CN106127079B - A kind of data sharing method and device - Google Patents

A kind of data sharing method and device Download PDF

Info

Publication number
CN106127079B
CN106127079B CN201610560301.9A CN201610560301A CN106127079B CN 106127079 B CN106127079 B CN 106127079B CN 201610560301 A CN201610560301 A CN 201610560301A CN 106127079 B CN106127079 B CN 106127079B
Authority
CN
China
Prior art keywords
key
random
sharing module
private
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610560301.9A
Other languages
Chinese (zh)
Other versions
CN106127079A (en
Inventor
施光源
张柯丽
陈幼雷
赵远杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CEC CYBERSPACE GREAT WALL Co Ltd
Original Assignee
CEC CYBERSPACE GREAT WALL Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CEC CYBERSPACE GREAT WALL Co Ltd filed Critical CEC CYBERSPACE GREAT WALL Co Ltd
Priority to CN201610560301.9A priority Critical patent/CN106127079B/en
Publication of CN106127079A publication Critical patent/CN106127079A/en
Application granted granted Critical
Publication of CN106127079B publication Critical patent/CN106127079B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of data sharing method, it include: that the first sharing module generates the first random private-key and the first random public key at random, first sharing module sends the first random public key to the second sharing module, so that second sharing module calculates the identity information of the described first random public key and the second private key and first sharing module using preset cipher key agreement algorithm, obtain the second median, first sharing module receives the second median that the second sharing module is sent, first sharing module calculates the first median, and compare first median and the second median, it is such as identical, first sharing module calculates first random private-key, second public key, with the first median, to obtain shared key.Data sharing method and device provided by the present invention provide a kind of safe, can to replace at any time shared key in guaranteeing big data platform under the premise of the safety of data.

Description

A kind of data sharing method and device
Technical field
The present invention relates to field of information security technology, and in particular to a kind of data sharing method and device.
Background technique
With the continuous increase of data volume scale, structural data, semi-structured data and unstructured data are in finger The growth trend of number type, existing storage mode are no longer satisfied the demand of user.Based on big data cluster, added by deployment Close module and cipher key center realize to the distributed storage and processing of mass data, guarantees the safety of data, while can be with Prevent the personal information that user is excavated by the association analysis of mass data.
Traditional storage and calculating so that distributed storage big data inquiry and analysis become more slowly and tired Difficulty, traditional mode based on public key algorithm encryption, although encryption to data and decryption and digital signature may be implemented, Being that spent time cost is higher, used computation bandwidth is more occupies a large amount of network transmission.
Also, as shared demand of the big data user for identical data is continuously increased, e.g., Liang Ge hospital needs pair The case respectively stored is shared, but the private datas such as the name, phone number of patient and ID card No. in case, is needed Encrypting storing is realized reliably, can be changed at any time, for both sides how under the premise of meeting the safety of big data The shared encryption key being used in conjunction with is field of information security technology urgent problem to be solved.
Summary of the invention
The technical problem to be solved by the present invention is to provide a kind of data for the drawbacks described above in the presence of the prior art Sharing method and device, to solve the data in big data platform existing in the prior art how safety and change at any time The problem of more shared key, realization data sharing.
To achieve the above object, the present invention provides a kind of data sharing method, is applied to including data sharing device and close In the big data platform at key center, which comprises
First sharing module generates the first random private-key and the first random public key at random;
First sharing module sends the first random public key to the second sharing module, so that second sharing module is adopted With preset cipher key agreement algorithm, believed according to the identity of the described first random public key, the second private key and first sharing module Breath, calculates the second median, and second private key is the private key that the second sharing module passes through cipher key center certification;
First sharing module receives second median that the second sharing module is sent, and uses the preset key Negotiation algorithm calculates in first according to first random private-key, the identity information of the second public key and first sharing module Between be worth, second public key be the second sharing module pass through cipher key center certification public key;
First sharing module compares first median with second median, if the two is identical, basis First random private-key, the second public key and the first median calculate shared key;
First sharing module encrypts specified data according to the shared key, so that the second sharing module can According to the described first random public key, second private key and the second middle-value calculating shared key, to described specified Data be decrypted.
Preferably, it is preset with random value set respectively in the cipher key center and first sharing module, described One sharing module generates the first random private-key and the first random public key at random, specifically includes: the first sharing module is sent with secret Key request message is to cipher key center;First sharing module receives first part's private key that cipher key center is sent, the first part Private key is made of random value and random ID information, and the random value is that cipher key center is sent according to first sharing module What request message randomly selected in preset random value set, the random ID information is cipher key center using preset close Key generating algorithm calculates random parameter according to the random value, and according to the random parameter and first sharing module What identity information was calculated;First sharing module randomly chooses a value as second part in preset random value set Private key, and according to first part's private key and the second part private key, form the first random private-key;First sharing module root The first random public key is calculated according to the second part private key.
Preferably, after the step of first sharing module sends the first random public key to the second sharing module, The method also includes: the first sharing module sends the random parameter and the random ID information to the second sharing module; First sharing module uses the preset cipher key agreement algorithm, according to first random private-key and the second public key and The identity information of first sharing module calculates the first median, specifically includes: the first sharing module is using described preset Cipher key agreement algorithm is believed according to first random private-key and second public key, the random parameter and the random ID Breath calculates the first median.
Preferably, the step of first sharing module generates the first random private-key and the first random public key at random it Before, generate verifying message at random the method also includes: the first sharing module, and according to the verifying message, the second public key and First private key executes digital signature and generates the first verifying signature, and first private key is that the first sharing module is recognized by cipher key center The private key of card;First sharing module encrypts the verifying message according to second public key, and by encrypted verifying Message is sent to the second sharing module;First sharing module receives the second verifying signature that the second sharing module is sent, and described the Two verifying signatures are that second sharing module is raw according to the verifying message, the first public key and the second private key execution digital signature At, first public key is the public key that the first sharing module passes through cipher key center certification;First sharing module is by described first Verifying signature compares with the second verifying signature, random to generate the first random private-key and the first random public key if the two is identical.
Preferably, the specified data includes individual privacy data.
The present invention also provides a kind of data sharing devices, comprising:
Random key unit, for generating the first random private-key and the first random public key at random;
Transmission unit, for sending the first random public key to the second sharing module, so that second sharing module Using preset cipher key agreement algorithm, according to the identity of the described first random public key, the second private key and the data sharing device Information, calculates the second median, and second private key is the private key that the second sharing module passes through cipher key center certification;
Receiving unit, for receiving second median of the second sharing module transmission;
Computing unit, for using the preset cipher key agreement algorithm, according to first random private-key, the second public key With the identity information of the data sharing device, the first median is calculated, second public key is the second sharing module through overstocked The public key of key center certification;
Comparing unit, if the two is identical, is indicated for first median to compare with second median The computing unit calculates shared key according to first random private-key, the second public key and the first median;
Encryption unit, for being encrypted according to the shared key to specified data, so that the second sharing module energy Enough according to the described first random public key, second private key and the second middle-value calculating shared key, to the finger Fixed data are decrypted.
Preferably, the transmission unit is also used to send random key request message to cipher key center;The reception is single Member, is also used to receive first part's private key of cipher key center transmission, and first part's private key is believed by random value and random ID Breath composition, the random value are the request messages that are sent according to the transmission unit of cipher key center in preset random value set It randomly selects, the random ID information is cipher key center using preset key schedule, according to the random value meter Random parameter is calculated, and be calculated according to the identity information of the random parameter and first sharing module;It is described random Cipher key unit is also used to randomly choose a value in preset random value set as second part private key, and according to described First part's private key and the second part private key form the first random private-key;And the is calculated according to the second part private key One random public key.
Preferably, the transmission unit is also used to send the random parameter and described with fuselage to the second sharing module Part information;The computing unit, is also used to using the preset cipher key agreement algorithm, according to first random private-key and Second public key, the random parameter and the random ID information calculate the first median.
Preferably, further includes: authentication unit verifies message for generating at random, and according to the verifying message, the second public affairs Key and the first private key execute digital signature and generate the first verifying signature, and first private key is the private authenticated by cipher key center Key;The encryption unit is also used to encrypt the verifying message according to second public key, and by encrypted verifying Message is sent to the second sharing module;The receiving unit is also used to receive the second verifying signature of the second sharing module transmission, The second verifying signature is that second sharing module according to the verifying message, the first public key and the second private key executes number What signature generated, first public key is the public key authenticated by cipher key center;The comparing unit is also used to described first Verifying signature compares with the second verifying signature, random to generate the first random private-key and the first random public key if the two is identical.
It preferably, further include recognition unit, the specified data includes individual privacy data for identification.
Data sharing method and device provided by the present invention, the premise of the safety of data in guaranteeing big data platform Under, a kind of safe, can to replace at any time shared key is provided, so that the specified data using shared key encryption can be by The both sides of shared key are shared, and the present invention also provides the authentications to shared side, and only believe the sensitivity in specified data Breath is encrypted, and carries out integrated authentication to encrypted data, is further ensured that the safety of shared data and is reduced number According to memory space.
Detailed description of the invention
For the clearer technical solution illustrated in the embodiment of the present invention, will make below to required in embodiment description Attached drawing, which is done, simply to be introduced, it should be apparent that, drawings in the following description are some embodiments of the invention, for ability For the those of ordinary skill of domain, without creative efforts, it can also be obtained according to these attached drawings other attached Figure.
Fig. 1 is the flow diagram of data sharing method provided by the invention;
Fig. 2 is the structural schematic diagram of data sharing device provided by the invention.
Specific embodiment
Technical solution in order to enable those skilled in the art to better understand the present invention, with reference to the accompanying drawings and examples to this Invention is described in further detail.Obviously, described embodiments are some of the embodiments of the present invention, rather than whole implementation Example.Based on the embodiments of the present invention, obtained by those of ordinary skill in the art without making creative efforts Every other embodiment, shall fall within the protection scope of the present invention.
Fig. 1 is the flow diagram of data sharing method provided by the invention, data sharing method packet as shown in Figure 1 It includes:
Step S101, the first sharing module generate the first random private-key and the first random public key at random.
Specifically, first random private-key and the first random public key, are that first sharing module generates and do not have at random There is the key authenticated by cipher key center.In the public key and private key calculated using rivest, shamir, adelman, make actual It in the process, generally requires and is authenticated by cipher key center, and issue key certificate, to guarantee the safety of key.? In this step, the first sharing module uses and generates the identical method of public private key pair by certification, generate random private key and Public key, for generating the shared key between the second sharing module, and the random private key and public key needs not move through Cipher key center certification.
It is preset with random value set, the first shared mould respectively in the cipher key center and first sharing module Block generates the first random private-key and the first random public key at random, specifically includes: the first sharing module sends random key request and disappears It ceases to cipher key center;The secret key request message includes the identity information of first sharing module or cipher key center can The identity information of sender i.e. first sharing module are judged with the transmission source according to message.
First sharing module receives first part's private key that cipher key center is sent, first part's private key by random value and Random ID information composition, the random value are that the request message that cipher key center is sent according to first sharing module is being preset Random value set in randomly select, the random ID information is cipher key center using preset key schedule, root Random parameter is calculated according to the random value, and is calculated according to the identity information of the random parameter and first sharing module Out;First sharing module randomly chooses a value as second part private key in preset random value set, and according to institute First part's private key and the second part private key are stated, the first random private-key is formed;First sharing module is according to described second Private key is divided to calculate the first random public key.
The random value randomly selected generallys use the cyclic group for being q from a Prime Orders in actual application In, randomly choose the mode of a generation member P;The random ID information is that cipher key center is calculated using the generation of preset key Method calculates the random value to obtain random parameter, and calculate the random parameter and the first sharing module using hash algorithm Identity information after the random ID information that obtains.
For example, firstly, set Prime Orders as the cyclic group of q be Zq,
Cipher key center is in ZqOne random value s of middle selection, and random value s is subjected to mould P operation, obtain facing for cipher key center When public key PO, PO=sP;
Cipher key center is in ZqOne random value r of middle reselectionATo the first sharing module, rA∈Zq
Cipher key center is according to random value rARandom parameter R is calculated using mould P operationA, i.e. RA=rAP;
Assuming that the identity information of the first sharing module is IDA, cipher key center is according to the identity information IDAAnd random parameter RACalculate random ID information hA, i.e. hA=H (IDA||RA);
Cipher key center is by random value rAWith random ID information hAForm main private key DA, DA=rA+shA
First sharing module use random value generation method identical with cipher key center, that is, the first sharing module also from In the identical cyclic group of cipher key center, a value is randomly choosed as from private key.
First sharing module use random value generation method identical with cipher key center, that is, the first sharing module also from In the identical cyclic group of cipher key center, a value is randomly choosed as second part private key,
First sharing module forms the first random private-key according to first part's private key and the second part private key, First random private-key includes that first part's private key that cipher key center generates at random and the first sharing module generate at random Second part private key has dual secrecy effect, cipher key center permission can be prevented excessive.
First sharing module calculates the second part private key using preset key schedule, and it is random public to generate first Key.The preset key schedule is general using based on the difficult problem generating mode on elliptic curve.
For example, the first sharing module randomly chooses a value xAAs from private key, xA∈Zq
First sharing module utilizes main private key DAWith from private key xAGenerate complete first random private-key SA, SA=(xA, DA);
First sharing module carries out mould P operation using from private key, generates the first random public key yA, yA=xAP。
The present invention also provides a kind of preferred schemes, generate the first random private-key and at random in first sharing module Before the step of one random public key, the method also includes verification process, the specific steps are as follows:
First sharing module generates verifying message at random, and is held according to the verifying message, the second public key and the first private key Row digital signature generates the first verifying signature, and first private key is the private key that the first sharing module passes through cipher key center certification; First sharing module encrypts the verifying message according to second public key, and encrypted verifying message is sent to Second sharing module;First sharing module receives the second verifying signature that the second sharing module is sent, the second verifying signature It is that second sharing module is generated according to the verifying message, the first public key and the second private key execution digital signature, it is described First public key is the public key that the first sharing module passes through cipher key center certification;First sharing module by it is described first verifying signature and Second verifying signature compares, random to generate the first random private-key and the first random public key if the two is identical.It is being shared The creation of key Cheng Qian authentication process itself, may further ensure that the safety between two sharing modules.
Step S102, the first sharing module sends the first random public key to the second sharing module, so that described second Sharing module uses preset cipher key agreement algorithm, according to the described first random public key, the second private key and the first shared mould The identity information of block, calculates the second median, and second private key is the private key that the second sharing module passes through cipher key center certification.
Specifically, second private key is the private key that the second sharing module passes through cipher key center certification.Second sharing module For the generation with the complete shared key of the first sharing module, after the first random public key for receiving the transmission of the first sharing module, The identical cipher key agreement algorithm preset using both sides calculates the first random public key and the second private key and described first shared The identity information of module obtains a median, and the negotiation for shared key generates, the median that the second sharing module generates For the second median.
For the safety for further increasing shared key, the present invention also provides a kind of method, in the first sharing module to When two sharing modules send the first random public key, while sending random parameter and random ID information, random parameter and with Identity information, the second sharing module are calculated using preset cipher key agreement algorithm and connect the described first random public key, the second private key, The random parameter, the random ID information obtain the second median.May further ensure that shared key randomness and Safety.
Such as: the second median is set as ZB;Second private key of second sharing module by certification is YB;First shared mould The random public key of the first of block is yA, random parameter RA, random ID information is hA, then the second sharing module calculates among second The formula of value are as follows:
ZB=YByA+YBRA+hAPO
Step S103, the first sharing module receive second median that the second sharing module is sent, and described in use Preset cipher key agreement algorithm, according to first random private-key, the identity information of the second public key and first sharing module, The first median is calculated, second public key is the public key that the second sharing module passes through cipher key center certification.
Specifically, being sent to the first sharing module after the second sharing module gets the second median.First sharing module First median is calculated using parameter corresponding with the second sharing module and identical cipher key agreement algorithm.
First sharing module compares first median and the second median, such as identical, illustrates have therebetween Further calculate the parameter of shared key, i.e. the first median and the second median, the first sharing module calculate described first with Machine private key, the second public key and the first median, to obtain shared key.
First sharing module and the second sharing module utilize the public key information of respective median and other side, and acquisition is shared close Key.
Step S104, the first sharing module compares first median with second median, if the two phase Together, then shared key is calculated according to first random private-key, the second public key and the first median.
Specifically, after the first sharing module is encrypted using the data that shared key formulates both sides, other side can be with It is decrypted using identical shared key, to achieve the purpose that being only limitted to key between the two shares.
Step S105, the first sharing module encrypt specified data according to the shared key, so that second is total Enjoy module can according to the described first random public key, second private key and the second middle-value calculating shared key, to The specified data is decrypted.
Specifically, the first sharing module can identify the sensitive information in the specified data, the sensitive information packet Individual privacy data etc. are included, to reduce the calculation amount of data encryption calculating, improve data encryption efficiency.
After completing data encryption, the first sharing module obtains verifying using the cryptographic Hash that hash function calculates encryption data Value, the integrity verification value are used for the integrity verification of the encryption data.
The method of data sharing provided by the present invention, can between two sharing modules, by the first sharing module with The parameter of machine selection generates random public key and random private-key, and random public key is sent to the second sharing module, and both sides are using in advance If identical cipher key agreement algorithm calculate identical median after, recycle median to obtain shared key, and can mention There is safe and reliable, randomness height, the characteristics of can changing at any time for the generating process of shared key of the present invention.
Fig. 2 is the structural schematic diagram of data sharing device provided by the invention, data sharing device packet as shown in Figure 2 It includes:
Receiving unit 201, for receiving second median of the second sharing module transmission;It is also used to receive in key First part's private key that the heart is sent, first part's private key are made of random value and random ID information, and the random value is What the request message that cipher key center is sent according to the transmission unit randomly selected in preset random value set, it is described random Identity information is cipher key center using preset key schedule, according to random value calculating random parameter, and according to institute State what the identity information of random parameter and first sharing module was calculated;It is also used to receive the transmission of the second sharing module Second verifying signature, the second verifying signature are second sharing modules according to the verifying message, the first public key and the Two private keys execute what digital signature generated, and first public key is the public key authenticated by cipher key center.
Random key unit 202, for generating the first random private-key and the first random public key at random;It is also used to preset One value of random selection is as second part private key in random value set, and according to first part's private key and second described Divide private key, forms the first random private-key;And the first random public key is calculated according to the second part private key.
Computing unit 203, for using the preset cipher key agreement algorithm, according to first random private-key, second The identity information of public key and the data sharing device, calculates the first median, and second public key is the second sharing module warp Cross the public key of key center certification;Be also used to using the preset cipher key agreement algorithm, according to first random private-key and Second public key, the random parameter and the random ID information calculate the first median.
Comparing unit 204, for first median to be compared with second median, if the two is identical, Indicate that the computing unit according to first random private-key, the second public key and the first median, calculates shared key;It is also used to The first verifying signature and the second verifying signature are compared, if the two is identical, the first random private-key of random generation and the One random public key.
Authentication unit 205 verifies message for generating at random, and private according to the verifying message, the second public key and first Key executes digital signature and generates the first verifying signature, and first private key is the private key authenticated by cipher key center.
Encryption unit 206, for being encrypted according to the shared key to specified data, so that the second sharing module It can be according to the described first random public key, second private key and the second middle-value calculating shared key, to described Specified data is decrypted.It is also used to encrypt the verifying message according to second public key, and will be encrypted Verifying message is sent to the second sharing module.
Recognition unit 207, the specified data includes individual privacy data for identification.
Transmission unit 208, for sending the first random public key to the second sharing module, so that the second shared mould Block uses preset cipher key agreement algorithm, according to the described first random public key, the body of the second private key and the data sharing device Part information, calculates the second median, and second private key is the private key that the second sharing module passes through cipher key center certification;It is also used to Random key request message is sent to cipher key center;It is also used to send the random parameter and described random to the second sharing module Identity information.
Data sharing device provided by the present invention, can be under the premise of carrying out authentication, by the first sharing module The first random private-key and the first public key immediately that cipher key center certification is needed not move through according to random generation, by the first random public key After being sent to the second sharing module, shared key is calculated according to preset cipher key agreement algorithm by both party, realizes safe share Key generation process, and shared key can easily be replaced at any time.
In several embodiments provided herein, it should be understood that disclosed method, apparatus and system, it can be with It realizes by another way.For example, apparatus embodiments described above are only schematical, strokes of the functional module Point, only a kind of division of logic function, there may be another division manner in actual implementation, such as multiple modules can combine Perhaps it is desirably integrated into another system or some features can be ignored or not executed.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features; And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and Range.

Claims (10)

1. a kind of data sharing method, applied to include data sharing device and cipher key center big data platform in, feature It is, which comprises
First sharing module generates the first random private-key and the first random public key at random;
First sharing module sends the first random public key to the second sharing module, so that second sharing module is using pre- If cipher key agreement algorithm, according to the described first random public key, the identity information of the second private key and first sharing module, meter The second median is calculated, second private key is the private key that the second sharing module passes through cipher key center certification;
First sharing module receives second median that the second sharing module is sent, and uses the preset key agreement Algorithm calculates among first according to first random private-key, the identity information of the second public key and first sharing module Value, second public key are the public key that the second sharing module passes through cipher key center certification;
First sharing module compares first median with second median, if the two is identical, according to First random private-key, the second public key and the first median calculate shared key;
First sharing module encrypts specified data according to the shared key, so that the second sharing module being capable of basis The first random public key, second private key and the second middle-value calculating shared key, to the specified number According to being decrypted.
2. data sharing method as described in claim 1, which is characterized in that in the cipher key center and the first shared mould Random value set is preset in block respectively, first sharing module generates the first random private-key and the first random public key at random, It specifically includes:
First sharing module sends random key request message to cipher key center;
First sharing module receives first part's private key that cipher key center is sent, and first part's private key is by random value and at random Identity information composition, the request message that the random value, which is cipher key center, to be sent according to first sharing module it is preset with It is randomly selected in machine value set, the random ID information is cipher key center using preset key schedule, according to institute It states random value and calculates random parameter, and be calculated according to the identity information of the random parameter and first sharing module 's;
First sharing module randomly chooses a value as second part private key in preset random value set, and according to described First part's private key and the second part private key form the first random private-key;
First sharing module calculates the first random public key according to the second part private key.
3. data sharing method as claimed in claim 2, which is characterized in that first sharing module is to the second sharing module After the step of sending the first random public key, the method also includes:
First sharing module sends the random parameter and the random ID information to the second sharing module;
First sharing module uses the preset cipher key agreement algorithm, public according to first random private-key and second The identity information of key and first sharing module calculates the first median, specifically includes:
First sharing module uses the preset cipher key agreement algorithm, according to first random private-key and second public affairs Key, the random parameter and the random ID information calculate the first median.
4. data sharing method as described in claim 1, which is characterized in that generate first at random in first sharing module Before the step of random private-key and the first random public key, the method also includes:
First sharing module generates verifying message at random, and executes number according to the verifying message, the second public key and the first private key Word signature generates the first verifying signature, and first private key is the private key that the first sharing module passes through cipher key center certification;
First sharing module encrypts the verifying message according to second public key, and encrypted verifying message is sent out Give the second sharing module;
First sharing module receives the second verifying signature that the second sharing module is sent, and the second verifying signature is described second Sharing module executes what digital signature generated according to the verifying message, the first public key and the second private key, and first public key is First sharing module passes through the public key of cipher key center certification;
First sharing module compares the first verifying signature with the second verifying signature, random to generate if the two is identical First random private-key and the first random public key.
5. data sharing method as described in claim 1, which is characterized in that the specified data includes individual privacy number According to.
6. a kind of data sharing device characterized by comprising
Random key unit, for generating the first random private-key and the first random public key at random;
Transmission unit, for sending the first random public key to the second sharing module, so that second sharing module uses Preset cipher key agreement algorithm, according to the described first random public key, the identity information of the second private key and the data sharing device, The second median is calculated, second private key is the private key that the second sharing module passes through cipher key center certification;
Receiving unit, for receiving second median of the second sharing module transmission;
Computing unit, for using the preset cipher key agreement algorithm, according to first random private-key, the second public key and institute The identity information of data sharing device is stated, the first median is calculated, second public key is the second sharing module by key The public key of heart certification;
Comparing unit, for first median to compare with second median, if the two is identical, described in instruction Computing unit calculates shared key according to first random private-key, the second public key and the first median;
Encryption unit, for being encrypted according to the shared key to specified data, so that the second sharing module being capable of root According to the described first random public key, second private key and the second middle-value calculating shared key, to described specified Data are decrypted.
7. data sharing device as claimed in claim 6, it is characterised in that:
The transmission unit is also used to send random key request message to cipher key center;
The receiving unit is also used to receive first part's private key of cipher key center transmission, and first part's private key is by random Value and random ID information composition, the random value are that the request message that cipher key center is sent according to the transmission unit is being preset Random value set in randomly select, the random ID information is cipher key center using preset key schedule, root Random parameter is calculated according to the random value, and is calculated according to the identity information of the random parameter and the first sharing module 's;
The random key unit is also used to randomly choose a value in preset random value set as second part private Key, and according to first part's private key and the second part private key, form the first random private-key;And according to described second Private key is divided to calculate the first random public key.
8. data sharing device as claimed in claim 7, it is characterised in that:
The transmission unit is also used to send the random parameter and the random ID information to the second sharing module;
The computing unit, is also used to using the preset cipher key agreement algorithm, according to first random private-key and described Second public key, the random parameter and the random ID information calculate the first median.
9. data sharing device as claimed in claim 6, which is characterized in that further include:
Authentication unit verifies message for generating at random, and executes number according to the verifying message, the second public key and the first private key Word signature generates the first verifying signature, and first private key is the private key authenticated by cipher key center;
The encryption unit is also used to encrypt the verifying message according to second public key, and tests encrypted Card message is sent to the second sharing module;
The receiving unit, is also used to receive the second verifying signature of the second sharing module transmission, and the second verifying signature is Second sharing module executes what digital signature generated according to the verifying message, the first public key and the second private key, and described the One public key is the public key authenticated by cipher key center;
The comparing unit is also used to compare the first verifying signature with the second verifying signature, if the two is identical, with Machine generates the first random private-key and the first random public key.
10. data sharing device as claimed in claim 6, which is characterized in that further include:
Recognition unit, the specified data includes individual privacy data for identification.
CN201610560301.9A 2016-07-15 2016-07-15 A kind of data sharing method and device Active CN106127079B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610560301.9A CN106127079B (en) 2016-07-15 2016-07-15 A kind of data sharing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610560301.9A CN106127079B (en) 2016-07-15 2016-07-15 A kind of data sharing method and device

Publications (2)

Publication Number Publication Date
CN106127079A CN106127079A (en) 2016-11-16
CN106127079B true CN106127079B (en) 2019-04-12

Family

ID=57283430

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610560301.9A Active CN106127079B (en) 2016-07-15 2016-07-15 A kind of data sharing method and device

Country Status (1)

Country Link
CN (1) CN106127079B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789022B (en) * 2016-12-28 2021-03-09 上海榉树智能科技有限公司 Method, device and system for generating shared key
US11128478B2 (en) * 2017-03-01 2021-09-21 Apple Inc. System access using a mobile device
CN108306734B (en) * 2017-12-28 2021-01-01 飞天诚信科技股份有限公司 Communication link protection method and device
KR20200108343A (en) 2018-01-16 2020-09-17 엔체인 홀딩스 리미티드 Computer-implemented method and system for obtaining digitally signed data
CN110336774B (en) * 2019-04-17 2021-07-27 中国联合网络通信集团有限公司 Mixed encryption and decryption method, equipment and system
CN111143880B (en) * 2019-12-27 2022-06-07 中电长城网际系统应用有限公司 Data processing method and device, electronic equipment and readable medium
CN111935163B (en) * 2020-08-14 2022-08-09 支付宝(杭州)信息技术有限公司 Data joint processing method and device for protecting privacy
CN112383395B (en) * 2020-12-11 2024-01-23 海光信息技术股份有限公司 Key negotiation method and device
CN112636906A (en) * 2020-12-11 2021-04-09 海光信息技术股份有限公司 Key agreement method and device
CN112667718B (en) * 2020-12-24 2021-07-16 广西中科曙光云计算有限公司 Real estate information sharing query method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102480713A (en) * 2010-11-25 2012-05-30 中国移动通信集团河南有限公司 Method, system and device for communication between sink node and mobile communication network
CN102662692A (en) * 2012-03-16 2012-09-12 北京经纬恒润科技有限公司 Method and system for updating application program in electronic control unit
CN104883677A (en) * 2014-02-28 2015-09-02 阿里巴巴集团控股有限公司 Equipment communication connection method, apparatus and system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8756706B2 (en) * 2010-10-12 2014-06-17 Blackberry Limited Method for securing credentials in a remote repository
JP5749236B2 (en) * 2012-09-28 2015-07-15 株式会社東芝 Key change management device and key change management method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102480713A (en) * 2010-11-25 2012-05-30 中国移动通信集团河南有限公司 Method, system and device for communication between sink node and mobile communication network
CN102662692A (en) * 2012-03-16 2012-09-12 北京经纬恒润科技有限公司 Method and system for updating application program in electronic control unit
CN104883677A (en) * 2014-02-28 2015-09-02 阿里巴巴集团控股有限公司 Equipment communication connection method, apparatus and system

Also Published As

Publication number Publication date
CN106127079A (en) 2016-11-16

Similar Documents

Publication Publication Date Title
CN106127079B (en) A kind of data sharing method and device
US9794249B1 (en) Using a digital certificate with multiple cryptosystems
Zhou et al. PSMPA: Patient self-controllable and multi-level privacy-preserving cooperative authentication in distributedm-healthcare cloud computing system
CN103124269B (en) Based on the Bidirectional identity authentication method of dynamic password and biological characteristic under cloud environment
CN105245326B (en) A kind of smart grid security communication means based on combination pin
Lee et al. Secure key management scheme based on ECC algorithm for patient's medical information in healthcare system
Islam Provably secure dynamic identity-based three-factor password authentication scheme using extended chaotic maps
US20190089546A1 (en) System and method for distribution of identity based key material and certificate
CN101640590B (en) Method for obtaining a secret key for identifying cryptographic algorithm and cryptographic center thereof
KR20190073472A (en) Method, apparatus and system for transmitting data
CN107437993A (en) One kind is based on without the side's authentication key agreement method of certificate two and device
TWI444030B (en) Method for keys generation, member authentication and security communication in a dynamic group
US11870891B2 (en) Certificateless public key encryption using pairings
CN109818749A (en) The point-to-point method for message transmission of anti-quantum calculation and system based on pool of symmetric keys
CN109951274B (en) Anti-quantum computing point-to-point message transmission method and system based on private key pool
CN105554031A (en) Encryption method, encryption apparatus, decryption method, decryption apparatus and terminal
CN103297230B (en) Information encipher-decipher method, Apparatus and system
CN105306212B (en) A kind of label decryption method that identity is hiding and safe by force
Gowtham et al. Privacy enhanced data communication protocol for wireless body area network
CN107026873B (en) A kind of encryption and decryption method and system based on elliptic curve
CN117081736A (en) Key distribution method, key distribution device, communication method, and communication device
CN103138923B (en) A kind of internodal authentication, Apparatus and system
CN106453253A (en) Efficient identity-based concealed signcryption method
CN110213056B (en) Anti-quantum computing energy-saving communication method and system and computer equipment
EP3664361B1 (en) Methods and devices for secured identity-based encryption systems with two trusted centers

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant