CN113438235A - Data layered credible encryption method - Google Patents
Data layered credible encryption method Download PDFInfo
- Publication number
- CN113438235A CN113438235A CN202110705139.6A CN202110705139A CN113438235A CN 113438235 A CN113438235 A CN 113438235A CN 202110705139 A CN202110705139 A CN 202110705139A CN 113438235 A CN113438235 A CN 113438235A
- Authority
- CN
- China
- Prior art keywords
- data
- trusted
- encryption
- trust
- root
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
A data layered credible encryption method belongs to the field of data processing. The method comprises a data encryption step, a content encryption step and a data encryption step, wherein a symmetric key K is obtained, first data are symmetrically encrypted, and content encryption data are generated; a data credible encryption step of encrypting the first data based on a credible pointer to generate credible encrypted data; and a secret key decryption step, namely encrypting the symmetric key K based on the public parameter PK and the attribute of the access structure tree T to generate an access key EK, wherein the access key EK corresponds to at least one access private key SK. It has high security of encrypted data.
Description
Technical Field
The invention relates to the technical field of data processing, in particular to a data layered trusted encryption method.
Background
The digital audit requires realization of audit full coverage, full audit and cross-domain audit, large data integration and aggregation are required to be performed on professional data such as company personal data, financial data, marketing data, engineering data, material data and the like, audit intermediate data have the characteristics of massive data (stock data 430TB, incremental data 340GB), diversity (structured data, semi-structured data, unstructured data), reality (data integrity and accuracy are guaranteed), a plurality of business information systems are involved, along with expansion of audit coverage, the data capacity of an audit intermediate table is larger and larger, the difficulty of safety management of massive data is high, responsibility is high, and an advanced technical means is urgently needed to be applied to guarantee data safety.
Patent document CN 109831305a describes an anti-quantum computation signcryption method based on an asymmetric key pool, which is characterized in that both a signcryptor and a verifier participating in signcryption are configured with a key fob, and the key fob stores the asymmetric key pool, a public key pointer random number, and a private key; the private keys comprise a first private key used for signing and encrypting and a second private key used for encrypting and transmitting, the public key pointer random number can be combined with the asymmetric key pool to obtain a first public key corresponding to the first private key and a second public key corresponding to the second private key, and the asymmetric key pool stores the first public key and the second public key corresponding to all users respectively; the quantum-resistant calculation signcryption method comprises the following steps: combining a key fob according to a public key pointer random number corresponding to the verifier to obtain a first public key and a second public key of the verifier; generating a first intermediate parameter, a second intermediate parameter and a third intermediate parameter by using the first random number and the second random number; encrypting the original text by using the first intermediate parameter to obtain a ciphertext; utilizing a hash function to act on the original text and the second intermediate parameter to obtain a parameter r; calculating by using a first random number, a parameter r and a first private key of a signcrypter to obtain a parameter s, and encrypting the parameter s by using a third intermediate parameter to obtain a parameter s'; encrypting the second random number by using a second public key of the encryptor to obtain an encrypted second random number; and sending the random number of the public key pointer of the signcryptor, the encrypted second random number, the ciphertext, the parameter r and the parameter s' as the signcryption to the signcryptor for carrying out the signcryption. The technical scheme can not meet the requirement of data credibility authentication.
Disclosure of Invention
The invention aims to provide a data layered credible encryption method, which is used for realizing credible authentication of data while encrypting the data.
The technical scheme of the invention is as follows:
a data layered trusted encryption method comprises the following steps:
a data encryption step, namely acquiring a symmetric key K, symmetrically encrypting the first data and generating content encrypted data;
a data credible encryption step of encrypting the first data based on a credible pointer to generate credible encrypted data;
and a secret key decryption step, namely encrypting the symmetric key K based on the public parameter PK and the attribute of the access structure tree T to generate an access key EK, wherein the access key EK corresponds to at least one access private key SK.
Preferably, the access private key SK is generated based on the master key MK, the public parameter PK and the access attribute set a.
Preferably, the trusted pointer is a random number.
Preferably, the data trusted encryption step includes obtaining a primary root of trust RT1Combining the first data and the primary root of trust RT1Calculating the abstract value H of the first combined data by using an abstract processing method for the first combined data2Let the second level root of trust RT2=H2The trusted encryption data comprises the associated primary root of trust RT1And the secondary root of trust RT2. Wherein, the first level trusted root RT1Is a trusted pointer.
Preferably, the step of encrypting the data includes calculating a digest value H of the first data using a digest processing method1(ii) a Obtaining a first-level root of trust RT1Combining said digest values H1And the primary root of trust RT1Calculating the abstract value H of the first combined data by using the abstract processing method for the first combined data2Let the second level root of trust RT2=H2The trusted encryption data comprises the associated primary root of trust RT1And the secondary root of trust RT2. Wherein, the first level trusted root RT1Is a trusted pointer.
Further preferably, the digest processing method is a Hash algorithm.
Preferably, the content encryption data and the first data pointer are stored in the data center station in an associated manner, and the primary root of trust RT1Generated by a trusted certificate authority, the first data pointer and the primary root of trust RT1The first-level trusted root RT is stored in a block of a record block chain contract, and the trusted authentication center is stored in association with the first-level trusted root RT1And secondary root of trust RT2Wherein the first data pointer uniquely corresponds to the first data.
Preferably, when the first data is transmitted in the trusted execution environment, the data encryption step is executed, and when the content encrypted data is separated from the trusted execution environment, the data trusted encryption step and the decryption key encryption step are executed.
The invention has the beneficial effects that:
1. the content encryption data generated in the data encryption step can improve the security of the first data; the trusted encryption data generated in the data trusted encryption step can meet the requirement of tamper-proof authentication of the first data. The step of encrypting the secret key can improve the difficulty of decryption and improve the confidentiality and the safety of data.
2. The symmetric key K is encrypted based on the public parameter PK and the attribute of the access structure tree T to generate an access secret key EK, the access secret key SK is generated based on the master key MK, the public parameter PK and the access attribute set A, one access secret key corresponding to a plurality of access secret keys can be generated, and the requirement of data confidentiality is easier to meet.
3. The credible pointer is a random number, so that the cracking difficulty is increased.
4. The first-level credible root belongs to the credible pointer, and when an encryptor applies for the first-level credible root, the first-level credible root has uniqueness, so that the credible encrypted data has uniqueness, and the anti-tampering authentication requirement of the first data is met.
5. The data center, the trusted authentication center and the record block linkage contract improve the confidentiality and the safety of data.
Detailed Description
The following examples are presented to illustrate the present invention and to assist those skilled in the art in understanding and practicing the present invention. Unless otherwise indicated, the following embodiments and technical terms therein should not be understood to depart from the background of the technical knowledge in the technical field.
In the present invention, the association of data means that two or more data are associated. A pointer refers to a set of data that uniquely points to another set of data, which is similar to a data ID, i.e., a data ID uniquely points to the data to which it corresponds.
Invention 1
A data layered credible encryption method comprises a data encryption step, a data credible encryption step and a decryption secret key encryption step.
In the Data encryption step, a pair of symmetric keys K is randomly generated using the national cryptographic algorithm SM4, the first Data is symmetrically encrypted, and the content encrypted Data ED, ED is encrypted (Data, K).
In the Data credible encryption step, the first Data is encrypted based on the credible pointer to generate credible encrypted Data. Wherein, the credible pointer is a random number. Specifically, a primary root of trust RT is obtained1Combining the first data and the primary root of trust RT1Calculating the abstract value H of the first combined data by using an abstract processing method for the first combined data2Let the second level root of trust RT2=H2The trusted encryption data comprises the associated primary root of trust RT1And the secondary root of trust RT2. Wherein, the first level trusted root RT1Is a trusted pointer. In addition, another method may be adopted. Specifically, the abstract processing method is used for calculating the abstract value H of the first data1(ii) a Obtaining a first-level root of trust RT1Combining said digest values H1And the primary root of trust RT1Calculating the abstract value H of the first combined data by using the abstract processing method for the first combined data2Let the second level root of trust RT2=H2The trusted encryption data comprises the associated primary root of trust RT1And the secondary root of trust RT2. Wherein, the first level trusted root RT1Is a trusted pointer.
And an encryption step of secret keys, namely establishing a master key MK, a public parameter PK, an access structure tree T and an access attribute set A, encrypting a symmetric key K based on the public parameter PK and the access structure tree T, and generating an access key EK, wherein EK is Encrypt (K, PK, T). The access key EK corresponds to at least one access private key SK, which is generated on the basis of a master key MK, a public parameter PK and an access attribute set a, SK ═ (MK, PK, a). The access structure tree T is used to define the access rights of the data, specifically, the types of the data that can be asked, cannot be accessed, and the like.
In use, the content encryption data ED and the first data pointer may be stored in association within the data center. First-level root of trust RT1Can be prepared fromTrusted certificate authority generation, master key MK, public parameter PK, and associated primary root of trust RT1And secondary root of trust RT2May be stored in the trusted authentication center, and the private key SK may also be generated by the trusted authentication center. Encryption behavior of data encryption steps, trusted encryption behavior of data trusted encryption steps and associated first data pointer and primary root of trust RT involved in using a hierarchical trusted encryption method for data1And an encryption behavior such as a decryption key encryption step can construct a block and place the block in the recording block linkage. Wherein the first data pointer uniquely corresponds to the first data.
When the method is used, when the first data is transmitted in the trusted execution environment, only the data encryption step is executed, and when the content encryption data is separated from the trusted execution environment, the data trusted encryption step and the secret key decryption step are executed.
Invention 2
A method of data decryption comprising the steps of:
and obtaining the access secret key EK, and decrypting the access secret key EK by using the access secret key SK to obtain a symmetric secret key K. The access secret key EK is obtained by encrypting the symmetric secret key K based on the public parameter PK and the access structure tree T attribute, and the access secret key SK is generated based on the master secret key MK, the public parameter PK and the access attribute set A.
And acquiring content encrypted data, and using the symmetric key K to decrypt the content encrypted data to obtain second data.
And acquiring a trusted pointer and trusted encryption data according to the first data pointer, encrypting the second data based on the trusted pointer to generate trusted verification data, comparing the trusted encryption data with the trusted verification data, wherein if the trusted encryption data is equal to the trusted verification data, the second data is equal to the first data, and if the trusted encryption data is not equal to the trusted verification data, the second data is different from the first data. Specifically, the trusted pointer is a first-level root of trust RT1The generation method of the credible verification data comprises the following steps: processing the combined second data and the primary root of trust RT using a digest processing method1Obtaining a secondary verification root RT'2Second level verification root RT'2Is trusted authentication data. In addition, the generation method of the trusted verification data may further be: calculating a summary value H 'of the second data by using a summary processing method'1Combining the digest value H'1And the primary root of trust RT1Calculating a digest value H 'of the second combined data using the digest processing method for the second combined data'2Let two levels verify root RT'2=H′2And the secondary verification root RT'2Is trusted authentication data.
The first data pointer uniquely corresponds to first data, and the content encryption data is obtained by encrypting the first data by using a symmetric key K.
In this embodiment, the content encryption data and the first data pointer are stored in the data center in an associated manner, the first data pointer and the trusted pointer are stored in an associated manner in a block of the record block chaining contract, the trusted pointer and the trusted encryption data are stored in an associated manner in the trusted authentication center, and the trusted encryption data and the trusted verification data are compared in the trusted authentication center, where the comparison method is: and sending the credible verification data and the credible pointer to a credible authentication center in an associated manner, comparing the credible encryption data and the credible verification data by the credible authentication center based on the credible pointer, returning a comparison result, returning first information if the credible encryption data is equal to the credible verification data, and returning second information if the credible encryption data is not equal to the credible verification data. The first information expresses the trustworthy meaning of the second data and the second information expresses the suspect meaning of the second data.
In this embodiment, the digest processing method is a Hash algorithm.
In addition, the trusted encryption data and the trusted verification data may be compared locally, and at this time, the first data pointer, the trusted encryption data, and the trusted pointer are stored in association in the block of the record block chaining contract.
And during data operation, if the second data is equal to the first data, performing data operation by using the second data. If the second data is different from the first data, the first data is reapplied.
Invention 3
A method of data monitoring, comprising:
the data source end uploads a data file encryption record, a credible authentication encryption record, a secret key encryption record, and a related data file pointer, a credible pointer and credible data to a record block chain;
the data black box uploads a data acquisition record and a credible authentication record to a recording block chain;
the data operation end uploads a data operation record to the recording block chain;
and recording a block chain establishing block, wherein the content of the block comprises a data file encryption record, a credible authentication encryption record, a key encryption record, a data acquisition record, a credible authentication record, a data operation record, and an associated data file pointer, a credible pointer and credible data.
In this embodiment, the data source end uploads the data file pointer and the encrypted data file to the data middlebox. And the data black box acquires the encrypted data file from the data middling station according to the data file pointer and generates a data acquisition record.
In this embodiment, the data source further associates and uploads the trusted pointer and the trusted data to the trusted authentication center, where the trusted authentication center is configured to operate a trusted pointer random generator, and the pointer random generator is configured to generate a random trusted pointer. And the association uploading refers to uploading the data to a target position after associating.
In this embodiment, the trusted authentication center further stores a master key MK and a public parameter PK, the data source generates a symmetric key K, and obtains the public parameter PK from the trusted authentication center, and generates a key EK based on the symmetric key K, the public parameter PK and the access structure tree T, where EK is Encrypt (K, PK, T). The data black box sends an access attribute set A to a trusted authentication center, and the trusted authentication center generates a private key SK based on a master key MK, a public parameter PK and the access attribute set A, wherein SK is (MK, PK, A). The trusted authentication center sends the private key SK to the data black box, and the data black box uses the private key SK to decrypt the secret key EK to obtain the symmetric secret key K. The data black box acquires an encrypted data file from the data staging according to the data file pointer, acquires a trusted pointer and trusted data from the recording block chain according to the data file pointer, and uses the symmetric secret key K to decrypt the encrypted data file to generate second data; and encrypting the second data based on the credible pointer, generating and sending credible verification data to a credible authentication center, comparing the credible data with the credible verification data by the credible authentication center, returning a comparison result, outputting the comparison result by the data black box and generating a credible authentication record, wherein the comparison result is first information if the credible data is equal to the credible verification data, and the comparison result is second information if the credible data is not equal to the credible verification data. The first information expresses the trustworthy meaning of the second data and the second information expresses the suspect meaning of the second data.
In the embodiment, a data source end obtains a symmetric key K, symmetrically encrypts first data, and generates content encrypted data and a data file encrypted record; encrypting the first data based on the trusted pointer to generate trusted data and a trusted authentication encryption record; and encrypting the symmetric key K based on the public parameter PK and the attribute of the access structure tree T to generate an access key EK and a key encryption record, wherein the access key EK corresponds to at least one access private key SK, and the first data uniquely corresponds to the data file pointer.
In this embodiment, the data source end obtains a trusted pointer, where the trusted pointer is a first-level root of trust RT1Combining the first data with the primary root of trust RT1Calculating the abstract value H of the first combined data by using an abstract processing method for the first combined data2Let the second level root of trust RT2=H2The secondary root of trust RT2Is trusted data.
The data operation record is the record generated by the data operation end in the process of operating the second data.
The present invention is described in detail with reference to the examples. It should be understood that in practice the description of all possible embodiments is not exhaustive and that the inventive concepts are described herein as far as possible by way of illustration. Without departing from the inventive concept of the present invention and without any creative work, a person skilled in the art should, in all of the embodiments, make optional combinations of technical features and experimental changes of specific parameters, or make a routine replacement of the disclosed technical means by using the prior art in the technical field to form specific embodiments, which belong to the content implicitly disclosed by the present invention.
Claims (8)
1. A data layered trusted encryption method is characterized by comprising the following steps:
a data encryption step, namely acquiring a symmetric key K, symmetrically encrypting the first data and generating content encrypted data;
a data credible encryption step of encrypting the first data based on a credible pointer to generate credible encrypted data;
and a secret key decryption step, namely encrypting the symmetric key K based on the public parameter PK and the attribute of the access structure tree T to generate an access key EK, wherein the access key EK corresponds to at least one access private key SK.
2. The method for hierarchical trusted encryption of data according to claim 1, wherein said access private key SK is generated based on a master key MK, public parameters PK and a set of access attributes a.
3. The method for hierarchical trusted encryption of data according to claim 1, wherein said trusted pointer is a random number.
4. The method for hierarchical trusted encryption of data according to claim 1, wherein said step of trusted encryption of data includes obtaining a primary root of trust RT1Combining the first data and the primary root of trust RT1Calculating the abstract value H of the first combined data by using an abstract processing method for the first combined data2Let the second level root of trust RT2=H2The trusted encryption data comprises the associated primary root of trust RT1And the secondary root of trust RT2。
5. The method for hierarchical trusted encryption of data according to claim 1, wherein said step of trusted encryption of data includes calculating a digest value H of said first data using a digest processing method1(ii) a Obtaining a first-level root of trust RT1Combining said digest values H1And the primary root of trust RT1Calculating the abstract value H of the first combined data by using the abstract processing method for the first combined data2Let the second level root of trust RT2=H2The trusted encryption data comprises the associated primary root of trust RT1And the secondary root of trust RT2。
6. The data layered trusted encryption method according to claim 4 or 5, wherein said digest processing method is a Hash algorithm.
7. A method for hierarchical trusted encryption of data according to claim 4 or 5, wherein said content encryption data and said first data pointer are stored in association in a data center, said primary root of trust RT being1Generated by a trusted certificate authority, the first data pointer and the primary root of trust RT1The first-level trusted root RT is stored in a block of a record block chain contract, and the trusted authentication center is stored in association with the first-level trusted root RT1And secondary root of trust RT2Wherein the first data pointer uniquely corresponds to the first data.
8. The hierarchical trusted data encryption method as claimed in claim 1, wherein the step of encrypting the data is performed when the first data is transmitted in the trusted execution environment, and the step of encrypting the content encrypted data is performed when the content encrypted data is separated from the trusted execution environment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110705139.6A CN113438235B (en) | 2021-06-24 | 2021-06-24 | Data layered credible encryption method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110705139.6A CN113438235B (en) | 2021-06-24 | 2021-06-24 | Data layered credible encryption method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113438235A true CN113438235A (en) | 2021-09-24 |
CN113438235B CN113438235B (en) | 2022-10-18 |
Family
ID=77755310
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110705139.6A Active CN113438235B (en) | 2021-06-24 | 2021-06-24 | Data layered credible encryption method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113438235B (en) |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102624522A (en) * | 2012-03-30 | 2012-08-01 | 华中科技大学 | Key encryption method based on file attribution |
CN107370595A (en) * | 2017-06-06 | 2017-11-21 | 福建中经汇通有限责任公司 | One kind is based on fine-grained ciphertext access control method |
US20180027600A1 (en) * | 2016-07-25 | 2018-01-25 | Ford Global Technologies, Llc | Private vehicle-to-vehicle communication |
CN107786339A (en) * | 2016-08-31 | 2018-03-09 | 陈新 | It is layered controllable alliance's block catenary system |
CN108200181A (en) * | 2018-01-11 | 2018-06-22 | 中国人民解放军战略支援部队信息工程大学 | A kind of revocable attribute-based encryption system and method towards cloud storage |
CN108881314A (en) * | 2018-08-28 | 2018-11-23 | 南京邮电大学 | Mist calculates the method and system for realizing secret protection under environment based on CP-ABE ciphertext access control |
CN109120639A (en) * | 2018-09-26 | 2019-01-01 | 众安信息技术服务有限公司 | A kind of data cloud storage encryption method and system based on block chain |
CN111191288A (en) * | 2019-12-30 | 2020-05-22 | 中电海康集团有限公司 | Block chain data access authority control method based on proxy re-encryption |
FR3096852A1 (en) * | 2019-05-28 | 2020-12-04 | Commissariat A L'energie Atomique Et Aux Energies Alternatives | METHOD OF CONFIDENTIAL PROCESSING OF VEHICLE DATA |
CN112487464A (en) * | 2020-12-14 | 2021-03-12 | 深圳前海微众银行股份有限公司 | Encrypted data sharing method and device based on block chain |
WO2021095998A1 (en) * | 2019-11-15 | 2021-05-20 | Samsung Electronics Co., Ltd. | A trusted computing method and system |
CN112836229A (en) * | 2021-02-10 | 2021-05-25 | 北京深安信息科技有限公司 | Attribute-based encryption and block-chaining combined trusted data access control scheme |
-
2021
- 2021-06-24 CN CN202110705139.6A patent/CN113438235B/en active Active
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102624522A (en) * | 2012-03-30 | 2012-08-01 | 华中科技大学 | Key encryption method based on file attribution |
US20180027600A1 (en) * | 2016-07-25 | 2018-01-25 | Ford Global Technologies, Llc | Private vehicle-to-vehicle communication |
CN107786339A (en) * | 2016-08-31 | 2018-03-09 | 陈新 | It is layered controllable alliance's block catenary system |
CN107370595A (en) * | 2017-06-06 | 2017-11-21 | 福建中经汇通有限责任公司 | One kind is based on fine-grained ciphertext access control method |
CN108200181A (en) * | 2018-01-11 | 2018-06-22 | 中国人民解放军战略支援部队信息工程大学 | A kind of revocable attribute-based encryption system and method towards cloud storage |
CN108881314A (en) * | 2018-08-28 | 2018-11-23 | 南京邮电大学 | Mist calculates the method and system for realizing secret protection under environment based on CP-ABE ciphertext access control |
CN109120639A (en) * | 2018-09-26 | 2019-01-01 | 众安信息技术服务有限公司 | A kind of data cloud storage encryption method and system based on block chain |
FR3096852A1 (en) * | 2019-05-28 | 2020-12-04 | Commissariat A L'energie Atomique Et Aux Energies Alternatives | METHOD OF CONFIDENTIAL PROCESSING OF VEHICLE DATA |
WO2021095998A1 (en) * | 2019-11-15 | 2021-05-20 | Samsung Electronics Co., Ltd. | A trusted computing method and system |
CN111191288A (en) * | 2019-12-30 | 2020-05-22 | 中电海康集团有限公司 | Block chain data access authority control method based on proxy re-encryption |
CN112487464A (en) * | 2020-12-14 | 2021-03-12 | 深圳前海微众银行股份有限公司 | Encrypted data sharing method and device based on block chain |
CN112836229A (en) * | 2021-02-10 | 2021-05-25 | 北京深安信息科技有限公司 | Attribute-based encryption and block-chaining combined trusted data access control scheme |
Non-Patent Citations (3)
Title |
---|
JESWANTH MASEEDU;等: "Attribute based Range Search over Encrypted Data for Privacy Preserving in Cloud Computing", 《2018 INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTING, COMMUNICATIONS AND INFORMATICS (ICACCI)》 * |
宋开波等: "基于CP-ABE算法的云存储数据保护机制", 《华中科技大学学报(自然科学版)》 * |
程思嘉等: "基于CP-ABE算法的云存储数据访问控制方案设计", 《信息网络安全》 * |
Also Published As
Publication number | Publication date |
---|---|
CN113438235B (en) | 2022-10-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111130757B (en) | Multi-cloud CP-ABE access control method based on block chain | |
CN110430161B (en) | Unsupervised data anonymous sharing method and system based on block chain | |
WO2021073170A1 (en) | Method and apparatus for data provision and fusion | |
US20060242407A1 (en) | Cryptographic key management | |
KR20080105872A (en) | Method and apparatus for authenticating between clients using session key shared with server | |
CN110719295B (en) | Identity-based food data security-oriented proxy re-encryption method and device | |
CN104994068A (en) | Multimedia content protection and safe distribution method in cloud environment | |
CN114584295B (en) | Universal black box traceability method and device for attribute-based proxy re-encryption system | |
Kim et al. | Harnessing policy authenticity for hidden ciphertext policy attribute-based encryption | |
CN106790261A (en) | Distributed file system and the method for certification communication between its interior joint | |
Udendhran | A hybrid approach to enhance data security in cloud storage | |
CN113761582A (en) | Group signature based method and system for protecting privacy of block chain transaction under supervision | |
Yan et al. | Attribute-based encryption in cloud computing environment | |
CN110516451B (en) | Block chain-based derived ciphertext piece secret level change and decryption reminding notification method | |
CN113438235B (en) | Data layered credible encryption method | |
CN113434862B (en) | Data black box type credible calculation method | |
CN114826759A (en) | Verifiable fine-grained access control inner product function encryption method | |
CN113438236B (en) | Data full link tracing monitoring method | |
Hahn et al. | Verifiable outsourced decryption of encrypted data from heterogeneous trust networks | |
CN113656818A (en) | No-trusted third party cloud storage ciphertext duplication removing method and system meeting semantic security | |
Ramesh et al. | HHDSSC: Harnessing healthcare data security in cloud using ciphertext policy attribute-based encryption | |
Renner et al. | Towards key management challenges in the smart grid | |
CN115484031B (en) | SGX-based trusted-free third-party cloud storage ciphertext deduplication method and system | |
CN115550006B (en) | Cloud control platform self-adaptive safety protection method based on trust confirmation of cloud control platform | |
CN114117475B (en) | Improved attribute-based encryption scheme system and encryption algorithm thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |