CN116684115A - Encryption method, encryption device, electronic equipment and storage medium - Google Patents
Encryption method, encryption device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN116684115A CN116684115A CN202310274414.2A CN202310274414A CN116684115A CN 116684115 A CN116684115 A CN 116684115A CN 202310274414 A CN202310274414 A CN 202310274414A CN 116684115 A CN116684115 A CN 116684115A
- Authority
- CN
- China
- Prior art keywords
- key
- data
- encrypted
- encryption
- representing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 87
- 238000012795 verification Methods 0.000 claims abstract description 55
- 238000012545 processing Methods 0.000 claims abstract description 14
- 230000004044 response Effects 0.000 claims abstract description 13
- 230000006870 function Effects 0.000 claims description 14
- 238000013524 data verification Methods 0.000 claims description 4
- 238000004590 computer program Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 description 32
- 238000004891 communication Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 11
- 238000013475 authorization Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000013011 mating Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000003062 neural network model Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012946 outsourcing Methods 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 238000000746 purification Methods 0.000 description 1
- 239000000725 suspension Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Power Engineering (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The disclosure provides an encryption method, an encryption device, an electronic device and a storage medium, comprising: acquiring data to be encrypted and generating at least two keys; encrypting the data to be encrypted based on the at least two keys to obtain encrypted data; verifying the data source of the encrypted data and obtaining a verification result; and in response to determining that the verification result meets a preset condition, carrying out re-encryption processing on the encrypted data to obtain re-encrypted data. In the method, firstly, encryption processing is carried out on data to be encrypted through a preset first key and a second key to obtain encrypted data, then verification is carried out on a data source of the encrypted data to generate a verification result, and finally re-encryption processing is carried out on the encrypted data with the verification result meeting preset conditions.
Description
Technical Field
The present invention relates to the field of data encryption technologies, and in particular, to an encryption method, an encryption device, an electronic device, and a storage medium.
Background
With the rapid increase of data volume, the device with limited resources cannot support complex data operation, and data outsourcing becomes a main way for solving the operation problem. However, outsourced data is out of control of the data owner, potentially resulting in data leakage. In order to maintain confidentiality of data, access control mechanisms are typically run on encrypted data.
In the prior art, conventional data encryption methods are typically implemented by a single encryption node (key authority). Although only one encryption node is arranged for convenient management, once the encryption node fails, such as power failure, attack and the like, the whole encryption system can lose control function, and only when the encryption node is recovered to be normal, the encryption of data and the access control of users to encrypted information can be realized again. Meanwhile, the existing encryption method generally only limits the user for obtaining the encrypted data, but does not limit the uploading user for uploading the data to be encrypted, so that the malicious uploading user for the data to be encrypted can damage the encryption system.
Disclosure of Invention
In view of the above, the present disclosure is directed to an encryption method, an encryption device, an electronic device, and a storage medium.
As one aspect of the present disclosure, there is provided an encryption method, comprising:
acquiring data to be encrypted and generating at least two keys;
encrypting the data to be encrypted based on the at least two keys to obtain encrypted data;
verifying the data source of the encrypted data and obtaining a verification result;
And in response to determining that the verification result meets a preset condition, carrying out re-encryption processing on the encrypted data to obtain re-encrypted data.
Optionally, the at least two keys include a first key and a second key, and the obtaining the data to be encrypted and generating the at least two keys include:
acquiring data to be encrypted;
determining bilinear groups of the data to be encrypted based on preset security parameters;
determining public parameters of the data to be encrypted based on a hash function;
and generating the first key and the second key respectively based on the bilinear group and the public parameter, wherein the first key comprises a first main private key, and the second key comprises a public key and a second main private key.
Alternatively, the public key is expressed as:
wherein pk is k Representing public key, e representing bilinear pairing, G representing generator of G in bilinear group, y 0 Representing the master private key, t k,i A random value selected for each attribute in each authorization center that generated the key;
the first master private key is expressed as:
msk CA =(y 0 ,{s k } k=1,...,K )
wherein msk is CA Representing a first primary private key, y 0 Representing an encrypted core random number s k A random number selected for each authority that generates the key;
The second master private key is represented as:
msk k =(s k ,t k,i )
wherein msk is k Representing a second primary private key s k Representing a random value, t, selected for each authority generating a key k,i Representing a random value selected for each attribute in each authorization center that generated the key.
Optionally, the at least two keys include a first key and a second key, and the acquiring the data to be encrypted and generating the at least two keys further includes:
generating a first decryption key and a second decryption key based on the first key and the second key;
wherein the first decryption key is expressed as:
wherein D is k,i Representing the first decryption key, G representing the generator of G in the bilinear group, p (i) representing the value of the polynomial when the user attribute i is input, t k,i Representing a random value selected for each attribute in each authorization center generating a key, A u A collection representing user attributes;
the second decryption key is expressed as:
wherein D is CA Representing a second decryption key, G representing the generator of G in the bilinear group, y 0 Represents the encryption core random number, k represents the number of key authority centers that generate the second key,representing a random number generation function, u representing the user identity.
Optionally, the encrypted data is expressed as:
wherein ct represents encrypted data, G represents generator of G in bilinear group, s, r represents two random numbers selected randomly, t k,i Represented as a random number selected for each attribute in each authorization center that generated the key,represents the attribute set of the kth second key authority, k represents the number of key authorities generating the second key, e represents bilinear pairing, y 0 Represents the encryption core random number, and m represents the data to be encrypted.
Optionally, the verifying the data source of the encrypted data and obtaining a verification result includes:
generating a public signature key on a data source of the encrypted data based on a public key cryptographic algorithm or a homomorphic encryption algorithm, and verifying a private key;
and verifying the encrypted data based on the signature public key and the verification private key, and obtaining a verification result.
Optionally, the re-encrypting the encrypted data in response to determining that the verification result meets a preset condition, to obtain re-encrypted data includes:
in response to determining that the verification result is a trusted source, re-encrypting the encrypted data and obtaining re-encrypted data;
Wherein the re-encrypted data is represented as:
wherein ct 'represents re-encrypted data, G represents a generator of G in the bilinear group, s, r represents two random numbers selected randomly, r' represents i,represents the attribute set of the kth second key authority, k represents the number of key authorities generating the second key, e represents bilinear pairing, y 0 Represents the encryption core random number, and m represents the data to be encrypted.
As a second aspect of the present disclosure, the present disclosure also provides an encryption apparatus including:
a key generation module configured to: acquiring data to be encrypted and generating at least two keys;
a data encryption module configured to: encrypting the data to be encrypted based on the at least two keys to obtain encrypted data;
an encrypted data verification module configured to: verifying the data source of the encrypted data and obtaining a verification result;
a data re-encryption module configured to: and in response to determining that the verification result meets a preset condition, carrying out re-encryption processing on the encrypted data to obtain re-encrypted data.
As a third aspect of the disclosure, the disclosure further provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the encryption provided by the disclosure when executing the program.
As a fourth aspect of the disclosure, the disclosure also provides a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the method of any one of the above.
As described above, the present disclosure provides an encryption method, apparatus, electronic device, and storage medium. In the method, firstly, encryption processing is carried out on data to be encrypted through a preset first key and a second key to obtain encrypted data, then verification is carried out on a data source of the encrypted data to generate a verification result, and finally re-encryption processing is carried out on the encrypted data with the verification result meeting preset conditions.
Drawings
In order to more clearly illustrate the technical solutions of the present disclosure or related art, the drawings required for the embodiments or related art description will be briefly described below, and it is apparent that the drawings in the following description are only embodiments of the present disclosure, and other drawings may be obtained according to these drawings without inventive effort to those of ordinary skill in the art.
Fig. 1A is a schematic diagram of an encryption method according to an embodiment of the disclosure.
Fig. 1B is a schematic diagram of a method for generating a key according to an embodiment of the disclosure.
Fig. 1C is a schematic diagram of a method for verifying encrypted data according to an embodiment of the disclosure.
Fig. 2 is a schematic structural diagram of an encryption device according to an embodiment of the disclosure.
Fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
For the purposes of promoting an understanding of the principles and advantages of the disclosure, reference will now be made to the embodiments illustrated in the drawings and specific language will be used to describe the same.
It should be noted that unless otherwise defined, technical or scientific terms used in the embodiments of the present disclosure should be given the ordinary meaning as understood by one of ordinary skill in the art to which the present disclosure pertains. The terms "first," "second," and the like, as used in embodiments of the present disclosure, do not denote any order, quantity, or importance, but rather are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that elements or items preceding the word are included in the element or item listed after the word and equivalents thereof, but does not exclude other elements or items. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", etc. are used merely to indicate relative positional relationships, which may also be changed when the absolute position of the object to be described is changed.
As described in the background, the existing encryption method generally generates a key through a single encryption node (i.e., a single key authority), and then encrypts a file to be encrypted using the key. At this time, since there is only one encryption node, when the encryption system fails (for example, power failure, network disconnection, etc.), the encryption node will thoroughly lose its operation function (not only can not generate a key to encrypt the data to be encrypted), so that the process of encrypting the data is stalled, and even based on the stalling, the data to be encrypted in the process of encryption may be damaged.
Meanwhile, based on the existing encryption method, it generally only limits the acquirer of the encrypted data, and does not make any provision for the uploader of the encrypted data. It is to be understood in particular that it only limits the acquisition process of the user who wants to read (acquire) the encrypted data (e.g. the encrypted data is to be acquired by means of the corresponding decryption key). In contrast, the uploader of the data to be encrypted can upload any data which is not verified to the encryption system for encryption processing, and the data to be encrypted can be obtained and read by the acquirer of the encrypted data. Using such existing methods can result in malicious uploaders of data to be encrypted (e.g., competitors, adversaries, vandals, etc.) uploading problematic data to be encrypted to the encryption system, thereby causing damage to the encryption system and even serious infringement to the network system of the acquirer of the encrypted data (data provided by the encrypted malicious uploader of data).
In order to solve the above problems, the present disclosure provides an encryption method, an encryption device, an electronic apparatus, and a storage medium. By the method, in the disclosure, the data to be encrypted is firstly encrypted by the preset first key and the second key, and the encrypted data is obtained. Then, the data source of the encrypted data is verified, and a verification result is generated. And finally, re-encrypting the encrypted data with the verification result meeting the preset condition.
In the above-described process, the data to be encrypted is first encrypted by dispersing one key generated by a single encryption node (single authority) in the related art into at least two keys generated by a plurality of encryption nodes (plurality of authorities), and then using the at least two keys. In this way, even when one encryption node is destroyed, the encryption of the data can be completed by other encryption nodes without causing the forced suspension of the data encryption process. Secondly, through verification of the data source of the encrypted data, malicious data uploaders can be identified, and network security of an encryption system and an encrypted data acquirer is further protected. Finally, the data is also more secure and less vulnerable to corruption by re-encryption.
Having described the basic principles of the present disclosure, various non-limiting embodiments of the present disclosure are specifically described below.
Fig. 1A is a schematic diagram of an encryption method according to an embodiment of the disclosure.
The encryption method shown in fig. 1A further includes the steps of:
step S10: data to be encrypted is acquired and at least two keys are generated.
Fig. 1B is a schematic diagram of a method for generating a key according to an embodiment of the disclosure.
In some alternative embodiments, as shown in fig. 1B, step S10 specifically includes:
s101: and obtaining the data to be encrypted.
S102: and determining bilinear groups of the data to be encrypted based on preset security parameters.
S103: and determining the public parameters of the data to be encrypted based on a hash function.
S104: and generating the first key and the second key respectively based on the bilinear group and the public parameter, wherein the first key comprises a first main private key, and the second key comprises a public key and a second main private key.
In some alternative embodiments, all encryption processes in the present disclosure may be accomplished by an encryption system. A first encryption node (primary key authority) and several second encryption nodes (secondary key authority) may be provided in an encryption system used in the present disclosure. In the initial stage, the encryption system may first acquire the data to be encrypted uploaded by the uploader, and ask the uploader for identity information (e.g., name, work unit, professional class, etc. of the uploader) to be used for verifying the data source (i.e., the relevant information of the uploader) of the data to be encrypted in the subsequent encryption process. It will be understood that the encryption method in this disclosure may also be implemented directly by a plurality of encryption nodes (a plurality of key authorization centers), and the specific operation process may be equivalent to the whole content related to data encryption described in this disclosure, and other implementation forms will not be specifically described in this disclosure.
In some alternative embodiments, after the encryption system obtains the data to be encrypted, it may generate a first key through a first encryption node, and generate second keys through a plurality of second encryption nodes respectively. The specific process can be understood as that a security parameter lambda (which can be understood as a security standard set by the encryption system) is preset, and then the bilinear group pp= (q, e, G) of the acquired data to be encrypted is determined by the preset security parameter lambda T ,g,g t ) Wherein G and G T Is a cyclic group of order prime q, e is a bilinear pairing G G.fwdarw.G T ,g,g t Respectively group G, G T Is a generator of (1). It will be appreciated that this bilinear cluster is selected based on security parameters, so that it can meet the security criteria of the encryption system.
In some alternative embodiments, after obtaining the bilinear group, the encryption system may also pass through a hash function H: {0,1} → G determines the encryption core random number y 0 ,s 1 ,s 2 ,...,s K ←Z q And a random value { t } selected based on each attribute in each encryption node (key authority) that generated the key k,i } k=1...K,i=1...n ←Z q . Then the common parameter of the data to be encrypted is determined to be pp= (q, e, G) by the encryption core number and the random value selected based on each attribute in each encryption node (key authority) generating the key T ,g,g t H). It will be appreciated that the encryption system may also determine the common parameters of this data to be encrypted directly by means of a hash function.
In some alternative embodiments, after the encryption system obtains the bilinear group of the data to be encrypted and the common parameter of the data to be encrypted, the first key and the second key may be generated by the first encryption node and the plurality of second encryption nodes. Wherein the first key may comprise a first master private key and the second key comprises a public key and a second master private key.
In some alternative embodiments, the public key may be expressed as:
wherein pk is k Representing public key, e representing bilinear pairing, G representing generator of G in bilinear group, y 0 Representing the master private key, t k,i Representing a random value selected for each attribute in each authorization center that generated the key.
In some alternative embodiments, the first master private key may be expressed as:
msk CA =(y 0 ,{s k } k=1,...,K )
wherein msk is CA Representing a first primary private key, y 0 Representing an encrypted core random number s k Representing a random number selected for each authority that generated the key.
In some alternative embodiments, the second master private key is represented as:
msk k =(s k ,t k,i )
wherein msk is k Representing a second primary private key s k Representing a random value, t, selected for each authority generating a key k,i Representing a random value selected for each attribute in each authorization center that generated the key.
In some alternative embodiments, the first encryption node may include only one node, which may be used as an action sender in the encryption process (i.e., a master node that completes all encryption of the data to be encrypted), and the corresponding second encryption node may be provided with a plurality of second nodes, which may be used as secondary nodes for sharing the key generated by the first encryption node. The process can be understood specifically that the first encryption node generates all the keys (including the public key and the total key of the private key), then the first encryption node can divide the private key into two parts according to the preset value, the reserved part is the first main private key, and the remaining part is the second main private key. The first encryption node may then send the second master private key and the public key to a number of second encryption nodes to generate a final first key and second key. It can be appreciated that the first encryption node is determined to be one in the present disclosure, because when the first encryption node is one, it can better coordinate other nodes in the encryption system and perform more convenient linkage with other nodes. However, the encryption method in the present disclosure may also be completed by the interaction of the plurality of first encryption nodes and the plurality of second encryption nodes, which is not described in detail in this disclosure.
In some alternative embodiments, when a first encryption node fails or even breaks due to an unexpected situation (e.g., power down, network outage, etc.), the encryption system may quickly switch the authority of the first encryption node to one of several second encryption nodes so that the encryption process continues to complete.
In some alternative embodiments, the above-mentioned key generation process may be implemented, and the existing process of generating and encrypting a key based on one encryption node is changed into encrypting the data to be encrypted by using the first encryption node as a main and using several second (other) encryption nodes as auxiliary and using a common effort. Thus, in the encryption process in the present disclosure, even when an unexpected situation (for example, power failure, network disconnection, etc.) occurs in the first encryption node, the encryption process of the data to be encrypted can be continuously completed through the plurality of second (other) encryption nodes, without forcing the encryption process to be interrupted.
In some alternative embodiments, step S10 further comprises:
s105: a first decryption key and a second decryption key are generated based on the first key and the second key.
In some alternative embodiments, after generating the first key and the second key, the encryption system may further generate a first decryption key and a second decryption key that match the first key and the second key through the first encryption node and the number of second encryption nodes.
In some alternative embodiments, the first decryption key is expressed as:
wherein D is k,i Representing the first decryption key, G representing the generator of G in the bilinear group, p (i) representing the value of the polynomial when the user attribute i is input, t k,i Representing a random value selected for each attribute in each authorization center generating a key, A u Representing a collection of user attributes.
In some alternative embodiments, the second decryption key is expressed as:
wherein D is CA Representing a second decryption key, G representing the generator of G in the bilinear group, y 0 Represents the encryption core random number, k represents the number of key authority centers that generate the second key,representing a random number generation function, u representing the user identity.
In some alternative embodiments, after generating the first key, the first decryption key, the second key, and the second decryption key, the encryption system may store all of the keys within its own system and then communicate to the standard compliant encrypted data acquirer the keys that can unwrap the encrypted data that it needs. The encrypted data acquirer meeting the standard can be a specific user group pre-selected by the owner of the encryption system, and then the owner of the encryption system can input the characteristics of the user groups into the encryption system, so that the encryption system can automatically discriminate the user groups and transmit corresponding decryption keys to the user groups.
In some alternative embodiments, the process of delivering the decryption key by the encryption system to a specific user group (the encrypted data acquirer compliant with the standard) may be implemented by at least one of a key delivery manner of sharing the key in advance, setting a key distribution center, diffie-Hellman key exchange, and asymmetric encryption. After the encryption system transmits the corresponding decryption key to a specific user group, the encryption system can read the encrypted data through the corresponding decryption key, and finally the decryption process of the encrypted data is realized.
Step S20: and encrypting the data to be encrypted based on the at least two keys to obtain encrypted data.
In some alternative embodiments, after generating the first key and the second key, the encryption system may encrypt the data to be encrypted uploaded by the uploader through the first key and the second key, and generate corresponding encrypted data (encrypted ciphertext). It is understood that the encrypted ciphertext generated via the encryption method of the present disclosure may be a characteristic encrypted ciphertext.
In some alternative embodiments, the above-mentioned process of generating the characteristic encryption ciphertext may be understood that the encryption system may extract key features (for example, core content of a paper) of the data to be encrypted through a preset neural network model, and then encrypt the extracted features to finally generate the characteristic encryption ciphertext. The encryption system may then transmit the generated characteristic encrypted ciphertext to an encrypted data acquirer that meets the standard for reading and viewing, while non-characteristic portions of the data to be encrypted (e.g., information related to the name, age, etc. of the data uploading to be encrypted) are not transmitted to the encrypted data acquirer. Through the operation, the encryption system not only transmits the core content required by the encryption system to the encrypted data acquirer, but also reserves a part of original content of the data to be encrypted, so that the encrypted data can be safer and more stable, and meanwhile, the privacy of the encrypted data uploader is also protected to a certain extent.
In some alternative embodiments, the encrypted data (characteristic encrypted ciphertext) may be represented as:
wherein ct represents encrypted data, G represents generator of G in bilinear group, s, r represents two random numbers selected randomly, t k,i Represented as a random number selected for each attribute in each authorization center that generated the key,represents the attribute set of the kth second key authority, k represents the number of key authorities generating the second key, e represents bilinear pairing, y 0 Represents the encryption core random number, and m represents the data to be encrypted.
In some alternative embodiments, the present disclosure completes the first encryption process of the data to be encrypted through all of the operations described above. As described above, in the present disclosure, by converting the existing process of generating a key based on one encryption node and encrypting the data to be encrypted into a common effort with a first encryption node as a primary and a plurality of second (other) encryption nodes as a secondary, it is achieved that in the encryption process, even if an unexpected situation (for example, power failure, network disconnection, etc.) occurs in the first encryption node, the encryption process of the data to be encrypted can be further completed through the plurality of second (other) encryption nodes, without forcing the encryption process to be interrupted. Meanwhile, in the encryption process of the present disclosure, the encryption system may encrypt the characteristics (core content) of the data to be encrypted in a targeted manner, so that the encrypted data to be encrypted may be more secure and stable, and meanwhile, a certain protection effect is formed for the privacy of the uploading user of the data to be encrypted.
Step S30: and verifying the data source of the encrypted data and obtaining a verification result.
Fig. 1C is a schematic diagram of a method for verifying encrypted data according to an embodiment of the disclosure.
In some alternative embodiments, as shown in fig. 1C, step S30 specifically includes:
s301: a public signature key and a private verification key are generated for a data source of the encrypted data based on a public key cryptographic algorithm or a homomorphic encryption algorithm.
S302: and verifying the encrypted data based on the signature public key and the verification private key, and obtaining a verification result.
In some alternative embodiments, the encryption process of the data to be encrypted may be implemented through the foregoing encryption process. However, as described in the background section of the disclosure, in the actual encryption process, the existing encryption method generally only limits the user who obtains the encrypted data, but does not limit the uploading user who uploads the data to be encrypted, which may cause damage to the encryption system by a malicious uploading user of the data to be encrypted. Accordingly, the present disclosure also achieves the limitation of the uploader of the data to be encrypted by a method of verifying the data source of the data to be encrypted.
In some alternative embodiments, when the encryption system needs to verify the source of the data to be encrypted, it may generate a public signature key and a private verification key based on the uploader of the data to be encrypted. The signature public key is understood to be another encryption mode of the data to be encrypted, and the verification private key is a key for verifying the signature public key.
In some alternative embodiments, the aforementioned signed public key and verification private key may be generated by at least one of a public key cryptographic algorithm or a homomorphic encryption algorithm. It will be appreciated that the public signature key and the private verification key may be set based on personal information of the uploading party of the data to be encrypted. Specifically, the encryption system may set the required data source information (e.g., related content from units, domains, departments) first, then generate a signature public key and a verification private key based on the data source information, then when the data uploading person to be encrypted uploads the data to the encryption system, the encryption system may acquire the related information (e.g., name, work unit, domain direction, etc.) of the encryption system itself, and then compare and verify the obtained information with the preset data source information by using the signature public key and the verification private key, so as to finally obtain a verification result (including a "trusted source" and an "untrusted source").
In some alternative embodiments, the encryption system may also preset several signatures of the data uploaders to be encrypted, and generate a public signature key. Then, when the data to be encrypted uploader uploads the data to be encrypted to the encryption system, the encryption system may verify the signature of the data to be encrypted uploader and obtain the final verification result (including "trusted source" and "untrusted source").
Step S40: and in response to determining that the verification result meets a preset condition, carrying out re-encryption processing on the encrypted data to obtain re-encrypted data.
In some alternative embodiments, step S40 specifically includes:
s401: and in response to determining that the verification result is a trusted source, re-encrypting the encrypted data and obtaining re-encrypted data.
In some alternative embodiments, if the verification result of the encrypted data meets the preset condition of the encryption system (that is, the verification result is "trusted source"), the encryption system may re-encrypt the encrypted data again, so that the encrypted data is safer and has higher guarantee.
In some alternative embodiments, the re-encrypted data is represented as:
Wherein ct 'represents re-encrypted data, G represents a generator of G in the bilinear group, s, r represents two random numbers selected randomly, r' represents i,representing the kth second key grantAttribute set of right center, k represents number of key authority center generating second key, e represents bilinear pairing, y 0 Represents the encryption core random number, and m represents the data to be encrypted.
In some alternative embodiments, the above-described overall encryption process may be combined with blockchain technology, and the security of the data to be encrypted uploaded by the uploading user is further improved based on the non-tamper property of the blockchain.
In some alternative embodiments, the encryption process in the present disclosure may also be specifically that the encryption system is first system initialized. Specifically, given a security parameter λ, a public key pk and a master private key msk are output for each authority center, and a master private key msk is output for the master authority center. In addition, the verification public key vk and the signature private key sgk are also output.
In some alternative embodiments, the key generation operation is performed after the encryption system is initialized. The specific key generation algorithm mainly comprises the following two parts:
Decryption key generation by a plurality of second encryption nodes (attribute key authorization centers): the algorithm is executed by each attribute key authority separately. With user identity UID, master private key msk of each authority center k Threshold d of number of required attributes k A set of attributes corresponding to a rights issuerAs input, the private key D of each authority for each attribute is output k,j 。
First encryption node (master key authority) decryption key generation: this algorithm is performed by the master authority. Taking a user identity UID and a private key msk of a master key authorization center as inputs, and outputting a private key D for a user CA 。
In some alternative embodiments, the encryption system may perform data encryption processing on the data to be encrypted after the corresponding key is generated. The data encryption algorithm in the data encryption process can sign the private key sgk, a set of attributes corresponding to each attribute key authorization center through the sender identity iPublic key pk of each attribute key authority k Data m as input, output ciphertext ct= (CT, σ (i)), where CT is the encryption of the data message and σ (i) is the signature of the sender identity.
In some alternative embodiments, after data encryption of the data to be encrypted and generation of the encrypted data, the data source of the encrypted data may also be verified (data cleansing). The data cleansing algorithm in this disclosure is mainly composed of two parts:
Signature checking: with sender identity i, verification public key vk and signature σ (i) as inputs, the purifier first checks the correctness of the sender signature. If the signature is incorrect, the purifier directly outputs the T. And purifying the ciphertext if the signature is correct.
Data purification: the ciphertext ct is taken as an input, and the purifier outputs the purified ciphertext ct'.
In some alternative embodiments, after verification of the source of the encrypted data (data cleansing), the encrypted data may be sent to the acquirer of the encrypted data and the encrypted data may be subjected to data decryption by the acquirer of the encrypted data. Data decryption to purified ciphertext ct ', user's set of attributes A u Private key D for each attribute by attribute key authority k,j Private key D of master key authority to user CA As input. If both sender and receiver are authorized and for each attribute key authorization center satisfiesThe decrypted data message m is output.
In summary, in the present disclosure, the data to be encrypted is first encrypted by a preset first key and a second key to obtain encrypted data, then the data source of the encrypted data is verified to generate a verification result, and finally the encrypted data whose verification result meets the preset condition is re-encrypted.
In the present disclosure, an improved method for mating several encryption nodes (multi-key authorization centers) is provided for the single point of failure problem of a single encryption node (single-key authorization center) in a cleanable encryption scheme, with the goal that the cleanable encryption scheme can remain secure and work properly when certain key authorization centers are no longer secure.
It can be understood that, by using the encryption method, the device, the electronic equipment and the storage medium provided by the disclosure, the function encryption of multiple authorization centers can be realized, and meanwhile, the access control of both the uploading user of the data to be encrypted and the acquiring user of the data to be encrypted is also realized, so that the privacy protection capability of the data to be encrypted and the attack tolerance capability of the encryption system in the disclosure are greatly improved.
Based on the same technical concept, the present disclosure also provides an encryption device corresponding to the method of any embodiment, where the encryption device provided by the present disclosure can implement the encryption method of any embodiment.
Fig. 2 is a schematic structural diagram of an encryption device according to an embodiment of the disclosure.
The encryption device shown in fig. 2 further includes the following modules:
A key generation module 10, a data encryption module 20, an encrypted data verification module 30, and a data re-encryption module 40;
wherein the key generation module 10 is configured to: data to be encrypted is acquired and at least two keys are generated. The method specifically comprises the following steps:
acquiring data to be encrypted;
determining bilinear groups of the data to be encrypted based on preset security parameters;
determining public parameters of the data to be encrypted based on a hash function;
generating the first key and the second key respectively based on the bilinear group and the public parameter, wherein the first key comprises a first main private key, and the second key comprises a public key and a second main private key;
the public key is expressed as:
wherein pk is k Representing public key, e representing bilinear pairing, G representing generator of G in bilinear group, y 0 Representing the master private key, t k,i A random value selected for each attribute in each authorization center that generated the key;
the first master private key is expressed as:
msk CA =(y 0 ,{s k } k=1,...,K )
wherein msk is CA Representing a first primary private key, y 0 Representing an encrypted core random number s k A random number selected for each authority that generates the key;
the second master private key is represented as:
msk k =(s k ,t k,i )
Wherein msk is k Representing a second primary private key s k Representing a random value, t, selected for each authority generating a key k,i A random value selected for each attribute in each authorization center that generated the key;
generating a first decryption key and a second decryption key based on the first key and the second key;
wherein the first decryption key is expressed as:
wherein D is k,i Representing the first decryption key, G representing the generator of G in the bilinear group, p (i) representing the value of the polynomial when the user attribute i is input, t k,i Representing a random value selected for each attribute in each authorization center generating a key, A u Representing user attributesIs a collection of (1);
the second decryption key is expressed as:
wherein D is CA Representing a second decryption key, G representing the generator of G in the bilinear group, y 0 Represents the encryption core random number, k represents the number of key authority centers that generate the second key,representing a random number generation function, u representing the user identity.
The data encryption module 20 is configured to: is configured to: and encrypting the data to be encrypted based on the at least two keys to obtain encrypted data. The method specifically comprises the following steps:
The encrypted data is expressed as:
/>
wherein ct represents encrypted data, G represents generator of G in bilinear group, s, r represents two random numbers selected randomly, t k,i Represented as a random number selected for each attribute in each authorization center that generated the key,represents the attribute set of the kth second key authority, k represents the number of key authorities generating the second key, e represents bilinear pairing, y 0 Represents the encryption core random number, and m represents the data to be encrypted.
The encrypted data verification module 30 is configured to: and verifying the data source of the encrypted data and obtaining a verification result. The method specifically comprises the following steps:
generating a public signature key on a data source of the encrypted data based on a public key cryptographic algorithm or a homomorphic encryption algorithm, and verifying a private key;
and verifying the encrypted data based on the signature public key and the verification private key, and obtaining a verification result.
The data re-encryption module 40 is configured to: and in response to determining that the verification result meets a preset condition, carrying out re-encryption processing on the encrypted data to obtain re-encrypted data. The method specifically comprises the following steps:
in response to determining that the verification result is a trusted source, re-encrypting the encrypted data and obtaining re-encrypted data;
Wherein the re-encrypted data is represented as:
wherein ct 'represents re-encrypted data, G represents a generator of G in the bilinear group, s, r represents two random numbers selected randomly, r' represents i,represents the attribute set of the kth second key authority, k represents the number of key authorities generating the second key, e represents bilinear pairing, y 0 Represents the encryption core random number, and m represents the data to be encrypted.
Based on the same technical concept, the present disclosure also provides an electronic device corresponding to the method of any embodiment, which includes a memory, a processor, and a computer program stored on the memory and capable of running on the processor, where the processor implements the encryption method of any embodiment when executing the program.
Fig. 3 shows a more specific hardware architecture of an electronic device according to this embodiment, where the device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 implement communication connections therebetween within the device via a bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application-Specific Integrated Circuit (ASIC), or one or more Integrated circuits, etc. for executing related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of ROM (Read, only, memory), RAM (Random, access, memory), static storage device, dynamic storage device, or the like. Memory 1020 may store an operating system and other application programs, and when the embodiments of the present specification are implemented in software or firmware, the associated program code is stored in memory 1020 and executed by processor 1010.
The input/output interface 1030 is used to connect with an input/output module for inputting and outputting information. Input/output, the module may be configured as a component in a device (not shown in the figure) or may be externally connected to the device to provide corresponding functions. Wherein the input devices may include a keyboard, mouse, touch screen, microphone, various types of sensors, etc., and the output devices may include a display, speaker, vibrator, indicator lights, etc.
Communication interface 1040 is used to connect communication modules (not shown) to enable communication interactions of the present device with other devices. The communication module may implement communication through wired mode (such as USB, network cable, etc.), or may implement communication through wireless mode (such as mobile network, WIFI, bluetooth, etc.).
Bus 1050 includes a path for transferring information between components of the device (e.g., processor 1010, memory 1020, input/output interface 1030, and communication interface 1040).
It should be noted that although the above-described device only shows processor 1010, memory 1020, input/output interface 1030, communication interface 1040, and bus 1050, in an implementation, the device may include other components necessary to achieve proper operation. Furthermore, it will be understood by those skilled in the art that the above-described apparatus may include only the components necessary to implement the embodiments of the present description, and not all the components shown in the drawings.
The electronic device of the foregoing embodiment is configured to implement the corresponding encryption method in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which is not described herein.
Based on the same technical concept, the present disclosure also provides a non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform the encryption method according to any of the above embodiments, corresponding to the method of any of the above embodiments.
The computer readable media of the present embodiments, including both permanent and non-permanent, removable and non-removable media, may be used to implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device.
The storage medium of the above embodiment stores computer instructions for causing the computer to perform the encryption method according to any one of the above embodiments, and has the advantages of the corresponding method embodiments, which are not described herein.
Those of ordinary skill in the art will appreciate that: the discussion of any of the embodiments above is merely exemplary and is not intended to suggest that the scope of the disclosure, including the claims, is limited to these examples; the technical features of the above embodiments or in the different embodiments may also be combined under the idea of the present disclosure, the steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present disclosure as described above, which are not provided in details for the sake of brevity.
Additionally, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures, in order to simplify the illustration and discussion, and so as not to obscure the embodiments of the present disclosure. Furthermore, the devices may be shown in block diagram form in order to avoid obscuring the embodiments of the present disclosure, and this also accounts for the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform on which the embodiments of the present disclosure are to be implemented (i.e., such specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the disclosure, it should be apparent to one skilled in the art that embodiments of the disclosure can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative in nature and not as restrictive.
While the present disclosure has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of those embodiments will be apparent to those skilled in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic RAM (DRAM)) may use the embodiments discussed.
The disclosed embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Accordingly, any omissions, modifications, equivalents, improvements, and the like, which are within the spirit and principles of the embodiments of the disclosure, are intended to be included within the scope of the disclosure.
Claims (10)
1. An encryption method, comprising:
acquiring data to be encrypted and generating at least two keys;
encrypting the data to be encrypted based on the at least two keys to obtain encrypted data;
verifying the data source of the encrypted data and obtaining a verification result;
and in response to determining that the verification result meets a preset condition, carrying out re-encryption processing on the encrypted data to obtain re-encrypted data.
2. The method of claim 1, wherein the at least two keys comprise a first key and a second key, the obtaining the data to be encrypted and generating the at least two keys comprises:
Acquiring data to be encrypted;
determining bilinear groups of the data to be encrypted based on preset security parameters;
determining public parameters of the data to be encrypted based on a hash function;
and generating the first key and the second key respectively based on the bilinear group and the public parameter, wherein the first key comprises a first main private key, and the second key comprises a public key and a second main private key.
3. The method of claim 2, wherein the public key is expressed as:
wherein pk is k Representing public key, e representing bilinear pairing, G representing generator of G in bilinear group, y 0 Representing the master private key, t k,i A random value selected for each attribute in each authorization center that generated the key;
the first master private key is expressed as:
msk CA =(y 0 ,{s k } k=1,…,K )
wherein msk is CA Representing a first primary private key, y 0 Representing an encrypted core random number s k A random number selected for each authority that generates the key;
the second master private key is represented as:
msk k =(s k ,t k,i )
wherein msk is k Representing a second primary private key s k Representing a random value, t, selected for each authority generating a key k,i Representing a random value selected for each attribute in each authorization center that generated the key.
4. The method of claim 3, wherein the at least two keys comprise a first key and a second key, the obtaining the data to be encrypted and generating the at least two keys further comprising:
generating a first decryption key and a second decryption key based on the first key and the second key;
wherein the first decryption key is expressed as:
wherein D is k,i Representing the first decryption key, G representing the generator of G in the bilinear group, p (i) representing the value of the polynomial when the user attribute i is input, t k,i Representing a random value selected for each attribute in each authorization center generating a key, A u A collection representing user attributes;
the second decryption key is expressed as:
wherein D is CA Representing a second decryption key, G representing the generator of G in the bilinear group, y 0 Represents the encryption core random number, k represents the number of key authority centers that generate the second key,representing a random number generation function, u representing the user identity.
5. The method of claim 1, wherein the encrypted data is represented as:
wherein ct represents encrypted data, G represents generator of G in bilinear group, s, r represents two random numbers selected randomly, t k,i Represented as a random number selected for each attribute in each authorization center that generated the key,represents the attribute set of the kth second key authority, k represents the number of key authorities generating the second key, e represents bilinear pairing, y 0 Represents the encryption core random number, and m represents the data to be encrypted.
6. The method according to claim 1, wherein verifying the data source of the encrypted data and obtaining the verification result comprises:
generating a public signature key on a data source of the encrypted data based on a public key cryptographic algorithm or a homomorphic encryption algorithm, and verifying a private key;
and verifying the encrypted data based on the signature public key and the verification private key, and obtaining a verification result.
7. The method according to claim 6, wherein the re-encrypting the encrypted data in response to determining that the verification result satisfies a preset condition, comprises:
in response to determining that the verification result is a trusted source, re-encrypting the encrypted data and obtaining re-encrypted data;
wherein the re-encrypted data is represented as:
Wherein ct 'represents re-encrypted data, G represents a generator of G in the bilinear group, s, r represents two random numbers selected randomly, r' represents i,represents the attribute set of the kth second key authority, k represents the number of key authorities generating the second key, e represents bilinear pairing, y 0 Represents the encryption core random number, and m represents the data to be encrypted.
8. An encryption apparatus, comprising:
a key generation module configured to: acquiring data to be encrypted and generating at least two keys;
a data encryption module configured to: encrypting the data to be encrypted based on the at least two keys to obtain encrypted data;
an encrypted data verification module configured to: verifying the data source of the encrypted data and obtaining a verification result;
a data re-encryption module configured to: and in response to determining that the verification result meets a preset condition, carrying out re-encryption processing on the encrypted data to obtain re-encrypted data.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 7 when the program is executed by the processor.
10. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310274414.2A CN116684115A (en) | 2023-03-17 | 2023-03-17 | Encryption method, encryption device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310274414.2A CN116684115A (en) | 2023-03-17 | 2023-03-17 | Encryption method, encryption device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116684115A true CN116684115A (en) | 2023-09-01 |
Family
ID=87787919
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310274414.2A Pending CN116684115A (en) | 2023-03-17 | 2023-03-17 | Encryption method, encryption device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116684115A (en) |
-
2023
- 2023-03-17 CN CN202310274414.2A patent/CN116684115A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111628868B (en) | Digital signature generation method and device, computer equipment and storage medium | |
| JP6547079B1 (en) | Registration / authorization method, device and system | |
| CN109478279B (en) | Method and system for realizing block chain | |
| CN110378139B (en) | Data key protection method, system, electronic equipment and storage medium | |
| KR101999188B1 (en) | Secure personal devices using elliptic curve cryptography for secret sharing | |
| US8171306B2 (en) | Universal secure token for obfuscation and tamper resistance | |
| CN110914851A (en) | Improving integrity of communications between blockchain networks and external data sources | |
| WO2019147477A1 (en) | Blockchain system and data processing method for blockchain system | |
| US11063941B2 (en) | Authentication system, authentication method, and program | |
| TWI809292B (en) | Data encryption and decryption method, device, storage medium and encrypted file | |
| US9178881B2 (en) | Proof of device genuineness | |
| US8806206B2 (en) | Cooperation method and system of hardware secure units, and application device | |
| CN108199847A (en) | Security processing method, computer equipment and storage medium | |
| JP2014081787A (en) | Information processing device, information processing terminal, access authentication method, and program | |
| CN111476573A (en) | Account data processing method, device, equipment and storage medium | |
| CN115021903A (en) | Electronic medical record sharing method and system based on block chain | |
| CN101764694A (en) | Device, method and system for protecting data | |
| Ayub et al. | Fuzzy extraction and PUF based three party authentication protocol using USB as mass storage device | |
| CN102999710A (en) | Method, equipment and system for safely sharing digital content | |
| CN113079177B (en) | Remote sensing data sharing method based on time and decryption frequency limitation | |
| CN114268447B (en) | File transmission method and device, electronic equipment and computer readable medium | |
| WO2022024182A1 (en) | Knowledge proof method, knowledge proof program, and information processing apparatus | |
| CN109858283B (en) | Cloud storage security data sharing method based on Chaum-Pedersen | |
| CN117155549A (en) | Key distribution method, key distribution device, computer equipment and storage medium | |
| CN113111396B (en) | Method, system, device and medium for enhancing storage medium security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |