TWI638271B - Cloud server system with encrypted file keyword fuzzy search function - Google Patents

Cloud server system with encrypted file keyword fuzzy search function Download PDF

Info

Publication number
TWI638271B
TWI638271B TW106138628A TW106138628A TWI638271B TW I638271 B TWI638271 B TW I638271B TW 106138628 A TW106138628 A TW 106138628A TW 106138628 A TW106138628 A TW 106138628A TW I638271 B TWI638271 B TW I638271B
Authority
TW
Taiwan
Prior art keywords
file
keyword
cloud server
module
search
Prior art date
Application number
TW106138628A
Other languages
Chinese (zh)
Other versions
TW201918903A (en
Inventor
李忠憲
劉奕賢
李詔遠
林禹妡
蔡金瑞
Original Assignee
國立成功大學
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 國立成功大學 filed Critical 國立成功大學
Priority to TW106138628A priority Critical patent/TWI638271B/en
Application granted granted Critical
Publication of TWI638271B publication Critical patent/TWI638271B/en
Publication of TW201918903A publication Critical patent/TW201918903A/en

Links

Landscapes

  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

本發明提供了一種具加密檔案關鍵字模糊搜尋功能的雲端伺服器系統,可支援當使者輸入的錯誤的關鍵字時,仍保有其搜尋結果正確性。此外還支援了線上權限更新模組及有效的去重複機制,克服了現有技術的問題且提升了系統的實用性,讓使用者在相同的雲端空間能有更靈活的運用和更大量的資料儲存,降低雲端儲存空間對於使用者造成的使用成本。The invention provides a cloud server system with an encrypted file keyword fuzzy search function, which can support the correctness of the search result when the wrong keyword is input by the messenger. In addition, it also supports the online permission update module and effective deduplication mechanism, which overcomes the problems of the prior art and improves the practicability of the system, allowing users to have more flexible use and a larger amount of data storage in the same cloud space. Reduce the cost of using cloud storage space for users.

Description

具加密檔案關鍵字模糊搜尋功能的雲端伺服器系統Cloud server system with encrypted file keyword fuzzy search function

本發明之技術涉及雲端資料儲存領域,特別是指一種可支援加密檔案的多關鍵字搜尋、線上權限更新、高效去除重複檔案之雲端伺服器系統。 The technology of the present invention relates to the field of cloud data storage, and particularly relates to a cloud server system capable of supporting multi-keyword search of encrypted files, online authority update, and efficient removal of duplicate files.

當今雲端儲存系統已經成為熱門趨勢,藉由雲端服務可以有效的降低本地端的儲存負載,減少硬體設備之成本。然而,要如何保障資料在雲端上不會輕易受到攻擊是相當重要的議題。 Today's cloud storage systems have become a hot trend. Cloud services can effectively reduce the storage load on the local end and reduce the cost of hardware devices. However, how to protect data from being vulnerable to attacks on the cloud is a very important issue.

為了要保障使用者的資料不被雲端伺服器得知其內容,常見的解決方法是在上傳檔案到雲端前先將檔案加密和建立搜尋樹,並為所有的加密檔案留下一個暗門(trapdoor),讓使用者在雲端查詢時只要鍵入正確的關鍵字便能找到對應的檔案。但在現實情況中,管理者會限制各個使用者可以存取的加密檔案,所以理應給予所有使用者適當的屬性,並制訂一套合適的存取策略供雲端伺服器在運算時辨認使用者身分,限制使用者僅能在授權範圍下進行搜尋。 In order to protect the user's data from the cloud server, the common solution is to encrypt the file and create a search tree before uploading the file to the cloud, and leave a hidden door for all encrypted files (trapdoor) ), let users find the corresponding file by typing the correct keyword when querying in the cloud. However, in reality, the administrator will limit the encrypted files that each user can access, so it is appropriate to give all users appropriate attributes and develop a suitable access strategy for the cloud server to identify the user identity during the operation. , restrict users to search only under the scope of authorization.

此外,關鍵字輸入錯誤和權限更新問題是現實中常常發生的情況,當使用者意外輸入錯字或格式錯誤的關鍵字時會無法找到正確對應的密文檔案,以及在屬性加密進行權限撤回時,必須重新建構所有存取公式,都是目前雲端儲存系統待解決之問題。 In addition, keyword input errors and permission update problems are often the case in reality. When a user accidentally enters a typo or a malformed keyword, the correct ciphertext file cannot be found, and when the attribute encryption is revoked, All access formulas must be re-constructed, which are issues that are currently being solved by the cloud storage system.

本發明之主要目的係針對目前的雲端伺服器之存取、管理等缺點進行改良,所提出一種雲端伺服器系統。 The main purpose of the present invention is to improve the shortcomings of the current cloud server access, management, etc., and propose a cloud server system.

為了達到上述目的,本發明係採取以下之技術手段予以達成,其中,本發明之具加密檔案關鍵字模糊搜尋功能的雲端伺服器系統,包括:一雲端伺服器、一檔案加密裝置以及一查詢裝置。該雲端伺服器包括一儲存模組以及一模糊搜尋模組,該儲存模組用以存放檔案,該模糊搜尋模組用以進行一多關鍵字檢索,該多關鍵字檢索係針對複數個關鍵字組合成的一多關鍵字集,回饋利用該多關鍵字集檢索的所有檢索結果。 該檔案加密裝置用以將至少一檔案進行一加密運算,產生該檔案的一加密檔案以及一索引,並將該加密檔案及該索引上傳至該儲存模組儲存。該查詢裝置,用以產生一暗門以進入該雲端伺服器進行一檔案檢索動作,該暗門至少包括該檔案加密裝置給予之一認證以及一關鍵字集。其中,當該雲端伺服器收到該暗門,則基於該索引、該關鍵字集進行該多關鍵字檢索,並回饋符合該檢索結果的全部檔案至該查詢裝置。 In order to achieve the above object, the present invention is achieved by the following technical means, wherein the cloud server system with the encrypted file keyword fuzzy search function of the present invention comprises: a cloud server, a file encryption device and a query device. . The cloud server includes a storage module for storing files, and the fuzzy search module for performing a multi-keyword search for multiple keywords. A multi-key set synthesized by the group, and all the search results retrieved using the multi-key set are fed back. The file encryption device is configured to perform an encryption operation on the at least one file, generate an encrypted file of the file and an index, and upload the encrypted file and the index to the storage module for storage. The query device is configured to generate a hidden door to enter the cloud server for performing a file retrieval operation, and the hidden door includes at least one of the file encryption device and a keyword set. Wherein, when the cloud server receives the hidden door, the multi-keyword search is performed based on the index and the keyword set, and all files that meet the search result are fed back to the query device.

在本發明較佳實施例中,該雲端伺服器更包括一線上權限更新模組,用以對該加密檔案產生一權限更新名單,該權限更新名單用以記錄短期內的權限更動。 In a preferred embodiment of the present invention, the cloud server further includes an online rights update module for generating a permission update list for the encrypted file, the permission update list for recording the permission change in a short period.

在本發明較佳實施例中,該加密運算利用屬性加密(Attribute-Based Encryption)對該檔案進行更精細的存取控制(Fine-Grained Access Control)。 In a preferred embodiment of the invention, the encryption operation utilizes Attribute-Based Encryption to perform Fine-Grained Access Control on the file.

在本發明較佳實施例中,該認證包括一產生加密函數的函式,該產生加密函數的函式用以確認該查詢裝置的權限是否足以進入該雲端伺服器。 In a preferred embodiment of the invention, the authentication includes a function for generating an encryption function, the function for generating the encryption function for confirming whether the authority of the query device is sufficient to enter the cloud server.

在本發明較佳實施例中,該索引包括一模糊關鍵字集,用於該多關鍵字檢索。 In a preferred embodiment of the invention, the index includes a set of fuzzy keywords for the multi-keyword search.

在本發明較佳實施例中,該雲端伺服器更包括一去除重複檔案模組,該去除重複檔案模組利用一檔案分割方式給予各該檔案動態的滑框,將各該檔案分解成多個小區塊,再比對各小區塊的資料重複度,以將重複的檔案去除。 In a preferred embodiment of the present invention, the cloud server further includes a deduplication file module, and the deduplication file module uses a file segmentation method to give each file a dynamic sliding frame, and decomposes the files into multiple files. The cell block compares the data repetition of each cell block to remove duplicate files.

在本發明較佳實施例中,該檔案分割方式採用動態式資料切割將各該檔案分解成多個小區塊。 In the preferred embodiment of the present invention, the file segmentation method uses dynamic data cutting to decompose each file into a plurality of cell blocks.

1‧‧‧雲端伺服器 1‧‧‧Cloud Server

11‧‧‧儲存模組 11‧‧‧ Storage Module

12‧‧‧模糊搜尋模組 12‧‧‧Fuzzy search module

13‧‧‧去除重複檔案模組 13‧‧‧Remove duplicate file module

14‧‧‧線上權限更新模組 14‧‧‧Online permission update module

2‧‧‧檔案加密裝置 2‧‧‧File Encryption Device

21‧‧‧檔案 21‧‧‧Files

21a,21b‧‧‧加密檔案 21a, 21b‧‧‧ encrypted files

22‧‧‧索引 22‧‧‧ Index

23‧‧‧認證 23‧‧‧ Certification

3‧‧‧查詢裝置 3‧‧‧ inquiry device

31‧‧‧檢索要求 31‧‧‧Search requirements

32‧‧‧暗門 32‧‧‧ hidden door

圖1為本發明較佳實施例之系統結構示意圖。 1 is a schematic structural view of a system according to a preferred embodiment of the present invention.

圖2為本發明較佳實施例之索引產生流程示意圖。 2 is a schematic diagram of an index generation process according to a preferred embodiment of the present invention.

圖3為本發明較佳實施例之暗門產生流程示意圖。 FIG. 3 is a schematic diagram of a process of generating a hidden door according to a preferred embodiment of the present invention.

圖4為本發明較佳實施例之線上權限更新示意圖。 4 is a schematic diagram of online authority update according to a preferred embodiment of the present invention.

為達成上述目的及功效,本發明所採用之技術手段及構造,茲繪圖就本發明較佳實施例詳加說明其特徵與功能如下,俾利完全了解,但須注意的是,該等內容不構成本發明的限定。 In order to achieve the above objects and effects, the technical means and constructions of the present invention are described in detail with reference to the preferred embodiments of the present invention. The features and functions are as follows, and the benefits are fully understood, but it should be noted that the contents are not It constitutes a limitation of the present invention.

請同時參閱圖1、圖2、圖3及圖4所示,其為本發明具加密檔案關鍵字模糊搜尋功能的雲端伺服器系統較佳實施例之系統結構示意圖、索引產生流程示意圖、暗門產生流程示意圖以及線上權限更新示意圖。本發明之具加密檔案關鍵字模糊搜尋功能的雲端伺服器系統包括:一雲端伺服器1、一檔案加密裝置2以及一查詢裝置3。 Please refer to FIG. 1 , FIG. 2 , FIG. 3 and FIG. 4 , which are a schematic diagram of a system structure, an index generation flow diagram, and a hidden door of a preferred embodiment of the cloud server system with the encrypted file keyword fuzzy search function. Generate a schematic diagram of the process and an online update of the permissions. The cloud server system with the encrypted file keyword fuzzy search function of the present invention comprises: a cloud server 1, a file encryption device 2 and a query device 3.

該雲端伺服器1至少包括一儲存模組11、一模糊搜尋模組12以及一去除重複檔案模組13。 The cloud server 1 includes at least one storage module 11, a fuzzy search module 12, and a deduplication file module 13.

該儲存模組11用以存放檔案,其可以為雲端儲存系統常見的資料庫模組。該模糊搜尋模組12用以進行一多關鍵字檢索,該多關鍵字檢索係針對複數個關鍵字組合成的一多關鍵字集,回饋利用該多關鍵字集檢索的所有檢索結果。 The storage module 11 is configured to store files, which may be a database module common to the cloud storage system. The fuzzy search module 12 is configured to perform a multi-keyword search for all the search results retrieved by the multiple keyword set for a plurality of keyword sets combined by a plurality of keywords.

該去除重複檔案模組13利用一檔案分割方式給予各該檔案動態的滑框,找到最適當的位置做資料分割,將各該檔案分解成多個小區塊。之後再比對各小區塊的資料重複度,以將重複的檔案去除。 The deduplication file module 13 uses a file segmentation method to give each of the file dynamic sliding frames, finds the most appropriate location for data segmentation, and decomposes the files into a plurality of cell blocks. The data overlap of each block is then compared to remove duplicate files.

在本發明一實施例中,該檔案分割方式採用動態式資料切割將各該檔案分解成多個小區塊,即便檔案資料前端或中間被插入了字符,導致後續之所有資料也都會跟著移動,仍然可以找到最適當的位置做資料分割,可使得內容完全相同之小區塊的數量提升,系統在比對小區塊資料、去除重複的效率也會大大提昇。相較於現有的固定式資料切割可以有效提升去重複的功效。 In an embodiment of the present invention, the file segmentation method uses dynamic data cutting to decompose each file into a plurality of cell blocks. Even if characters are inserted in the front end or the middle of the file data, all subsequent data will be moved. The most appropriate location can be found for data segmentation, which can increase the number of cell blocks with the same content, and the efficiency of the system in comparing the cell block data and removing the duplicates is greatly improved. Compared with the existing fixed data cutting, it can effectively improve the deduplication effect.

該檔案加密裝置2用以將至少一檔案21進行一加密運算,產生該檔案21的一加密檔案21a以及一索引22,並將該加密檔案21a及該索引22上傳至該儲存模組11儲存。當一個檔案擁有者想要將自身持有的檔案21上傳到雲端做儲存,在上傳之前,檔案擁有者需要先利用該檔案加密裝置 2,把欲上傳的檔案21進行加密運算,產生該檔案21的加密檔案21a以及加密後可檢索的索引22。在索引22建立完成後,該檔案加密裝置2再連同索引22和加密檔案21a一起上傳到雲端伺服器1保存。 The file encryption device 2 is configured to perform an encryption operation on at least one file 21 to generate an encrypted file 21a and an index 22 of the file 21, and upload the encrypted file 21a and the index 22 to the storage module 11 for storage. When a file owner wants to upload the file 21 held by him to the cloud for storage, the file owner needs to use the file encryption device before uploading. 2. The file 21 to be uploaded is subjected to an encryption operation to generate an encrypted file 21a of the file 21 and an index 22 that can be retrieved after encryption. After the index 22 is established, the file encryption device 2 is uploaded to the cloud server 1 for storage along with the index 22 and the encrypted file 21a.

在本發明一實施例中,該加密運算利用屬性加密(Attribute-Based Encryption)對該檔案進行更精細的存取控制(Fine-Grained Access Control)。 In an embodiment of the invention, the encryption operation uses Attribute-Based Encryption to perform Fine-Grained Access Control on the file.

在本發明一實施例中,該索引22包括一模糊關鍵字集,用於該多關鍵字檢索。 In an embodiment of the invention, the index 22 includes a set of fuzzy keywords for the multi-keyword search.

本發明產生索引的流程如圖2所示,產生索引22首先需要將該檔案內的關鍵字(Keyword)抽取出來。其次,需要建立模糊關鍵字字集(Fuzzy Keyword Set),之後再對關鍵字進行加密(Encrypt)。最後,在利用雜湊函數(Hash)壓縮加密後的關鍵字後,計算其0次方至d次方的結果。其中,d為可輸入的關鍵字數量之最大值。 The process of generating an index according to the present invention is as shown in FIG. 2. The index 22 is generated by first extracting the keyword (Keyword) in the file. Second, you need to create a Fuzzy Keyword Set, and then encrypt the keyword (Encrypt). Finally, after compressing the encrypted keyword using the hash function (Hash), the result from the 0th power to the dth power is calculated. Where d is the maximum number of keywords that can be entered.

該查詢裝置3用以產生一暗門32,以進入該雲端伺服器1進行一檔案檢索動作,該暗門32至少包括一關鍵字集以及該檔案加密裝置2給予之一認證23,所述關鍵字集為使用者所輸入欲檢索複數個關鍵字所組合成的,使用者可輸入複數個關鍵字,雲端伺服器1透過該模糊搜尋模組12產生該等關鍵字的多關鍵字集進行檢索。當一使用者想要檢索檔案擁有者上傳至雲端資料庫的檔案21a,其必須先發出一檢索要求31至該檔案加密裝置2,在獲得該檔案擁有者的同意後,該檔案加密裝置2會回傳一認證23至該查詢裝置3,所述認證23可以包括一產生加密函數的函式以及一個產生雜湊函數(hash)的函式,該產生加密函數的函式用以確認該查詢裝置3的權限是否足以進入該雲端伺服器1。當該使用者獲得該檔案擁有者的認證23後,方可利用該查詢裝置3製造出有效的暗門32進入該雲端伺服器1。 The query device 3 is configured to generate a hidden door 32 to enter the cloud server 1 for performing a file retrieval operation. The hidden door 32 includes at least a keyword set and the file encryption device 2 gives one of the authentications 23, the key The word set is a combination of a plurality of keywords that are input by the user, and the user can input a plurality of keywords, and the cloud server 1 generates a multi-key set of the keywords through the fuzzy search module 12 to perform the search. . When a user wants to retrieve the file 21a uploaded by the file owner to the cloud database, it must first issue a search request 31 to the file encryption device 2. After obtaining the file owner's consent, the file encryption device 2 will Returning an authentication 23 to the querying device 3, the authentication 23 may include a function for generating an encryption function and a function for generating a hash function, the function for generating the encryption function for confirming the query device 3 Is the permission sufficient to enter the cloud server 1. When the user obtains the authentication 23 of the file owner, the query device 3 can be used to create a valid hidden door 32 to enter the cloud server 1.

本發明產生暗門的流程如圖3所示,首先透過一演算法將使用者輸入的多個關鍵字(input u queries)產生模糊關鍵字集(Build Fuzzy Keyword Set)。其次,若關鍵字總數(fuzzysize())小於一預設數量d,則加入預設數量減去關鍵字總數個虛擬關鍵字(dummyword)將剩下的空白的位置填滿。虛擬關鍵字是利用隨機的字母與數字去組成的,不是真正的文字,因此不會出現在文件裡。最後,在對模糊關鍵字集進行加密(Encrypt)及利用雜湊函數(Hash)壓縮後,產生多項式的係數並結束流程。 The flow of generating a hidden door according to the present invention is as shown in FIG. 3, and firstly, an input algorithm is used to generate a set of fuzzy keywords (Build Fuzzy Keyword Set). Secondly, if the total number of keywords (fuzzysize()) is less than a preset number d, the preset number is added minus the total number of keywords (dummyword) to fill the remaining blank positions. Virtual keywords are composed of random letters and numbers, not real text, so they don't appear in the file. Finally, after encrypting the fuzzy keyword set (Encrypt) and compressing it with hash function (Hash), the coefficients of the polynomial are generated and the flow is terminated.

透過上述方式,當該雲端伺服器1收到該暗門32,則可基於該索引22、該關鍵字集進行該多關鍵字檢索,並回饋符合該檢索結果的全部或關聯性較高的複數個加密檔案21b至該查詢裝置3。 In the above manner, when the cloud server 1 receives the hidden door 32, the multi-keyword search can be performed based on the index 22 and the keyword set, and all or a relatively high complex number that matches the search result is fed back. Encrypted files 21b to the query device 3.

請參閱圖4所示,在本發明一實施例中,該雲端伺服器1更包括一線上權限更新模組14,該線上權限更新模組14用以對該加密檔案21a產生一權限更新名單,該權限更新名單用以記錄短期內的權限更動。在圖4中,線上權限更新模組14讓原本的加密檔案多增加了一個節點,這個節點存放了撤銷清單(revocation list),另一方面檔案擁有者在產生個人密鑰的同時還會塞入個人的識別符,如果這個個人密鑰(例如ID=Bob)被登記在這個名單裡,那即使存取子樹符合,仍然無法進入雲端伺服器1。 Referring to FIG. 4, in an embodiment of the present invention, the cloud server 1 further includes an online rights update module 14 for generating a permission update list for the encrypted file 21a. This permission update list is used to record permission changes in the short term. In FIG. 4, the online rights update module 14 adds an additional node to the original encrypted file. This node stores the revocation list. On the other hand, the file owner also inserts the personal key. The personal identifier, if this personal key (for example, ID=Bob) is registered in this list, even if the access subtree is met, it is still unable to enter the cloud server 1.

一般來說,加密檔案屬性加密通常包含初始化設定、產生個人密鑰、加密和解密等步驟。檔案擁有者可利用檔案加密裝置建立出個人密鑰,再將個人密鑰授權給使用者使用。而使用者可以在加密時定義好存取策略綁訂在暗門裡頭,唯有屬性符合存取策略的個人密鑰才能成功進入雲端伺服器1。而由於現實情況中更動存取權限是非常常見的,若每次更動都要重新建立所有檔案的存取公式會造成系統服務暫停,有鑑於 此,該線上權限更新模組14對於每個加密檔案21a額外新增一組權限更新名單來記錄短期內的權限更動並配合上原始的存取公式,可以保證其結果等同於更新過的存取公式,而更新存取公式的任務就能達到暫緩的目的,避免每次更新就會造成服務中斷的情況發生。 In general, encrypted file attribute encryption usually includes the steps of initializing settings, generating a personal key, encrypting and decrypting. The file owner can use the file encryption device to create a personal key and then authorize the personal key to the user. The user can define the access policy binding in the secret door when encrypting, and only the personal key whose attribute meets the access policy can successfully enter the cloud server 1. And because the real-time access rights are very common, if you change the access formula of all files every time you change, the system service will be suspended. Therefore, the online rights update module 14 additionally adds a set of permission update lists for each encrypted file 21a to record the short-term permission changes and cooperate with the original access formula to ensure that the result is equivalent to the updated access. Formulas, and the task of updating the access formula can achieve the purpose of suspension, avoiding the occurrence of service interruptions with each update.

故,請參閱全部附圖所示,本發明使用時,與習用技術相較,著實存在下列優點: Therefore, referring to all the drawings, when using the present invention, compared with the conventional technology, the following advantages exist:

(1)本發明之提供一種具加密檔案關鍵字模糊搜尋功能的雲端伺服器系統,當使用者檢索時關鍵字輸入有錯字時,只要且還在合理錯誤範圍內,仍然能確保加密檔案查詢的正確性。 (1) The present invention provides a cloud server system with an encrypted file keyword fuzzy search function. When a keyword is input with a typo when a user searches, as long as it is still within a reasonable error range, the encrypted file query can still be ensured. Correctness.

(2)本發明之系統,在不完全信任的第三方雲端儲存環境,仍可進行靈活的密文資料分享和控制並且用去重複技術降低儲存成本。 (2) The system of the present invention can still perform flexible ciphertext data sharing and control and reduce the storage cost by using deduplication technology in a third-party cloud storage environment that is not fully trusted.

(3)本發明加入屬性加密的存取公式和線上權限管理機制,可以進行靈活且細微的存取控制,並且按照權限設定改變存取公式。 (3) The present invention adds an attribute encryption access formula and an online rights management mechanism, and can perform flexible and fine access control, and change the access formula according to the authority setting.

透過上述之詳細說明,即可充分顯示本發明之目的及功效上均具有實施之進步性,極具產業之利用性價值,且為目前市面上前所未見之新發明,完全符合發明專利要件,爰依法提出申請。唯以上所述僅為本發明較佳的實施例,並非因此限制本發明的實施方式及保護範圍,對於本領域技術人員而言,應當能夠意識到凡運用本發明說明書及圖示內容所作出的等同替換和顯而易見的變化所得到的方案,均應當包含在本發明的保護範圍內。 Through the above detailed description, it can fully demonstrate that the object and effect of the present invention are both progressive in implementation, highly industrially usable, and are new inventions not previously seen on the market, and fully comply with the invention patent requirements. , 提出 apply in accordance with the law. The above is only the preferred embodiment of the present invention, and is not intended to limit the scope of the embodiments and the scope of the present invention. Those skilled in the art should be able to Combinations of equivalent substitutions and obvious variations are intended to be included within the scope of the invention.

Claims (5)

一種具加密檔案關鍵字模糊搜尋功能的雲端伺服器系統,包括:一雲端伺服器,包括一儲存模組、一模糊搜尋模組、一去除重複檔案模組以及一線上權限更新模組,該儲存模組用以存放檔案,該模糊搜尋模組用以進行一多關鍵字檢索,該多關鍵字檢索係針對複數個關鍵字組合成的一多關鍵字集,回饋利用該多關鍵字集檢索的所有檢索結果,該去除重複檔案模組利用一檔案分割方式給予各該檔案動態的滑框,將各該檔案分解成多個小區塊,再比對各小區塊的資料重複度,以將重複的檔案去除,該線上權限更新模組用以對一加密檔案產生一權限更新名單,該權限更新名單用以記錄短期內的權限更動;一檔案加密裝置,用以將至少一檔案進行一加密運算,產生該至少一檔案的該加密檔案以及一索引,並將該加密檔案及該索引上傳至該儲存模組儲存;以及一查詢裝置,用以產生一暗門以進入該雲端伺服器進行一檔案檢索動作,該暗門至少包括該檔案加密裝置給予之一認證以及一關鍵字集;其中,當該雲端伺服器收到該暗門,則基於該索引、該關鍵字集進行該多關鍵字檢索,並回饋符合該檢索結果的全部檔案至該查詢裝置。 A cloud server system with an encrypted file keyword fuzzy search function includes: a cloud server, including a storage module, a fuzzy search module, a deduplication file module, and an online permission update module, the storage The module is configured to store a file, and the fuzzy search module is configured to perform a multi-keyword search, and the multi-keyword search is performed by using a multi-keyword set for a plurality of keyword sets combined by the plurality of keywords. For all the search results, the deduplication file module uses a file segmentation method to give each file a dynamic sliding frame, and decomposes each file into a plurality of cell blocks, and then compares the data repetition of each cell block to repeat The file removal module is configured to generate a permission update list for an encrypted file, the permission update list is used to record the permission change in a short period; and a file encryption device is configured to perform an encryption operation on the at least one file. Generating the encrypted file of the at least one file and an index, and uploading the encrypted file and the index to the storage module for storage; Querying means for generating a secret door to enter the cloud server for performing a file retrieval operation, the hidden door including at least one of the file encryption device and a keyword set; wherein, when the cloud server receives the The hidden door performs the multi-keyword search based on the index and the keyword set, and feeds back all the files that match the search result to the querying device. 如申請專利範圍第1項所述的具加密檔案關鍵字模糊搜尋功能的雲端伺服器系統,其中該加密運算利用屬性加密(Attribute-Based Encryption)對該檔案進行更精細的存取控制(Fine-Grained Access Control)。 The cloud server system with the encrypted file keyword fuzzy search function described in claim 1, wherein the encryption operation uses Attribute-Based Encryption to perform finer access control on the file (Fine- Grained Access Control). 如申請專利範圍第1項所述的具加密檔案關鍵字模糊搜尋功能的雲端伺服器系統,其中該認證包括一產生加密函數的函式,該產生加密函數的函式用以確認該查詢裝置的權限是否足以進入該雲端伺服器。 The cloud server system with the encrypted file keyword fuzzy search function according to claim 1, wherein the authentication includes a function for generating an encryption function, and the function for generating the encryption function is used to confirm the query device. Is the permission sufficient to enter the cloud server. 如申請專利範圍第1項所述的具加密檔案關鍵字模糊搜尋功能的雲端伺服器系統,其中該索引包括一模糊關鍵字集,用於該多關鍵字檢索。 The cloud server system with the encrypted file keyword fuzzy search function according to claim 1, wherein the index includes a fuzzy keyword set for the multi-keyword search. 如申請專利範圍第1項所述的具加密檔案關鍵字模糊搜尋功能的雲端伺服器系統,其中該檔案分割方式採用動態式資料切割將各該檔案分解成多個小區塊。 The cloud server system with the encrypted file keyword fuzzy search function described in claim 1, wherein the file segmentation method uses dynamic data cutting to decompose each file into a plurality of cell blocks.
TW106138628A 2017-11-08 2017-11-08 Cloud server system with encrypted file keyword fuzzy search function TWI638271B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW106138628A TWI638271B (en) 2017-11-08 2017-11-08 Cloud server system with encrypted file keyword fuzzy search function

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW106138628A TWI638271B (en) 2017-11-08 2017-11-08 Cloud server system with encrypted file keyword fuzzy search function

Publications (2)

Publication Number Publication Date
TWI638271B true TWI638271B (en) 2018-10-11
TW201918903A TW201918903A (en) 2019-05-16

Family

ID=64797581

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106138628A TWI638271B (en) 2017-11-08 2017-11-08 Cloud server system with encrypted file keyword fuzzy search function

Country Status (1)

Country Link
TW (1) TWI638271B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1936896A (en) * 2006-09-20 2007-03-28 网之易信息技术(北京)有限公司 Information searching method and system based on searching engine
TW201132097A (en) * 2009-12-15 2011-09-16 Microsoft Corp Trustworthy extensible markup language for trustworthy computing and data services
US20130262852A1 (en) * 2012-03-30 2013-10-03 Microsoft Corporation Range-Based Queries for Searchable Symmetric Encryption
CN103955537A (en) * 2014-05-16 2014-07-30 福州大学 Method and system for designing searchable encrypted cloud disc with fuzzy semantics
CN104394155A (en) * 2014-11-27 2015-03-04 暨南大学 Multi-user cloud encryption keyboard searching method capable of verifying integrity and completeness
TW201621696A (en) * 2014-12-03 2016-06-16 仁寶電腦工業股份有限公司 Method and system for transmitting data
CN106407447A (en) * 2016-09-30 2017-02-15 福州大学 Simhash-based fuzzy sequencing searching method for encrypted cloud data

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1936896A (en) * 2006-09-20 2007-03-28 网之易信息技术(北京)有限公司 Information searching method and system based on searching engine
TW201132097A (en) * 2009-12-15 2011-09-16 Microsoft Corp Trustworthy extensible markup language for trustworthy computing and data services
US20130262852A1 (en) * 2012-03-30 2013-10-03 Microsoft Corporation Range-Based Queries for Searchable Symmetric Encryption
CN103955537A (en) * 2014-05-16 2014-07-30 福州大学 Method and system for designing searchable encrypted cloud disc with fuzzy semantics
CN104394155A (en) * 2014-11-27 2015-03-04 暨南大学 Multi-user cloud encryption keyboard searching method capable of verifying integrity and completeness
TW201621696A (en) * 2014-12-03 2016-06-16 仁寶電腦工業股份有限公司 Method and system for transmitting data
CN106407447A (en) * 2016-09-30 2017-02-15 福州大学 Simhash-based fuzzy sequencing searching method for encrypted cloud data

Also Published As

Publication number Publication date
TW201918903A (en) 2019-05-16

Similar Documents

Publication Publication Date Title
US11381398B2 (en) Method for re-keying an encrypted data file
US9164926B2 (en) Security control method of network storage
CN114065265B (en) Fine-grained cloud storage access control method, system and equipment based on blockchain technology
CN108768951B (en) Data encryption and retrieval method for protecting file privacy in cloud environment
US8364969B2 (en) Protecting privacy of shared personal information
CN109493017B (en) Trusted outsourcing storage method based on block chain
KR101371608B1 (en) Database Management System and Encrypting Method thereof
Asghar et al. Supporting complex queries and access policies for multi-user encrypted databases
US8621036B1 (en) Secure file access using a file access server
CN116112274A (en) Blockchain, management group rights and integration of access in an enterprise environment
US20130246811A1 (en) Storage method, system and apparatus
CN112989375B (en) Hierarchical optimization encryption lossless privacy protection method
US11256662B2 (en) Distributed ledger system
US20160112413A1 (en) Method for controlling security of cloud storage
KR20160044022A (en) Enabling access to data
Wang et al. Towards secure and effective utilization over encrypted cloud data
CN107294701B (en) Multidimensional ciphertext interval query device and method with efficient key management
WO2022025822A1 (en) Cloud data sharing systems and methods for sharing data using the systems
CN110851848B (en) Privacy protection method for symmetric searchable encryption
CN109783456B (en) Duplication removing structure building method, duplication removing method, file retrieving method and duplication removing system
CN105553661B (en) Key management method and device
US20160148021A1 (en) Systems and Methods for Trading of Text based Data Representation
Yan et al. Secure and efficient big data deduplication in fog computing
AU2018100311A4 (en) A File Access Control System Based on Cloud Storage
TWI638271B (en) Cloud server system with encrypted file keyword fuzzy search function

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees