CN107197037B - A kind of data access method and system with audit function based on Cloud Server - Google Patents

A kind of data access method and system with audit function based on Cloud Server Download PDF

Info

Publication number
CN107197037B
CN107197037B CN201710500371.XA CN201710500371A CN107197037B CN 107197037 B CN107197037 B CN 107197037B CN 201710500371 A CN201710500371 A CN 201710500371A CN 107197037 B CN107197037 B CN 107197037B
Authority
CN
China
Prior art keywords
data
encryption
cloud server
file
subscriber terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710500371.XA
Other languages
Chinese (zh)
Other versions
CN107197037A (en
Inventor
韦鹏程
雷烈
李莉
尹胜
吴迎莹
周震
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Education
Original Assignee
Chongqing University of Education
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Education filed Critical Chongqing University of Education
Priority to CN201710500371.XA priority Critical patent/CN107197037B/en
Publication of CN107197037A publication Critical patent/CN107197037A/en
Application granted granted Critical
Publication of CN107197037B publication Critical patent/CN107197037B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of data access method and system with audit function based on Cloud Server, this method includes:Data subscriber terminal generates encryption key, and stores encryption data after being encrypted to file block and arrive Cloud Server;Data subscriber terminal sends the number t of extraction request of data and encryption key to Cloud Server, and ciphertext data is returned to data subscriber terminal by Cloud Server;Authorized user's terminal sends authorization requests to data subscriber terminal, data subscriber terminal is encrypted to return to authorized user's terminal after obtaining encryption authorization request label t_sign to the number t of encryption key, authorized user's terminal sends extraction request of data and t_sign to Cloud Server, number t ' is obtained after Cloud Server decryption, ciphertext data is returned into authorized user's terminal when judging that t ' is equal with number t, it is otherwise non-decrypting.The identity of authorized user's terminal is verified the invention provides the data extraction scheme of authorized user's terminal, and using the number of encryption key, improves the security of data access method.

Description

A kind of data access method and system with audit function based on Cloud Server
The application is the divisional application of entitled " a kind of data access method and system based on Cloud Server ", former The applying date of application is 2017.2.24, Application No. 201710105793.7.
Technical field
The present invention relates to encryption technology field, more particularly to a kind of data with audit function based on Cloud Server to deposit Take method and system.
Background technology
Cloud storage is an important equipment in cloud computing, and it allows data user to transfer their local data to Cloud Server, and local user can delete the data after it ensure that Cloud Server have properly stored local data.Number According to user may concern of data either with or without the risk lost in Cloud Server because no matter the reliability of Cloud Server has More high, it has by the possibility of outside world, and sometimes even Cloud Server is it could also be possible that malice cloud, i.e., one evil Meaning cloud, when its processing data, audit query is all transparent to it, and therefore, the malice cloud knows whether user have received Checking information, the data that now malice cloud can forges that audit information allows user to take for storing are correct.Sum it up, On the one hand cloud storage technology saves memory space for data user, the data on the other hand stating to be contracted out to Cloud Server are Correctly stored.
Traditional cloud storage, the integrality that user detects data are to store audit agreement based on two sides.However, taken in cloud Business device end or user terminal produce audit query be all it is inappropriate because both of which cannot be guaranteed to provide it is just Auditing result.In this case, audited in cloud storage using tripartite just into an optimal selection.One good three Side's audit be by it audit efficiency and whether can guarantee that Cloud Server and data user are correctly interacted to weigh.
Audited for tripartite, there are many people to put forward correlation theory, summed up may be summarized to be at 3 points:1) protect Close property, that is, agreement of auditing should be ensured that user data is audited to tripartite and maintain secrecy;2) dynamic auditing, that is, agreement of auditing should support number Updated according to dynamic beyond the clouds;3) batch is audited, that is, agreement of auditing supports that allow the more Cloud Servers of multi-user to carry out batch examines Meter.Tripartite's audit model is as shown in Figure 1:
Including three entities, i.e. data subscriber terminal 100, Cloud Server 200 and auditing by third party 300.Local Data subscriber terminal 100 is used for generating data and its data storage is stored into user's in Cloud Server 200, Cloud Server 200 Data are simultaneously available for user to extract data at any time, and auditing by third party 300 can be that data subscriber terminal 100 and Cloud Server 200 provide Data storage auditing service, such as can be in data subscriber terminal 100 to after the data storage of Cloud Server 200, to Cloud Server 200 Challenge is initiated, and receives the proof of the return of Cloud Server 200, to verify that data subscriber terminal 100 is contracted out to Cloud Server 200 Whether data keep complete.Because if the data that Cloud Server 200 preserves are imperfect, it is also just nonsensical that user extracts data again ;The entity independent as one of auditing by third party 300 is used simultaneously, the pressure of Cloud Server 200 can also be mitigated.
It is not that only local user extracts the outer bag data of Cloud Server 200 however, in practical operation, it is non-local User can also extract the outer bag data due to being actually needed, and lack the safety that data are extracted to non-local user in the prior art Effective scheme.
The content of the invention
The technical problem to be solved in the present invention is to extract the safety of data to non-local user for lacking in the prior art The defects of effective scheme, there is provided a kind of data access method and system based on Cloud Server, pass through the number to encryption key Verified and extract data-selected scheme to provide authorized user non-indigenous.
In order to solve the above-mentioned technical problem, the present invention adopts the following technical scheme that:
First aspect present invention, there is provided a kind of data access method based on Cloud Server, including:
Data storing steps:Data subscriber terminal generates encryption key, and file block is added using the encryption key Cloud Server is arrived into encryption data storage after close;
Data user's extraction step:The data subscriber terminal to Cloud Server send extraction request of data and it is described plus Ciphertext data is returned to data subscriber terminal by the number t of key, the Cloud Server;
Authorized user's extraction step:Authorized user's terminal sends authorization requests to the data subscriber terminal;The data The number t of encryption key is encrypted to return to the mandate use after obtaining encryption authorization request label t_sign for user terminal Family terminal;Authorized user's terminal sends extraction request of data to Cloud Server and the encryption authorization asks label t_ Sign, Cloud Server obtain number t ' after the encryption authorization request label t_sign of reception is decrypted, are judging t ' with depositing Ciphertext data is returned into authorized user's terminal when the number t of storage is equal, does not otherwise understand ciphertext data.
Preferably, methods described also includes:
Store audit steps:The data subscriber terminal is to taking out the encryption file after Cloud Server data storage Image information is sent to auditing by third party, and the auditing by third party is according to the abstracted information of the encryption file to the Cloud Server Initiate challenge, and according to Cloud Server return the challenge corresponding checking be stored in Cloud Server data it is whether complete It is whole, and the result is fed back into the data subscriber terminal.
Preferably, methods described also includes:
Extract audit steps:The data subscriber terminal or authorized user's terminal will solve ciphertext after receiving and deciphering data The abstracted information of part is sent to auditing by third party, the auditing by third party according to the abstracted information of the decryption file of reception judge with Whether the abstracted information for the encryption file that initial data user terminal is sent when encrypting is equal, is then to send without re-encrypted Checking information gives the data subscriber terminal, and otherwise transmission needs the checking information of re-encrypted to the data subscriber terminal.
Preferably, the data storing steps include:
Key generates sub-step:File F is divided into n data block, is designated as mi∈Zp, i ∈ I, I=[1, n];Generation encryption Key, the encryption key include the encryption key key_cml of file, and after file block each data block label it is close Key skt, Hash key skhWith label public key pkt=(gx,ux);Wherein, x ∈ ZpFor random number, skt=ytag,ytagBe one with Machine prime number, ytag1,ytag2,.....,ytagnIt is and ytagRelatively prime prime number, and find a random number s so thatE is a prime number;
File encryption sub-step:The label of each data block is designated as after file F piecemealsti∈Zp, total mark Label are designated as T={ ti}i∈[1,n];Label after generation is attached in corresponding data block and realizes data blinding, is designated as mi'=mi+ ti
Data send sub-step:Encryption data is sent to Cloud Server, the encryption data includes the encryption number of file According to, encryption file abstracted information and tape label authentication information;The encryption data of the file is F '={ mi′}i∈[1,n], institute The authentication information for stating tape label isWherein Ri=FID | | i, FID are identification text The identification information of part, " | | " indicate for series connection.
Preferably, the storage audit steps includes:
Request sends sub-step:Audit request is sent to third party by data subscriber terminal after data storing steps are performed Audit, abstracted information and label public key pk containing encryption file in the audit requestt
Initiate challenge sub-step:Auditing by third party definition challengeAnd initiate to challenge to Cloud Server;Its In, viFor random number, Q=pk caused by each piece of correspondence of encryption datat qIt is that a challenge collects, q ∈ ZpIt is a random number;
Prove sub-step:Corresponding proof P=(ρ, ω, ε, τ) is generated after challenge described in the cloud server to return to The auditing by third party;Wherein, authentication informationρiSmart-tag authentication is gone to believe for each piece in the encryption data Breath,
Verify sub-step:The auditing by third party passes through formula after receiving the corresponding proof of Cloud Server returnThe correctness of audit certification is verified, if the equation is set up, judgement is deposited Store up Cloud Server data be it is complete, it is otherwise imperfect.
Second aspect of the present invention, there is provided a kind of data access arrangement based on Cloud Server, including at least Cloud Server, Data subscriber terminal and authorized user's terminal;
The data subscriber terminal is used to generate encryption key, and uses the encryption key will after being encrypted to file block Cloud Server is arrived in encryption data storage;The data subscriber terminal is additionally operable to send extraction number to Cloud Server when extracting data According to request and the number t of the encryption key, and receive the ciphertext data that the Cloud Server is returned;The data user is whole End is additionally operable to be added after the number t of encryption key is encrypted when receiving the authorization requests that data subscriber terminal is sent Authorized user's terminal is returned to after close authorization requests label t_sign;
Authorized user's terminal is used to send authorization requests to the data subscriber terminal and the encryption authorization please Seek label t_sign;
The Cloud Server is used to store the encryption data that the data subscriber terminal is sent;The Cloud Server is additionally operable to Ciphertext data is returned into number after extraction request of data and the number t of the encryption key that reception data subscriber terminal is sent According to user terminal;The Cloud Server is additionally operable to please in the extraction request of data and encryption authorization for receiving the transmission of authorized user's terminal Ask and obtain number t ' after being decrypted after label t_sign, return ciphertext data when judging that t ' is equal with the number t stored Authorized user's terminal is given, does not otherwise understand ciphertext data.
Preferably, the system also includes auditing by third party, including:
Store Audit Module, for according to data subscriber terminal to the encryption file provided after Cloud Server data storage Abstracted information to the Cloud Server initiate challenge, and according to Cloud Server return the challenge corresponding checking store It is whether complete in the data of Cloud Server, and the result is fed back into data subscriber terminal;And/or
Audit Module is extracted, for receiving the data subscriber terminal or authorized user's terminal after receiving and deciphering data The abstracted information of the decryption file of transmission, and judged and initial data user terminal according to the abstracted information of the decryption file of reception Whether the abstracted information of the encryption file sent during encryption is equal, is then to send the checking information without re-encrypted to the number According to user terminal, otherwise transmission needs the checking information of re-encrypted to the data subscriber terminal.
Preferably, the data subscriber terminal includes:
Key production module, for file F to be divided into n data block, it is designated as mi∈Zp, i ∈ I, I=[1, n];Generation adds Key, the encryption key include the encryption key key_cml of file, and after file block each data block label Key skt, Hash key skhWith label public key pkt=(gx,ux);Wherein, x ∈ ZpFor random number, skt=ytag,ytagIt is one Random prime numbers, ytag1,ytag2,.....,ytagnIt is and ytagRelatively prime prime number, and find a random number s so thatE is a prime number;
File encryption module, for the label of each data block after file F piecemeals to be designated asti∈Zp, always Label be designated as T={ ti}i∈[1,n];Label after generation is attached in corresponding data block and realizes data blinding, is designated as mi' =mi+ti
Communication module, for encryption data to be sent to Cloud Server, encryption data of the encryption data including file, Encrypt the abstracted information of file and the authentication information of tape label;The encryption data of the file is F '={ mi′}i∈[1,n], it is described The authentication information of tape label isWherein Ri=FID | | i, FID are identification file Identification information, " | | " is series connection mark;The communication module is additionally operable to audit request being sent to auditing by third party, the audit Abstracted information and label public key pk containing encryption file in requestt
Preferably, the storage Audit Module includes:
Challenge unit is initiated, for defining challengeAnd initiate to challenge to Cloud Server;Wherein, viFor Random number caused by each piece of correspondence of encryption data, Q=pkt qIt is that a challenge collects, q ∈ ZpIt is a random number;
Authentication unit, for the auditing by third party receive Cloud Server return corresponding proof after pass through formulaThe correctness of audit certification is verified, if the equation is set up, judgement is deposited Store up Cloud Server data be it is complete, it is otherwise imperfect.
Preferably, the Cloud Server includes:
Memory module, the encryption data sent for storing the data subscriber terminal;
Module is proved, corresponding proof P=(ρ, ω, ε, τ) is generated after the challenge for receiving auditing by third party transmission Return to the auditing by third party;Wherein, authentication informationρiLabel is gone to recognize for each piece in the encryption data Demonstrate,prove information,
Deciphering module, for receiving the extraction request of data of data subscriber terminal transmission and the number of the encryption key Ciphertext data is returned into authorized user after t;The deciphering module is additionally operable to receiving the extraction number of authorized user's terminal transmission According to obtaining number t ' after being decrypted after request and encryption authorization request label t_sign, when judging that t ' is equal with the t of storage Ciphertext data is returned into authorized user's terminal, does not otherwise understand ciphertext data.
Implement the data access method and system based on Cloud Server of the present invention, have the advantages that:
1st, the invention provides the data extraction scheme of authorized user's terminal, and used using the number of encryption key authorizing The identity of family terminal is verified, on the one hand makes the checking related to encryption key, on the other hand implementing more simply has Effect, will not increase operand again while data access method security is improved.
2nd, the challenge collection that the present invention uses is to come out all tag extractions after file block, is made up of all labels Challenge collection, the calculating add complexity, improve the security of data transfer to a certain extent, avoid because key quilt Parse easily and cause data to be trapped.On the other hand, the computation complexity of the challenge will not be too high, to ensure that operand is closing In the range of reason.
3rd, the decryption oprerations of data are completed by Cloud Server in the present invention, because the computing capability of Cloud Server is much larger than User terminal, it can largely mitigate the amount of calculation of user terminal.
Brief description of the drawings
Fig. 1 is tripartite's audit model figure in the prior art;
Fig. 2 is the illustraton of model according to the data access arrangement based on Cloud Server of the preferred embodiment of the present invention;
Fig. 3 is the flow chart according to the data access method based on Cloud Server of the preferred embodiment of the present invention;
Fig. 4 is the interaction figure according to the data access method based on Cloud Server of the preferred embodiment of the present invention;
Fig. 5 is the functional block diagram according to the auditing by third party of the preferred embodiment of the present invention;
Fig. 6 is the functional block diagram according to the data subscriber terminal of the preferred embodiment of the present invention;
Fig. 7 is the functional block diagram according to the Cloud Server of the preferred embodiment of the present invention.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is The part of the embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, ordinary skill people The every other embodiment that member is obtained on the premise of creative work is not made, belongs to the scope of protection of the invention.
Referring to Fig. 2, the illustraton of model for the data access arrangement based on Cloud Server according to the preferred embodiment of the present invention. Comprise at least data subscriber terminal 100, Cloud Server 200 as shown in Fig. 2 being somebody's turn to do the data access arrangement based on Cloud Server and award Weigh user terminal 400.Wherein data subscriber terminal 100 is the local user that initial data is stored to Cloud Server 200, authorizes and uses Family terminal 400 is non-local user.
Fig. 3 is please referred to, is the stream according to the data access method based on Cloud Server of the preferred embodiment of the present invention Cheng Tu.The data access method based on Cloud Server is realized based on above-mentioned data access arrangement.As shown in figure 3, the present invention is excellent The data access method based on Cloud Server for selecting embodiment to provide comprises at least following steps:
First, in step sl, data storing steps are performed, encryption key are generated by data subscriber terminal 100, and use Encryption data is stored and arrives Cloud Server 200 by the encryption key after being encrypted to file block.The encryption data is also known as outsourcing Data.
Then, in step s 2, data user's extraction step is performed, is sent out from data subscriber terminal 100 to Cloud Server 200 The number t of extraction request of data and the encryption key is sent, the extraction request of data contains foregoing encryption key.Cloud Server 200 obtain ciphertext data after data are decrypted using the encryption key after receiving the request, and ciphertext data is returned To data subscriber terminal 100, while the number t for storing the encryption key is standby.
Finally, in step s3, authorized user's extraction step is performed, from authorized user's terminal 400 to data subscriber terminal 100 send authorization requests.After data subscriber terminal 100 confirms the identity of authorized user's terminal 400, time to the encryption key Number t is encrypted to obtain encryption authorization request label t_sign, and encryption authorization request label t_sign is returned into mandate and used Family terminal 400.Preferably, encryption key is also sent to authorized user's terminal 400 by the data subscriber terminal 100 in the lump.Afterwards, Authorized user's terminal 400 sends extraction request of data to Cloud Server 200 and the encryption authorization asks label t_sign, cloud Server 200 obtains number t ' after the encryption authorization request label t_sign of reception is decrypted, and is judging t ' and the t of storage Ciphertext data is returned into authorized user's terminal 400 when equal, does not otherwise understand ciphertext data.The present invention utilizes the number of encryption key T carries out the checking of authorized user's terminal, is on the one hand related to encryption key, on the other hand implements easy and effective, carrying Operand will not be increased while high data access method security again.
In preferred embodiment of the invention, also with auditing by third party function.Correspondingly, based on Cloud Server Data access arrangement also includes auditing by third party 300.The auditing by third party 300 has storage audit function and/or extraction audit Function.Therefore, accordingly, being somebody's turn to do the data access method based on Cloud Server also includes storage audit steps and/or extraction audit Step.
Wherein store audit steps can in abovementioned steps S1 data subscriber terminal 100 to the data storage of Cloud Server 200 After perform, the storage audit steps includes:Data subscriber terminal 100 will be to will encrypt file after the data storage of Cloud Server 200 Abstracted information be sent to auditing by third party 300.Auditing by third party 300 is according to the abstracted information of the encryption file to cloud service Device 200 initiates challenge, and the corresponding checking of the challenge returned according to Cloud Server is stored in the data of Cloud Server 200 It is whether complete, and the result is fed back into data subscriber terminal 100.
Extraction audit steps can perform after abovementioned steps S2 and/or S3, and the extraction audit steps includes:By data user The abstracted information for decrypting file is sent to third party after receiving and deciphering data and examined by terminal 100 or authorized user's terminal 400 Meter 300.Auditing by third party 300 judges to encrypt with initial data user terminal 100 according to the abstracted information of the decryption file of reception When the abstracted information of encryption file that sends it is whether equal, be then send it is whole to data user without the checking information of re-encrypted End 100, otherwise transmission need the checking information of re-encrypted to data subscriber terminal 100.
Fig. 4 is please referred to, is the friendship according to the data access method based on Cloud Server of the preferred embodiment of the present invention Mutually figure.If the data for needing to store in the present invention are file F, including the various forms file such as image, text, below with file F It is specifically described for image citing.As shown in figure 4, being somebody's turn to do the data access method based on Cloud Server specifically includes following step Suddenly:
First, data storing steps are performed in step S401-S403, specifically included:
S401, perform key generation sub-step KeyGen → (key_cml, pkt,skt,skh):By data subscriber terminal 100 The image of file F such as inputs is divided into n data block, is designated as mi∈Zp, i ∈ I, I=[1, n].Data subscriber terminal 100 will The image of local is stored to Cloud Server 200, it is necessary to first image be encrypted, each piece of the image after encryption all corresponding one Block label, label are also required to be encrypted, and are then then stored into high in the clouds, therefore need first to generate encryption key in the step, should Encryption key includes the encryption key key_cml of file, and after file block each data block label key skt, breathe out Uncommon key skhWith label public key pkt=(gx,ux);Wherein, x ∈ ZpFor a random number, skt=ytag,ytagIt is a random element Number, ytag1,ytag2,.....,ytagnIt is and ytagRelatively prime prime number, and find a random number s so thatE is a prime number.In label public key pkt=(gx,ux) in, if G is a group, if existing in G One element g, for belonging to any x in G, integer k all be present, make x=gk, then G is referred to as the cyclic group of G generations, and g is group's Generation member.
If minimum positive integer n be present so that e=gn, n is referred to as generation element orders.G1,G2All it is circulation multiplicative group.G, u points Wei not G1,G2Generation member.
S402, perform file encryption sub-step TagGen → T:The label of each data block is designated as after file F piecemealsti∈Zp, total label is designated as T={ ti}i∈[1,n];Label after generation is attached to pair by data subscriber terminal 100 Data blinding is realized in the data block answered, is designated as m 'i=mi+ti
S403, perform data transmission sub-step:Data subscriber terminal 100 sends encryption data to Cloud Server 200, institute Stating encryption data includes the encryption data of file, encrypts the abstracted information of file and the authentication information of tape label.The file Encryption data is F '={ mi′}i∈[1,n], the authentication information of the tape label isWherein Ri=FID | | i, FID are the mark letter of identification file Breath, " | | " indicate for series connection.Wherein, H (skh,Ri) it is hash function, skhAnd RiIt is the input parameter of the hash function.This In invention encrypt file or decrypt file abstracted information for the title of file, the number n of file block, label number and The classification of user terminal.Due to setting up a label to every block number evidence in the present invention, so the number of label and file point herein The number of block is equal, is also n.
Then, storage audit steps is performed in step S404-S407, is specifically included:
S404, perform request transmission sub-step:Data subscriber terminal 100 is after data storing steps are performed by audit request It is sent to auditing by third party 300, it is preferable that abstracted information and label public key pk containing encryption file in the audit requestt
S405, perform and initiate challenge sub-stepThe definition challenge of auditing by third party 300And Initiate to challenge to Cloud Server 200;Wherein, viFor random number, Q=pk caused by each piece of correspondence of encryption datat qIt is one to choose War collection, q ∈ ZpIt is a random number.Another innovation of the present invention is the generation method for optimizing challenge herein, this It is different to invent the composition of challenge, and generates and contains label public key in the input of challenge.Traditional Q is taken after file block The label for going out partial data forms challenge collection, and the challenge collection that the present invention uses is to go out all tag extractions after file block Come, the challenge collection being made up of all labels, the calculating adds complexity to a certain extent, improves the safety of data transfer Property, avoid and cause data to be trapped because key is parsed easily.On the other hand, the computation complexity of the challenge will not mistake Height, to ensure operand in rational scope.
S406, perform proof sub-step Proof → P:After Cloud Server 200 receives the challenge, this challenge is made Response, generate corresponding proof P=(ρ, ω, ε, τ) and return to the auditing by third party;Wherein, authentication information ρiSmart-tag authentication information is gone for each piece in the encryption data:
S407, checking sub-step Verify → ν (0/1), auditing by third party 300 receive the corresponding of the return of Cloud Server 200 The correctness of audit certification is verified after proof by below equation, obtains corresponding the result:
If the equation set up, judge be stored in Cloud Server 200 data be it is complete, it is otherwise imperfect.
The result that data subscriber terminal 100 returns according to Cloud Server 200 chooses whether to delete local data.
When the external world needs to extract the outer bag data of Cloud Server 200, it is necessary to which the key for having encryption data could obtain outside Bag data, now in two kinds of situation, i.e. data user's extraction step and authorized user's extraction step, correspond to respectively local user and The situation of non-local user's extraction.
When the data subscriber terminal 100 of local needs to extract data to Cloud Server 200, in step S408-S409 Data user's extraction step is performed, is specifically included:
S408, from data subscriber terminal 100 to Cloud Server 200 send extraction request of data and the encryption key Number t, also contain foregoing encryption key in the extraction request of data.
S409, Cloud Server 200 are decrypted after data are decrypted using the encryption key after receiving the request Data, and ciphertext data is returned into data subscriber terminal 100, while the number t for storing the encryption key is standby.Traditional In cloud storage data method data encryption and decryption be to be completed by user terminal, and in the present invention data decryption oprerations Completed by Cloud Server 200, because the computing capability of Cloud Server 200 is much larger than user terminal, can largely subtracted The amount of calculation of light user terminal.
Then, extraction audit steps is performed in step S410-S411, is specifically included:
S410, by data subscriber terminal 100 after receiving and deciphering data by decrypt file abstracted information be sent to the 3rd Side's audit 300.
S411, auditing by third party 300 judge and initial data user terminal according to the abstracted information of the decryption file of reception Whether the abstracted information of the encryption file sent during 100 encryption is equal, is then to send the checking information without re-encrypted to number According to user terminal 100, otherwise transmission needs the checking information of re-encrypted to data subscriber terminal 100.Auditing by third party 300 is led Will be by the classification of user terminal in abstracted information, such as No. id, to judge whether the user of the transmission abstracted information is local Data subscriber terminal 100.If data subscriber terminal 100, then abstracted information is necessarily equal, and auditing by third party 300 returns The checking information extract=0 of one extraction.When data subscriber terminal 100 receives extract=0, keep constant.
When authorized user's terminal 400 non-indigenous needs to extract data to Cloud Server 200, in step S412-S415 Middle execution authorized user's extraction step, is specifically included:
When S412, authorized user's terminal 400 need to obtain outer bag data, it is necessary first to sent to data subscriber terminal 100 Authorization requests.
S413, data subscriber terminal 100 confirm the identity of authorized user's terminal 400 after authorization requests are received, when giving During mandate, the number t of the encryption key of the original encryption file used in data storing steps is encrypted to obtain encryption and awarded Power request label t_sign, and encryption authorization request label t_sign is returned into authorized user's terminal 400.Preferably, data User terminal 100 can use label key sktNumber t is encrypted to obtain encryption authorization request label t_sign.The number Encryption key is also sent to authorized user's terminal 400 in the lump according to user terminal 100.
S414, authorized user's terminal 400 sends extraction request of data to Cloud Server 200 and the encryption authorization is asked Label t_sign.The encryption sent in the extraction request of data that authorized user's terminal 400 is sent containing data subscriber terminal 100 Key.
S415, Cloud Server 200 obtain number t ' after the encryption authorization request label t_sign of reception is decrypted, and Judge whether number t ' and the number t prestored are equal, the encryption key sent if equal using authorized user's terminal 400 The outer bag data of decryption, then returns to authorized user's terminal 400 by ciphertext data.If the number t ' and number t prestored It is unequal, then do not understand ciphertext data.
Finally, extraction audit steps is performed in step S416-S417, is specifically included:
S416, by authorized user's terminal 400 after receiving and deciphering data by decrypt file abstracted information be sent to the 3rd Side's audit 300.
S417, auditing by third party 300 judge and initial data user terminal according to the abstracted information of the decryption file of reception Whether the abstracted information of the encryption file sent during 100 encryption is equal, is then to send the checking information without re-encrypted to number According to user terminal 100, otherwise transmission needs the checking information of re-encrypted to data subscriber terminal 100.If authorized user The abstracted information for the decryption file that terminal 400 is sent, because the classification of user terminal is different, then the abstracted information it is inevitable with it is original The abstracted information of encryption file differs, and auditing by third party 300 returns to the checking information extract=1 of an extraction.Data are used When family terminal 100 receives extract=1, original file data is encrypted regenerating key.Therefore, the present invention fills Point ground considers the security requirement of local user and non-local user, when being that local data subscriber terminal 100 extracts cloud and taken During the encryption data of business device 200, keep constant with the encryption data of Cloud Server;When being authorized user's terminal 400 non-indigenous When extracting the encryption data of Cloud Server 200, local data subscriber terminal 100 can regenerate new encryption key to data It is encrypted, then will adds its storage beyond the clouds.
Invention accordingly provides a kind of data access arrangement based on Cloud Server, the data access arrangement at least wraps Include Cloud Server 200, data subscriber terminal 100 and authorized user's terminal 400.
Wherein, data subscriber terminal 100 is used to generate encryption key, and file block is encrypted using the encryption key Cloud Server 200 is arrived into encryption data storage afterwards;The data subscriber terminal 100 is additionally operable to when extracting data to Cloud Server 200 send the number t of extraction request of data and the encryption key, and receive the decryption number that the Cloud Server 200 is returned According to;The data subscriber terminal 100 is additionally operable to when receiving the authorization requests that data subscriber terminal 100 is sent to encryption key Number t be encrypted after obtain encryption authorization request label t_sign after return to authorized user's terminal 400.
Authorized user's terminal 400 is used to send authorization requests to data subscriber terminal 100 and the encryption authorization is asked Label t_sign.
Cloud Server 200 is used to store the encryption data that the data subscriber terminal 100 is sent.Cloud Server 200 is also used Ciphertext data is returned after the extraction request of data and the number t of the encryption key for receiving the transmission of data subscriber terminal 100 Return data subscriber terminal 100.Cloud Server 200 is additionally operable to receiving the extraction request of data of the transmission of authorized user's terminal 400 Be decrypted after encryption authorization request label t_sign after obtain number t ', the general when judging that t ' is equal with the number t of storage Ciphertext data returns to authorized user's terminal 400, does not otherwise understand ciphertext data.
In preferred embodiment of the invention, the data access arrangement based on Cloud Server also includes auditing by third party 300.The present invention also accordingly provides a kind of auditing by third party 300.Referring to Fig. 5, it is according to the preferred embodiment of the present invention The functional block diagram of tripartite's audit.As shown in figure 5, the auditing by third party 300 includes storage Audit Module 310 and/or extraction is examined Count module 320.
Audit Module 310 is wherein stored to be used for according to data subscriber terminal 100 to carrying after the data storage of Cloud Server 200 The abstracted information of the encryption file of confession initiates to challenge to the Cloud Server 200, and the challenge returned according to Cloud Server 200 Corresponding checking be stored in Cloud Server 200 data it is whether complete, and the result is fed back into data subscriber terminal 100。
Storage Audit Module 310 may further include initiation challenge unit and authentication unit.Wherein initiate challenge unit For defining challengeAnd initiate to challenge to Cloud Server 200;Wherein, viFor each piece of correspondence of encryption data Caused random number, Q=pkt qIt is that a challenge collects, q ∈ ZpIt is a random number.Authentication unit is used to examine in the third party Meter 300 passes through formula after receiving the corresponding proof of the return of Cloud Server 200Verify audit certification correctness, if the equation into It is vertical, then judge the data for being stored in Cloud Server 200 be it is complete, it is otherwise imperfect.
Extraction Audit Module 320 is used to receive the data subscriber terminal 100 or authorized user's terminal 400 in reception solution The abstracted information of the decryption file sent after ciphertext data, and according to the abstracted information for the decrypting file judgement of reception and initial data Whether the abstracted information for the encryption file that user terminal 100 is sent when encrypting is equal, is then to send the checking without re-encrypted Information gives the data subscriber terminal 100, and otherwise transmission needs the checking information of re-encrypted to the data subscriber terminal 100。
Referring to Fig. 6, the functional block diagram for the data subscriber terminal according to the preferred embodiment of the present invention.Also phase of the invention The data subscriber terminal 100 should be provided.As shown in fig. 6, the data subscriber terminal 100 includes key production module 110, file Encrypting module 120 and communication module 130.
Wherein key production module 110 is used to file F being divided into n data block, is designated as mi∈Zp, i ∈ I, I=[1, n]; Key production module 110 generates encryption key, and the encryption key includes the encryption key key_cml of file, and file point The label key sk of each data block after blockt, Hash key skhWith label public key pkt=(gx,ux);Wherein, x ∈ ZpFor with Machine number, skt=ytag,ytagIt is a random prime numbers, ytag1,ytag2,.....,ytagnIt is and ytagRelatively prime prime number, and find one Individual random number s so thatE is a prime number.
File encryption module 120 is used to the label of each data block after file F piecemeals being designated asti∈Zp, Total label is designated as T={ ti}i∈[1,n];And the label after generation is attached in corresponding data block and realizes data blinding, remember For mi'=mi+ti
Communication module 130 is used to send encryption data to Cloud Server 200, the encryption data to include the encryption of file The authentication information of data, the abstracted information for encrypting file and tape label;The encryption data of the file is F '={ mi′}i∈[1,n], The authentication information of the tape label isWherein Ri=FID | | i, FID are The identification information of file is identified, " | | " indicate for series connection;The communication module 130 is additionally operable to audit request being sent to third party Audit 300, abstracted information and label public key pk containing encryption file in the audit requestt
Referring to Fig. 7, the functional block diagram for the Cloud Server according to the preferred embodiment of the present invention.The present invention also accordingly carries The Cloud Server 200 is supplied.As shown in fig. 7, the Cloud Server 200 includes memory module 210, proves module 220 and decrypts mould Block 230.
Wherein, memory module 210 is used to store the encryption data that the data subscriber terminal 100 is sent.
Prove module 220 be used to receiving after the challenge of the transmission of auditing by third party 300 generate it is corresponding prove P=(ρ, ω, ε, τ) return to the auditing by third party 300;Wherein, authentication informationρiFor each piece in the encryption data Go smart-tag authentication information,
Deciphering module 230 is used to receive the extraction request of data of the transmission of data subscriber terminal 100 and the encryption key Number t after ciphertext data returned into authorized user;The deciphering module 230 is additionally operable to receiving authorized user's terminal 400 Number t ' is obtained after being decrypted after extraction request of data and encryption authorization request the label t_sign of transmission, is judging t ' with depositing Ciphertext data is returned into authorized user's terminal 400 when the t of storage is equal, does not otherwise understand ciphertext data.
The present invention further correspondingly provides above-mentioned authorized user's terminal 400, for sending authorization requests and data subscriber terminal 100, and send extraction data after the encryption authorization request label t_sign and encryption key that data subscriber terminal 100 is returned and ask Ask to Cloud Server 200, and receive the ciphertext data of the return of Cloud Server 200.
In summary, the present invention adds an entity i.e. authorized user's terminal 400, and authorized user's terminal 400 will obtain The local data of Cloud Server 200, it is necessary to actively ask to authorize to the data subscriber terminal 100 of local, authorized through local user After could send acquisition request data to Cloud Server 200.For security reasons, when being local data subscriber terminal During the encryption data of 100 extraction Cloud Servers 200, keep constant with the encryption data of Cloud Server 200;When be authorized user end During the encryption data of the extraction of end 400 Cloud Server 200, local data subscriber terminal 100 regenerates new data key It is encrypted, then it will be added to be stored in Cloud Server 200.
It should be appreciated that the principle and implementation process of data access method and system of the invention based on Cloud Server It is identical, therefore the elaborating for embodiment of the data access method based on Cloud Server is also applied for based on Cloud Server Data access arrangement.
Finally it should be noted that:The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although The present invention is described in detail with reference to the foregoing embodiments, it will be understood by those within the art that:It still may be used To be modified to the technical scheme described in foregoing embodiments, or equivalent substitution is carried out to which part technical characteristic; And these modification or replace, do not make appropriate technical solution essence depart from various embodiments of the present invention technical scheme spirit and Scope.

Claims (2)

  1. A kind of 1. data access method with audit function based on Cloud Server, it is characterised in that including:
    Data storing steps:After data subscriber terminal generates encryption key, and the use encryption key is encrypted to file block Cloud Server is arrived into encryption data storage;
    Data user's extraction step:The data subscriber terminal sends extraction request of data to Cloud Server and the encryption is close Ciphertext data is returned to data subscriber terminal by the number t of key, the Cloud Server;
    Authorized user's extraction step:Authorized user's terminal sends authorization requests to the data subscriber terminal;The data user The number t of terminal-pair encryption key is encrypted to return to authorized user's end after obtaining encryption authorization request label t_sign End;Authorized user's terminal sends extraction request of data to Cloud Server and the encryption authorization asks label t_sign, Cloud Server obtains number t ' after the encryption authorization request label t_sign of reception is decrypted, and is judging t ' and time of storage Ciphertext data is returned into authorized user's terminal when number t is equal, does not otherwise understand ciphertext data;
    Store audit steps:The data subscriber terminal to after Cloud Server data storage by the abstract letter of the encryption file Breath is sent to auditing by third party, and the auditing by third party is initiated according to the abstracted information of the encryption file to the Cloud Server Challenge, and according to Cloud Server return the challenge corresponding checking be stored in Cloud Server data it is whether complete, and The result is fed back into the data subscriber terminal;
    The storage audit steps includes:
    Request sends sub-step:Audit request is sent to third party after data storing steps are performed and examined by data subscriber terminal Count, abstracted information and label public key pk containing encryption file in the audit requestt=(gx,ux);In label public key pkt= (gx,ux) in, if G is a group, if an element g in G be present, for belonging to any x in G, integer k all be present, make x= gk, then G is referred to as the cyclic group of G generations, and g is the generation element of group;If minimum positive integer n be present so that e=gn, n is referred to as generation Order of element;G1,G2All it is circulation multiplicative group;G, u are respectively G1,G2Generation element;gx, uxRespectively label public key value;
    Initiate challenge sub-step:Auditing by third party definition challengeWherein, i is the corresponding subscript of data block, and Initiate to challenge to Cloud Server;Wherein, viFor random number, Q=pk caused by each piece of correspondence of encryption datat qIt is a challenge Collection, q ∈ ZpIt is a random number;I ∈ I, I=[1, n];N is the quantity for the data block that file F is divided into;
    Prove sub-step:The corresponding proof P=(ρ, ω, ε, τ) of generation returns to described after challenge described in the cloud server Auditing by third party;Wherein, authentication informationρiSmart-tag authentication information is gone for each piece in the encryption data, Whereinti∈Zp;mi∈ Zp, n data block being divided into for file F, i ∈ I, I=[1, n];Label key skt=ytag,ytagIt is a random prime numbers, ytag1,ytag2,.....,ytagnIt is and ytagRelatively prime prime number, and find a random number s so thatE is One prime number;
    Verify sub-step:The auditing by third party passes through formula after receiving the corresponding proof of Cloud Server returnThe correctness of audit certification is verified, wherein, Ri=FID | | i, FID To identify the identification information of file, " | | " indicate for series connection, skhFor Hash key;If the equation is set up, judgement is stored in cloud The data of server be it is complete, it is otherwise imperfect;
    Methods described also includes:
    Extract audit steps:The data subscriber terminal or authorized user's terminal will decrypt file after receiving and deciphering data Abstracted information is sent to auditing by third party, the auditing by third party according to the abstracted information of the decryption file of reception judge with it is original Whether the abstracted information for the encryption file that data subscriber terminal is sent when encrypting is equal, is then to send the checking without re-encrypted Information gives the data subscriber terminal, and otherwise transmission needs the checking information of re-encrypted to the data subscriber terminal;
    The data storing steps include:
    Key generates sub-step:File F is divided into n data block, is designated as mi∈Zp, i ∈ I, I=[1, n];Generate encryption key, The encryption key includes the encryption key key_cml of file, and after file block each data block label key skt, Hash key skhWith label public key pkt=(gx,ux);Wherein, x ∈ ZpFor random number, skt=ytag,ytagIt is one random Prime number, ytag1,ytag2,.....,ytagnIt is and ytagRelatively prime prime number, and find a random number s so thatE is a prime number;
    File encryption sub-step:The label of each data block is designated as after file F piecemealsti∈Zp, total label note For T={ ti}i∈[1,n];Label after generation is attached in corresponding data block and realizes data blinding, is designated as m 'i=mi+ti
    Data send sub-step:Encryption data is sent to Cloud Server, the encryption data includes the encryption data of file, added The abstracted information of ciphertext part and the authentication information of tape label;The encryption data of the file is F '={ mi′}i∈[1,n], the band The authentication information of label isWherein Ri=FID | | i, FID are identification text The identification information of part, " | | " indicate for series connection;
    The user of the transmission abstracted information is judged in the extraction audit steps by the classification of user terminal in abstracted information Whether it is local data subscriber terminal, is the checking information extract=0 for then returning to an extraction, otherwise to data user Terminal sends extract=1;When data subscriber terminal receives extract=0, keep constant, data subscriber terminal receives During extract=1, original file data is encrypted regenerating key.
  2. 2. a kind of data access arrangement with audit function based on Cloud Server, it is characterised in that including at least cloud service Device, data subscriber terminal and authorized user's terminal;
    The data subscriber terminal is used to generate encryption key, and will be encrypted after being encrypted using the encryption key to file block Data Cun Chudao Cloud Servers;The data subscriber terminal is additionally operable to please to Cloud Server transmission extraction data when extracting data Ask and the number t of the encryption key, and receive the ciphertext data that the Cloud Server is returned;The data subscriber terminal is also Awarded for obtaining encryption after the number t of encryption key is encrypted when receiving the authorization requests that data subscriber terminal is sent Authorized user's terminal is returned to after power request label t_sign;
    Authorized user's terminal is used to send authorization requests and encryption authorization request mark to the data subscriber terminal Sign t_sign;
    The Cloud Server is used to store the encryption data that the data subscriber terminal is sent;The Cloud Server is additionally operable to receive Ciphertext data is returned into data after extraction request of data and the number t of the encryption key that data subscriber terminal is sent to use Family terminal;The Cloud Server is additionally operable to receiving extraction request of data and the encryption authorization request mark that authorized user's terminal is sent Number t ' is obtained after being decrypted after label t_sign, ciphertext data is returned to when judging that t ' is equal with the number t stored and awarded User terminal is weighed, does not otherwise understand ciphertext data;
    The system also includes auditing by third party, and the auditing by third party includes:
    Store Audit Module, for according to data subscriber terminal in taking out to the encryption file provided after Cloud Server data storage Image information initiates to challenge to the Cloud Server, and the corresponding checking of the challenge returned according to Cloud Server is stored in cloud Whether the data of server are complete, and the result is fed back into data subscriber terminal;And/or
    Audit Module is extracted, is sent for receiving the data subscriber terminal or authorized user's terminal after receiving and deciphering data Decryption file abstracted information, and according to reception decryption file abstracted information judge with initial data user terminal encrypt When the abstracted information of encryption file that sends it is whether equal, be then to send to use to the data without the checking information of re-encrypted Family terminal, otherwise transmission need the checking information of re-encrypted to the data subscriber terminal;
    The storage Audit Module includes:
    Challenge unit is initiated, for defining challengeWherein, i is the corresponding subscript of data block, and to cloud service Device initiates challenge;Wherein, viFor random number, Q=pk caused by each piece of correspondence of encryption datat qIt is that a challenge collects, q ∈ ZpIt is One random number;I ∈ I, I=[1, n];N is the quantity for the data block that file F is divided into;Label public key pkt=(gx,ux);Marking Sign public key pkt=(gx,ux) in, if G is a group, if an element g in G be present, for belonging to any x in G, all exist Integer k, make x=gk, then G is referred to as the cyclic group of G generations, and g is the generation element of group;If minimum positive integer n be present so that e= gn, n is referred to as generation order of element;G1,G2All it is circulation multiplicative group;G, u are respectively G1,G2Generation element;gx, uxRespectively Label public key value;
    Authentication unit, for the auditing by third party receive Cloud Server return corresponding proof after pass through formulaVerify the correctness of audit certification, Ri=FID | | i, FID are identification The identification information of file, " | | " indicate for series connection, skhFor Hash key;If the equation is set up, judgement is stored in Cloud Server Data be it is complete, it is otherwise imperfect;
    The Cloud Server includes:
    Module is proved, corresponding proof P=(ρ, ω, ε, τ) is generated after the challenge for receiving auditing by third party transmission and is returned To the auditing by third party;Wherein, authentication informationρiLabel is gone to recognize for each piece in the encryption data Demonstrate,prove information, Whereinti∈Zp;mi∈Zp, n data block being divided into for file F, i ∈ I, I=[1, n];Label key skt=ytag, ytagIt is a random prime numbers, ytag1,ytag2,.....,ytagnIt is and ytagRelatively prime prime number, and find a random number s so thatE is a prime number;
    The data subscriber terminal includes:
    Key production module, for file F to be divided into n data block, it is designated as mi∈Zp, i ∈ I, I=[1, n];Generation encryption is close Key, the encryption key include the encryption key key_cml of file, and after file block each data block label key skt, Hash key skhWith label public key pkt=(gx,ux);Wherein, x ∈ ZpFor random number, skt=ytag,ytagIt is one random Prime number, ytag1,ytag2,.....,ytagnIt is and ytagRelatively prime prime number, and find a random number s so thatE is a prime number;
    File encryption module, for the label of each data block after file F piecemeals to be designated asti∈Zp, total mark Label are designated as T={ ti}i∈[1,n];Label after generation is attached in corresponding data block and realizes data blinding, is designated as m 'i=mi+ ti
    Communication module, for encryption data to be sent to Cloud Server, the encryption data includes the encryption data of file, encryption The abstracted information of file and the authentication information of tape label;The encryption data of the file is F '={ mi′}i∈[1,n], the band mark The authentication information of label isWherein Ri=FID | | i, FID are identification file Identification information, " | | " indicate for series connection;The communication module is additionally operable to audit request being sent to auditing by third party, and the audit please Abstracted information and label public key pk containing encryption file in askingt
    The Cloud Server also includes:
    Memory module, the encryption data sent for storing the data subscriber terminal;
    Deciphering module, after receiving the extraction request of data of data subscriber terminal transmission and the number t of the encryption key Ciphertext data is returned into authorized user;The deciphering module is additionally operable to please in the extraction data for receiving the transmission of authorized user's terminal Number t ' is obtained after being decrypted after summation encryption authorization request label t_sign, will solution when judging that t ' is equal with the t stored Ciphertext data returns to authorized user's terminal, does not otherwise understand ciphertext data;
    The user of the transmission abstracted information is judged in the extraction Audit Module by the classification of user terminal in abstracted information Whether it is local data subscriber terminal, is the checking information extract=0 for then returning to an extraction, otherwise to data user Terminal sends extract=1;When data subscriber terminal receives extract=0, keep constant, data subscriber terminal receives During extract=1, original file data is encrypted regenerating key.
CN201710500371.XA 2017-02-24 2017-02-24 A kind of data access method and system with audit function based on Cloud Server Active CN107197037B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710500371.XA CN107197037B (en) 2017-02-24 2017-02-24 A kind of data access method and system with audit function based on Cloud Server

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710500371.XA CN107197037B (en) 2017-02-24 2017-02-24 A kind of data access method and system with audit function based on Cloud Server
CN201710105793.7A CN106713508B (en) 2017-02-24 2017-02-24 A kind of data access method and system based on Cloud Server

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201710105793.7A Division CN106713508B (en) 2017-02-24 2017-02-24 A kind of data access method and system based on Cloud Server

Publications (2)

Publication Number Publication Date
CN107197037A CN107197037A (en) 2017-09-22
CN107197037B true CN107197037B (en) 2018-02-02

Family

ID=58917630

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201710500371.XA Active CN107197037B (en) 2017-02-24 2017-02-24 A kind of data access method and system with audit function based on Cloud Server
CN201710105793.7A Active CN106713508B (en) 2017-02-24 2017-02-24 A kind of data access method and system based on Cloud Server

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201710105793.7A Active CN106713508B (en) 2017-02-24 2017-02-24 A kind of data access method and system based on Cloud Server

Country Status (1)

Country Link
CN (2) CN107197037B (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107197037B (en) * 2017-02-24 2018-02-02 重庆第二师范学院 A kind of data access method and system with audit function based on Cloud Server
CN107423637B (en) * 2017-07-31 2020-07-31 南京理工大学 Integrity auditing method supporting traceability of electronic medical record data on cloud
CN109525388B (en) * 2017-09-19 2022-07-15 中兴通讯股份有限公司 Combined encryption method and system with separated keys
CN108269610A (en) * 2018-01-18 2018-07-10 成都博睿德科技有限公司 Data reliability verifying method based on cloud computing
CN108259606B (en) * 2018-01-18 2021-05-18 成都四象联创科技有限公司 Cloud computing public cloud file storage and retrieval method
CN108197496A (en) * 2018-01-18 2018-06-22 成都博睿德科技有限公司 Data safety Enhancement Method under cloud computing environment
CN110071902A (en) * 2018-01-23 2019-07-30 深圳前海小鸟云计算有限公司 A kind of grading authorized safety management system of privately owned centralization of Cloud Server
CN110401613B (en) * 2018-04-24 2023-01-17 北京握奇智能科技有限公司 Authentication management method and related equipment
CN108549796B (en) * 2018-04-25 2020-08-25 中国科学技术大学 Method for protecting user's forgetting right by digital watermark technology
CN110351276B (en) * 2019-07-12 2021-11-23 全链通有限公司 Data processing method, device and computer readable storage medium
CN111710404B (en) * 2020-05-31 2024-01-23 南京麦澜德医疗科技股份有限公司 Equipment authorization using method
CN112149076B (en) * 2020-10-10 2021-07-06 上海威固信息技术股份有限公司 Safe computer storage system
CN112307493B (en) * 2020-10-15 2024-02-09 上海东方投资监理有限公司 Project settlement data review sending method, system, terminal equipment and storage medium

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9262643B2 (en) * 2010-02-22 2016-02-16 Sookasa Inc. Encrypting files within a cloud computing environment
CN102045356B (en) * 2010-12-14 2013-04-10 中国科学院软件研究所 Cloud-storage-oriented trusted storage verification method and system
CN102624708A (en) * 2012-02-23 2012-08-01 浙江工商大学 Efficient data encryption, updating and access control method for cloud storage
CN102693398B (en) * 2012-05-09 2015-04-01 深圳大学 Data encryption method and system
CN103414682B (en) * 2013-04-07 2016-08-17 深圳大学 The method for cloud storage of a kind of data and system
CN107197037B (en) * 2017-02-24 2018-02-02 重庆第二师范学院 A kind of data access method and system with audit function based on Cloud Server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
A New Key Exchange Scheme Based on Permutation;Wei Pengcheng eat;《2009 International Conference on Computational Intelligence and Software Engineering IEEE》;20091228;正文第1-4页 *

Also Published As

Publication number Publication date
CN106713508B (en) 2017-09-19
CN107197037A (en) 2017-09-22
CN106713508A (en) 2017-05-24

Similar Documents

Publication Publication Date Title
CN107197037B (en) A kind of data access method and system with audit function based on Cloud Server
CN105553951B (en) Data transmission method and device
CN103107995B (en) A kind of cloud computing environment date safety storing system and method
CN102170357B (en) Combined secret key dynamic security management system
CN107453862A (en) Private key generation storage and the scheme used
CN107810617A (en) Secret certification and supply
KR20180116278A (en) Common information secrets for secure information exchange and hierarchical and deterministic cryptographic keys
CN106341493A (en) Entity rights oriented digitalized electronic contract signing method
CN108347419A (en) Data transmission method and device
CN104462949B (en) The call method and device of a kind of plug-in unit
CN107659397A (en) A kind of sensitive information transmission method and system
CN101771699A (en) Method and system for improving SaaS application security
CN107368747A (en) A kind of mobile office method, service end, client and system
CN109194523A (en) The multi-party diagnostic model fusion method and system, cloud server of secret protection
CN107918731A (en) Method and apparatus for controlling the authority to access to open interface
CN107948156A (en) The closed key management method and system of a kind of identity-based
CN106254342A (en) The secure cloud storage method of file encryption is supported under Android platform
CN107276752A (en) The methods, devices and systems that limitation key is decrypted are paid to cloud
CN109600224A (en) A kind of SM2 key generation, endorsement method, terminal, server and storage medium
CN113326541A (en) Cloud edge collaborative multi-mode private data transfer method based on intelligent contract
CN103973698B (en) User access right revoking method in cloud storage environment
CN114270780A (en) Gateway agnostic tokenization
CN108805574B (en) Transaction method and system based on privacy protection
CN105119719B (en) A kind of key management method of safe storage system
CN111047305A (en) Private key storage and mnemonic method for encrypted digital currency wallet based on digital watermarking technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant