CN108549796B - Method for protecting user's forgetting right by digital watermark technology - Google Patents
Method for protecting user's forgetting right by digital watermark technology Download PDFInfo
- Publication number
- CN108549796B CN108549796B CN201810379280.XA CN201810379280A CN108549796B CN 108549796 B CN108549796 B CN 108549796B CN 201810379280 A CN201810379280 A CN 201810379280A CN 108549796 B CN108549796 B CN 108549796B
- Authority
- CN
- China
- Prior art keywords
- data
- watermark
- cloud
- owner
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 238000005516 engineering process Methods 0.000 title claims abstract description 14
- 238000012217 deletion Methods 0.000 claims description 17
- 230000037430 deletion Effects 0.000 claims description 17
- 238000012795 verification Methods 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 6
- 239000000126 substance Substances 0.000 claims description 4
- 239000000284 extract Substances 0.000 claims description 2
- 238000000605 extraction Methods 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 230000009466 transformation Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000013139 quantization Methods 0.000 description 2
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 2
- YBJHBAHKTGYVGT-ZKWXMUAHSA-N (+)-Biotin Chemical compound N1C(=O)N[C@@H]2[C@H](CCCCC(=O)O)SC[C@@H]21 YBJHBAHKTGYVGT-ZKWXMUAHSA-N 0.000 description 1
- 241001270131 Agaricus moelleri Species 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 239000002131 composite material Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- FEPMHVLSLDOMQC-UHFFFAOYSA-N virginiamycin-S1 Natural products CC1OC(=O)C(C=2C=CC=CC=2)NC(=O)C2CC(=O)CCN2C(=O)C(CC=2C=CC=CC=2)N(C)C(=O)C2CCCN2C(=O)C(CC)NC(=O)C1NC(=O)C1=NC=CC=C1O FEPMHVLSLDOMQC-UHFFFAOYSA-N 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/16—Program or content traceability, e.g. by watermarking
Abstract
The invention discloses a method for protecting a user's forgetting right through a digital watermarking technology, which supports the user to outsource plaintext data, and simultaneously ensures that the user data is deleted when a cloud receives a request of the user, otherwise, dishonest behavior of the cloud is traced back, thereby maintaining the user's forgetting right.
Description
Technical Field
The invention relates to the technical field of digital watermarking and cryptography, in particular to a method for protecting the user's forgetting right through a digital watermarking technology.
Background
With the rapid increase of data volume, the demand of people for storage space is also increased sharply. In this situation, the cloud storage technology has come to put forward a concept of storage as a service. Cloud storage provides users with both inexpensive and plentiful storage space. People store local data in the cloud and accordingly lose control of their data. On a certain day, a user does not need important data stored in the cloud, and the cloud server is required to delete the important data completely. The cloud responds to the user that it has deleted the data, but the user cannot be sure that the cloud really deleted his data completely. And the current popular cloud storage structure backs up data to prevent disasters and accidents. Finally, the backed up data is distributed to different online or offline storage servers. So even if the cloud deletes the data of the current storage space, all backups of the corresponding data may not be deleted.
In order to ensure that a user can truly and completely delete data after requesting the cloud to delete the data, some scholars propose to upload ciphertext data, the user stores an encrypted key, when the user wants to delete the data, the user deletes the encrypted key, so that the data stored in the cloud becomes a disordered ciphertext, and even if other people obtain the ciphertext, other people cannot read the content in the text. However, at present, more service providers need to collect data of the public, analyze and mine the data, and do not receive ciphertext data.
And plaintext data is outsourced, so that a user can quickly use cloud computing services, such as services for searching images and editing images. However, when the user uploads the plaintext data, the user needs the cloud to completely delete the data which is not needed by the user according to the request of the user, so that the forgetting right of the user is maintained. However, at present, no scheme for protecting the user's forgetting right for data in an outsourced plaintext form exists.
Disclosure of Invention
The invention aims to provide a method for protecting the user's forgetting right through a digital watermarking technology.
The purpose of the invention is realized by the following technical scheme:
a method for protecting a user from being forgotten by a digital watermarking technology, comprising:
and (3) data uploading stage: watermarking by ownership of data owner OWAnd the unique watermark W used for marking the cloud identity generated by the watermark authentication centerCProcessing the data X and then sending the data X to a cloud for storage;
a data retrieval phase: unique watermark W generated by watermark authentication center and used for marking data owner identityOProcessing data to be retrieved stored in a cloud and then sending the data to a data owner;
and a data deleting stage: when data is uploaded, after the data is uploaded, when the data is retrieved or after the data is retrieved, the watermark authentication center sends a corresponding data deletion command to the cloud according to the data deletion command sent by the data owner, so that the cloud deletes the corresponding data;
an arbitration phase: after the data owner finishes uploading the data, if a suspected copy Y of the data X is found, the ownership watermark O 'extracted from the suspected copy Y is used'WOwnership watermark O with data ownerWAre all matchedMatching degree to judge whether the suspected copy Y belongs to the data X; if yes, extracting the watermark W 'used for marking the cloud identity in the suspected copy Y by the watermark authentication center'CAnd a watermark W 'to mark the data owner identity'OIn combination with a watermark W generated during a data upload phase and/or a data retrieval phaseCAnd/or WOWhether the suspected copy Y is leaked by the cloud end is judged, so that the forgetting right of the user is protected.
According to the technical scheme provided by the invention, the method and the device support the user to outsource the plaintext data, and simultaneously ensure that the cloud deletes the user data when receiving the request of the user, otherwise, the dishonest behavior of the cloud is traced back, so that the forgetting right of the user is maintained.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a flowchart of a method for protecting a user's forgetting right through digital watermarking technology according to an embodiment of the present invention;
fig. 2 is a flowchart of a data uploading phase according to an embodiment of the present invention;
FIG. 3 is a flow chart of a data retrieval phase provided by an embodiment of the present invention;
FIG. 4 is a schematic diagram of system capacity at different m according to an embodiment of the present invention;
fig. 5 is a schematic diagram of system capacity under different W according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
An embodiment of the present invention provides a method for protecting a user's forgetting right through a digital watermark technology, as shown in fig. 1, the method mainly includes:
and (3) data uploading stage: watermarking by ownership of data owner OWAnd the unique watermark W used for marking the cloud identity generated by the watermark authentication centerCProcessing the data X and then sending the data X to a cloud for storage;
a data retrieval phase: unique watermark W generated by watermark authentication center and used for marking data owner identityOProcessing data to be retrieved stored in a cloud and then sending the data to a data owner;
and a data deleting stage: when data is uploaded, after the data is uploaded, when the data is retrieved or after the data is retrieved, the watermark authentication center sends a corresponding data deletion command to the cloud according to the data deletion command sent by the data owner, so that the cloud deletes the corresponding data;
an arbitration phase: if the data owner finds a suspected copy Y of the data X, then according to the ownership watermark O 'extracted from the suspected copy Y'WOwnership watermark O with data ownerWJudging whether the suspected copy Y belongs to the data X or not according to the matching degree; if yes, extracting the watermark W 'used for marking the cloud identity in the suspected copy Y by the watermark authentication center'CAnd a watermark W 'to mark the data owner identity'OIn combination with a watermark W generated during a data upload phase and/or a data retrieval phaseCAnd/or WOWhether the suspected copy Y is leaked by the cloud end is judged, so that the forgetting right of the user is protected.
In the embodiment of the invention, based on a public key infrastructure, the proposed watermark protocol between the cloud and the user comprises three different roles: the owner of the data, the cloud and the honest watermark authentication center are respectively denoted as O, C and WCA. Embodiments of the present invention relate to data in a variety of forms, such as images, audio, and documents.
Data owners store large amounts of data locally, which occupies a large amount of local storage space. Because the data owner is a user of the cloud storage service and can enjoy the cloud storage service, the data owner can upload local data to the cloud server for storage, so that the local storage capacity is reduced. The data owner has a certified public and private key pair, denoted as (pk)O,skO) The ID number of the data owner is marked as IDO。
The cloud service provider provides and manages a plurality of cloud storage servers, and provides a large amount of storage space for users. And a public and private key pair owned by the cloud end and marked as (pk)C,skC) The identity number of the cloud C is marked as IDC。
The watermark authentication center is an honest third party and is responsible for generating watermarks, embedding the watermarks and verifying whether the watermarks exist by detecting and extracting the watermarks, and a public and private key pair distributed by the watermark authentication center is marked as (pk)WCA,skWCA)。
The following is a detailed description of the various stages.
First, data uploading stage.
As shown in fig. 2, which is a flow chart of the data uploading phase, the main process is as follows:
1. before uploading the data X, the data owner O sends the identity number ID of the data owner OOAnd an odd number n to the cloud C, indicating that the data owner O is to upload the data X to the cloud C.
In the embodiment of the present invention, the odd-numbered n represents that the user wants to upload data, and of course, the odd-numbered n may also directly send an upload command.
2. Cloud C receives the identity number ID of the data owner OOAnd after the number n of the cloud end is odd, the identity number ID of the cloud end C is sentCAnd odd number n to data owner O, indicating that the cloud is ready to receive data X.
3. After the data owner O receives the data returned by the cloud C, an ownership watermark O is embedded into the data XWObtaining data
And utilizes the cloud public key pkCEncrypting to obtain ciphertext data
Then, the ciphertext data is processed
Identity number ID of data owner OOOdd numbered n, cloud C's identity number IDCAnd the signature of the data owner O and the cloud
And sending to a watermark authentication center WCA.
4. After receiving the data, the WCA of the watermark authentication center signs the signature
Carrying out verification, and if the verification is passed, generating a unique watermark W for marking the cloud identityCAnd use the cloud public key pkCEncrypted watermark WCObtaining the ciphertext watermark
Then, the ciphertext is watermarked
Embedding into ciphertext data
In the method, ciphertext watermark data is obtained
Wherein the content of the first and second substances,
representing a watermark embedding operation; then, the watermark authentication center WCA watermarks the ciphertext watermark data
Odd numbered n, identity number ID of data owner OOAnd the signature between the watermark authentication center WCA and the cloud end C
And sending the data to the cloud.
As will be appreciated by those skilled in the art, homomorphism may be implemented in the encrypted domain E
And (5) operating.
Meanwhile, the watermark authentication center WCA records information related to the data uploading stage in its table, as shown in table 1, the information mainly includes: identity number ID of data owner OOOdd numbered n, cloud C's identity number IDCUnique watermark W for marking cloud identityCAnd the signature between the watermark authentication center WCA and the cloud end C
Table 1 information involved in the data upload phase
5. After receiving the information sent by the watermark authentication center WCA, the cloud verifies the signature
If the verification is passed, the self private key sk is utilizedCWatermark data to ciphertext
Decrypting to obtain plain text with watermark WCWatermark data of
And stored.
In the field ofAs can be appreciated by those skilled in the art, the watermark data stored in the cloud
Basically the same as the content of the data X originally uploaded by the data owner, except for the watermark data
An ownership watermark O of the data owner is also embeddedWAnd a watermark W for marking the identity of the cloudC。
And II, a data retrieval stage.
As shown in fig. 3, which is a flow chart of the data uploading phase, the main process is as follows:
1. the data owner O sends its own ID number ID before retrieving the data XOAnd an even number n' ═ n +1 to cloud C, indicating that data owner O is retrieving data X to cloud C.
In the embodiment of the present invention, the even number n' represents that the user wants to retrieve the data, but the retrieval command may also be sent directly.
2. Cloud C receives the identity number ID of the data owner OOAnd after the even number n', the identity number ID of the cloud end C is sentCAnd an even number n' to the data owner O, indicating that the cloud is ready to download data X.
3. Cloud C utilizes public key pk of data owner OOFor corresponding watermark data
Encrypting to obtain ciphertext watermark data
Then, the even number n' and the ciphertext watermark data are processed
Identity number ID of cloud CCID of data owner OOAnd the signature of the data owner O and the cloud
And sending to a watermark authentication center WCA.
4. After receiving the data, the WCA of the watermark authentication center signs the signature
The authentication is carried out, and if the authentication is passed, a unique watermark W for marking the identity of the data owner is generatedOAnd use the public key pk of the data ownerOEncrypted watermark WOObtaining the ciphertext watermark
Then, the ciphertext is watermarked
Embedding in ciphertext watermark data
Obtaining new ciphertext watermark data
Wherein the content of the first and second substances,
representing a watermark embedding operation; then, the watermark authentication center WCA transmits the even number n' and the new ciphertext watermark data
Identity number ID of data owner OOAnd a signature between the watermark authentication center WCA and the data owner O
To the data owner O.
Meanwhile, the watermark authentication center WCA records information related to the data retrieval stage in its own table, as shown in table 2, mainly includes: identity number ID of data owner OOEven-numberedn', identity number ID of cloud CCUnique watermark W for marking cloud identityCUnique watermark W for marking the identity of the owner of the dataOSignature between watermark authentication center WCA and cloud C
And a signature between the watermark authentication center WCA and the data owner O
Table 2 information involved in the data retrieval phase
5. After receiving the information sent by the watermark authentication center WCA, the data owner verifies the signature
If the verification is passed, the self private key sk is utilizedODecryption
In plain text form and with watermark WOData of (2)
Those skilled in the art will appreciate that the data owner ultimately obtains the data
And watermark data stored in cloud
Are substantially the same, differing only in that the data
Therein is embedded with a labelWatermarking W of data owner identityO. That is, data
Only the ownership watermark O of the data owner is embedded, compared to the data X that the data owner originally uploadedWWatermark W for marking cloud identityCAnd a watermark W for marking the identity of the owner of the dataOThe main data content is unchanged.
And thirdly, deleting the data.
The data owner may delete the data stored in the cloud at any time, for example, when the data is uploaded, after the data is uploaded, when the data is retrieved, or after the data is retrieved.
The data deletion phase proceeds as follows:
1. if the data owner needs to delete the data X stored in the cloud, the odd number n and the identity number ID of the data owner O are sentOIdentity number ID of cloud CCAnd sending the deleting command to a watermark authentication center (WCA);
2. the watermark authentication center WCA sends odd number n and the identity number ID of the data owner OOAnd sending the deleting command to the cloud C;
3. the cloud deletes all stored copies of the data X and returns all deleted replies to the watermark authentication center WCA.
Meanwhile, the watermark authentication center WCA records information related to the data deletion stage in its table, as shown in table 3, mainly includes: identity number ID of data owner OOOdd numbered n, cloud C's identity number IDCUnique watermark W for marking cloud identityCUnique watermark W for marking the identity of the owner of the dataOSignature between watermark authentication center WCA and cloud C
Signature between watermark authentication center WCA and data owner O
And a flag of whether data X has been deleted.
Table 3 information relating to the data deletion phase
Fourthly, an arbitration stage.
The arbitration phase is possible when the data owner has completed uploading the data.
If a suspected copy Y of the data X is found, the data owner O and the watermark authentication center WCA identify the untrusted cloud end in the following way.
1. Ownership watermark O 'extracted by data owner O from suspected copy Y'WIf ownership watermark O'WOwnership watermark O with data ownerWIf the matching degree exceeds a certain threshold value, judging that the suspected copy Y belongs to the data X, and further judging by a watermark authentication center WCA; otherwise, the flow is terminated.
2. Extracting a watermark W 'used for marking cloud identity in the suspected copy Y by a watermark authentication center WCA'CAnd a watermark W 'to mark the data owner identity'OAnd combining the watermarks W generated in the data uploading stage and the data retrieving stageCAnd WOAnd judging whether the suspected copy Y is leaked by the cloud end by the information recorded in the table of the user, thereby protecting the forgetting right of the user. When watermark W'CA unique watermark W for marking the cloud identity recorded in the corresponding entry in the tableCWhen the matching degree exceeds the threshold value, the following three conditions are carried out:
1) if no unique watermark W for marking the data owner identity is recorded in the corresponding entry in the tableOIf the deletion command is recorded, the data owner does not send a retrieval command and only sends the deletion command, but the cloud does not delete corresponding data according to requirements and leaks the corresponding data;
2) if no record in corresponding entry in table is uniquely used for markingWatermark W for recording data owner identityOIf the deletion command is not recorded, the data owner does not send the retrieval command and the deletion command, but the cloud end leaks the corresponding data;
3) if watermark W'OA watermark W for marking the identity of the owner of the data unique if recorded in the corresponding entry in the tableOIf the matching degree exceeds a threshold value, the suspected copy Y is considered to be from the data owner; at this time, whether the data is deleted or not or whether the data is leaked or not is irrelevant to the cloud.
The following is presented in connection with a specific example.
In this example, the specific encryption scheme and the watermark scheme may be used as long as they satisfy the requirements.
The data in this example is an image, 1000 images with different gray scales are selected, the size of each image is 512 × 512, the image is used as an image library of this example, the peak signal-to-noise ratio PSNR is used for testing the quality of the image after the watermark is embedded, and the accuracy BCR is used for testing the quality of the extracted watermark.
The homomorphic encryption method adopts Paillier encryption, and the key length exceeds 1024 bits. Considering that there is no decimal in homomorphic encryption, the quantization factor S of which the quantization decimal is an integer is 216。
Ownership watermark O of data owner OWNow, using a similar approach to second generation watermark embedding, α being the watermark embedding strength, the ownership watermark O is now embeddedWAnd embedding the image into a low-frequency region after 3 times of wavelet transformation, and extracting the sign of the low-frequency region as the characteristic of the image and recording the sign as Key after one time of inverse wavelet transformation and one time of Fourier transformation. Printing the extracted graphic characteristic Key and the embedded original water OWAnd XOR is carried out to obtain a composite characteristic V. The data owner O will be O when uploading imageWTransmitted to the WCA simultaneously with V. In the arbitration stage, the data owner O extracts the image characteristic Key ', and the watermark O' obtained after XOR between Key 'and V'WWith the original water stamp OWExceeds a certain threshold, which proves that the data owner O is indeed the owner of the image.
Identity watermark W, i.e. WCAnd WOBy using a belt shakerThe quality factor q controls the quality of the image after embedding the watermark, and the number of the embedded watermarks is recorded as NEB in the selected 8 × 8 blocks for embedding the identity watermark.
Each tested image was divided into non-overlapping 8 × 8 blocks, half of which were randomly selected for embedding the image ownership watermark OWHalf of the identity watermark used to embed the cloud and data owner, WCAnd WOCollectively referred to as the identity watermark W. Here, the ownership watermark OWThe correct extraction rate was recorded as BCROThe correct extraction rate of the identity watermark is recorded as BCRI. The correct extraction rate of the final watermark is recorded as Prosuc=BCRO×BCRIThe experimental effect of the protocol under no and under attack when α is 0.05, q is 55, NEB is 2 is shown in table 4 below:
TABLE 4 PSNR and BCR under different tests
The number of users and the number of cloud service providers which can be supported by the method are respectively marked as NU and NC. Because the embedded watermark is a binary watermark, the user identity watermark is also the data owner identity watermark WOHas a length of log2(NU), cloud identity watermark WCHas a length of log2(NU) each tested image is of size W × H, divided into non-overlapping 8 × 8 blocks, and combined with the proprietary watermark embedding scheme and the identity watermark embedding scheme, the protocol can accommodate NU and NC satisfying the following relations:
in practical applications NU is much more than NC, in this example, it is assumed that
Then the above equation reduces to:
when NEB is 2 and W is H, the maximum amount of users NUmaxThe logarithmic curve for the change in m at different W is shown in fig. 4. NEB is in this range of 1 to 4, in the maximum user amount NU when W ═ H, m ═ 1000maxThe logarithmic curve for the change in W is shown in fig. 5.
Referring to fig. 4 and 5, m is the maximum number of users NUmaxIs less affected, and the size of the image is on NUmaxThere is an exponential effect. When W is 210When m is 1000 and NEB is 2, the maximum number of users NUmaxCan reach 28442。
Through the above description of the embodiments, it is clear to those skilled in the art that the above embodiments can be implemented by software, and can also be implemented by software plus a necessary general hardware platform. With this understanding, the technical solutions of the embodiments can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.), and includes several instructions for enabling a computer device (which can be a personal computer, a server, or a network device, etc.) to execute the methods according to the embodiments of the present invention.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (6)
1. A method for protecting a user's forgetting right through a digital watermarking technology, comprising:
and (3) data uploading stage: watermarking by ownership of data owner OWAnd the unique watermark W used for marking the cloud identity generated by the watermark authentication centerCAfter processing the data XSending the data to the cloud for storage;
a data retrieval phase: unique watermark W generated by watermark authentication center and used for marking data owner identityOProcessing data to be retrieved stored in a cloud and then sending the data to a data owner;
and a data deleting stage: when data is uploaded, after the data is uploaded, when the data is retrieved or after the data is retrieved, the watermark authentication center sends a corresponding data deletion command to the cloud according to the data deletion command sent by the data owner, so that the cloud deletes the corresponding data;
an arbitration phase: after the data owner finishes uploading the data, if a suspected copy Y of the data X is found, the ownership watermark O 'extracted from the suspected copy Y is used'WOwnership watermark O with data ownerWJudging whether the suspected copy Y belongs to the data X or not according to the matching degree; if yes, extracting the watermark W 'used for marking the cloud identity in the suspected copy Y by the watermark authentication center'CAnd a watermark W 'to mark the data owner identity'OIn combination with a watermark W generated during a data upload phase and/or a data retrieval phaseCAnd/or WOWhether the suspected copy Y is leaked by the cloud end is judged, so that the forgetting right of the user is protected.
2. The method for protecting the user's forgetting right through the digital watermarking technology according to claim 1, wherein the data uploading process is as follows:
before uploading the data X, the data owner O sends the identity number ID of the data owner OOAnd an odd number n is given to the cloud C, which indicates that the data owner O needs to upload the data X to the cloud C;
cloud C receives the identity number ID of the data owner OOAnd after the number n of the cloud end is odd, the identity number ID of the cloud end C is sentCThe odd number n is given to the data owner O, which indicates that the cloud is ready to receive the data X;
after the data owner O receives the data returned by the cloud C, an ownership watermark O is embedded into the data XWObtaining data
And utilizes the cloud public key pkCEncrypting to obtain ciphertext data
Then, the ciphertext data is processed
Identity number ID of data owner OOOdd numbered n, cloud C's identity number IDCAnd the signature of the data owner O and the cloud
Sending to a watermark authentication center WCA;
after receiving the data, the WCA of the watermark authentication center signs the signature
Carrying out verification, and if the verification is passed, generating a unique watermark W for marking the cloud identityCAnd use the cloud public key pkCEncrypted watermark WCObtaining the ciphertext watermark
Then, the ciphertext is watermarked
Embedding into ciphertext data
In the method, ciphertext watermark data is obtained
Wherein the content of the first and second substances,
representing a watermark embedding operation; then, the watermark authentication center WCA watermarks the ciphertext watermark data
Odd numbered n, identity number ID of data owner OOAnd the signature between the watermark authentication center WCA and the cloud end C
Sending the data to a cloud end;
after receiving the information sent by the watermark authentication center WCA, the cloud verifies the signature
If the verification is passed, the self private key sk is utilizedCWatermark data to ciphertext
Decrypting to obtain plain text with watermark WCWatermark data of
And stored.
3. A method for protecting the user's forgetting right through digital watermarking technology according to claim 1, wherein the data retrieving process is as follows:
the data owner O sends its own ID number ID before retrieving the data XOAnd an even number n' ═ n +1 to cloud C, indicating that data owner O is retrieving data X to cloud C;
cloud C receives the identity number ID of the data owner OOAnd after the even number n', the identity number ID of the cloud end C is sentCAnd an even number n' to the data owner O, indicating that the cloud is ready to download the data X;
cloud C utilizes public key pk of data owner OOFor corresponding watermark data
Encrypting to obtain ciphertext watermark data
Then, the even number n' and the ciphertext watermark data are processed
Identity number ID of cloud CCID of data owner OOAnd the signature of the data owner O and the cloud
Sending to a watermark authentication center WCA;
after receiving the data, the WCA of the watermark authentication center signs the signature
The authentication is carried out, and if the authentication is passed, a unique watermark W for marking the identity of the data owner is generatedOAnd use the public key pk of the data ownerOEncrypted watermark WOObtaining the ciphertext watermark
Then, the ciphertext is watermarked
Embedding in ciphertext watermark data
Obtaining new ciphertext watermark data
Wherein the content of the first and second substances,
representing a watermark embedding operation; then, the watermark authentication center WCA transmits the even number n' and the new ciphertext watermark data
Identity number ID of data owner OOAnd a signature between the watermark authentication center WCA and the data owner O
Sending the data to a data owner O;
after receiving the information sent by the watermark authentication center WCA, the data owner verifies the signature
If the verification is passed, the self private key sk is utilizedODecryption
In plain text form and with watermark WOData of (2)
4. A method for protecting the user's forgetting right through digital watermarking technology according to claim 1, wherein the data deleting stage is performed as follows:
if the data owner needs to delete the data X stored in the cloud, the odd number n and the identity number ID of the data owner O are sentOIdentity number ID of cloud CCAnd sending the deleting command to a watermark authentication center (WCA);
then, the watermark authentication center WCA sends the odd number n and the identity number ID of the data owner OOAnd sending the deleting command to the cloud C;
and then, the cloud deletes all the copies of the stored data X and returns all the deleted replies to the watermark authentication center WCA.
5. The method for protecting the user's forgetting right through the digital watermarking technology according to any one of claims 2-4, wherein the watermark authentication center WCA records the information related to the data uploading stage, the data retrieving stage and the data deleting stage in its own table; wherein:
the information related to the data uploading stage comprises the following steps: identity number ID of data owner OOOdd numbered n, cloud C's identity number IDCUnique watermark W for marking cloud identityCAnd the signature between the watermark authentication center WCA and the cloud end C
Information involved in the data retrieval phase, including: identity number ID of data owner OOEven numbered n', cloud C IDCUnique watermark W for marking cloud identityCUnique watermark W for marking the identity of the owner of the dataOSignature between watermark authentication center WCA and cloud C
And a signature between the watermark authentication center WCA and the data owner O
The information related to the data deleting stage comprises: identity number ID of data owner OOOdd numbered n, cloud C's identity number IDCUnique watermark W for marking cloud identityCUnique watermark W for marking the identity of the owner of the dataOSignature between watermark authentication center WCA and cloud C
Signature between watermark authentication center WCA and data owner O
And a flag of whether data X has been deleted.
6. The method of claim 5, wherein in the arbitration phase, the watermark authentication center WCA extracts the watermark W'CAnd watermark W'OThereafter, in combination with the watermark W generated during the data upload phase and/or the data retrieval phaseCand/WOAnd judging whether the suspected copy Y is leaked by the cloud according to the information recorded in the table of the suspected copy Y, wherein the following three conditions are adopted:
if no unique watermark W for marking the data owner identity is recorded in the corresponding entry in the tableOIf the deletion command is recorded, the data owner does not send a retrieval command and only sends the deletion command, but the cloud does not delete corresponding data according to requirements and leaks the corresponding data;
if no unique watermark W for marking the data owner identity is recorded in the corresponding entry in the tableOIf the deletion command is not recorded, the data owner does not send the retrieval command and the deletion command, but the cloud end leaks the corresponding data;
if watermark W'OA watermark W for marking the identity of the owner of the data unique if recorded in the corresponding entry in the tableOIf the degree of match exceeds the threshold, the suspected copy Y is considered to be from the owner of the data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810379280.XA CN108549796B (en) | 2018-04-25 | 2018-04-25 | Method for protecting user's forgetting right by digital watermark technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810379280.XA CN108549796B (en) | 2018-04-25 | 2018-04-25 | Method for protecting user's forgetting right by digital watermark technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108549796A CN108549796A (en) | 2018-09-18 |
| CN108549796B true CN108549796B (en) | 2020-08-25 |
Family
ID=63512498
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810379280.XA Active CN108549796B (en) | 2018-04-25 | 2018-04-25 | Method for protecting user's forgetting right by digital watermark technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108549796B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104994068A (en) * | 2015-05-22 | 2015-10-21 | 武汉大学 | Multimedia content protection and safe distribution method in cloud environment |
| CN105303069A (en) * | 2014-07-10 | 2016-02-03 | 厦门简帛信息科技有限公司 | Digital rights management system and method |
| CN105323209A (en) * | 2014-06-05 | 2016-02-10 | 江苏博智软件科技有限公司 | Cloud data security protection method adopting fully homomorphic encryption technology and multiple digital watermarking technology |
| CN106156655A (en) * | 2015-03-26 | 2016-11-23 | 中国科学院声学研究所 | The compressing file of a kind of facing cloud storage and authentication method |
| CN107197037A (en) * | 2017-02-24 | 2017-09-22 | 重庆第二师范学院 | A kind of data access method and system with audit function based on Cloud Server |
-
2018
- 2018-04-25 CN CN201810379280.XA patent/CN108549796B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105323209A (en) * | 2014-06-05 | 2016-02-10 | 江苏博智软件科技有限公司 | Cloud data security protection method adopting fully homomorphic encryption technology and multiple digital watermarking technology |
| CN105303069A (en) * | 2014-07-10 | 2016-02-03 | 厦门简帛信息科技有限公司 | Digital rights management system and method |
| CN106156655A (en) * | 2015-03-26 | 2016-11-23 | 中国科学院声学研究所 | The compressing file of a kind of facing cloud storage and authentication method |
| CN104994068A (en) * | 2015-05-22 | 2015-10-21 | 武汉大学 | Multimedia content protection and safe distribution method in cloud environment |
| CN107197037A (en) * | 2017-02-24 | 2017-09-22 | 重庆第二师范学院 | A kind of data access method and system with audit function based on Cloud Server |
Non-Patent Citations (3)
| Title |
|---|
| 《A Cloud-User Protocol Based on Ciphertext Watermarking Technology》;Keyang Liu, Weiming Zhang等;《Security and Communication Networks》;20171211;第2017卷;第1-14页 * |
| 《基于被遗忘权的第三方个人数据监管平台》;金燕;《情报理论与实践》;20170831;第40卷(第8期);第37-42页 * |
| 《针对特定测试样本的隐写分析方法》;张逸为,张卫明等;《软件学报》;20171201;第29卷(第4期);第987-1001页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108549796A (en) | 2018-09-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10387986B2 (en) | System for embedding searchable information, encryption, signing operation, transmission, storage and retrieval | |
| EP2109248B1 (en) | Method and device for testing consistency of numeric contents | |
| JP3919673B2 (en) | Apparatus and method for distributing and authenticating data sets using watermarks | |
| CN103415856B (en) | Online storage device and method, transmitting apparatus and method, receiving equipment and method | |
| US20170099149A1 (en) | System and Method for Securing, Tracking, and Distributing Digital Media Files | |
| JP2005532594A5 (en) | ||
| CN104980278A (en) | Method and device for verifying usability of biological characteristic image | |
| CN107888591B (en) | Method and system for electronic data preservation | |
| JP2003309554A5 (en) | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, PROGRAM, AND RECORDING MEDIUM | |
| Velmurugan et al. | Video steganography by neural networks using hash function | |
| CN113129198B (en) | Zero watermark generation method and system and copyright infringement comparison method and system | |
| CN108549796B (en) | Method for protecting user's forgetting right by digital watermark technology | |
| CN108735223B (en) | Method and system for embedding and extracting digital watermark of audio file | |
| Menendez-Ortiz et al. | Self-recovery scheme for audio restoration after a content replacement attack | |
| JP2022540551A (en) | Proof of media provenance via fragile watermarking | |
| JP2007317175A5 (en) | ||
| CN113190857B (en) | Picture processing method and device, electronic equipment and computer readable medium | |
| Ahmed et al. | Discrete wavelet transform-based reversible data hiding in encrypted images | |
| TW200949541A (en) | A browsing method for digital content of hierarchical image management and system therefore | |
| Heeger et al. | ExHide: Hiding data within the ExFAT file system | |
| Hasso | Steganography in video files | |
| WO2010113040A2 (en) | Watermarking method and system | |
| CN110532740A (en) | Image ciphering method, apparatus, the encroach right method of determination and computer storage medium | |
| CN115296821B (en) | Data processing system for digital collection management | |
| CN112837690B (en) | Audio data generation method, audio data transfer method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |