CN116910788A - Searchable encryption management method and device for service data and storage medium - Google Patents
Searchable encryption management method and device for service data and storage medium Download PDFInfo
- Publication number
- CN116910788A CN116910788A CN202311032353.5A CN202311032353A CN116910788A CN 116910788 A CN116910788 A CN 116910788A CN 202311032353 A CN202311032353 A CN 202311032353A CN 116910788 A CN116910788 A CN 116910788A
- Authority
- CN
- China
- Prior art keywords
- data
- access
- searcher
- service data
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 90
- 238000001514 detection method Methods 0.000 claims abstract description 80
- 238000000034 method Methods 0.000 claims abstract description 28
- 239000013598 vector Substances 0.000 claims description 24
- 238000004590 computer program Methods 0.000 claims description 18
- 238000004364 calculation method Methods 0.000 claims description 16
- 238000010276 construction Methods 0.000 claims description 15
- 230000009977 dual effect Effects 0.000 claims description 12
- 239000011159 matrix material Substances 0.000 claims description 6
- 230000006870 function Effects 0.000 description 26
- 238000005070 sampling Methods 0.000 description 16
- 230000008569 process Effects 0.000 description 15
- 230000000694 effects Effects 0.000 description 11
- 238000005516 engineering process Methods 0.000 description 11
- 238000012545 processing Methods 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 5
- 238000012360 testing method Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000013523 data management Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 238000007789 sealing Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000007639 printing Methods 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 238000005096 rolling process Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2228—Indexing structures
- G06F16/2246—Trees, e.g. B+trees
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computational Linguistics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a searchable encryption management method, a searchable encryption management device and a storage medium for service data, wherein the method comprises the following steps: when the service data is uploaded to a detection management system by a client, a corresponding access strategy is constructed according to the operator identity information and the key words of the information to be uplink; encrypting the service data according to the access strategy, and uploading the encrypted service data to a blockchain so that the blockchain can upload the encrypted service data to an archiving library for archiving; when the detection management system receives a search application, a corresponding attribute set is constructed according to the identity information of an operator of a searcher and the keyword of information to be queried, and corresponding access data is acquired from the archive library and fed back to the searcher; decrypting the access data when the detection management system receives a view request of a searcher; if the decryption is successful, the decrypted access data is fed back to the searcher, so that the information security and the management efficiency of the detection management platform are improved.
Description
Technical Field
The present invention relates to the field of engineering quality detection data management technologies, and in particular, to a searchable encryption management method and apparatus for service data, and a storage medium.
Background
At present, the informatization management system of the detection mechanism mostly adopts traditional database management and document management, common network service and transmission protocol, and each flow functional module of the activities such as detection service acceptance, detection data acquisition, detection information uploading, detection report issuing, detection archive management and the like is completed by the operation of different service departments (personnel).
The traditional detection management platform has security holes, a database or a file is easy to attack, so that data is revealed or tampered, the process cannot be effectively monitored, the authenticity and the effectiveness of a detection program cannot be ensured, and problems cannot be timely and effectively found, so that the problems of incomplete and unrealistic post-trace information and the like are solved; data protection is not carried out on the data in the process of detecting data acquisition and information uploading, so that information leakage is easy to occur, and the privacy protection and information safety of the data are not facilitated; the traditional encryption algorithm, such as asymmetric encryption, needs to know the identities of specific transaction parties, has insufficient flexibility, is more used in a data transmission stage, and does not have the effect of encryption storage; the traditional detection management platform has single data management mode, the information sharing among all parties is difficult, and the effective information can not be obtained in time; the safe storage and the quick retrieval of the detection files are difficult to balance, so that the problems of information safety, management efficiency and the like are caused. Therefore, the problems of low information security and poor management efficiency of the traditional detection management platform are particularly remarkable, and the whole process of the detection activity is difficult to be traced and guaranteed.
Disclosure of Invention
The invention provides a searchable encryption management method, a searchable encryption management device and a storage medium for service data, so as to ensure traceability of the whole detection activity process and improve the information security and management efficiency of a detection management platform.
The invention provides a searchable encryption management method of service data, comprising the following steps: when a first service data is uploaded to a detection management system by a first client, constructing a corresponding access strategy according to the identity information of an operator of the first client and a key word of information to be uplink of the first service data; encrypting the first service data according to the access strategy, and uploading the encrypted first service data to a blockchain so that the blockchain can upload the encrypted first service data to an archiving library for archiving;
when the detection management system receives a search application, a corresponding attribute set is constructed according to the identity information of an operator of a searcher and the keyword of the information to be queried; acquiring corresponding access data from the archive according to the attribute set, and feeding back the access data to the searcher;
decrypting the access data when the detection management system receives a view request of the searcher; and if the decryption is successful, feeding the decrypted access data back to the searcher.
Further, encrypting the first service data according to the access policy, and uploading the encrypted first service data to a blockchain, specifically:
initializing a security coefficient to generate a first public parameter and a first master key; inputting the first public parameters, the first service data and the access strategy into an Encrpt function to generate ciphertext; and uploading the ciphertext serving as encrypted first service data to a block chain.
Further, according to the attribute set, obtaining corresponding access data from the archive, and feeding back the access data to the searcher, specifically:
judging whether a searcher is in a first access structure tree of the archive; the first access structure tree is constructed according to the access authority of each archive in the archive;
if yes, creating a search trapdoor according to the keyword of the information to be queried; performing product calculation on the search trapdoor and a plurality of data indexes of the archive to obtain the score of each data index; acquiring initial access data corresponding to a preset data index with the highest score;
judging whether the searcher is in a second access structure tree of the initial access data; the second access structure tree is constructed according to the access authority of the corresponding initial access data;
If yes, the corresponding initial access data of the searcher attribute existing in the second access structure tree is fed back to the searcher as access data.
Further, when the search trapdoor and a plurality of data indexes of the archive base are multiplied, the score of each data index is obtained, specifically:
performing dual coding on the keyword of the search trapdoor and the keywords of the data indexes respectively, and respectively calculating the search trapdoor and the data indexes after the dual coding through matrix construction by utilizing a bloom filter construction to generate corresponding trapdoor vectors and a plurality of corresponding index vectors; the bloom filter inserts a hash function generated by the LSH;
and carrying out product calculation on the trapdoor vector and a plurality of index vectors respectively to obtain the score of each data index.
Further, when the detection management system receives the view request of the searcher, the access data is decrypted, specifically:
when the detection management system receives a view request of the searcher, controlling a blockchain to record an access request of the current searcher; inputting the attribute set and the second master key of the access data into a KeyGen function to generate a decryption key; decrypting the access data, the second public parameter of the access data, and the second master key input Encrpt function; and when the second master key meets the access strategy set by the access data in encryption, generating decrypted access data.
As a preferred scheme, in the prior art, each flow function module is operated by different service departments or personnel, and there are situations that system data is modified, such as direct background login for trace-free modification or modification after intrusion, and possibly cannot be traced. The invention adopts the block chain technology to uplink the service data uploaded by the client, ensures the non-falsification of the data on the chain, ensures the traceability of the whole detection activity process through the key information record of the whole service flow on the chain, and further improves the information security of the detection management platform. Meanwhile, the invention utilizes the attribute encryption technology to realize the encryption storage of the service data, ensures the safe storage of the data to be difficult to leak, provides flexible access authority configuration for users, and further improves the safety and controllability of the data. In addition, efficient search and query operations can be performed while maintaining data encryption. Only authorized users can perform search and query operations, ensuring that the data is only visible to the authorized users. The user may perform various search operations on the encrypted data, such as keyword searches, range queries, etc., without decrypting the data in advance. Thus, the user can ensure that his data is protected during storage and processing, maintaining confidentiality even in cloud storage and database environments. And the data privacy is protected, meanwhile, the searching and inquiring functions similar to those of plaintext data can be still enjoyed, and the management efficiency of service data is improved while the information security is ensured.
Correspondingly, the invention also provides a searchable encryption management device for the service data, which comprises: the system comprises a data uploading module, a data searching module and a data looking-up module;
the data uploading module is used for constructing a corresponding access strategy according to the identity information of an operator of the first client and the key word of the information to be uplink of the first service data when the first service data is uploaded to the detection management system by the first client; encrypting the first service data according to the access strategy, and uploading the encrypted first service data to a blockchain so that the blockchain can upload the encrypted first service data to an archiving library for archiving;
the data searching module is used for constructing a corresponding attribute set according to the identity information of an operator of a searcher and the keyword of the information to be queried when the detection management system receives a search application; acquiring corresponding access data from the archive according to the attribute set, and feeding back the access data to the searcher; the data viewing module is used for decrypting the access data when the detection management system receives a viewing request of the searcher; and if the decryption is successful, feeding the decrypted access data back to the searcher.
Further, the data uploading module includes: a policy making unit and an encryption unit;
the policy making unit is used for constructing a corresponding access policy according to the identity information of the operator of the first client and the key word of the information to be uplink of the first service data;
the encryption unit is used for initializing the security coefficient and generating a first public parameter and a first master key; inputting the first public parameters, the first service data and the access strategy into an Encrpt function to generate ciphertext; and uploading the ciphertext serving as encrypted first service data to a block chain.
Further, the data searching module comprises a query unit;
the inquiry unit is used for judging whether a searcher is in a first access structure tree of the archive; the first access structure tree is constructed according to the access authority of each archive in the archive;
if yes, creating a search trapdoor according to the keyword of the information to be queried; performing product calculation on the search trapdoor and a plurality of data indexes of the archive to obtain the score of each data index; acquiring initial access data corresponding to a preset data index with the highest score;
Judging whether the searcher is in a second access structure tree of the initial access data; the second access structure tree is constructed according to the access authority of the corresponding initial access data;
if yes, feeding back corresponding initial access data of the searcher attribute existing in the second access structure tree to the searcher as access data;
the query unit comprises a calculation subunit;
the computing subunit is used for performing dual coding on the keyword of the search trapdoor and the keywords of the data indexes respectively, and calculating the search trapdoor and the data indexes after the dual coding respectively through matrix construction by utilizing a bloom filter structure to generate a corresponding trapdoor vector and a plurality of corresponding index vectors; the bloom filter inserts a hash function generated by the LSH;
and carrying out product calculation on the trapdoor vector and a plurality of index vectors respectively to obtain the score of each data index.
Further, the data viewing module includes a decryption unit;
the decryption unit is used for controlling the blockchain to record the access request of the current searcher when the detection management system receives the view request of the searcher; inputting the attribute set and the second master key of the access data into a KeyGen function to generate a decryption key; decrypting the access data, the second public parameter of the access data, and the second master key input Encrpt function; and when the second master key meets the access strategy set by the access data in encryption, generating decrypted access data.
As a preferable scheme, the data uploading module of the device adopts a block chain technology to uplink the service data uploaded by the client, so as to ensure that the data on the chain cannot be tampered. And through the key information record of the whole flow of the on-chain service, the traceability of the whole process of the detection activity is ensured, and the information security of the detection management platform is further improved. The invention realizes the encryption storage of the business data by utilizing the attribute encryption technology, and ensures that the safe storage of the data is not easy to leak. Meanwhile, flexible access authority configuration of the user is provided, and the safety controllability of the data is further improved. In addition, the data search module and the data look-up module can also perform efficient search and query operations while maintaining data encryption. Only authorized users can perform search and query operations, ensuring that the data is only visible to the authorized users. The user may perform various search operations on the encrypted data, such as keyword searches, range queries, etc., without decrypting the data in advance. Thus, the user can ensure that his data is protected during storage and processing, maintaining confidentiality even in cloud storage and database environments. And the data privacy is protected, meanwhile, the searching and inquiring functions similar to those of plaintext data can be still enjoyed, and the management efficiency of service data is improved while the information security is ensured.
Accordingly, the present invention also provides a computer-readable storage medium including a stored computer program; wherein the computer program, when running, controls the device in which the computer readable storage medium is located to execute a searchable encryption management method for service data according to the present disclosure.
Drawings
FIG. 1 is a flow chart of one embodiment of a searchable encryption management method for business data provided by the present invention;
FIG. 2 is a flow diagram of an embodiment of a full flow of detection services of the searchable encryption management method of service data provided by the present invention;
fig. 3 is a schematic structural diagram of an embodiment of a searchable encryption management apparatus for service data provided by the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
Referring to fig. 1, a searchable encryption management method for service data according to an embodiment of the present invention includes steps S101 to S103:
step S101: when a first service data is uploaded to a detection management system by a first client, constructing a corresponding access strategy according to the identity information of an operator of the first client and a key word of information to be uplink of the first service data; encrypting the first service data according to the access strategy, and uploading the encrypted first service data to a blockchain so that the blockchain can upload the encrypted first service data to an archiving library for archiving;
the invention adopts the block chain technology to uplink the service data uploaded by the client, ensures that the data on the chain cannot be tampered, and ensures that the whole process of the detection activity is traceable through the key information record of the whole process of the service on the chain.
In the present embodiment, an access policy is defined based on the attributes of the user so that only users meeting the conditions of the specific attributes can access the encrypted data; and acquiring the identity information of the operator and the key words of the information to be uplink through respective systems to construct an access strategy A, for example: "(witness OR detection Unit OR vs. department OR (delegate Unit AND authorized))".
Further, encrypting the first service data according to the access policy, and uploading the encrypted first service data to a blockchain, specifically:
initializing a security coefficient to generate a first public parameter and a first master key; inputting the first public parameters, the first service data and the access strategy into an Encrpt function to generate ciphertext; and uploading the ciphertext serving as encrypted first service data to a block chain.
In this embodiment, the access policy a and the information M to be uplink are encrypted by ABE to form a ciphertext CT, and then the ciphertext CT is uplink to the blockchain. Illustratively, in the attribute-based encryption technique (ABE), the public parameter PK and the master key MK are obtained by initializing according to a security coefficient λ (random number). When the information is encrypted, the information plaintext M is encrypted into the ciphertext CT through an Encrpt function in the ABE according to the public parameter PK, the information plaintext M, namely the first service data and the access strategy A.
Step S102: when the detection management system receives a search application, a corresponding attribute set is constructed according to the operator identity information of the searcher and the key words of the information to be queried; acquiring corresponding access data from the archive according to the attribute set, and feeding back the access data to the searcher;
Further, according to the attribute set, obtaining corresponding access data from the archive, and feeding back the access data to the searcher, specifically:
judging whether a searcher is in a first access structure tree of the archive; the first access structure tree is constructed according to the access authority of each archive in the archive;
if yes, creating a search trapdoor according to the keyword of the information to be queried; performing product calculation on the search trapdoor and a plurality of data indexes of the archive to obtain the score of each data index; acquiring initial access data corresponding to a preset data index with the highest score;
judging whether the searcher is in a second access structure tree of the initial access data; the second access structure tree is constructed according to the access authority of the corresponding initial access data;
if yes, the corresponding initial access data of the searcher attribute existing in the second access structure tree is fed back to the searcher as access data.
In this embodiment, each archive has a token with access authority, the token is encrypted by abe attribute to obtain a ciphertext, and the ciphertext is stored in abe access structure tree, that is, the first access structure tree, and if a user wants to access the archive, the user needs to go through a decryption step of abe, and if the user accords with abe access structure tree, the token is obtained after decryption, and the archive is accessed through the token.
The access structure tree forms a tree structure according to the inherent identity attribute of the user and combining and or logic. And (3) through inputting the user attribute set, calculating a node threshold value by using a Lagrange interpolation formula, judging whether the attribute in the user attribute set completely accords with the access structure tree and/or logic, and judging whether the user is in the access structure tree of the archive.
Further, product calculation is carried out on the search trapdoor and a plurality of data indexes of the archive to obtain the score of each data index, specifically:
performing dual coding on the keyword of the search trapdoor and the keywords of the data indexes respectively, and respectively calculating the search trapdoor and the data indexes after the dual coding through matrix construction by utilizing a bloom filter construction to generate corresponding trapdoor vectors and a plurality of corresponding index vectors; the bloom filter inserts a hash function generated by the LSH;
and carrying out product calculation on the trapdoor vector and a plurality of index vectors respectively to obtain the score of each data index.
In this embodiment, for example, if there are 10 indexes in the archive, the searching user may operate with the 10 indexes using 1 trapdoor created by itself, and then 10 encrypted data lists with product results (scores) may be returned. The larger the score, the higher the correlation of trapdoors to the index (high information matching). If the record with the largest score of the first 5 records is selected to be returned, the searcher can click the 5 records to check the ciphertext, but the ciphertext in the 5 returned data is encrypted by abe, and the decryption process of abe needs to be performed according to the identity of the searcher.
Step S103: decrypting the access data when the detection management system receives a view request of the searcher; and if the decryption is successful, feeding the decrypted access data back to the searcher.
Further, when the detection management system receives the view request of the searcher, the access data is decrypted, specifically:
when the detection management system receives a view request of the searcher, controlling a blockchain to record an access request of the current searcher; inputting the attribute set and the second master key of the access data into a KeyGen function to generate a decryption key; decrypting the access data, the second public parameter of the access data, and the second master key input Encrpt function; and when the second master key meets the access strategy set by the access data in encryption, generating decrypted access data.
In this embodiment, when querying information on a chain, the operator identity information and the keyword of the information to be queried need to be obtained through respective systems to construct an attribute set S, for example: "[ witness, authorized ]", then generates a decryption key SK from the master key MK and the set of attributes S; the decryption key SK is generated by inputting a master key MK and an attribute set S into a KeyGen function in ABE; and decrypting the ciphertext CT obtained from the chain and the decryption key SK through ABE, so that only the attribute set S conforming to the access strategy A can obtain the plaintext M through decryption.
In the present embodiment of the present invention, in the present embodiment,
for a better illustration of the present embodiment, please refer to fig. 2, a full detection service flow is provided, which includes: the detection business acceptance, detection data acquisition, detection information uploading, detection report issuing and detection archive management processes comprise the following specific steps:
the construction/entrusting unit carries out entrusting registration of detection service on the service, entrusting information of items to be detected, the engineering, the organization and the like is recorded through entrusting registration in the detection mechanism, the detection mechanism needs to judge whether to accept or not according to self qualification and conditions, detection service acceptance is realized, service acceptance data is uploaded to the detection management system, that is, mutual information records of service acceptance are uploaded to the platform block chain bottom layer for verification, and the platform block chain bottom layer comprises a plurality of blocks for storing the uploaded service data.
After the detection service is accepted, the construction/consignment unit performs on-site sampling and sample sealing management, and uploads the acquired photo and positioning sample information to the detection management system; meanwhile, the supervision unit witnesses the site sampling of the construction/consignment unit, and uploads the acquired photo and positioning sample information to the detection management system;
As one specific example, a sampling person is commissioned by a construction unit, a witness person is commissioned by a supervision unit, the sampling person and the witness person need to record in a detection and supervision system, and the record information is uploaded to a blockchain mainly by recording names, identity cards, mobile phone numbers, face information, fingerprint information and the witness person commission;
filling test sample entrusting information in a mobile client by a construction unit before site sampling, determining the engineering name, engineering position, test unit, detailed information of the sample and the like of the sample to be inspected, generating entrusting numbers, and uploading the entrusting numbers to a block chain;
sampling on site by a sampling person after entrusting registration, carrying out face recognition, photographing and positioning by a mobile phone client, wherein the photograph mainly comprises a sample and the sampling person, and the positioning is mainly used for determining that the sampling position of the sampling person is on an engineering construction site and uploading the information to a block chain;
the sample sealing management mainly comprises the steps of binding samples through a concrete RFID chip and a two-dimension code, wherein the concrete chip is mainly used for a concrete test block, after the concrete test block is poured, the RFID chip which is written with sample information by the supervision is implanted, and other samples are packaged by using a rolling belt with the two-dimension code;
The method comprises the steps that a witness person needs to be on site when sampling, the witness person logs in a mobile client to conduct face recognition after sampling is finished, witness is conducted on corresponding sampling information, a two-dimensional code and a chip of a sample are scanned, the two-dimensional code, the chip and the sample are associated and bound, photographing and positioning are conducted through a mobile phone client, the photograph mainly comprises the sample and the witness person, positioning is mainly used for determining that the witness person is on site, and the information is in blockchain; the on-site witness sampling process can be effectively monitored by comparing the positioning information of the sampling personnel and the witness personnel and combining the positions of the engineering, and the on-site witness sampling process is mainly used for solving the problem of false samples. And finally, sending the sample without problems after comparison to a detection mechanism.
The detection mechanism works the uplink of each data information in the detection and acquisition process, and the information is required to be processed by an attribute-based encryption technology (ABE) before the uplink; and generating a detection report according to the detection result. When the report is printed, the report identifier is requested to the platform, the detection report printing with the report identifier is completed after the report is successfully requested, and the detection report is automatically uploaded to the blockchain certificate.
And finally, archiving the in-chain data to realize archive management, so that a supervision department can realize the supervision of the in-chain data by searching and inquiring an archiving library.
In the whole flow, each organization uses the searchable encryption management method of the service data according to the embodiment to upload data (block chain is on the data) to a detection management system, namely, according to the identity information of the operator of the first client and the key word of the information to be uplink of the first service data, a corresponding access strategy is constructed; and encrypting the first service data according to the access strategy, and uploading the encrypted first service data to a blockchain so that the blockchain can upload the encrypted first service data to an archiving library for archiving.
The supervision department searches and inquires the archive by using the searchable encryption management method of the service data according to the embodiment, namely, a corresponding attribute set is constructed according to the identity information of the operator of the searcher and the keyword of the information to be inquired; acquiring corresponding access data from the archive according to the attribute set, and feeding back the access data to the searcher; decrypting the access data when the detection management system receives a view request of the searcher; and if the decryption is successful, feeding the decrypted access data back to the searcher.
The implementation of the embodiment of the invention has the following effects:
the invention adopts the block chain technology to uplink the service data uploaded by the client, thereby ensuring that the data on the chain cannot be tampered. And through the key information record of the whole flow of the on-chain service, the traceability of the whole process of the detection activity is ensured, and the information security of the detection management platform is further improved. The invention realizes the encryption storage of the business data by utilizing the attribute encryption technology, and ensures that the safe storage of the data is not easy to leak. Meanwhile, flexible access authority configuration of the user is provided, and the safety controllability of the data is further improved. In addition, efficient search and query operations can be performed while maintaining data encryption. Only authorized users can perform search and query operations, ensuring that the data is only visible to the authorized users. The user may perform various search operations on the encrypted data, such as keyword searches, range queries, etc., without decrypting the data in advance. Thus, the user can ensure that his data is protected during storage and processing, maintaining confidentiality even in cloud storage and database environments. And the data privacy is protected, meanwhile, the searching and inquiring functions similar to those of plaintext data can be still enjoyed, and the management efficiency of service data is improved while the information security is ensured.
Example two
Referring to fig. 3, a searchable encryption management apparatus for service data according to an embodiment of the present invention includes: a data uploading module 201, a data searching module 202 and a data viewing module 203;
the data uploading module 201 is configured to construct a corresponding access policy according to the identity information of the operator of the first client and the key word of the information to be uplink of the first service data when the first service data is uploaded to the detection management system by the first client; encrypting the first service data according to the access strategy, and uploading the encrypted first service data to a blockchain so that the blockchain can upload the encrypted first service data to an archiving library for archiving;
the data searching module 202 is configured to construct a corresponding attribute set according to the operator identity information of the searcher and the keyword of the information to be queried when the detection management system receives a search application; acquiring corresponding access data from the archive according to the attribute set, and feeding back the access data to the searcher;
the data viewing module 203 is configured to decrypt the access data when the detection management system receives a viewing request of the searcher; and if the decryption is successful, feeding the decrypted access data back to the searcher.
The data upload module 201 includes: a policy making unit and an encryption unit;
the policy making unit is used for constructing a corresponding access policy according to the identity information of the operator of the first client and the key word of the information to be uplink of the first service data;
the encryption unit is used for initializing the security coefficient and generating a first public parameter and a first master key; inputting the first public parameters, the first service data and the access strategy into an Encrpt function to generate ciphertext; and uploading the ciphertext serving as encrypted first service data to a block chain.
The data search module 202 includes a query unit;
the inquiry unit is used for judging whether a searcher is in a first access structure tree of the archive; the first access structure tree is constructed according to the access authority of each archive in the archive;
if yes, creating a search trapdoor according to the keyword of the information to be queried; performing product calculation on the search trapdoor and a plurality of data indexes of the archive to obtain the score of each data index; acquiring initial access data corresponding to a preset data index with the highest score;
Judging whether the searcher is in a second access structure tree of the initial access data; the second access structure tree is constructed according to the access authority of the corresponding initial access data;
if yes, feeding back corresponding initial access data of the searcher attribute existing in the second access structure tree to the searcher as access data;
the query unit comprises a calculation subunit;
the computing subunit is used for performing dual coding on the keyword of the search trapdoor and the keywords of the data indexes respectively, and calculating the search trapdoor and the data indexes after the dual coding respectively through matrix construction by utilizing a bloom filter structure to generate a corresponding trapdoor vector and a plurality of corresponding index vectors; the bloom filter inserts a hash function generated by the LSH;
and carrying out product calculation on the trapdoor vector and a plurality of index vectors respectively to obtain the score of each data index.
The data viewing module 203 includes a decryption unit;
the decryption unit is used for controlling the blockchain to record the access request of the current searcher when the detection management system receives the view request of the searcher; inputting the attribute set and the second master key of the access data into a KeyGen function to generate a decryption key; decrypting the access data, the second public parameter of the access data, and the second master key input Encrpt function; and when the second master key meets the access strategy set by the access data in encryption, generating decrypted access data.
The searchable encryption management apparatus for service data described above may implement the searchable encryption management method for service data of the above method embodiment. The options in the method embodiments described above are also applicable to this embodiment and will not be described in detail here. The rest of the embodiments of the present application may refer to the content of the above method embodiments, and in this embodiment, no further description is given.
The implementation of the embodiment of the application has the following effects:
the data uploading module of the device adopts the block chain technology to uplink the service data uploaded by the client, so as to ensure that the data on the chain cannot be tampered. And through the key information record of the whole flow of the on-chain service, the traceability of the whole process of the detection activity is ensured, and the information security of the detection management platform is further improved. The application realizes the encryption storage of the business data by utilizing the attribute encryption technology, and ensures that the safe storage of the data is not easy to leak. Meanwhile, flexible access authority configuration of the user is provided, and the safety controllability of the data is further improved. In addition, the data search module and the data look-up module can also perform efficient search and query operations while maintaining data encryption. Only authorized users can perform search and query operations, ensuring that the data is only visible to the authorized users. The user may perform various search operations on the encrypted data, such as keyword searches, range queries, etc., without decrypting the data in advance. Thus, the user can ensure that his data is protected during storage and processing, maintaining confidentiality even in cloud storage and database environments. And the data privacy is protected, meanwhile, the searching and inquiring functions similar to those of plaintext data can be still enjoyed, and the management efficiency of service data is improved while the information security is ensured.
Example III
Correspondingly, the invention further provides a computer readable storage medium, which comprises a stored computer program, wherein the computer program controls equipment where the computer readable storage medium is located to execute the searchable encryption management method of the service data according to any embodiment.
The computer program may be divided into one or more modules/units, which are stored in the memory and executed by the processor to accomplish the present invention, for example. The one or more modules/units may be a series of computer program instruction segments capable of performing the specified functions, which instruction segments are used for describing the execution of the computer program in the terminal device.
The terminal equipment can be computing equipment such as a desktop computer, a notebook computer, a palm computer, a cloud server and the like. The terminal device may include, but is not limited to, a processor, a memory.
The processor may be a central processing unit (Central Processing Unit, CPU), other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like, which is a control center of the terminal device, and which connects various parts of the entire terminal device using various interfaces and lines.
The memory may be used to store the computer program and/or the module, and the processor may implement various functions of the terminal device by running or executing the computer program and/or the module stored in the memory and invoking data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the mobile terminal, etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart Media Card (SMC), secure Digital (SD) Card, flash Card (Flash Card), at least one disk storage device, flash memory device, or other volatile solid-state storage device.
Wherein the terminal device integrated modules/units may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as stand alone products. Based on such understanding, the present invention may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier wave signal, a telecommunication signal, a software distribution medium, and so forth.
The foregoing embodiments have been provided for the purpose of illustrating the general principles of the present invention, and are not to be construed as limiting the scope of the invention. It should be noted that any modifications, equivalent substitutions, improvements, etc. made by those skilled in the art without departing from the spirit and principles of the present invention are intended to be included in the scope of the present invention.
Claims (10)
1. A searchable encryption management method for service data, comprising:
when a first service data is uploaded to a detection management system by a first client, constructing a corresponding access strategy according to the identity information of an operator of the first client and a key word of information to be uplink of the first service data; encrypting the first service data according to the access strategy, and uploading the encrypted first service data to a blockchain so that the blockchain can upload the encrypted first service data to an archiving library for archiving;
when the detection management system receives a search application, a corresponding attribute set is constructed according to the identity information of an operator of a searcher and the keyword of the information to be queried; acquiring corresponding access data from the archive according to the attribute set, and feeding back the access data to the searcher;
Decrypting the access data when the detection management system receives a view request of the searcher; and if the decryption is successful, feeding the decrypted access data back to the searcher.
2. The method for searchable encryption management of service data according to claim 1, wherein said encrypting said first service data according to said access policy and uploading the encrypted first service data to a blockchain comprises:
initializing a security coefficient to generate a first public parameter and a first master key; inputting the first public parameters, the first service data and the access strategy into an Encrpt function to generate ciphertext; and uploading the ciphertext serving as encrypted first service data to a block chain.
3. The method for searchable encryption management of business data according to claim 1, wherein said obtaining corresponding access data in said archive based on said set of attributes and feeding said access data back to said searcher comprises:
judging whether a searcher is in a first access structure tree of the archive; the first access structure tree is constructed according to the access authority of each archive in the archive;
If yes, creating a search trapdoor according to the keyword of the information to be queried; performing product calculation on the search trapdoor and a plurality of data indexes of the archive to obtain the score of each data index; acquiring initial access data corresponding to a preset data index with the highest score;
judging whether the searcher is in a second access structure tree of the initial access data; the second access structure tree is constructed according to the access authority of the corresponding initial access data;
if yes, the corresponding initial access data of the searcher attribute existing in the second access structure tree is fed back to the searcher as access data.
4. The method for searchable encryption management of business data according to claim 3, wherein when the search trapdoor is multiplied by a plurality of data indexes of the archive to obtain the score of each data index, the method is specifically as follows:
performing dual coding on the keyword of the search trapdoor and the keywords of the data indexes respectively, and respectively calculating the search trapdoor and the data indexes after the dual coding through matrix construction by utilizing a bloom filter construction to generate corresponding trapdoor vectors and a plurality of corresponding index vectors; the bloom filter inserts a hash function generated by the LSH;
And carrying out product calculation on the trapdoor vector and a plurality of index vectors respectively to obtain the score of each data index.
5. The method for searchable encryption management of business data according to claim 4, wherein when said detection management system receives a request for a view from said searcher, said access data is decrypted, in particular:
when the detection management system receives a view request of the searcher, controlling a blockchain to record an access request of the current searcher; inputting the attribute set and the second master key of the access data into a KeyGen function to generate a decryption key; decrypting the access data, the second public parameter of the access data, and the second master key input Encrpt function; and when the second master key meets the access strategy set by the access data in encryption, generating decrypted access data.
6. A searchable encryption management apparatus for service data, comprising: the system comprises a data uploading module, a data searching module and a data looking-up module;
the data uploading module is used for constructing a corresponding access strategy according to the identity information of an operator of the first client and the key word of the information to be uplink of the first service data when the first service data is uploaded to the detection management system by the first client; encrypting the first service data according to the access strategy, and uploading the encrypted first service data to a blockchain so that the blockchain can upload the encrypted first service data to an archiving library for archiving;
The data searching module is used for constructing a corresponding attribute set according to the identity information of an operator of a searcher and the keyword of the information to be queried when the detection management system receives a search application; acquiring corresponding access data from the archive according to the attribute set, and feeding back the access data to the searcher; the data viewing module is used for decrypting the access data when the detection management system receives a viewing request of the searcher; and if the decryption is successful, feeding the decrypted access data back to the searcher.
7. The searchable encryption management apparatus for traffic data as set forth in claim 6, wherein said data upload module comprises: a policy making unit and an encryption unit;
the policy making unit is used for constructing a corresponding access policy according to the identity information of the operator of the first client and the key word of the information to be uplink of the first service data;
the encryption unit is used for initializing the security coefficient and generating a first public parameter and a first master key; inputting the first public parameters, the first service data and the access strategy into an Encrpt function to generate ciphertext; and uploading the ciphertext serving as encrypted first service data to a block chain.
8. The searchable encryption management apparatus for service data as set forth in claim 6, wherein said data search module comprises a query unit;
the inquiry unit is used for judging whether a searcher is in a first access structure tree of the archive; the first access structure tree is constructed according to the access authority of each archive in the archive;
if yes, creating a search trapdoor according to the keyword of the information to be queried; performing product calculation on the search trapdoor and a plurality of data indexes of the archive to obtain the score of each data index; acquiring initial access data corresponding to a preset data index with the highest score;
judging whether the searcher is in a second access structure tree of the initial access data; the second access structure tree is constructed according to the access authority of the corresponding initial access data;
if yes, feeding back corresponding initial access data of the searcher attribute existing in the second access structure tree to the searcher as access data;
the query unit comprises a calculation subunit;
the computing subunit is used for performing dual coding on the keyword of the search trapdoor and the keywords of the data indexes respectively, and calculating the search trapdoor and the data indexes after the dual coding respectively through matrix construction by utilizing a bloom filter structure to generate a corresponding trapdoor vector and a plurality of corresponding index vectors; the bloom filter inserts a hash function generated by the LSH;
And carrying out product calculation on the trapdoor vector and a plurality of index vectors respectively to obtain the score of each data index.
9. The searchable encryption management apparatus for service data as recited in claim 6, wherein said data viewing module comprises a decryption unit;
the decryption unit is used for controlling the blockchain to record the access request of the current searcher when the detection management system receives the view request of the searcher; inputting the attribute set and the second master key of the access data into a KeyGen function to generate a decryption key; decrypting the access data, the second public parameter of the access data, and the second master key input Encrpt function; and when the second master key meets the access strategy set by the access data in encryption, generating decrypted access data.
10. A computer readable storage medium, wherein the computer readable storage medium comprises a stored computer program; wherein the computer program, when run, controls a device in which the computer-readable storage medium is located to perform a searchable encryption management method of service data as defined in any one of claims 1 to 5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311032353.5A CN116910788A (en) | 2023-08-15 | 2023-08-15 | Searchable encryption management method and device for service data and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311032353.5A CN116910788A (en) | 2023-08-15 | 2023-08-15 | Searchable encryption management method and device for service data and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116910788A true CN116910788A (en) | 2023-10-20 |
Family
ID=88360189
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311032353.5A Pending CN116910788A (en) | 2023-08-15 | 2023-08-15 | Searchable encryption management method and device for service data and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116910788A (en) |
Citations (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105141574A (en) * | 2015-06-12 | 2015-12-09 | 深圳大学 | Cloud storage cipher text access control system based on table attributes |
CN105871543A (en) * | 2016-03-29 | 2016-08-17 | 西安电子科技大学 | Attribute-based multi-keyword ciphertext retrieval method under background of multiple data owners |
CN107634829A (en) * | 2017-09-12 | 2018-01-26 | 南京理工大学 | Encrypted electronic medical records system and encryption method can search for based on attribute |
CN107948146A (en) * | 2017-11-20 | 2018-04-20 | 武汉科技大学 | A kind of connection keyword retrieval method based on encryption attribute in mixed cloud |
CN108092766A (en) * | 2017-11-30 | 2018-05-29 | 深圳大学 | A kind of cipher text searching method for verifying authority and its system |
CN108494768A (en) * | 2018-03-22 | 2018-09-04 | 深圳大学 | A kind of cipher text searching method and system for supporting access control |
CN110224986A (en) * | 2019-05-07 | 2019-09-10 | 电子科技大学 | It is a kind of that access control method efficiently can search for based on hiding strategy CP-ABE |
CN111147508A (en) * | 2019-12-30 | 2020-05-12 | 福建师范大学 | Searchable attribute-based encryption method for resisting keyword guessing attack |
CN112332979A (en) * | 2020-11-11 | 2021-02-05 | 深圳技术大学 | Ciphertext searching method, system and equipment in cloud computing environment |
US20210105138A1 (en) * | 2019-10-04 | 2021-04-08 | Atakama LLC | Encrypted search |
KR20220011449A (en) * | 2020-07-21 | 2022-01-28 | 순천향대학교 산학협력단 | Data access control system based anonymous user attribute and method thereof |
CN114048448A (en) * | 2021-11-24 | 2022-02-15 | 中央财经大学 | Block chain based dynamic searchable encryption method and device |
CN114357477A (en) * | 2021-12-15 | 2022-04-15 | 华南理工大学 | Boolean keyword searchable encryption method supporting large-scale user group |
CN114826703A (en) * | 2022-04-11 | 2022-07-29 | 江苏大学 | Block chain-based data search fine-grained access control method and system |
CN114826575A (en) * | 2022-04-19 | 2022-07-29 | 西安电子科技大学 | Single keyword searchable encryption method based on inner product predicates in cloud |
CN115309861A (en) * | 2022-07-22 | 2022-11-08 | 深圳技术大学 | Ciphertext retrieval system, method, computer equipment and storage medium |
CN115580479A (en) * | 2022-10-25 | 2023-01-06 | 国网甘肃省电力公司电力科学研究院 | Attribute-based searchable encryption method for protecting power data |
CN115603934A (en) * | 2022-05-06 | 2023-01-13 | 中国人民解放军国防科技大学(Cn) | Multi-user searchable encryption method and device based on block chain |
CN115766136A (en) * | 2022-11-03 | 2023-03-07 | 国家电网有限公司大数据中心 | Multi-keyword searchable encryption method for energy source block chain supervision data |
CN116204923A (en) * | 2023-03-08 | 2023-06-02 | 中国工商银行股份有限公司 | Data management and data query methods and devices |
CN116226880A (en) * | 2023-02-03 | 2023-06-06 | 山东润一智能科技有限公司 | Block chain ciphertext retrieval security traceability system based on searchable encryption |
CN116303767A (en) * | 2023-02-17 | 2023-06-23 | 西安交通大学 | Medical data multistage management and sharing method based on CP-ABE |
US20230289345A1 (en) * | 2021-01-13 | 2023-09-14 | Mitsubishi Electric Corporation | Searchable encryption system |
-
2023
- 2023-08-15 CN CN202311032353.5A patent/CN116910788A/en active Pending
Patent Citations (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105141574A (en) * | 2015-06-12 | 2015-12-09 | 深圳大学 | Cloud storage cipher text access control system based on table attributes |
CN105871543A (en) * | 2016-03-29 | 2016-08-17 | 西安电子科技大学 | Attribute-based multi-keyword ciphertext retrieval method under background of multiple data owners |
CN107634829A (en) * | 2017-09-12 | 2018-01-26 | 南京理工大学 | Encrypted electronic medical records system and encryption method can search for based on attribute |
CN107948146A (en) * | 2017-11-20 | 2018-04-20 | 武汉科技大学 | A kind of connection keyword retrieval method based on encryption attribute in mixed cloud |
CN108092766A (en) * | 2017-11-30 | 2018-05-29 | 深圳大学 | A kind of cipher text searching method for verifying authority and its system |
CN108494768A (en) * | 2018-03-22 | 2018-09-04 | 深圳大学 | A kind of cipher text searching method and system for supporting access control |
CN110224986A (en) * | 2019-05-07 | 2019-09-10 | 电子科技大学 | It is a kind of that access control method efficiently can search for based on hiding strategy CP-ABE |
US20210105138A1 (en) * | 2019-10-04 | 2021-04-08 | Atakama LLC | Encrypted search |
CN111147508A (en) * | 2019-12-30 | 2020-05-12 | 福建师范大学 | Searchable attribute-based encryption method for resisting keyword guessing attack |
KR20220011449A (en) * | 2020-07-21 | 2022-01-28 | 순천향대학교 산학협력단 | Data access control system based anonymous user attribute and method thereof |
CN112332979A (en) * | 2020-11-11 | 2021-02-05 | 深圳技术大学 | Ciphertext searching method, system and equipment in cloud computing environment |
US20230289345A1 (en) * | 2021-01-13 | 2023-09-14 | Mitsubishi Electric Corporation | Searchable encryption system |
CN114048448A (en) * | 2021-11-24 | 2022-02-15 | 中央财经大学 | Block chain based dynamic searchable encryption method and device |
CN114357477A (en) * | 2021-12-15 | 2022-04-15 | 华南理工大学 | Boolean keyword searchable encryption method supporting large-scale user group |
CN114826703A (en) * | 2022-04-11 | 2022-07-29 | 江苏大学 | Block chain-based data search fine-grained access control method and system |
CN114826575A (en) * | 2022-04-19 | 2022-07-29 | 西安电子科技大学 | Single keyword searchable encryption method based on inner product predicates in cloud |
CN115603934A (en) * | 2022-05-06 | 2023-01-13 | 中国人民解放军国防科技大学(Cn) | Multi-user searchable encryption method and device based on block chain |
CN115309861A (en) * | 2022-07-22 | 2022-11-08 | 深圳技术大学 | Ciphertext retrieval system, method, computer equipment and storage medium |
CN115580479A (en) * | 2022-10-25 | 2023-01-06 | 国网甘肃省电力公司电力科学研究院 | Attribute-based searchable encryption method for protecting power data |
CN115766136A (en) * | 2022-11-03 | 2023-03-07 | 国家电网有限公司大数据中心 | Multi-keyword searchable encryption method for energy source block chain supervision data |
CN116226880A (en) * | 2023-02-03 | 2023-06-06 | 山东润一智能科技有限公司 | Block chain ciphertext retrieval security traceability system based on searchable encryption |
CN116303767A (en) * | 2023-02-17 | 2023-06-23 | 西安交通大学 | Medical data multistage management and sharing method based on CP-ABE |
CN116204923A (en) * | 2023-03-08 | 2023-06-02 | 中国工商银行股份有限公司 | Data management and data query methods and devices |
Non-Patent Citations (9)
Title |
---|
全球金融科技创新案例编写小组: "《"新基建+数字金融" 全球金融科技创新实践2020版》", 31 August 2020, 中国金融出版社, pages: 93 * |
刘格昌: "基于可搜索加密的区块链数据隐私保护机制", 《计算机应用》, vol. 39, no. 12, 30 December 2019 (2019-12-30) * |
刘格昌;李强;: "基于可搜索加密的区块链数据隐私保护机制", 计算机应用, no. 2, 30 December 2019 (2019-12-30) * |
宋开波;罗军;孙金涛;: "基于CP-ABE算法的云存储数据保护机制", 华中科技大学学报(自然科学版), no. 1, 15 December 2012 (2012-12-15) * |
杜朝晖;朱文耀;: "云存储中利用属性基加密技术的安全数据检索方案", 计算机应用研究, no. 03 * |
王敏;周李京;秦璐璐;: "抗关键词猜测攻击的可搜索属性基加密方案", 计算机应用与软件, no. 03, 12 March 2020 (2020-03-12) * |
许盛伟;王荣荣;赵海;: "完全隐藏策略的基于属性可搜索加密方案", 计算机应用研究, no. 06, 12 April 2018 (2018-04-12) * |
许盛伟;王荣荣;陈诚;: "支持关键字更新的基于属性可搜索加密方案", 计算机应用与软件, no. 03, 15 March 2018 (2018-03-15) * |
闫玺玺;原笑含;汤永利;陈艳丽;: "基于区块链且支持验证的属性基搜索加密方案", 通信学报, no. 02 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11582040B2 (en) | Permissions from entities to access information | |
EP2731034B1 (en) | Client computer for querying a database stored on a server via a network | |
CN107948152B (en) | Information storage method, information acquisition method, information storage device, information acquisition device and information acquisition equipment | |
US20180124066A1 (en) | Geofencing of data in a cloud-based environment | |
CN102685148A (en) | Method for realizing secure network backup system under cloud storage environment | |
CN110457945A (en) | Method, inquiry method, apparatus, service method, apparatus and the storage medium of list inquiry | |
US20220269754A1 (en) | Decentralized system and method for asset registry and authentication | |
EP4020265A1 (en) | Method and device for storing encrypted data | |
CN109241352A (en) | The acquisition methods and server of Profile information | |
Al Sibahee et al. | Efficient encrypted image retrieval in IoT-cloud with multi-user authentication | |
Abduljabbar et al. | Privacy-preserving image retrieval in IoT-cloud | |
WO2023134055A1 (en) | Privacy-based federated inference method and apparatus, device, and storage medium | |
CN115694949A (en) | Private data sharing method and system based on block chain | |
Sultan et al. | A novel image-based homomorphic approach for preserving the privacy of autonomous vehicles connected to the cloud | |
CN114116637A (en) | Data sharing method, device, equipment and storage medium | |
Yuvaraj et al. | Secure DE-duplication over wireless sensing data using convergent encryption | |
CN108090371B (en) | Data processing method, data tracking method, data processing device and data tracking device | |
CN116910788A (en) | Searchable encryption management method and device for service data and storage medium | |
US11455404B2 (en) | Deduplication in a trusted execution environment | |
CN115098893A (en) | Data storage method and device based on block chain | |
Jahan et al. | Securing E-passport management using private-permissioned blockchain and IPFS | |
Kumar et al. | Lightweight verifiable auditing for outsourced database in cloud computing | |
TW202119229A (en) | Data management method and system capable of safely accessing and deleting data wherein operations are performed by using a management server | |
CN114398606B (en) | Face verification method, equipment and computer readable storage medium based on block chain | |
CN113946864B (en) | Confidential information acquisition method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |