information, and index information is sent to server-side by first terminal, after containing encryption
The identification information of shared file, the first trapdoor set and the first index key.If server-side retrieves and the target trapdoor collection
The the first trapdoor set to match is closed, then encrypts rope using the index information where the first trapdoor set retrieved as target
Draw.
Assuming that the target encrypted indexes retrieved areThen
According to target encrypted indexes Index', the first index key K included in the index information is obtainedIIndexed as target close
Identification information Enc (the K of the encrypted shared file included in key, and the index informationI,fidw1) it is used as encrypted mesh
Mark the identification information of shared file.
It should be noted that, although the target trapdoor set that second terminal is sent is encrypted using the second index key
Arrive, and the first trapdoor set in the index information that the first terminal preserved in server-side is sent is encrypted by the first index key
Arriving, i.e. the first trapdoor set is different with the encryption key of target trapdoor set, but since the first index key is close by the first user
Key produces, and the second index key is produced by second user key, and the first user key and second user key are by key pipe
Reason center is generated according to identical root key, and therefore, the fuzzy search process that server-side carries out can be realized in index information
Retrieve the first trapdoor set to match with target trapdoor set.
S42:Server-side is decrypted the identification information of target shared file using target index key, and according to decryption
Identification information afterwards obtains two re-encryption file of target.
In embodiments of the present invention, the target that server-side is obtained using step S41 indexes key, i.e., the first index key
KI, to the identification information Enc (K of target shared fileI,fidw1) be decrypted, the identification information fid after being decryptedw。
Since server-side has preserved index information and two re-encryption file associations in step s 2, server-side
According to the identification information fid after decryptionw, two re-encryption file C of target corresponding to the identification information can be got*(file)。
S43:Server-side is decrypted two re-encryption file of target using second service end key, obtains target encryption text
Part.
In embodiments of the present invention, server-side is decrypted two re-encryption file of target using second service end key,
It is identical with the implementation method for obtaining target encryption file described in above-mentioned steps S4 to obtain the process of target encryption file, herein
Repeat no more.
In the corresponding embodiments of Fig. 5, target trapdoor set that server-side is sent according to second terminal, in index information
The target encrypted indexes to match with the target trapdoor set are retrieved, and corresponding target is obtained according to the target encrypted indexes
Key and the identification information of encrypted target shared file are indexed, and then key is indexed to target shared file using the target
Identification information be decrypted, and according to after decryption identification information obtain two re-encryption file of target, use second service end
Key obtains target encryption file so that second terminal can use oneself to the two re-encryption file of target is decrypted
Second user key to the target encryption file be decrypted, the target shared file finally retrieved, so as to fulfill
Multiple authorized users can retrieve shared file by each different keys, improve the data safety of shared file
Property.
It is to be understood that the size of the sequence number of each step is not meant to the priority of execution sequence, each process in above-described embodiment
Execution sequence should determine that the implementation process without tackling the embodiment of the present invention forms any limit with its function and internal logic
It is fixed.
Corresponding to the search method of the encryption file described in foregoing embodiments, Fig. 6 shows provided in an embodiment of the present invention
The structure diagram of the searching system of file is encrypted, for convenience of description, illustrate only and the relevant part of the embodiment of the present invention.
Referring to Fig. 6, the searching system of the encryption file includes first terminal 61, second terminal 62, server-side 63 and close
Key administrative center 64, wherein, between first terminal and server, between second terminal and server, and Key Management Center
It is attached respectively between first terminal, second terminal, server-side by network.
Key Management Center 64, for generating the first user key, first service end key, the according to default root key
Two user keys and second service end key.
First terminal 61 includes encrypting module 611, and second terminal 62 includes target critical word modules 621 and deciphering module
622, server-side 63 includes double encrypting module 631, retrieval module 632 and sending module 633, and each function module describes in detail such as
Under:
Encrypting module 611, for shared file to be encrypted using the first user key, obtains encryption file, and will
Encryption file index information corresponding with the shared file is sent to server-side, wherein, the first user key is by key management
Center is generated according to default root key;
Target critical word modules 621, service is sent to for obtaining target keywords information, and by target keywords information
End, wherein, the second terminal 62 is the authorized user end of first terminal 61;
Deciphering module 622, for target encryption file to be decrypted using second user key, is obtained target and shares text
Part, wherein, second user key is generated by Key Management Center according to root key, and uniquely corresponding with second service end key;
Double encrypting module 631, for being encrypted using first service end key pair encryption file, obtains two re-encryptions
File, wherein, first service end key is generated by Key Management Center according to default root key, and with the first user key only
One corresponds to;
Module 632 is retrieved, for according to target keywords information, being retrieved in index information, obtaining and retrieve
Target keywords information match two re-encryption file of target, and using second service end key to two re-encryption of target
File is decrypted, and obtains target encryption file, wherein, second service end key is given birth to by Key Management Center according to root key
Into;
Sending module 633, for target encryption file to be sent to second terminal 62.
Further, encrypting module 611 includes:
First acquisition submodule 6111, for obtaining shared file search key corresponding with the shared file;
File encryption submodule 6112, for shared file to be encrypted using the first user key, obtains encryption text
Part;
First word set generates submodule 6113, for according to search key, generating fuzzy keyword set;
Keyword encrypts submodule 6114, for indexing key to obscuring each keyword in keyword set using first
It is encrypted, obtains the first trapdoor set, wherein, the first index key is produced by the first user key;
Mark encryption submodule 6115, for the identification information of shared file to be encrypted using the first index key,
And encrypted identification information, the first trapdoor set and the first index key are formed into index information;
First sending submodule 6116, for encryption file and index information to be sent to server-side 63.
Further, the first word set generation submodule 6113, is additionally operable to according to search key, by the way of asterisk wildcard
The fuzzy keyword set of construction.
Further, target keywords information includes target trapdoor set, and target critical word modules 621 include:
Second acquisition submodule 6211, for obtaining keyword to be retrieved;
Second word set generates submodule 6212, for according to keyword to be retrieved, generating objective fuzzy keyword set;
Second encryption submodule 6213, for indexing key to each key in objective fuzzy keyword set using second
Word is encrypted, and obtains target trapdoor set, wherein, the second index key is produced by second user key, second user key
Generated by Key Management Center according to root key;
Second sending submodule 6214, for target trapdoor set to be sent to server-side 63.
Further, retrieval module 632 includes:
Matched sub-block 6321, if being encrypted for retrieving the target to match with target trapdoor set in index information
Index, the then mark that corresponding target index key and encrypted target shared file are obtained according to the target encrypted indexes are believed
Breath;
First decryption submodule 6322, for being solved using target index key to the identification information of target shared file
It is close, and two re-encryption file of target is obtained according to the identification information after decryption;.
Second decryption submodule 6323, for two re-encryption file of target to be decrypted using second service end key,
Obtain target encryption file.
Each module realizes the process of respective function, tool in a kind of searching system for encrypting file provided in an embodiment of the present invention
Body refers to the description of preceding method embodiment, and details are not described herein again.
The embodiment of the present invention provides a computer-readable recording medium, and calculating is stored with the computer-readable recording medium
Machine program, the computer program realize the search method of the encryption file in preceding method embodiment when being executed by processor, or
Person, encrypts each module/unit in the searching system of file in aforementioned means embodiment when which is executed by processor
Function, to avoid repeating, which is not described herein again.
Referring to Fig. 7, Fig. 7 is the schematic diagram of terminal device provided in an embodiment of the present invention.As shown in fig. 7, the embodiment
Terminal device 70 include:Processor 71, memory 72 and it is stored in memory 72 and can be run on processor 71
Computer program 73, such as the search program of encryption file.Processor 71 perform computer program 73 when realize it is above-mentioned it is each plus
Step in the search method embodiment of ciphertext part, such as the step S1 to step S6 shown in Fig. 1.Alternatively, processor 71 performs
Realize the function of each module/unit in above-mentioned each device embodiment during computer program 73, such as first terminal 61 shown in Fig. 6,
The function of each module/unit in second terminal 62, server-side 63 and Key Management Center 64.
Exemplary, computer program 73 can be divided into one or more module/units, one or more mould
Block/unit is stored in memory 72, and is performed by processor 71, to complete the present invention.One or more module/units can
To be the series of computation machine programmed instruction section that can complete specific function, the instruction segment is for describing computer program 73 at end
Implementation procedure in end equipment 70.For example, computer program 73 can be divided into the encrypting module on first terminal, second eventually
Target critical word modules on end and decryption module, double encrypting module, retrieval module and sending module in server-side, key
Program in administrative center.Each function module concrete function is as follows:
Key Management Center, for generating the first user key, first service end key, second according to default root key
User key and second service end key.
Encrypting module, for shared file to be encrypted using the first user key, obtains encryption file, and this is added
Ciphertext part index information corresponding with the shared file is sent to server-side, wherein, the first user key is by Key Management Center
Generated according to default root key;
Target critical word modules, server-side is sent to for obtaining target keywords information, and by target keywords information,
Wherein, the second terminal is the authorized user end of first terminal;
Deciphering module, for target encryption file to be decrypted using second user key, obtains target shared file,
Wherein, second user key is generated by Key Management Center according to root key, and uniquely corresponding with second service end key;
Double encrypting module, for being encrypted using first service end key pair encryption file, obtains two re-encryptions text
Part, wherein, first service end key is generated by Key Management Center according to default root key, and unique with the first user key
It is corresponding;
Module is retrieved, for according to target keywords information, being retrieved in index information, the mesh for obtaining and retrieving
The two re-encryption file of target that mark keyword message matches, and using second service end key to the two re-encryption file of target
It is decrypted, obtains target encryption file, wherein, second service end key is generated by Key Management Center according to root key;
Sending module, for target encryption file to be sent to second terminal.
Further, encrypting module includes:
First acquisition submodule, for obtaining shared file search key corresponding with the shared file;
File encryption submodule, for shared file to be encrypted using the first user key, obtains encryption file;
First word set generates submodule, for according to search key, generating fuzzy keyword set;
Keyword encrypts submodule, for being carried out using the first index key to each keyword obscured in keyword set
Encryption, obtains the first trapdoor set, wherein, the first index key is produced by the first user key;
Mark encryption submodule, for the identification information of shared file to be encrypted using the first index key, and will
Encrypted identification information, the first trapdoor set and the first index key composition index information;
First sending submodule, for encryption file and index information to be sent to server-side.
Further, the first word set generation submodule, is additionally operable to, according to search key, construct by the way of asterisk wildcard
Fuzzy keyword set.
Further, target keywords information includes target trapdoor set, and target critical word modules include:
Second acquisition submodule, for obtaining keyword to be retrieved;
Second word set generates submodule, for according to keyword to be retrieved, generating objective fuzzy keyword set;
Second encryption submodule, for using second index key to each keyword in objective fuzzy keyword set into
Row encryption, obtains target trapdoor set, wherein, the second index key is produced by second user key, and second user key is by close
Key administrative center generates according to root key;
Second sending submodule, for target trapdoor set to be sent to server-side.
Further, retrieval module includes:
Matched sub-block, if encrypting rope for retrieving the target to match with target trapdoor set in index information
Draw, then the mark that corresponding target index key and encrypted target shared file are obtained according to the target encrypted indexes is believed
Breath;
First decryption submodule, for the identification information of target shared file to be decrypted using target index key,
And two re-encryption file of target is obtained according to the identification information after decryption;.
Second decryption submodule, for two re-encryption file of target to be decrypted using second service end key, is obtained
Target encrypts file.
Terminal device 70 can be the computing devices such as desktop PC, notebook, palm PC and cloud server.Eventually
End equipment 70 may include, but be not limited only to, processor 71, memory 72.It will be understood by those skilled in the art that Fig. 7 is only
The example of terminal device 70, does not form the restriction to terminal device 70, can include components more more or fewer than diagram, or
Person combines some components, or different components, such as terminal device 70 can also include input-output equipment, network insertion is set
Standby, bus etc..
Alleged processor 71 can be central processing unit (Central Processing Unit, CPU), can also be
Other general processors, digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit
(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor
Deng.
Memory 72 can be the internal storage unit of terminal device 70, such as the hard disk or memory of terminal device 60.Deposit
Reservoir 72 can also be the plug-in type hard disk being equipped with the External memory equipment of terminal device 70, such as terminal device 70, intelligence
Storage card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card)
Deng.Further, memory 72 can also both include the internal storage unit of terminal device 70 or including External memory equipment.Deposit
Reservoir 72 is used to store computer program and other programs and data needed for terminal device 70.Memory 72 can be also used for
Temporarily store the data that has exported or will export.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each work(
Can unit, module division progress for example, in practical application, can be as needed and by above-mentioned function distribution by different
Functional unit, module are completed, i.e., the internal structure of described device are divided into different functional units or module, more than completion
The all or part of function of description.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units integrate in a unit.Above-mentioned integrated list
Member can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If the integrated module/unit realized in the form of SFU software functional unit and as independent production marketing or
In use, it can be stored in a computer read/write memory medium.Based on such understanding, the present invention realizes above-mentioned implementation
All or part of flow in example method, can also instruct relevant hardware to complete, the meter by computer program
Calculation machine program can be stored in a computer-readable recording medium, the computer program when being executed by processor, it can be achieved that on
The step of stating each embodiment of the method.Wherein, the computer program includes computer program code, the computer program generation
Code can be source code form, object identification code form, executable file or some intermediate forms etc..The computer-readable medium
It can include:Any entity or device, recording medium, USB flash disk, mobile hard disk, the magnetic of the computer program code can be carried
Dish, CD, computer storage, read-only storage (ROM, Read-Only Memory), random access memory (RAM,
Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It is it should be noted that described
The content that computer-readable medium includes can carry out appropriate increasing according to legislation in jurisdiction and the requirement of patent practice
Subtract, such as in some jurisdictions, according to legislation and patent practice, computer-readable medium do not include be electric carrier signal and
Telecommunication signal.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although with reference to foregoing reality
Example is applied the present invention is described in detail, it will be understood by those of ordinary skill in the art that:It still can be to foregoing each
Technical solution described in embodiment is modified, or carries out equivalent substitution to which part technical characteristic;And these are changed
Or replace, the essence of appropriate technical solution is departed from the spirit and scope of various embodiments of the present invention technical solution, should all
Within protection scope of the present invention.
Claims (10)
1. a kind of search method for encrypting file, it is characterised in that the search method includes:
First terminal is encrypted shared file using the first user key, obtains encryption file, and by the encryption file
Index information corresponding with the shared file is sent to server-side, wherein, first user key is by Key Management Center
Generated according to default root key;
The server-side is encrypted the encryption file using first service end key, obtains two re-encryption files, wherein,
First service end key is generated by the Key Management Center according to default root key, and with first user key
It is unique corresponding;
Second terminal obtains target keywords information, and the target keywords information is sent to the server-side, wherein, institute
State the authorized user end that second terminal is the first terminal;
The server-side is retrieved in the index information according to the target keywords information, obtains and retrieve
The two re-encryption file of target of the target keywords information match, and it is double to the target using second service end key
Encryption file is decrypted, and obtains target encryption file, wherein, second service end key is by the Key Management Center root
Generated according to the root key;
Target encryption file is sent to the second terminal by the server-side;
The second terminal is decrypted target encryption file using second user key, obtains target shared file,
Wherein, the second user key is generated by the Key Management Center according to the root key, and with the second service end
Key uniquely corresponds to.
2. search method as claimed in claim 1, it is characterised in that the first terminal is using the first user key to shared
File is encrypted, and obtains encryption file, and the encryption file and the corresponding index information of the shared file are sent to
Server-side includes:
The first terminal obtains the shared file and the corresponding search key of the shared file;
The first terminal is encrypted the shared file using first user key, obtains the encryption file;
The first terminal generates fuzzy keyword set according to the search key;
The first terminal is encrypted each keyword in the fuzzy keyword set using the first index key, obtains
First trapdoor set, wherein, the first index key is produced by first user key;
The first terminal is encrypted the identification information of the shared file using the described first index key, and will encryption
Identification information, the first trapdoor set and the first index key afterwards forms the index information;
The encryption file and the index information are sent to the server-side by the first terminal.
3. search method as claimed in claim 2, it is characterised in that the first terminal is raw according to the search key
Include into fuzzy keyword set:
The first terminal constructs the fuzzy keyword set according to the search key by the way of asterisk wildcard.
4. search method as claimed in claim 2 or claim 3, it is characterised in that the target keywords information includes target trapdoor
Set, the second terminal obtains target keywords information, and the target keywords information is sent to the server-side bag
Include:
The second terminal obtains keyword to be retrieved;
The second terminal generates objective fuzzy keyword set according to the keyword to be retrieved;
The second terminal is encrypted each keyword in the objective fuzzy keyword set using the second index key,
Target trapdoor set is obtained, wherein, the second index key is produced by second user key, and the second user key is by institute
Key Management Center is stated to be generated according to the root key;
The target trapdoor set is sent to the server-side by the second terminal.
5. search method as claimed in claim 4, it is characterised in that the server-side according to the target keywords information,
Retrieved in the index information, two re-encryption of target for the target keywords information match for obtaining and retrieving
File, and the two re-encryption file of target is decrypted using second service end key, obtaining target encryption file includes:
If the server-side retrieves the target encrypted indexes to match with the target trapdoor set in the index information,
Then corresponding target index key and the identification information of encrypted target shared file are obtained according to the target encrypted indexes;
The server-side is decrypted the identification information of the target shared file using target index key, and according to
Identification information after decryption obtains two re-encryption file of target;.
The server-side is decrypted the two re-encryption file of target using second service end key, obtains the mesh
Mark encryption file.
6. a kind of searching system for encrypting file, it is characterised in that the searching system includes first terminal, second terminal, clothes
Business end and Key Management Center;Between the first terminal and the server, between the second terminal and the server,
And the Key Management Center passes through network between the first terminal, the second terminal, the server-side respectively
It is attached;
The first terminal includes:
Encrypting module, for shared file to be encrypted using the first user key, obtains encryption file, and by the encryption
File and the corresponding index information of the shared file are sent to server-side, wherein, first user key is by key management
Center is generated according to default root key;
The second terminal includes:
Target critical word modules, the clothes are sent to for obtaining target keywords information, and by the target keywords information
Business end, wherein, the second terminal is the authorized user end of the first terminal;
The server-side includes:
Double encrypting module, for the encryption file to be encrypted using first service end key, obtains two re-encryptions text
Part, wherein, first service end key is generated by the Key Management Center according to default root key, and with described first
User key uniquely corresponds to;
Module is retrieved, for according to the target keywords information, being retrieved in the index information, obtaining and retrieve
The target keywords information match two re-encryption file of target, and using second service end key to the target two
Re-encryption file is decrypted, and obtains target encryption file, wherein, second service end key is by the Key Management Center
Generated according to the root key;
Sending module, for target encryption file to be sent to the second terminal;
The second terminal further includes:
Deciphering module, for target encryption file to be decrypted using second user key, obtains target shared file,
Wherein, the second user key is generated by the Key Management Center according to the root key, and with the second service end
Key uniquely corresponds to;
The Key Management Center, for generating first user key, first clothes according to the default root key
Business end key, the second user key and second service end key.
7. retrieval as claimed in claim 6, it is characterised in that the encrypting module includes:
First acquisition submodule, for obtaining the shared file and the corresponding search key of the shared file;
File encryption submodule, for the shared file to be encrypted using first user key, obtains described add
Ciphertext part;
First word set generates submodule, for according to the search key, generating fuzzy keyword set;
Keyword encrypts submodule, for being carried out using the first index key to each keyword in the fuzzy keyword set
Encryption, obtains the first trapdoor set, wherein, the first index key is produced by first user key;
Mark encryption submodule, for the identification information of the shared file to be encrypted using the described first index key,
And encrypted identification information, the first trapdoor set and the first index key are formed into the index information;
First sending submodule, for the encryption file and the index information to be sent to the server-side.
8. searching system as claimed in claim 7, it is characterised in that the target keywords information includes target trapdoor collection
Close, the target critical word modules include:
Second acquisition submodule, for obtaining keyword to be retrieved;
Second word set generates submodule, for according to the keyword to be retrieved, generating objective fuzzy keyword set;
Second encryption submodule, for using second index key to each keyword in the objective fuzzy keyword set into
Row encryption, obtains target trapdoor set, wherein, the second index key is produced by second user key, the second user
Key is generated by the Key Management Center according to the root key;
Second sending submodule, for the target trapdoor set to be sent to the server-side.
9. a kind of terminal device, including memory, processor and it is stored in the memory and can be on the processor
The computer program of operation, it is characterised in that the processor realizes such as claim 1 to 5 when performing the computer program
The step of search method of any one encryption file.
10. a kind of computer-readable recording medium, the computer-readable recording medium storage has computer program, its feature exists
In the search method of realization encryption file as described in any one of claim 1 to 5 when the computer program is executed by processor
The step of.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711089073.2A CN108038128B (en) | 2017-11-08 | 2017-11-08 | Retrieval method, system, terminal equipment and storage medium of encrypted file |
PCT/CN2017/112600 WO2019090841A1 (en) | 2017-11-08 | 2017-11-23 | Encrypted file retrieval method and system, terminal device and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711089073.2A CN108038128B (en) | 2017-11-08 | 2017-11-08 | Retrieval method, system, terminal equipment and storage medium of encrypted file |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108038128A true CN108038128A (en) | 2018-05-15 |
CN108038128B CN108038128B (en) | 2020-02-14 |
Family
ID=62092782
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711089073.2A Active CN108038128B (en) | 2017-11-08 | 2017-11-08 | Retrieval method, system, terminal equipment and storage medium of encrypted file |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN108038128B (en) |
WO (1) | WO2019090841A1 (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109040109A (en) * | 2018-08-31 | 2018-12-18 | 国鼎网络空间安全技术有限公司 | Data trade method and system based on key management mechanism |
CN109660555A (en) * | 2019-01-09 | 2019-04-19 | 上海交通大学 | Content safety sharing method and system based on proxy re-encryption |
CN111191266A (en) * | 2019-12-31 | 2020-05-22 | 中国广核电力股份有限公司 | File encryption method and system and decryption method and system |
CN111737720A (en) * | 2020-07-21 | 2020-10-02 | 腾讯科技(深圳)有限公司 | Data processing method and device and electronic equipment |
CN112822255A (en) * | 2020-12-31 | 2021-05-18 | 平安科技(深圳)有限公司 | Block chain-based mail processing method, mail sending end, receiving end and equipment |
CN112887087A (en) * | 2021-01-20 | 2021-06-01 | 成都质数斯达克科技有限公司 | Data management method and device, electronic equipment and readable storage medium |
CN113315626A (en) * | 2020-02-27 | 2021-08-27 | 阿里巴巴集团控股有限公司 | Communication method, key management method, device, system and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040117621A1 (en) * | 2002-12-12 | 2004-06-17 | Knight Erik A. | System and method for managing resource sharing between computer nodes of a network |
CN103457733A (en) * | 2013-08-15 | 2013-12-18 | 中电长城网际系统应用有限公司 | Data sharing method and system under cloud computing environment |
CN103731432A (en) * | 2014-01-11 | 2014-04-16 | 西安电子科技大学昆山创新研究院 | Multi-user supported searchable encryption system and method |
CN107077469A (en) * | 2014-10-21 | 2017-08-18 | 三菱电机株式会社 | Server unit, searching system, terminal installation, search method, server program and terminal program |
CN107330340A (en) * | 2017-06-19 | 2017-11-07 | 国家计算机网络与信息安全管理中心 | File encrypting method, equipment, file decryption method, equipment and storage medium |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102176709B (en) * | 2010-12-13 | 2013-11-13 | 北京交通大学 | Method and device with privacy protection function for data sharing and publishing |
CN103281377B (en) * | 2013-05-31 | 2016-06-08 | 北京创世泰克科技股份有限公司 | A kind of encrypt data storage and querying method of facing cloud |
EP3210157B1 (en) * | 2014-10-23 | 2020-04-01 | Pageproof.com Limited | Encrypted collaboration system and method |
CN105320896B (en) * | 2015-10-21 | 2018-04-06 | 成都卫士通信息产业股份有限公司 | A kind of cloud storage encryption and its cipher text retrieval method and system |
-
2017
- 2017-11-08 CN CN201711089073.2A patent/CN108038128B/en active Active
- 2017-11-23 WO PCT/CN2017/112600 patent/WO2019090841A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040117621A1 (en) * | 2002-12-12 | 2004-06-17 | Knight Erik A. | System and method for managing resource sharing between computer nodes of a network |
CN103457733A (en) * | 2013-08-15 | 2013-12-18 | 中电长城网际系统应用有限公司 | Data sharing method and system under cloud computing environment |
CN103731432A (en) * | 2014-01-11 | 2014-04-16 | 西安电子科技大学昆山创新研究院 | Multi-user supported searchable encryption system and method |
CN107077469A (en) * | 2014-10-21 | 2017-08-18 | 三菱电机株式会社 | Server unit, searching system, terminal installation, search method, server program and terminal program |
CN107330340A (en) * | 2017-06-19 | 2017-11-07 | 国家计算机网络与信息安全管理中心 | File encrypting method, equipment, file decryption method, equipment and storage medium |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109040109A (en) * | 2018-08-31 | 2018-12-18 | 国鼎网络空间安全技术有限公司 | Data trade method and system based on key management mechanism |
CN109660555A (en) * | 2019-01-09 | 2019-04-19 | 上海交通大学 | Content safety sharing method and system based on proxy re-encryption |
CN109660555B (en) * | 2019-01-09 | 2020-07-14 | 上海交通大学 | Content secure sharing method and system based on proxy re-encryption |
CN111191266A (en) * | 2019-12-31 | 2020-05-22 | 中国广核电力股份有限公司 | File encryption method and system and decryption method and system |
CN113315626A (en) * | 2020-02-27 | 2021-08-27 | 阿里巴巴集团控股有限公司 | Communication method, key management method, device, system and storage medium |
CN111737720A (en) * | 2020-07-21 | 2020-10-02 | 腾讯科技(深圳)有限公司 | Data processing method and device and electronic equipment |
CN112822255A (en) * | 2020-12-31 | 2021-05-18 | 平安科技(深圳)有限公司 | Block chain-based mail processing method, mail sending end, receiving end and equipment |
CN112822255B (en) * | 2020-12-31 | 2023-02-28 | 平安科技(深圳)有限公司 | Block chain-based mail processing method, mail sending end, receiving end and equipment |
CN112887087A (en) * | 2021-01-20 | 2021-06-01 | 成都质数斯达克科技有限公司 | Data management method and device, electronic equipment and readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
WO2019090841A1 (en) | 2019-05-16 |
CN108038128B (en) | 2020-02-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108038128A (en) | A kind of search method, system, terminal device and storage medium for encrypting file | |
CN106127075B (en) | Encryption method can search for based on secret protection under a kind of cloud storage environment | |
CN109784931B (en) | Query method of data query platform based on blockchain | |
CN108632248A (en) | Data ciphering method, data query method, apparatus, equipment and storage medium | |
Wang et al. | Search in my way: Practical outsourced image retrieval framework supporting unshared key | |
CN108377189A (en) | User's communication encrypting method, device, terminal device and storage medium on block chain | |
CN109361644B (en) | Fuzzy attribute based encryption method supporting rapid search and decryption | |
US8995655B2 (en) | Method for creating asymmetrical cryptographic key pairs | |
CN109117662B (en) | Block chain-based electronic medical record security searching method | |
CN108171066A (en) | The cross-domain searching method of keyword and system in a kind of medical treatment cloud under secret protection | |
CN110061840A (en) | Data ciphering method, device, computer equipment and storage medium | |
CN109150903A (en) | A kind of account management method, device, storage medium and terminal device | |
CN108462574A (en) | A kind of lightweight cipher encrypting method and system | |
CN107196840B (en) | Data processing method, device and equipment | |
CN114048448A (en) | Block chain based dynamic searchable encryption method and device | |
CN112000632B (en) | Ciphertext sharing method, medium, sharing client and system | |
Sun et al. | Research on logistics information blockchain data query algorithm based on searchable encryption | |
CN109672521A (en) | Safe storage system and method based on encription algorithms approved by the State Password Administration Committee Office engine implementation | |
Xu et al. | DNA similarity search with access control over encrypted cloud data | |
CN104967693A (en) | Document similarity calculation method facing cloud storage based on fully homomorphic password technology | |
KR102483369B1 (en) | The user data storage and sharing system based on DID | |
CN109344637A (en) | A kind of data sharing cloud auxiliary electron medical system can search for and protect privacy | |
CN108170753A (en) | A kind of method of Key-Value data base encryptions and Safety query in shared cloud | |
CN111475690B (en) | Character string matching method and device, data detection method and server | |
Li et al. | Electronic certificate sharing scheme with searchable attribute-based encryption on blockchain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |