CN106127079B - A kind of data sharing method and device - Google Patents
A kind of data sharing method and device Download PDFInfo
- Publication number
- CN106127079B CN106127079B CN201610560301.9A CN201610560301A CN106127079B CN 106127079 B CN106127079 B CN 106127079B CN 201610560301 A CN201610560301 A CN 201610560301A CN 106127079 B CN106127079 B CN 106127079B
- Authority
- CN
- China
- Prior art keywords
- key
- random
- sharing module
- private
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of data sharing method, it include: that the first sharing module generates the first random private-key and the first random public key at random, first sharing module sends the first random public key to the second sharing module, so that second sharing module calculates the identity information of the described first random public key and the second private key and first sharing module using preset cipher key agreement algorithm, obtain the second median, first sharing module receives the second median that the second sharing module is sent, first sharing module calculates the first median, and compare first median and the second median, it is such as identical, first sharing module calculates first random private-key, second public key, with the first median, to obtain shared key.Data sharing method and device provided by the present invention provide a kind of safe, can to replace at any time shared key in guaranteeing big data platform under the premise of the safety of data.
Description
Technical field
The present invention relates to field of information security technology, and in particular to a kind of data sharing method and device.
Background technique
With the continuous increase of data volume scale, structural data, semi-structured data and unstructured data are in finger
The growth trend of number type, existing storage mode are no longer satisfied the demand of user.Based on big data cluster, added by deployment
Close module and cipher key center realize to the distributed storage and processing of mass data, guarantees the safety of data, while can be with
Prevent the personal information that user is excavated by the association analysis of mass data.
Traditional storage and calculating so that distributed storage big data inquiry and analysis become more slowly and tired
Difficulty, traditional mode based on public key algorithm encryption, although encryption to data and decryption and digital signature may be implemented,
Being that spent time cost is higher, used computation bandwidth is more occupies a large amount of network transmission.
Also, as shared demand of the big data user for identical data is continuously increased, e.g., Liang Ge hospital needs pair
The case respectively stored is shared, but the private datas such as the name, phone number of patient and ID card No. in case, is needed
Encrypting storing is realized reliably, can be changed at any time, for both sides how under the premise of meeting the safety of big data
The shared encryption key being used in conjunction with is field of information security technology urgent problem to be solved.
Summary of the invention
The technical problem to be solved by the present invention is to provide a kind of data for the drawbacks described above in the presence of the prior art
Sharing method and device, to solve the data in big data platform existing in the prior art how safety and change at any time
The problem of more shared key, realization data sharing.
To achieve the above object, the present invention provides a kind of data sharing method, is applied to including data sharing device and close
In the big data platform at key center, which comprises
First sharing module generates the first random private-key and the first random public key at random;
First sharing module sends the first random public key to the second sharing module, so that second sharing module is adopted
With preset cipher key agreement algorithm, believed according to the identity of the described first random public key, the second private key and first sharing module
Breath, calculates the second median, and second private key is the private key that the second sharing module passes through cipher key center certification;
First sharing module receives second median that the second sharing module is sent, and uses the preset key
Negotiation algorithm calculates in first according to first random private-key, the identity information of the second public key and first sharing module
Between be worth, second public key be the second sharing module pass through cipher key center certification public key;
First sharing module compares first median with second median, if the two is identical, basis
First random private-key, the second public key and the first median calculate shared key;
First sharing module encrypts specified data according to the shared key, so that the second sharing module can
According to the described first random public key, second private key and the second middle-value calculating shared key, to described specified
Data be decrypted.
Preferably, it is preset with random value set respectively in the cipher key center and first sharing module, described
One sharing module generates the first random private-key and the first random public key at random, specifically includes: the first sharing module is sent with secret
Key request message is to cipher key center;First sharing module receives first part's private key that cipher key center is sent, the first part
Private key is made of random value and random ID information, and the random value is that cipher key center is sent according to first sharing module
What request message randomly selected in preset random value set, the random ID information is cipher key center using preset close
Key generating algorithm calculates random parameter according to the random value, and according to the random parameter and first sharing module
What identity information was calculated;First sharing module randomly chooses a value as second part in preset random value set
Private key, and according to first part's private key and the second part private key, form the first random private-key;First sharing module root
The first random public key is calculated according to the second part private key.
Preferably, after the step of first sharing module sends the first random public key to the second sharing module,
The method also includes: the first sharing module sends the random parameter and the random ID information to the second sharing module;
First sharing module uses the preset cipher key agreement algorithm, according to first random private-key and the second public key and
The identity information of first sharing module calculates the first median, specifically includes: the first sharing module is using described preset
Cipher key agreement algorithm is believed according to first random private-key and second public key, the random parameter and the random ID
Breath calculates the first median.
Preferably, the step of first sharing module generates the first random private-key and the first random public key at random it
Before, generate verifying message at random the method also includes: the first sharing module, and according to the verifying message, the second public key and
First private key executes digital signature and generates the first verifying signature, and first private key is that the first sharing module is recognized by cipher key center
The private key of card;First sharing module encrypts the verifying message according to second public key, and by encrypted verifying
Message is sent to the second sharing module;First sharing module receives the second verifying signature that the second sharing module is sent, and described the
Two verifying signatures are that second sharing module is raw according to the verifying message, the first public key and the second private key execution digital signature
At, first public key is the public key that the first sharing module passes through cipher key center certification;First sharing module is by described first
Verifying signature compares with the second verifying signature, random to generate the first random private-key and the first random public key if the two is identical.
Preferably, the specified data includes individual privacy data.
The present invention also provides a kind of data sharing devices, comprising:
Random key unit, for generating the first random private-key and the first random public key at random;
Transmission unit, for sending the first random public key to the second sharing module, so that second sharing module
Using preset cipher key agreement algorithm, according to the identity of the described first random public key, the second private key and the data sharing device
Information, calculates the second median, and second private key is the private key that the second sharing module passes through cipher key center certification;
Receiving unit, for receiving second median of the second sharing module transmission;
Computing unit, for using the preset cipher key agreement algorithm, according to first random private-key, the second public key
With the identity information of the data sharing device, the first median is calculated, second public key is the second sharing module through overstocked
The public key of key center certification;
Comparing unit, if the two is identical, is indicated for first median to compare with second median
The computing unit calculates shared key according to first random private-key, the second public key and the first median;
Encryption unit, for being encrypted according to the shared key to specified data, so that the second sharing module energy
Enough according to the described first random public key, second private key and the second middle-value calculating shared key, to the finger
Fixed data are decrypted.
Preferably, the transmission unit is also used to send random key request message to cipher key center;The reception is single
Member, is also used to receive first part's private key of cipher key center transmission, and first part's private key is believed by random value and random ID
Breath composition, the random value are the request messages that are sent according to the transmission unit of cipher key center in preset random value set
It randomly selects, the random ID information is cipher key center using preset key schedule, according to the random value meter
Random parameter is calculated, and be calculated according to the identity information of the random parameter and first sharing module;It is described random
Cipher key unit is also used to randomly choose a value in preset random value set as second part private key, and according to described
First part's private key and the second part private key form the first random private-key;And the is calculated according to the second part private key
One random public key.
Preferably, the transmission unit is also used to send the random parameter and described with fuselage to the second sharing module
Part information;The computing unit, is also used to using the preset cipher key agreement algorithm, according to first random private-key and
Second public key, the random parameter and the random ID information calculate the first median.
Preferably, further includes: authentication unit verifies message for generating at random, and according to the verifying message, the second public affairs
Key and the first private key execute digital signature and generate the first verifying signature, and first private key is the private authenticated by cipher key center
Key;The encryption unit is also used to encrypt the verifying message according to second public key, and by encrypted verifying
Message is sent to the second sharing module;The receiving unit is also used to receive the second verifying signature of the second sharing module transmission,
The second verifying signature is that second sharing module according to the verifying message, the first public key and the second private key executes number
What signature generated, first public key is the public key authenticated by cipher key center;The comparing unit is also used to described first
Verifying signature compares with the second verifying signature, random to generate the first random private-key and the first random public key if the two is identical.
It preferably, further include recognition unit, the specified data includes individual privacy data for identification.
Data sharing method and device provided by the present invention, the premise of the safety of data in guaranteeing big data platform
Under, a kind of safe, can to replace at any time shared key is provided, so that the specified data using shared key encryption can be by
The both sides of shared key are shared, and the present invention also provides the authentications to shared side, and only believe the sensitivity in specified data
Breath is encrypted, and carries out integrated authentication to encrypted data, is further ensured that the safety of shared data and is reduced number
According to memory space.
Detailed description of the invention
For the clearer technical solution illustrated in the embodiment of the present invention, will make below to required in embodiment description
Attached drawing, which is done, simply to be introduced, it should be apparent that, drawings in the following description are some embodiments of the invention, for ability
For the those of ordinary skill of domain, without creative efforts, it can also be obtained according to these attached drawings other attached
Figure.
Fig. 1 is the flow diagram of data sharing method provided by the invention;
Fig. 2 is the structural schematic diagram of data sharing device provided by the invention.
Specific embodiment
Technical solution in order to enable those skilled in the art to better understand the present invention, with reference to the accompanying drawings and examples to this
Invention is described in further detail.Obviously, described embodiments are some of the embodiments of the present invention, rather than whole implementation
Example.Based on the embodiments of the present invention, obtained by those of ordinary skill in the art without making creative efforts
Every other embodiment, shall fall within the protection scope of the present invention.
Fig. 1 is the flow diagram of data sharing method provided by the invention, data sharing method packet as shown in Figure 1
It includes:
Step S101, the first sharing module generate the first random private-key and the first random public key at random.
Specifically, first random private-key and the first random public key, are that first sharing module generates and do not have at random
There is the key authenticated by cipher key center.In the public key and private key calculated using rivest, shamir, adelman, make actual
It in the process, generally requires and is authenticated by cipher key center, and issue key certificate, to guarantee the safety of key.?
In this step, the first sharing module uses and generates the identical method of public private key pair by certification, generate random private key and
Public key, for generating the shared key between the second sharing module, and the random private key and public key needs not move through
Cipher key center certification.
It is preset with random value set, the first shared mould respectively in the cipher key center and first sharing module
Block generates the first random private-key and the first random public key at random, specifically includes: the first sharing module sends random key request and disappears
It ceases to cipher key center;The secret key request message includes the identity information of first sharing module or cipher key center can
The identity information of sender i.e. first sharing module are judged with the transmission source according to message.
First sharing module receives first part's private key that cipher key center is sent, first part's private key by random value and
Random ID information composition, the random value are that the request message that cipher key center is sent according to first sharing module is being preset
Random value set in randomly select, the random ID information is cipher key center using preset key schedule, root
Random parameter is calculated according to the random value, and is calculated according to the identity information of the random parameter and first sharing module
Out;First sharing module randomly chooses a value as second part private key in preset random value set, and according to institute
First part's private key and the second part private key are stated, the first random private-key is formed;First sharing module is according to described second
Private key is divided to calculate the first random public key.
The random value randomly selected generallys use the cyclic group for being q from a Prime Orders in actual application
In, randomly choose the mode of a generation member P;The random ID information is that cipher key center is calculated using the generation of preset key
Method calculates the random value to obtain random parameter, and calculate the random parameter and the first sharing module using hash algorithm
Identity information after the random ID information that obtains.
For example, firstly, set Prime Orders as the cyclic group of q be Zq,
Cipher key center is in ZqOne random value s of middle selection, and random value s is subjected to mould P operation, obtain facing for cipher key center
When public key PO, PO=sP;
Cipher key center is in ZqOne random value r of middle reselectionATo the first sharing module, rA∈Zq;
Cipher key center is according to random value rARandom parameter R is calculated using mould P operationA, i.e. RA=rAP;
Assuming that the identity information of the first sharing module is IDA, cipher key center is according to the identity information IDAAnd random parameter
RACalculate random ID information hA, i.e. hA=H (IDA||RA);
Cipher key center is by random value rAWith random ID information hAForm main private key DA, DA=rA+shA。
First sharing module use random value generation method identical with cipher key center, that is, the first sharing module also from
In the identical cyclic group of cipher key center, a value is randomly choosed as from private key.
First sharing module use random value generation method identical with cipher key center, that is, the first sharing module also from
In the identical cyclic group of cipher key center, a value is randomly choosed as second part private key,
First sharing module forms the first random private-key according to first part's private key and the second part private key,
First random private-key includes that first part's private key that cipher key center generates at random and the first sharing module generate at random
Second part private key has dual secrecy effect, cipher key center permission can be prevented excessive.
First sharing module calculates the second part private key using preset key schedule, and it is random public to generate first
Key.The preset key schedule is general using based on the difficult problem generating mode on elliptic curve.
For example, the first sharing module randomly chooses a value xAAs from private key, xA∈Zq;
First sharing module utilizes main private key DAWith from private key xAGenerate complete first random private-key SA, SA=(xA, DA);
First sharing module carries out mould P operation using from private key, generates the first random public key yA, yA=xAP。
The present invention also provides a kind of preferred schemes, generate the first random private-key and at random in first sharing module
Before the step of one random public key, the method also includes verification process, the specific steps are as follows:
First sharing module generates verifying message at random, and is held according to the verifying message, the second public key and the first private key
Row digital signature generates the first verifying signature, and first private key is the private key that the first sharing module passes through cipher key center certification;
First sharing module encrypts the verifying message according to second public key, and encrypted verifying message is sent to
Second sharing module;First sharing module receives the second verifying signature that the second sharing module is sent, the second verifying signature
It is that second sharing module is generated according to the verifying message, the first public key and the second private key execution digital signature, it is described
First public key is the public key that the first sharing module passes through cipher key center certification;First sharing module by it is described first verifying signature and
Second verifying signature compares, random to generate the first random private-key and the first random public key if the two is identical.It is being shared
The creation of key Cheng Qian authentication process itself, may further ensure that the safety between two sharing modules.
Step S102, the first sharing module sends the first random public key to the second sharing module, so that described second
Sharing module uses preset cipher key agreement algorithm, according to the described first random public key, the second private key and the first shared mould
The identity information of block, calculates the second median, and second private key is the private key that the second sharing module passes through cipher key center certification.
Specifically, second private key is the private key that the second sharing module passes through cipher key center certification.Second sharing module
For the generation with the complete shared key of the first sharing module, after the first random public key for receiving the transmission of the first sharing module,
The identical cipher key agreement algorithm preset using both sides calculates the first random public key and the second private key and described first shared
The identity information of module obtains a median, and the negotiation for shared key generates, the median that the second sharing module generates
For the second median.
For the safety for further increasing shared key, the present invention also provides a kind of method, in the first sharing module to
When two sharing modules send the first random public key, while sending random parameter and random ID information, random parameter and with
Identity information, the second sharing module are calculated using preset cipher key agreement algorithm and connect the described first random public key, the second private key,
The random parameter, the random ID information obtain the second median.May further ensure that shared key randomness and
Safety.
Such as: the second median is set as ZB;Second private key of second sharing module by certification is YB;First shared mould
The random public key of the first of block is yA, random parameter RA, random ID information is hA, then the second sharing module calculates among second
The formula of value are as follows:
ZB=YByA+YBRA+hAPO
Step S103, the first sharing module receive second median that the second sharing module is sent, and described in use
Preset cipher key agreement algorithm, according to first random private-key, the identity information of the second public key and first sharing module,
The first median is calculated, second public key is the public key that the second sharing module passes through cipher key center certification.
Specifically, being sent to the first sharing module after the second sharing module gets the second median.First sharing module
First median is calculated using parameter corresponding with the second sharing module and identical cipher key agreement algorithm.
First sharing module compares first median and the second median, such as identical, illustrates have therebetween
Further calculate the parameter of shared key, i.e. the first median and the second median, the first sharing module calculate described first with
Machine private key, the second public key and the first median, to obtain shared key.
First sharing module and the second sharing module utilize the public key information of respective median and other side, and acquisition is shared close
Key.
Step S104, the first sharing module compares first median with second median, if the two phase
Together, then shared key is calculated according to first random private-key, the second public key and the first median.
Specifically, after the first sharing module is encrypted using the data that shared key formulates both sides, other side can be with
It is decrypted using identical shared key, to achieve the purpose that being only limitted to key between the two shares.
Step S105, the first sharing module encrypt specified data according to the shared key, so that second is total
Enjoy module can according to the described first random public key, second private key and the second middle-value calculating shared key, to
The specified data is decrypted.
Specifically, the first sharing module can identify the sensitive information in the specified data, the sensitive information packet
Individual privacy data etc. are included, to reduce the calculation amount of data encryption calculating, improve data encryption efficiency.
After completing data encryption, the first sharing module obtains verifying using the cryptographic Hash that hash function calculates encryption data
Value, the integrity verification value are used for the integrity verification of the encryption data.
The method of data sharing provided by the present invention, can between two sharing modules, by the first sharing module with
The parameter of machine selection generates random public key and random private-key, and random public key is sent to the second sharing module, and both sides are using in advance
If identical cipher key agreement algorithm calculate identical median after, recycle median to obtain shared key, and can mention
There is safe and reliable, randomness height, the characteristics of can changing at any time for the generating process of shared key of the present invention.
Fig. 2 is the structural schematic diagram of data sharing device provided by the invention, data sharing device packet as shown in Figure 2
It includes:
Receiving unit 201, for receiving second median of the second sharing module transmission;It is also used to receive in key
First part's private key that the heart is sent, first part's private key are made of random value and random ID information, and the random value is
What the request message that cipher key center is sent according to the transmission unit randomly selected in preset random value set, it is described random
Identity information is cipher key center using preset key schedule, according to random value calculating random parameter, and according to institute
State what the identity information of random parameter and first sharing module was calculated;It is also used to receive the transmission of the second sharing module
Second verifying signature, the second verifying signature are second sharing modules according to the verifying message, the first public key and the
Two private keys execute what digital signature generated, and first public key is the public key authenticated by cipher key center.
Random key unit 202, for generating the first random private-key and the first random public key at random;It is also used to preset
One value of random selection is as second part private key in random value set, and according to first part's private key and second described
Divide private key, forms the first random private-key;And the first random public key is calculated according to the second part private key.
Computing unit 203, for using the preset cipher key agreement algorithm, according to first random private-key, second
The identity information of public key and the data sharing device, calculates the first median, and second public key is the second sharing module warp
Cross the public key of key center certification;Be also used to using the preset cipher key agreement algorithm, according to first random private-key and
Second public key, the random parameter and the random ID information calculate the first median.
Comparing unit 204, for first median to be compared with second median, if the two is identical,
Indicate that the computing unit according to first random private-key, the second public key and the first median, calculates shared key;It is also used to
The first verifying signature and the second verifying signature are compared, if the two is identical, the first random private-key of random generation and the
One random public key.
Authentication unit 205 verifies message for generating at random, and private according to the verifying message, the second public key and first
Key executes digital signature and generates the first verifying signature, and first private key is the private key authenticated by cipher key center.
Encryption unit 206, for being encrypted according to the shared key to specified data, so that the second sharing module
It can be according to the described first random public key, second private key and the second middle-value calculating shared key, to described
Specified data is decrypted.It is also used to encrypt the verifying message according to second public key, and will be encrypted
Verifying message is sent to the second sharing module.
Recognition unit 207, the specified data includes individual privacy data for identification.
Transmission unit 208, for sending the first random public key to the second sharing module, so that the second shared mould
Block uses preset cipher key agreement algorithm, according to the described first random public key, the body of the second private key and the data sharing device
Part information, calculates the second median, and second private key is the private key that the second sharing module passes through cipher key center certification;It is also used to
Random key request message is sent to cipher key center;It is also used to send the random parameter and described random to the second sharing module
Identity information.
Data sharing device provided by the present invention, can be under the premise of carrying out authentication, by the first sharing module
The first random private-key and the first public key immediately that cipher key center certification is needed not move through according to random generation, by the first random public key
After being sent to the second sharing module, shared key is calculated according to preset cipher key agreement algorithm by both party, realizes safe share
Key generation process, and shared key can easily be replaced at any time.
In several embodiments provided herein, it should be understood that disclosed method, apparatus and system, it can be with
It realizes by another way.For example, apparatus embodiments described above are only schematical, strokes of the functional module
Point, only a kind of division of logic function, there may be another division manner in actual implementation, such as multiple modules can combine
Perhaps it is desirably integrated into another system or some features can be ignored or not executed.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used
To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features;
And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and
Range.
Claims (10)
1. a kind of data sharing method, applied to include data sharing device and cipher key center big data platform in, feature
It is, which comprises
First sharing module generates the first random private-key and the first random public key at random;
First sharing module sends the first random public key to the second sharing module, so that second sharing module is using pre-
If cipher key agreement algorithm, according to the described first random public key, the identity information of the second private key and first sharing module, meter
The second median is calculated, second private key is the private key that the second sharing module passes through cipher key center certification;
First sharing module receives second median that the second sharing module is sent, and uses the preset key agreement
Algorithm calculates among first according to first random private-key, the identity information of the second public key and first sharing module
Value, second public key are the public key that the second sharing module passes through cipher key center certification;
First sharing module compares first median with second median, if the two is identical, according to
First random private-key, the second public key and the first median calculate shared key;
First sharing module encrypts specified data according to the shared key, so that the second sharing module being capable of basis
The first random public key, second private key and the second middle-value calculating shared key, to the specified number
According to being decrypted.
2. data sharing method as described in claim 1, which is characterized in that in the cipher key center and the first shared mould
Random value set is preset in block respectively, first sharing module generates the first random private-key and the first random public key at random,
It specifically includes:
First sharing module sends random key request message to cipher key center;
First sharing module receives first part's private key that cipher key center is sent, and first part's private key is by random value and at random
Identity information composition, the request message that the random value, which is cipher key center, to be sent according to first sharing module it is preset with
It is randomly selected in machine value set, the random ID information is cipher key center using preset key schedule, according to institute
It states random value and calculates random parameter, and be calculated according to the identity information of the random parameter and first sharing module
's;
First sharing module randomly chooses a value as second part private key in preset random value set, and according to described
First part's private key and the second part private key form the first random private-key;
First sharing module calculates the first random public key according to the second part private key.
3. data sharing method as claimed in claim 2, which is characterized in that first sharing module is to the second sharing module
After the step of sending the first random public key, the method also includes:
First sharing module sends the random parameter and the random ID information to the second sharing module;
First sharing module uses the preset cipher key agreement algorithm, public according to first random private-key and second
The identity information of key and first sharing module calculates the first median, specifically includes:
First sharing module uses the preset cipher key agreement algorithm, according to first random private-key and second public affairs
Key, the random parameter and the random ID information calculate the first median.
4. data sharing method as described in claim 1, which is characterized in that generate first at random in first sharing module
Before the step of random private-key and the first random public key, the method also includes:
First sharing module generates verifying message at random, and executes number according to the verifying message, the second public key and the first private key
Word signature generates the first verifying signature, and first private key is the private key that the first sharing module passes through cipher key center certification;
First sharing module encrypts the verifying message according to second public key, and encrypted verifying message is sent out
Give the second sharing module;
First sharing module receives the second verifying signature that the second sharing module is sent, and the second verifying signature is described second
Sharing module executes what digital signature generated according to the verifying message, the first public key and the second private key, and first public key is
First sharing module passes through the public key of cipher key center certification;
First sharing module compares the first verifying signature with the second verifying signature, random to generate if the two is identical
First random private-key and the first random public key.
5. data sharing method as described in claim 1, which is characterized in that the specified data includes individual privacy number
According to.
6. a kind of data sharing device characterized by comprising
Random key unit, for generating the first random private-key and the first random public key at random;
Transmission unit, for sending the first random public key to the second sharing module, so that second sharing module uses
Preset cipher key agreement algorithm, according to the described first random public key, the identity information of the second private key and the data sharing device,
The second median is calculated, second private key is the private key that the second sharing module passes through cipher key center certification;
Receiving unit, for receiving second median of the second sharing module transmission;
Computing unit, for using the preset cipher key agreement algorithm, according to first random private-key, the second public key and institute
The identity information of data sharing device is stated, the first median is calculated, second public key is the second sharing module by key
The public key of heart certification;
Comparing unit, for first median to compare with second median, if the two is identical, described in instruction
Computing unit calculates shared key according to first random private-key, the second public key and the first median;
Encryption unit, for being encrypted according to the shared key to specified data, so that the second sharing module being capable of root
According to the described first random public key, second private key and the second middle-value calculating shared key, to described specified
Data are decrypted.
7. data sharing device as claimed in claim 6, it is characterised in that:
The transmission unit is also used to send random key request message to cipher key center;
The receiving unit is also used to receive first part's private key of cipher key center transmission, and first part's private key is by random
Value and random ID information composition, the random value are that the request message that cipher key center is sent according to the transmission unit is being preset
Random value set in randomly select, the random ID information is cipher key center using preset key schedule, root
Random parameter is calculated according to the random value, and is calculated according to the identity information of the random parameter and the first sharing module
's;
The random key unit is also used to randomly choose a value in preset random value set as second part private
Key, and according to first part's private key and the second part private key, form the first random private-key;And according to described second
Private key is divided to calculate the first random public key.
8. data sharing device as claimed in claim 7, it is characterised in that:
The transmission unit is also used to send the random parameter and the random ID information to the second sharing module;
The computing unit, is also used to using the preset cipher key agreement algorithm, according to first random private-key and described
Second public key, the random parameter and the random ID information calculate the first median.
9. data sharing device as claimed in claim 6, which is characterized in that further include:
Authentication unit verifies message for generating at random, and executes number according to the verifying message, the second public key and the first private key
Word signature generates the first verifying signature, and first private key is the private key authenticated by cipher key center;
The encryption unit is also used to encrypt the verifying message according to second public key, and tests encrypted
Card message is sent to the second sharing module;
The receiving unit, is also used to receive the second verifying signature of the second sharing module transmission, and the second verifying signature is
Second sharing module executes what digital signature generated according to the verifying message, the first public key and the second private key, and described the
One public key is the public key authenticated by cipher key center;
The comparing unit is also used to compare the first verifying signature with the second verifying signature, if the two is identical, with
Machine generates the first random private-key and the first random public key.
10. data sharing device as claimed in claim 6, which is characterized in that further include:
Recognition unit, the specified data includes individual privacy data for identification.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610560301.9A CN106127079B (en) | 2016-07-15 | 2016-07-15 | A kind of data sharing method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610560301.9A CN106127079B (en) | 2016-07-15 | 2016-07-15 | A kind of data sharing method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106127079A CN106127079A (en) | 2016-11-16 |
CN106127079B true CN106127079B (en) | 2019-04-12 |
Family
ID=57283430
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610560301.9A Active CN106127079B (en) | 2016-07-15 | 2016-07-15 | A kind of data sharing method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106127079B (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106789022B (en) * | 2016-12-28 | 2021-03-09 | 上海榉树智能科技有限公司 | Method, device and system for generating shared key |
US11128478B2 (en) * | 2017-03-01 | 2021-09-21 | Apple Inc. | System access using a mobile device |
CN108306734B (en) * | 2017-12-28 | 2021-01-01 | 飞天诚信科技股份有限公司 | Communication link protection method and device |
KR20200108343A (en) | 2018-01-16 | 2020-09-17 | 엔체인 홀딩스 리미티드 | Computer-implemented method and system for obtaining digitally signed data |
CN110336774B (en) * | 2019-04-17 | 2021-07-27 | 中国联合网络通信集团有限公司 | Mixed encryption and decryption method, equipment and system |
CN111143880B (en) * | 2019-12-27 | 2022-06-07 | 中电长城网际系统应用有限公司 | Data processing method and device, electronic equipment and readable medium |
CN111935163B (en) * | 2020-08-14 | 2022-08-09 | 支付宝(杭州)信息技术有限公司 | Data joint processing method and device for protecting privacy |
CN112383395B (en) * | 2020-12-11 | 2024-01-23 | 海光信息技术股份有限公司 | Key negotiation method and device |
CN112636906A (en) * | 2020-12-11 | 2021-04-09 | 海光信息技术股份有限公司 | Key agreement method and device |
CN112667718B (en) * | 2020-12-24 | 2021-07-16 | 广西中科曙光云计算有限公司 | Real estate information sharing query method and system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102480713A (en) * | 2010-11-25 | 2012-05-30 | 中国移动通信集团河南有限公司 | Method, system and device for communication between sink node and mobile communication network |
CN102662692A (en) * | 2012-03-16 | 2012-09-12 | 北京经纬恒润科技有限公司 | Method and system for updating application program in electronic control unit |
CN104883677A (en) * | 2014-02-28 | 2015-09-02 | 阿里巴巴集团控股有限公司 | Equipment communication connection method, apparatus and system |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8756706B2 (en) * | 2010-10-12 | 2014-06-17 | Blackberry Limited | Method for securing credentials in a remote repository |
JP5749236B2 (en) * | 2012-09-28 | 2015-07-15 | 株式会社東芝 | Key change management device and key change management method |
-
2016
- 2016-07-15 CN CN201610560301.9A patent/CN106127079B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102480713A (en) * | 2010-11-25 | 2012-05-30 | 中国移动通信集团河南有限公司 | Method, system and device for communication between sink node and mobile communication network |
CN102662692A (en) * | 2012-03-16 | 2012-09-12 | 北京经纬恒润科技有限公司 | Method and system for updating application program in electronic control unit |
CN104883677A (en) * | 2014-02-28 | 2015-09-02 | 阿里巴巴集团控股有限公司 | Equipment communication connection method, apparatus and system |
Also Published As
Publication number | Publication date |
---|---|
CN106127079A (en) | 2016-11-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106127079B (en) | A kind of data sharing method and device | |
US9794249B1 (en) | Using a digital certificate with multiple cryptosystems | |
Zhou et al. | PSMPA: Patient self-controllable and multi-level privacy-preserving cooperative authentication in distributedm-healthcare cloud computing system | |
CN103124269B (en) | Based on the Bidirectional identity authentication method of dynamic password and biological characteristic under cloud environment | |
CN105245326B (en) | A kind of smart grid security communication means based on combination pin | |
Lee et al. | Secure key management scheme based on ECC algorithm for patient's medical information in healthcare system | |
Islam | Provably secure dynamic identity-based three-factor password authentication scheme using extended chaotic maps | |
US20190089546A1 (en) | System and method for distribution of identity based key material and certificate | |
CN101640590B (en) | Method for obtaining a secret key for identifying cryptographic algorithm and cryptographic center thereof | |
KR20190073472A (en) | Method, apparatus and system for transmitting data | |
CN107437993A (en) | One kind is based on without the side's authentication key agreement method of certificate two and device | |
TWI444030B (en) | Method for keys generation, member authentication and security communication in a dynamic group | |
US11870891B2 (en) | Certificateless public key encryption using pairings | |
CN109818749A (en) | The point-to-point method for message transmission of anti-quantum calculation and system based on pool of symmetric keys | |
CN109951274B (en) | Anti-quantum computing point-to-point message transmission method and system based on private key pool | |
CN105554031A (en) | Encryption method, encryption apparatus, decryption method, decryption apparatus and terminal | |
CN103297230B (en) | Information encipher-decipher method, Apparatus and system | |
CN105306212B (en) | A kind of label decryption method that identity is hiding and safe by force | |
Gowtham et al. | Privacy enhanced data communication protocol for wireless body area network | |
CN107026873B (en) | A kind of encryption and decryption method and system based on elliptic curve | |
CN117081736A (en) | Key distribution method, key distribution device, communication method, and communication device | |
CN103138923B (en) | A kind of internodal authentication, Apparatus and system | |
CN106453253A (en) | Efficient identity-based concealed signcryption method | |
CN110213056B (en) | Anti-quantum computing energy-saving communication method and system and computer equipment | |
EP3664361B1 (en) | Methods and devices for secured identity-based encryption systems with two trusted centers |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |