CN103873236B - One kind can search for encryption method and equipment - Google Patents
One kind can search for encryption method and equipment Download PDFInfo
- Publication number
- CN103873236B CN103873236B CN201210534843.0A CN201210534843A CN103873236B CN 103873236 B CN103873236 B CN 103873236B CN 201210534843 A CN201210534843 A CN 201210534843A CN 103873236 B CN103873236 B CN 103873236B
- Authority
- CN
- China
- Prior art keywords
- searcher
- encryption
- key
- identity information
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention announces one kind and can search for encryption method and equipment, obtains the identity of searcher or the identity of searcher place group by sender, and the systematic parameter of KMC;The identity according to described searcher for the sender or the identity of searcher place group, and described systematic parameter cryptography key word, and the key word ciphertext after encryption is uploaded to storage server.Pass through searcher simultaneously and query key is obtained from KMC according to the identity of searcher or the identity of searcher place group, query key according to key word and described acquisition generates query token, key word ciphertext after described query token inquires about encryption from storage server, and receive the data that described storage server returns.Thus realizing, in the case that the support and sender not needing expensive PKIX does not need to download public key, realizing can search for encryption technology.
Description
Technical field
The present invention is applied to encryption technology field, and more particularly, to one kind can search for encryption method and equipment.
Background technology
Encipherment scheme, in order to ensure Semantic Security, often requires that in the ciphertext distribution and the cryptogram space that AES produces
It is uniformly distributed both in computationally indistinguishable(Computationally indistinguishable refers to, for two probability distribution, there is not polynomial time
Algorithm can distinguish them).Therefore, all cannot obtain any having a mind to from the ciphertext that obtains of encryption for any effective algorithm
The semantic information of justice, and losing of semantic information makes to realize the retrieval to ciphertext data by common searching algorithm.
In order to solve the problems, such as searching ciphertext, occur in that and can search for encryption technology.
Can search for encrypting it is not necessary to be decrypted to the ciphertext data of encryption, but scanned for using detection algorithm,
Output is this ciphertext whether result containing search keyword, usually 0 or 1.The development that can search for encrypting comprises three
The main historical stage, it is that symmetric key can search for encrypting first, was proposed by Song etc. in 2000.Its application scenarios is search
Side is same entity with encryption side, uploads onto the server after being encrypted data and key word using DSE arithmetic, it
Afterwards line retrieval is entered to this ciphertext data.Its shortcoming is that user can only search for the encryption number oneself encrypting and uploading in data base
According to.
In order to overcome the limitation in this application, Dan Boneh proposed the public key with keyword search in 2004
Encryption(Public Key Encryption with Keyword Search, PEKS).The application scenarios of PEKS scheme are multiple
Sender sends key word ciphertext data ciphertext to recipient, and recipient utilizes private key to generate search token, is uploaded to service
Device, server runs corresponding detection algorithm and carries out keyword search.Recipient in the program can only be single entities, simultaneously
The operation of keyword detection algorithm can only realize the retrieval to a key word it is impossible to realize conjunction key word is examined every time
Rope(Assume have n key word to be respectively W1, W2 ..., Wn, to comprising key word W1, and comprise key word W2 ..., and comprise pass
The ciphertext of keyword Wn scans for, referred to as conjunction keyword search), this is its bottleneck functionally.
Hwang and Lee proposes the scheme solving this problem, the i.e. public affairs with conjunction keyword search of multi-user within 2007
Key is encrypted(Multi-user Public Key Encryption with Conjunctive Keyword Search,
mPECK), with the public key cryptography scheme of multi-receiver conjunction keyword retrieval.The program is based on public-key cryptosystem, needs
The support of the infrastructure of online database of public keys or certificate repository, simultaneously sender need inquiry with download group all become
The public key of member, is encrypted to data according to the public key of each recipient, and receiver generates search token according to the private key of oneself
Data is scanned for.However, the maintenance and management cost of database of public keys is very high, and multiple use are downloaded in sender's inquiry
The public key at family may waste the network bandwidth and storage resource.
Content of the invention
The purpose of the embodiment of the present invention is to provide one kind to can search for encryption method and equipment, solves base in prior art
In public key can search for need the support of the infrastructure of online database of public keys or certificate repository in encryption technology, send out simultaneously
The side of sending needs inquiry and downloads the problem of the public key of all members of group.
In a first aspect, one kind can search for encryption method, methods described includes:
Obtain the identity information of searcher and the systematic parameter of KMC, the identity information bag of described searcher
Include the identity information of described single searchers or the identity information of the group at the plurality of searchers place;
Identity information according to described searcher and described systematic parameter are encrypted to key word, and by after encryption
Key word ciphertext uploads to storage server.
In conjunction with a first aspect, in the first possible implementation of first aspect, described according to described searcher
Identity information and described systematic parameter are encrypted to key word, including:
Identity information according to described searcher and described systematic parameter calculate the public key encrypting described key word, and root
According to key word described in the described public key encryption calculating.
In conjunction with the first possible implementation of first aspect or first aspect, may in the second of first aspect
Implementation in, methods described also includes:
Identity information according to described searcher and described systematic parameter encrypting plaintext data, and by encryption after plaintext number
According to ciphertext upload to described storage server.
In conjunction with the possible implementation of the second of first aspect, in the third possible implementation of first aspect
In, the described identity according to described searcher and described systematic parameter encrypting plaintext data, including:
Identity information according to described searcher and described systematic parameter calculate the public key encrypting described clear data, and
Clear data according to the described public key encryption calculating.
In conjunction with the first possible implementation of first aspect or first aspect, in the 4th kind of possibility of first aspect
Implementation in, methods described also includes:
According to the encryption attribute clear data of described searcher, and the ciphertext of the clear data after encryption is uploaded to described
Storage server.
Second aspect, a kind of identity-based can search for encryption method, methods described includes:
Identity information according to searcher obtains query key, the identity information bag of described searcher from KMC
Include the identity information of described single searchers or the identity information of the group at the plurality of searchers place;
Query key according to key word and described acquisition generates query token, by described query token from storage service
Key word ciphertext after inquiry encryption in device.
In conjunction with second aspect, in the first possible implementation of second aspect, described by described query token
Key word ciphertext after inquiry encryption from storage server, including:
The file of the key word after comprising to encrypt is inquired about by described query token from storage server.
In conjunction with the first possible implementation of second aspect or second aspect, may in the second of second aspect
Implementation in, described query key according to key word and described acquisition generates query token, including:
When the identity according to searcher place group obtains query key from KMC, described in the described direction of search
Searcher place group submits key word, and described searcher place group checks that whether described searcher is the member in group, if so, then
Described searcher place group generates query token according to described key word and described query key, and described query token is returned
To described searcher.
The second of the first the possible implementation in conjunction with second aspect or second aspect or second aspect can
Can implementation, in the third possible implementation of second aspect, described by described query token from storage clothes
Key word ciphertext after inquiry encryption in business device, including:
Receive the ciphertext of the clear data according to public key encryption that described storage server returns.
In conjunction with the third possible implementation of second aspect, in the 4th kind of possible implementation of second aspect
In, methods described, after step receives the ciphertext according to the clear data of public key encryption that described storage server returns, is gone back
Including:
According to described query key, the ciphertext of the described clear data according to public key encryption is decrypted, obtains deciphering
Clear data afterwards.
The second of the first the possible implementation in conjunction with second aspect or second aspect or second aspect can
The implementation of energy or the third possible implementation of second aspect or the 4th kind of possible realization of second aspect
Mode, in the 5th kind of possible implementation of second aspect, methods described, also include:
The corresponding data deciphering of described attribute is obtained from described KMC according to the searcher attribute pre-setting
Key.
In conjunction with the 5th kind of possible implementation of second aspect, in the 6th kind of possible implementation of second aspect
In, described key word ciphertext after described query token inquires about encryption from storage server, including:
Receive the clear data according to the described searcher encryption attribute pre-setting that described storage server returns
Ciphertext.
In conjunction with the 6th kind of possible implementation of second aspect, in the 7th kind of possible implementation of second aspect
In, methods described receives the bright according to the described searcher encryption attribute pre-setting of described storage server return in step
After the ciphertext of civilian data, also include:
According to described data decryption key, what described storage server was returned belongs to according to the described searcher pre-setting
Property encryption the ciphertext of clear data be decrypted, obtain the clear data after deciphering.
The third aspect, a kind of encryption device, described equipment includes:
First acquisition unit, for obtaining the identity information of searcher and the systematic parameter of KMC, described
The identity information of searcher includes the identity information of described single searchers or the body of the group at the plurality of searchers place
Part information;
Encryption uploading unit, is carried out to key word for the identity information according to described searcher and described systematic parameter
Encryption, and the key word ciphertext after encryption is uploaded to storage server.
In conjunction with the third aspect, in the first possible implementation of the third aspect, described encryption uploading unit is concrete
For:
Identity information according to described searcher and described systematic parameter calculate the public key encrypting described key word, and root
According to key word described in the described public key encryption calculating.
In conjunction with the first possible implementation of the third aspect or the 3rd face, possible in the second of the third aspect
In implementation, described equipment also includes:
First ciphering unit, for the identity information according to described searcher and described systematic parameter encrypting plaintext data,
And the ciphertext of the clear data after encryption is uploaded to described storage server.
In conjunction with the possible implementation of the second in the 3rd face, in the third possible implementation of the third aspect,
Described first ciphering unit specifically for:
Identity information according to described searcher and described systematic parameter calculate the public key encrypting described clear data, and
Clear data according to the described public key encryption calculating.
In conjunction with the first possible implementation of the third aspect or the third aspect, in the 4th kind of possibility of the third aspect
Implementation in, described equipment also includes:
Second ciphering unit, for the encryption attribute clear data according to described searcher, and by the plaintext number after encryption
According to ciphertext upload to described storage server.
Fourth aspect, a kind of search equipment, described equipment includes:
Second acquisition unit, obtains query key for the identity information according to searcher from KMC, described
The identity information of searcher includes the identity information of described single searchers or the body of the group at the plurality of searchers place
Part information;
Inquire-receive unit, generates query token for the query key according to key word and described acquisition, by described
Query token inquires about the key word ciphertext after encryption from storage server.
In conjunction with fourth aspect, in the first possible implementation of fourth aspect, hold in described inquire-receive unit
Key word ciphertext after described query token inquires about encryption from storage server for the row step, including:
The file of the key word after comprising to encrypt is inquired about by described query token from storage server.
In conjunction with the first possible implementation of fourth aspect or fourth aspect, may in the second of fourth aspect
Implementation in, described inquire-receive unit execution step generates inquiry order according to the query key of key word and described acquisition
Board, including:
When the identity according to searcher place group obtains query key from KMC, described in the described direction of search
Searcher place group submits key word, and described searcher place group checks that whether described searcher is the member in group, if so, then
Described searcher place group generates query token according to described key word and described query key, and described query token is returned
To described searcher.
The second of the first the possible implementation in conjunction with fourth aspect or fourth aspect or fourth aspect can
The implementation of energy, in the third possible implementation of fourth aspect, described inquire-receive unit, including:
Receive the ciphertext of the clear data according to public key encryption that described storage server returns.
In conjunction with the third possible implementation of fourth aspect, in the 4th kind of possible implementation of fourth aspect
In, described equipment also includes the first decryption unit, described first decryption unit specifically for:
According to described query key, the ciphertext of the described clear data according to public key encryption is decrypted, obtains deciphering
Clear data afterwards.
The second of the first the possible implementation in conjunction with fourth aspect or fourth aspect or fourth aspect can
The implementation of energy or the third possible implementation of fourth aspect or the 4th kind of possible realization of fourth aspect
Mode, in the 5th kind of possible implementation of fourth aspect, described equipment also includes the 3rd acquiring unit, and the described 3rd obtains
Take unit specifically for:
The corresponding data deciphering of described attribute is obtained from described KMC according to the searcher attribute pre-setting
Key.
In conjunction with the 5th kind of possible implementation of fourth aspect, in the 6th kind of possible implementation of fourth aspect
In, described inquire-receive unit, including:
Receive the clear data according to the described searcher encryption attribute pre-setting that described storage server returns
Ciphertext.
In conjunction with the 6th kind of possible implementation of fourth aspect, in the 7th kind of possible implementation of fourth aspect
In, described equipment also includes the second decryption unit, and described second decryption unit includes:
According to described data decryption key, what described storage server was returned belongs to according to the described searcher pre-setting
Property encryption the ciphertext of clear data be decrypted, obtain the clear data after deciphering.
Compared with prior art, the embodiment of the present invention provides one kind to can search for encryption method, and methods described is passed through from key
Administrative center obtains systematic parameter and private key so that KMC can be equally can be realized using working in the way of offline
Sender's encryption and the purpose of searcher search.Meanwhile, sender only needs to know that the identity of searcher or searcher are located
Group can achieve the encryption method of key word so that sender does not need to download the identity of multiple searcher or searcher is located
The public key of group, it is not necessary to online database of public keys supports, reduces the network bandwidth and storage overhead.Due to corresponding sender's public key
Query key produced by described KMC, therefore all of key word ciphertext can be searched for by KMC
Data, realizes centralized key escrow function, and this function is even more important in company and some government bodies.Pass through above-mentioned one simultaneously
The mode of individual or multiple key word, it is possible to achieve searcher is entered in described storage server to one or more of key words
Line search is inquired about, and by searcher place group, searcher inquiry is managed and controls, thus realizing the mesh of multi-user's search
's.
Brief description
For the technical scheme being illustrated more clearly that in the embodiment of the present invention, below by use required in embodiment
Accompanying drawing be briefly described it should be apparent that, drawings in the following description are only some embodiments of the present invention, for ability
For the those of ordinary skill of domain, without having to pay creative labor, others can also be obtained according to these accompanying drawings
Accompanying drawing.
Fig. 1 is that one kind that the embodiment of the present invention one provides can search for encryption method flow chart;
Fig. 2 is that one kind that the embodiment of the present invention two provides can search for encryption method flow chart;
Fig. 3 is that one kind that the embodiment of the present invention one, two provides can search for encryption method schematic diagram;
Fig. 4 is that one kind that the embodiment of the present invention one, two provides can search for encryption method schematic diagram;
Fig. 5 is that one kind that the embodiment of the present invention three provides can search for encryption method flow chart;
Fig. 6 is that one kind that the embodiment of the present invention four provides can search for encryption method flow chart;
Fig. 7 is that one kind that the embodiment of the present invention three, four provides can search for encryption method schematic diagram;
Fig. 8 is that one kind that the embodiment of the present invention five provides can search for encryption method flow chart;
Fig. 9 is that one kind that the embodiment of the present invention six provides can search for encryption method flow chart;
Figure 10 is that one kind that the embodiment of the present invention five, six provides can search for encryption method schematic diagram;
Figure 11 is that one kind that the embodiment of the present invention seven provides can search for encryption method flow chart;
Figure 12 is that one kind that the embodiment of the present invention seven provides can search for encryption method flow chart;
Figure 13 is that one kind that the embodiment of the present invention seven, eight provides can search for encryption method schematic diagram;
Figure 14 is a kind of structure drawing of device of encryption device that the embodiment of the present invention nine provides;
Figure 15 is a kind of structure drawing of device of search equipment that the embodiment of the present invention ten provides;
Figure 16 is a kind of structure drawing of device of encryption device that the embodiment of the present invention 11 provides;
Figure 17 is a kind of structure drawing of device of search equipment that the embodiment of the present invention 12 provides;
Figure 18 is a kind of structure drawing of device of encryption device that the embodiment of the present invention 13 provides;
Figure 19 is a kind of structure drawing of device of search equipment that the embodiment of the present invention 14 provides;
Figure 20 is a kind of structure drawing of device of encryption device that the embodiment of the present invention 15 provides;
Figure 21 is a kind of structure drawing of device of search equipment that the embodiment of the present invention 16 provides.
Specific embodiment
In order that the objects, technical solutions and advantages of the present invention become more apparent, below in conjunction with drawings and Examples, right
The present invention is further elaborated.It should be appreciated that specific embodiment described herein is only in order to explain the present invention, and
It is not used in the restriction present invention.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all essences in the present invention
Any modification, equivalent and improvement made within god and principle etc., should be included within the scope of the present invention.
Embodiment one
With reference to Fig. 1, Fig. 1 is that one kind that the embodiment of the present invention one provides can search for encryption method flow chart.As shown in figure 1,
The method comprises the following steps:
Step 101, obtains the identity information of searcher and the systematic parameter of KMC, and described searcher includes
Single searchers or the group at several searchers place, the identity information of described searcher includes the body of described single searchers
The identity information of the group at part information or the plurality of searchers place;
Wherein, the identity information of described the searcher including but not limited to phone number of searcher, job number, No. QQ, Email
Etc. information.The mode of the described identity information obtaining searcher including but not limited to passes through the side such as Help by Phone or E-mail inquiries
Formula obtains.The identity information of described searcher place group includes but is not limited to the QQ group number of searcher place group, department name etc.
Information.The mode of the described identity obtaining searcher place group including but not limited to passes through the side such as Help by Phone or E-mail inquiries
Formula obtains.Described KMC is responsible for issuing systematic parameter for calculating encrypted public key to sender, can also enter one
Walk and issue the corresponding private key of described encrypted public key, i.e. query key, described systematic parameter to searcher or searcher place group
Including but not limited to elliptic curve cipher parameter group, mapping function and mapping method.
Specifically, it is consistent by the mapping parameters that identity obtains, and the calculation of public key is by mapping parameters and public affairs
The multiplication of key factor matrix obtains, and the calculation of private key is obtained by mapping parameters and private key factor matrix multiple, therefore,
Ensure that the one-to-one corresponding of public key and private key.
In this step, described KMC can by using working in the way of offline, that is, send described identity information and
Systematic parameter, and send time of query key and do not limit, before offline, systematic parameter can be handed down to sender,
And the query key corresponding to the encrypted public key calculating is handed down to searcher or searcher place group it is also possible to carry online
For.
Step 102, the identity information according to described searcher and described systematic parameter are encrypted to key word, and will
Key word ciphertext after encryption uploads to storage server.
Specifically, the described identity information according to described searcher and described systematic parameter are encrypted to key word,
Including:
Identity information according to described searcher and described systematic parameter, calculate for encrypting adding of described key word
Migong key, and described key word is encrypted according to the described encrypted public key calculating.
In this step, sender only needs to the identity information knowing the identity information of searcher or searcher place group
Can achieve the encryption of key word so that sender does not need to download encryption public affairs from online database of public keys or certificate repository
Key, reduces the network bandwidth and storage overhead.
The embodiment of the present invention provide a kind of identity-based can search for encryption method, in methods described, sender only needs to know
The identity of road searcher or the searcher place group i.e. encryption method of achievable key word be not so that sender needs download many
The public key of the identity of individual searcher or searcher place group, it is not necessary to online database of public keys supports, reduces the network bandwidth
And storage overhead.
Embodiment two
With reference to Fig. 2, Fig. 2 be a kind of identity-based that the embodiment of the present invention two provides can search for encryption method flow chart.
As shown in Fig. 2 the method comprises the following steps:
Step 201, the identity information according to searcher obtains query key from KMC, and described searcher includes
Single searchers or the group at several searchers place, the identity information of described searcher includes the body of described single searchers
The identity information of the group at part information or the plurality of searchers place;
Wherein, query key is that described KMC gives birth to according to the identity information of described searcher and systematic parameter
The private key corresponding to encryption key becoming.Described KMC equally can calculate public key, because in described key management
Feel and contain shared key factor matrix, and private key exists only in described KMC, not external cloth.
Step 202, generates query token according to the query key of key word and described acquisition, by described query token from
Key word ciphertext after inquiry encryption in storage server, and receive the Query Result that described storage server returns.
Wherein, the described query key according to key word and described acquisition generates query token, including:
The query key of one or more key word according to searcher and described acquisition generates query token.
By way of said one or multiple key word, it is possible to achieve searcher is to one or more of key words
Scan for inquiring about in described storage server.
Preferable, the described query key according to key word and described acquisition generates query token, including:
When the identity information according to searcher place group obtains query key from KMC, the described direction of search
Described searcher place group submits key word, and described searcher place group checks that whether described searcher is the member in group, if
It is that then described searcher place group generates query token according to described key word and described query key, and described inquiry is made
Board returns to described searcher.By searcher place group, searcher inquiry is managed and controls, thus realizing multi-user
The purpose of search.
Fig. 3 and Fig. 4 be the embodiment of the present invention one and two provide a kind of identity-based can search for encryption method schematic diagram,
Now in the way of Signalling exchange a kind of identity-based described in specific illustrative embodiment one and two can search for encryption method.With
When, the implementation of the embodiment of the present invention includes the step of Fig. 3 and Fig. 4, but is not limited to the order of each step, Fig. 3 and Fig. 4 is
A kind of preferable embodiment.As shown in figure 3, methods described comprises the steps:
Step 301, sender from KMC obtain systematic parameter, and simultaneously obtain searcher identity information,
Described searcher includes the group that single searchers or several searchers are located, and the identity information of described searcher includes described
The identity information of the group at the identity information of single searchers or the plurality of searchers place;
Step 302, sender according to the identity information of searcher and systematic parameter obtain that key word is encrypted plus
Key, uploads to storage server according to described encryption keys key word and by the key word ciphertext after encryption;
Step 303, searcher obtains query key according to the identity information of oneself correlation from described KMC;
Step 304, searcher generates query token according to described query key and key word;
Step 305, searcher uploads described query token to described storage server;
Step 306, searcher receives, from described storage server, the Query Result returning.
As shown in figure 4, methods described comprises the steps:
Step 401, sender from KMC obtain systematic parameter, and simultaneously obtain searcher identity information,
Described searcher includes the group that single searchers or several searchers are located, and the identity information of described searcher includes described
The identity information of the group at the identity information of single searchers or the plurality of searchers place;
Step 402, sender according to the identity information of searcher and systematic parameter obtain that key word is encrypted plus
Key, uploads to storage server according to described encryption keys key word and by the key word ciphertext after encryption;
Step 403, it is close that searcher place group obtains inquiry according to the identity information of described group from described KMC
Key;
Step 404, described direction of search searcher place group submits key word, to searcher place group application inquiry order
Board;
Step 405, searcher place group checks whether described searcher is member in group, if so, then generates query token,
If it is not, then not generating query token;
Step 406, described searcher receives the query token that described group issues;
Step 407, searcher uploads described query token to described storage server;
Step 408, searcher receives, from described storage server, the Query Result returning.
The embodiment of the present invention provide a kind of identity-based can search for encryption method, methods described pass through said one or
The mode of multiple key words, it is possible to achieve searcher scans in described storage server to one or more of key words
Inquiry.Pass through searcher place group searcher inquiry to be managed and controls, thus realizing the purpose of multi-user's search simultaneously.
Embodiment three
With reference to Fig. 5, Fig. 5 be a kind of identity-based that the embodiment of the present invention three provides can search for encryption method flow chart.
As shown in figure 5, the method comprising the steps of:
Step 501, obtains the identity of searcher or the identity of searcher place group, and the system ginseng of KMC
Number;
Step 502, the identity of the identity according to described searcher or searcher place group, and the encryption of described systematic parameter
Key word, and the key word ciphertext after encryption is uploaded to storage server;
Step 503, according in prior art any one encryption method encrypting plaintext data, and by encryption after plaintext
The ciphertext of data uploads to described storage server.
In this step, described key word corresponding plaintext number is encrypted by the method for any one encryption in prior art
According to.
The embodiment of the present invention is all suitable for for searcher or searcher place group, below mainly taking searcher as a example do into
One step explanation.With specific reference to the step 703 shown in Fig. 7.
The embodiment of the present invention can search for encryption method by a kind of identity-based of the embodiment of the present invention one and two offer
Cryptography key word, encrypts the corresponding clear data of described key word by prior art, thus realizing on the basis of prior art
On, realize the scheme that can search for cryptography key word of identity-based.
Example IV
With reference to Fig. 6, Fig. 6 be a kind of identity-based that the embodiment of the present invention four provides can search for encryption method flow chart.
As shown in fig. 6, methods described comprises the steps:
Step 601, the identity of the identity according to searcher or searcher place group obtains inquiry from KMC
Key;
Step 602, generates query token according to the query key of key word and described acquisition, by described query token from
Key word ciphertext after inquiry encryption in storage server, and receive the data that described storage server returns;
Step 603, obtains the corresponding decruption key of method of any one encrypting plaintext data in prior art;
Step 604 is according to the corresponding decruption key of method of any one encrypting plaintext data in described prior art, right
The ciphertext of the clear data after described encryption is decrypted, and obtains the clear data after deciphering.
In this step, described key word is deciphered by the corresponding decryption method of method of any one encryption in prior art
Corresponding clear data.
The embodiment of the present invention is all suitable for for searcher or searcher place group, below mainly taking searcher as a example do into
One step explanation.With specific reference to the step 708 shown in Fig. 7 and step 709.
Fig. 7 be a kind of identity-based that the embodiment of the present invention three and example IV provide can search for encryption method, now with
A kind of identity-based described in the mode specific illustrative embodiment three and four of Signalling exchange can search for encryption method, meanwhile,
The step that the implementation of the embodiment of the present invention includes Fig. 7, but it is not limited to the order of each step, Fig. 7 is a kind of preferable
Embodiment.As shown in fig. 7, methods described comprises the steps:
Step 701, sender from KMC obtain systematic parameter, and simultaneously obtain searcher identity information,
Described searcher includes the group that single searchers or several searchers are located, and the identity information of described searcher includes described
The identity information of the group at the identity information of single searchers or the plurality of searchers place;
Step 702, sender according to the identity information of searcher and systematic parameter obtain that key word is encrypted plus
Key, uploads to storage server according to described encryption keys key word and by the key word ciphertext after encryption;
Step 703, described sender is according to the method encrypting plaintext data of any one encryption in prior art, and will add
The ciphertext of the clear data after close uploads to described storage server;
Step 704, searcher obtains query key according to the identity information of oneself correlation from described KMC;
Step 705, searcher generates query token according to described query key and key word;
Step 706, searcher uploads described query token to described storage server;
Step 707, searcher receives, from described storage server, the Query Result returning;
Step 708, described searcher obtains the corresponding deciphering of method of any one encrypting plaintext data in prior art
Key;
Step 709 is according to the corresponding decruption key of method of any one encrypting plaintext data in described prior art, right
The ciphertext of the clear data after described encryption is decrypted, and obtains the clear data after deciphering.
The embodiment of the present invention can search for encryption method by a kind of identity-based of the embodiment of the present invention one and two offer
Cryptography key word, encrypts the corresponding clear data of described key word by prior art, thus realizing on the basis of prior art
On, realize the scheme that can search for cryptography key word of identity-based.
Embodiment five
With reference to Fig. 8, Fig. 8 be a kind of identity-based that the embodiment of the present invention five provides can search for encryption method flow chart.
Methods described comprises the steps:
Step 801, obtains the identity of searcher or the identity of searcher place group, and the system ginseng of KMC
Number;
Step 802, the identity of the identity according to described searcher or searcher place group, and the encryption of described systematic parameter
Key word, and the key word ciphertext after encryption is uploaded to storage server;
Step 803, the identity according to described searcher and described systematic parameter encrypting plaintext data, and will be bright after encryption
The ciphertext of civilian data uploads to described storage server.
Specifically, the described identity according to described searcher and described systematic parameter encrypting plaintext data, including:
Identity according to described searcher and described systematic parameter calculate the public key encrypting described clear data, and according to
Clear data described in the described public key encryption calculating.
The embodiment of the present invention is all suitable for for searcher or searcher place group, below mainly taking searcher as a example do into
One step explanation.With specific reference to the step 1003 shown in Figure 10.
The embodiment of the present invention is corresponding with the public key encryption key word that systematic parameter calculates by using the identity of searcher
Clear data so that searcher only need to by the corresponding private key of described public key decipher described clear data, Ke Yitong
Cross a pair of public key and private key is realized key word and clear data are encrypted so that simple to operate simultaneously simultaneously.Described key management
Center is provided simultaneously with inquiring about and decipher the ability of total data, it is possible to achieve centralized data management, to company and some political affairs
Mansion office is even more important.
Embodiment six
With reference to Fig. 9, Fig. 9 be a kind of identity-based that the embodiment of the present invention six provides can search for encryption method flow chart.
As shown in figure 9, methods described comprises the steps:
Step 901, the identity of the identity according to searcher or searcher place group obtains inquiry from KMC
Key;
Step 902, generates query token according to the query key of key word and described acquisition, by described query token from
Key word ciphertext after inquiry encryption in storage server, and receive the data that described storage server returns;
Step 903, according to described query key, enters to the ciphertext of the clear data of the described identity ciphering according to searcher
Row deciphering, obtains the clear data after deciphering.
The embodiment of the present invention is all suitable for for searcher or searcher place group, below mainly taking searcher as a example do into
One step explanation.With specific reference to the step 1008 shown in Figure 10.
Figure 10 be a kind of identity-based that the embodiment of the present invention five and embodiment six provide can search for encryption method, now with
A kind of identity-based described in the mode specific illustrative embodiment five and six of Signalling exchange can search for encryption method, meanwhile,
The step that the implementation of the embodiment of the present invention includes Figure 10, but it is not limited to the order of each step, Figure 10 is a kind of preferable
Embodiment.As shown in Figure 10, methods described comprises the steps:
Step 1001, sender from KMC obtain systematic parameter, and simultaneously obtain searcher identity information,
Described searcher includes the group that single searchers or several searchers are located, and the identity information of described searcher includes described
The identity information of the group at the identity information of single searchers or the plurality of searchers place;
Step 1002, sender according to the identity information of searcher and systematic parameter obtain that key word is encrypted plus
Key, uploads to storage server according to described encryption keys key word and by the key word ciphertext after encryption;
Step 1003, the identity according to described searcher and described systematic parameter encrypting plaintext data, and by after encryption
The ciphertext of clear data uploads to described storage server;
Step 1004, searcher obtains query key according to the identity information of oneself correlation from described KMC;
Step 1005, searcher generates query token according to described query key and key word;
Step 1006, searcher uploads described query token to described storage server;
Step 1007, searcher receives, from described storage server, the Query Result returning;
Step 1008, according to described query key, the ciphertext to the clear data of the described identity ciphering according to searcher
It is decrypted, obtain the clear data after deciphering.
The embodiment of the present invention is corresponding with the public key encryption key word that systematic parameter calculates by using the identity of searcher
Clear data so that searcher only need to by the corresponding private key of described public key decipher described clear data, Ke Yitong
Cross a pair of public key and private key is realized key word and clear data are encrypted so that simple to operate simultaneously simultaneously.Described key management
Center is provided simultaneously with inquiring about and decipher the ability of total data, it is possible to achieve centralized data management, to company and some political affairs
Mansion office is even more important.
Embodiment seven
With reference to Figure 11, Figure 11 be a kind of identity-based that the embodiment of the present invention seven provides can search for encryption method flow process
Figure.As shown in figure 11, the method comprising the steps of:
Step 1101, obtains the identity of searcher or the identity of searcher place group, and the system of KMC
Parameter;
Step 1102, the identity of the identity according to described searcher or searcher place group, and described systematic parameter add
Close key word, and the key word ciphertext after encryption is uploaded to storage server;
Step 1103, according to the encryption attribute clear data of described searcher, and the ciphertext by the clear data after encryption
Upload to described storage server.
Specifically, the including but not limited to following several situations of described attribute:For example, the department that company clerk A is located is certain
Certain research and development department of company A group, then the attribute of company clerk A could be arranged to so-and-so research and development department of company A group, or be set to other shapes
Formula.Sender is according to the corresponding clear data of encryption attribute key word of company clerk A, and the ciphertext after encryption is uploaded to institute
State storage server.
When specifically, according to the encryption attribute clear data of described searcher, the encryption key of generation and being searched according to described
The encryption key that the identity ciphering clear data of Suo Fang produces is different.When the identity ciphering clear data according to described searcher
When, it is the identity according to described searcher and systematic parameter generation public key, sender encrypts to clear data according to public key, search
Root is decrypted according to the clear data after the corresponding private key pair encryption of public key.When the attribute according to searcher enters to clear data
During row encryption, it is the encryption key generating encrypting plaintext data according to attribute, generate the mode of key and the mode generating public key
Different.
The embodiment of the present invention is all suitable for for searcher or searcher place group, below mainly taking searcher as a example do into
One step explanation.With specific reference to the step 1303 shown in Figure 13.
The embodiment of the present invention passes through the corresponding plaintext attribute of encryption attribute searcher key word so that searcher can basis
The attribute setting access rights pre-setting, while can carrying out multiple keyword retrieval to group member, to group data
The decrypted rights of the public property of can search for data be effectively combined.
Embodiment eight
With reference to Figure 12, Figure 12 be a kind of identity-based that the embodiment of the present invention eight provides can search for encryption method flow process
Figure.As shown in figure 12, the method comprising the steps of:
Step 1201, the identity of the identity according to searcher or searcher place group obtains inquiry from KMC
Key;
Step 1202, the query key according to key word and described acquisition generates query token, by described query token
Key word ciphertext after inquiry encryption from storage server, and receive the data that described storage server returns;
Step 1203, obtains described attribute according to the searcher attribute pre-setting from described KMC corresponding
Data decryption key;
Step 1204, according to described data decryption key, pre-sets according to described to what described storage server returned
The ciphertext of the clear data of searcher encryption attribute be decrypted, obtain the clear data after deciphering.
The embodiment of the present invention is all suitable for for searcher or searcher place group, below mainly taking searcher as a example do into
One step explanation.With specific reference to the step 1308 shown in Figure 13 and step 1309.
Figure 13 be a kind of identity-based that the embodiment of the present invention seven and embodiment eight provide can search for encryption method, now with
A kind of identity-based described in the mode specific illustrative embodiment seven and eight of Signalling exchange can search for encryption method, meanwhile,
The step that the implementation of the embodiment of the present invention includes Figure 13, but it is not limited to the order of each step, Figure 13 is a kind of preferable
Embodiment.As shown in figure 13, methods described comprises the steps:
Step 1301, sender from KMC obtain systematic parameter, and simultaneously obtain searcher identity information,
Described searcher includes the group that single searchers or several searchers are located, and the identity information of described searcher includes described
The identity information of the group at the identity information of single searchers or the plurality of searchers place;
Step 1302, sender according to the identity information of searcher and systematic parameter obtain that key word is encrypted plus
Key, uploads to storage server according to described encryption keys key word and by the key word ciphertext after encryption;
Step 1303, described sender according to the encryption attribute clear data of described searcher, and by the plaintext after encryption
The ciphertext of data uploads to described storage server;
Step 1304, searcher obtains query key according to the identity information of oneself correlation from described KMC;
Step 1305, searcher generates query token according to described query key and key word;
Step 1306, searcher uploads described query token to described storage server;
Step 1307, searcher receives, from described storage server, the Query Result returning;
Step 1308, obtains described attribute according to the searcher attribute pre-setting from described KMC corresponding
Data decryption key;
Step 1309, according to described data decryption key, pre-sets according to described to what described storage server returned
The ciphertext of the clear data of searcher encryption attribute be decrypted, obtain the clear data after deciphering.
The embodiment of the present invention passes through the corresponding clear data of encryption attribute searcher key word so that searcher can basis
The attribute setting access rights pre-setting, while can carrying out multiple keyword retrieval to group member, to group data
The decrypted rights of the public property of can search for data be effectively combined.
Embodiment nine
With reference to Figure 14, Figure 14 is a kind of structure drawing of device of encryption device that the embodiment of the present invention nine provides, described equipment
Including with lower unit:
First acquisition unit 1401 and encryption uploading unit 1402, described first acquisition unit 1401 is used for executing embodiment
The step 101 of Fig. 1 in one, described encryption uploading unit 1402 is used for the step 102 executing Fig. 1 in embodiment one.
One of ordinary skill in the art will appreciate that each included by the equipment in the described embodiment of the present invention nine is single
Unit is simply divided according to function logic, but is not limited to above-mentioned division, as long as be capable of corresponding function being
Can;In addition, the specific name of each functional unit, also only to facilitate mutual distinguish, is not limited to the protection model of the application
Enclose.
First acquisition unit 1401, for obtaining the identity information of searcher and the systematic parameter of KMC,
The identity information of described searcher includes the group that the identity information of described single searchers or the plurality of searchers are located
Identity information;
Wherein, the identity of described searcher includes but is not limited to the phone number of searcher, job number, No. QQ, the letter such as Email
Breath.The mode of the described identity obtaining searcher is including but not limited to obtained by modes such as Help by Phone or E-mail inquiries.
The identity of described searcher place group includes but is not limited to the information such as the QQ group number of searcher place group, department name.Described obtain
The mode taking the identity of searcher place group is including but not limited to obtained by modes such as Help by Phone or E-mail inquiries.Described
KMC is responsible for issuing, to sender, the systematic parameter using during cryptography key word, simultaneously to searcher or searcher
Place group issues the public key that sender calculates according to the identity of searcher or the identity of searcher place group and systematic parameter
Corresponding private key, i.e. query key, using public key and the one-to-one mode of private key manage the public key of sender and searcher or
The private key of person's searcher place group.With specific reference to the step 401 step 301 in Fig. 3 Suo Shi and in Fig. 4.
In this unit, described KMC can be by using working in the way of offline, by systematic parameter before offline
It is handed down to sender, and the query key corresponding to public key that searcher is calculated is handed down to searcher or searcher is located
Group.
Encryption uploading unit 1402, for the identity information according to described searcher and described systematic parameter to key word
It is encrypted, and the key word ciphertext after encryption is uploaded to storage server.
Specifically, the identity of the described identity according to described searcher or searcher place group, and described systematic parameter
Cryptography key word, including:
Identity according to described searcher or the identity of searcher place group, and described systematic parameter calculate encryption institute
State the public key of key word, and key word according to the described public key encryption calculating.
In this unit, sender only needs to know that the identity of searcher or searcher place group can achieve key word
Encryption method so that sender do not need to download the identity of multiple searcher or searcher place group public key it is not necessary to
Line database of public keys supports, and reduces the network bandwidth and storage overhead.Simultaneously because the query key of corresponding sender's public key is
Produced by described KMC, therefore KMC can inquire about and decipher total data, realize centralized close
Key escrow function, this function is even more important in company and some government bodies.Step 302 with specific reference to Fig. 3.
The embodiment of the present invention provides a kind of encryption device, and in described encryption device, sender only needs to know the body of searcher
Part or searcher place group can achieve the encryption method of key word so that sender does not need to download the body of multiple searcher
The public key of part or searcher place group, it is not necessary to online database of public keys supports, reduces the network bandwidth and storage overhead.
Embodiment ten
With reference to Figure 15, Figure 15 is a kind of structure drawing of device of search equipment that the embodiment of the present invention ten provides, described equipment
Including with lower unit:
Second acquisition unit 1501 and inquire-receive unit 1502, described second acquisition unit 1501 is used for executing embodiment
The step 201 of Fig. 2 in two, described encryption uploading unit 1502 is used for the step 202 executing Fig. 2 in embodiment two.
One of ordinary skill in the art will appreciate that each included by the equipment in the described embodiment of the present invention ten is single
Unit is simply divided according to function logic, but is not limited to above-mentioned division, as long as be capable of corresponding function being
Can;In addition, the specific name of each functional unit, also only to facilitate mutual distinguish, is not limited to the protection model of the application
Enclose.
Second acquisition unit 1501, obtains query key for the identity information according to searcher from KMC,
The identity information of described searcher includes the group that the identity information of described single searchers or the plurality of searchers are located
Identity information;
Wherein, query key is described KMC according to the identity of described searcher or searcher place group
The private key that identity generates.
Inquire-receive unit 1502, generates query token for the query key according to key word and described acquisition, passes through
Described query token inquires about the key word ciphertext after encryption from storage server.
Wherein, the described query key according to key word and described acquisition generates query token, including:
The query key of one or more key word according to searcher and described acquisition generates query token.
By way of said one or multiple key word, it is possible to achieve searcher is to one or more of key words
Scan for inquiring about in described storage server.
Preferable, the described query key according to key word and described acquisition generates query token, including:
When the identity according to searcher place group obtains query key from KMC, described in the described direction of search
Searcher place group submits key word, and described searcher place group checks that whether described searcher is the member in group, if so, then
Described searcher place group generates query token according to described key word and described query key, and described query token is returned
To described searcher.
The embodiment of the present invention provides a kind of search equipment, and described search equipment passes through said one or multiple key word
Mode, it is possible to achieve searcher scans for inquiring about in described storage server to one or more of key words.Lead to simultaneously
Cross searcher place group searcher inquiry to be managed and controls, thus realizing the purpose of multi-user's search.
Embodiment 11
With reference to Figure 16, Figure 16 is a kind of structure drawing of device of encryption device that the embodiment of the present invention 11 provides, and described sets
Standby include with lower unit:
First acquisition unit 1601 and encryption uploading unit 1602, the first ciphering unit 1603, described first ciphering unit
1603 are used for the step 803 executing embodiment five Fig. 8.
One of ordinary skill in the art will appreciate that each included by the equipment in the described embodiment of the present invention 11
Unit is simply divided according to function logic, but is not limited to above-mentioned division, as long as being capable of corresponding function
?;In addition, the specific name of each functional unit, also only to facilitate mutual distinguish, is not limited to the protection of the application
Scope.
First acquisition unit 1601, for obtaining the identity information of searcher and the systematic parameter of KMC,
The identity information of described searcher includes the group that the identity information of described single searchers or the plurality of searchers are located
Identity information;
Encryption uploading unit 1602, for the identity information according to described searcher and described systematic parameter to key word
It is encrypted, and the key word ciphertext after encryption is uploaded to storage server;
First ciphering unit 1603, for the identity information according to described searcher and described systematic parameter encrypting plaintext number
According to, and the ciphertext of the clear data after encryption is uploaded to described storage server.
Specifically, the described identity according to described searcher and described systematic parameter encrypting plaintext data, including:
Identity according to described searcher and described systematic parameter calculate the public key encrypting described clear data, and according to
Clear data described in the described public key encryption calculating.
The embodiment of the present invention is all suitable for for searcher or searcher place group, below mainly taking searcher as a example do into
One step explanation.The embodiment of the present invention is corresponding with the public key encryption key word that systematic parameter calculates by using the identity of searcher
Clear data so that searcher only need to by the corresponding private key of described public key decipher described clear data, Ke Yitong
Cross a pair of public key and private key is realized key word and clear data are encrypted so that simple to operate simultaneously simultaneously.Described key management
Center is provided simultaneously with inquiring about and decipher the ability of total data, it is possible to achieve centralized data management, to company and some political affairs
Mansion office is even more important.
Embodiment 12
With reference to Figure 17, Figure 17 is a kind of structure drawing of device of search equipment that the embodiment of the present invention 12 provides, and described sets
Standby include with lower unit:
Second acquisition unit 1701 and inquire-receive unit 1702, the first decryption unit 1703, described first decryption unit
1703 are used for the step 903 executing embodiment six Fig. 9.
One of ordinary skill in the art will appreciate that each included by the equipment in the described embodiment of the present invention 12
Unit is simply divided according to function logic, but is not limited to above-mentioned division, as long as being capable of corresponding function
?;In addition, the specific name of each functional unit, also only to facilitate mutual distinguish, is not limited to the protection of the application
Scope.
Second acquisition unit 1701, obtains query key for the identity information according to searcher from KMC,
The identity information of described searcher includes the group that the identity information of described single searchers or the plurality of searchers are located
Identity information;
Inquire-receive unit 1702, generates query token for the query key according to key word and described acquisition, passes through
Described query token inquires about the key word ciphertext after encryption from storage server;
First decryption unit 1703, for according to described query key, to the described clear data according to public key encryption
Ciphertext is decrypted, and obtains the clear data after deciphering.
The embodiment of the present invention is corresponding with the public key encryption key word that systematic parameter calculates by using the identity of searcher
Clear data so that searcher only need to by the corresponding private key of described public key decipher described ciphertext data, Ke Yitong
Cross a pair of public key and private key is realized key word and clear data are encrypted so that simple to operate simultaneously simultaneously.Described key management
Center is provided simultaneously with inquiring about and decipher the ability of total data, it is possible to achieve centralized data management, to company and some political affairs
Mansion office is even more important.
Embodiment 13
With reference to Figure 18, Figure 18 is a kind of structure drawing of device of encryption device that the embodiment of the present invention 13 provides, and described sets
Standby include with lower unit:
First acquisition unit 1801 and encryption uploading unit 1802, the second ciphering unit 1803, described second ciphering unit
1803 are used for the step 1103 executing embodiment seven Figure 11.
One of ordinary skill in the art will appreciate that each included by the equipment in the described embodiment of the present invention 13
Unit is simply divided according to function logic, but is not limited to above-mentioned division, as long as being capable of corresponding function
?;In addition, the specific name of each functional unit, also only to facilitate mutual distinguish, is not limited to the protection of the application
Scope.
First acquisition unit 1801, for obtaining the identity information of searcher and the systematic parameter of KMC,
The identity information of described searcher includes the group that the identity information of described single searchers or the plurality of searchers are located
Identity information;
Encryption uploading unit 1802, for the identity information according to described searcher and described systematic parameter to key word
It is encrypted, and the key word ciphertext after encryption is uploaded to storage server;
Second ciphering unit 1803, for the encryption attribute clear data according to described searcher, and will be bright after encryption
The ciphertext of civilian data uploads to described storage server.
Specifically, the including but not limited to following several situations of described attribute:For example, the department that company clerk A is located is certain
Certain research and development department of company A group, then the attribute of company clerk A could be arranged to so-and-so research and development department of company A group, or be set to other shapes
Formula.Sender is according to the corresponding clear data of encryption attribute key word of company clerk A, and the ciphertext after encryption is uploaded to institute
State storage server.
The embodiment of the present invention passes through the corresponding plaintext attribute of encryption attribute searcher key word so that searcher can basis
The attribute setting access rights pre-setting, while can carrying out multiple keyword retrieval to group member, to group data
The decrypted rights of the public property of can search for data be effectively combined.
Embodiment 14
With reference to Figure 19, Figure 19 is a kind of structure drawing of device of search equipment that the embodiment of the present invention 14 provides, and described sets
Standby include with lower unit:
Second acquisition unit 1901 and inquire-receive unit 1902, the 3rd acquiring unit 1903, the second decryption unit 1904,
Described 3rd acquiring unit 1903 is used for the step 1203 executing Figure 12 in embodiment eight, and described second decryption unit 1904 is used for
The step 1204 of Figure 12 in execution embodiment eight.
One of ordinary skill in the art will appreciate that each included by the equipment in the described embodiment of the present invention 14
Unit is simply divided according to function logic, but is not limited to above-mentioned division, as long as being capable of corresponding function
?;In addition, the specific name of each functional unit, also only to facilitate mutual distinguish, is not limited to the protection of the application
Scope.
Second acquisition unit 1901, obtains query key for the identity information according to searcher from KMC,
The identity information of described searcher includes the group that the identity information of described single searchers or the plurality of searchers are located
Identity information;
Inquire-receive unit 1902, generates query token for the query key according to key word and described acquisition, passes through
Described query token inquires about the key word ciphertext after encryption from storage server;
3rd acquiring unit 1903, for obtaining institute according to the searcher attribute pre-setting from described KMC
State the corresponding data decryption key of attribute;
Second decryption unit 1904, for according to described data decryption key, the basis that described storage server is returned
The ciphertext of the described clear data of searcher encryption attribute pre-setting is decrypted, and obtains the clear data after deciphering.
The embodiment of the present invention passes through the corresponding plaintext attribute of encryption attribute searcher key word so that searcher can basis
The attribute setting access rights pre-setting, while can carrying out multiple keyword retrieval to group member, to group data
The decrypted rights of the public property of can search for data be effectively combined.
Embodiment 15
With reference to Figure 20, Figure 20 is a kind of structure drawing of device of encryption device that the embodiment of the present invention 15 provides.With reference to figure
20, Figure 20 is a kind of encryption device 2000 provided in an embodiment of the present invention, and the specific embodiment of the invention does not set to described network
Standby implementing limits.Described equipment 2000 includes:
Processor (processor) 2001, communication interface (Communications Interface) 2002, memorizer
(memory) 2003, bus 2004.
Processor 2001, communication interface 2002, memorizer 2003 completes mutual communication by bus 2004.
Communication interface 2002, for being communicated with other equipment;
Processor 2001, for configuration processor A.
Specifically, program A can include program code, and described program code includes computer-managed instruction.
Processor 2001 is probably a central processor CPU, or specific integrated circuit ASIC(Application
Specific Integrated Circuit), or be arranged to implement the one or more integrated electricity of the embodiment of the present invention
Road.
Memorizer 2003, is used for depositing program A.Memorizer 2003 may comprise high-speed RAM memorizer it is also possible to also include
Nonvolatile memory(non-volatile memory), for example, at least one disk memory.Program A specifically can include:
First acquisition unit 1401, for obtaining the identity information of searcher and the systematic parameter of KMC,
The identity information of described searcher includes the group that the identity information of described single searchers or the plurality of searchers are located
Identity information;
Encryption uploading unit 1402, for the identity information according to described searcher and described systematic parameter to key word
It is encrypted, and the key word ciphertext after encryption is uploaded to storage server.
Or program A specifically can include:
First acquisition unit 1601, for obtaining the identity information of searcher and the systematic parameter of KMC,
The identity information of described searcher includes the group that the identity information of described single searchers or the plurality of searchers are located
Identity information;
Encryption uploading unit 1602, for the identity information according to described searcher and described systematic parameter to key word
It is encrypted, and the key word ciphertext after encryption is uploaded to storage server;
First ciphering unit 1603, for the identity information according to described searcher and described systematic parameter encrypting plaintext number
According to, and the ciphertext of the clear data after encryption is uploaded to described storage server.
Or program A specifically can include:
First acquisition unit 1801, for obtaining the identity information of searcher and the systematic parameter of KMC,
The identity information of described searcher includes the group that the identity information of described single searchers or the plurality of searchers are located
Identity information;
Encryption uploading unit 1802, for the identity information according to described searcher and described systematic parameter to key word
It is encrypted, and the key word ciphertext after encryption is uploaded to storage server;
Second ciphering unit 1803, for the encryption attribute clear data according to described searcher, and will be bright after encryption
The ciphertext of civilian data uploads to described storage server.
The implementing referring to the corresponding units in Figure 14 or Figure 16 or embodiment illustrated in fig. 18 of each unit in program A,
This does not repeat.
Embodiment 16
With reference to Figure 21, Figure 21 is a kind of structure drawing of device of search equipment that the embodiment of the present invention 16 provides.With reference to figure
21, Figure 21 is a kind of search equipment 2100 provided in an embodiment of the present invention, and the specific embodiment of the invention does not set to described network
Standby implementing limits.Described search equipment 2100 includes:
Processor (processor) 2101, communication interface (Communications Interface) 2102, memorizer
(memory) 2103, bus 2104.
Processor 2101, communication interface 2102, memorizer 2103 completes mutual communication by bus 2104.
Communication interface 2102, for being communicated with other equipment;
Processor 2101, for configuration processor A.
Specifically, program A can include program code, and described program code includes computer-managed instruction.
Processor 2101 is probably a central processor CPU, or specific integrated circuit ASIC(Application
Specific Integrated Circuit), or be arranged to implement the one or more integrated electricity of the embodiment of the present invention
Road.
Memorizer 2103, is used for depositing program A.Memorizer 2103 may comprise high-speed RAM memorizer it is also possible to also include
Nonvolatile memory(non-volatile memory), for example, at least one disk memory.Program A specifically can include:
Second acquisition unit 1501, obtains query key for the identity information according to searcher from KMC,
The identity information of described searcher includes the group that the identity information of described single searchers or the plurality of searchers are located
Identity information;
Inquire-receive unit 1502, generates query token for the query key according to key word and described acquisition, passes through
Described query token inquires about the key word ciphertext after encryption from storage server.
Or program A specifically can include:
Second acquisition unit 1701, obtains query key for the identity information according to searcher from KMC,
The identity information of described searcher includes the group that the identity information of described single searchers or the plurality of searchers are located
Identity information;
Inquire-receive unit 1702, generates query token for the query key according to key word and described acquisition, passes through
Described query token inquires about the key word ciphertext after encryption from storage server;
First decryption unit 1703, for according to described query key, to the described clear data according to public key encryption
Ciphertext is decrypted, and obtains the clear data after deciphering.
Or program A specifically can include:
Second acquisition unit 1901, obtains query key for the identity information according to searcher from KMC,
The identity information of described searcher includes the group that the identity information of described single searchers or the plurality of searchers are located
Identity information;
Inquire-receive unit 1902, generates query token for the query key according to key word and described acquisition, passes through
Described query token inquires about the key word ciphertext after encryption from storage server;
3rd acquiring unit 1903, for obtaining institute according to the searcher attribute pre-setting from described KMC
State the corresponding data decryption key of attribute;
Second decryption unit 1904, for according to described data decryption key, the basis that described storage server is returned
The ciphertext of the described clear data of searcher encryption attribute pre-setting is decrypted, and obtains the clear data after deciphering.
The implementing referring to the corresponding units in Figure 15 or Figure 17 or embodiment illustrated in fig. 19 of each unit in program A,
This does not repeat.
The foregoing is only the preferred embodiment of the present invention, do not constitute limiting the scope of the present invention.Any
Any modification, equivalent and improvement of being made within the spirit and principles in the present invention etc., should be included in application claims
Within the scope of comprising.
Claims (22)
1. one kind can search for encryption method it is characterised in that methods described includes:
Obtain the identity information of searcher and the systematic parameter of KMC, the identity information of described searcher includes list
The identity information of the group at the identity information of individual searchers or several searchers place;
Identity information according to described searcher and described systematic parameter are encrypted to key word, and by encryption after key
Word ciphertext uploads to storage server;
The described identity information according to described searcher and described systematic parameter are encrypted to key word, including:
Identity information according to described searcher and described systematic parameter calculate the public key encrypting described key word, and according to institute
State key word described in the public key encryption calculating.
2. method according to claim 1 is it is characterised in that methods described also includes:
Identity information according to described searcher and described systematic parameter encrypting plaintext data, and by the clear data after encryption
Ciphertext uploads to described storage server.
3. method according to claim 2 is it is characterised in that the described identity according to described searcher and described system are joined
Number encrypting plaintext data, including:
Identity information according to described searcher and described systematic parameter calculate the public key encrypting described clear data, and according to
Clear data described in the described public key encryption calculating.
4. method according to claim 1 is it is characterised in that methods described also includes:
According to the encryption attribute clear data of described searcher, and the ciphertext of the clear data after encryption is uploaded to described storage
Server.
5. a kind of identity-based can search for encryption method it is characterised in that methods described includes:
Identity information according to searcher obtains query key from KMC, and the identity information of described searcher includes list
The identity information of the group at the identity information of individual searchers or several searchers place;
Query key according to key word and described acquisition generates query token, by described query token from storage server
Key word ciphertext after inquiry encryption;
Described key word ciphertext after described query token inquires about encryption from storage server, including:
The file of the key word after comprising to encrypt is inquired about by described query token from storage server.
6. method according to claim 5 is it is characterised in that the described query key according to key word and described acquisition is given birth to
Become query token, including:
When the identity according to searcher place group obtains query key from KMC, search for described in the described direction of search
Square place group submits key word, and described searcher place group checks that whether described searcher is the member in group, if so, then described
Searcher place group generates query token according to described key word and described query key, and described query token is returned to institute
State searcher.
7. method according to claim 5 is it is characterised in that described looked into from storage server by described query token
Ask the key word ciphertext after encryption, including:
Receive the ciphertext of the clear data according to public key encryption that described storage server returns.
8. method according to claim 7 is it is characterised in that methods described receives described storage server return in step
The ciphertext according to the clear data of public key encryption after, also include:
According to described query key, the ciphertext of the described clear data according to public key encryption is decrypted, after obtaining deciphering
Clear data.
9. the method described in the method according to claim 5 to 8 any one, it is characterised in that methods described, is also wrapped
Include:
The corresponding data decryption key of described attribute is obtained from described KMC according to the searcher attribute pre-setting.
10. method according to claim 9 it is characterised in that described by described query token from storage server
Key word ciphertext after inquiry encryption, including:
Receive the ciphertext of the clear data according to the described searcher encryption attribute pre-setting that described storage server returns.
11. methods according to claim 10 are it is characterised in that methods described is returned in the described storage server of step reception
After the ciphertext of the clear data according to the described searcher encryption attribute pre-setting returned, also include:
According to described data decryption key, added according to the described searcher attribute pre-setting to what described storage server returned
The ciphertext of close clear data is decrypted, and obtains the clear data after deciphering.
A kind of 12. encryption devices are it is characterised in that described equipment includes:
First acquisition unit, for obtaining the identity information of searcher and the systematic parameter of KMC, described search
The identity information of side includes the identity information of single searchers or the identity information of the group at several searchers place;
Encryption uploading unit, carries out to key word adding for the identity information according to described searcher and described systematic parameter
Close, and the key word ciphertext after encryption is uploaded to storage server;
Described encryption uploading unit specifically for:
Identity information according to described searcher and described systematic parameter calculate the public key encrypting described key word, and according to institute
State key word described in the public key encryption calculating.
13. equipment according to claim 12 are it is characterised in that described equipment also includes:
First ciphering unit, for the identity information according to described searcher and described systematic parameter encrypting plaintext data, and will
The ciphertext of the clear data after encryption uploads to described storage server.
14. equipment according to claim 13 it is characterised in that described first ciphering unit specifically for:
Identity information according to described searcher and described systematic parameter calculate the public key encrypting described clear data, and according to
Clear data described in the described public key encryption calculating.
15. equipment according to claim 12 are it is characterised in that described equipment also includes:
Second ciphering unit, for the encryption attribute clear data according to described searcher, and by the clear data after encryption
Ciphertext uploads to described storage server.
A kind of 16. search equipment are it is characterised in that described equipment includes:
Second acquisition unit, obtains query key, described search for the identity information according to searcher from KMC
The identity information of side includes the identity information of single searchers or the identity information of the group at several searchers place;
Inquire-receive unit, generates query token for the query key according to key word and described acquisition, by described inquiry
Token inquires about the key word ciphertext after encryption from storage server;
Key after described query token inquires about encryption from storage server for the execution step in described inquire-receive unit
Word ciphertext, including:
The file of the key word after comprising to encrypt is inquired about by described query token from storage server.
17. equipment according to claim 16 are it is characterised in that described inquire-receive unit execution step is according to key word
Generate query token with the query key of described acquisition, including:
When the identity according to searcher place group obtains query key from KMC, search for described in the described direction of search
Square place group submits key word, and described searcher place group checks that whether described searcher is the member in group, if so, then described
Searcher place group generates query token according to described key word and described query key, and described query token is returned to institute
State searcher.
18. equipment according to claim 16 it is characterised in that described inquire-receive unit, including:
Receive the ciphertext of the clear data according to public key encryption that described storage server returns.
19. equipment according to claim 18 it is characterised in that described equipment also includes the first decryption unit, described
One decryption unit specifically for:
According to described query key, the ciphertext of the described clear data according to public key encryption is decrypted, after obtaining deciphering
Clear data.
20. equipment according to claim 16 to 19 any one are it is characterised in that described equipment also includes the 3rd acquisition
Unit, described 3rd acquiring unit specifically for:
The corresponding data decryption key of described attribute is obtained from described KMC according to the searcher attribute pre-setting.
21. equipment according to claim 20 it is characterised in that described inquire-receive unit, including:
Receive the ciphertext of the clear data according to the described searcher encryption attribute pre-setting that described storage server returns.
22. equipment according to claim 21 it is characterised in that described equipment also includes the second decryption unit, described
Two decryption unit specifically for:
According to described data decryption key, added according to the described searcher attribute pre-setting to what described storage server returned
The ciphertext of close clear data is decrypted, and obtains the clear data after deciphering.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210534843.0A CN103873236B (en) | 2012-12-12 | 2012-12-12 | One kind can search for encryption method and equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210534843.0A CN103873236B (en) | 2012-12-12 | 2012-12-12 | One kind can search for encryption method and equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103873236A CN103873236A (en) | 2014-06-18 |
CN103873236B true CN103873236B (en) | 2017-03-08 |
Family
ID=50911386
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210534843.0A Active CN103873236B (en) | 2012-12-12 | 2012-12-12 | One kind can search for encryption method and equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103873236B (en) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105471826B (en) * | 2014-09-04 | 2019-08-20 | 中电长城网际系统应用有限公司 | Ciphertext data query method, apparatus and cryptogram search server |
CN104394155B (en) * | 2014-11-27 | 2017-12-12 | 暨南大学 | It can verify that multi-user's cloud encryption keyword searching method of integrality and completeness |
CN105049196B (en) * | 2015-07-13 | 2018-08-03 | 佛山市明茂网络科技有限公司 | The encryption method that multiple keywords of designated position can search in cloud storage |
CN105681030B (en) * | 2015-12-31 | 2017-12-19 | 腾讯科技(深圳)有限公司 | key management system, method and device |
CN105868987B (en) * | 2016-03-28 | 2019-08-13 | 中国银联股份有限公司 | A kind of method and system of shared information between devices |
WO2017166054A1 (en) * | 2016-03-29 | 2017-10-05 | 深圳大学 | Quantum homomorphism symmetry searchable encryption method and system |
CN105933281B (en) * | 2016-03-29 | 2019-05-07 | 深圳大学 | A kind of quantum homomorphism symmetrically can search for the method and system of encryption |
CN105915520B (en) * | 2016-04-18 | 2019-02-12 | 深圳大学 | It can search for file storage, searching method and the storage system of encryption based on public key |
CN111416710B (en) * | 2020-03-24 | 2023-05-02 | 国网山东省电力公司 | Certificateless searchable encryption method and system applied to multiple receiving ends |
CN112152803B (en) * | 2020-09-15 | 2021-12-21 | 河海大学 | Identity-based encryption method with searchable multi-receiver ciphertext |
CN114884700B (en) * | 2022-04-18 | 2023-04-28 | 华中科技大学 | Searchable public key encryption batch processing method and system for resisting key guessing attack |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102318263A (en) * | 2009-02-16 | 2012-01-11 | 微软公司 | Trusted cloud computing and services framework |
CN102687132A (en) * | 2009-12-15 | 2012-09-19 | 微软公司 | Trustworthy extensible markup language for trustworthy computing and data services |
CN102687133A (en) * | 2009-11-16 | 2012-09-19 | 微软公司 | Containerless data for trustworthy computing and data services |
-
2012
- 2012-12-12 CN CN201210534843.0A patent/CN103873236B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102318263A (en) * | 2009-02-16 | 2012-01-11 | 微软公司 | Trusted cloud computing and services framework |
CN102687133A (en) * | 2009-11-16 | 2012-09-19 | 微软公司 | Containerless data for trustworthy computing and data services |
CN102687132A (en) * | 2009-12-15 | 2012-09-19 | 微软公司 | Trustworthy extensible markup language for trustworthy computing and data services |
Also Published As
Publication number | Publication date |
---|---|
CN103873236A (en) | 2014-06-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103873236B (en) | One kind can search for encryption method and equipment | |
Zhang et al. | DeepPAR and DeepDPA: privacy preserving and asynchronous deep learning for industrial IoT | |
CN110008717B (en) | Decision tree classification service system and method supporting privacy protection | |
Hohenberger et al. | Online/offline attribute-based encryption | |
Shao et al. | Fine-grained data sharing in cloud computing for mobile devices | |
Uludag et al. | Secure and scalable data collection with time minimization in the smart grid | |
Wang et al. | A ciphertext-policy attribute-based encryption scheme supporting keyword search function | |
CN105743646B (en) | A kind of Identity based encryption method and system | |
Touati et al. | Collaborative kp-abe for cloud-based internet of things applications | |
CN107196926A (en) | A kind of cloud outsourcing privacy set comparative approach and device | |
JP6363032B2 (en) | Key change direction control system and key change direction control method | |
Jin et al. | A secure and lightweight data access control scheme for mobile cloud computing | |
Liu et al. | TMDS: thin-model data sharing scheme supporting keyword search in cloud storage | |
Li et al. | Enabling efficient and secure data sharing in cloud computing | |
US20040037424A1 (en) | Information distribution and processing | |
Liao et al. | Cost-efficient outsourced decryption of attribute-based encryption schemes for both users and cloud server in green cloud computing | |
Ma et al. | Adaptable key-policy attribute-based encryption with time interval | |
Qin et al. | Simultaneous authentication and secrecy in identity-based data upload to cloud | |
Debnath et al. | Study and scope of signcryption for cloud data access control | |
Huang et al. | Lightweight authentication scheme with dynamic group members in IoT environments | |
Dua et al. | A study of applications based on elliptic curve cryptography | |
Chen et al. | Blockchain/abe-based fusion solution for e-government data sharing and privacy protection | |
Mehrotra et al. | An efficient model for privacy and security in mobile cloud computing | |
CN114944936A (en) | Privacy routing server, encryption protocol conversion method and machine readable storage medium | |
Kanchanadevi et al. | An Attribute based encryption scheme with dynamic attributes supporting in the hybrid cloud |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20220228 Address after: 550025 Huawei cloud data center, jiaoxinggong Road, Qianzhong Avenue, Gui'an New District, Guiyang City, Guizhou Province Patentee after: Huawei Cloud Computing Technology Co.,Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. |