CN107197037A - A kind of data access method and system with audit function based on Cloud Server - Google Patents

A kind of data access method and system with audit function based on Cloud Server Download PDF

Info

Publication number
CN107197037A
CN107197037A CN201710500371.XA CN201710500371A CN107197037A CN 107197037 A CN107197037 A CN 107197037A CN 201710500371 A CN201710500371 A CN 201710500371A CN 107197037 A CN107197037 A CN 107197037A
Authority
CN
China
Prior art keywords
data
encryption
cloud server
file
subscriber terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710500371.XA
Other languages
Chinese (zh)
Other versions
CN107197037B (en
Inventor
韦鹏程
雷烈
李莉
尹胜
吴迎莹
周震
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Education
Original Assignee
Chongqing University of Education
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Education filed Critical Chongqing University of Education
Priority to CN201710500371.XA priority Critical patent/CN107197037B/en
Publication of CN107197037A publication Critical patent/CN107197037A/en
Application granted granted Critical
Publication of CN107197037B publication Critical patent/CN107197037B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of data access method and system with audit function based on Cloud Server, this method includes:Data subscriber terminal generates encryption key, and to encryption data storage is arrived into Cloud Server after file block encryption;Data subscriber terminal sends the number of times t for extracting request of data and encryption key to Cloud Server, and ciphertext data is returned to data subscriber terminal by Cloud Server;Authorized user's terminal sends authorization requests to data subscriber terminal, number of times t encryption of the data subscriber terminal to encryption key returns to authorized user's terminal after obtaining encryption authorization request label t_sign, authorized user's terminal sends to Cloud Server and extracts request of data and t_sign, number of times t ' is obtained after Cloud Server decryption, ciphertext data is returned into authorized user's terminal when judging that t ' is equal with number of times t, it is otherwise non-decrypting.The identity of authorized user's terminal is verified the invention provides the data extraction scheme of authorized user's terminal, and using the number of times of encryption key, the security of data access method is improved.

Description

A kind of data access method and system with audit function based on Cloud Server
The application is the divisional application of entitled " a kind of data access method and system based on Cloud Server ", former The applying date of application is 2017.2.24, Application No. 201710105793.7.
Technical field
Deposited the present invention relates to encryption technology field, more particularly to a kind of data with audit function based on Cloud Server Take method and system.
Background technology
Cloud storage is an important equipment in cloud computing, and it allows data user to transfer their local data to Cloud Server, and local user can delete the data after it ensure that Cloud Server have properly stored local data.Number According to user may concern of data either with or without the risk lost in Cloud Server because no matter the reliability of Cloud Server has More high, it has by the possibility of outside world, and sometimes even Cloud Server it could also be possible that malice cloud, i.e., one dislike Meaning cloud, when its processing data, audit query is all transparent to it, and therefore, the malice cloud knows whether user have received Checking information, now malice cloud can just forge audit information allow user take for storage data be correct.Sum it up, On the one hand cloud storage technology saves memory space for data user, on the other hand states and is contracted out to the data of Cloud Server and is Correctly stored.
Traditional cloud storage, the integrality of user's detection data is based on two sides storage audit agreement.However, in cloud clothes Be engaged in device end or user terminal produce audit query be all inappropriate because both of which is it cannot be guaranteed that can provide just Auditing result.In this case, audited in cloud storage using tripartite just into an optimal selection.One good three Side's audit be by it audit efficiency and whether can guarantee that Cloud Server and data user correctly interact and weigh.
For tripartite's audit, there are many people to put forward correlation theory, summed up to may be summarized to be at 3 points:1) protect Close property, that is, agreement of auditing should be ensured that user data is audited to tripartite and maintain secrecy;2) dynamic auditing, that is, agreement of auditing should support number Updated according to dynamic beyond the clouds;3) batch is audited, that is, agreement of auditing supports that allow many Cloud Servers of multi-user to carry out batch examines Meter.Tripartite's audit model is as shown in Figure 1:
Including three entities, i.e. data subscriber terminal 100, Cloud Server 200 and auditing by third party 300.Local Data subscriber terminal 100 is used for generating data and by its data storage in Cloud Server 200, the storage user's of Cloud Server 200 Data are simultaneously available for user to extract data at any time, and auditing by third party 300 can be that data subscriber terminal 100 and Cloud Server 200 are provided Data storage auditing service, for example can be in data subscriber terminal 100 to after the data storage of Cloud Server 200, to Cloud Server 200 Challenge is initiated, and receives the proof of the return of Cloud Server 200, to verify that data subscriber terminal 100 is contracted out to Cloud Server 200 Whether data keep complete.Because if the data that Cloud Server 200 is preserved are imperfect, it is also just nonsensical that user extracts data again ;Use auditing by third party 300 as an independent entity simultaneously, the pressure of Cloud Server 200 can also be mitigated.
It is not that only local user extracts the outer bag data of Cloud Server 200 however, in practical operation, it is non-local User can also extract the outer bag data due to being actually needed, and lack the safety that data are extracted to non-local user in the prior art Effective scheme.
The content of the invention
The technical problem to be solved in the present invention is to extract the safety of data to non-local user for lacking in the prior art The defect of effective scheme passes through the number of times to encryption key there is provided a kind of data access method and system based on Cloud Server Verified and extract data-selected scheme to provide authorized user non-indigenous.
In order to solve the above-mentioned technical problem, the present invention is adopted the following technical scheme that:
First aspect present invention there is provided a kind of data access method based on Cloud Server, including:
Data storing steps:Data subscriber terminal generates encryption key, and file block is added using the encryption key Cloud Server is arrived into encryption data storage after close;
Data user's extraction step:The data subscriber terminal to Cloud Server send extract request of data and it is described plus Ciphertext data is returned to data subscriber terminal by the number of times t of key, the Cloud Server;
Authorized user's extraction step:Authorized user's terminal sends authorization requests to the data subscriber terminal;The data The number of times t of encryption key is encrypted user terminal obtains returning to the mandate use after encryption authorization request label t_sign Family terminal;Authorized user's terminal is sent to Cloud Server extracts request of data and encryption authorization request label t_ Sign, Cloud Server obtains number of times t ' after the encryption authorization request label t_sign of reception is decrypted, and is judging t ' with depositing Ciphertext data is returned into authorized user's terminal when the number of times t of storage is equal, ciphertext data is not otherwise understood.
Preferably, methods described also includes:
Store audit steps:The data subscriber terminal is to taking out the encryption file after Cloud Server data storage Image information is sent to auditing by third party, and the auditing by third party is according to the abstracted information of the encryption file to the Cloud Server Initiate challenge, and the challenge returned according to Cloud Server corresponding checking be stored in Cloud Server data it is whether complete It is whole, and the result is fed back into the data subscriber terminal.
Preferably, methods described also includes:
Extract audit steps:The data subscriber terminal or authorized user's terminal will solve ciphertext after receiving and deciphering data The abstracted information of part is sent to auditing by third party, the auditing by third party according to the abstracted information of the decryption file of reception judge with Whether the abstracted information for the encryption file that initial data user terminal is sent when encrypting is equal, is sent without re-encrypted Checking information gives the data subscriber terminal, and otherwise transmission needs the checking information of re-encrypted to the data subscriber terminal.
Preferably, the data storing steps include:
Key generates sub-step:File F is divided into n data block, m is designated asi∈Zp, i ∈ I, I=[1, n];Generation encryption Key, the encryption key includes the encryption key key_cml of file, and after file block each data block label it is close Key skt, Hash key skhWith label public key pkt=(gx,ux);Wherein, x ∈ ZpFor random number, skt=ytag,ytagBe one with Machine prime number, ytag1,ytag2,.....,ytagnIt is and ytagRelatively prime prime number, and find a random number s so thatE is a prime number;
File encryption sub-step:The label of each data block is designated as after file F piecemealsti∈Zp, total mark Label are designated as T={ ti}i∈[1,n];Label after generation is attached in corresponding data block and realizes data blinding, m is designated asi'=mi+ ti
Data send sub-step:Encryption data is sent to Cloud Server, the encryption data includes the encryption number of file According to, encryption file abstracted information and tape label authentication information;The encryption data of the file is F '={ mi′}i∈[1,n], institute The authentication information for stating tape label isWherein Ri=FID | | i, FID are identification text The identification information of part, " | | " indicate for series connection.
Preferably, the storage audit steps includes:
Request sends sub-step:Audit request is sent to third party by data subscriber terminal after data storing steps are performed Abstracted information and label public key pk containing encryption file in audit, the audit requestt
Initiate challenge sub-step:Auditing by third party definition challengeAnd initiate to challenge to Cloud Server;Its In, viThe random number produced for each piece of correspondence of encryption data, Q=pkt qIt is a challenge collection, q ∈ ZpIt is a random number;
Prove sub-step:Corresponding proof P=(ρ, ω, ε, τ) is generated after challenging described in the cloud server to return to The auditing by third party;Wherein, authentication informationρiSmart-tag authentication is gone to believe for each piece in the encryption data Breath,
Verify sub-step:The auditing by third party is received after the corresponding proof that Cloud Server is returned by formulaThe correctness of audit certification is verified, if the equation is set up, judgement is deposited Store up Cloud Server data be it is complete, it is otherwise imperfect.
Second aspect of the present invention there is provided a kind of data access arrangement based on Cloud Server, at least including Cloud Server, Data subscriber terminal and authorized user's terminal;
The data subscriber terminal is used to generate encryption key, and uses the encryption key will after being encrypted to file block Cloud Server is arrived in encryption data storage;The data subscriber terminal, which is additionally operable to send to Cloud Server when extracting data, extracts number According to request and the number of times t of the encryption key, and receive the ciphertext data that the Cloud Server is returned;The data user is whole End is additionally operable to be added after the number of times t of encryption key is encrypted when receiving the authorization requests that data subscriber terminal is sent Authorized user's terminal is returned to after close authorization requests label t_sign;
Authorized user's terminal is used to send authorization requests to the data subscriber terminal and the encryption authorization please Seek label t_sign;
The Cloud Server is used to store the encryption data that the data subscriber terminal is sent;The Cloud Server is additionally operable to Ciphertext data is returned into number after receiving the extraction request of data of data subscriber terminal transmission and the number of times t of the encryption key According to user terminal;The Cloud Server is additionally operable to please in the extraction request of data and encryption authorization for receiving the transmission of authorized user's terminal Ask and number of times t ' is obtained after being decrypted after label t_sign, return ciphertext data when judging that t ' is equal with the number of times t stored Authorized user's terminal is given, ciphertext data is not otherwise understood.
Preferably, the system also includes auditing by third party, including:
Store Audit Module, for according to data subscriber terminal to the encryption file provided after Cloud Server data storage Abstracted information to the Cloud Server initiate challenge, and the challenge returned according to Cloud Server corresponding checking storage It is whether complete in the data of Cloud Server, and the result is fed back into data subscriber terminal;And/or
Audit Module is extracted, for receiving the data subscriber terminal or authorized user's terminal after receiving and deciphering data The abstracted information of the decryption file of transmission, and judged and initial data user terminal according to the abstracted information of the decryption file of reception Whether the abstracted information of the encryption file sent during encryption is equal, is to send the checking information without re-encrypted to the number According to user terminal, otherwise transmission needs the checking information of re-encrypted to the data subscriber terminal.
Preferably, the data subscriber terminal includes:
Key production module, for file F to be divided into n data block, is designated as mi∈Zp, i ∈ I, I=[1, n];Generation adds Key, the encryption key includes the encryption key key_cml of file, and after file block each data block label Key skt, Hash key skhWith label public key pkt=(gx,ux);Wherein, x ∈ ZpFor random number, skt=ytag,ytagIt is one Random prime numbers, ytag1,ytag2,.....,ytagnIt is and ytagRelatively prime prime number, and find a random number s so thatE is a prime number;
File encryption module, for the label of each data block after file F piecemeals to be designated asti∈Zp, always Label be designated as T={ ti}i∈[1,n];Label after generation is attached in corresponding data block and realizes data blinding, m is designated asi' =mi+ti
Communication module, for encryption data to be sent to Cloud Server, encryption data of the encryption data including file, Encrypt the abstracted information of file and the authentication information of tape label;The encryption data of the file is F '={ mi′}i∈[1,n], it is described The authentication information of tape label isWherein Ri=FID | | i, FID are identification file Identification information, " | | " is series connection mark;The communication module is additionally operable to audit request being sent to auditing by third party, the audit Abstracted information and label public key pk containing encryption file in requestt
Preferably, the storage Audit Module includes:
Challenge unit is initiated, for defining challengeAnd initiate to challenge to Cloud Server;Wherein, viFor The random number that each piece of correspondence of encryption data is produced, Q=pkt qIt is a challenge collection, q ∈ ZpIt is a random number;
By formula after authentication unit, the corresponding proof for receiving Cloud Server return in the auditing by third partyThe correctness of audit certification is verified, if the equation is set up, judgement is deposited Store up Cloud Server data be it is complete, it is otherwise imperfect.
Preferably, the Cloud Server includes:
Memory module, for storing the encryption data that the data subscriber terminal is sent;
Module is proved, corresponding proof P=(ρ, ω, ε, τ) is generated after the challenge for receiving auditing by third party transmission Return to the auditing by third party;Wherein, authentication informationρiLabel is gone to recognize for each piece in the encryption data Demonstrate,prove information,
Deciphering module, for receiving the extraction request of data of data subscriber terminal transmission and the number of times of the encryption key Ciphertext data is returned into authorized user after t;The deciphering module is additionally operable to receiving the extraction number that authorized user's terminal is sent According to number of times t ' is obtained after being decrypted after request and encryption authorization request label t_sign, when judging that t ' is equal with the t stored Ciphertext data is returned into authorized user's terminal, ciphertext data is not otherwise understood.
Implement the data access method and system based on Cloud Server of the present invention, have the advantages that:
1st, the invention provides the data extraction scheme of authorized user's terminal, and used using the number of times of encryption key authorizing The identity of family terminal is verified, on the one hand makes the checking related to encryption key, and on the other hand implementing more simply has Effect, operand will not be increased while data access method security is improved again.
2nd, the challenge collection that uses of the present invention is to come out all tag extractions after file block, is made up of all labels Challenge collection, the calculating adds complexity, improves the security of data transfer to a certain extent, it is to avoid because key quilt Parse easily and cause data to be trapped.On the other hand, the computation complexity of the challenge will not be too high, to ensure operand in conjunction In the range of reason.
3rd, the decryption oprerations of data are completed by Cloud Server in the present invention, because the computing capability of Cloud Server is much larger than User terminal, can largely mitigate the amount of calculation of user terminal.
Brief description of the drawings
Fig. 1 is tripartite's audit model figure in the prior art;
Fig. 2 is the illustraton of model of the data access arrangement based on Cloud Server according to the preferred embodiment of the present invention;
Fig. 3 is the flow chart of the data access method based on Cloud Server according to the preferred embodiment of the present invention;
Fig. 4 is the interaction figure of the data access method based on Cloud Server according to the preferred embodiment of the present invention;
Fig. 5 is the functional block diagram of the auditing by third party according to the preferred embodiment of the present invention;
Fig. 6 is the functional block diagram of the data subscriber terminal according to the preferred embodiment of the present invention;
Fig. 7 is the functional block diagram of the Cloud Server according to the preferred embodiment of the present invention.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is A part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, ordinary skill people The every other embodiment that member is obtained on the premise of creative work is not made, belongs to the scope of protection of the invention.
Referring to Fig. 2, being the illustraton of model of the data access arrangement based on Cloud Server according to the preferred embodiment of the present invention. As shown in Fig. 2 being somebody's turn to do the data access arrangement based on Cloud Server at least includes data subscriber terminal 100, Cloud Server 200 and awards Weigh user terminal 400.Wherein data subscriber terminal 100 is the local user that initial data is stored to Cloud Server 200, authorizes and uses Family terminal 400 is non-local user.
Fig. 3 is please referred to, is the stream of the data access method based on Cloud Server according to the preferred embodiment of the present invention Cheng Tu.The data access method based on Cloud Server is realized based on above-mentioned data access arrangement.As shown in figure 3, the present invention is excellent The data access method based on Cloud Server for selecting embodiment to provide at least comprises the following steps:
First, in step sl, data storing steps are performed, encryption key are generated by data subscriber terminal 100, and use Encryption data storage is arrived Cloud Server 200 by the encryption key after being encrypted to file block.The encryption data is also known as outsourcing Data.
Then, in step s 2, data user's extraction step is performed, is sent out from data subscriber terminal 100 to Cloud Server 200 The number of times t for extracting request of data and the encryption key is sent, the extraction request of data contains foregoing encryption key.Cloud Server 200 obtain ciphertext data after data are decrypted using the encryption key after receiving the request, and ciphertext data is returned To data subscriber terminal 100, while the number of times t for storing the encryption key is standby.
Finally, in step s3, authorized user's extraction step is performed, from authorized user's terminal 400 to data subscriber terminal 100 send authorization requests.Data subscriber terminal 100 is confirmed after the identity of authorized user's terminal 400, to the secondary of the encryption key Number t, which is encrypted, obtains encryption authorization request label t_sign, and encryption authorization request label t_sign is returned into mandate use Family terminal 400.Preferably, encryption key is also sent to authorized user's terminal 400 by the data subscriber terminal 100 in the lump.Afterwards, Authorized user's terminal 400 is sent to Cloud Server 200 extracts request of data and encryption authorization request label t_sign, cloud The encryption authorization request label t_sign of 200 pairs of receptions of server obtains number of times t ' after being decrypted, and is judging t ' and the t of storage Ciphertext data is returned into authorized user's terminal 400 when equal, ciphertext data is not otherwise understood.The present invention utilizes the number of times of encryption key T carries out the checking of authorized user's terminal, is on the one hand related to encryption key, on the other hand implements easy and effective, carrying Operand will not be increased while high data access method security again.
In preferred embodiment of the invention, also with auditing by third party function.Correspondingly, based on Cloud Server Data access arrangement also includes auditing by third party 300.The auditing by third party 300 has storage audit function and/or extracts audit Function.Therefore, accordingly, being somebody's turn to do the data access method based on Cloud Server also includes storage audit steps and/or extracts audit Step.
Wherein storage audit steps can in abovementioned steps S1 data subscriber terminal 100 to the data storage of Cloud Server 200 After perform, the storage audit steps includes:Data subscriber terminal 100 will encrypt file to after the data storage of Cloud Server 200 Abstracted information be sent to auditing by third party 300.Auditing by third party 300 is according to the abstracted information of the encryption file to cloud service Device 200 initiates challenge, and the corresponding checking of the challenge returned according to Cloud Server is stored in the data of Cloud Server 200 It is whether complete, and the result is fed back into data subscriber terminal 100.
Extracting audit steps can perform after abovementioned steps S2 and/or S3, and the extraction audit steps includes:By data user The abstracted information for decrypting file is sent to third party after receiving and deciphering data and examined by terminal 100 or authorized user's terminal 400 Meter 300.Auditing by third party 300 judges to encrypt with initial data user terminal 100 according to the abstracted information of the decryption file of reception When the abstracted information of encryption file that sends it is whether equal, be that the checking information sent without re-encrypted is whole to data user End 100, otherwise transmission needs the checking information of re-encrypted to data subscriber terminal 100.
Fig. 4 is please referred to, is the friendship of the data access method based on Cloud Server according to the preferred embodiment of the present invention Mutually scheme.If the data that storage is needed in the present invention are file F, including the various forms file such as image, text, below with file F It is specifically described for image citing.As shown in figure 4, being somebody's turn to do the data access method based on Cloud Server specifically includes following step Suddenly:
First, data storing steps are performed in step S401-S403, specifically included:
S401, execution key generation sub-step KeyGen → (key_cml, pkt,skt,skh):By data subscriber terminal 100 The image of file F such as inputs is divided into n data block, m is designated asi∈Zp, i ∈ I, I=[1, n].Data subscriber terminal 100 will Local image is stored to Cloud Server 200, it is necessary to which first image is encrypted, each piece of the image after encryption all corresponds to one Block label, label is also required to be encrypted, and being then then stored into high in the clouds, therefore the step needs first to generate encryption key, should Encryption key includes the encryption key key_cml of file, and after file block each data block label key skt, breathe out Uncommon key skhWith label public key pkt=(gx,ux);Wherein, x ∈ ZpFor a random number, skt=ytag,ytagIt is a random element Number, ytag1,ytag2,.....,ytagnIt is and ytagRelatively prime prime number, and find a random number s so thatE is a prime number.In label public key pkt=(gx,ux) in, if G is a group, if existing in G , for belonging to any x in G, there is integer k, make x=g in one element gk, then G is called the cyclic group of G generations, and g is group's Generation member.
If there is minimum positive integer n so that e=gn, n is called generation element orders.G1,G2All it is circulation multiplicative group.G, u points Wei not G1,G2Generation member.
S402, execution file encryption sub-step TagGen → T:The label of each data block is designated as after file F piecemealsti∈Zp, total label is designated as T={ ti}i∈[1,n];Label after generation is attached to pair by data subscriber terminal 100 Data blinding is realized in the data block answered, m ' is designated asi=mi+ti
S403, execution data send sub-step:Data subscriber terminal 100 sends encryption data to Cloud Server 200, institute State encryption data of the encryption data including file, encrypt the abstracted information of file and the authentication information of tape label.The file Encryption data is F '={ mi′}i∈[1,n], the authentication information of the tape label isWherein Ri=FID | | i, FID believe for the mark of identification file Breath, " | | " indicate for series connection.Wherein, H (skh,Ri) it is hash function, skhAnd RiIt is the input parameter of the hash function.This File is encrypted in invention or decrypt the abstracted information of file for the title of file, the number n of file block, the number of label and The classification of user terminal.Due to setting up a label to every block number evidence in the present invention, so the number of label and file point herein The number of block is equal, is also n.
Then, storage audit steps is performed in step S404-S407, is specifically included:
S404, execution request send sub-step:Data subscriber terminal 100 is after data storing steps are performed by audit request It is sent to auditing by third party 300, it is preferable that abstracted information and label public key pk containing encryption file in the audit requestt
S405, execution initiate challenge sub-stepThe definition challenge of auditing by third party 300And Initiate to challenge to Cloud Server 200;Wherein, viThe random number produced for each piece of correspondence of encryption data, Q=pkt qIt is one to choose War collection, q ∈ ZpIt is a random number.Another innovation of the present invention is the generation method for optimizing challenge herein, this Invent challenge composition it is different, and generate in the input of challenge contain label public key.Traditional Q is taken after file block The label for going out partial data constitutes challenge collection, and the challenge collection that uses of the present invention is to go out all tag extractions after file block Come, the challenge collection being made up of all labels, the calculating adds complexity to a certain extent, improves the safety of data transfer Property, it is to avoid because key is parsed easily and causes data to be trapped.On the other hand, the computation complexity of the challenge will not mistake Height, to ensure operand in rational scope.
S406, execution prove sub-step Proof → P:Cloud Server 200 is received after the challenge, and this challenge is done Go out response, generation is corresponding to prove that P=(ρ, ω, ε, τ) returns to the auditing by third party;Wherein, authentication informationρiSmart-tag authentication information is gone for each piece in the encryption data:
S407, checking sub-step Verify → ν (0/1), auditing by third party 300 receive the corresponding of the return of Cloud Server 200 The correctness of audit certification is verified after proof by below equation, corresponding the result is obtained:
If the equation set up, judge be stored in Cloud Server 200 data be it is complete, it is otherwise imperfect.
The result that data subscriber terminal 100 is returned according to Cloud Server 200 chooses whether to delete local data.
When the external world needs to extract the outer bag data of Cloud Server 200, it is desirable to have the key of encryption data could obtain outer Bag data, now in two kinds of situation, i.e. data user's extraction step and authorized user's extraction step, correspond to respectively local user and The situation that non-local user extracts.
When local data subscriber terminal 100 needs to extract data to Cloud Server 200, in step S408-S409 Data user's extraction step is performed, is specifically included:
S408, sent from data subscriber terminal 100 to Cloud Server 200 and extract request of data and the encryption key Also contain foregoing encryption key in number of times t, the extraction request of data.
S409, Cloud Server 200 are decrypted after data are decrypted using the encryption key after receiving the request Data, and ciphertext data is returned into data subscriber terminal 100, while the number of times t for storing the encryption key is standby.Traditional In cloud storage data method data encryption and decryption be to be completed by user terminal, and in the present invention data decryption oprerations Completed, because the computing capability of Cloud Server 200 is much larger than user terminal, can largely subtracted by Cloud Server 200 The amount of calculation of light user terminal.
Then, performed in step S410-S411 and extract audit steps, specifically included:
S410, by data subscriber terminal 100 after receiving and deciphering data by decrypt file abstracted information be sent to the 3rd Side's audit 300.
S411, auditing by third party 300 judge and initial data user terminal according to the abstracted information of the decryption file of reception Whether the abstracted information of the encryption file sent during 100 encryption is equal, is to send the checking information without re-encrypted to number According to user terminal 100, otherwise transmission needs the checking information of re-encrypted to data subscriber terminal 100.Auditing by third party 300 is led Will be by the classification of user terminal in abstracted information, such as No. id, to judge whether the user of the transmission abstracted information is local Data subscriber terminal 100.If data subscriber terminal 100, then abstracted information is necessarily equal, and auditing by third party 300 is returned The checking information extract=0 of one extraction.When data subscriber terminal 100 receives extract=0, keep constant.
When authorized user's terminal 400 non-indigenous needs to extract data to Cloud Server 200, in step S412-S415 Middle execution authorized user's extraction step, is specifically included:
When S412, authorized user's terminal 400 need to obtain outer bag data, it is necessary first to sent to data subscriber terminal 100 Authorization requests.
S413, data subscriber terminal 100 confirm the identity of authorized user terminal 400 after authorization requests are received, when giving During mandate, the number of times t of the encryption key of the original encryption file used in data storing steps is encrypted and obtains encryption and awards Power request label t_sign, and encryption authorization request label t_sign is returned into authorized user's terminal 400.Preferably, data User terminal 100 can use label key sktNumber of times t is encrypted and obtains encryption authorization request label t_sign.The number Encryption key is also sent to authorized user's terminal 400 in the lump according to user terminal 100.
S414, authorized user's terminal 400 are sent to Cloud Server 200 extracts request of data and encryption authorization request Label t_sign.The encryption sent in the extraction request of data that authorized user's terminal 400 is sent containing data subscriber terminal 100 Key.
S415, the encryption authorization request label t_sign of 200 pairs of receptions of Cloud Server obtain number of times t ' after being decrypted, and Judge whether number of times t ' is equal with the number of times t prestored, the encryption key sent if equal using authorized user's terminal 400 The outer bag data of decryption, then returns to authorized user's terminal 400 by ciphertext data.If the number of times t ' and number of times t prestored It is unequal, then do not understand ciphertext data.
Finally, performed in step S416-S417 and extract audit steps, specifically included:
S416, by authorized user's terminal 400 after receiving and deciphering data by decrypt file abstracted information be sent to the 3rd Side's audit 300.
S417, auditing by third party 300 judge and initial data user terminal according to the abstracted information of the decryption file of reception Whether the abstracted information of the encryption file sent during 100 encryption is equal, is to send the checking information without re-encrypted to number According to user terminal 100, otherwise transmission needs the checking information of re-encrypted to data subscriber terminal 100.If authorized user The abstracted information for the decryption file that terminal 400 is sent, because the classification of user terminal is different, then the abstracted information it is inevitable with it is original The abstracted information of encryption file is differed, and auditing by third party 300 returns to the checking information extract=1 of an extraction.Data are used When family terminal 100 receives extract=1, original file data is encrypted regenerating key.Therefore, the present invention fills Point ground considers the security requirement of local user and non-local user, when being that local data subscriber terminal 100 extracts cloud and taken During the encryption data of business device 200, keep and the encryption data of Cloud Server is constant;When being authorized user's terminal 400 non-indigenous When extracting the encryption data of Cloud Server 200, local data subscriber terminal 100 can regenerate new encryption key to data It is encrypted, then will adds its storage beyond the clouds.
Invention accordingly provides a kind of data access arrangement based on Cloud Server, the data access arrangement is at least wrapped Include Cloud Server 200, data subscriber terminal 100 and authorized user's terminal 400.
Wherein, data subscriber terminal 100 is used to generate encryption key, and file block is encrypted using the encryption key Cloud Server 200 is arrived into encryption data storage afterwards;The data subscriber terminal 100 is additionally operable to when extracting data to Cloud Server 200 send the number of times t for extracting request of data and the encryption key, and receive the decryption number that the Cloud Server 200 is returned According to;The data subscriber terminal 100 is additionally operable to when receiving the authorization requests that data subscriber terminal 100 is sent to encryption key Number of times t be encrypted after obtain encryption authorization request label t_sign after return to authorized user's terminal 400.
Authorized user's terminal 400 is used to send authorization requests to data subscriber terminal 100 and the encryption authorization is asked Label t_sign.
Cloud Server 200 is used to store the encryption data that the data subscriber terminal 100 is sent.Cloud Server 200 is also used Ciphertext data is returned in after the extraction request of data and the number of times t of the encryption key for receiving the transmission of data subscriber terminal 100 Return data subscriber terminal 100.Cloud Server 200 is additionally operable to receiving the extraction request of data that authorized user's terminal 400 is sent Ask to obtain number of times t ' after being decrypted after label t_sign with encryption authorization, will when judging that t ' is equal with the number of times t stored Ciphertext data returns to authorized user's terminal 400, does not otherwise understand ciphertext data.
In preferred embodiment of the invention, the data access arrangement based on Cloud Server also includes auditing by third party 300.The present invention also accordingly provides a kind of auditing by third party 300.Referring to Fig. 5, being according to the preferred embodiment of the present invention The functional block diagram of tripartite's audit.As shown in figure 5, the auditing by third party 300 includes storage Audit Module 310 and/or extracted to examine Count module 320.
Wherein storage Audit Module 310 is used to be carried to after the data storage of Cloud Server 200 according to data subscriber terminal 100 The abstracted information of the encryption file of confession initiates to challenge to the Cloud Server 200, and the challenge returned according to Cloud Server 200 Corresponding checking be stored in Cloud Server 200 data it is whether complete, and the result is fed back into data subscriber terminal 100。
Storage Audit Module 310 may further include initiation challenge unit and authentication unit.Wherein initiate challenge unit For defining challengeAnd initiate to challenge to Cloud Server 200;Wherein, viFor each piece of encryption data The random number that correspondence is produced, Q=pkt qIt is a challenge collection, q ∈ ZpIt is a random number.Authentication unit is used for described Auditing by third party 300 is received after the corresponding proof that Cloud Server 200 is returned by formulaVerify audit certification correctness, if the equation into It is vertical, then judge the data for being stored in Cloud Server 200 be it is complete, it is otherwise imperfect.
Extracting Audit Module 320 is used to receive the data subscriber terminal 100 or authorized user's terminal 400 in reception solution The abstracted information of the decryption file sent after ciphertext data, and judged and initial data according to the abstracted information of the decryption file of reception Whether the abstracted information for the encryption file that user terminal 100 is sent when encrypting is equal, is to send the checking without re-encrypted Information gives the data subscriber terminal 100, and otherwise transmission needs the checking information of re-encrypted to the data subscriber terminal 100。
Referring to Fig. 6, being the functional block diagram of the data subscriber terminal according to the preferred embodiment of the present invention.Also phase of the invention The data subscriber terminal 100 should be provided.As shown in fig. 6, the data subscriber terminal 100 includes key production module 110, file Encrypting module 120 and communication module 130.
Wherein key production module 110 is used to file F being divided into n data block, is designated as mi∈Zp, i ∈ I, I=[1, n]; Key production module 110 generates encryption key, and the encryption key includes the encryption key key_cml of file, and file point The label key sk of each data block after blockt, Hash key skhWith label public key pkt=(gx,ux);Wherein, x ∈ ZpFor with Machine number, skt=ytag,ytagIt is a random prime numbers, ytag1,ytag2,.....,ytagnIt is and ytagRelatively prime prime number, and find one Individual random number s so thatE is a prime number.
File encryption module 120 is used to the label of each data block after file F piecemeals being designated asti∈Zp, Total label is designated as T={ ti}i∈[1,n];And the label after generation is attached in corresponding data block realizes data blinding, remember For mi'=mi+ti
Communication module 130 is used to send encryption data to Cloud Server 200, and the encryption data includes the encryption of file The authentication information of data, the abstracted information for encrypting file and tape label;The encryption data of the file is F '={ mi′}i∈[1,n], The authentication information of the tape label isWherein Ri=FID | | i, FID are The identification information of file is recognized, " | | " indicate for series connection;The communication module 130 is additionally operable to audit request being sent to third party Abstracted information and label public key pk containing encryption file in audit 300, the audit requestt
Referring to Fig. 7, being the functional block diagram of the Cloud Server according to the preferred embodiment of the present invention.The present invention is also accordingly carried The Cloud Server 200 is supplied.As shown in fig. 7, the Cloud Server 200 includes memory module 210, proves module 220 and decryption mould Block 230.
Wherein, memory module 210 is used to store the encryption data that the data subscriber terminal 100 is sent.
Prove module 220 be used to receiving generated after the challenge of the transmission of auditing by third party 300 it is corresponding prove P=(ρ, ω, ε, τ) return to the auditing by third party 300;Wherein, authentication informationρiFor each piece in the encryption data Go smart-tag authentication information,
Deciphering module 230 is used for the extraction request of data and the encryption key for receiving the transmission of data subscriber terminal 100 Number of times t after ciphertext data is returned into authorized user;The deciphering module 230 is additionally operable to receiving authorized user's terminal 400 Number of times t ' is obtained after being decrypted after extraction request of data and encryption authorization request the label t_sign of transmission, is judging t ' with depositing Ciphertext data is returned into authorized user's terminal 400 when the t of storage is equal, ciphertext data is not otherwise understood.
The present invention further correspondingly provides above-mentioned authorized user's terminal 400, for sending authorization requests and data subscriber terminal 100, and the encryption authorization that data subscriber terminal 100 is returned asks transmission extraction data after label t_sign and encryption key to be asked Ask to Cloud Server 200, and receive the ciphertext data of the return of Cloud Server 200.
In summary, the present invention adds an entity i.e. authorized user's terminal 400, and authorized user's terminal 400 will be obtained The local data of Cloud Server 200, it is necessary to actively ask to authorize to local data subscriber terminal 100, authorized through local user After could send acquisition request data to Cloud Server 200.For security reasons, when being local data subscriber terminal During the encryption data of 100 extraction Cloud Servers 200, keep and the encryption data of Cloud Server 200 is constant;When being that authorized user is whole When the encryption data of Cloud Server 200 is extracted at end 400, local data subscriber terminal 100 regenerates new data key It is encrypted, then it will be added to be stored in Cloud Server 200.
It should be appreciated that, the principle and implementation process of data access method and system of the invention based on Cloud Server It is identical, therefore the elaborating for embodiment of the data access method based on Cloud Server is also applied for based on Cloud Server Data access arrangement.
Finally it should be noted that:The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although The present invention is described in detail with reference to the foregoing embodiments, it will be understood by those within the art that:It still may be used To be modified to the technical scheme described in foregoing embodiments, or equivalent substitution is carried out to which part technical characteristic; And these modification or replace, do not make appropriate technical solution essence depart from various embodiments of the present invention technical scheme spirit and Scope.

Claims (8)

1. a kind of data access method with audit function based on Cloud Server, it is characterised in that including:
Data storing steps:Data subscriber terminal generate encryption key, and using the encryption key to file block encrypt after Cloud Server is arrived into encryption data storage;
Data user's extraction step:The data subscriber terminal sends extraction request of data to Cloud Server and the encryption is close Ciphertext data is returned to data subscriber terminal by the number of times t of key, the Cloud Server;
Authorized user's extraction step:Authorized user's terminal sends authorization requests to the data subscriber terminal;The data user The number of times t of terminal-pair encryption key, which is encrypted, to be obtained returning to authorized user's end after encryption authorization request label t_sign End;Authorized user's terminal is sent to Cloud Server extracts request of data and encryption authorization request label t_sign, Cloud Server obtains number of times t ' after the encryption authorization request label t_sign of reception is decrypted, and is judging t ' and time of storage Ciphertext data is returned to authorized user's terminal by number t when equal, does not otherwise understand ciphertext data;
Store audit steps:The data subscriber terminal to after Cloud Server data storage by the abstract letter of the encryption file Breath is sent to auditing by third party, and the auditing by third party is initiated according to the abstracted information of the encryption file to the Cloud Server Challenge, and the challenge returned according to Cloud Server corresponding checking be stored in Cloud Server data it is whether complete, and The result is fed back into the data subscriber terminal;
The storage audit steps includes:
Request sends sub-step:Audit request is sent to third party after data storing steps are performed and examined by data subscriber terminal Abstracted information and label public key pk containing encryption file in meter, the audit requestt=(gx,ux);
Initiate challenge sub-step:Auditing by third party definition challengeAnd initiate to challenge to Cloud Server;Wherein, vi The random number produced for each piece of correspondence of encryption data, Q=pkt qIt is a challenge collection, q ∈ ZpIt is a random number;
Prove sub-step:The corresponding proof P=(ρ, ω, ε, τ) of generation returns to described after being challenged described in the cloud server Auditing by third party;Wherein, authentication informationρiSmart-tag authentication information is gone for each piece in the encryption data, Whereinti∈Zp;mi∈ Zp, it is the n data block that file F is divided into, i ∈ I, I=[1, n];Hash key skt=ytag,ytagIt is a random prime numbers, ytag1,ytag2,.....,ytagnIt is and ytagRelatively prime prime number, and find a random number s so thatE is One prime number;
Verify sub-step:The auditing by third party is received after the corresponding proof that Cloud Server is returned by formulaThe correctness of audit certification is verified, wherein, Ri=FID | | i, FID To recognize the identification information of file, " | | " indicate for series connection;If the equation is set up, judge that the data for being stored in Cloud Server are Complete, it is otherwise imperfect.
2. the data access method with audit function according to claim 1 based on Cloud Server, it is characterised in that Methods described also includes:
Extract audit steps:The data subscriber terminal or authorized user's terminal will decrypt file after receiving and deciphering data Abstracted information is sent to auditing by third party, the auditing by third party according to the abstracted information of the decryption file of reception judge with it is original Whether the abstracted information for the encryption file that data subscriber terminal is sent when encrypting is equal, is to send the checking without re-encrypted Information gives the data subscriber terminal, and otherwise transmission needs the checking information of re-encrypted to the data subscriber terminal.
3. the data access method with audit function according to claim 2 based on Cloud Server, it is characterised in that The data storing steps include:
Key generates sub-step:File F is divided into n data block, m is designated asi∈Zp, i ∈ I, I=[1, n];Generate encryption key, The encryption key includes the encryption key key_cml of file, and after file block each data block label key skt, Hash key skhWith label public key pkt=(gx,ux);Wherein, x ∈ ZpFor random number, skt=ytag,ytagIt is one random Prime number, ytag1,ytag2,.....,ytagnIt is and ytagRelatively prime prime number, and find a random number s so thatE is a prime number;
File encryption sub-step:The label of each data block is designated as after file F piecemealsti∈Zp, total label note For T={ ti}i∈[1,n];Label after generation is attached in corresponding data block and realizes data blinding, m is designated asi'=mi+ti
Data send sub-step:Encryption data is sent to Cloud Server, the encryption data includes the encryption data of file, added The abstracted information of ciphertext part and the authentication information of tape label;The encryption data of the file is F '={ mi′}i∈[1,n], the band The authentication information of label isWherein Ri=FID | | i, FID are identification text The identification information of part, " | | " indicate for series connection.
4. the data access method with audit function according to claim 3 based on Cloud Server, it is characterised in that Judged in the extraction audit steps by the classification of user terminal in abstracted information the transmission abstracted information user whether It is the checking information extract=0 for then returning to an extraction, otherwise to data subscriber terminal for local data subscriber terminal Send extract=1;When data subscriber terminal receives extract=0, keep constant, data subscriber terminal receives extract When=1, original file data is encrypted regenerating key.
5. a kind of data access arrangement with audit function based on Cloud Server, it is characterised in that at least including cloud service Device, data subscriber terminal and authorized user's terminal;
The data subscriber terminal is used to generate encryption key, and using the encryption key to that will be encrypted after file block encryption Data Cun Chudao Cloud Servers;The data subscriber terminal is additionally operable to please to Cloud Server transmission extraction data when extracting data Ask and the encryption key number of times t, and receive the ciphertext data that the Cloud Server is returned;The data subscriber terminal is also Awarded for obtaining encryption after the number of times t of encryption key is encrypted when receiving the authorization requests that data subscriber terminal is sent Authorized user's terminal is returned to after power request label t_sign;
Authorized user's terminal is used to send authorization requests to the data subscriber terminal and encryption authorization request is marked Sign t_sign;
The Cloud Server is used to store the encryption data that the data subscriber terminal is sent;The Cloud Server is additionally operable to receive Ciphertext data is returned into data after extraction request of data and the number of times t of the encryption key that data subscriber terminal is sent to use Family terminal;The Cloud Server is additionally operable to receiving extraction request of data and the encryption authorization request mark that authorized user's terminal is sent Number of times t ' is obtained after being decrypted after label t_sign, ciphertext data is returned to when judging that t ' is equal with the number of times t stored and awarded User terminal is weighed, ciphertext data is not otherwise understood;
The system also includes auditing by third party, and the auditing by third party includes:
Store Audit Module, for according to data subscriber terminal in taking out to the encryption file provided after Cloud Server data storage Image information initiates to challenge to the Cloud Server, and the corresponding checking of the challenge returned according to Cloud Server is stored in cloud Whether the data of server are complete, and the result is fed back into data subscriber terminal;And/or
Audit Module is extracted, is sent for receiving the data subscriber terminal or authorized user's terminal after receiving and deciphering data Decryption file abstracted information, and according to reception decryption file abstracted information judge with initial data user terminal encrypt When send encryption file abstracted information it is whether equal, be to send to use to the data without the checking information of re-encrypted Family terminal, otherwise transmission needs the checking information of re-encrypted to the data subscriber terminal;
The storage Audit Module includes:
Challenge unit is initiated, for defining challengeAnd initiate to challenge to Cloud Server;Wherein, viFor encryption number The random number produced according to each piece of correspondence, Q=pkt qIt is a challenge collection, q ∈ ZpIt is a random number;Label public key pkt= (gx,ux);
By formula after authentication unit, the corresponding proof for receiving Cloud Server return in the auditing by third partyVerify the correctness of audit certification, Ri=FID | | i, FID are identification The identification information of file, " | | " indicate for series connection;If the equation is set up, the data for judging to be stored in Cloud Server are complete , it is otherwise imperfect;
The Cloud Server includes:
Module is proved, corresponding proof P=(ρ, ω, ε, τ) is generated after the challenge for receiving auditing by third party transmission and is returned To the auditing by third party;Wherein, authentication informationρiLabel is gone to recognize for each piece in the encryption data Demonstrate,prove information, Wherein ti∈Zp;mi∈Zp, it is the n data block that file F is divided into, i ∈ I, I=[1, n];Hash key skt=ytag,ytagBe one with Machine prime number, ytag1,ytag2,.....,ytagnIt is and ytagRelatively prime prime number, and find a random number s so thatE is a prime number.
6. the data access arrangement with audit function according to claim 5 based on Cloud Server, it is characterised in that The data subscriber terminal includes:
Key production module, for file F to be divided into n data block, is designated as mi∈Zp, i ∈ I, I=[1, n];Generation encryption is close Key, the encryption key includes the encryption key key_cml of file, and after file block each data block label key skt, Hash key skhWith label public key pkt=(gx,ux);Wherein, x ∈ ZpFor random number, skt=ytag,ytagIt is one random Prime number, ytag1,ytag2,.....,ytagnIt is and ytagRelatively prime prime number, and find a random number s so thatE is a prime number;
File encryption module, for the label of each data block after file F piecemeals to be designated asti∈Zp, total mark Label are designated as T={ ti}i∈[1,n];Label after generation is attached in corresponding data block and realizes data blinding, m is designated asi'=mi+ ti
Communication module, for encryption data to be sent to Cloud Server, the encryption data includes the encryption data of file, encryption The abstracted information of file and the authentication information of tape label;The encryption data of the file is F '={ mi′}i∈[1,n], the band mark The authentication information of label isWherein Ri=FID | | i, FID are identification file Identification information, " | | " indicate for series connection;The communication module is additionally operable to audit request being sent to auditing by third party, and the audit please Abstracted information and label public key pk containing encryption file in askingt
7. the data access arrangement with audit function according to claim 5 based on Cloud Server, it is characterised in that The Cloud Server also includes:
Memory module, for storing the encryption data that the data subscriber terminal is sent;
Deciphering module, for receiving after the extraction request of data of data subscriber terminal transmission and the number of times t of the encryption key Ciphertext data is returned into authorized user;The deciphering module is additionally operable to please in the extraction data for receiving the transmission of authorized user's terminal Number of times t ' is obtained after being decrypted after summation encryption authorization request label t_sign, will solution when judging that t ' is equal with the t stored Ciphertext data returns to authorized user's terminal, does not otherwise understand ciphertext data.
8. the data access arrangement with audit function according to claim 5 based on Cloud Server, it is characterised in that Judged in the extraction Audit Module by the classification of user terminal in abstracted information the transmission abstracted information user whether It is the checking information extract=0 for then returning to an extraction, otherwise to data subscriber terminal for local data subscriber terminal Send extract=1;When data subscriber terminal receives extract=0, keep constant, data subscriber terminal receives extract When=1, original file data is encrypted regenerating key.
CN201710500371.XA 2017-02-24 2017-02-24 A kind of data access method and system with audit function based on Cloud Server Active CN107197037B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710500371.XA CN107197037B (en) 2017-02-24 2017-02-24 A kind of data access method and system with audit function based on Cloud Server

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710500371.XA CN107197037B (en) 2017-02-24 2017-02-24 A kind of data access method and system with audit function based on Cloud Server
CN201710105793.7A CN106713508B (en) 2017-02-24 2017-02-24 A kind of data access method and system based on Cloud Server

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201710105793.7A Division CN106713508B (en) 2017-02-24 2017-02-24 A kind of data access method and system based on Cloud Server

Publications (2)

Publication Number Publication Date
CN107197037A true CN107197037A (en) 2017-09-22
CN107197037B CN107197037B (en) 2018-02-02

Family

ID=58917630

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201710500371.XA Active CN107197037B (en) 2017-02-24 2017-02-24 A kind of data access method and system with audit function based on Cloud Server
CN201710105793.7A Active CN106713508B (en) 2017-02-24 2017-02-24 A kind of data access method and system based on Cloud Server

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201710105793.7A Active CN106713508B (en) 2017-02-24 2017-02-24 A kind of data access method and system based on Cloud Server

Country Status (1)

Country Link
CN (2) CN107197037B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108549796A (en) * 2018-04-25 2018-09-18 中国科学技术大学 The method for the power that passed into silence by digital watermark technology protection user
CN110071902A (en) * 2018-01-23 2019-07-30 深圳前海小鸟云计算有限公司 A kind of grading authorized safety management system of privately owned centralization of Cloud Server
CN111710404A (en) * 2020-05-31 2020-09-25 南京麦澜德医疗科技有限公司 Method for authorizing and using equipment
CN112307493A (en) * 2020-10-15 2021-02-02 上海东方投资监理有限公司 Project settlement data submission method, system, terminal equipment and storage medium

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107197037B (en) * 2017-02-24 2018-02-02 重庆第二师范学院 A kind of data access method and system with audit function based on Cloud Server
CN107423637B (en) * 2017-07-31 2020-07-31 南京理工大学 Integrity auditing method supporting traceability of electronic medical record data on cloud
CN109525388B (en) * 2017-09-19 2022-07-15 中兴通讯股份有限公司 Combined encryption method and system with separated keys
CN108269610A (en) * 2018-01-18 2018-07-10 成都博睿德科技有限公司 Data reliability verifying method based on cloud computing
CN108259606B (en) * 2018-01-18 2021-05-18 成都四象联创科技有限公司 Cloud computing public cloud file storage and retrieval method
CN108197496A (en) * 2018-01-18 2018-06-22 成都博睿德科技有限公司 Data safety Enhancement Method under cloud computing environment
CN110401613B (en) * 2018-04-24 2023-01-17 北京握奇智能科技有限公司 Authentication management method and related equipment
CN110351276B (en) * 2019-07-12 2021-11-23 全链通有限公司 Data processing method, device and computer readable storage medium
CN112149076B (en) * 2020-10-10 2021-07-06 上海威固信息技术股份有限公司 Safe computer storage system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102045356A (en) * 2010-12-14 2011-05-04 中国科学院软件研究所 Cloud-storage-oriented trusted storage verification method and system
CN102693398A (en) * 2012-05-09 2012-09-26 深圳大学 Data encryption method and system
CN103414682A (en) * 2013-04-07 2013-11-27 深圳大学 Method for cloud storage of data and system
US9262643B2 (en) * 2010-02-22 2016-02-16 Sookasa Inc. Encrypting files within a cloud computing environment
CN106713508A (en) * 2017-02-24 2017-05-24 重庆第二师范学院 Data access method and system based on cloud server

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102624708A (en) * 2012-02-23 2012-08-01 浙江工商大学 Efficient data encryption, updating and access control method for cloud storage

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9262643B2 (en) * 2010-02-22 2016-02-16 Sookasa Inc. Encrypting files within a cloud computing environment
CN102045356A (en) * 2010-12-14 2011-05-04 中国科学院软件研究所 Cloud-storage-oriented trusted storage verification method and system
CN102693398A (en) * 2012-05-09 2012-09-26 深圳大学 Data encryption method and system
CN103414682A (en) * 2013-04-07 2013-11-27 深圳大学 Method for cloud storage of data and system
CN106713508A (en) * 2017-02-24 2017-05-24 重庆第二师范学院 Data access method and system based on cloud server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WEI PENGCHENG EAT: "A New Key Exchange Scheme Based on Permutation", 《2009 INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND SOFTWARE ENGINEERING IEEE》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110071902A (en) * 2018-01-23 2019-07-30 深圳前海小鸟云计算有限公司 A kind of grading authorized safety management system of privately owned centralization of Cloud Server
CN108549796A (en) * 2018-04-25 2018-09-18 中国科学技术大学 The method for the power that passed into silence by digital watermark technology protection user
CN108549796B (en) * 2018-04-25 2020-08-25 中国科学技术大学 Method for protecting user's forgetting right by digital watermark technology
CN111710404A (en) * 2020-05-31 2020-09-25 南京麦澜德医疗科技有限公司 Method for authorizing and using equipment
CN111710404B (en) * 2020-05-31 2024-01-23 南京麦澜德医疗科技股份有限公司 Equipment authorization using method
CN112307493A (en) * 2020-10-15 2021-02-02 上海东方投资监理有限公司 Project settlement data submission method, system, terminal equipment and storage medium
CN112307493B (en) * 2020-10-15 2024-02-09 上海东方投资监理有限公司 Project settlement data review sending method, system, terminal equipment and storage medium

Also Published As

Publication number Publication date
CN107197037B (en) 2018-02-02
CN106713508B (en) 2017-09-19
CN106713508A (en) 2017-05-24

Similar Documents

Publication Publication Date Title
CN106713508B (en) A kind of data access method and system based on Cloud Server
CN105553951B (en) Data transmission method and device
CN107864139B (en) Cryptographic attribute base access control method and system based on dynamic rules
CN103107995B (en) A kind of cloud computing environment date safety storing system and method
Rezaeighaleh et al. New secure approach to backup cryptocurrency wallets
CN109902494A (en) Data encryption storage method, device and document storage system
US20230254122A1 (en) Secret material exchange and authentication cryptography operations
CN108347419A (en) Data transmission method and device
CN104322003B (en) Cryptographic authentication and identification method using real-time encryption
CN107659397A (en) A kind of sensitive information transmission method and system
CN104967693B (en) Towards the Documents Similarity computational methods based on full homomorphism cryptographic technique of cloud storage
CN109194523A (en) The multi-party diagnostic model fusion method and system, cloud server of secret protection
CN108521393A (en) Data interactive method, device, system, computer equipment and storage medium
CN107918731A (en) Method and apparatus for controlling the authority to access to open interface
CN107276752A (en) The methods, devices and systems that limitation key is decrypted are paid to cloud
CN106059760B (en) A kind of cryptographic system from user terminal crypto module calling system private key
CN109600224A (en) A kind of SM2 key generation, endorsement method, terminal, server and storage medium
CN109543434A (en) Block chain information encryption method, decryption method, storage method and device
CN107332660A (en) A kind of Novel movable data encryption security system
CN107690079A (en) Privacy of user guard method in live platform
Gupta et al. A Review on Cryptography based Data Security Techniques for the Cloud Computing
CN101997835A (en) Network security communication method, data security processing device and system for finance
CN113779594B (en) Block chain-based data distribution sharing method and system
CN104734847A (en) Shared symmetric key data encrypting and decrypting method for public key cryptography application
CN107465508A (en) A kind of method, system and the equipment of software and hardware combining construction true random number

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant