CN114285867B - Air-railway combined transport data sharing system based on alliance chain and attribute encryption - Google Patents
Air-railway combined transport data sharing system based on alliance chain and attribute encryption Download PDFInfo
- Publication number
- CN114285867B CN114285867B CN202111597986.1A CN202111597986A CN114285867B CN 114285867 B CN114285867 B CN 114285867B CN 202111597986 A CN202111597986 A CN 202111597986A CN 114285867 B CN114285867 B CN 114285867B
- Authority
- CN
- China
- Prior art keywords
- data
- ciphertext
- air
- cloud
- demander
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses an air-railway combined transport data sharing method and system based on alliance chain and attribute encryption, comprising the following steps: adopts a mode of combining chains with chains from top to bottom and clouds from top to bottom. And sharing and recording the ciphertext fingerprint, the ciphertext storage address and the air-iron data on the bottom layer of the alliance chain to store the certificate. Ciphertext data shared by the air trains are stored in a cloud data management center, and an air train data owner or an air train data demander interacts with the cloud data management center in an up-and-down cloud mode; firstly, an air-rail data owner applies for a public key and a master secret key to formulate an access strategy; and encrypting the data by using the public key, the master key and the strategy, and uploading and storing the data. A blank data demander initiates a data demand application through a cloud data management center to obtain a ciphertext storage address; and downloading the ciphertext, and decrypting the ciphertext by using the obtained private key. The invention has the advantages that: the source tracing and the right confirming are carried out on the data sharing, the safe sharing of the data is ensured, the data storage expense is reduced, and the operation and maintenance difficulty is reduced.
Description
Technical Field
The invention relates to the technical field of block chains, attribute encryption based on a ciphertext strategy and air-railway data sharing, in particular to an air-railway intermodal data sharing method and system based on a alliance chain and attribute encryption.
Background
In the internet era, technologies such as 5G, cloud computing and the internet of things are more and more mature, and the production, acquisition, storage and processing of mass data become practical; data is increased in a burst mode, all data are based on the data, the data can play a greater role, and the method is the premise and the basis for building a good society. But nowadays, a plurality of problems such as data security management loss, data transfer difficulty, data islanding and the like generally exist. Therefore, the demands of improving the precision of the training model and mining the potential value of data resources are becoming stronger by 'expanding' the data volume through the mode of data sharing. But two problems are inevitably involved in data sharing: data privacy disclosure and data abuse. How to realize data sharing on the basis of ensuring privacy security and break a data island is a problem which needs to be solved urgently.
Traffic is a crucial factor for economic development and is a firm foundation for national economic development. The air transportation and the railway transportation are important transportation components in China, and the realization of data sharing between the air transportation and the railway transportation to promote the realization of joint transportation between the air transportation and the railway transportation is an important strategy for future economic development of China. Especially, the method has great promotion effect on accelerating the construction of economic development mainly based on domestic major cycle, and has very important strategic significance on future economic development of the country. In addition, with explosive growth of air transportation data and railway transportation data, local hardware equipment of the system cannot meet the requirement of mass data storage, and data are stored on a cloud server to form a cloud data management middle platform.
The potential value of big data is explored, and the trend of utilizing the big data to promote economic development is already formed; large data must not be shared with data. There are also some problems in existing data sharing solutions:
prior art 1: zhou Zhengna, liu Anjiang, data exchange security study based on block chain technology [ J ] communication technology, 2021, 54 (5): 1220-1228, the data is encrypted using homomorphic encryption and stored in a blockchain; in the prior art, the problem that one copy of data needs to be encrypted for multiple times when homomorphic encryption is used is not considered, and the problem that the data is slowly synchronized when consensus occurs in a block chain is solved.
Prior art 2: the invention has the following patent: the data sharing method and system based on the multi-party fully homomorphic encryption are applied for the date: 2021.03.09, application No.: CN202110254124.2; in the patent, data is encrypted by using multi-party fully homomorphic encryption, and the encrypted data result is shared; only specific calculation results are shared, and flexible data sharing cannot be achieved. Meanwhile, the multi-party fully homomorphic encryption cannot realize fine-grained data access authority control.
Interpretation of terms appearing in the invention
Data island: data islanding is a phenomenon which is common in government or enterprise informatization construction and mainly comprises two types of physical and logical: physical data isolated island means that data are stored and maintained independently in different departments and are isolated from each other. The logical data isolated island means that different departments stand at the own angle to understand and define data, so that the same data are endowed with different meanings, and the communication cost of cross-department data cooperation is increased invisibly.
Air transport data: the air transportation means that a plane is used for transporting goods, passengers and the like, and the air transportation data comprises passenger data, flight data, goods logistics information and the like.
And (3) railway transportation data: railway transportation is a mode of transporting passengers and goods by using railway facilities and equipment. The railway transportation data refers to train number information, passenger data, cargo information, cargo logistics information and the like.
Cloud data management center: a novel data center based on cloud computing, high in virtualization, automation and energy conservation is relied on. When the enterprise migrates the data and the workload to the cloud data center, the enterprise does not undertake the works of design, construction, maintenance, power supply, personnel allocation or protection and the like of the solid building. But rather by the cloud provider for providing highly available, highly fault-tolerant computing resources, i.e., services. Enterprises can be liberated, and more resources are used for self business in a centralized manner.
The attribute encryption algorithm of the ciphertext strategy is as follows: the attribute encryption algorithm based on the ciphertext strategy writes the strategy into a ciphertext, and writes the attribute into a user private key. The ciphertext corresponds to an access structure; the user private key corresponds to a set of attributes, and data can only be decrypted if the attributes in the user attribute set satisfy the access structure.
Air-rail data owner: the party who owns air transportation data or rail transportation data is also the party who shares data in the present invention.
Air-rail data demander: the party with the air transportation data or railway transportation data requirement is the data requester in the invention.
Cloud data management middle station: the cloud data management center station upgrades and strengthens a traditional software platform, and the core essence of the cloud data management center station is service sharing. In the invention, a cloud data management center introduces new rules of professional function division, data uniqueness modeling and the like; the method aims to solve the problem of 'division of function boundaries among software platforms' and the problem of 'data isolated island' which cannot be solved by the traditional 'software platform'.
Data fingerprint: digital fingerprinting uses truncated information to identify large data files or structures, and a common data fingerprint is a digest value of data, i.e., a value calculated by a hash function.
Federation chain: a federation chain is a cluster consisting of a plurality of private chains, a block chain which is managed by a plurality of organizations jointly, and each organization or organization manages one or more nodes, wherein the data of the nodes only allows the organizations in the system to read, write and send. Each node of the federation chain usually has a corresponding entity organization, and can join and leave the network only after authorization.
Intelligent contract: namely, chain code is code logic that runs on a blockchain and is automatically executed under specific conditions, and is an important way for a user to implement business logic using the blockchain. The operating result of the smart contract is authentic, and the result cannot be forged or falsified.
Disclosure of Invention
The invention aims to provide an air-railway combined transportation data sharing method and system based on alliance chain and attribute encryption, so as to solve the problems of safe cloud storage of air transportation data and railway transportation data, safe air-railway data sharing and the like, finally realize air-railway combined transportation and promote economic growth.
In order to realize the purpose, the technical scheme adopted by the invention is as follows:
an air-rail transport data sharing system based on alliance chain and attribute encryption, comprising: the system comprises a cloud data management middle platform, a sky data owner, a sky data demander and a alliance chain bottom layer;
the air-rail combined transport data sharing system adopts a mode of combining uplink and downlink in a chain and cloud-on-cloud-down; the whole air-railway combined transport data sharing system relies on the alliance chain bottom layer and a cloud data management middle station, and the ciphertext fingerprint, the ciphertext storage address and the air-railway data are shared and recorded on the alliance chain bottom layer for storage; ciphertext data shared by the air trains are stored in a cloud data management center, and an air train data owner or an air train data demander interacts with the cloud data management center in an up-and-down cloud mode; firstly, a subway data owner applies for a system public key and a system master secret key to formulate a data access strategy; encrypting data by using a system public key, a system master key and an access strategy and uploading and storing a ciphertext in a cloud data management central station; a blank data demander initiates a data demand application through a cloud data management center to obtain a ciphertext storage address; downloading the ciphertext from the cloud data management center, and decrypting the ciphertext by using the acquired user private key;
the cloud data management center comprises: the system comprises a data encryption module, a ciphertext cloud storage module, an intelligent contract management module, a data display module and an audit management module;
the data encryption module is responsible for generating a system public key, a system master secret key, a data access strategy and a user private key; carrying out attribute encryption on data of a data sharer;
the ciphertext cloud storage module is responsible for storing the encrypted shared data in a cloud data center and developing a shared data access interface to a data demander passing identity authority verification;
the intelligent contract management module is used for managing ciphertext fingerprint authentication, ciphertext storage address storage, ciphertext address access authorization, linked data query, ciphertext authentication and ciphertext authentication;
the data display module has the functions of displaying the abstract information of the air-rail shared data, retrieving ciphertext information, counting ciphertext data and displaying ciphertext fingerprints;
the auditing management module is used for user auditing, alliance link point auditing and data requirement auditing; the node joining alliance chain needs to initiate application in a cloud data management center, the platform authorizes the node by using an MSP intelligent contract after the platform is approved, and the node joining is successful after the authorization is completed; the air traffic data owner and the air traffic data demander firstly register in a cloud data management central station, the platform checks the registration information of the air traffic data owner and the air traffic data demander, and the air traffic data owner and the air traffic data demander can enter the platform after the air traffic data owner and the air traffic data demander pass the checking; meanwhile, the data requirement application initiated by the data demander needs platform auditing, and the data demander can acquire data after the auditing is passed;
the air-rail data owner transmits security parameters to a cloud data management central station, applies for a system public key and a system master secret key, and formulates a data access strategy; encrypting data and storing the data in a cloud data management central station; the air-rail data demander sends out an application according to the self requirement, and the cloud data management center checks and authorizes the application; the air-rail data demander acquires a ciphertext according to the ciphertext storage address; the air slide data demander provides user private key decryption data generated by related data access attributes, and the decryption is successful, namely, the air slide data sharing is finished once;
the air-rail data demander acquires the ciphertext storage address and must be authorized by an intelligent contract to ensure the security of the ciphertext data; meanwhile, the integrity of the ciphertext can be verified through the fingerprint in the alliance chain after the ciphertext is obtained by the space-time iron data demander.
Further, the data encryption module uses an encryption algorithm based on the ciphertext policy attribute, and the steps are as follows:
s1, initializing attribute encryption based on a ciphertext strategy; the algorithm needs a security parameter p during initialization, generates a bilinear group G0 with the order of prime number Z and the element of G and a bilinear mapping e, wherein G0 is multiplied by G0 → G1; next, inputting an attribute set U = { a1, a2, ·, an }, and n is the number of the attribute sets; generating a random number alpha, { t1, t2, · · }, tn ∈ Zp'; let y = e (g, g) α, tj = gtj (1 ≦ j ≦ n); calculating a system public key = (e, g, y, tj (j is more than or equal to 1 and less than or equal to n)) according to a bilinear mapping e, a bilinear group, a value y and a value Tj, and calculating a system master key = (alpha, tj (j is more than or equal to 1 and less than or equal to n)) according to a random number alpha and the value Tj;
s2, generating a private key of the air traffic data demander user: generating a user private key according to the user attribute related parameters, inputting an attribute set omega of a user, selecting a random number from r e Zp, calculating d0= g alpha-r,
thereby generating a user private key = (d 0, { dj } aj ∈ ω);
s3, data encryption: the input parameters are a system public key, data to be encrypted and an access control structure associated with an access strategy, and a ciphertext encrypted based on the attribute is output;
s4, decrypting Decrypt: decryption is divided into two steps, the first step: accessing leaf nodes of a policy tree, wherein i = att (x), x represents the leaf nodes of the ciphertext policy access tree, and a function att (x) returns attributes corresponding to the node x; the second step is that: and after the first-step verification is passed, inputting a user private key and an encrypted ciphertext by the algorithm, and if the attribute set meets the access strategy, successfully decrypting the ciphertext by the user to obtain original data.
The invention also discloses an air-railway combined transport data sharing method, which comprises the following specific steps:
s1, establishing alliance chain bottom layer services, and deploying a plurality of alliance chain nodes between a lost-air data owner and a lost-air data demander;
s2, the air-iron data owner requests a data sharing system master key from a cloud data management center, the cloud data management center generates a system public key and a system master key, and the cloud data management center returns the system public key and the system master key to the air-iron data owner;
s3, a subway data owner formulates a shared data access strategy, and encrypts shared data based on ciphertext strategy attributes by using a system public key and the data access strategy;
s3, uploading the encrypted data to a cloud data management center by a subway data owner, and storing the encrypted data to the cloud data management center by the cloud data management center;
s4, after the ciphertext data are successfully stored, the cloud data management center stores the ciphertext fingerprints and the ciphertext storage addresses in the alliance chain; the cloud data management center station displays the ciphertext abstract which is successfully stored;
s5, the air traffic data demander can check the shared data in the cloud data management central station, and according to the requirement, the air traffic data demander carries the attribute set and the corresponding attribute value of the air traffic data demander to apply to the cloud data management central station;
s6, the cloud data management center platform examines and approves the application, calculates a user private key according to attribute information submitted by the air and railway data demanders and a system master secret key after the examination and approval are passed, and returns the user private key to the air and railway data demanders;
s7, authorizing the air-train data demander by an intelligent contract, acquiring a ciphertext storage address in a alliance chain by the air-train data demander so as to acquire a ciphertext in a cloud data management center, and decrypting the ciphertext by the air-train data demander by using a returned user private key;
and S8, the cloud data management center station records data sharing in the alliance chain for evidence storage, and once air-rail data sharing is finished.
Compared with the prior art, the invention has the advantages that:
1. the method is established on an alliance block chain, and ciphertext fingerprint data, cloud data storage addresses, data sharing records and the like set by a space data owner are stored on the block chain by using the characteristics of block chain decentralization, non-tampering, traceability and the like. Only the members in the alliance chain can be authorized to access, and the data accessors are limited; the source tracing can be carried out on the data sharing, and the authority confirming can be carried out on the shared data.
2. The data shared by the air-rail data owners is encrypted by using an encryption algorithm based on ciphertext strategy attributes, the algorithm is that firstly, a data sharer formulates a data access strategy, and a private key is generated by using attributes of air-rail data demanders and a master key. And performing attribute encryption on the data through a system public key and an access policy. The data user key decrypts the ciphertext, and the data can be decrypted only if the attribute accords with the access policy. The data are safely shared, and the air-rail data owner has fine-grained access control on the shared data.
3. With the mass increase of air transportation data and railway transportation data, the storage of local hardware data can not meet the requirements, and air rail is stored in a cloud data management middle platform, so that the data storage expense is reduced, and the operation and maintenance difficulty is reduced.
4. The cloud data management center station displays the shared data, the air traffic data demander can check the required data in the cloud data management center station and sends a data demand application, and the data management cloud data management center station checks the application. The cloud data management center performs auditing and control on data sharing, and ensures the trusted data sharing.
5. The air-rail data owner makes an access strategy for shared data through the cloud data management center, and the cloud data management center returns a system public key to the air-rail data owner for storage
6. The data accessor acquires the cloud access address of the ciphertext and needs to pass the authorization of the intelligent contract,
7. safe data sharing is realized among the air railings, more choices can be made when passengers go out, data sharing is realized before the air railings, a strong traffic network is constructed, and rapid economic growth is further promoted.
Drawings
FIG. 1 is a federation link point diagram of the present invention;
FIG. 2 is a functional block diagram of a cloud-based data management console according to the present invention;
FIG. 3 is a flowchart of the present invention for shared data encryption based on ciphertext policy attributes;
FIG. 4 is a flow chart of the air-iron data owner sharing data according to the present invention;
FIG. 5 is a flow chart of the data consumer obtaining data in accordance with the present invention;
fig. 6 is an architecture diagram of the air rail intermodal data sharing system of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below by referring to the accompanying drawings and embodiments.
As shown in fig. 6, the air-rail intermodal data sharing system adopts a combination of uplink and downlink, cloud and cloud. The whole air-railway combined transport data sharing system relies on the alliance chain bottom layer and cloud service, and the ciphertext fingerprints, the ciphertext storage addresses, the air-railway data sharing records and the like are stored on the alliance chain. Ciphertext data shared by the air trains are stored in a cloud data management center, and an air train data owner or an air train data demander interacts with the cloud data management center in an up-and-down cloud mode; firstly, a subway data owner applies for a system public key and a system master secret key to formulate a data access strategy; and encrypting the data by using the system public key, the master secret key and the access strategy and uploading and storing the ciphertext in a cloud data management console. A blank data demander initiates a data demand application through a cloud data management center to obtain a ciphertext storage address; and downloading the ciphertext from the cloud data management center, and decrypting the ciphertext by using the obtained private key.
The air-rail combined transport data sharing system comprises: the system comprises a sky data owner, a sky data demander, alliance chain bottom layer services and a cloud data management console;
as shown in fig. 2, the cloud data management console includes: the system comprises a data encryption module, a ciphertext cloud storage module, an intelligent contract management module, a data display module and an audit management module.
The air-rail data sharing participant comprises an air-rail data owner and an air-rail data demander; as shown in fig. 4 and 5, the air-rail data owner transmits security parameters to the cloud data management central station, applies for a system public key and a system secret key, and makes a data access policy; and encrypting the data, and storing the data in a cloud data management center. The air-rail data demander sends out an application according to the self requirement, and the cloud data management center checks and authorizes the application; the air-rail data demander acquires a ciphertext according to the ciphertext storage address; and the air-iron data demander provides the key decryption data generated by the relevant data access attribute, and the decryption is successful, namely the air-iron data sharing is finished once.
As shown in fig. 1, the air-rail transport data sharing system is built by relying on an alliance block chain, the block chain has the characteristics of decentralization, no tampering, traceability and the like, and by means of a plurality of characteristics of the block chain, the air-rail transport data sharing system records a ciphertext cloud storage address, a ciphertext fingerprint and data sharing of both air-rail parties in the alliance chain for evidence storage. The air-rail data demander acquires the ciphertext storage address and must be authorized by an intelligent contract, so that the security of the ciphertext data is ensured. Meanwhile, after the space-time iron data demander obtains the ciphertext, the integrity of the ciphertext can be verified through the fingerprint in the alliance chain.
The union chain uses a PBFT (Byzantine fault tolerance) algorithm, the total number of nodes is N, f is Byzantine error nodes, and the number of N satisfies N =3f +1. The alliance chain has the advantages of strong controllability, high consensus speed and the like, and the alliance chain is used for carrying out evidence storage service, so that the data safety can be ensured, and the consensus speed can be ensured.
Aiming at the problem that mass data storage cannot be met by a local database due to explosive growth of air transportation data and railway transportation data, the air-rail data storage method stores air-rail data in a cloud data management middle platform, and solves the problems of limited storage capacity, difficulty in operation and maintenance and the like by using cloud service. A data security sharing mode of the chain up, the chain down, the cloud up and the cloud down is established by combining the alliance chain and the cloud service; the cloud data management center station uses an intelligent contract to interact with the alliance chain, and uses the intelligent contract to perform chain certificate storage on ciphertext fingerprints, ciphertext storage addresses, shared data records of the air and railway parties and the like. As shown in fig. 2, a cloud data management middle platform is established, and the cloud data management middle platform comprises a cloud data management middle platform, an encryption management module, an audit management module and an intelligent contract management module; and a data display module. The air-rail data sharing parties interact through cloud data management, and an air-rail data owner encrypts data and uploads the data; the air-rail data demanders apply for data and decrypt the data, and the series of processes can be completed in a cloud data management center. The cloud data management console will be described in detail below.
The cloud data management center has a plurality of excellent characteristics of large storage capacity, low operation and maintenance cost, software and hardware decoupling, high resource utilization and the like. According to the invention, the air transportation data and the railway transportation related data are stored in the cloud data management center platform in an encrypted manner, so that the problems of insufficient local storage capacity, high operation and maintenance difficulty and the like can be solved, and the safety of shared data can be ensured. And the air traffic data owner uploads data to be encrypted, the cloud data management center station stores the ciphertext in the data center, and the shared data abstract is displayed on the cloud data management center station after successful storage.
The encryption module is responsible for generating a system public key, a main public key, a data access strategy, a private key and the like, and the cloud data management center encryption module uses an encryption algorithm based on ciphertext strategy attributes. The attribute encryption based on the ciphertext strategy is that a lost-air data owner writes a data access strategy into a ciphertext, and the attribute is written into a user key; the cipher text corresponds to an access structure, the cipher text designates an access strategy in an attribute range defined in the system, the key corresponds to an attribute set, and the cipher text can be decrypted only if the attributes in the key attribute set can be matched with the access structure in the cipher text during decryption. The encryption based on the attributes protects data by using a password mechanism, a blank data owner formulates a strategy for accessing a ciphertext and associates an attribute set with an access resource, a blank data demander can access ciphertext information according to the authorized attribute of the blank data demander, and the blank data owner can control a person who has the attributes to access the ciphertext by setting the strategy, so that the encryption access control of the data attribute level can be realized.
As shown in fig. 3, the main steps of the ciphertext policy-based attribute encryption in the present invention are:
(1) Initializing attribute encryption based on a ciphertext strategy: the attribute encryption algorithm based on the ciphertext strategy is a randomization algorithm; the algorithm needs a security parameter p during initialization, generates a bilinear group G0 with the order of prime number Z and the element G and a bilinear mapping e, namely G0 multiplied by G0 → G1. Next, inputting an attribute set U = { a1, a2, ·, an }, and n is the number of the attribute sets; generating a random number alpha, { t1, t2, · · }, tn ∈ Zp'; let y = e (g, g) α, tj = gtj (1 ≦ j ≦ n). And calculating a system public key (public key) = (e, g, y, tj (j is more than or equal to 1 and less than or equal to n)) according to a bilinear mapping e, a bilinear group, a value y and a value Tj, and calculating a main private key (master) = (alpha, tj (j is more than or equal to 1 and less than or equal to n)) according to the random number a and the value Tj.
(2) And (3) generating a key of the air-rail data demander: the stage is to generate a user private key according to relevant parameters such as user attributes and the like, input an attribute set omega of a user, select a random number from r e Zp, calculate d0= g alpha-r,
thereby generating a user key (secret) = (d 0, { dj } aj ∈ ω).
(3) Data encryption: the attribute encryption based on the ciphertext strategy uses a randomization algorithm, the input parameters are a system public key, data to be encrypted and an access control structure associated with the access strategy, and the ciphertext encrypted based on the attribute is output.
(4) Decrypting Decrypt: the decryption stage in the attribute encryption algorithm based on the ciphertext strategy uses a deterministic algorithm and is divided into two steps, wherein the first step is as follows: and (3) accessing leaf nodes of the policy tree, wherein i = att (x), and x represents the leaf nodes of the ciphertext policy access tree, (and a function att (x) returns the attribute corresponding to the node x). The second step is that: and after the first step of verification passes, inputting a user private key and an encrypted ciphertext by an algorithm, and if the attribute set meets an access strategy, successfully decrypting the ciphertext by the user to obtain original data.
The auditing management module is divided into modules such as user auditing, alliance link point auditing, data requirement auditing and the like as shown in fig. 2. The node joining in the alliance chain needs to initiate application in a cloud data management central station, the platform audits that the node is authorized through an authorized MSP intelligent contract, and the node joining is successful. And after the platform audit checks that the user joins in the application audit, both the data sharing parties can share the data. As shown in a data flow chart obtained by a data demander in fig. 5, after the user audit is finished, a blank data demander initiates a data application, the cloud data management center performs audit according to related conditions such as application, attributes and the like of the application, and the cloud data management center calls an intelligent contract to authorize the data application; and the ciphertext cloud storage address can be obtained only by the air-rail data demander after the authorization is passed.
The intelligent contract is a supporting technology in a block chain, is a coded contract which is written in a computer language and automatically verified and executed by a computer, and is a data-based form of a paper contract. The intelligent contract has three characteristics: 1. the intelligent contract content is openly transparent, and the intelligent contract is arranged on the block chain in the form of binary data, so the contract content is naturally openly transparent. 2. The contract content is not tampered, and the content of the intelligent contract cannot be modified. 3. The intelligent contracts are permanently operated on the blockchain and are commonly maintained by the network nodes on the blockchain, and the intelligent contracts can be operated as long as the blockchain exists. The intelligent contract content non-falsification characteristic and the block chain are perfectly combined, and by means of the excellent characteristics of the intelligent contract content non-falsification characteristic and the block chain, the ciphertext is stored in the alliance chain through the intelligent contract. As shown in fig. 2, the intelligent contract management module of the present invention includes contents of ciphertext fingerprint authentication, ciphertext storage address storage, ciphertext address access authorization, chained data query, ciphertext authority determination, ciphertext authentication, etc. The cloud data management center station stores the cipher text storage address of the air-rail data owner and the cipher text fingerprint in a coalition chain through intelligent contract, the cipher text storage address can be obtained only after the intelligent contract is authorized, and the data sharing parties can inquire the data on the chain through the intelligent contract, perform owner authority confirmation on the cipher text data and verify the cipher text.
The data display module has the functions of air-rail shared data abstract information, ciphertext information retrieval, ciphertext data statistics and ciphertext fingerprint display
It will be appreciated by those of ordinary skill in the art that the examples described herein are intended to assist the reader in understanding the manner in which the invention is practiced, and it is to be understood that the scope of the invention is not limited to such specifically recited statements and examples. Those skilled in the art, having the benefit of this disclosure, may effect numerous modifications thereto and changes may be made without departing from the scope of the invention in its aspects.
Claims (3)
1. An air-rail transport data sharing system based on alliance chain and attribute encryption, comprising: the system comprises a cloud data management middle platform, a sky data owner, a sky data demander and a alliance chain bottom layer;
the air-rail combined transport data sharing system adopts a mode of combining uplink and downlink in a chain and cloud-up and cloud-down; the whole air-rail transport data sharing system relies on the alliance chain bottom layer and a cloud data management middle platform, and the ciphertext fingerprint, the ciphertext storage address and the air-rail data are shared and recorded on the alliance chain bottom layer to store the evidence; ciphertext data shared by the air trains are stored in a cloud data management center, and an air train data owner or an air train data demander interacts with the cloud data management center in an up-and-down cloud mode; firstly, a subway data owner applies for a system public key and a system master secret key to formulate a data access strategy; encrypting data by using a system public key, a system master key and an access strategy and uploading and storing a ciphertext in a cloud data management console; a blank data demander initiates a data demand application through a cloud data management center to obtain a ciphertext storage address; downloading the ciphertext from the cloud data management center, and decrypting the ciphertext by using the acquired user private key;
the cloud data management center comprises: the system comprises a data encryption module, a ciphertext cloud storage module, an intelligent contract management module, a data display module and an audit management module;
the data encryption module is responsible for generating a system public key, a system master secret key, a data access strategy and a user private key; carrying out attribute encryption on data of a data sharer;
the ciphertext cloud storage module is responsible for storing the encrypted shared data in a cloud data center and developing a shared data access interface to a data demander passing identity authority verification;
the intelligent contract management module is used for managing ciphertext fingerprint authentication, ciphertext storage address storage, ciphertext address access authorization, linked data query, ciphertext authentication and ciphertext authentication;
the data display module has the functions of displaying the abstract information of the air-rail shared data, retrieving ciphertext information, counting ciphertext data and displaying ciphertext fingerprints;
the auditing management module is used for auditing users, the nodes of the alliances and data requirements; the node joining the alliance chain needs to initiate application at a cloud data management central station, the platform authorizes the node by using an MSP intelligent contract after passing the verification, and the node joining is successful after the authorization is completed; the air traffic data owner and the air traffic data demander firstly register in a cloud data management center, the platform checks the registration information, and the air traffic data owner and the air traffic data demander can enter the platform after the checking is passed; meanwhile, the data requirement application initiated by the data demander needs platform auditing, and the data demander can acquire data after the auditing is passed;
the air rail data owner transmits security parameters to a cloud data management central station, applies for a system public key and a system master key, and formulates a data access strategy; encrypting the data and storing the data in a cloud data management center; the air-rail data demander sends out an application according to the self requirement, and the cloud data management center checks and authorizes the application; the air-rail data demander acquires a ciphertext according to the ciphertext storage address; the air-rail data demander provides user private key decryption data generated by related data access attributes, and the decryption is successful, namely the air-rail data sharing is finished once;
the air-rail data demander acquires the ciphertext storage address and must be authorized by an intelligent contract to ensure the security of the ciphertext data; meanwhile, after the space-time iron data demander obtains the ciphertext, the integrity of the ciphertext can be verified through the fingerprint in the alliance chain.
2. The air-rail intermodal data sharing system according to claim 1, wherein: the data encryption module uses an encryption algorithm based on the ciphertext policy attribute, and comprises the following steps:
s1, initializing attribute encryption based on a ciphertext strategy; the algorithm needs a security parameter p during initialization, generates a bilinear group G0 with the order of prime number Z and the element of G and a bilinear mapping e, wherein G0 is multiplied by G0 → G1; next, inputting an attribute set U = { a1, a2, ·, an }, and n is the number of the attribute sets; generating a random number alpha, { t1, t2, · · }, tn ∈ Zp; let y = e (g, g) α, tj = gtj (1 ≦ j ≦ n); calculating a system public key = (e, g, y, tj (1 is not more than j and not more than n)) according to a bilinear mapping e, a bilinear group, a value y and a value Tj, and calculating a system master key = (alpha, tj (1 is not more than j and not more than n)) according to a random number alpha and the value Tj;
s2, generating a private key of the air traffic data demander user: generating a user private key according to the user attribute related parameters, inputting an attribute set omega of a user, selecting a random number from r e Zp, calculating d0= g alpha-r,
thereby generating a user private key = (d 0, { dj } aj ∈ ω);
s3, data encryption: the input parameters are a system public key, data to be encrypted and an access control structure associated with an access strategy, and a ciphertext encrypted based on the attribute is output;
s4, decrypting Decrypt: decryption is divided into two steps, the first step: accessing leaf nodes of a policy tree, wherein i = att (x), x represents the leaf nodes of the ciphertext policy access tree, and a function att (x) returns attributes corresponding to the node x; the second step is that: and after the first-step verification is passed, inputting a user private key and an encrypted ciphertext by the algorithm, and if the attribute set meets the access strategy, successfully decrypting the ciphertext by the user to obtain original data.
3. The air-rail intermodal data sharing system according to claim 1, wherein: the air-railway combined transport data sharing system uses an air-railway combined transport data sharing method, and comprises the following specific steps:
s1, establishing alliance chain bottom layer services, and deploying a plurality of alliance chain nodes between a lost-air data owner and a lost-air data demander;
s2, the air iron data owner requests a data sharing system master secret key from a cloud data management central station, the cloud data management central station generates a system public key and a system master secret key, and the cloud data management center returns the system public key and the system master secret key to the air iron data owner;
s3, a subway data owner formulates a shared data access strategy, and encrypts shared data based on ciphertext strategy attributes by using a system public key and the data access strategy;
s3, uploading the encrypted data to a cloud data management center by a subway data owner, and storing the encrypted data to the cloud data management center by the cloud data management center;
s4, after the ciphertext data are successfully stored, the cloud data management center stores the ciphertext fingerprints and the ciphertext storage addresses in the alliance chain; the cloud data management center station displays the successfully stored ciphertext abstract;
s5, the air traffic data demander can check the shared data in the cloud data management central station, and according to the requirement, the air traffic data demander carries the attribute set and the corresponding attribute value of the air traffic data demander to apply to the cloud data management central station;
s6, the cloud data management center platform examines and approves the application, calculates a user private key according to attribute information submitted by the air and railway data demanders and a system master secret key after the examination and approval are passed, and returns the user private key to the air and railway data demanders;
s7, the intelligent contract authorizes the air train data demander, the air train data demander obtains a ciphertext storage address in the alliance chain so as to obtain a ciphertext in a cloud data management central station, and the air train data demander decrypts the ciphertext by using a returned user private key;
and S8, the cloud data management center station records data sharing in the alliance chain for evidence storage, and once air-rail data sharing is finished.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111597986.1A CN114285867B (en) | 2021-12-24 | 2021-12-24 | Air-railway combined transport data sharing system based on alliance chain and attribute encryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111597986.1A CN114285867B (en) | 2021-12-24 | 2021-12-24 | Air-railway combined transport data sharing system based on alliance chain and attribute encryption |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114285867A CN114285867A (en) | 2022-04-05 |
| CN114285867B true CN114285867B (en) | 2022-12-23 |
Family
ID=80874916
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111597986.1A Active CN114285867B (en) | 2021-12-24 | 2021-12-24 | Air-railway combined transport data sharing system based on alliance chain and attribute encryption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114285867B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115150200A (en) * | 2022-09-02 | 2022-10-04 | 国网山东省电力公司五莲县供电公司 | Electric power data sharing system and equipment based on block chain |
| CN117574437A (en) * | 2024-01-15 | 2024-02-20 | 杭州阿里云飞天信息技术有限公司 | Full-secret database system, data processing method, safety control device and equipment |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| SG10201803501QA (en) * | 2018-04-26 | 2019-11-28 | Mastercard International Inc | Methods and systems for facilitating sharing of digital documents between a sharing party and a relying party |
| CN109951498A (en) * | 2019-04-18 | 2019-06-28 | 中央财经大学 | A kind of block chain access control method and device based on ciphertext policy ABE encryption |
| CN111914269B (en) * | 2020-07-07 | 2024-02-02 | 华中科技大学 | Data security sharing method and system in blockchain and cloud storage environment |
| CN112019591B (en) * | 2020-07-09 | 2022-11-08 | 南京邮电大学 | Cloud data sharing method based on block chain |
-
2021
- 2021-12-24 CN CN202111597986.1A patent/CN114285867B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN114285867A (en) | 2022-04-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112637278B (en) | Data sharing method and system based on block chain and attribute-based encryption and computer readable storage medium | |
| CN108830601B (en) | Smart city information safe use method and system based on block chain | |
| CN103856477B (en) | A kind of credible accounting system and corresponding authentication method and equipment | |
| CN108229962A (en) | Right management method and system based on block chain | |
| CN109377198A (en) | A kind of signing system known together in many ways based on alliance's chain | |
| CN114285867B (en) | Air-railway combined transport data sharing system based on alliance chain and attribute encryption | |
| CN108418783A (en) | A kind of protection method of block chain intelligence contract privacy, medium | |
| CN109376528A (en) | A kind of trusted identity management system and method based on block chain | |
| CN108960594A (en) | The more SC collaboration system and methods of building based on block chain Yu BIM model | |
| CN110278462A (en) | A kind of mobile film projection authorization management method based on block chain | |
| CN103259663A (en) | User unified authentication method in cloud computing environment | |
| CN106302334A (en) | Access role acquisition methods, Apparatus and system | |
| CN109525570A (en) | A kind of data hierarchy safety access control method of Cargo Oriented on Group client | |
| CN111221914A (en) | Data exchange sharing tracing method based on block chain | |
| CN112149073B (en) | Cone blockchain management method and system | |
| CN107302524A (en) | A kind of ciphertext data-sharing systems under cloud computing environment | |
| CN115567312B (en) | Alliance chain data authority management system and method capable of meeting various scenes | |
| CN113554421A (en) | Police affair resource data governance cooperation method based on block chain | |
| CN110555783B (en) | Block chain-based electric power marketing data protection method and system | |
| CN109873828A (en) | Method for managing resource, device, equipment and storage medium | |
| CN112134867B (en) | User behavior storage system based on block chain and uplink authorization confirming method thereof | |
| CN113326529A (en) | Decentralized architecture unifying method based on trusted computing | |
| Chen et al. | Data Access & Sharing Approach for Trade Documentations Based on Blockchain Technology | |
| Zhang et al. | FutureText: A blockchain-based contract signing prototype with security and convenience | |
| CN111125775A (en) | Method for endowing collection with added value based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |