CN106845280A - A kind of Merkle Hash trees cloud data integrity auditing method and system - Google Patents

A kind of Merkle Hash trees cloud data integrity auditing method and system Download PDF

Info

Publication number
CN106845280A
CN106845280A CN201710150247.5A CN201710150247A CN106845280A CN 106845280 A CN106845280 A CN 106845280A CN 201710150247 A CN201710150247 A CN 201710150247A CN 106845280 A CN106845280 A CN 106845280A
Authority
CN
China
Prior art keywords
data block
signature
root node
auditing
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710150247.5A
Other languages
Chinese (zh)
Inventor
刘竹松
苏迪
李进
余松森
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong University of Technology
Original Assignee
Guangdong University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong University of Technology filed Critical Guangdong University of Technology
Priority to CN201710150247.5A priority Critical patent/CN106845280A/en
Publication of CN106845280A publication Critical patent/CN106845280A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • G06F21/645Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Abstract

The embodiment of the invention discloses a kind of Merkle Hash trees cloud data integrity auditing method and system,Duty-circle is improved by the data storage block message on node,Certification path length is shortened using local authority's root node,Reduce auditing by third party end and user terminal computing cost,And the property held that auditing by third party end need to only be returned by cloud storage service device end proves that the cryptographic Hash of interior joint is calculated local authority's root node cryptographic Hash,Then it sign with key and obtain local authority's root node signature,Just the local authority's root node signature that can be returned with cloud storage service device end is compared and is verified,And unique root node need not be calculated and signed for integrity verification,Greatly improve auditing by third party end and user terminal integrality audit efficiency,And maintain the freshness of nodal information by setting up version identifier in node.

Description

A kind of Merkle Hash trees cloud data integrity auditing method and system
Technical field
The present invention relates to data integrity validation field, more particularly to a kind of audit of Merkle Hash trees cloud data integrity Method and system.
Background technology
Cloud has efficient computing capability and huge storage capacity, and being that data owner's saving is substantial amounts of is locally stored sky Between and data management burden, but cloud and non-fully credible, especially in public cloud and mixed cloud, cloud may delete part visit capacity Few data save cloud storage space.Therefore, data owner DO is needed by cloud data integrity audit technique requirement cloud Integrity certification is provided to oneself, it was demonstrated that cloud data are complete.There are three entity difference in cloud data integrity auditing system It is data owner DO, cloud storage service provider CSP and auditing by third party person TPA.In integrality audit process, first by In data owner's DO computing capabilitys it is limited and can not keep it is always on thus authorize completely believable auditing by third party person TPA it is complete Into audit work is acted on behalf of, authorized auditing by third party person TPA operation challenge informations obtain challenging solicited message to generating algorithm. The challenge solicited message operation evidence generating algorithm that cloud storage service provider CSP receives auditing by third party person TPA transmissions is obtained The property held is proved.The property held that auditing by third party person TPA receives cloud storage service provider CSP returns proves that operation integrality is examined Calculating method, audit determines that i.e. cloud data are complete, otherwise prove that data are damaged by then showing that the property held proves positive.But It is when the increasing number of data from the sample survey block or the property held prove huge, the amount of calculation of the person TPA that causes auditing by third party, communication is negative Load and network bandwidth consumption will significantly increase.In addition, in order to improve the security of cloud data, auditing by third party person TPA is deposited with cloud Storage service provider CSP needs periodically frequently interaction.Thus reduce the computing cost of auditing by third party person TPA and, improve Data owner DO audit efficiencies, the integrality aspect of guarantee data have practical significance.
It is low to there is Duty-circle in the authentication data structure that existing cloud data integrity audit program is used, certification path The long amount of calculation for causing integrality auditing system, communication burden and network bandwidth consumption will significantly increase, and then influence the 3rd Square audit person TPA and data owner's DO integrality audit efficiency problems.
Therefore it provides a kind of method and system that efficiently can enter to rack data integrity audit are those skilled in the art The technical issues that need to address.
The content of the invention
A kind of Merkle Hash trees cloud data integrity auditing method and system are the embodiment of the invention provides, has been realized Whole property audit function, effectively improves Duty-circle, shortens certification path length, reduces calculating and the communication overhead of system And with audit efficiency higher.
A kind of Merkle Hash trees cloud data integrity auditing method is the embodiment of the invention provides, including:
User terminal carries out piecemeal operation to subscriber data file and obtains n data after generation client public key, private key for user Block, data block set is generated according to the data block, and the data block is carried out to be calculated data block cryptographic Hash, by pre- Put formula carries out signature calculation to the private key for user, the data block cryptographic Hash, the data block, obtains data block signature collection Close, preset local authority's root node cryptographic Hash sign further according to the private key for user obtains preset local authority's root node Signature;
The user terminal builds the orderly Merkel's Hash tree authentication data structure of y-bend, and by the data block set, institute State data block signature set and preset local authority's root node signature is sent to cloud storage service device end;
Auditing by third party end set (1,2 ..., n) in c element composition data block of random sampling challenge subset, by choosing War information challenges subset generation challenge information to set to generating algorithm according to the data block, and by the challenge information to collection Close and send to the cloud storage service device end;
The cloud storage service device end is according to being preset in the orderly Merkel's Hash tree authentication data structure of the y-bend Certification path information obtains secondary path information aggregate, by evidence generating algorithm according to the secondary path information aggregate, institute Challenge information is stated to set, preset local authority's root node signature, the data block set and data block signature collection Symphysis is sent to the auditing by third party end property the held evidence into the property held evidence, wherein, the certification path letter Breath is corresponding to set with the challenge information;
The auditing by third party end gets the secondary path information aggregate and the institute that the property the held evidence is included Challenge information is stated to gathering corresponding data block cryptographic Hash, preset local authority's root node signature, to the secondary path Information aggregate and the challenge information carry out being calculated first local authority's root node to the corresponding data block cryptographic Hash of set Cryptographic Hash, and according to private key for user authority's root node cryptographic Hash local to described first sign and obtain the first local power Wigan node signature, described first local authority's root node signature is compared with preset local authority's root node signature Operation;
The auditing by third party end is compared after operation passes through described, according to the client public key, the challenge information pair Set, the property the held evidence carry out verification operation, if being verified, confirm that cloud data are complete, if checking does not pass through, really Recognize cloud data to be damaged.
Preferably, the user terminal carries out piecemeal operation after generation client public key, private key for user to subscriber data file N data block is obtained, data block set is generated according to the data block, and the data block is carried out to be calculated data block Kazakhstan Uncommon value, signature calculation is carried out by preset formula to the private key for user, the data block cryptographic Hash, the data block, is obtained Data block signature set, preset local authority's root node cryptographic Hash sign further according to the private key for user obtains preset office Also include before portion authority root node signature:
The user terminal generates the client public key and the private key for user by public private key pair generating algorithm.
Preferably, the cloud storage service device end is according to being preset in the orderly Merkel's Hash tree authentication data knot of the y-bend Certification path information in structure obtains secondary path information aggregate, by evidence generating algorithm according to the secondary path information collection Conjunction, the challenge information are to set, preset local authority's root node signature, the data block set and the data block label The name set generation property held evidence, and the property the held evidence is sent to the auditing by third party end, wherein, the certification road Footpath information is corresponding to set with the challenge information to be specifically included:
The cloud storage service device end is according to being preset in the orderly Merkel's Hash tree authentication data structure of the y-bend Certification path information obtains secondary path information aggregate, and according to the challenge information to gathering to the data block set, institute State data block signature set carry out respectively signature polymerization be calculated the first numerical value, second value, according to first numerical value, institute Second value, the secondary path information aggregate, preset local authority's root node signature and the challenge information are stated to collection The corresponding data block cryptographic Hash generation property held evidence is closed, and the property the held evidence is sent to the auditing by third party end, Wherein, the certification path information is corresponding to set with the challenge information.
Preferably, the data block size is 32K.
Preferably, the preset formula is:
In formula, Φ is data block signature set;σiIt is i-th data block signature;h(mi) it is i-th data block cryptographic Hash; miIt is i-th data block;U is random number;α is private key for user.
Preferably, the embodiment of the present invention additionally provides a kind of Merkle Hash trees cloud data integrity auditing system, including: User terminal, auditing by third party end and cloud storage service device end;
The user terminal, the auditing by third party end and the cloud storage service device end communicate to connect between any two;
The user terminal is used for after generation client public key, private key for user, carries out piecemeal to subscriber data file and operates To n data block, data block set is generated according to the data block, and the data block is carried out to be calculated data block Hash Value, signature calculation is carried out by preset formula to the private key for user, the data block cryptographic Hash, the data block, is counted According to block signature set, preset local authority's root node cryptographic Hash sign further according to the private key for user obtains preset part Authoritative root node signature;
The user terminal is additionally operable to build the orderly Merkel's Hash tree authentication data structure of y-bend, and by the set of data blocks Close, the data block signature set and preset local authority's root node signature are sent to cloud storage service device end;
The auditing by third party end be used for set (1,2 ..., n) in the challenge of c element composition data block of random sampling it is sub Collection, challenges subset and generates challenge information to set, and chosen described to generating algorithm by challenge information according to the data block War information is sent to the cloud storage service device end to set;
The cloud storage service device end is used for basis and is preset in the orderly Merkel's Hash tree authentication data structure of the y-bend In certification path information obtain secondary path information aggregate, by evidence generating algorithm according to the secondary path information collection Conjunction, the challenge information are to set, preset local authority's root node signature, the data block set and the data block label The name set generation property held evidence, and the property the held evidence is sent to the auditing by third party end, wherein, the certification road Footpath information is corresponding to set with the challenge information;
The auditing by third party end is additionally operable to get the secondary path information collection that the property the held evidence is included Close the corresponding data block cryptographic Hash of set, preset local authority's root node are signed with the challenge information, to described auxiliary Help routing information set and the challenge information carries out being calculated the first local authority to the corresponding data block cryptographic Hash of set Root node cryptographic Hash, and described first local authority's root node cryptographic Hash sign obtaining first according to the private key for user Local authority's root node signature, by described first local authority's root node signature and preset local authority's root node sign into Row compares operation;
The auditing by third party end is additionally operable to compare after operation passes through described, according to the client public key, the challenge Information carries out verification operation to set, the property the held evidence, if being verified, confirms that cloud data are complete, if checking is obstructed Cross, then confirm that cloud data are damaged.
Preferably, the user terminal is additionally operable to generate the client public key and the user by public private key pair generating algorithm Private key.
Preferably, the cloud storage service device end is additionally operable to basis and is preset in the orderly Merkel's Hash authentication tree of the y-bend Certification path information in data structure obtains secondary path information aggregate, and according to the challenge information to gathering to the number Signature polymerization is carried out respectively according to set of blocks, the data block signature set and is calculated the first numerical value, second value, according to described First numerical value, the second value, the secondary path information aggregate, preset local authority's root node are signed and described Challenge information is sent to described the property the held evidence to gathering the corresponding data block cryptographic Hash generation property held evidence Tripartite's audit end, wherein, the certification path information is corresponding to set with the challenge information.
Preferably, the data block size is 32K.
Preferably, the preset formula is:
In formula, Φ is data block signature set;σiIt is i-th data block signature;h(mi) it is i-th data block cryptographic Hash; miIt is i-th data block;U is random number;α is private key for user.
As can be seen from the above technical solutions, the embodiment of the present invention has advantages below:
A kind of Merkle Hash trees cloud data integrity auditing method and system are the embodiment of the invention provides, with following Advantage:(1) data storage block message improves Duty-circle on node;(2) certification road is shortened using local authority's root node Electrical path length, reduces auditing by third party end and client computing cost;(3) auditing by third party end only need to be by cloud storage service device end The property held for returning proves that the cryptographic Hash of interior joint is calculated local authority's root node cryptographic Hash, and it is carried out with key then Signature obtains local authority's root node signature, and the local authority's root node signature that just can be returned with cloud storage service device end is compared Pair and checking, and unique root node need not be calculated and signed for integrity verification, greatly improve auditing by third party End and user terminal integrality audit efficiency;(4) freshness of nodal information is maintained by setting up version identifier in node, so that A kind of orderly Merkel's Hash tree BO-MHT authentication data structures of new y-bend are devised, cloud storage service provider is resisted The Replay Attack and forgery attack of CSP, it is ensured that the real-time and security of cloud data integrity audit, and in the data property held Prove to realize a kind of new cloud data integrity audit program using BO-MHT structure designs under PDP models.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing The accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of invention, for those of ordinary skill in the art, without having to pay creative labor, may be used also Other accompanying drawings are obtained with according to these accompanying drawings.
Fig. 1 is that a kind of flow of Merkle Hash trees cloud data integrity auditing method provided in an embodiment of the present invention is illustrated Figure;
Fig. 2 is a kind of another flow of Merkle Hash trees cloud data integrity auditing method provided in an embodiment of the present invention Schematic diagram;
Fig. 3 is a kind of structural representation of Merkle Hash trees cloud data integrity auditing system provided in an embodiment of the present invention Figure;
Fig. 4 (a) and Fig. 4 (b) is a kind of Merkle Hash trees cloud data integrity auditing party provided in an embodiment of the present invention The application examples schematic diagram of method.
Specific embodiment
A kind of Merkle Hash trees cloud data integrity auditing method and system are the embodiment of the invention provides, has been realized Whole property audit function, effectively improves Duty-circle, shortens certification path length, reduces calculating and the communication overhead of system And with audit efficiency higher.
To enable that goal of the invention of the invention, feature, advantage are more obvious and understandable, below in conjunction with the present invention Accompanying drawing in embodiment, is clearly and completely described, it is clear that disclosed below to the technical scheme in the embodiment of the present invention Embodiment be only a part of embodiment of the invention, and not all embodiment.Based on the embodiment in the present invention, this area All other embodiment that those of ordinary skill is obtained under the premise of creative work is not made, belongs to protection of the present invention Scope.
Refer to Fig. 1, the one of a kind of Merkle Hash trees cloud data integrity auditing method provided in an embodiment of the present invention Individual embodiment, including:
101st, user terminal carries out piecemeal operation to subscriber data file and obtains n after generation client public key, private key for user Data block, data block set is generated according to data block, and data block is carried out to be calculated data block cryptographic Hash, by preset public affairs Formula carries out signature calculation to private key for user, data block cryptographic Hash, data block, obtains data block signature set, private further according to user Key to preset local authority's root node cryptographic Hash sign and obtains preset local authority's root node signature;
102nd, user terminal builds the orderly Merkel's Hash tree authentication data structure of y-bend, and by data block set, data block Signature set and preset local authority's root node signature are sent to cloud storage service device end;
103rd, auditing by third party end set (1,2 ..., n) in c element composition data block of random sampling challenge subset, it is logical Cross challenge information and subset generation challenge information is challenged to set according to data block to generating algorithm, and challenge information is sent out set Deliver to cloud storage service device end;
104th, cloud storage service device end is according to the certification being preset in the orderly Merkel's Hash tree authentication data structure of y-bend Routing information obtains secondary path information aggregate, by evidence generating algorithm according to secondary path information aggregate, challenge information pair Set, preset local authority's root node signature, data block set and the data block signature set generation property held evidence, and will hold Property evidence is sent to auditing by third party end, wherein, certification path information is corresponding to set with challenge information;
105th, auditing by third party end gets the secondary path information aggregate and challenge information pair that the property held evidence is included Gather corresponding data block cryptographic Hash, preset local authority's root node signature, to secondary path information aggregate and challenge information pair Gathering corresponding data block cryptographic Hash be calculated first local authority's root node cryptographic Hash, and according to private key for user to the One local authority's root node cryptographic Hash sign and obtains first local authority's root node signature, by first local authority's root node Signature is compared operation with preset local authority's root node signature;
106th, auditing by third party end is comparing after operation passes through, according to client public key, challenge information to gathering, the property held card According to verification operation is carried out, if being verified, confirm that cloud data are complete, if checking does not pass through, confirm that cloud data are damaged.
The agreement of the embodiment of the present invention all carries out encryption and decryption using bit arithmetic to transmission information, agreement is reached ultralight amount Level standard, shortens authenticated time;Meanwhile, the shared key information at label and read write line end is made full use of, encryption and decryption data is reduced Information is introduced and storage, reduction label cost;And dynamically updated and the label irreversible mechanism of Status flag bits by random number, The security of guarantee agreement.The characteristics of realizing high efficiency, low cost, the high safety of label ownership transfer.
Refer to Fig. 2, a kind of Merkle Hash trees cloud data integrity auditing method provided in an embodiment of the present invention it is another One embodiment, including:
201st, user terminal generates client public key and private key for user by public private key pair generating algorithm;
202nd, user terminal carries out piecemeal operation to subscriber data file and obtains n after generation client public key, private key for user Data block, data block set is generated according to data block, and data block is carried out to be calculated data block cryptographic Hash, by preset public affairs Formula carries out signature calculation to private key for user, data block cryptographic Hash, data block, obtains data block signature set, private further according to user Key to preset local authority's root node cryptographic Hash sign and obtains preset local authority's root node signature;
203rd, user terminal builds the orderly Merkel's Hash tree authentication data structure of y-bend, and by data block set, data block Signature set and preset local authority's root node signature are sent to cloud storage service device end;
204th, auditing by third party end set (1,2 ..., n) in c element composition data block of random sampling challenge subset, it is logical Cross challenge information and subset generation challenge information is challenged to set according to data block to generating algorithm, and challenge information is sent out set Deliver to cloud storage service device end;
205th, cloud storage service device end is according to the certification being preset in the orderly Merkel's Hash tree authentication data structure of y-bend Routing information obtains secondary path information aggregate, and according to challenge information to gathering to data set of blocks, data block signature set Signature polymerization is carried out respectively and is calculated the first numerical value, second value, according to the first numerical value, second value, secondary path information Set, preset local authority's root node signature and challenge information generate the property held evidence to the corresponding data block cryptographic Hash of set, And send to auditing by third party end the property held evidence, wherein, certification path information is corresponding to set with challenge information;
206th, auditing by third party end gets the secondary path information aggregate and challenge information pair that the property held evidence is included Gather corresponding data block cryptographic Hash, preset local authority's root node signature, to secondary path information aggregate and challenge information pair Gathering corresponding data block cryptographic Hash be calculated first local authority's root node cryptographic Hash, and according to private key for user to the One local authority's root node cryptographic Hash sign and obtains first local authority's root node signature, by first local authority's root node Signature is compared operation with preset local authority's root node signature;
207th, auditing by third party end is comparing after operation passes through, according to client public key, challenge information to gathering, the property held card According to verification operation is carried out, if being verified, confirm that cloud data are complete, if checking does not pass through, confirm that cloud data are damaged.
Further, data block size is 32K.
Further, preset formula is:
In formula, Φ is data block signature set;σiIt is i-th data block signature;h(mi) it is i-th data block cryptographic Hash; miIt is i-th data block;U is random number;α is private key for user.
The above is the detailed description carried out to a kind of Merkle Hash trees cloud data integrity auditing method, for ease of reason Solution, will be said with a concrete application scene to a kind of application of Merkle Hash trees cloud data integrity auditing method below Bright, application examples includes:
The application example symbol is illustrated as shown in Table 1:
Table one
Symbol Explanation
DO Data owner
TPA Auditing by third party person
CSP Cloud storage service provider
BO-MHT The orderly Merkel's Hash tree of y-bend
The cryptographic Hash of data block
Local authority's root node
Local authority's root node cryptographic Hash
C Authentication data structure
Γ Agency's audit agreement
B Local authority's root node mark;
It is version number's mark
OP Dynamic operation bit-identify
The application example process is as follows:
(1) data owner DO operation public private key pair generating algorithms KeyGen (1k)→(sk,pk):DO selects two at random NumberWith u ∈ G1, k=gαThe public key for calculating then system is k, and private key is α.Wherein,For mould p module 0,1 ..., p-1};G1For rank is the multiplication loop group of p;G is G1The generation unit of group.
(2) data owner DO obtains set of data blocks F=(m to file F fixed size 32K piecemeals1,m2,...,mn) calculate Obtain the cryptographic Hash h (m of data blocki)。
(3) data owner DO service datas block signature algorithm SigGen (F, sk) → (Φ, Sigsk(h(R)),C,Γ)。 Data owner DO is each data block miSignedData block signature set is obtained, further according to described Private key for user preset local authority's root node cryptographic Hash sign obtain preset local authority's root node signature Φ= {σi}1≤i≤n
(4) data owner DO builds the orderly Merkel's Hash tree BO-MHT authentication data structure Cs of y-bend.
(5) stage is challenged:Authorized auditing by third party person TPA proxy data owners DO operation challenge informations are to generation Algorithm ChalGen (1υ)→chal.Auditing by third party person TPA by way of random sampling from the set of data block index (1, 2..., n) in c element composition data block of random sampling challenge subset I=(Q1,Q2,...,Qc) and Q1≤i≤Qc.For i ∈ I, auditing by third party person TPA randomly choose nonnegative integerGeneration challenge information is to set chal=(i, λi),s1≤i≤ sc, chal is periodically sent then to cloud storage service provider CSP and completes checking request task.
(6) acknowledgment phase:Cloud storage service provider CSP receives the chal operation evidences that auditing by third party person TPA sends Generating algorithm ProGen (F, Φ, chal) → Pro.Cloud storage service provider CSP respectively to data block corresponding to i in chal and Data block signature polymerization is calculated μ and σ, then obtains secondary path information aggregate according to certification path information pathFinally return to the property held evidence Give auditing by third party person TPA.Wherein,
Audit phase:Auditing by third party person TPA receives the property the held proof Pro fortune that cloud storage service provider CSP is returned Row integrality audit algorithmAuditing by third party person TPA elder generations CheckingBy secondary path information Ω in cloud storage service provider CSP returns ProiAnd data block Cryptographic Hash h (mi) it is calculated all local authority root node cryptographic Hash f (R*), checking e (Sigα(f ()), g)=e (f (.),gα), and if only if all of f (R*) be verified, checking is then proceeded to,
Whether set up.If setting up BL=1 proves that cloud data are complete, otherwise BL=0 proves that cloud data are damaged.
Specifically, shown in protocol procedures such as Fig. 4 (a) and Fig. 4 (b).
It is understood that data owner in the application example is foregoing user terminal, auditing by third party person is foregoing the Tripartite's audit end, cloud storage service provider is foregoing cloud storage service end.
Refer to Fig. 3, a kind of Merkle Hash trees cloud data integrity auditing system provided in an embodiment of the present invention, bag Include:User terminal, auditing by third party end and cloud storage service device end;
User terminal, auditing by third party end and cloud storage service device end communicate to connect between any two;
User terminal is used for after generation client public key, private key for user, piecemeal operation is carried out to subscriber data file and obtains n Data block, data block set is generated according to data block, and data block is carried out to be calculated data block cryptographic Hash, by preset public affairs Formula carries out signature calculation to private key for user, data block cryptographic Hash, data block, obtains data block signature set, private further according to user Key to preset local authority's root node cryptographic Hash sign and obtains preset local authority's root node signature;
User terminal is additionally operable to build the orderly Merkel's Hash tree authentication data structure of y-bend, and by data block set, data Block signature set and preset local authority's root node signature are sent to cloud storage service device end;
Auditing by third party end be used for set (1,2 ..., n) in c element composition data block of random sampling challenge subset, it is logical Cross challenge information and subset generation challenge information is challenged to set according to data block to generating algorithm, and challenge information is sent out set Deliver to cloud storage service device end;
Cloud storage service device end is used for according to the certification being preset in the orderly Merkel's Hash tree authentication data structure of y-bend Routing information obtains secondary path information aggregate, by evidence generating algorithm according to secondary path information aggregate, challenge information pair Set, preset local authority's root node signature, data block set and the data block signature set generation property held evidence, and will hold Property evidence is sent to auditing by third party end, wherein, certification path information is corresponding to set with challenge information;
Auditing by third party end is additionally operable to get secondary path information aggregate and challenge information that the property held evidence is included To gathering corresponding data block cryptographic Hash, preset local authority's root node signature, to secondary path information aggregate and challenge information Carry out being calculated first local authority's root node cryptographic Hash to gathering corresponding data block cryptographic Hash, and according to private key for user pair First local authority's root node cryptographic Hash sign and obtains first local authority's root node signature, by the first local authority Gen Jie Point signature is compared operation with preset local authority's root node signature;
Auditing by third party end is additionally operable to comparing after operation passes through, according to client public key, challenge information to gathering, the property held Evidence carries out verification operation, if being verified, confirms that cloud data are complete, if checking does not pass through, confirms that cloud data are damaged.
Further, user terminal is additionally operable to generate client public key and private key for user by public private key pair generating algorithm.
Further, cloud storage service device end is additionally operable to basis and is preset in the orderly Merkel's Hash tree authentication data knot of y-bend Certification path information in structure obtains secondary path information aggregate, and according to challenge information to gathering to data set of blocks, data Block signature set carries out signature polymerization and is calculated the first numerical value, second value respectively, according to the first numerical value, second value, auxiliary Routing information set, preset local authority's root node signature and challenge information are helped to the corresponding data block cryptographic Hash generation of set The property held evidence, and the property held evidence is sent to auditing by third party end, wherein, certification path information is with challenge information to set Correspondence.
Further, data block size is 32K.
Further, preset formula is:
In formula, Φ is data block signature set;σiIt is i-th data block signature;h(mi) it is i-th data block cryptographic Hash; miIt is i-th data block;U is random number;α is private key for user.
The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to preceding Embodiment is stated to be described in detail the present invention, it will be understood by those within the art that:It still can be to preceding State the technical scheme described in each embodiment to modify, or equivalent is carried out to which part technical characteristic;And these Modification is replaced, and does not make the spirit and scope of the essence disengaging various embodiments of the present invention technical scheme of appropriate technical solution.

Claims (10)

1. a kind of Merkle Hash trees cloud data integrity auditing method, it is characterised in that including:
User terminal carries out piecemeal operation to subscriber data file and obtains n data block after generation client public key, private key for user, Data block set is generated according to the data block, and the data block is carried out to be calculated data block cryptographic Hash, by preset Formula carries out signature calculation to the private key for user, the data block cryptographic Hash, the data block, obtains data block signature collection Close, preset local authority's root node cryptographic Hash sign further according to the private key for user obtains preset local authority's root node Signature;
The user terminal builds the orderly Merkel's Hash tree authentication data structure of y-bend, and by the data block set, the number Sent to cloud storage service device end according to block signature set and preset local authority's root node signature;
Auditing by third party end set (1,2 ..., n) in c element composition data block of random sampling challenge subset, by challenge letter Breath challenges subset generation challenge information to set to generating algorithm according to the data block, and the challenge information is sent out set Deliver to the cloud storage service device end;
The cloud storage service device end is according to the certification being preset in the orderly Merkel's Hash tree authentication data structure of the y-bend Routing information obtains secondary path information aggregate, by evidence generating algorithm according to the secondary path information aggregate, described choose War information is to set, preset local authority's root node signature, the data block set and data block signature set life Into the property held evidence, and the property the held evidence is sent to the auditing by third party end, wherein, the certification path information with The challenge information is to set correspondence;
The auditing by third party end gets the secondary path information aggregate that the property the held evidence included and described chooses War information is signed to gathering corresponding data block cryptographic Hash, preset local authority's root node, to the secondary path information Set carries out being calculated the first local authoritative root node Hash with the challenge information to the corresponding data block cryptographic Hash of set Value, and according to private key for user authority's root node cryptographic Hash local to described first sign and obtain first local authority's root Node is signed, and described first local authority's root node signature is compared into behaviour with preset local authority's root node signature Make;
The auditing by third party end is compared after operation passes through described, according to the client public key, the challenge information to set, The property the held evidence carries out verification operation, if being verified, confirms that cloud data are complete, if checking does not pass through, confirms cloud Data are damaged.
2. Merkle Hash trees cloud data integrity auditing method according to claim 1, it is characterised in that the user End carries out piecemeal operation to subscriber data file and obtains n data block, according to described after generation client public key, private key for user Data block generates data block set, and the data block is carried out to be calculated data block cryptographic Hash, by preset formula to institute Stating private key for user, the data block cryptographic Hash, the data block carries out signature calculation, obtains data block signature set, further according to The private key for user to preset local authority's root node cryptographic Hash sign before obtaining preset local authority's root node signature Also include:
The user terminal generates the client public key and the private key for user by public private key pair generating algorithm.
3. Merkle Hash trees cloud data integrity auditing method according to claim 2, it is characterised in that the cloud is deposited Storage server end is obtained according to the certification path information being preset in the orderly Merkel's Hash tree authentication data structure of the y-bend Secondary path information aggregate, by evidence generating algorithm according to the secondary path information aggregate, the challenge information to set, Preset local authority's root node signature, the data block set and the data block signature set generation property held evidence, And send to the auditing by third party end property the held evidence, wherein, the certification path information and the challenge information Set correspondence is specifically included:
The cloud storage service device end is according to the certification being preset in the orderly Merkel's Hash tree authentication data structure of the y-bend Routing information obtains secondary path information aggregate, and according to the challenge information to gathering to the data block set, the number Carry out signature polymerization respectively according to block signature set and be calculated the first numerical value, second value, according to first numerical value, described the Two numerical value, the secondary path information aggregate, preset local authority's root node signature and the challenge information are right to gathering The data block cryptographic Hash generation property the held evidence answered, and the property the held evidence is sent to the auditing by third party end, wherein, The certification path information is corresponding to set with the challenge information.
4. Merkle Hash trees cloud data integrity auditing method according to claim 1, it is characterised in that the data Block size is 32K.
5. Merkle Hash trees cloud data integrity auditing method according to claim 1, it is characterised in that described preset Formula is:
Φ = { σ i } 1 ≤ i ≤ n , σ i = ( h ( m i ) . u m i ) α ;
In formula, Φ is data block signature set;σiIt is i-th data block signature;h(mi) it is i-th data block cryptographic Hash;miFor I-th data block;U is random number;α is private key for user.
6. a kind of Merkle Hash trees cloud data integrity auditing system, it is characterised in that including:User terminal, auditing by third party End and cloud storage service device end;
The user terminal, the auditing by third party end and the cloud storage service device end communicate to connect between any two;
The user terminal is used for after generation client public key, private key for user, piecemeal operation is carried out to subscriber data file and obtains n Data block, data block set is generated according to the data block, and the data block is carried out to be calculated data block cryptographic Hash, is led to Cross preset formula carries out signature calculation to the private key for user, the data block cryptographic Hash, the data block, obtains data block label Name set, preset local authority's root node cryptographic Hash sign further according to the private key for user obtains preset local authority's root Node is signed;
The user terminal be additionally operable to build the orderly Merkel's Hash tree authentication data structure of y-bend, and by the data block set, The data block signature set and preset local authority's root node signature are sent to cloud storage service device end;
The auditing by third party end be used for set (1,2 ..., n) in c element composition data block of random sampling challenge subset, it is logical Cross challenge information and subset generation challenge information is challenged to set according to the data block to generating algorithm, and by the challenge information Set is sent to the cloud storage service device end;
The cloud storage service device end is used for basis and is preset in the orderly Merkel's Hash tree authentication data structure of the y-bend Certification path information obtains secondary path information aggregate, by evidence generating algorithm according to the secondary path information aggregate, institute Challenge information is stated to set, preset local authority's root node signature, the data block set and data block signature collection Symphysis is sent to the auditing by third party end property the held evidence into the property held evidence, wherein, the certification path letter Breath is corresponding to set with the challenge information;
The auditing by third party end be additionally operable to get the secondary path information aggregate that the property the held evidence included and The challenge information is signed to gathering corresponding data block cryptographic Hash, preset local authority's root node, to the auxiliary route Footpath information aggregate and the challenge information carry out being calculated the first local authority Gen Jie to the corresponding data block cryptographic Hash of set Point cryptographic Hash, and according to private key for user authority's root node cryptographic Hash local to described first sign that to obtain first local Authoritative root node signature, described first local authority's root node signature is compared with preset local authority's root node signature Relatively operate;
The auditing by third party end is additionally operable to compare after operation passes through described, according to the client public key, the challenge information Verification operation is carried out to set, the property the held evidence, if being verified, confirms that cloud data are complete, if checking does not pass through, Confirm that cloud data are damaged.
7. Merkle Hash trees cloud data integrity auditing system according to claim 6, it is characterised in that the user End is additionally operable to generate the client public key and the private key for user by public private key pair generating algorithm.
8. Merkle Hash trees cloud data integrity auditing system according to claim 7, it is characterised in that the cloud is deposited Storage server end is additionally operable to according to the certification path letter being preset in the orderly Merkel's Hash tree authentication data structure of the y-bend Breath obtains secondary path information aggregate, and according to the challenge information to gathering to the data block set, the data block label Name set carries out signature polymerization and is calculated the first numerical value, second value respectively, according to first numerical value, second number Value, the secondary path information aggregate, preset local authority's root node signature are corresponding to set with the challenge information Data block cryptographic Hash generates the property held evidence, and the property the held evidence is sent to the auditing by third party end, wherein, it is described Certification path information is corresponding to set with the challenge information.
9. Merkle Hash trees cloud data integrity auditing system according to claim 6, it is characterised in that the data Block size is 32K.
10. Merkle Hash trees cloud data integrity auditing system according to claim 6, it is characterised in that described pre- Putting formula is:
Φ = { σ i } 1 ≤ i ≤ n , σ i = ( h ( m i ) . u m i ) α ;
In formula, Φ is data block signature set;σiIt is i-th data block signature;h(mi) it is i-th data block cryptographic Hash;miFor I-th data block;U is random number;α is private key for user.
CN201710150247.5A 2017-03-14 2017-03-14 A kind of Merkle Hash trees cloud data integrity auditing method and system Pending CN106845280A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710150247.5A CN106845280A (en) 2017-03-14 2017-03-14 A kind of Merkle Hash trees cloud data integrity auditing method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710150247.5A CN106845280A (en) 2017-03-14 2017-03-14 A kind of Merkle Hash trees cloud data integrity auditing method and system

Publications (1)

Publication Number Publication Date
CN106845280A true CN106845280A (en) 2017-06-13

Family

ID=59144519

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710150247.5A Pending CN106845280A (en) 2017-03-14 2017-03-14 A kind of Merkle Hash trees cloud data integrity auditing method and system

Country Status (1)

Country Link
CN (1) CN106845280A (en)

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107231370A (en) * 2017-06-23 2017-10-03 成都鼎智汇科技有限公司 A kind of data monitoring method based on cloud computing
CN107682379A (en) * 2017-11-22 2018-02-09 南京汽车集团有限公司 Safe information transmission device, transmission method and storage method based on homomorphic cryptography
CN108111313A (en) * 2018-01-12 2018-06-01 哈尔滨工业大学深圳研究生院 The method that auditing by third party is carried out to the user file stored on Cloud Server
CN108173651A (en) * 2018-02-11 2018-06-15 众算(上海)数据科技有限公司 Quantum key distribution method after one kind is own
CN108229208A (en) * 2018-01-08 2018-06-29 华侨大学 A kind of public audit method of more copy datas in cloud storage service
CN108985102A (en) * 2018-06-22 2018-12-11 中国电子科技集团公司电子科学研究院 Data integrity verification method, device, system and storage medium
CN108985936A (en) * 2018-07-09 2018-12-11 北京中电普华信息技术有限公司 A kind of auditing method and system based on intelligent contract
CN109033757A (en) * 2018-07-19 2018-12-18 清华大学 A kind of data sharing method and system
CN109347639A (en) * 2018-09-21 2019-02-15 浪潮电子信息产业股份有限公司 A kind of generation method and device of sequence number
CN109586896A (en) * 2018-11-14 2019-04-05 陕西师范大学 A kind of data integrity verification method based on Hash prefix trees
CN110288445A (en) * 2019-06-28 2019-09-27 杭州复杂美科技有限公司 Decentralization storage method, equipment and storage medium
CN110460447A (en) * 2019-08-16 2019-11-15 东北大学秦皇岛分校 Edge calculations data accountability system and auditing method based on Hash binary tree
CN110505052A (en) * 2019-08-28 2019-11-26 安徽大学 It is a kind of protect data-privacy cloud data verification method is disclosed
CN110708277A (en) * 2018-07-10 2020-01-17 皇家飞利浦有限公司 Method and apparatus for hybrid trust management for health record auditing
CN110958109A (en) * 2019-10-12 2020-04-03 上海电力大学 Light dynamic data integrity auditing method based on hierarchical Mercker Hash tree
WO2020151330A1 (en) * 2019-01-23 2020-07-30 平安科技(深圳)有限公司 Data possession verification method and terminal device
CN111625258A (en) * 2020-05-22 2020-09-04 深圳前海微众银行股份有限公司 Mercker tree updating method, device, equipment and readable storage medium
US20200313859A1 (en) * 2019-03-29 2020-10-01 Accenture Global Solutions Limited Cryptologic Blockchain-Based Off-Chain Storage Verification
CN111898164A (en) * 2020-07-02 2020-11-06 武汉纺织大学 Data integrity auditing method supporting tag block chain storage and query
CN112217629A (en) * 2020-10-13 2021-01-12 安徽大学 Cloud storage public auditing method
CN112291236A (en) * 2020-10-28 2021-01-29 青岛大学 Cloud data ownership verification method, device, equipment and medium
CN112311548A (en) * 2020-03-25 2021-02-02 北京沃东天骏信息技术有限公司 Data possession verification method, system, apparatus, and computer-readable storage medium
CN112637203A (en) * 2020-12-18 2021-04-09 中国人民解放军战略支援部队信息工程大学 Large data stream verification method and system
WO2021076055A1 (en) * 2019-10-18 2021-04-22 Illinois At Singapore Pte Ltd Message authentication
CN113536396A (en) * 2021-07-20 2021-10-22 重庆邮电大学 Safety management method based on data storage
CN113722767A (en) * 2021-09-03 2021-11-30 南京南瑞信息通信科技有限公司 Data integrity verification method, system, storage medium and computing equipment
CN113746836A (en) * 2021-09-03 2021-12-03 南京南瑞信息通信科技有限公司 Data holding verification method and system
WO2023020429A1 (en) * 2021-08-20 2023-02-23 清华大学 Data auditing method and apparatus, and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103268460A (en) * 2013-06-20 2013-08-28 北京航空航天大学 Integrity verification method of cloud storage data
CN104899525A (en) * 2015-06-12 2015-09-09 电子科技大学 Cloud data integrity proving scheme with improved dynamic operations

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103268460A (en) * 2013-06-20 2013-08-28 北京航空航天大学 Integrity verification method of cloud storage data
CN104899525A (en) * 2015-06-12 2015-09-09 电子科技大学 Cloud data integrity proving scheme with improved dynamic operations

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张亚芳: "支持动态操作的云数据审计协议研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107231370A (en) * 2017-06-23 2017-10-03 成都鼎智汇科技有限公司 A kind of data monitoring method based on cloud computing
CN107682379A (en) * 2017-11-22 2018-02-09 南京汽车集团有限公司 Safe information transmission device, transmission method and storage method based on homomorphic cryptography
CN108229208A (en) * 2018-01-08 2018-06-29 华侨大学 A kind of public audit method of more copy datas in cloud storage service
CN108229208B (en) * 2018-01-08 2021-03-23 华侨大学 Public auditing method for multi-copy data in cloud storage service
CN108111313A (en) * 2018-01-12 2018-06-01 哈尔滨工业大学深圳研究生院 The method that auditing by third party is carried out to the user file stored on Cloud Server
CN108111313B (en) * 2018-01-12 2021-05-18 哈尔滨工业大学深圳研究生院 Method for performing third-party audit on user file stored on cloud server
CN108173651A (en) * 2018-02-11 2018-06-15 众算(上海)数据科技有限公司 Quantum key distribution method after one kind is own
CN108985102A (en) * 2018-06-22 2018-12-11 中国电子科技集团公司电子科学研究院 Data integrity verification method, device, system and storage medium
CN108985936A (en) * 2018-07-09 2018-12-11 北京中电普华信息技术有限公司 A kind of auditing method and system based on intelligent contract
CN110708277A (en) * 2018-07-10 2020-01-17 皇家飞利浦有限公司 Method and apparatus for hybrid trust management for health record auditing
CN109033757B (en) * 2018-07-19 2022-04-05 湖南岳麓山数据科学与技术研究院有限公司 Data sharing method and system
CN109033757A (en) * 2018-07-19 2018-12-18 清华大学 A kind of data sharing method and system
CN109347639A (en) * 2018-09-21 2019-02-15 浪潮电子信息产业股份有限公司 A kind of generation method and device of sequence number
CN109347639B (en) * 2018-09-21 2021-06-29 浪潮电子信息产业股份有限公司 Method and device for generating serial number
CN109586896B (en) * 2018-11-14 2021-09-03 陕西师范大学 Data integrity verification method based on Hash prefix tree
CN109586896A (en) * 2018-11-14 2019-04-05 陕西师范大学 A kind of data integrity verification method based on Hash prefix trees
WO2020151330A1 (en) * 2019-01-23 2020-07-30 平安科技(深圳)有限公司 Data possession verification method and terminal device
US20200313859A1 (en) * 2019-03-29 2020-10-01 Accenture Global Solutions Limited Cryptologic Blockchain-Based Off-Chain Storage Verification
CN110288445A (en) * 2019-06-28 2019-09-27 杭州复杂美科技有限公司 Decentralization storage method, equipment and storage medium
CN110288445B (en) * 2019-06-28 2024-03-05 杭州复杂美科技有限公司 Decentralised storage method, device and storage medium
CN110460447B (en) * 2019-08-16 2022-07-08 东北大学秦皇岛分校 Hash binary tree-based edge calculation data auditing system and auditing method
CN110460447A (en) * 2019-08-16 2019-11-15 东北大学秦皇岛分校 Edge calculations data accountability system and auditing method based on Hash binary tree
CN110505052B (en) * 2019-08-28 2022-11-25 安徽大学 Cloud data public verification method for protecting data privacy
CN110505052A (en) * 2019-08-28 2019-11-26 安徽大学 It is a kind of protect data-privacy cloud data verification method is disclosed
CN110958109B (en) * 2019-10-12 2023-09-19 上海电力大学 Light dynamic data integrity auditing method based on hierarchical merck hash tree
CN110958109A (en) * 2019-10-12 2020-04-03 上海电力大学 Light dynamic data integrity auditing method based on hierarchical Mercker Hash tree
WO2021076055A1 (en) * 2019-10-18 2021-04-22 Illinois At Singapore Pte Ltd Message authentication
CN112311548A (en) * 2020-03-25 2021-02-02 北京沃东天骏信息技术有限公司 Data possession verification method, system, apparatus, and computer-readable storage medium
CN111625258A (en) * 2020-05-22 2020-09-04 深圳前海微众银行股份有限公司 Mercker tree updating method, device, equipment and readable storage medium
CN111898164A (en) * 2020-07-02 2020-11-06 武汉纺织大学 Data integrity auditing method supporting tag block chain storage and query
CN111898164B (en) * 2020-07-02 2024-03-29 武汉纺织大学 Data integrity auditing method supporting label block chain storage and query
CN112217629B (en) * 2020-10-13 2022-07-22 安徽大学 Cloud storage public auditing method
CN112217629A (en) * 2020-10-13 2021-01-12 安徽大学 Cloud storage public auditing method
CN112291236A (en) * 2020-10-28 2021-01-29 青岛大学 Cloud data ownership verification method, device, equipment and medium
CN112637203A (en) * 2020-12-18 2021-04-09 中国人民解放军战略支援部队信息工程大学 Large data stream verification method and system
CN113536396A (en) * 2021-07-20 2021-10-22 重庆邮电大学 Safety management method based on data storage
WO2023020429A1 (en) * 2021-08-20 2023-02-23 清华大学 Data auditing method and apparatus, and storage medium
CN113722767A (en) * 2021-09-03 2021-11-30 南京南瑞信息通信科技有限公司 Data integrity verification method, system, storage medium and computing equipment
CN113746836A (en) * 2021-09-03 2021-12-03 南京南瑞信息通信科技有限公司 Data holding verification method and system

Similar Documents

Publication Publication Date Title
CN106845280A (en) A kind of Merkle Hash trees cloud data integrity auditing method and system
Al Amiri et al. Privacy-preserving smart parking system using blockchain and private information retrieval
CN109829326B (en) Cross-domain authentication and fair audit de-duplication cloud storage system based on block chain
CN103501352B (en) A kind of cloud storage data method for auditing safely allowing group user identity to cancel
CN110300107A (en) A kind of car networking secret protection trust model based on block chain
CN111245837B (en) Block chain-based vehicle networking data sharing fine-grained access control method
CN110581839B (en) Content protection method and device
CN105227317A (en) A kind of cloud data integrity detection method and system supporting authenticator privacy
CN109861828A (en) A kind of node access and node authentication method based on edge calculations
CN112668028B (en) Intelligent data quick encryption transmission system based on block chain
CN108449329A (en) Data security protection method based on cloud computing and device
Elkhalil et al. An efficient heterogeneous blockchain-based online/offline signcryption systems for internet of vehicles
Badr et al. Blockchain-based ride-sharing system with accurate matching and privacy-preservation
Van Aubel et al. Non-repudiation and End-to-End security for electric-vehicle charging
CN101741903B (en) Group-based trust data management method in mobile P2P network
Yu et al. Provable data possession supporting secure data transfer for cloud storage
CN110377225A (en) A method of it supporting the transfer of outsourcing data safety and can verify that deletion
CN101383823B (en) Network resource access control method in reliable access
Gañán et al. Toward revocation data handling efficiency in VANETs
Hegde et al. Hash based integrity verification for vehicular cloud environment
CN115189903A (en) Distributed access control method supporting privacy protection in Internet of vehicles
Chen et al. Ensuring dynamic data integrity with public auditability for cloud storage
Zhao et al. Secure public storage auditing protocol for privacy-preserving fog-to-cloud computing
CN208227076U (en) A kind of data security protecting device based on cloud computing
Wang et al. A consortium blockchain-based model for data sharing in Internet of Vehicles

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170613

RJ01 Rejection of invention patent application after publication