CN109214201A - A kind of data sharing method, terminal device and computer readable storage medium - Google Patents
A kind of data sharing method, terminal device and computer readable storage medium Download PDFInfo
- Publication number
- CN109214201A CN109214201A CN201811025481.6A CN201811025481A CN109214201A CN 109214201 A CN109214201 A CN 109214201A CN 201811025481 A CN201811025481 A CN 201811025481A CN 109214201 A CN109214201 A CN 109214201A
- Authority
- CN
- China
- Prior art keywords
- data
- attribute
- spoon
- encryption
- private
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 238000003860 storage Methods 0.000 title claims abstract description 23
- 238000011217 control strategy Methods 0.000 claims description 26
- 238000004891 communication Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 13
- 230000003993 interaction Effects 0.000 claims description 2
- 238000004422 calculation algorithm Methods 0.000 description 41
- 230000006870 function Effects 0.000 description 18
- 230000008569 process Effects 0.000 description 14
- 230000005540 biological transmission Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 9
- 238000012545 processing Methods 0.000 description 9
- 238000004364 calculation method Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 6
- 239000000654 additive Substances 0.000 description 4
- 230000000996 additive effect Effects 0.000 description 4
- 238000009826 distribution Methods 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 235000013399 edible fruits Nutrition 0.000 description 3
- 230000008878 coupling Effects 0.000 description 2
- 238000013480 data collection Methods 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 238000003825 pressing Methods 0.000 description 2
- 238000012216 screening Methods 0.000 description 2
- 238000000926 separation method Methods 0.000 description 2
- 230000000007 visual effect Effects 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 206010021703 Indifference Diseases 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000006837 decompression Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 238000009472 formulation Methods 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000007670 refining Methods 0.000 description 1
- 239000011800 void material Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6272—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
Abstract
This application discloses a kind of data sharing method, terminal device and computer readable storage medium, it is applied to asymmetric encryption field, wherein data sharing method includes: acquisition clear data, and the attribute of clear data includes that operation and/or can decrypt;Clear data is encrypted according to the attribute of clear data, generate can decrypt and can operation encryption data, can operation encryption data, or the encryption data that can be decrypted;Encryption data is sent to server, so that server saves encryption data.The application encrypts clear data according to the attribute of clear data, then the encryption data obtained after clear data encryption is sent to server, so that server saves the encryption data, while so that other users can also obtain the encryption data from server, also assure the safety of data, and the data access authority of different users is limited, then this application provides a kind of efficient data sharing methods.
Description
Technical field
This application involves field of information security technology more particularly to a kind of data sharing methods, terminal device and computer
Readable storage medium storing program for executing.
Background technique
Cloud computing model can provide service on demand, and access configurable computing resource sharing anywhere or anytime by network
Pond, shared pool include network, storage, server, services and applications etc..But while cloud computing can reduce management at
Originally, rapidly configuration provides and release resource, many users still dare not be using this calculating modes, the reason is that cloud computing is friendship
It is carried out by third party, the safety of the data of cloud computing is unable to get guarantee.Cloud computing bring safety problem mainly has void
Quasi-ization safety, application be safe, identity information safety and data safety etc..With popularizing for cloud computing, cloud is stored largely
User sensitive information and business datum, once leaking data, may cause irreparable damage to user.
Then for the safety for guaranteeing data, user first encrypts data, then uploads the encryption to cloud again
Data afterwards.Since the secret key of decryption is taken care of by user, which, can not be by other than it can be decrypted by user
Other users are used, to ensure that the safety of data.
After data are encrypted, although the safety of data is ensured, encryption data can not be by other users institute
It uses, then when there is other users to need using encryption data, distributes secret key, but this one by one by the owner of encryption data
The method of sample is cumbersome and time consuming, so that the use of encryption data and sharing efficiency reduce.
Summary of the invention
The embodiment of the present application provides a kind of data sharing method, and the efficiency of data sharing can be improved.
In a first aspect, the embodiment of the present application provides a kind of data sharing method, which includes:
Obtain clear data, the attribute of the clear data includes that operation and/or can decrypt;
The clear data is encrypted according to the attribute of the clear data, generate can decrypt and can operation encryption
Data, can operation encryption data, or the encryption data that can be decrypted;
The encryption data is sent to server, so that the server saves the encryption data.
With reference to first aspect, in the first implementation of first aspect, the attribute according to the clear data
The clear data is encrypted, the encryption data that can be decrypted is generated, comprising:
It is random to generate the first secret key pair, first secret key pair if the attribute of the clear data can be decrypted described in being
Including the first private spoon and the first public spoon;
The computations based on policy attribute are carried out to the clear data using the described first public spoon, can be solved described in generation
Close encryption data, the policy attribute describe the decryption rule of the encryption data.
With reference to first aspect, in second of implementation of first aspect, the attribute according to the clear data
The clear data is encrypted, generate can operation encryption data, comprising:
If the attribute of the clear data be it is described can operation, it is random to generate the second secret key pair, second secret key pair
Including the second private spoon and the second public spoon;
Full homomorphic cryptography carried out to the clear data using the described second public spoon, described in generation can operation encryption number
According to.
With reference to first aspect, in the third implementation of first aspect, the attribute according to the clear data
The clear data is encrypted, generate can decrypt and can operation encryption data, comprising:
If the attribute of the clear data include it is described can operation and it is described decrypt, it is random generate the first secret key pair and
Second secret key pair, first secret key pair include the first private spoon and the first public spoon, second secret key pair include the second private spoon and
Second public spoon;
The computations based on policy attribute are carried out to the clear data using the described first public spoon, are obtained described
The encryption data that can be decrypted;
It carries out the full homomorphic cryptography to the encryption data encrypted using the described second public spoon to calculate, described in generation
Can decrypt and can operation encryption data.
The first implementation with reference to first aspect, in the 4th kind of implementation of first aspect, the generation institute
After stating the encryption data that can be decrypted, further includes:
Obtain the described first private spoon;
The computations based on policy attribute are carried out to the described first private spoon, obtain private spoon ciphertext;
The private spoon ciphertext is sent to the server, so that the server saves the private spoon ciphertext.
The third implementation with reference to first aspect, in the 5th kind of implementation of first aspect, the generation institute
Stating can decrypt and can be after the encryption data of operation, further includes:
Obtain the described first private spoon and the second private spoon;
The described first private spoon and the second private spoon are combined, third private spoon is obtained;
The computations based on policy attribute are carried out to the third private spoon, obtain private spoon ciphertext;
The private spoon ciphertext is sent to the server, so that the server saves the private spoon ciphertext.
The first implementation with reference to first aspect, it is described to utilize institute in the 6th kind of implementation of first aspect
It states the first public spoon and the computations based on policy attribute is carried out to the clear data, comprising:
Property set is received by display touch screen, the property set includes at least one attribute;
Attribute access control strategy is formulated according to the property set;
Obtain the first public spoon in the attribute access control strategy and first secret key pair;
The clear data is encrypted using the described first public spoon and the attribute access control strategy.
Second aspect, the embodiment of the present application provide a kind of terminal device, which includes for executing above-mentioned
The unit of the data sharing method of one side, the terminal device include:
Acquiring unit, for obtaining clear data, the attribute of the clear data includes that operation and/or can decrypt;Add
Close unit, for being encrypted according to the attribute of the clear data to the clear data, generating can be decrypted and can operation
Encryption data, can operation encryption data, or the encryption data that can be decrypted;Transmission unit, described in being sent to server
Encryption data, so that the server saves the encryption data.
In conjunction with second aspect, in the first implementation of second aspect:
The terminal device further includes generation unit, if the attribute for the clear data can be decrypted to be described, with
Machine generates the first secret key pair, and first secret key pair includes the first private spoon and the first public spoon;
The encryption unit, specifically for being carried out the clear data based on policy attribute using the described first public spoon
Computations, the encryption data that can be decrypted described in generation, the policy attribute describe the decryption rule of the encryption data.
In conjunction with second aspect, in second of implementation of second aspect:
The terminal device further includes generation unit, if the attribute for the clear data be it is described can operation, with
Machine generates the second secret key pair, and second secret key pair includes the second private spoon and the second public spoon;
The encryption unit is specifically used for carrying out full homomorphic cryptography to the clear data using the described second public spoon, raw
At it is described can operation encryption data.
In conjunction with second aspect, in the third implementation of second aspect:
The terminal device further includes generation unit, if the attribute of the clear data include it is described can operation and it is described can
Decryption, then generate the first secret key pair and the second secret key pair at random, and first secret key pair includes the first private spoon and the first public spoon, institute
Stating the second secret key pair includes the second private spoon and the second public spoon;
The encryption unit is specifically used for belonging to using the described first public spoon is described to clear data progress based on strategy
Property computations, obtain the encryption data that can be decrypted;Using the described second public spoon to the encryption data encrypted
The full homomorphic cryptography is carried out to calculate, can be decrypted described in generation and can operation encryption data.
In conjunction with the first implementation of second aspect, in the 4th kind of implementation of second aspect:
The acquiring unit is also used to obtain the described first private spoon;
The encryption unit is also used to carry out the computations based on policy attribute to the described first private spoon, obtain
Private spoon ciphertext;
The transmission unit is also used to send the private spoon ciphertext to the server, so that the server saves institute
State private spoon ciphertext.
In conjunction with the third implementation of second aspect, in the 5th kind of implementation of second aspect:
The acquiring unit, for obtaining the described first private spoon and the second private spoon;
The terminal device further includes assembled unit, for combining the described first private spoon and the second private spoon, obtains the
Three private spoons;
The encryption unit is also used to carry out the third private spoon computations based on policy attribute, obtain
Private spoon ciphertext;
The transmission unit is also used to send the private spoon ciphertext to the server, so that the server saves institute
State private spoon ciphertext.
In conjunction with the first implementation of second aspect, in the 6th kind of implementation of second aspect:
The terminal device further includes receiving unit, for receiving property set, the property set packet by display touch screen
Containing at least one attribute;It further include formulating unit, for formulating attribute access control strategy according to the property set;
The acquiring unit is also used to obtain the first public affairs in the attribute access control strategy and first secret key pair
Spoon;
The encryption unit is also used to using the described first public spoon and the attribute access control strategy to the plaintext number
According to being encrypted.
The third aspect, the embodiment of the present application provide another terminal device, including processor, communication interface, input are set
Standby, output equipment and memory, the processor, communication interface, input equipment, output equipment and memory are connected with each other,
In, the memory is used to store the computer program for supporting terminal device to execute above-mentioned data sharing method, the computer
Program includes program instruction, and the processor is configured for calling described program instruction, to execute above-mentioned first aspect extremely
The data sharing method that any one of first aspect is realized.
Fourth aspect, the embodiment of the present application provide a kind of computer readable storage medium, the computer storage medium
It is stored with computer program, the computer program includes program instruction, and described program instruction is when being executed by processor, to hold
The above-mentioned first aspect of row to first aspect any one data sharing method realized.
The application takes clear data different computations according to the difference of the attribute of clear data, so that in plain text
It can be decrypted by other users operation and/or by trusted users after data encryption, thus to the data access of different users
Permission is limited, and the encryption data obtained after clear data encryption is then sent to server again, so that server is protected
The encryption data is deposited, so that other users can also obtain the encryption data from server.To which the application utilizes credible the
Tripartite efficiently solves the problems such as excessive terminal device load capacity, key distribution and administrative burden, and gives by data sharing
The operating right of other users is also effectively limited while other users, it is ensured that data are in incomplete credible cloud environment
Under safety.Therefore this application provides a kind of efficient data sharing methods.
Detailed description of the invention
Technical solution in ord to more clearly illustrate embodiments of the present application, below will be to needed in embodiment description
Attached drawing is briefly described.
Fig. 1 is a kind of schematic flow diagram of data sharing method provided by the embodiments of the present application;
Fig. 2 is a kind of schematic flow diagram for data sharing method that another embodiment of the application provides;
Fig. 3 is a kind of schematic diagram of access control tree provided by the present application;
Fig. 4 is a kind of schematic block diagram of terminal device provided by the embodiments of the present application;
Fig. 5 is a kind of structural diagram of terminal device provided by the embodiments of the present application.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete
Site preparation description.
It should be appreciated that ought use in this specification and in the appended claims, term " includes " and "comprising" instruction
Described feature, entirety, step, operation, the presence of element and/or component, but one or more of the other feature, whole is not precluded
Body, step, operation, the presence or addition of element, component and/or its set.
It is also understood that mesh of the term used in this present specification merely for the sake of description specific embodiment
And be not intended to limit the application.As present specification and it is used in the attached claims, unless on
Other situations are hereafter clearly indicated, otherwise " one " of singular, "one" and "the" are intended to include plural form.
It will be further appreciated that the term "and/or" used in present specification and the appended claims is
Refer to any combination and all possible combinations of one or more of associated item listed, and including these combinations.
As used in this specification and in the appended claims, term " if " can be according to context quilt
Be construed to " when ... " or " once " or " in response to determination " or " in response to detecting ".Similarly, phrase " if it is determined that " or
" if detecting [described condition or event] " can be interpreted to mean according to context " once it is determined that " or " in response to true
It is fixed " or " once detecting [described condition or event] " or " in response to detecting [described condition or event] ".
In the specific implementation, terminal device described in the embodiment of the present application is including but not limited to such as with the sensitive table of touch
Mobile phone, laptop computer or the tablet computer in face (for example, touch-screen display and/or touch tablet) etc it is other
Portable device.It is to be further understood that in certain embodiments, equipment is not portable communication device, but has and touch
The desktop computer of sensing surface (for example, touch-screen display and/or touch tablet).
In following discussion, the terminal device including display and touch sensitive surface is described.However, should manage
Solution, terminal device may include that one or more of the other physical User of such as physical keyboard, mouse and/or control-rod connects
Jaws equipment.
Terminal device supports various application programs, such as one of the following or multiple: drawing application program, demonstration application
Program, word-processing application, website creation application program, disk imprinting application program, spreadsheet applications, game are answered
With program, telephony application, videoconference application, email application, instant messaging applications, forging
Application program, photo management application program, digital camera application program, digital camera application program, WWW are supported in refining
(WEB, World Wide Web) viewer applications, digital music player application and/or video frequency player is answered
Use program.
At least one of such as touch sensitive surface can be used in the various application programs that can be executed on the terminal device
Public physical user-interface device.It can adjust and/or change among applications and/or in corresponding application programs and touch
The corresponding information shown in the one or more functions and terminal device of sensing surface.In this way, the public physics of terminal device
Framework (for example, touch sensitive surface) can be supported various using journey with user interface intuitive and transparent for a user
Sequence.
Also need, server described in the embodiment of the present application can be traditional server, large memory system,
Desktop computer, laptop, tablet computer, palm PC, smart phone, portable digital player, smartwatch and
Intelligent bracelet etc., the application are without limitation.
It is that the embodiment of the present application provides a kind of schematic flow diagram of data sharing method, data as shown in the figure are total referring to Fig. 1
Enjoy method can include:
101: obtaining clear data, the attribute of clear data includes that operation and/or can decrypt.
In the embodiment of the present application, the clear data for needing to encrypt first is obtained, wherein clear data refers to not encrypting
Character perhaps the concrete form such as sets of bits has such as text, bit stream, bitmap, digitized voice or digitized view
Frequency image etc., and any terminal device can be bright by directly reading this in the case where clear data not being decrypted
Literary data just know the content of the clear data.
It should be noted that above-mentioned clear data has been divided into three classes according to its attribute, if the attribute of above-mentioned clear data
For can operation, then it represents that above-mentioned clear data in an encrypted state can be by other users operation, but cannot be used by other
Family decryption;If the attribute of above-mentioned clear data is that can decrypt, then it represents that can be by can credit after the encryption of above-mentioned clear data
Family decryption;If the attribute of above-mentioned clear data includes that operation and can decrypt, then it represents that above-mentioned clear data can encrypt
In the state of by other users operation, and can be decrypted by trusted users.
102: according to the attribute of above-mentioned clear data above-mentioned clear data being encrypted, generating can decrypt and can operation
Encryption data, can operation encryption data, or the encryption data that can be decrypted.
In the embodiment of the present application, difference is taken to above-mentioned clear data according to the difference of the attribute of above-mentioned clear data
Computations, specifically, if the attribute of above-mentioned clear data be it is above-mentioned can operation, full homomorphism is carried out to above-mentioned clear data
Encryption, obtain can operation encryption data;If the attribute of above-mentioned clear data be it is above-mentioned decrypt, to above-mentioned clear data into
Computations of the row based on policy attribute, obtain the encryption data that can be decrypted;If the attribute of above-mentioned clear data include it is above-mentioned can
Operation and it is above-mentioned decrypt, then successively above-mentioned clear data is carried out based on the computations of policy attribute and full homomorphic cryptography
Calculate, obtain can decrypting and can operation encryption data.
More particularly, it can be decrypted if the attribute of above-mentioned clear data is, it is random to generate the first secret key pair, the first secret key
To including the first private spoon and the first public spoon;The computations based on policy attribute are carried out to clear data using the first public spoon, it is raw
At the encryption data that can be decrypted, wherein policy attribute describes the decryption rule of encryption data, and illustrating allows to encryption data
The user being decrypted a variety of combinations of attributes.If the attribute of clear data be can operation, it is random to generate the second secret key pair,
Second secret key pair includes the second private spoon and the second public spoon;Full homomorphic cryptography calculating is carried out to clear data using the second public spoon, it is raw
At can operation encryption data.If the attribute of clear data includes that operation and can decrypt, it is random generate the first secret key pair and
Second secret key pair, the first secret key pair include the first private spoon and the first public spoon, and the second secret key pair includes the second private spoon and the second public spoon;
The computations based on policy attribute are carried out to clear data using the first public spoon, obtain the encryption data that can be decrypted;Utilize
Two public spoons carry out full homomorphic cryptography calculating to the encryption data that can be decrypted, generate can decrypt and can operation encryption data.
It should be noted that above-mentioned secret key pair was obtained by secret key generating algorithm, wherein the public spoon in secret key pair and
Private spoon is one-to-one.Public spoon and private spoon are not fixed, as soon as private spoon in two secret keys, then another is public
Spoon, the secret key for being intended only as public spoon can be known by other people, and opposite, private spoon cannot be known by other people, can only be by user
Oneself know.Specifically, could only be decrypted with corresponding private cipher key if encrypted with public-key cryptography to data;Such as
Fruit is encrypted with private cipher key pair data, then could only be decrypted with corresponding public-key cryptography.Wherein, secret key generating algorithm
Including KeyGen secret key generating algorithm etc..
If the attribute of above-mentioned clear data be it is above-mentioned can operation, full homomorphic cryptography is carried out to above-mentioned clear data.Specifically
, above-mentioned full homomorphic cryptography calculates the important privacy information progress homomorphic cryptography referred to user, and key only has data institute
The person of having knows that cloud service provider and other users can not all obtain, to ensure that the safety of data.Due to homomorphic cryptography
The isomorphism of mode, other users can directly carry out the business datum of arithmetic operation oneself beyond the clouds, and operation result is with ciphertext
Mode store beyond the clouds, to provide more convenient calculating for user, ensure that data can in the case where not being decrypted
To be handled by other users, and make in the case where data are encrypted state to data handled as a result, not added in data
The result handled in the state of close data is consistent.Then, user does not need to distribute secret key to other users, still
Other users can also be allowed to handle data, treatment process will not reveal any clear content.And the result decompressed after handling
With the result indifference reprocessed after decompression.
For example, full homomorphic cryptography is carried out to ciphertext 1 and obtains ciphertext 2, is i.e. other users can not solved in ciphertext 2
Data processing is carried out to ciphertext 2 in the case where close, the result handled is carried out by other users again after being extracted with ciphertext 2
The result of data processing is identical.
Further for example, then existing clear data A, clear data B and complete homomorphic encryption algorithm f distinguish
Full homomorphic cryptography is carried out to A and B and calculates f (A)=A' and f (B)=B', obtains encryption data A' and encryption data B', except this it
Outside, decryption function f can be passed through to encryption data A' and encryption data B'-1It is calculated to be decrypted, and retrieves plaintext number
According to A and clear data B.If carrying out operation A'+B'=C' to encryption data A' and encryption data B', encryption data C' is obtained,
Then f will be obtained by encryption data C' being decrypted again-1(C')=A+B, it can be seen that full homomorphism is carried out to clear data and is added
It carries out processing after close calculating and directly carries out processing to clear data to be the same, but if carrying out clear data non-complete same
If the computations of state Encryption Algorithm and non-homomorphic encryption algorithm, it is general that the result decrypted after operation is carried out to encryption data
It is the skimble-skamble messy code of a pile.Then full homomorphic cryptography calculating is carried out to clear data, data rights and number may be implemented
According to the separation of ownership, while can prevent leaking data, to allow processing of the untrusted user to data, and utilize
Cloud service improves the computing capability of terminal device.
It needs, if above-mentioned homomorphic algorithm meets f (A)+f (B)=f (A+B), this kind of homomorphic algorithm meets addition
Homomorphism;If above-mentioned homomorphic algorithm meets f (A) × f (B)=f (A × B), this kind of homomorphic algorithm meets multiplicative homomorphic.Then such as
The above-mentioned homomorphic algorithm of fruit only meets additive homomorphism, then can only just carry out signed magnitude arithmetic(al);Then if above-mentioned homomorphic algorithm is only full
Sufficient multiplicative homomorphic then can only just carry out multiplication and division operation;If above-mentioned homomorphic algorithm meets additive homomorphism and multiplicative homomorphic simultaneously,
Then it is known as full homomorphic cryptography.Data are encrypted using full homomorphic algorithm, progress is any more after can permit data encryption
Kind operation (such as addition subtraction multiplication and division, polynomial evaluation, index, logarithm and trigonometric function etc.).Wherein, additive homomorphism algorithm for example has
Additive homomorphism Paillier algorithm, multiplicative homomorphic algorithm for example have multiplicative homomorphic (RSA, Rivest-Shamir-Adleman) calculation
Method, full homomorphic algorithm have for example full homomorphism Gentry algorithm.
It should also be noted that, full homomorphic encryption algorithm further includes secret key generating algorithm, Encryption Algorithm, decipherment algorithm and close
Literary computational algorithm, wherein secret key generating algorithm is for private needed for generating public spoon and decrypting process needed for ciphering process
Spoon, even cryptogram computation public affairs spoon, the secret key generating algorithm for example have KeyGen algorithm etc.;And Encryption Algorithm is used for in plain text
Data are encrypted, and encryption data is obtained, and Encryption Algorithm for example has Enc algorithm;Decipherment algorithm is for solving encryption data
It is close, clear data is obtained, which for example has Dec algorithm;Cryptogram computation algorithm refers to that other users can use
The algorithm that cryptogram computation formula to carry out encryption data operation is stated, which for example has Evaluate algorithm, lead to
Evaluate algorithm is crossed, other users can carry out the calculating of any power function to encryption data, but will not reveal again simultaneously
Data.
If the attribute of above-mentioned clear data is decrypted to be above-mentioned, above-mentioned clear data added based on policy attribute
Close calculating.Specifically, the computations based on policy attribute be worth be using based on policy attribute encryption technology come to above stating clearly
Literary data are encrypted, and should be a kind of based on policy attribute encryption technology based on trusted third party's ciphertext policy ABE encryption technology
Cloud storage secret sharing, can only be accessed by trusted users using the clear data of the encryption technology, and clear data is all
Person does not need to carry out the work such as key distribution to trusted users yet, it is only necessary to for trusted users formulation access control policy tree come
Model access rights.Then whenever having user to request access to encryption data, the attribute information of the user is just subjected to attribute
Match, operation is decrypted in the enough secret keys of user's ability that only attribute information meets access control tree, so that encrypted plaintext
It can be shared with trusted users, so that encrypted clear data can be decrypted in not all user, only
Encrypted clear data could be decrypted in trusted users, it is achieved that effectively realizing access control function.
It should also be noted that, the above-mentioned attribute to user carry out matching refer to obtain encryption data based on access
The access control tree of strategy, then matches the attribute of user with the attribute of leaf node, the user if successful match
The secret value of leaf node can be obtained, the secret value of non-leaf nodes is then retrodicted out using the secret value of leaf node, directly
To the secret value for solving root node, then the encryption data is decrypted using the secret value of the root node, so that possessing
Encryption data could be decrypted in the user for meeting the attribute of the leaf node of predetermined number.Wherein, access control tree is used for
Concealed encrypted key.
For example, the access control tree based on access strategy as shown in Figure 3, before constructing the access control tree first
Obtain access strategy, the i.e. attribute of the trusted users of the available clear data of owner's setting section of clear data, example
Such as, there are attribute 1, attribute 2, attribute 3, attribute 4, attribute 5 and attribute 6, wherein access strategy is that attribute at least meets (" attribute
1 ", " attribute 2 ", " attribute 3 " and " attribute 4 "), or (" attribute 4 " and " attribute 5 "), or (" attribute 4 " and " attribute 6 "), or
The user of (" attribute 1 ", " attribute 2 ", " attribute 3 " and " attribute 5 ") (" attribute 1 ", " attribute 2 ", " attribute 3 " and " attribute 6 ") is
Trusted users, in addition to this, other users do not have access authority, construct access control tree thus according to above-mentioned access strategy,
As shown in figure 3,6 leaf nodes respectively indicate 6 attributes, non-leaf nodes illustrates data access, and person needs to meet the n omicronn-leaf
Several child nodes can just be considered possessing access authority under child node, such as the threshold value 2/3 of non-leaf nodes illustrates that this is non-
There are 3 leaf nodes under leaf node, wherein the attribute that data access person needs to meet at least two non-leaf nodes could quilt
It is considered to possess access authority.Then data access person need to meet the number for the attribute at least needing to meet represented by this thresholding
When, this node secret value can be decrypted.
After constructing access control tree, the secret value of each node in the access control tree is assigned.It assigns first
One secret value of root node, then generates a multinomial, such as visit shown in Fig. 3 according to the threshold value of the root node at random
Ask control tree, the threshold value of root node is 2/3, and in being randomly generated a multinomial, enabling the polynomial highest number is root
2 in the threshold value of node subtract 1, therefore the highest number of root node is 1, such as F (x)=5+3x, constant term 5 therein are
The secret value of root node, the secret value are to need the secret number saved.In addition, the child node of root node is successively marked from left to right
1,2 and 3 are denoted as, is then brought into 1,2 and 3 in multinomial F (x) respectively, obtained value is respectively three son sections of root node
The secret value of point, such as then the first left child node " 3/3 " of root node is labeled as 1, is transmitted to the secret value of " 3/3 " node
Node for F (1)=5+3*1, intermediate " attribute 4 " is marked as 2, and then root node is transmitted to the secret value of the node of " attribute 4 "
For F (2)=5+3*2=11, then leftmost child node " 1/2 " is marked as 3 in the child node of root node, and root node is transmitted to
The secret value of " 1/2 " node is F (3)=5+3*3=14.Likewise, " 3/3 " node and " 1/2 " node are receiving father node
After the value transmitted, generate random number polynomial in the manner described above, set the value that father node transmits for constant term, furthermore also according to
Aforesaid way generates new secret value and it is transmitted to child node.For leaf node, after receiving the secret value of father node,
Secret value is encrypted with the attribute of this leaf node, then it is above-mentioned by the attribute of the attribute of user and leaf node into
Row matching refers to using the attribute of user the encryption data of the secret value is decrypted, if the attribute of user with should
The attribute of leaf node is consistent, then the user can be with the encryption data of the secret value of the successful decryption leaf node, to obtain
The secret value of the leaf node.
When decryption, user decrypts the secret value of the leaf node of access control tree using the attribute of oneself,
Then the secret value of father node will be solved according to the secret value of the leaf node, if such as attribute 1, attribute 2 and attribute 3 it is secret
Close value is respectively 19,44 and 83, then illustrating father node, there are three point, (1,19), (2,44) for transmitting the multinomial of secret value
(3,83), and the polynomial constant term is the secret value of the father node, can be found out thus according to these three points multinomial
The constant term of formula solves the secret value of father node, to solve the non-leaf of entire access control tree along these lines
The secret value of node.
If the attribute of above-mentioned clear data include it is above-mentioned can operation and it is above-mentioned decrypt, successively to above-mentioned clear data into
Computations and full homomorphic cryptography of the row based on policy attribute calculate.Specifically, above-mentioned successively carry out based on plan clear data
Computations and full the homomorphic cryptography calculating of slightly attribute, which refer to, carries out above-mentioned clear data based on the encryption of policy attribute
Calculation obtains the first encryption data, the first encryption data is then carried out full homomorphic cryptography again, the second encryption data is calculated, in
It is to enable second encryption data for above-mentioned encryption data, to complete the entire ciphering process to above-mentioned clear data.Pass through elder generation
Computations based on policy attribute are carried out to clear data afterwards and full homomorphic cryptography calculates, realizing allows any user to adding
While ciphertext data carries out calculation process, attribute can also allow for meet the user of access strategy using secret key come to encryption data
It is decrypted.
Further, above-mentioned to carry out the computations based on policy attribute to clear data specific: being touched by display
Screen receives property set, and property set includes at least one attribute;Attribute access control strategy is formulated according to property set;Attribute is obtained to visit
Ask the first public spoon in control strategy and the first secret key pair;Using the first public spoon and attribute access control strategy to clear data into
Row encryption.
In the embodiment of the present application, it holds high office showing device first to receive multiple attributes of user's selection, multiple attribute is closed
Connection gets up, and forms property set, and above-mentioned access control policy is constructed according to property set, then carries out to above-mentioned clear data
When computations based on policy attribute, obtain the first public spoon and attribute access control strategy first, then using this
One public spoon and attribute access strategy encrypt clear data.
For example, above-mentioned constructed in access control policy, such as property set according to property set includes 6 elements,
That is attribute 1, attribute 2, attribute 3, attribute 4, attribute 5 and attribute 6, in property set comprising (" attribute 1 ", " attribute 2 ", " attribute 3 " and
" attribute 4 "), (" attribute 4 " and " attribute 5 "), (" attribute 4 " and " attribute 6 "), (" attribute 1 ", " attribute 2 ", " attribute 3 " and " belong to
Property 5 ") and (" attribute 1 ", " attribute 2 ", " attribute 3 " and " attribute 6 ") element combinations, can be constructed thus according to the property set
Access control policy as shown in Figure 3.
It should be noted that the system that the first public spoon is terminal device generates at random, attribute access strategy accesses control
System tree, for example, 6 leaf nodes of access control tree as shown in Figure 3 respectively indicate attribute 1, attribute 2, attribute 3, belong to
Property 4, attribute 5 and attribute 6, as shown in figure 3,6 leaf nodes respectively indicate 6 attributes, non-leaf nodes illustrates that data are visited
The person of asking, which needs to meet several child nodes under the non-leaf nodes, can just be considered possessing access authority, such as the door of non-leaf nodes
Limit value 2/3 illustrates there are 3 leaf nodes under the non-leaf nodes, wherein data access person needs to meet at least two n omicronn-leaf
The attribute of child node just can be considered as possessing access authority.Then data access person need to meet minimum need represented by this thresholding
When the number for the attribute to be met, this node secret value can be decrypted.Wherein, as shown in figure 3, access strategy is attribute
At least meet (" attribute 1 ", " attribute 2 ", " attribute 3 " and " attribute 4 "), or (" attribute 4 " and " attribute 5 "), or (" attribute 4 " and
" attribute 6 "), or (" attribute 1 ", " attribute 2 ", " attribute 3 " and " attribute 5 ") (" attribute 1 ", " attribute 2 ", " attribute 3 " and " attribute
6 ") user is trusted users, and in addition to this, other users do not have access authority.
It should be noted that the above process apply equally to attribute be can decrypt and can operation clear data encryption
Process, specifically, to attribute be can decrypt and can the clear data of operation carry out the computations based on policy attribute when,
Same execute receives property set above by display touch screen;Attribute access control strategy is formulated according to property set;Obtain attribute
The first public spoon in access control policy and the first secret key pair;Using the first public spoon and attribute access control strategy to clear data
The process encrypted.Details are not described herein again it is above-mentioned to attribute be can decrypt and can operation clear data carry out based on strategy belong to
The process of the computations of property.
Further, before receiving property set above by display touch screen, with visual on above-mentioned display touch screen
The mode for changing figure shows at least one attribute;Receive display touch screen in the case where choosing operation, determination choose
At least one attribute during operation is selected;Together by least one Attribute Association, above-mentioned property set is formed, then completed logical
Cross the operation that display touch screen receives property set.
In the embodiment of the present application, terminal device shows multiple categories checked and selected for user on a display screen
Property, then user can choose operation by click, pressing and/or sliding etc. to select the attribute for carrying out to clear data
Collection, which includes at least one attribute for allowing the user of the decryption to encryption data.
As can be seen that data owner can modify and select property set, so that selection can solve encryption data
Close user, the Control granularity of data can be greatly increased by then passing through the embodiment of the present application, to can carry out to encryption data
The user of decryption has carried out effective control and screening, then further improves the data sharing method of the embodiment of the present application
Efficiency and practicability.
103: above-mentioned encryption data is sent to server, so that server saves above-mentioned encryption data.
In the embodiment of the present application, after terminal device encrypts above-mentioned clear data, which is sent
To server, so that the server saves the encryption data, then other users can directly obtain encryption on the server
Data, and do not have to directly ask for the owner of data.
Further, it can be decrypted if the attribute of above-mentioned clear data is, which is carried out based on policy attribute
Computations, after obtaining the encryption data that can be decrypted, obtain the above-mentioned first private spoon;First private spoon belonged to based on strategy
The computations of property, obtain private spoon ciphertext;Private spoon ciphertext is sent to server, so that server saves private spoon ciphertext.
In the embodiment of the present application, it can be decrypted if the attribute of above-mentioned clear data is, illustrate that the clear data carries out
The encryption data obtained after computations based on policy attribute can be decrypted by trusted users using secret key.Then
If user is to successfully be decrypted the encryption data, other than user needs to meet the property policy of the encryption data,
It also needs to use secret key simultaneously.Then when the attribute of above-mentioned clear data is that can decrypt, then terminal device obtains the encryption
The private spoon of data, and the computations based on policy attribute are carried out to the private spoon, the private that then will be obtained after private spoon encryption
Spoon ciphertext is sent to server, allows server generation to save.Then other users are first when encryption data is decrypted
Private spoon ciphertext is first obtained, then the private spoon ciphertext is decrypted to obtain the private spoon of encryption data, finally recycles the private spoon right
Encryption data is decrypted.
Then the embodiment of the present application carries out the encryption based on policy attribute by the private spoon of the encryption data to encryption data
It calculates, to increase the decryption difficulty of above-mentioned encryption data, so that encryption data is other than itself is encrypted, for decrypting this
The private spoon of encryption data also encrypts, so that the data to user are added to double insurance, so that the private spoon of encryption data can only be by
The decryption of first trusted users, and encryption data can only be decrypted by the second trusted users, wherein the first trusted users can including second
The quantity of credit household, the first trusted users are more than or equal to the second trusted users, thus in the embodiment of the present application, Ke Yijian
The access control tree for changing encryption data, a part of attribute description that will allow to access the user of the encryption data are close in above-mentioned private spoon
In the access control tree of text, such as above-mentioned ciphertext private spoon can only be accessed by Ms, and above-mentioned encryption data can only be accessed by student, in
It is actually to integrate the encryption data to be accessed by schoolgirl.It then include " Ms " and " student " two compared to building
For the access control tree of a attribute, two access control trees for separately including " Ms " and " student " of building are more simple, especially
It is when how extremely complex the attribute of access control tree is very using method described in the embodiment of the present application, Ke Yi great
The big complexity for reducing access control tree, can also data encrypting and deciphering significantly speed.
It should be noted that after sending the private spoon ciphertext of the encryption data and encryption data to server, by this plus
Ciphertext data associates with the private spoon ciphertext of the encryption data, so that server is after getting the encryption data, it can
To get the private spoon ciphertext of the encryption data in the server according to the encryption data.
Further, if the attribute of above-mentioned clear data be can decrypt and can operation, which is based on
Full homomorphic cryptography calculating is carried out again after the computations of policy attribute, obtain can decrypting and can after the encryption data of operation,
Obtain the first private spoon and the second private spoon;The private spoon of combination first and the second private spoon, obtain third private spoon;Third private spoon is based on
The computations of policy attribute obtain private spoon ciphertext;Private spoon ciphertext is sent to server, so that the server saves above-mentioned private spoon
Ciphertext.
In the embodiment of the present application, if the attribute of clear data be can decrypt and can operation, as long as including in clear data
It can decrypt, then illustrate that the clear data successively carries out obtaining after computations and the calculating of full homomorphic cryptography based on policy attribute
Encryption data can be decrypted by trusted users using secret key.If then user is to successfully carrying out the encryption data
Decryption, one side user need the second private spoon can just unlock can decrypt and can operation encryption data first layer encryption, from
And the encryption data that can be decrypted is obtained, on the other hand, user also meets except the property policy for the encryption data that can be decrypted, also needs
To use the first secret key simultaneously.Then when the attribute of above-mentioned clear data be can decrypt and can operation when, obtaining this can solve
It is close and can operation encryption data the first private spoon and the second private spoon, and the first private spoon and the second private spoon are combined,
Obtain third private spoon, so that the embodiment of the present application carries out the computations based on policy attribute to the third private spoon, and by this
The private spoon ciphertext obtained after three private spoon encryptions is sent to server, allows server generation to save.Then other users are to adding
When ciphertext data is decrypted, private spoon ciphertext is obtained first, and then being decrypted to obtain to the private spoon ciphertext can decrypt and can
The third private spoon of the encryption data of operation tears third private spoon open then according to the rule of combination of the first private spoon and the second private spoon
Separate, be back-calculated to obtain the first private spoon and the second private spoon, finally recycle the second private spoon and the first private spoon successively to can decrypt and
Can the encryption data of operation be decrypted, to obtain clear data, wherein the rule of combination of the first private spoon and the second private spoon has
Sequence combines or combined crosswise, and sequence combination refers to for the head of the first private spoon or tail being connected with the tail of the second private spoon or head,
To form a column sequence, combined crosswise is referred to the sequence crossover between the first private spoon and the second private spoon according to presetting digit capacity
It combines, such as the first private spoon is divided into first a part and the one or two part, the second private spoon is divided into second a part
With the two or two part, then carry out group according to first a part, second a part, the one or two part and the sequence of the two or two part
It closes.
It should be noted that if the attribute of above-mentioned clear data includes to carry out when can decrypting to above-mentioned civilized data
After computations based on policy attribute obtain the first encryption data, the private spoon that above-mentioned terminal device obtains is for decrypting this
The private spoon of the first of first encryption data;If the attribute of above-mentioned clear data other than it can decrypt, also comprising can operation, then upper
It states and carries out full homomorphic cryptography again on the basis of the first encryption data the second encryption data is calculated, then above-mentioned terminal device obtains
Taking private spoon includes the first private spoon for decrypting the first encryption data, and the second private spoon for decrypting the second encryption data.
The terminal device of the embodiment of the present application is different to take clear data according to the difference of the attribute of clear data
Computations, so that can be decrypted by other users operation and/or by trusted users after clear data encryption, thus to difference
The data access authority of user limit, specifically, if the attribute of above-mentioned clear data be it is above-mentioned can operation, to above-mentioned
Clear data carries out full homomorphic cryptography, allows other users to carry out calculation process to encryption data, but cannot be to encryption number
According to being decrypted, wherein other users to encryption data carry out calculation process refer to other users the encryption data not by
Under decrypted state, the operation such as specific algebraic operation can be carried out to the encryption data, retrieves and compares, and make in encryption number
According to processed in an encrypted state as a result, processed result is consistent after being decrypted with encryption data;If above-mentioned plaintext number
According to attribute be it is above-mentioned decrypt, then the computations based on policy attribute are carried out to above-mentioned clear data, so that attribute meets
The user of access strategy is decrypted using secret key pair encryption data;If the attribute of above-mentioned clear data include it is above-mentioned can operation and
It is above-mentioned to decrypt, then computations and the calculating of full homomorphic cryptography based on policy attribute successively are carried out to above-mentioned clear data, made
While calculation process can be carried out to encryption data by obtaining other users, the user that can also allow for attribute to meet access strategy makes
It is decrypted with secret key pair encryption data.To which the application can limit the data access authority of different users, so
The encryption data obtained after clear data encryption is sent to server by terminal device afterwards, so that server saves the encryption number
According to so that other users can also obtain the encryption data from server.To which the application utilizes trusted third party effectively
Solve that terminal device load capacity is excessive, key distribution and the problems such as administrative burden, and by data sharing to other users
Also effectively limit the operating right of other users simultaneously, it is ensured that safety of the data under incomplete credible cloud environment
Property.Therefore this application provides a kind of efficient data sharing methods.
Referring to fig. 2, it is that another embodiment of the application provides a kind of schematic flow diagram of data sharing method, counts as shown in the figure
According to sharing method can include:
201: obtaining clear data, the attribute of clear data includes that operation and/or can decrypt.
202: if the attribute of above-mentioned clear data is that can decrypt, random to generate the first secret key pair, the first secret key pair includes
First private spoon and the first public spoon.
In embodiments of the present invention, it can be decrypted if the attribute of above-mentioned clear data is, system generates the first secret key at random
Right, the first secret key pair includes the first private spoon and the first public spoon.
It should be noted that above-mentioned secret key pair was obtained by secret key generating algorithm, wherein the public spoon in secret key pair and
Private spoon is one-to-one.Public spoon and private spoon are not fixed, as soon as private spoon in two secret keys, then another is public
Spoon, the secret key for being intended only as public spoon can be known by other people, and opposite, private spoon cannot be known by other people, can only be by user
Oneself know.Specifically, could only be decrypted with corresponding private cipher key if encrypted with public-key cryptography to data;Such as
Fruit is encrypted with private cipher key pair data, then could only be decrypted with corresponding public-key cryptography.Wherein, secret key generating algorithm
Including KeyGen secret key generating algorithm etc..
203: property set being received by display touch screen, property set includes at least one attribute.
In embodiments of the present invention, receive display touch screen in the case where choosing operation, determination choose operation
At least one attribute in selected;Together by least one Attribute Association, above-mentioned property set is formed, then completed by aobvious
Show that touch screen receives the operation of property set.
Further, before receiving property set above by display touch screen, with visual on above-mentioned display touch screen
The mode for changing figure shows at least one attribute.
In the embodiment of the present application, terminal device shows multiple categories checked and selected for user on a display screen
Property, then user can choose operation by click, pressing and/or sliding etc. to select the attribute for carrying out to clear data
Collection, which includes at least one attribute for allowing the user of the decryption to encryption data.
As can be seen that data owner can modify and select property set, so that selection can solve encryption data
Close user, the Control granularity of data can be greatly increased by then passing through the embodiment of the present application, to can carry out to encryption data
The user of decryption has carried out effective control and screening, then further improves the data sharing method of the embodiment of the present application
Efficiency and practicability.
204: attribute access control strategy is formulated according to above-mentioned property set.
In embodiments of the present invention, since above-mentioned property set contains multiple attributes, multiple attribute is to be allowed to adding
The attribute for the user that ciphertext data is decrypted then executes attribute access control strategy, the category on the basis of above-mentioned property set
Property access control policy contains can be to the combinations of attributes for the different user of encryption data being decrypted.
For example, above-mentioned constructed in access control policy, such as property set according to property set includes 6 elements,
That is attribute 1, attribute 2, attribute 3, attribute 4, attribute 5 and attribute 6, in property set comprising (" attribute 1 ", " attribute 2 ", " attribute 3 " and
" attribute 4 "), (" attribute 4 " and " attribute 5 "), (" attribute 4 " and " attribute 6 "), (" attribute 1 ", " attribute 2 ", " attribute 3 " and " belong to
Property 5 ") and (" attribute 1 ", " attribute 2 ", " attribute 3 " and " attribute 6 ") element combinations, can be constructed thus according to the property set
Access control policy as shown in Figure 3.
205: obtaining the first public spoon in above-mentioned attribute access control strategy and above-mentioned first secret key pair.
206: above-mentioned clear data being encrypted using the above-mentioned first public spoon and above-mentioned attribute access control strategy, is generated
The encryption data that can be decrypted.
In embodiments of the present invention, clear data is carried out using the above-mentioned first public spoon and above-mentioned attribute access control strategy
Encryption generates the encryption data that can be decrypted.
For example, 6 leaf nodes of access control tree as shown in Figure 3 respectively indicate attribute 1, attribute 2, attribute
3, attribute 4, attribute 5 and attribute 6, as shown in figure 3,6 leaf nodes respectively indicate 6 attributes, non-leaf nodes illustrates number
Needing to meet several child nodes under the non-leaf nodes according to visitor can just be considered possessing access authority, such as non-leaf nodes
Threshold value 2/3 illustrate there are 3 leaf nodes under the non-leaf nodes, wherein data access person needs to meet at least two
The attribute of non-leaf nodes just can be considered as possessing access authority.Then data access person need to meet represented by this thresholding most
When the number for the attribute for needing to meet less, this node secret value can be decrypted.Wherein, as shown in figure 3, access strategy is
Attribute at least meets (" attribute 1 ", " attribute 2 ", " attribute 3 " and " attribute 4 "), or (" attribute 4 " and " attribute 5 "), or (" attribute
4 " and " attribute 6 "), or (" attribute 1 ", " attribute 2 ", " attribute 3 " and " attribute 5 ") (" attribute 1 ", " attribute 2 ", " attribute 3 " and
" attribute 6 ") user be trusted users, in addition to this, other users do not have access authority.
207: obtaining the above-mentioned first private spoon, and the computations based on policy attribute are carried out to the above-mentioned first private spoon, obtain
Private spoon ciphertext.
In embodiments of the present invention, encryption data is obtained in addition to carrying out the Encryption Algorithm based on policy attribute to clear data
Except, can also the encryption based on policy attribute be carried out to the first private spoon for the encryption data to be decrypted, then obtain
Private spoon ciphertext after encryption.
208: send the above-mentioned encryption data decrypted and above-mentioned private spoon ciphertext to server so that server save this can
The encryption data of decryption and the private spoon ciphertext.
In the embodiment of the present application, terminal device sends above-mentioned encryption data and private spoon ciphertext to server, so that service
Device saves the encryption data and private spoon ciphertext, and then other users can directly obtain the encryption data from server and should
The private spoon ciphertext of encryption data, to private spoon ciphertext be decrypted to obtain private spoon and then using the private spoon to encryption data into
Row decryption.
It should be noted that after sending the private spoon ciphertext of the encryption data and encryption data to server, by this plus
Ciphertext data associates with the private spoon ciphertext of the encryption data, so that server is after getting the encryption data, it can
To get the private spoon ciphertext of the encryption data in the server according to the encryption data.
It should also be noted that, if the attribute of above-mentioned clear data includes when can decrypt, to above-mentioned civilized data into
After computations of the row based on policy attribute obtain the first encryption data, the private spoon that above-mentioned terminal device obtains is for decrypting
The private spoon of the first of first encryption data;If the attribute of above-mentioned clear data other than it can decrypt, also comprising can operation, then exist
Full homomorphic cryptography is carried out on the basis of above-mentioned first encryption data again, the second encryption data is calculated, then above-mentioned terminal device
Obtaining private spoon includes the first private spoon for decrypting the first encryption data, and the second private for decrypting the second encryption data
Spoon.
The embodiment of the present application carries out the computations based on policy attribute by the private spoon of the encryption data to encryption data,
To increase the decryption difficulty of above-mentioned encryption data, so that encryption data is other than itself is encrypted, for decrypting the encryption
The private spoon of data also encrypts, and is equivalent to the double insurance of data safety.Since the private spoon of encryption data and encryption data all uses
Computations based on policy attribute, so that the private spoon of encryption data can only be decrypted by the first trusted users, and encrypt
Data can only be decrypted by the second trusted users, wherein the first trusted users include the second trusted users, the number of the first trusted users
Amount is more than or equal to the second trusted users, in the embodiment of the present application, can simplify and carry out encryption data based on plan
The access control tree slightly taken in the computations of attribute, a part of attribute for the user for allowing to access the encryption data is retouched
It states and private spoon ciphertext is carried out in the access control tree taken in the computations based on policy attribute above-mentioned, such as is above-mentioned close
Literary private spoon can only be accessed by Ms, and above-mentioned encryption data can only be accessed by student, then integrate the actually encryption data
It can only be accessed by schoolgirl.Then for compared to building comprising the access control tree of " Ms " and " student " two attributes, structure
Build that the access control tree that two separately include " Ms " and " student " is more simple, especially the attribute of access control tree very
Using method described in the embodiment of the present application when mostly extremely complex, the complexity of access control tree can be greatly reduced,
Can also significantly high data encrypting and deciphering speed, generally speaking the application further improves the data in third party device
Safety and shared efficiency.
It should be noted that tending to emphasize the difference between each embodiment to the description of each embodiment above
Place, same or similar place can refer to mutually, for sake of simplicity, repeats no more herein.
The embodiment of the present application also provides a kind of terminal device, which is used to execute any one of aforementioned data sharing
The unit of method.It specifically, referring to fig. 4, is a kind of schematic block diagram of terminal device provided by the embodiments of the present application.The present embodiment
Terminal device include: acquiring unit 410, encryption unit 420 and transmission unit 430.
Acquiring unit 410, for obtaining clear data, the attribute of clear data includes that operation and/or can decrypt;Encryption
Unit 420, for being encrypted according to the attribute of clear data to clear data, generate can decrypt and can operation encryption number
According to, can operation encryption data, or the encryption data that can be decrypted;Transmission unit 430, for sending encryption number to server
According to so that server saves encryption data.
Further, above-mentioned terminal device further includes generation unit 440, if the attribute for clear data is that can decrypt,
The first secret key pair is then generated at random, and the first secret key pair includes the first private spoon and the first public spoon;Above-mentioned encryption unit 420, it is specific to use
In carrying out the computations based on policy attribute to clear data using the first public spoon, the encryption data that can be decrypted, strategy are generated
The decryption rule of attribute description encryption data.
Further, above-mentioned terminal device further includes generation unit 440, if for clear data attribute be can operation,
The second secret key pair is then generated at random, and the second secret key pair includes the second private spoon and the second public spoon;Above-mentioned encryption unit 420, it is specific to use
In carrying out full homomorphic cryptography to clear data using the second public spoon, generate can operation encryption data.
Further, above-mentioned terminal device further includes generation unit 440, if the attribute of clear data includes can operation and can
Decryption then generates the first secret key pair and the second secret key pair at random, and the first secret key pair includes the first private spoon and the first public spoon, and second is close
Spoon is to including the second private spoon and the second public spoon;Above-mentioned encryption unit 420 is specifically used for carrying out clear data using the first public spoon
Computations based on policy attribute obtain the encryption data that can be decrypted;Using the second public spoon to the encryption data that can be encrypted into
The full homomorphic cryptography of row calculates, generate can decrypt and can operation encryption data.
Further, above-mentioned acquiring unit 410 is also used to obtain the first private spoon;Above-mentioned encryption unit 420, is also used to pair
First private spoon carries out the computations based on policy attribute, obtains private spoon ciphertext;Above-mentioned transmission unit 430, is also used to service
Device sends private spoon ciphertext, so that server saves private spoon ciphertext.
Further, above-mentioned acquiring unit 410, for obtaining the first private spoon and the second private spoon;Above-mentioned terminal device also wraps
Assembled unit 450 is included, for combining the first private spoon and the second private spoon, obtains third private spoon;Above-mentioned encryption unit 420, is also used to
Computations based on policy attribute are carried out to third private spoon, obtain private spoon ciphertext;Above-mentioned transmission unit 430, is also used to clothes
Business device sends private spoon ciphertext, so that server saves private spoon ciphertext.
Further, above-mentioned terminal device further includes receiving unit 460, for receiving property set by display touch screen,
Property set includes at least one attribute;It further include formulating unit 470, for formulating attribute access control strategy according to property set;
Above-mentioned acquiring unit 410 is also used to obtain the first public spoon in attribute access control strategy and the first secret key pair;Above-mentioned encryption list
Member 420 is also used to encrypt clear data using the first public spoon and attribute access control strategy.
The embodiment of the present application determines whether the clear data allows to be transported by other terminal devices according to the attribute of clear data
It calculates and/or whether allows to be decrypted by other terminal devices, then encryption unit is using different encryption methods come to different attribute
Clear data encrypted, the encryption data that encrypting plaintext data obtain is sent to third-party service again by transmission unit
Device, so that third-party server saves the encryption data, so that other terminal devices can also be from third-party server
Then middle acquisition encryption data carries out operation or decryption etc. to different encryption datas.To which the embodiment of the present application utilizes
Trusted third party efficiently solves that terminal device load capacity is excessive, key distribution and the problems such as administrative burden, and by data
The operating right of other users is also effectively limited while sharing to other users, ensure that data in incomplete credible cloud
Safety under environment.Therefore this application provides a kind of efficient data sharing methods.
It is a kind of terminal device schematic block diagram that another embodiment of the application provides referring to Fig. 5.This implementation as shown in the figure
Terminal device in example may include: one or more processors 510, communication interface 520, input equipment 530, output equipment
540 and memory 550.Above-mentioned processor 510, communication interface 520 and memory 550 are connected by bus 560.Communication interface
520 carry out data interaction for terminal device and other terminal devices, and memory 550 is for storing computer program, computer
Program includes program instruction, and processor 510 is used to execute the program instruction of the storage of memory 550.
Processor 510, for executing the function of acquiring unit 410, for obtaining clear data, the attribute packet of clear data
Including operation and/or can decrypt;It is also used to execute the function of encryption unit 420, for the attribute according to clear data in plain text
Data are encrypted, generate can decrypt and can operation encryption data, can operation encryption data, or the encryption number that can be decrypted
According to.
Communication interface 520, for executing the function of transmission unit 430, for sending encryption data to server, so that clothes
Business device saves encryption data.
Further, processor 510 is also used to execute the function of generation unit 440, if the attribute for clear data is
It can decrypt, then generate the first secret key pair at random, the first secret key pair includes the first private spoon and the first public spoon;Also particularly useful for utilizing the
One public spoon carries out the computations based on policy attribute to clear data, generates the encryption data that can be decrypted, policy attribute description
The decryption rule of encryption data.
Further, processor 510 is also used to execute the function of generation unit 440, if the attribute for clear data is
Can operation, then generate the second secret key pair at random, the second secret key pair includes the second private spoon and the second public spoon;Also particularly useful for utilizing the
Two public spoons carry out full homomorphic cryptography to clear data, generate can operation encryption data.
Further, processor 510 is also used to execute the function of generation unit 440, if the attribute of clear data includes can
It operation and can decrypt, then generate the first secret key pair and the second secret key pair at random, the first secret key pair includes that the first private spoon and first are public
Spoon, the second secret key pair include the second private spoon and the second public spoon;Clear data is based on also particularly useful for using the first public spoon
The computations of policy attribute obtain the encryption data that can be decrypted;The encryption data that can be encrypted is carried out using the second public spoon complete
Homomorphic cryptography calculate, generate can decrypt and can operation encryption data.
Further, processor 510 is also used to obtain the first private spoon;It is also used to carry out based on policy attribute the first private spoon
Computations, obtain private spoon ciphertext;
Correspondingly, communication interface 520, is also used to send private spoon ciphertext to server, so that server saves private spoon ciphertext.
Further, processor 510 are also used to obtain the first private spoon and the second private spoon;It is also used to execute assembled unit 450
Function obtain third private spoon for combining the first private spoon and the second private spoon;It is also used to carry out third private spoon to belong to based on strategy
The computations of property, obtain private spoon ciphertext.
Correspondingly, communication interface 520, is also used to send private spoon ciphertext to server, so that server saves private spoon ciphertext.
Further, above-mentioned terminal device further includes that input equipment 530 is used for for executing the function of receiving unit 460
Property set is received by display touch screen, property set includes at least one attribute.
Correspondingly, processor 520 is also used to execute the function of formulating unit 470, visited for formulating attribute according to property set
Ask control strategy;It is also used to obtain the first public spoon in attribute access control strategy and the first secret key pair;It is also used to utilize first
Public spoon and attribute access control strategy encrypt clear data.
It should be appreciated that in the embodiment of the present application, alleged processor 510 can be central processing unit (Central
Processing Unit, CPU), which can also be other general processors, digital signal processor (Digital
Signal Processor, DSP), specific integrated circuit (Application Specific Integrated Circuit,
ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic
Device, discrete gate or transistor logic, discrete hardware components etc..General processor can be microprocessor or this at
Reason device is also possible to any conventional processor etc..
The memory 550 may include read-only memory and random access memory, and to processor 510 provide instruction and
Data.The a part of of memory 550 can also include nonvolatile RAM.For example, memory 550 can also be deposited
Store up the information of device type.
In the specific implementation, the application reality can be performed in processor 510 and communication interface 520 described in the embodiment of the present application
Implementation described in the first embodiment and second embodiment of the data sharing method of example offer is provided, this Shen also can be performed
Please terminal device described in embodiment implementation, details are not described herein.
A kind of computer readable storage medium is provided in another embodiment of the application, computer readable storage medium is deposited
Computer program is contained, computer program includes program instruction, and program instruction is executed by processor.
Computer readable storage medium can be the internal storage unit of the terminal device of aforementioned any embodiment, such as eventually
The hard disk or memory of end equipment.Computer readable storage medium is also possible to the External memory equipment of terminal device, such as terminal
The plug-in type hard disk being equipped in equipment, intelligent memory card (Smart Media Card, SMC), secure digital (Secure
Digital, SD) card, flash card (Flash Card) etc..Further, computer readable storage medium can also both include eventually
The internal storage unit of end equipment also includes External memory equipment.Computer readable storage medium for store computer program with
And other programs and data needed for terminal device.Computer readable storage medium can be also used for temporarily storing and export
Or the data that will be exported.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware
With the interchangeability of software, each exemplary composition and step are generally described according to function in the above description.This
A little functions are implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Specially
Industry technical staff can realize described function to each specific application using different data sharing method, but this
Kind is realized it is not considered that exceeding scope of the present application.
It is apparent to those skilled in the art that for convenience of description and succinctly, the end of foregoing description
The specific work process of end equipment and unit, can be with reference to the corresponding process in aforementioned data sharing method embodiment, herein not
It repeats again.
In several embodiments provided herein, it should be understood that disclosed terminal device and data sharing side
Method may be implemented in other ways.For example, the apparatus embodiments described above are merely exemplary, for example, unit
Division, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or group
Part can be combined or can be integrated into another system, or some features can be ignored or not executed.In addition, it is shown or
The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of device or unit
It closes or communicates to connect, be also possible to electricity, mechanical or other forms connections.
Unit may or may not be physically separated as illustrated by the separation member, shown as a unit
Component may or may not be physical unit, it can and it is in one place, or may be distributed over multiple networks
On unit.It can select some or all of unit therein according to the actual needs to realize the mesh of the embodiment of the present application scheme
's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit
It is that each unit physically exists alone, is also possible to two or more units and is integrated in one unit.It is above-mentioned integrated
Unit both can take the form of hardware realization, can also realize in the form of software functional units.
It, can if integrated unit is realized in the form of SFU software functional unit and when sold or used as an independent product
To be stored in a computer readable storage medium.Based on this understanding, the technical solution of the application substantially or
Say that all or part of the part that contributes to existing technology or the technical solution can embody in the form of software products
Out, which is stored in a storage medium, including some instructions are used so that a computer equipment
(can be personal computer, server or the network equipment etc.) executes the complete of each embodiment data sharing method of the application
Portion or part steps.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only
Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various can store journey
The medium of sequence code.
Claims (10)
1. a kind of data sharing method characterized by comprising
Obtain clear data, the attribute of the clear data includes that operation and/or can decrypt;
The clear data is encrypted according to the attribute of the clear data, generate can decrypt and can operation encryption number
According to, can operation encryption data, or the encryption data that can be decrypted;
The encryption data is sent to server, so that the server saves the encryption data.
2. data sharing method according to claim 1, which is characterized in that the attribute pair according to the clear data
The clear data is encrypted, and the encryption data that can be decrypted is generated, comprising:
Random to generate the first secret key pair if the attribute of the clear data can be decrypted described in being, first secret key pair includes
First private spoon and the first public spoon;
The computations based on policy attribute are carried out to the clear data using the described first public spoon, can be decrypted described in generation
Encryption data, the policy attribute describe the decryption rule of the encryption data.
3. data sharing method according to claim 1, which is characterized in that the attribute pair according to the clear data
The clear data is encrypted, generate can operation encryption data, comprising:
If the attribute of the clear data be it is described can operation, random to generate the second secret key pair, second secret key pair includes
Second private spoon and the second public spoon;
Full homomorphic cryptography calculating carried out to the clear data using the described second public spoon, described in generation can operation encryption number
According to.
4. data sharing method according to claim 1, which is characterized in that the attribute pair according to the clear data
The clear data is encrypted, generate can decrypt and can operation encryption data, comprising:
If the attribute of the clear data include it is described can operation and it is described decrypt, it is random to generate the first secret key pair and second
Secret key pair, first secret key pair include the first private spoon and the first public spoon, and second secret key pair includes the second private spoon and second
Public spoon;
Using the described first public spoon the computations based on policy attribute are carried out to the clear data, obtains described to decrypt
Encryption data;
Full homomorphic cryptography calculating is carried out to the encryption data decrypted using the described second public spoon, can be decrypted described in generation and
Can operation encryption data.
5. data sharing method according to claim 2, which is characterized in that the encryption data that can be decrypted described in the generation
Later, further includes:
Obtain the described first private spoon;
The computations based on policy attribute are carried out to the described first private spoon, obtain private spoon ciphertext;
The private spoon ciphertext is sent to the server, so that the server saves the private spoon ciphertext.
6. data sharing method according to claim 4, which is characterized in that can decrypt described in the generation and can operation
After encryption data, further includes:
Obtain the described first private spoon and the second private spoon;
The described first private spoon and the second private spoon are combined, third private spoon is obtained;
The computations based on policy attribute are carried out to the third private spoon, obtain private spoon ciphertext;
The private spoon ciphertext is sent to the server, so that the server saves the private spoon ciphertext.
7. data sharing method according to claim 2, which is characterized in that it is described using the described first public spoon to being stated clearly
Literary data carry out the computations based on policy attribute, comprising:
Property set is received by display touch screen, the property set includes at least one attribute;
Attribute access control strategy is formulated according to the property set;
Obtain the first public spoon in the attribute access control strategy and first secret key pair;
The clear data is encrypted using the described first public spoon and the attribute access control strategy.
8. a kind of terminal device, which is characterized in that including for executing such as method as claimed in any one of claims 1 to 7
Unit.
9. a kind of terminal device, which is characterized in that including processor, communication interface, input equipment, output equipment and memory,
The processor, communication interface, input equipment, output equipment and memory are connected with each other, wherein the communication interface be used for
Other terminal devices carry out data interaction, and for the memory for storing computer program, the computer program includes program
Instruction, the processor is configured for calling described program instruction, to execute such as the described in any item numbers of claim 1-7
According to sharing method.
10. a kind of computer readable storage medium, which is characterized in that the computer storage medium is stored with computer program,
The computer program includes program instruction, and described program instruction makes the processor execute such as right when being executed by a processor
It is required that the described in any item data sharing methods of 1-7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811025481.6A CN109214201B (en) | 2018-08-31 | 2018-08-31 | Data sharing method, terminal equipment and computer readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811025481.6A CN109214201B (en) | 2018-08-31 | 2018-08-31 | Data sharing method, terminal equipment and computer readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109214201A true CN109214201A (en) | 2019-01-15 |
CN109214201B CN109214201B (en) | 2024-03-19 |
Family
ID=64986626
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811025481.6A Active CN109214201B (en) | 2018-08-31 | 2018-08-31 | Data sharing method, terminal equipment and computer readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109214201B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110943834A (en) * | 2019-12-06 | 2020-03-31 | 歌尔股份有限公司 | Network device, password processing method thereof, control device and readable storage medium |
CN111464282A (en) * | 2019-01-18 | 2020-07-28 | 百度在线网络技术(北京)有限公司 | Data processing method and device based on homomorphic encryption |
CN111832042A (en) * | 2020-06-23 | 2020-10-27 | 武汉菲奥达物联科技有限公司 | Apartment student data security management method and device |
WO2020253380A1 (en) * | 2019-06-17 | 2020-12-24 | 深圳壹账通智能科技有限公司 | Data encryption method and apparatus, and terminal device |
CN112685760A (en) * | 2021-01-08 | 2021-04-20 | 浙江泰科数联信息技术有限公司 | Financial data privacy processing and sharing method capable of authorizing on block chain |
CN113259137A (en) * | 2021-07-15 | 2021-08-13 | 广东电网有限责任公司江门供电局 | Power grid access control method, system and storage medium based on user attributes |
WO2022099495A1 (en) * | 2020-11-11 | 2022-05-19 | 深圳技术大学 | Ciphertext search method, system, and device in cloud computing environment |
WO2022193309A1 (en) * | 2021-03-19 | 2022-09-22 | 深圳大学 | Ciphertext policy attribute-based encryption method and apparatus, and electronic device |
CN115529194A (en) * | 2022-11-28 | 2022-12-27 | 中国人民解放军国防科技大学 | Data management method, system, equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104079574A (en) * | 2014-07-02 | 2014-10-01 | 南京邮电大学 | User privacy protection method based on attribute and homomorphism mixed encryption under cloud environment |
WO2016182509A1 (en) * | 2015-05-13 | 2016-11-17 | Agency For Science, Technology And Research | Network system, and methods of encrypting data, decrypting encrypted data in the same |
CN107154845A (en) * | 2017-04-11 | 2017-09-12 | 中国人民武装警察部队工程大学 | A kind of BGN types ciphertext decryption outsourcing scheme based on attribute |
CN107181584A (en) * | 2016-03-09 | 2017-09-19 | 郑珂威 | Asymmetric complete homomorphic cryptography and its replacement of keys and ciphertext complete a business transaction method |
CN108063754A (en) * | 2017-11-10 | 2018-05-22 | 西安电子科技大学 | Towards the attribute base encryption method of wearable health monitoring equipment anonymization data |
-
2018
- 2018-08-31 CN CN201811025481.6A patent/CN109214201B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104079574A (en) * | 2014-07-02 | 2014-10-01 | 南京邮电大学 | User privacy protection method based on attribute and homomorphism mixed encryption under cloud environment |
WO2016182509A1 (en) * | 2015-05-13 | 2016-11-17 | Agency For Science, Technology And Research | Network system, and methods of encrypting data, decrypting encrypted data in the same |
CN107181584A (en) * | 2016-03-09 | 2017-09-19 | 郑珂威 | Asymmetric complete homomorphic cryptography and its replacement of keys and ciphertext complete a business transaction method |
CN107154845A (en) * | 2017-04-11 | 2017-09-12 | 中国人民武装警察部队工程大学 | A kind of BGN types ciphertext decryption outsourcing scheme based on attribute |
CN108063754A (en) * | 2017-11-10 | 2018-05-22 | 西安电子科技大学 | Towards the attribute base encryption method of wearable health monitoring equipment anonymization data |
Non-Patent Citations (1)
Title |
---|
刘青等: "云计算环境中基于策略的多用户全同态加密方法", 广西大学学报(自然科学版), no. 03, 25 June 2016 (2016-06-25), pages 786 - 795 * |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111464282A (en) * | 2019-01-18 | 2020-07-28 | 百度在线网络技术(北京)有限公司 | Data processing method and device based on homomorphic encryption |
CN111464282B (en) * | 2019-01-18 | 2024-04-26 | 百度在线网络技术(北京)有限公司 | Homomorphic encryption-based data processing method and device |
WO2020253380A1 (en) * | 2019-06-17 | 2020-12-24 | 深圳壹账通智能科技有限公司 | Data encryption method and apparatus, and terminal device |
CN110943834B (en) * | 2019-12-06 | 2023-02-28 | 歌尔科技有限公司 | Network device, password processing method thereof, control device and readable storage medium |
CN110943834A (en) * | 2019-12-06 | 2020-03-31 | 歌尔股份有限公司 | Network device, password processing method thereof, control device and readable storage medium |
CN111832042B (en) * | 2020-06-23 | 2024-02-13 | 武汉菲奥达物联科技有限公司 | Apartment student data safety management method and device |
CN111832042A (en) * | 2020-06-23 | 2020-10-27 | 武汉菲奥达物联科技有限公司 | Apartment student data security management method and device |
WO2022099495A1 (en) * | 2020-11-11 | 2022-05-19 | 深圳技术大学 | Ciphertext search method, system, and device in cloud computing environment |
CN112685760A (en) * | 2021-01-08 | 2021-04-20 | 浙江泰科数联信息技术有限公司 | Financial data privacy processing and sharing method capable of authorizing on block chain |
WO2022193309A1 (en) * | 2021-03-19 | 2022-09-22 | 深圳大学 | Ciphertext policy attribute-based encryption method and apparatus, and electronic device |
CN113259137A (en) * | 2021-07-15 | 2021-08-13 | 广东电网有限责任公司江门供电局 | Power grid access control method, system and storage medium based on user attributes |
CN115529194A (en) * | 2022-11-28 | 2022-12-27 | 中国人民解放军国防科技大学 | Data management method, system, equipment and storage medium |
CN115529194B (en) * | 2022-11-28 | 2023-03-10 | 中国人民解放军国防科技大学 | Data management method, system, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN109214201B (en) | 2024-03-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109214201A (en) | A kind of data sharing method, terminal device and computer readable storage medium | |
Chinnasamy et al. | HCAC-EHR: hybrid cryptographic access control for secure EHR retrieval in healthcare cloud | |
CN113127916B (en) | Data set processing method, data processing method, device and storage medium | |
WO2022247576A1 (en) | Data processing method and apparatus, device, and computer-readable storage medium | |
CN107196926B (en) | Cloud outsourcing privacy set comparison method and device | |
CN109728906B (en) | Anti-quantum-computation asymmetric encryption method and system based on asymmetric key pool | |
CN110089071B (en) | Secure distributed data processing | |
CN112003696B (en) | SM9 key generation method, system, electronic equipment, device and storage medium | |
Yan et al. | Context-aware verifiable cloud computing | |
US8220040B2 (en) | Verifying that group membership requirements are met by users | |
El Bouchti et al. | Encryption as a service for data healthcare cloud security | |
CN109040076A (en) | A kind of data processing method, system, device, equipment and medium | |
CN107204997A (en) | The method and apparatus for managing cloud storage data | |
CN109728905A (en) | Anti- quantum calculation MQV cryptographic key negotiation method and system based on unsymmetrical key pond | |
CN112765642A (en) | Data processing method, data processing apparatus, electronic device, and medium | |
Kumar et al. | Overview of information security using genetic algorithm and chaos | |
CN106570405A (en) | Method and apparatus for performing encryption/decryption on text in input method | |
CN116401686A (en) | Homomorphic encryption-based multiparty privacy set operation method and system | |
Jammula et al. | Hybrid lightweight cryptography with attribute-based encryption standard for secure and scalable IoT system | |
Yan et al. | CloudFile: A cloud data access control system based on mobile social trust | |
CN113434906B (en) | Data query method, device, computer equipment and storage medium | |
CN110474764A (en) | Ciphertext data set intersection calculation method, device, system, client, server and medium | |
CN112235111B (en) | Key generation method, device, equipment and computer readable storage medium | |
CN116522366B (en) | Multiparty data processing method suitable for big data, storage medium and product | |
WO2023241142A1 (en) | Data processing method and apparatus, storage medium, and electronic device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |