CN116910788A - Searchable encryption management method and device for service data and storage medium - Google Patents

Searchable encryption management method and device for service data and storage medium Download PDF

Info

Publication number
CN116910788A
CN116910788A CN202311032353.5A CN202311032353A CN116910788A CN 116910788 A CN116910788 A CN 116910788A CN 202311032353 A CN202311032353 A CN 202311032353A CN 116910788 A CN116910788 A CN 116910788A
Authority
CN
China
Prior art keywords
data
access
searcher
service data
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311032353.5A
Other languages
Chinese (zh)
Inventor
黄俭
邓建宇
周有衡
张启超
张先稳
张兵
戴宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ganzhou Engineering Quality Management Service Center
GUANGZHOU YUEJIAN SANHE SOFTWARE CO Ltd
Original Assignee
Ganzhou Engineering Quality Management Service Center
GUANGZHOU YUEJIAN SANHE SOFTWARE CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ganzhou Engineering Quality Management Service Center, GUANGZHOU YUEJIAN SANHE SOFTWARE CO Ltd filed Critical Ganzhou Engineering Quality Management Service Center
Priority to CN202311032353.5A priority Critical patent/CN116910788A/en
Publication of CN116910788A publication Critical patent/CN116910788A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2246Trees, e.g. B+trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computational Linguistics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a searchable encryption management method, a searchable encryption management device and a storage medium for service data, wherein the method comprises the following steps: when the service data is uploaded to a detection management system by a client, a corresponding access strategy is constructed according to the operator identity information and the key words of the information to be uplink; encrypting the service data according to the access strategy, and uploading the encrypted service data to a blockchain so that the blockchain can upload the encrypted service data to an archiving library for archiving; when the detection management system receives a search application, a corresponding attribute set is constructed according to the identity information of an operator of a searcher and the keyword of information to be queried, and corresponding access data is acquired from the archive library and fed back to the searcher; decrypting the access data when the detection management system receives a view request of a searcher; if the decryption is successful, the decrypted access data is fed back to the searcher, so that the information security and the management efficiency of the detection management platform are improved.

Description

Searchable encryption management method and device for service data and storage medium
Technical Field
The present invention relates to the field of engineering quality detection data management technologies, and in particular, to a searchable encryption management method and apparatus for service data, and a storage medium.
Background
At present, the informatization management system of the detection mechanism mostly adopts traditional database management and document management, common network service and transmission protocol, and each flow functional module of the activities such as detection service acceptance, detection data acquisition, detection information uploading, detection report issuing, detection archive management and the like is completed by the operation of different service departments (personnel).
The traditional detection management platform has security holes, a database or a file is easy to attack, so that data is revealed or tampered, the process cannot be effectively monitored, the authenticity and the effectiveness of a detection program cannot be ensured, and problems cannot be timely and effectively found, so that the problems of incomplete and unrealistic post-trace information and the like are solved; data protection is not carried out on the data in the process of detecting data acquisition and information uploading, so that information leakage is easy to occur, and the privacy protection and information safety of the data are not facilitated; the traditional encryption algorithm, such as asymmetric encryption, needs to know the identities of specific transaction parties, has insufficient flexibility, is more used in a data transmission stage, and does not have the effect of encryption storage; the traditional detection management platform has single data management mode, the information sharing among all parties is difficult, and the effective information can not be obtained in time; the safe storage and the quick retrieval of the detection files are difficult to balance, so that the problems of information safety, management efficiency and the like are caused. Therefore, the problems of low information security and poor management efficiency of the traditional detection management platform are particularly remarkable, and the whole process of the detection activity is difficult to be traced and guaranteed.
Disclosure of Invention
The invention provides a searchable encryption management method, a searchable encryption management device and a storage medium for service data, so as to ensure traceability of the whole detection activity process and improve the information security and management efficiency of a detection management platform.
The invention provides a searchable encryption management method of service data, comprising the following steps: when a first service data is uploaded to a detection management system by a first client, constructing a corresponding access strategy according to the identity information of an operator of the first client and a key word of information to be uplink of the first service data; encrypting the first service data according to the access strategy, and uploading the encrypted first service data to a blockchain so that the blockchain can upload the encrypted first service data to an archiving library for archiving;
when the detection management system receives a search application, a corresponding attribute set is constructed according to the identity information of an operator of a searcher and the keyword of the information to be queried; acquiring corresponding access data from the archive according to the attribute set, and feeding back the access data to the searcher;
decrypting the access data when the detection management system receives a view request of the searcher; and if the decryption is successful, feeding the decrypted access data back to the searcher.
Further, encrypting the first service data according to the access policy, and uploading the encrypted first service data to a blockchain, specifically:
initializing a security coefficient to generate a first public parameter and a first master key; inputting the first public parameters, the first service data and the access strategy into an Encrpt function to generate ciphertext; and uploading the ciphertext serving as encrypted first service data to a block chain.
Further, according to the attribute set, obtaining corresponding access data from the archive, and feeding back the access data to the searcher, specifically:
judging whether a searcher is in a first access structure tree of the archive; the first access structure tree is constructed according to the access authority of each archive in the archive;
if yes, creating a search trapdoor according to the keyword of the information to be queried; performing product calculation on the search trapdoor and a plurality of data indexes of the archive to obtain the score of each data index; acquiring initial access data corresponding to a preset data index with the highest score;
judging whether the searcher is in a second access structure tree of the initial access data; the second access structure tree is constructed according to the access authority of the corresponding initial access data;
If yes, the corresponding initial access data of the searcher attribute existing in the second access structure tree is fed back to the searcher as access data.
Further, when the search trapdoor and a plurality of data indexes of the archive base are multiplied, the score of each data index is obtained, specifically:
performing dual coding on the keyword of the search trapdoor and the keywords of the data indexes respectively, and respectively calculating the search trapdoor and the data indexes after the dual coding through matrix construction by utilizing a bloom filter construction to generate corresponding trapdoor vectors and a plurality of corresponding index vectors; the bloom filter inserts a hash function generated by the LSH;
and carrying out product calculation on the trapdoor vector and a plurality of index vectors respectively to obtain the score of each data index.
Further, when the detection management system receives the view request of the searcher, the access data is decrypted, specifically:
when the detection management system receives a view request of the searcher, controlling a blockchain to record an access request of the current searcher; inputting the attribute set and the second master key of the access data into a KeyGen function to generate a decryption key; decrypting the access data, the second public parameter of the access data, and the second master key input Encrpt function; and when the second master key meets the access strategy set by the access data in encryption, generating decrypted access data.
As a preferred scheme, in the prior art, each flow function module is operated by different service departments or personnel, and there are situations that system data is modified, such as direct background login for trace-free modification or modification after intrusion, and possibly cannot be traced. The invention adopts the block chain technology to uplink the service data uploaded by the client, ensures the non-falsification of the data on the chain, ensures the traceability of the whole detection activity process through the key information record of the whole service flow on the chain, and further improves the information security of the detection management platform. Meanwhile, the invention utilizes the attribute encryption technology to realize the encryption storage of the service data, ensures the safe storage of the data to be difficult to leak, provides flexible access authority configuration for users, and further improves the safety and controllability of the data. In addition, efficient search and query operations can be performed while maintaining data encryption. Only authorized users can perform search and query operations, ensuring that the data is only visible to the authorized users. The user may perform various search operations on the encrypted data, such as keyword searches, range queries, etc., without decrypting the data in advance. Thus, the user can ensure that his data is protected during storage and processing, maintaining confidentiality even in cloud storage and database environments. And the data privacy is protected, meanwhile, the searching and inquiring functions similar to those of plaintext data can be still enjoyed, and the management efficiency of service data is improved while the information security is ensured.
Correspondingly, the invention also provides a searchable encryption management device for the service data, which comprises: the system comprises a data uploading module, a data searching module and a data looking-up module;
the data uploading module is used for constructing a corresponding access strategy according to the identity information of an operator of the first client and the key word of the information to be uplink of the first service data when the first service data is uploaded to the detection management system by the first client; encrypting the first service data according to the access strategy, and uploading the encrypted first service data to a blockchain so that the blockchain can upload the encrypted first service data to an archiving library for archiving;
the data searching module is used for constructing a corresponding attribute set according to the identity information of an operator of a searcher and the keyword of the information to be queried when the detection management system receives a search application; acquiring corresponding access data from the archive according to the attribute set, and feeding back the access data to the searcher; the data viewing module is used for decrypting the access data when the detection management system receives a viewing request of the searcher; and if the decryption is successful, feeding the decrypted access data back to the searcher.
Further, the data uploading module includes: a policy making unit and an encryption unit;
the policy making unit is used for constructing a corresponding access policy according to the identity information of the operator of the first client and the key word of the information to be uplink of the first service data;
the encryption unit is used for initializing the security coefficient and generating a first public parameter and a first master key; inputting the first public parameters, the first service data and the access strategy into an Encrpt function to generate ciphertext; and uploading the ciphertext serving as encrypted first service data to a block chain.
Further, the data searching module comprises a query unit;
the inquiry unit is used for judging whether a searcher is in a first access structure tree of the archive; the first access structure tree is constructed according to the access authority of each archive in the archive;
if yes, creating a search trapdoor according to the keyword of the information to be queried; performing product calculation on the search trapdoor and a plurality of data indexes of the archive to obtain the score of each data index; acquiring initial access data corresponding to a preset data index with the highest score;
Judging whether the searcher is in a second access structure tree of the initial access data; the second access structure tree is constructed according to the access authority of the corresponding initial access data;
if yes, feeding back corresponding initial access data of the searcher attribute existing in the second access structure tree to the searcher as access data;
the query unit comprises a calculation subunit;
the computing subunit is used for performing dual coding on the keyword of the search trapdoor and the keywords of the data indexes respectively, and calculating the search trapdoor and the data indexes after the dual coding respectively through matrix construction by utilizing a bloom filter structure to generate a corresponding trapdoor vector and a plurality of corresponding index vectors; the bloom filter inserts a hash function generated by the LSH;
and carrying out product calculation on the trapdoor vector and a plurality of index vectors respectively to obtain the score of each data index.
Further, the data viewing module includes a decryption unit;
the decryption unit is used for controlling the blockchain to record the access request of the current searcher when the detection management system receives the view request of the searcher; inputting the attribute set and the second master key of the access data into a KeyGen function to generate a decryption key; decrypting the access data, the second public parameter of the access data, and the second master key input Encrpt function; and when the second master key meets the access strategy set by the access data in encryption, generating decrypted access data.
As a preferable scheme, the data uploading module of the device adopts a block chain technology to uplink the service data uploaded by the client, so as to ensure that the data on the chain cannot be tampered. And through the key information record of the whole flow of the on-chain service, the traceability of the whole process of the detection activity is ensured, and the information security of the detection management platform is further improved. The invention realizes the encryption storage of the business data by utilizing the attribute encryption technology, and ensures that the safe storage of the data is not easy to leak. Meanwhile, flexible access authority configuration of the user is provided, and the safety controllability of the data is further improved. In addition, the data search module and the data look-up module can also perform efficient search and query operations while maintaining data encryption. Only authorized users can perform search and query operations, ensuring that the data is only visible to the authorized users. The user may perform various search operations on the encrypted data, such as keyword searches, range queries, etc., without decrypting the data in advance. Thus, the user can ensure that his data is protected during storage and processing, maintaining confidentiality even in cloud storage and database environments. And the data privacy is protected, meanwhile, the searching and inquiring functions similar to those of plaintext data can be still enjoyed, and the management efficiency of service data is improved while the information security is ensured.
Accordingly, the present invention also provides a computer-readable storage medium including a stored computer program; wherein the computer program, when running, controls the device in which the computer readable storage medium is located to execute a searchable encryption management method for service data according to the present disclosure.
Drawings
FIG. 1 is a flow chart of one embodiment of a searchable encryption management method for business data provided by the present invention;
FIG. 2 is a flow diagram of an embodiment of a full flow of detection services of the searchable encryption management method of service data provided by the present invention;
fig. 3 is a schematic structural diagram of an embodiment of a searchable encryption management apparatus for service data provided by the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
Referring to fig. 1, a searchable encryption management method for service data according to an embodiment of the present invention includes steps S101 to S103:
step S101: when a first service data is uploaded to a detection management system by a first client, constructing a corresponding access strategy according to the identity information of an operator of the first client and a key word of information to be uplink of the first service data; encrypting the first service data according to the access strategy, and uploading the encrypted first service data to a blockchain so that the blockchain can upload the encrypted first service data to an archiving library for archiving;
the invention adopts the block chain technology to uplink the service data uploaded by the client, ensures that the data on the chain cannot be tampered, and ensures that the whole process of the detection activity is traceable through the key information record of the whole process of the service on the chain.
In the present embodiment, an access policy is defined based on the attributes of the user so that only users meeting the conditions of the specific attributes can access the encrypted data; and acquiring the identity information of the operator and the key words of the information to be uplink through respective systems to construct an access strategy A, for example: "(witness OR detection Unit OR vs. department OR (delegate Unit AND authorized))".
Further, encrypting the first service data according to the access policy, and uploading the encrypted first service data to a blockchain, specifically:
initializing a security coefficient to generate a first public parameter and a first master key; inputting the first public parameters, the first service data and the access strategy into an Encrpt function to generate ciphertext; and uploading the ciphertext serving as encrypted first service data to a block chain.
In this embodiment, the access policy a and the information M to be uplink are encrypted by ABE to form a ciphertext CT, and then the ciphertext CT is uplink to the blockchain. Illustratively, in the attribute-based encryption technique (ABE), the public parameter PK and the master key MK are obtained by initializing according to a security coefficient λ (random number). When the information is encrypted, the information plaintext M is encrypted into the ciphertext CT through an Encrpt function in the ABE according to the public parameter PK, the information plaintext M, namely the first service data and the access strategy A.
Step S102: when the detection management system receives a search application, a corresponding attribute set is constructed according to the operator identity information of the searcher and the key words of the information to be queried; acquiring corresponding access data from the archive according to the attribute set, and feeding back the access data to the searcher;
Further, according to the attribute set, obtaining corresponding access data from the archive, and feeding back the access data to the searcher, specifically:
judging whether a searcher is in a first access structure tree of the archive; the first access structure tree is constructed according to the access authority of each archive in the archive;
if yes, creating a search trapdoor according to the keyword of the information to be queried; performing product calculation on the search trapdoor and a plurality of data indexes of the archive to obtain the score of each data index; acquiring initial access data corresponding to a preset data index with the highest score;
judging whether the searcher is in a second access structure tree of the initial access data; the second access structure tree is constructed according to the access authority of the corresponding initial access data;
if yes, the corresponding initial access data of the searcher attribute existing in the second access structure tree is fed back to the searcher as access data.
In this embodiment, each archive has a token with access authority, the token is encrypted by abe attribute to obtain a ciphertext, and the ciphertext is stored in abe access structure tree, that is, the first access structure tree, and if a user wants to access the archive, the user needs to go through a decryption step of abe, and if the user accords with abe access structure tree, the token is obtained after decryption, and the archive is accessed through the token.
The access structure tree forms a tree structure according to the inherent identity attribute of the user and combining and or logic. And (3) through inputting the user attribute set, calculating a node threshold value by using a Lagrange interpolation formula, judging whether the attribute in the user attribute set completely accords with the access structure tree and/or logic, and judging whether the user is in the access structure tree of the archive.
Further, product calculation is carried out on the search trapdoor and a plurality of data indexes of the archive to obtain the score of each data index, specifically:
performing dual coding on the keyword of the search trapdoor and the keywords of the data indexes respectively, and respectively calculating the search trapdoor and the data indexes after the dual coding through matrix construction by utilizing a bloom filter construction to generate corresponding trapdoor vectors and a plurality of corresponding index vectors; the bloom filter inserts a hash function generated by the LSH;
and carrying out product calculation on the trapdoor vector and a plurality of index vectors respectively to obtain the score of each data index.
In this embodiment, for example, if there are 10 indexes in the archive, the searching user may operate with the 10 indexes using 1 trapdoor created by itself, and then 10 encrypted data lists with product results (scores) may be returned. The larger the score, the higher the correlation of trapdoors to the index (high information matching). If the record with the largest score of the first 5 records is selected to be returned, the searcher can click the 5 records to check the ciphertext, but the ciphertext in the 5 returned data is encrypted by abe, and the decryption process of abe needs to be performed according to the identity of the searcher.
Step S103: decrypting the access data when the detection management system receives a view request of the searcher; and if the decryption is successful, feeding the decrypted access data back to the searcher.
Further, when the detection management system receives the view request of the searcher, the access data is decrypted, specifically:
when the detection management system receives a view request of the searcher, controlling a blockchain to record an access request of the current searcher; inputting the attribute set and the second master key of the access data into a KeyGen function to generate a decryption key; decrypting the access data, the second public parameter of the access data, and the second master key input Encrpt function; and when the second master key meets the access strategy set by the access data in encryption, generating decrypted access data.
In this embodiment, when querying information on a chain, the operator identity information and the keyword of the information to be queried need to be obtained through respective systems to construct an attribute set S, for example: "[ witness, authorized ]", then generates a decryption key SK from the master key MK and the set of attributes S; the decryption key SK is generated by inputting a master key MK and an attribute set S into a KeyGen function in ABE; and decrypting the ciphertext CT obtained from the chain and the decryption key SK through ABE, so that only the attribute set S conforming to the access strategy A can obtain the plaintext M through decryption.
In the present embodiment of the present invention, in the present embodiment,
for a better illustration of the present embodiment, please refer to fig. 2, a full detection service flow is provided, which includes: the detection business acceptance, detection data acquisition, detection information uploading, detection report issuing and detection archive management processes comprise the following specific steps:
the construction/entrusting unit carries out entrusting registration of detection service on the service, entrusting information of items to be detected, the engineering, the organization and the like is recorded through entrusting registration in the detection mechanism, the detection mechanism needs to judge whether to accept or not according to self qualification and conditions, detection service acceptance is realized, service acceptance data is uploaded to the detection management system, that is, mutual information records of service acceptance are uploaded to the platform block chain bottom layer for verification, and the platform block chain bottom layer comprises a plurality of blocks for storing the uploaded service data.
After the detection service is accepted, the construction/consignment unit performs on-site sampling and sample sealing management, and uploads the acquired photo and positioning sample information to the detection management system; meanwhile, the supervision unit witnesses the site sampling of the construction/consignment unit, and uploads the acquired photo and positioning sample information to the detection management system;
As one specific example, a sampling person is commissioned by a construction unit, a witness person is commissioned by a supervision unit, the sampling person and the witness person need to record in a detection and supervision system, and the record information is uploaded to a blockchain mainly by recording names, identity cards, mobile phone numbers, face information, fingerprint information and the witness person commission;
filling test sample entrusting information in a mobile client by a construction unit before site sampling, determining the engineering name, engineering position, test unit, detailed information of the sample and the like of the sample to be inspected, generating entrusting numbers, and uploading the entrusting numbers to a block chain;
sampling on site by a sampling person after entrusting registration, carrying out face recognition, photographing and positioning by a mobile phone client, wherein the photograph mainly comprises a sample and the sampling person, and the positioning is mainly used for determining that the sampling position of the sampling person is on an engineering construction site and uploading the information to a block chain;
the sample sealing management mainly comprises the steps of binding samples through a concrete RFID chip and a two-dimension code, wherein the concrete chip is mainly used for a concrete test block, after the concrete test block is poured, the RFID chip which is written with sample information by the supervision is implanted, and other samples are packaged by using a rolling belt with the two-dimension code;
The method comprises the steps that a witness person needs to be on site when sampling, the witness person logs in a mobile client to conduct face recognition after sampling is finished, witness is conducted on corresponding sampling information, a two-dimensional code and a chip of a sample are scanned, the two-dimensional code, the chip and the sample are associated and bound, photographing and positioning are conducted through a mobile phone client, the photograph mainly comprises the sample and the witness person, positioning is mainly used for determining that the witness person is on site, and the information is in blockchain; the on-site witness sampling process can be effectively monitored by comparing the positioning information of the sampling personnel and the witness personnel and combining the positions of the engineering, and the on-site witness sampling process is mainly used for solving the problem of false samples. And finally, sending the sample without problems after comparison to a detection mechanism.
The detection mechanism works the uplink of each data information in the detection and acquisition process, and the information is required to be processed by an attribute-based encryption technology (ABE) before the uplink; and generating a detection report according to the detection result. When the report is printed, the report identifier is requested to the platform, the detection report printing with the report identifier is completed after the report is successfully requested, and the detection report is automatically uploaded to the blockchain certificate.
And finally, archiving the in-chain data to realize archive management, so that a supervision department can realize the supervision of the in-chain data by searching and inquiring an archiving library.
In the whole flow, each organization uses the searchable encryption management method of the service data according to the embodiment to upload data (block chain is on the data) to a detection management system, namely, according to the identity information of the operator of the first client and the key word of the information to be uplink of the first service data, a corresponding access strategy is constructed; and encrypting the first service data according to the access strategy, and uploading the encrypted first service data to a blockchain so that the blockchain can upload the encrypted first service data to an archiving library for archiving.
The supervision department searches and inquires the archive by using the searchable encryption management method of the service data according to the embodiment, namely, a corresponding attribute set is constructed according to the identity information of the operator of the searcher and the keyword of the information to be inquired; acquiring corresponding access data from the archive according to the attribute set, and feeding back the access data to the searcher; decrypting the access data when the detection management system receives a view request of the searcher; and if the decryption is successful, feeding the decrypted access data back to the searcher.
The implementation of the embodiment of the invention has the following effects:
the invention adopts the block chain technology to uplink the service data uploaded by the client, thereby ensuring that the data on the chain cannot be tampered. And through the key information record of the whole flow of the on-chain service, the traceability of the whole process of the detection activity is ensured, and the information security of the detection management platform is further improved. The invention realizes the encryption storage of the business data by utilizing the attribute encryption technology, and ensures that the safe storage of the data is not easy to leak. Meanwhile, flexible access authority configuration of the user is provided, and the safety controllability of the data is further improved. In addition, efficient search and query operations can be performed while maintaining data encryption. Only authorized users can perform search and query operations, ensuring that the data is only visible to the authorized users. The user may perform various search operations on the encrypted data, such as keyword searches, range queries, etc., without decrypting the data in advance. Thus, the user can ensure that his data is protected during storage and processing, maintaining confidentiality even in cloud storage and database environments. And the data privacy is protected, meanwhile, the searching and inquiring functions similar to those of plaintext data can be still enjoyed, and the management efficiency of service data is improved while the information security is ensured.
Example two
Referring to fig. 3, a searchable encryption management apparatus for service data according to an embodiment of the present invention includes: a data uploading module 201, a data searching module 202 and a data viewing module 203;
the data uploading module 201 is configured to construct a corresponding access policy according to the identity information of the operator of the first client and the key word of the information to be uplink of the first service data when the first service data is uploaded to the detection management system by the first client; encrypting the first service data according to the access strategy, and uploading the encrypted first service data to a blockchain so that the blockchain can upload the encrypted first service data to an archiving library for archiving;
the data searching module 202 is configured to construct a corresponding attribute set according to the operator identity information of the searcher and the keyword of the information to be queried when the detection management system receives a search application; acquiring corresponding access data from the archive according to the attribute set, and feeding back the access data to the searcher;
the data viewing module 203 is configured to decrypt the access data when the detection management system receives a viewing request of the searcher; and if the decryption is successful, feeding the decrypted access data back to the searcher.
The data upload module 201 includes: a policy making unit and an encryption unit;
the policy making unit is used for constructing a corresponding access policy according to the identity information of the operator of the first client and the key word of the information to be uplink of the first service data;
the encryption unit is used for initializing the security coefficient and generating a first public parameter and a first master key; inputting the first public parameters, the first service data and the access strategy into an Encrpt function to generate ciphertext; and uploading the ciphertext serving as encrypted first service data to a block chain.
The data search module 202 includes a query unit;
the inquiry unit is used for judging whether a searcher is in a first access structure tree of the archive; the first access structure tree is constructed according to the access authority of each archive in the archive;
if yes, creating a search trapdoor according to the keyword of the information to be queried; performing product calculation on the search trapdoor and a plurality of data indexes of the archive to obtain the score of each data index; acquiring initial access data corresponding to a preset data index with the highest score;
Judging whether the searcher is in a second access structure tree of the initial access data; the second access structure tree is constructed according to the access authority of the corresponding initial access data;
if yes, feeding back corresponding initial access data of the searcher attribute existing in the second access structure tree to the searcher as access data;
the query unit comprises a calculation subunit;
the computing subunit is used for performing dual coding on the keyword of the search trapdoor and the keywords of the data indexes respectively, and calculating the search trapdoor and the data indexes after the dual coding respectively through matrix construction by utilizing a bloom filter structure to generate a corresponding trapdoor vector and a plurality of corresponding index vectors; the bloom filter inserts a hash function generated by the LSH;
and carrying out product calculation on the trapdoor vector and a plurality of index vectors respectively to obtain the score of each data index.
The data viewing module 203 includes a decryption unit;
the decryption unit is used for controlling the blockchain to record the access request of the current searcher when the detection management system receives the view request of the searcher; inputting the attribute set and the second master key of the access data into a KeyGen function to generate a decryption key; decrypting the access data, the second public parameter of the access data, and the second master key input Encrpt function; and when the second master key meets the access strategy set by the access data in encryption, generating decrypted access data.
The searchable encryption management apparatus for service data described above may implement the searchable encryption management method for service data of the above method embodiment. The options in the method embodiments described above are also applicable to this embodiment and will not be described in detail here. The rest of the embodiments of the present application may refer to the content of the above method embodiments, and in this embodiment, no further description is given.
The implementation of the embodiment of the application has the following effects:
the data uploading module of the device adopts the block chain technology to uplink the service data uploaded by the client, so as to ensure that the data on the chain cannot be tampered. And through the key information record of the whole flow of the on-chain service, the traceability of the whole process of the detection activity is ensured, and the information security of the detection management platform is further improved. The application realizes the encryption storage of the business data by utilizing the attribute encryption technology, and ensures that the safe storage of the data is not easy to leak. Meanwhile, flexible access authority configuration of the user is provided, and the safety controllability of the data is further improved. In addition, the data search module and the data look-up module can also perform efficient search and query operations while maintaining data encryption. Only authorized users can perform search and query operations, ensuring that the data is only visible to the authorized users. The user may perform various search operations on the encrypted data, such as keyword searches, range queries, etc., without decrypting the data in advance. Thus, the user can ensure that his data is protected during storage and processing, maintaining confidentiality even in cloud storage and database environments. And the data privacy is protected, meanwhile, the searching and inquiring functions similar to those of plaintext data can be still enjoyed, and the management efficiency of service data is improved while the information security is ensured.
Example III
Correspondingly, the invention further provides a computer readable storage medium, which comprises a stored computer program, wherein the computer program controls equipment where the computer readable storage medium is located to execute the searchable encryption management method of the service data according to any embodiment.
The computer program may be divided into one or more modules/units, which are stored in the memory and executed by the processor to accomplish the present invention, for example. The one or more modules/units may be a series of computer program instruction segments capable of performing the specified functions, which instruction segments are used for describing the execution of the computer program in the terminal device.
The terminal equipment can be computing equipment such as a desktop computer, a notebook computer, a palm computer, a cloud server and the like. The terminal device may include, but is not limited to, a processor, a memory.
The processor may be a central processing unit (Central Processing Unit, CPU), other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like, which is a control center of the terminal device, and which connects various parts of the entire terminal device using various interfaces and lines.
The memory may be used to store the computer program and/or the module, and the processor may implement various functions of the terminal device by running or executing the computer program and/or the module stored in the memory and invoking data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the mobile terminal, etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart Media Card (SMC), secure Digital (SD) Card, flash Card (Flash Card), at least one disk storage device, flash memory device, or other volatile solid-state storage device.
Wherein the terminal device integrated modules/units may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as stand alone products. Based on such understanding, the present invention may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier wave signal, a telecommunication signal, a software distribution medium, and so forth.
The foregoing embodiments have been provided for the purpose of illustrating the general principles of the present invention, and are not to be construed as limiting the scope of the invention. It should be noted that any modifications, equivalent substitutions, improvements, etc. made by those skilled in the art without departing from the spirit and principles of the present invention are intended to be included in the scope of the present invention.

Claims (10)

1. A searchable encryption management method for service data, comprising:
when a first service data is uploaded to a detection management system by a first client, constructing a corresponding access strategy according to the identity information of an operator of the first client and a key word of information to be uplink of the first service data; encrypting the first service data according to the access strategy, and uploading the encrypted first service data to a blockchain so that the blockchain can upload the encrypted first service data to an archiving library for archiving;
when the detection management system receives a search application, a corresponding attribute set is constructed according to the identity information of an operator of a searcher and the keyword of the information to be queried; acquiring corresponding access data from the archive according to the attribute set, and feeding back the access data to the searcher;
Decrypting the access data when the detection management system receives a view request of the searcher; and if the decryption is successful, feeding the decrypted access data back to the searcher.
2. The method for searchable encryption management of service data according to claim 1, wherein said encrypting said first service data according to said access policy and uploading the encrypted first service data to a blockchain comprises:
initializing a security coefficient to generate a first public parameter and a first master key; inputting the first public parameters, the first service data and the access strategy into an Encrpt function to generate ciphertext; and uploading the ciphertext serving as encrypted first service data to a block chain.
3. The method for searchable encryption management of business data according to claim 1, wherein said obtaining corresponding access data in said archive based on said set of attributes and feeding said access data back to said searcher comprises:
judging whether a searcher is in a first access structure tree of the archive; the first access structure tree is constructed according to the access authority of each archive in the archive;
If yes, creating a search trapdoor according to the keyword of the information to be queried; performing product calculation on the search trapdoor and a plurality of data indexes of the archive to obtain the score of each data index; acquiring initial access data corresponding to a preset data index with the highest score;
judging whether the searcher is in a second access structure tree of the initial access data; the second access structure tree is constructed according to the access authority of the corresponding initial access data;
if yes, the corresponding initial access data of the searcher attribute existing in the second access structure tree is fed back to the searcher as access data.
4. The method for searchable encryption management of business data according to claim 3, wherein when the search trapdoor is multiplied by a plurality of data indexes of the archive to obtain the score of each data index, the method is specifically as follows:
performing dual coding on the keyword of the search trapdoor and the keywords of the data indexes respectively, and respectively calculating the search trapdoor and the data indexes after the dual coding through matrix construction by utilizing a bloom filter construction to generate corresponding trapdoor vectors and a plurality of corresponding index vectors; the bloom filter inserts a hash function generated by the LSH;
And carrying out product calculation on the trapdoor vector and a plurality of index vectors respectively to obtain the score of each data index.
5. The method for searchable encryption management of business data according to claim 4, wherein when said detection management system receives a request for a view from said searcher, said access data is decrypted, in particular:
when the detection management system receives a view request of the searcher, controlling a blockchain to record an access request of the current searcher; inputting the attribute set and the second master key of the access data into a KeyGen function to generate a decryption key; decrypting the access data, the second public parameter of the access data, and the second master key input Encrpt function; and when the second master key meets the access strategy set by the access data in encryption, generating decrypted access data.
6. A searchable encryption management apparatus for service data, comprising: the system comprises a data uploading module, a data searching module and a data looking-up module;
the data uploading module is used for constructing a corresponding access strategy according to the identity information of an operator of the first client and the key word of the information to be uplink of the first service data when the first service data is uploaded to the detection management system by the first client; encrypting the first service data according to the access strategy, and uploading the encrypted first service data to a blockchain so that the blockchain can upload the encrypted first service data to an archiving library for archiving;
The data searching module is used for constructing a corresponding attribute set according to the identity information of an operator of a searcher and the keyword of the information to be queried when the detection management system receives a search application; acquiring corresponding access data from the archive according to the attribute set, and feeding back the access data to the searcher; the data viewing module is used for decrypting the access data when the detection management system receives a viewing request of the searcher; and if the decryption is successful, feeding the decrypted access data back to the searcher.
7. The searchable encryption management apparatus for traffic data as set forth in claim 6, wherein said data upload module comprises: a policy making unit and an encryption unit;
the policy making unit is used for constructing a corresponding access policy according to the identity information of the operator of the first client and the key word of the information to be uplink of the first service data;
the encryption unit is used for initializing the security coefficient and generating a first public parameter and a first master key; inputting the first public parameters, the first service data and the access strategy into an Encrpt function to generate ciphertext; and uploading the ciphertext serving as encrypted first service data to a block chain.
8. The searchable encryption management apparatus for service data as set forth in claim 6, wherein said data search module comprises a query unit;
the inquiry unit is used for judging whether a searcher is in a first access structure tree of the archive; the first access structure tree is constructed according to the access authority of each archive in the archive;
if yes, creating a search trapdoor according to the keyword of the information to be queried; performing product calculation on the search trapdoor and a plurality of data indexes of the archive to obtain the score of each data index; acquiring initial access data corresponding to a preset data index with the highest score;
judging whether the searcher is in a second access structure tree of the initial access data; the second access structure tree is constructed according to the access authority of the corresponding initial access data;
if yes, feeding back corresponding initial access data of the searcher attribute existing in the second access structure tree to the searcher as access data;
the query unit comprises a calculation subunit;
the computing subunit is used for performing dual coding on the keyword of the search trapdoor and the keywords of the data indexes respectively, and calculating the search trapdoor and the data indexes after the dual coding respectively through matrix construction by utilizing a bloom filter structure to generate a corresponding trapdoor vector and a plurality of corresponding index vectors; the bloom filter inserts a hash function generated by the LSH;
And carrying out product calculation on the trapdoor vector and a plurality of index vectors respectively to obtain the score of each data index.
9. The searchable encryption management apparatus for service data as recited in claim 6, wherein said data viewing module comprises a decryption unit;
the decryption unit is used for controlling the blockchain to record the access request of the current searcher when the detection management system receives the view request of the searcher; inputting the attribute set and the second master key of the access data into a KeyGen function to generate a decryption key; decrypting the access data, the second public parameter of the access data, and the second master key input Encrpt function; and when the second master key meets the access strategy set by the access data in encryption, generating decrypted access data.
10. A computer readable storage medium, wherein the computer readable storage medium comprises a stored computer program; wherein the computer program, when run, controls a device in which the computer-readable storage medium is located to perform a searchable encryption management method of service data as defined in any one of claims 1 to 5.
CN202311032353.5A 2023-08-15 2023-08-15 Searchable encryption management method and device for service data and storage medium Pending CN116910788A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311032353.5A CN116910788A (en) 2023-08-15 2023-08-15 Searchable encryption management method and device for service data and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311032353.5A CN116910788A (en) 2023-08-15 2023-08-15 Searchable encryption management method and device for service data and storage medium

Publications (1)

Publication Number Publication Date
CN116910788A true CN116910788A (en) 2023-10-20

Family

ID=88360189

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311032353.5A Pending CN116910788A (en) 2023-08-15 2023-08-15 Searchable encryption management method and device for service data and storage medium

Country Status (1)

Country Link
CN (1) CN116910788A (en)

Citations (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105141574A (en) * 2015-06-12 2015-12-09 深圳大学 Cloud storage cipher text access control system based on table attributes
CN105871543A (en) * 2016-03-29 2016-08-17 西安电子科技大学 Attribute-based multi-keyword ciphertext retrieval method under background of multiple data owners
CN107634829A (en) * 2017-09-12 2018-01-26 南京理工大学 Encrypted electronic medical records system and encryption method can search for based on attribute
CN107948146A (en) * 2017-11-20 2018-04-20 武汉科技大学 A kind of connection keyword retrieval method based on encryption attribute in mixed cloud
CN108092766A (en) * 2017-11-30 2018-05-29 深圳大学 A kind of cipher text searching method for verifying authority and its system
CN108494768A (en) * 2018-03-22 2018-09-04 深圳大学 A kind of cipher text searching method and system for supporting access control
CN110224986A (en) * 2019-05-07 2019-09-10 电子科技大学 It is a kind of that access control method efficiently can search for based on hiding strategy CP-ABE
CN111147508A (en) * 2019-12-30 2020-05-12 福建师范大学 Searchable attribute-based encryption method for resisting keyword guessing attack
CN112332979A (en) * 2020-11-11 2021-02-05 深圳技术大学 Ciphertext searching method, system and equipment in cloud computing environment
US20210105138A1 (en) * 2019-10-04 2021-04-08 Atakama LLC Encrypted search
KR20220011449A (en) * 2020-07-21 2022-01-28 순천향대학교 산학협력단 Data access control system based anonymous user attribute and method thereof
CN114048448A (en) * 2021-11-24 2022-02-15 中央财经大学 Block chain based dynamic searchable encryption method and device
CN114357477A (en) * 2021-12-15 2022-04-15 华南理工大学 Boolean keyword searchable encryption method supporting large-scale user group
CN114826703A (en) * 2022-04-11 2022-07-29 江苏大学 Block chain-based data search fine-grained access control method and system
CN114826575A (en) * 2022-04-19 2022-07-29 西安电子科技大学 Single keyword searchable encryption method based on inner product predicates in cloud
CN115309861A (en) * 2022-07-22 2022-11-08 深圳技术大学 Ciphertext retrieval system, method, computer equipment and storage medium
CN115580479A (en) * 2022-10-25 2023-01-06 国网甘肃省电力公司电力科学研究院 Attribute-based searchable encryption method for protecting power data
CN115603934A (en) * 2022-05-06 2023-01-13 中国人民解放军国防科技大学(Cn) Multi-user searchable encryption method and device based on block chain
CN115766136A (en) * 2022-11-03 2023-03-07 国家电网有限公司大数据中心 Multi-keyword searchable encryption method for energy source block chain supervision data
CN116204923A (en) * 2023-03-08 2023-06-02 中国工商银行股份有限公司 Data management and data query methods and devices
CN116226880A (en) * 2023-02-03 2023-06-06 山东润一智能科技有限公司 Block chain ciphertext retrieval security traceability system based on searchable encryption
CN116303767A (en) * 2023-02-17 2023-06-23 西安交通大学 Medical data multistage management and sharing method based on CP-ABE
US20230289345A1 (en) * 2021-01-13 2023-09-14 Mitsubishi Electric Corporation Searchable encryption system

Patent Citations (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105141574A (en) * 2015-06-12 2015-12-09 深圳大学 Cloud storage cipher text access control system based on table attributes
CN105871543A (en) * 2016-03-29 2016-08-17 西安电子科技大学 Attribute-based multi-keyword ciphertext retrieval method under background of multiple data owners
CN107634829A (en) * 2017-09-12 2018-01-26 南京理工大学 Encrypted electronic medical records system and encryption method can search for based on attribute
CN107948146A (en) * 2017-11-20 2018-04-20 武汉科技大学 A kind of connection keyword retrieval method based on encryption attribute in mixed cloud
CN108092766A (en) * 2017-11-30 2018-05-29 深圳大学 A kind of cipher text searching method for verifying authority and its system
CN108494768A (en) * 2018-03-22 2018-09-04 深圳大学 A kind of cipher text searching method and system for supporting access control
CN110224986A (en) * 2019-05-07 2019-09-10 电子科技大学 It is a kind of that access control method efficiently can search for based on hiding strategy CP-ABE
US20210105138A1 (en) * 2019-10-04 2021-04-08 Atakama LLC Encrypted search
CN111147508A (en) * 2019-12-30 2020-05-12 福建师范大学 Searchable attribute-based encryption method for resisting keyword guessing attack
KR20220011449A (en) * 2020-07-21 2022-01-28 순천향대학교 산학협력단 Data access control system based anonymous user attribute and method thereof
CN112332979A (en) * 2020-11-11 2021-02-05 深圳技术大学 Ciphertext searching method, system and equipment in cloud computing environment
US20230289345A1 (en) * 2021-01-13 2023-09-14 Mitsubishi Electric Corporation Searchable encryption system
CN114048448A (en) * 2021-11-24 2022-02-15 中央财经大学 Block chain based dynamic searchable encryption method and device
CN114357477A (en) * 2021-12-15 2022-04-15 华南理工大学 Boolean keyword searchable encryption method supporting large-scale user group
CN114826703A (en) * 2022-04-11 2022-07-29 江苏大学 Block chain-based data search fine-grained access control method and system
CN114826575A (en) * 2022-04-19 2022-07-29 西安电子科技大学 Single keyword searchable encryption method based on inner product predicates in cloud
CN115603934A (en) * 2022-05-06 2023-01-13 中国人民解放军国防科技大学(Cn) Multi-user searchable encryption method and device based on block chain
CN115309861A (en) * 2022-07-22 2022-11-08 深圳技术大学 Ciphertext retrieval system, method, computer equipment and storage medium
CN115580479A (en) * 2022-10-25 2023-01-06 国网甘肃省电力公司电力科学研究院 Attribute-based searchable encryption method for protecting power data
CN115766136A (en) * 2022-11-03 2023-03-07 国家电网有限公司大数据中心 Multi-keyword searchable encryption method for energy source block chain supervision data
CN116226880A (en) * 2023-02-03 2023-06-06 山东润一智能科技有限公司 Block chain ciphertext retrieval security traceability system based on searchable encryption
CN116303767A (en) * 2023-02-17 2023-06-23 西安交通大学 Medical data multistage management and sharing method based on CP-ABE
CN116204923A (en) * 2023-03-08 2023-06-02 中国工商银行股份有限公司 Data management and data query methods and devices

Non-Patent Citations (9)

* Cited by examiner, † Cited by third party
Title
全球金融科技创新案例编写小组: "《"新基建+数字金融" 全球金融科技创新实践2020版》", 31 August 2020, 中国金融出版社, pages: 93 *
刘格昌: "基于可搜索加密的区块链数据隐私保护机制", 《计算机应用》, vol. 39, no. 12, 30 December 2019 (2019-12-30) *
刘格昌;李强;: "基于可搜索加密的区块链数据隐私保护机制", 计算机应用, no. 2, 30 December 2019 (2019-12-30) *
宋开波;罗军;孙金涛;: "基于CP-ABE算法的云存储数据保护机制", 华中科技大学学报(自然科学版), no. 1, 15 December 2012 (2012-12-15) *
杜朝晖;朱文耀;: "云存储中利用属性基加密技术的安全数据检索方案", 计算机应用研究, no. 03 *
王敏;周李京;秦璐璐;: "抗关键词猜测攻击的可搜索属性基加密方案", 计算机应用与软件, no. 03, 12 March 2020 (2020-03-12) *
许盛伟;王荣荣;赵海;: "完全隐藏策略的基于属性可搜索加密方案", 计算机应用研究, no. 06, 12 April 2018 (2018-04-12) *
许盛伟;王荣荣;陈诚;: "支持关键字更新的基于属性可搜索加密方案", 计算机应用与软件, no. 03, 15 March 2018 (2018-03-15) *
闫玺玺;原笑含;汤永利;陈艳丽;: "基于区块链且支持验证的属性基搜索加密方案", 通信学报, no. 02 *

Similar Documents

Publication Publication Date Title
US11582040B2 (en) Permissions from entities to access information
EP2731034B1 (en) Client computer for querying a database stored on a server via a network
CN107948152B (en) Information storage method, information acquisition method, information storage device, information acquisition device and information acquisition equipment
US20180124066A1 (en) Geofencing of data in a cloud-based environment
CN102685148A (en) Method for realizing secure network backup system under cloud storage environment
CN110457945A (en) Method, inquiry method, apparatus, service method, apparatus and the storage medium of list inquiry
US20220269754A1 (en) Decentralized system and method for asset registry and authentication
EP4020265A1 (en) Method and device for storing encrypted data
CN109241352A (en) The acquisition methods and server of Profile information
Al Sibahee et al. Efficient encrypted image retrieval in IoT-cloud with multi-user authentication
Abduljabbar et al. Privacy-preserving image retrieval in IoT-cloud
WO2023134055A1 (en) Privacy-based federated inference method and apparatus, device, and storage medium
CN115694949A (en) Private data sharing method and system based on block chain
Sultan et al. A novel image-based homomorphic approach for preserving the privacy of autonomous vehicles connected to the cloud
CN114116637A (en) Data sharing method, device, equipment and storage medium
Yuvaraj et al. Secure DE-duplication over wireless sensing data using convergent encryption
CN108090371B (en) Data processing method, data tracking method, data processing device and data tracking device
CN116910788A (en) Searchable encryption management method and device for service data and storage medium
US11455404B2 (en) Deduplication in a trusted execution environment
CN115098893A (en) Data storage method and device based on block chain
Jahan et al. Securing E-passport management using private-permissioned blockchain and IPFS
Kumar et al. Lightweight verifiable auditing for outsourced database in cloud computing
TW202119229A (en) Data management method and system capable of safely accessing and deleting data wherein operations are performed by using a management server
CN114398606B (en) Face verification method, equipment and computer readable storage medium based on block chain
CN113946864B (en) Confidential information acquisition method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination