CN111786779B - Novel accountability security data sharing system and method - Google Patents

Novel accountability security data sharing system and method Download PDF

Info

Publication number
CN111786779B
CN111786779B CN202010558430.0A CN202010558430A CN111786779B CN 111786779 B CN111786779 B CN 111786779B CN 202010558430 A CN202010558430 A CN 202010558430A CN 111786779 B CN111786779 B CN 111786779B
Authority
CN
China
Prior art keywords
data
log
sgx
hardware device
trusted hardware
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010558430.0A
Other languages
Chinese (zh)
Other versions
CN111786779A (en
Inventor
范佳
曹云飞
王震
赵越
吴开均
郝尧
张皓
王雪
罗伊莉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 30 Research Institute
Original Assignee
CETC 30 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 30 Research Institute filed Critical CETC 30 Research Institute
Priority to CN202010558430.0A priority Critical patent/CN111786779B/en
Publication of CN111786779A publication Critical patent/CN111786779A/en
Application granted granted Critical
Publication of CN111786779B publication Critical patent/CN111786779B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Abstract

The invention discloses a novel accountable security data sharing system and a method, which comprises a data sharing platform used for sharing data by a data owner and a data subscriber; the data sharing platform comprises an access control module, a storage module, a log service module and a trusted hardware device SGX, wherein the storage module, the log service module and the trusted hardware device SGX are connected with the access control module; the log service module maintains logs using a Merkle tree. According to the method, a log structure based on a Merkle tree is adopted to log data subscription behaviors, the state of the log is verified in a trusted hardware device SGX, once the trusted hardware device SGX finds that the log is tampered, decryption service is not provided any more, and therefore abuse of data is prevented; and the trusted hardware device SGX sends a notification message to the user every time the trusted hardware device SGX performs verification and decryption operations, the notification message comprises a verification result of the SGX on the log certification and a signature of the verification result, and the user can realize the accountability function by taking the notification message as evidence.

Description

Novel accountability security data sharing system and method
Technical Field
The invention relates to the technical field of data transmission security, in particular to a novel accountable security data sharing system and method.
Background
Most of the existing data sharing schemes use an access control technology and the like to guarantee illegal access of data, but the security of a data sharing platform is not considered in the schemes. Some data sharing schemes only prevent attacks from the outside, although a cryptographic algorithm is used for data encryption during data storage. Currently, some schemes consider using a tracking algorithm or introducing a trusted third party to perform accountability for attacks from personnel inside a platform, but the existing tracking algorithm has high calculation cost, and a so-called trusted third party is not really and completely trusted at many times.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: in response to the above-identified problems, a new accountable secure data sharing system and method is provided.
The invention provides a novel accountable security data sharing system, which comprises a data sharing platform, a data processing platform and a data processing platform, wherein the data sharing platform is used for sharing data by a data owner and a data subscriber; the data sharing platform comprises an access control module, a storage module, a log service module and a trusted hardware device SGX, wherein the storage module, the log service module and the trusted hardware device SGX are connected with the access control module; the log service module maintains logs using a Merkle tree.
The invention also provides a novel accountable security data sharing method, wherein the method comprises the following steps that a data owner and a data subscriber share data through a data sharing platform, and the data sharing is carried out through the following steps:
s1, the data owner uploads the encrypted data to the data sharing platform;
s2, the storage module of the data sharing platform stores the encrypted data;
s3, the data subscriber sends out a subscription request;
s4, the data sharing platform determines whether the data subscriber can subscribe through the access control module, and calls the log service module to generate log certification when the data subscriber can subscribe, wherein the log service module maintains a log by using a Merkle tree, then inputs the log into a trusted hardware device SGX to perform log certification verification, determines whether to send decrypted data to the data subscriber according to a verification result, and sends a corresponding notification message to the data subscriber; the notification message includes a verification result of the trusted hardware device SGX for the log attestation and a signature of the verification result.
S5, if the data owner receives the notification message online, it can immediately verify which data is currently subscribed by whom by calling the system log. If the data owner is offline currently, the notification messages are stored in the inbox, and when the data owner receives a plurality of notification messages when the data owner is online again, the current system log is called, so that the data owner can verify which data are subscribed by which persons in batches, the subscription sequence of the data and the like.
Further, step S1 includes the following sub-steps:
s11, the data owner ID _ i calculates a shared key k by using a public key PK _ SGX of the trusted hardware device SDX and the public key PK _ ID _ i of the data owner and adopting a DH (Diffie-Hellman) algorithm, and encrypts plaintext data m by using a symmetric encryption algorithm and the key k to obtain a ciphertext C _ i;
s12, the data owner ID _ i uses the plaintext data m to obtain the related index information Tag _ i;
s13, data owner ID _ i uploads (ID _ i, C _ i, Tag _ i) to the data sharing platform.
Further, in step S2, the method for the storage module of the data sharing platform to store the encrypted data includes: stores (ID _ i, C _ i, Tag _ i), and discloses index information Tag _ i.
Further, step S3 includes the following sub-steps:
s31, the data subscriber ID _ j inquires and determines the index information Tag _ i which needs to be subscribed;
s32, when the data subscriber ID _ j sends subscription request to the data sharing platform, it submits index information Tag _ i to the data sharing platform.
Further, step S4 includes the following sub-steps:
s41, the data sharing platform judges whether the access right of the data subscriber ID _ j can subscribe the encrypted data corresponding to the submitted index information Tag _ i through the access control module: if the subscription is not available, terminating the access, otherwise, calculating r _ i ═ Hash (ID _ j, C _ i) and storing r _ i;
s42, the access control module submits (ID _ i, ID _ j, C _ i, Tag _ i, r _ i) to the log service module and obtains the relevant proof Prov _ i;
s43, the access control module digitally signs (ID _ i, ID _ j, C _ i, r _ i, Prov _ i) to obtain signature information Sig _ i, and sends (ID _ i, ID _ j, C _ i, r _ i, Prov _ i, Sig _ i) to the trusted hardware device SGX;
s44, the trusted hardware device SGX verifies the signature information Sig _ i and the associated proof Prov _ i:
if the verification result _ i passes, the trusted hardware device SGX calculates a shared key k by using a private key of the trusted hardware device SGX and a public key of the data owner ID _ i through a DH algorithm, decrypts C _ i by using k, returns decrypted plaintext data m to the data subscriber ID _ j, and sends a notification message that the data has been successfully subscribed to the data owner ID _ i;
if the verification result _ i is failed, the trusted hardware device SGX sends a notification message that the log is tampered to the data owner ID _ i.
Further, the log service module maintains the log by using the Merkle tree, namely, a Merkle tree is maintained for each data owner ID _ i to record the log, and a root node of the Merkle tree is H; when the access control module submits (ID _ i, ID _ j, C _ i, Tag _ i, r _ i) to the log service module, the log service module performs:
(1) adding r _ i into the log, and updating the root node to be H';
(2) generating a presence proof pi and an extension proof p; wherein, a path from pi to a root node H 'is proved, and a path from rho to H' is proved by expansion;
(3) and generating a correlation certificate Prov _ i ═ (H', pi, rho, ID _ i) and returning the correlation certificate to the access control module.
Further, the notification message includes (ID _ i, ID _ j, C _ i, r _ i, prev _ i, Sig _ i), the verification result of the trusted hardware device SGX on the log certificate, and the signature Sig _ SGX _ i of the trusted hardware device SGX on (ID _ i, ID _ j, C _ i, Tag _ i, r _ i, result _ i).
Further, the data owner may receive notification messages online or offline.
In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that:
1. according to the method, a log structure based on a Merkle tree is adopted to log data subscription behaviors, the state of the log is verified in a trusted hardware device SGX, once the trusted hardware device SGX finds that the log is tampered, decryption service is not provided any more, and therefore abuse of data is prevented; and the trusted hardware device SGX sends a notification message to the user every time the trusted hardware device SGX performs verification and decryption operations, the notification message comprises a verification result of the SGX on the log certification and a signature of the verification result, and the user can realize the accountability function by taking the notification message as evidence.
2. The invention uses DH algorithm to calculate the shared key of user and trusted hardware device SGX, can realize the data sharing of multi-user participation.
3. By designing a data subscription process without participation of a data owner and a protocol step that the data owner can call the log and verify, the data owner can be offline at any time, check the notification message when online and verify the log record.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
FIG. 1 is a schematic diagram of the accountable secure data sharing system and method of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the detailed description and specific examples, while indicating the preferred embodiment of the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, which is a schematic diagram of a novel accountable secure data sharing system and method proposed by the present invention, a data owner and a data subscriber share data through a data sharing platform, and in order to solve the problem of internal personnel attack of the existing data sharing platform, the present invention mainly proposes the following two design ideas:
(1) recording data subscription behaviors by adopting a log structure based on a Merkle tree;
(2) by verifying the state of the log in the trusted hardware device SGX, the log is made tamper-proof, thereby preventing misuse of data.
The features and properties of the present invention are described in further detail below with reference to examples.
The novel accountable security data sharing system comprises a data sharing platform, a data processing platform and a data processing platform, wherein the data sharing platform is used for sharing data by a data owner and a data subscriber; the data sharing platform comprises an access control module, a storage module, a log service module and a trusted hardware device SGX, wherein the storage module, the log service module and the trusted hardware device SGX are connected with the access control module; the log service module maintains logs using a Merkle tree.
Based on the accountable security data sharing system, a new accountable security data sharing method can be realized, in the method, a data owner and a data subscriber share data through a data sharing platform, and data sharing is performed through the following steps S1 to S4:
s1, the data owner uploads the encrypted data to the data sharing platform;
the data owner encrypts data by adopting a DH algorithm and a symmetric encryption algorithm, and specifically:
s11, the data owner ID _ i calculates a shared key k by using a public key PK _ SGX of the trusted hardware device SDX and the public key PK _ ID _ i of the data owner through a DH algorithm, and encrypts plaintext data m by using a symmetric encryption algorithm to obtain a ciphertext C _ i;
s12, the data owner ID _ i uses the plaintext data m to obtain the related index information Tag _ i;
s13, data owner ID _ i uploads (ID _ i, C _ i, Tag _ i) to the data sharing platform.
It can be seen that data sharing with multi-user participation can be realized by adding a user ID (e.g. ID _ i) to identify a user identity, and calculating a shared key of the user and the trusted hardware device SGX by using a DH algorithm.
S2, the storage module of the data sharing platform stores the encrypted data;
specifically, (ID _ i, C _ i, Tag _ i) is stored, and index information Tag _ i is disclosed.
S3, the data subscriber sends out a subscription request;
specifically, the method comprises the following steps:
s31, the data subscriber ID _ j inquires and determines the index information Tag _ i which needs to be subscribed;
s32, when the data subscriber ID _ j sends subscription request to the data sharing platform, it submits index information Tag _ i to the data sharing platform.
S4, the data sharing platform determines whether the data subscriber can subscribe through the access control module, and calls the log service module to generate log certification when the data subscriber can subscribe, wherein the log service module maintains a log by using a Merkle tree, then inputs the log into a trusted hardware device SGX to perform log certification verification, determines whether to send decrypted data to the data subscriber according to a verification result, and sends a corresponding notification message to the data subscriber; the notification message includes a verification result of the trusted hardware device SGX for the log attestation and a signature of the verification result.
Specifically, the method comprises the following steps:
s41, the data sharing platform judges whether the access right of the data subscriber ID _ j can subscribe the encrypted data corresponding to the submitted index information Tag _ i through the access control module:
if the subscription is not available, the access is terminated;
otherwise, calculating r _ i as Hash (ID _ j, C _ i) and storing r _ i;
s42, the access control module submits (ID _ i, ID _ j, C _ i, Tag _ i, r _ i) to the log service module and obtains the relevant proof Prov _ i;
the log service module maintains the log by using the Merkle tree, namely, a Merkle tree is maintained for each data owner ID _ i to record the log, and the root node of the Merkle tree is H; when the access control module submits (ID _ i, ID _ j, C _ i, Tag _ i, r _ i) to the log service module, the log service module performs:
(1) adding r _ i into the log, and updating the root node to be H';
(2) generating a presence proof pi and an extension proof p; wherein:
a path from the proof pi to the root node H' exists, which can ensure that the new subscription request is really contained in the new tree;
the extension proves that ρ is the path from H to H 'and it can be ensured that the new tree H' is indeed an extension of the old tree H.
(3) And generating a correlation certificate Prov _ i ═ (H', pi, rho, ID _ i) and returning the correlation certificate to the access control module. Through the steps, a non-falsifiable log is maintained by using the Merkle tree, the behavior information of the user using data is recorded, and the correctness of the record is proved by generating a relevant certificate, so that the user can ask for accountability.
S43, the access control module digitally signs (ID _ i, ID _ j, C _ i, r _ i, Prov _ i) to obtain signature information Sig _ i, and sends (ID _ i, ID _ j, C _ i, r _ i, Prov _ i, Sig _ i) to the trusted hardware device SGX;
s44, the trusted hardware device SGX verifies the signature information Sig _ i and the associated proof Prov _ i:
if the verification result _ i passes, the trusted hardware device SGX calculates a shared key k by using a private key of the trusted hardware device SGX and a public key of the data owner ID _ i through a DH algorithm, decrypts C _ i by using k, returns decrypted plaintext data m to the data subscriber ID _ j, and sends a notification message that the data has been successfully subscribed to the data owner ID _ i;
if the verification result _ i is failed, the trusted hardware device SGX sends a notification message that the log is tampered to the data owner ID _ i;
wherein the data owner may receive the notification message online or offline. That is, the subscription process of the data subscriber ID _ j does not require the participation of the data owner ID _ i, so the data owner ID _ i can be offline at any time, and receive the notification message sent by the trusted hardware device SGX when the data subscriber ID _ i is online again. The notification message includes (ID _ i, ID _ j, C _ i, r _ i, prev _ i, Sig _ i), a verification result of the trusted hardware device SGX on the log certificate, and a signature Sig _ SGX _ i of the trusted hardware device SGX on (ID _ i, ID _ j, C _ i, Tag _ i, r _ i, result _ i). By looking at the notification message, the data owner ID _ i can know which data is used by which data subscriber ID _ j; when the trusted hardware device SGX notifies that the log is tampered with, the data owner ID _ i may call the current log for verification. The notification message sent by the trusted hardware device SGX may be used as proof of user accountability because of the verification result of the log certificate and the signature of the verification result.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (5)

1. A novel accountable security data sharing method is characterized in that a data owner and a data subscriber share data through a data sharing platform, and data sharing is carried out through the following steps:
s1, the data owner uploads the encrypted data to the data sharing platform;
s2, the storage module of the data sharing platform stores the encrypted data;
s3, the data subscriber sends out a subscription request;
s4, the data sharing platform determines whether the data subscriber can subscribe through the access control module, and calls the log service module to generate log certification when the data subscriber can subscribe, wherein the log service module maintains a log by using a Merkle tree, then inputs the log into a trusted hardware device SGX to perform log certification verification, determines whether to send decrypted data to the data subscriber according to a verification result, and sends a corresponding notification message to the data subscriber; the notification message comprises a verification result of the trusted hardware device SGX on the log certificate and a signature of the verification result;
step S1 includes the following sub-steps:
s11, the data owner ID _ i calculates a shared key k by using a public key PK _ SGX of the trusted hardware device SDX and the public key PK _ ID _ i of the data owner through a DH algorithm, and encrypts plaintext data m by using a symmetric encryption algorithm to obtain a ciphertext C _ i;
s12, the data owner ID _ i uses the plaintext data m to obtain the related index information Tag _ i;
s13, uploading (ID _ i, C _ i, Tag _ i) to a data sharing platform by the data owner ID _ i;
the method for storing the encrypted data by the storage module of the data sharing platform in step S2 is as follows: storing (ID _ i, C _ i, Tag _ i) and disclosing index information Tag _ i;
step S3 includes the following sub-steps:
s31, the data subscriber ID _ j inquires and determines the index information Tag _ i which needs to be subscribed;
s32, when a data subscriber ID _ j sends a subscription request to the data sharing platform, the data subscriber ID _ j submits index information Tag _ i to the data sharing platform;
step S4 includes the following sub-steps:
s41, the data sharing platform judges whether the access right of the data subscriber ID _ j can subscribe the encrypted data corresponding to the submitted index information Tag _ i through the access control module: if the subscription is not available, terminating the access, otherwise, calculating r _ i ═ Hash (ID _ j, C _ i) and storing r _ i;
s42, the access control module submits (ID _ i, ID _ j, C _ i, Tag _ i, r _ i) to the log service module and obtains the relevant proof Prov _ i;
s43, the access control module digitally signs (ID _ i, ID _ j, C _ i, r _ i, Prov _ i) to obtain signature information Sig _ i, and sends (ID _ i, ID _ j, C _ i, r _ i, Prov _ i, Sig _ i) to the trusted hardware device SGX;
s44, the trusted hardware device SGX verifies the signature information Sig _ i and the associated proof Prov _ i:
if the verification result _ i passes, the trusted hardware device SGX calculates a shared key k by using a private key of the trusted hardware device SGX and a public key of the data owner ID _ i through a DH algorithm, decrypts C _ i by using k, returns decrypted plaintext data m to the data subscriber ID _ j, and sends a notification message that the data has been successfully subscribed to the data owner ID _ i;
if the verification result _ i is failed, the trusted hardware device SGX sends a notification message that the log is tampered to the data owner ID _ i.
2. The method according to claim 1, wherein the log service module maintains a log using a Merkle tree, which means that a Merkle tree with a root node of H is maintained for each data owner ID _ i to record the log; when the access control module submits (ID _ i, ID _ j, C _ i, Tag _ i, r _ i) to the log service module, the log service module performs:
(1) adding r _ i into the log, and updating the root node to be H';
(2) generating a presence proof pi and an extension proof p; wherein, a path from pi to a root node H 'is proved, and a path from rho to H' is proved by expansion;
(3) and generating a correlation certificate Prov _ i ═ (H', pi, rho, ID _ i) and returning the correlation certificate to the access control module.
3. The method of claim 1, wherein the data subscription process does not require a data owner ID _ i to participate, so that the data owner does not need to be online all the time, can be offline all the time, and can receive the notification message when online again.
4. The accountable security data sharing method according to claim 1, wherein the notification message comprises (ID _ i, ID _ j, C _ i, r _ i, prev _ i, Sig _ i), the result of verification of log attestation by the trusted hardware device SGX result _ i, and the signature Sig _ SGX _ i of the pair of trusted hardware devices SGX (ID _ i, ID _ j, C _ i, Tag _ i, r _ i, result _ i).
5. The accountable security data sharing method according to claim 1 or 4, wherein the data owner can receive the notification message online or offline.
CN202010558430.0A 2020-06-18 2020-06-18 Novel accountability security data sharing system and method Active CN111786779B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010558430.0A CN111786779B (en) 2020-06-18 2020-06-18 Novel accountability security data sharing system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010558430.0A CN111786779B (en) 2020-06-18 2020-06-18 Novel accountability security data sharing system and method

Publications (2)

Publication Number Publication Date
CN111786779A CN111786779A (en) 2020-10-16
CN111786779B true CN111786779B (en) 2022-03-18

Family

ID=72756827

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010558430.0A Active CN111786779B (en) 2020-06-18 2020-06-18 Novel accountability security data sharing system and method

Country Status (1)

Country Link
CN (1) CN111786779B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101039186A (en) * 2007-05-08 2007-09-19 中国科学院软件研究所 Method for auditing safely system log
CN104468615A (en) * 2014-12-25 2015-03-25 西安电子科技大学 Data sharing based file access and permission change control method
CN106559211A (en) * 2016-11-22 2017-04-05 中国电子科技集团公司第三十研究所 Secret protection intelligence contract method in a kind of block chain
CN108418691A (en) * 2018-03-08 2018-08-17 湖南大学 Dynamic network identity identifying method based on SGX
CN109040045A (en) * 2018-07-25 2018-12-18 广东工业大学 A kind of cloud storage access control method based on the encryption of ciphertext policy ABE base
CN109561110A (en) * 2019-01-19 2019-04-02 北京工业大学 A kind of cloud platform audit log guard method based on SGX
CN109643359A (en) * 2016-06-30 2019-04-16 微软技术许可有限责任公司 Control key-value storage verifying
EP3483760A1 (en) * 2017-11-10 2019-05-15 ETH Zurich Brokered delegation of credentials using trusted execution environments
CN110245518A (en) * 2019-05-31 2019-09-17 阿里巴巴集团控股有限公司 A kind of date storage method, device and equipment
CN110990827A (en) * 2019-10-28 2020-04-10 上海隔镜信息科技有限公司 Identity information verification method, server and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA3048425A1 (en) * 2018-07-03 2020-01-03 Royal Bank Of Canada System and method for an electronic identity brokerage

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101039186A (en) * 2007-05-08 2007-09-19 中国科学院软件研究所 Method for auditing safely system log
CN104468615A (en) * 2014-12-25 2015-03-25 西安电子科技大学 Data sharing based file access and permission change control method
CN109643359A (en) * 2016-06-30 2019-04-16 微软技术许可有限责任公司 Control key-value storage verifying
CN106559211A (en) * 2016-11-22 2017-04-05 中国电子科技集团公司第三十研究所 Secret protection intelligence contract method in a kind of block chain
EP3483760A1 (en) * 2017-11-10 2019-05-15 ETH Zurich Brokered delegation of credentials using trusted execution environments
WO2019091907A1 (en) * 2017-11-10 2019-05-16 Eth Zurich Brokered delegation of credentials using trusted execution environments
CN108418691A (en) * 2018-03-08 2018-08-17 湖南大学 Dynamic network identity identifying method based on SGX
CN109040045A (en) * 2018-07-25 2018-12-18 广东工业大学 A kind of cloud storage access control method based on the encryption of ciphertext policy ABE base
CN109561110A (en) * 2019-01-19 2019-04-02 北京工业大学 A kind of cloud platform audit log guard method based on SGX
CN110245518A (en) * 2019-05-31 2019-09-17 阿里巴巴集团控股有限公司 A kind of date storage method, device and equipment
CN110990827A (en) * 2019-10-28 2020-04-10 上海隔镜信息科技有限公司 Identity information verification method, server and storage medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"33401-d40".《3GPP tsg_sa\WG3_Security》.2016, *
Achieving_semantic_security_without_keys_through_coding_and_all-or-nothing_transforms_over_wireless_channels;Marco Baldi;《IEEE XPLORE》;20160925;全文 *
区块链与可信数据管理_问题与方法;钱卫宁;《软件学报》;20171204;全文 *

Also Published As

Publication number Publication date
CN111786779A (en) 2020-10-16

Similar Documents

Publication Publication Date Title
CN108768988B (en) Block chain access control method, block chain access control equipment and computer readable storage medium
CN107196966B (en) Identity authentication method and system based on block chain multi-party trust
EP1197032B1 (en) Server-assisted regeneration of a strong secret from a weak secret
US7359507B2 (en) Server-assisted regeneration of a strong secret from a weak secret
US8516259B2 (en) Verifying authenticity of voice mail participants in telephony networks
CN102647461B (en) Communication means based on HTTP, server, terminal
CN1677978B (en) Signing and validating session initiation protocol routing headers
CN110519046A (en) Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD
CN105681470A (en) Communication method, server and terminal based on hypertext transfer protocol
CN113626802B (en) Login verification system and method for equipment password
CN112765626A (en) Authorization signature method, device and system based on escrow key and storage medium
US20160080336A1 (en) Key Usage Detection
CN114499883A (en) Cross-organization identity authentication method and system based on block chain and SM9 algorithm
CN110176989A (en) Quantum communications service station identity identifying method and system based on unsymmetrical key pond
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN111786779B (en) Novel accountability security data sharing system and method
US20210111906A1 (en) Pseudonym credential configuration method and apparatus
CN114257370A (en) Identification password processing method, electronic device, system and storage medium
CN110138547A (en) Based on unsymmetrical key pond to and sequence number quantum communications service station cryptographic key negotiation method and system
CN110086627A (en) Based on unsymmetrical key pond to and timestamp quantum communications service station cryptographic key negotiation method and system
CN113315749B (en) User data uplink, user data using method, anonymous system and storage medium
CN115580394B (en) Privacy data desensitization transmission method and system in property digital system
CN116506120B (en) Key loading method, key system and readable storage medium
CN113572615B (en) Method, system, equipment and storage medium for identity authentication of distributed network users
CN116744298A (en) Identity recognition method, identification system and related equipment of card equipment of Internet of things

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant