CN104980437A - Identity-based authorized third party data integrity proving method - Google Patents

Identity-based authorized third party data integrity proving method Download PDF

Info

Publication number
CN104980437A
CN104980437A CN201510322919.7A CN201510322919A CN104980437A CN 104980437 A CN104980437 A CN 104980437A CN 201510322919 A CN201510322919 A CN 201510322919A CN 104980437 A CN104980437 A CN 104980437A
Authority
CN
China
Prior art keywords
party
user
challenge
data
mandate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510322919.7A
Other languages
Chinese (zh)
Other versions
CN104980437B (en
Inventor
赵洋
熊虎
陈阳
任华强
包文意
岳峰
王士雨
吴世坤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Jietong Transportation Technology Co ltd
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN201510322919.7A priority Critical patent/CN104980437B/en
Publication of CN104980437A publication Critical patent/CN104980437A/en
Application granted granted Critical
Publication of CN104980437B publication Critical patent/CN104980437B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an identity-based authorized third party data integrity proving method. The method is designed based on double-line pair and identity encryption technologies. By embedding user authorization evidence into generation of a data block tag to be stored, the purpose that only the third party with user authorization can complete remote data integrity checking is achieved. The invention puts forward an identity-based authorized third party proving method beyond the existing remote data private verification and public verification, and meets the need for privacy protection while realizing user-entrusted verification. In addition, the method ensures the fairness between a data owning party and a data storing party. The data storing party inspects a data block-tag pair uploaded by the data owning party in order to prevent malicious users from uploading wrong data and unreasonable claim over the storing party caused thereby.

Description

A kind of authorized third party data integrity method of proof of identity-based
Technical field
The present invention relates to information security technology.
Background technology
Cloud computing is the important directions of Information Technology Development, is the basic technology of large data age.It is with had powerful calculating and storage capacity and can be the focus direction that user provides the many merits such as on-demand service to become current information industry development, and is progressively applied to reality.
Cloud is stored as the important component part of cloud computing, has started to be widely accepted and use.User can need to store data in remote cloud server according to oneself, buys and the burden safeguarded, can also obtain the facility of accessing at any time simultaneously to reduce hardware.But just because of user's not actual storage data, this uncontrollability brings the risk of data security to user.
Cloud service provider due to himself interests or other reasons may can not be correct, complete storage user data, that at this moment how to carry out that remote data integrity inspection just becomes is extremely important.
According to the difference of verifier, current cloud data integrity check scheme can be divided into privately owned checking and public checking two kinds.Privately owned checking can only complete checkout procedure by data owner self and any third party of public checking support tests.But when user self cannot complete checkout procedure, when not wishing again the data of any third party inspection oneself, the scheme of above two types cannot be met consumers' demand simultaneously.
In addition, existing proof scheme is mostly based on traditional public key certificate framework, and user or third party are when carrying out data integrity check, and this brings extra communication overhead and implementation complexity to inspection to need first to inquire about public key certificate.Meanwhile, the management and utilization of certificate repository also expends huge.
Summary of the invention
Technical problem to be solved by this invention is, provide a kind of identity-based, the third party that can be specified by user completes, safely and effectively the remote data integrity method of inspection.
The present invention for the adopted technical scheme that solves the problem is, provides a kind of authorized third party data integrity verification method of identity-based, it is characterized in that, comprise the following steps.
One, secret key generates with mandate.
By private key generating center (PKG) selecting system private key and computing system PKI, be then that it generates the public private key pair corresponding with its ID according to the ID of each participant of system, and send to each side.In addition, generate mandate evidence by user, and mandate is signed.
Two, data block-label is to generation.
File F is divided into n data block by user, and with oneself private key to each data block generating labels, is embedded in each label by mandate evidence simultaneously.Then data block-label is preserved sending to cloud storage server by user, and sends to third party to authorize mandate evidence.
Three, authorized third party initiates challenge.
Third party, after the mandate receiving user, can initiate data integrity validation challenge according to agreement to Cloud Server, and challenge information comprises the generating random number key value of the block number of challenge, permutation function key value and each piece.Then challenge information is issued Cloud Server in company with the mandate of oneself by authorized third party.
Four, challenge responses.
Cloud Server, after receiving third-party challenge, first calculates the random value of block and each piece that will challenge by the challenging value sent and permutation function and pseudo-random function.Then, Cloud Server polymerization returns to challenger containing by the proof of challenge block and block label information.
Five, checking.
Challenger, after receiving the proof information of Cloud Server, utilizes the integrality of the parameter in the mandate of oneself, system and known public key verifications data.Whether be verified calculating equation constructed by Bilinear map to have set up, the checking due to equation, so the third party only having mandate could integrity authentication if needing to use authorization message.Finally, the result is informed user by authorized third party.
The object of the present invention is achieved like this.
In the present invention, user is that the third party that will authorize generates evidence, and will evidence be authorized to be embedded in the label generated for each data block.When carrying out remote data integrity checking, only having and authorizing the third party of evidence just can complete proof procedure, thus achieving authorized third party data integrity validation.In addition, the present invention adopts the secret key system of identity-based, alleviates the burden such as certificate query, management and utilization that traditional PKIX framework (PKI) brings to user, decreases calculating and the communication overhead of user.
The invention has the beneficial effects as follows, both met the demand that lightweight user realizes remote data integrity inspection by third party, forbidden again any third party to test thus protect privacy of user, compensate for the deficiency of existing scheme.Meanwhile, present invention reduces the calculating in proof procedure and communication overhead.
Embodiment
To be described in detail the present invention below.
1.1 pre-knowledges-bilinear map.
If G 1p (p is Big prime) the factorial method cyclic group of to be a generator be g, G 2the multiplication loop group of same order.Bilinear map is the mapping meeting following character [26]e:G 1× G 1→ G 2.
(1) bilinearity: to arbitrarily there is e (g 1 2, g 2 b)=e (g 1, g 2) ab.
(2) non-degeneracy: e (g, g) ≠ 1.
(3) computability: always there is effective algorithm and calculate mapping e.
The 1.2 symbol implications used.
H, H 1, h is cryptographic Hash function, for pseudo-random function, S is random permutation function.
The authorized third party data integrity identification protocol of 1.3 identity-based, comprises 5 stages.
One, secret key generates with mandate.
Private key generating center (PKG) chooses a random number as main system private key, computing system PKI M=g simultaneously m, m as system parameters, and maintains secrecy by open M.
PKG is according to user (User), authorized third party (ATP), cloud service provider (CSP) tripartite identity id ∈ { 0,1} subsequently *, calculate three parts cipher key, obtain the PKI of User: U=H (User id), private key: u=mU; The PKI of ATP: A=H (ATP id), private key: a=mA; The PKI of CSP: C=H (CSP id), private key: c=mC.
Tripartite, after receiving the key that PKG sends from safe lane, uses equation: g respectively u=M u, g a=M a, g c=M cconfirm the correctness of key, if equation is set up, receive key, otherwise request repeat.
User, after receiving correct key, generates and authorizes v, and to authorized signature S v=Sig u(v).
Two, data block label generates.
File F is divided into n blocks of files by user then signature is generated according to following manner to each piece: calculate 1. k=H (e (M a, M c) u, v); 2. θ is calculated i=f k(i); 3. label is calculated wherein r ∈ G 1chosen by user and disclose.
User is by block-label pair cSP is sent to store, by (v, S with v v) send to ATP to authorize it.Afterwards, user can delete local data and block-label pair.
After CSP receives the data that user sends, the correctness that proof mass-label is right, process is as follows: 1. calculate k '=H (e (M u, M a) c, v); 2. θ is calculated i'=f k' (i); If 3. equation set up, accept block-label pair, otherwise require to retransmit.
ATP, after receiving the mandate that user sends, runs AuthVerify algorithm and confirm mandate, if correct, accept mandate, otherwise request is authorized again.
Three, authorized third party initiates challenge.
ATP, after receiving subscriber authorisation, requires to initiate challenge to CSP according to user, and first ATP chooses individual the waiting of x (1≤x≤n) and challenge block, and selects a random number as pseudo-random permutation function S key value with ensure challenge randomness.
Then, ATP is by challenge information with its mandate (v, S v) send to CSP together.
Four, challenge responses.
First CSP judges the legitimacy that ATP authorizes, if legal, then accepts the challenge of ATP after receiving the challenge that ATP sends, and generates and prove.
First CSP calculates the block of ATP request challenge: i w=S λ(w), and be an each piece of calculating random parameter: wherein 1≤w≤x.
Then CSP calculates polymerization proves with and (T, X) is sent to ATP.
Five, checking.
ATP is after receiving the proof of CSP, and the correctness of executing arithmetic testing identity, first calculates: k "=H (e (M u, M c) a, v).
Then ATP verifies equation rob Roy whether is become to judge data integrity.If equation is set up prove data integrity, otherwise illustrate that data are wrong.
The checking derivation of equation is as follows.
By H (e (M a, MC) and u, v)=H (e (MU, MA) c, v)=H (e (MU, Mc) a, v)=H (e (g, g) auc, v) known k=k '=k ".

Claims (5)

1. an authorized third party data integrity method of proof for identity-based, is characterized in that, comprise following steps:
One, secret key generates with mandate;
By private key generating center (PKG) selecting system private key and computing system PKI, be then that it generates the public private key pair corresponding with its ID according to the ID of each participant of system, and send to each side; In addition, generate mandate evidence by user, and mandate is signed;
Two, data block label generates;
File F is divided into n data block by user, and with oneself private key to each data block generating labels, is embedded in each label by mandate evidence simultaneously; Then data block-label is preserved sending to cloud storage server by user, and sends to third party to authorize mandate evidence;
Three, authorized third party initiates challenge;
Third party, after the mandate receiving user, can initiate data integrity validation challenge according to agreement to Cloud Server, and challenge information comprises the generating random number key value of the block number of challenge, permutation function key value and each piece; Then challenge information is issued Cloud Server in company with the mandate of oneself by authorized third party;
Four, challenge responses;
Cloud Server, after receiving third-party challenge, first calculates the random value of block and each piece that will challenge by the challenging value sent and permutation function and pseudo-random function; Then, Cloud Server polymerization returns to challenger containing by the proof of challenge block and block label information;
Five, checking;
Challenger, after receiving the proof information of Cloud Server, utilizes the integrality of the parameter in the mandate of oneself, system and known public key verifications data; Whether be verified calculating equation constructed by Bilinear map to have set up, the checking due to equation, so only have third party's ability integrity authentication of mandate if needing to use authorization message; Finally, the result is informed user by authorized third party.
2. the authorized third party data integrity method of proof of a kind of identity-based as claimed in claim 1, is characterized in that, the concrete grammar that secret key generates is:
First a random number is chosen by private key generating center (PKG) as main system private key, computing system PKI M=g simultaneously m; Then PKG is according to identity id ∈ { 0,1} *, calculate user (User), authorized third party (ATP) and the key of cloud service provider (CSP), obtain the PKI of User: U=H (User id), private key: u=mU; The PKI of ATP: A=H (ATP id), private key: a=mA; The PKI of CSP: C=(CSP id), private key: c=mC; Tripartite, after receiving the key that PKG sends from safe lane, uses equation: g respectively u=M u, g a=M a, g c=M cconfirm the correctness of key, if equation is set up, receive key, otherwise request repeat.
3. the authorized third party data integrity method of proof of a kind of identity-based as claimed in claim 1, it is characterized in that, mandate must be embedded in block label, authorizes the concrete grammar that label generates to be:
User, after receiving correct key, generates and authorizes v, and to authorized signature Sv=Sig u(v); Then file F is divided into n block by user and generate signature according to following manner to each piece: 1. calculate k=H (e (M a, M c) u, v); 2. θ is calculated i=f k(i); 3. label is calculated wherein r ∈ G 1chosen by user and disclose; End user is by block-label pair cSP is sent to store, by (v, S with v v) send to ATP to authorize it.
4. the authorized third party data integrity method of proof of a kind of identity-based as claimed in claim 1, is characterized in that, challenge with respond the concrete grammar generated and be:
ATP, after receiving subscriber authorisation, initiates challenge according to user's request to CSP; First ATP chooses individual the waiting of x (1≤x≤n) and challenges block, and selects a random number as the key value of pseudo-random permutation function S; Then, ATP is by challenge information with mandate (v, S v) send to CSP; CSP is after receiving challenge, and first judge the legitimacy that ATP authorizes, if legal, then generate proof, detailed process is as follows: CSP calculates the block of ATP request challenge: i w=S λ(w), and the random parameter calculating each piece: wherein 1≤w≤x; Then CSP calculates with and (T, X) is returned to ATP as evidence.
5. a kind of authorized third party data integrity method of proof of identity-based as described in claim 1 or 3, it is characterized in that, the checking proved must use mandate evidence, and concrete grammar is:
ATP, after the response receiving CSP, first calculates: k n=H (e (M u, M c) a, v), then verify equation: whether set up, prove data integrity if set up, otherwise illustrate that storage of subscriber data is wrong.
CN201510322919.7A 2015-06-12 2015-06-12 A kind of authorization third party's data integrity method of proof of identity-based Active CN104980437B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510322919.7A CN104980437B (en) 2015-06-12 2015-06-12 A kind of authorization third party's data integrity method of proof of identity-based

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510322919.7A CN104980437B (en) 2015-06-12 2015-06-12 A kind of authorization third party's data integrity method of proof of identity-based

Publications (2)

Publication Number Publication Date
CN104980437A true CN104980437A (en) 2015-10-14
CN104980437B CN104980437B (en) 2019-02-12

Family

ID=54276541

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510322919.7A Active CN104980437B (en) 2015-06-12 2015-06-12 A kind of authorization third party's data integrity method of proof of identity-based

Country Status (1)

Country Link
CN (1) CN104980437B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105491069A (en) * 2016-01-14 2016-04-13 西安电子科技大学 Integrity verification method based on active attack resistance in cloud storage
CN107453865A (en) * 2017-07-18 2017-12-08 众安信息技术服务有限公司 A kind of multiparty data sharing method and system for protecting data transmission source privacy
CN107483585A (en) * 2017-08-18 2017-12-15 西安电子科技大学 The efficient data integrality auditing system and method for safe duplicate removal are supported in cloud environment
CN107948143A (en) * 2017-11-15 2018-04-20 安徽大学 Identity-based privacy protection integrity detection method and system in cloud storage
CN108234504A (en) * 2018-01-12 2018-06-29 安徽大学 Identity-based proxy data integrity detection method in cloud storage
CN109218254A (en) * 2017-06-29 2019-01-15 广东高电科技有限公司 A method of detection electric network data cloud storage integrality
CN117094012A (en) * 2023-08-21 2023-11-21 中胜信用管理有限公司 Intelligent verification method and system for electronic authorization order

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103425941A (en) * 2013-07-31 2013-12-04 广东数字证书认证中心有限公司 Cloud storage data integrity verification method, equipment and server
CN104135470A (en) * 2014-07-11 2014-11-05 宇龙计算机通信科技(深圳)有限公司 A method and system for verifying storage integrity of target data
CN104394155A (en) * 2014-11-27 2015-03-04 暨南大学 Multi-user cloud encryption keyboard searching method capable of verifying integrity and completeness

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103425941A (en) * 2013-07-31 2013-12-04 广东数字证书认证中心有限公司 Cloud storage data integrity verification method, equipment and server
CN104135470A (en) * 2014-07-11 2014-11-05 宇龙计算机通信科技(深圳)有限公司 A method and system for verifying storage integrity of target data
CN104394155A (en) * 2014-11-27 2015-03-04 暨南大学 Multi-user cloud encryption keyboard searching method capable of verifying integrity and completeness

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
于洋洋等: ""一种云存储数据完整性验证方法"", 《华东理工大学学报(自然科学版)》 *
王博洋: ""关于云端群组数据完整性验证的研究"", 《中国博士学位论文全文数据库信息科技辑》 *
秦志光等: ""云存储服务中数据完整性审计方案综述"", 《信息网络安全》 *
谭霜等: ""云存储中的数据完整性证明研究及进展"", 《计算机学报》 *
钟婷等: ""云存储中基于SBT的数据完整性验证机制"", 《电子科技大学学报》 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105491069B (en) * 2016-01-14 2018-08-21 西安电子科技大学 Based on the integrity verification method for resisting active attack in cloud storage
CN105491069A (en) * 2016-01-14 2016-04-13 西安电子科技大学 Integrity verification method based on active attack resistance in cloud storage
CN109218254A (en) * 2017-06-29 2019-01-15 广东高电科技有限公司 A method of detection electric network data cloud storage integrality
CN107453865B (en) * 2017-07-18 2020-09-11 众安信息技术服务有限公司 Multi-party data sharing method and system for protecting privacy of data sending source
WO2019015547A1 (en) * 2017-07-18 2019-01-24 众安信息技术服务有限公司 Data sharing method and data sharing system
CN107453865A (en) * 2017-07-18 2017-12-08 众安信息技术服务有限公司 A kind of multiparty data sharing method and system for protecting data transmission source privacy
CN107483585A (en) * 2017-08-18 2017-12-15 西安电子科技大学 The efficient data integrality auditing system and method for safe duplicate removal are supported in cloud environment
CN107483585B (en) * 2017-08-18 2020-03-10 西安电子科技大学 Efficient data integrity auditing system and method supporting safe deduplication in cloud environment
CN107948143A (en) * 2017-11-15 2018-04-20 安徽大学 Identity-based privacy protection integrity detection method and system in cloud storage
CN107948143B (en) * 2017-11-15 2021-03-30 安徽大学 Identity-based privacy protection integrity detection method and system in cloud storage
CN108234504A (en) * 2018-01-12 2018-06-29 安徽大学 Identity-based proxy data integrity detection method in cloud storage
CN117094012A (en) * 2023-08-21 2023-11-21 中胜信用管理有限公司 Intelligent verification method and system for electronic authorization order
CN117094012B (en) * 2023-08-21 2024-04-30 中胜信用管理有限公司 Intelligent verification method and system for electronic authorization order

Also Published As

Publication number Publication date
CN104980437B (en) 2019-02-12

Similar Documents

Publication Publication Date Title
CN111083131B (en) Lightweight identity authentication method for power Internet of things sensing terminal
CN109756485B (en) Electronic contract signing method, electronic contract signing device, computer equipment and storage medium
CN104811450B (en) The date storage method and integrity verification method of a kind of identity-based in cloud computing
CN107947913B (en) Anonymous authentication method and system based on identity
CN104980437B (en) A kind of authorization third party's data integrity method of proof of identity-based
CN108768608B (en) Privacy protection identity authentication method supporting thin client under block chain PKI
CN102946313B (en) A kind of user authentication model for quantum key distribution network and method
CN103517273B (en) Authentication method, managing platform and Internet-of-Things equipment
CN103297403B (en) A kind of method and system for realizing dynamic cipher verification
US20190052622A1 (en) Device and method certificate generation
CN108270571A (en) Internet of Things identity authorization system and its method based on block chain
CN101902476B (en) Method for authenticating identity of mobile peer-to-peer user
KR101634158B1 (en) Method for authenticating identity and generating share key
CN109327313A (en) A kind of Bidirectional identity authentication method with secret protection characteristic, server
CN113360943B (en) Block chain privacy data protection method and device
WO2019093478A1 (en) Key exchange device, key exchange system, key exchange method, and key exchange program
CN101296075A (en) Identity authentication system based on elliptic curve
CN110020524A (en) A kind of mutual authentication method based on smart card
CN113468570A (en) Private data sharing method based on intelligent contract
CN106487786A (en) A kind of cloud data integrity verification method based on biological characteristic and system
CN114553441B (en) Electronic contract signing method and system
TWI556618B (en) Network Group Authentication System and Method
CN104618113A (en) Method for authenticating identity of mobile terminal and constructing safety channel
CN106850584A (en) Anonymous authentication method facing client/server network
CN113014376B (en) Method for safety authentication between user and server

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20200616

Address after: No. 10, 12, 14, 5 / F, building 1, No. 11, Changyi Road, Wuhou District, Chengdu, Sichuan 610000

Patentee after: Sichuan Jietong Transportation Technology Co.,Ltd.

Address before: 611731 Chengdu province high tech Zone (West) West source Avenue, No. 2006

Patentee before: UNIVERSITY OF ELECTRONIC SCIENCE AND TECHNOLOGY