CN107294701A - The multidimensional ciphertext interval query device and querying method managed with efficient key - Google Patents
The multidimensional ciphertext interval query device and querying method managed with efficient key Download PDFInfo
- Publication number
- CN107294701A CN107294701A CN201710543080.9A CN201710543080A CN107294701A CN 107294701 A CN107294701 A CN 107294701A CN 201710543080 A CN201710543080 A CN 201710543080A CN 107294701 A CN107294701 A CN 107294701A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- data
- key
- module
- searching
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The multidimensional ciphertext interval query device and querying method managed with efficient key, belong to field of information security technology, described device includes data encryption module, key management module and searching ciphertext module, generation trapdoor and ciphertext scope is encrypted using global private key according to searching request in data encryption module, searching ciphertext module match obtaining relevance degree according to trapdoor and ciphertext index, judge the relevance degree of data whether in the range of cryptogram search again, ciphertext index is set up by data encryption module according to global private key, when the relevance degree of data is in the range of cryptogram search, corresponding ciphertext is sent to data user by searching ciphertext module, by corresponding ciphertext and data user identity to key management module, key management module calculates decruption key according to the identity of the data and data user retrieved, and decruption key is sent to data user, realize the multi-dimensional interval query to ciphertext, there is provided a kind of cryptogram search device that there is abundant inquiry to experience.
Description
Technical field
The invention belongs to field of information security technology, it is related to multidimensional ciphertext interval query technology and key management technology, has
Body is the multidimensional ciphertext interval query device and querying method managed with efficient key.
Background technology
With the development of information age, explosive growth is presented in data, and how to store and manage mass data becomes
Problem of concern.Cloud computing is due to its easily storage access patterns, the advantages of flexible charge method so that increasingly
The storage and calculating of local data are contracted out to third party cloud server by many enterprises and individuals, to reduce the storage of local data
And maintenance load.However, the clear data being stored on Cloud Server may suffer to malicious attack causing sensitive information
Leakage, therefore cloud computing has huge potential safety hazard.Although encryption can ensure the security of data before data outsourcing,
It is also to bring two problems.On the one hand, traditional encryption method can cause the ciphertext being stored on Cloud Server to retrieve,
Data user to obtain document interested, ciphertext is all downloaded to the local method decrypted again can waste substantial amounts of calculating with
Bandwidth resources;On the other hand, it is the security of guarantee data, different data users use different to different types of data
Key is encrypted, and thus brings the magnanimity key management problem of complexity, such as:How number is quickly positioned in magnanimity key
According to the decruption key needed for user, how efficiently key revocation etc. is carried out to the data user that loses data access authority.
At present, traditional encryption technology that can search for key management allows data user to carry out key search, quick fixed
Document interested is arrived in position;Data user and key are stored using Hash table, so that it is close to allow data user quickly to position
Key.But existing technology can not provide the abundant inquiry experience of traditional plaintext search engine, such as multi-dimensional interval query etc..With
This simultaneously, management of the Hash table structure to magnanimity key can bring larger storage and computation complexity, further, for reality
Some data users need the situations that dynamic is left in the application of border, how the data user that loses access rights are efficiently carried out
Key revocation also turns into problem new in key management.
The content of the invention
For problems of the prior art, the present invention provides a kind of multidimensional ciphertext interval managed with efficient key
Inquiry unit and querying method, under cloud storage background, the device can support multidimensional ciphertext interval query, needed for quick positioning
Decruption key and efficient key revocation is realized to the data user for losing access rights.
The present invention is to be achieved through the following technical solutions:
The multidimensional ciphertext interval query device managed with efficient key, including:Data encryption module, key management module
With searching ciphertext module;
The data encryption module is used to generation trapdoor and ciphertext model is encrypted using global private key according to searching request
Enclose, and trapdoor and ciphertext scope are sent to searching ciphertext module, the global private key is that data encryption module is used according to data
The data that family is sent, which are initialized, to be generated;
The searching ciphertext module match obtaining relevance degree according to trapdoor and ciphertext index, then judges the phase of data
Angle value is closed whether in the range of cryptogram search, the ciphertext index is set up by data encryption module according to global private key, works as number
According to relevance degree in the range of cryptogram search, corresponding ciphertext is sent to data user by searching ciphertext module, will be corresponding
Ciphertext and data user identity are to key management module;
The key management module calculates decruption key according to corresponding ciphertext and data user identity, and by decruption key
It is sent to data user.
Optionally, the data encryption module is additionally operable to global according to upload data and the initialization generation of user's grant column list
Private key, ciphertext index is set up by global private key to clear data, and generation is encrypted according to symmetric key set pair clear data
Ciphertext, the set of symmetric keys is generated by key management module according to data and data user's grant column list;
Optionally, the key management module is additionally operable to set up symmetric key Kazakhstan according to data and data user's grant column list
Uncommon tree and key state Hash tree, generate set of symmetric keys.
Optionally, the key management module is additionally operable to update authorization data according to the identity information for being revoked data user
User list information and key state Hash tree, set of symmetric keys is recalculated according to symmetric key Hash tree.
Optionally, the data encryption module is additionally operable to the set of symmetric keys recalculated according to key management module, weight
It is new that ciphertext is generated to data encryption.
Any multidimensional ciphertext interval query device managed with efficient key provided based on the claim present invention
Querying method, including:
Generation trapdoor and ciphertext scope is encrypted using global private key according to searching request in data encryption module, and will fall into
Door and ciphertext scope are sent to searching ciphertext module;
Searching ciphertext module match obtaining relevance degree according to trapdoor and ciphertext index, then judges the degree of correlation of data
Whether value is in the range of cryptogram search, if relevance degree is in the range of cryptogram search, searching ciphertext module sends out corresponding ciphertext
User is given, corresponding ciphertext and data user identity are sent to key management module;
Key management module calculates decruption key according to corresponding ciphertext and data user identity, and decruption key is sent
To user.
Optionally, generation trapdoor is encrypted and close using global private key according to searching request in the data encryption module
Literary scope, and trapdoor and ciphertext scope are sent to before searching ciphertext module, in addition to:
Data encryption module passes through global private key according to data and the global private key of user's grant column list initialization generation are uploaded
Ciphertext index is set up to clear data, data encryption module calls searching ciphertext module, performs ciphertext upload operation;
Key management module sets up symmetric key Hash tree according to data and data user's grant column list and key state is breathed out
Uncommon tree, generates set of symmetric keys;
Generation ciphertext is encrypted according to symmetric key set pair clear data in data encryption module, and data encryption module is called
Searching ciphertext module, performs ciphertext and ciphertext index upload operation.
Optionally, methods described also includes, and key management module updates according to the identity information for being revoked data user awards
Flexible strategy recalculate set of symmetric keys according to user list information and key state Hash tree according to symmetric key Hash tree.
Optionally, methods described also includes, the symmetric key that data management module is recalculated according to key management module
Collection, generates ciphertext to data encryption again.
Compared with prior art, the present invention has following beneficial technique effect:
Generation trapdoor and ciphertext scope, ciphertext inspection is encrypted using global private key according to searching request in data encryption module
Rope module match obtaining relevance degree according to trapdoor and ciphertext index, then judges whether the relevance degree of data is looked into ciphertext
In the range of inquiry, ciphertext index is set up by data encryption module according to global private key, when the relevance degree of data is in cryptogram search
In the range of, corresponding ciphertext is sent to data user by searching ciphertext module, by corresponding ciphertext and data user identity to close
Key management module, key management module calculates decruption key according to the identity of the data and data user retrieved, and will decryption
Key is sent to data user, realizes to the multi-dimensional interval query of ciphertext there is provided a kind of with the close of abundant inquiry experience
Query text device;
Further, key management module sets up symmetric key Hash tree and close according to data and data user's grant column list
Key state Hash tree, generates set of symmetric keys, by symmetrically setting up symmetric key Hash tree, can quickly position required decryption
Key, improves searching ciphertext efficiency;
Further, when data user needs dynamic to leave, key management module is according to the body for being revoked data user
Part information updating authorization data user list information and key state Hash tree, are recalculated symmetrically according to symmetric key Hash tree
Key set, the set of symmetric keys that data encryption module is recalculated according to key management module is generated close to data encryption again
Text, now, old decryption key decryption ciphertext can not be utilized by being revoked the data user of authority, it is ensured that data user dynamic from
The security of ciphertext data when opening.
Brief description of the drawings
Fig. 1 is a kind of multidimensional ciphertext interval query device signal managed with efficient key provided in an embodiment of the present invention
Figure;
Fig. 2 is a kind of data encryption module schematic diagram provided in an embodiment of the present invention;
Fig. 3 is a kind of key management module schematic diagram provided in an embodiment of the present invention;
Fig. 4 is a kind of searching ciphertext module diagram provided in an embodiment of the present invention;
Fig. 5 is a kind of multidimensional ciphertext interval query method flow managed with efficient key provided in an embodiment of the present invention
Figure;
Fig. 6 is another multidimensional ciphertext interval query method stream managed with efficient key provided in an embodiment of the present invention
Cheng Tu.
Embodiment
With reference to specific embodiment, the present invention is described in further detail, it is described be explanation of the invention and
It is not to limit.
As shown in figure 1, the device includes:Data encryption module, key management module and searching ciphertext module;
Data user calls data encryption module, performs data and data user's grant column list upload operation;Data encryption
The data that module is sent according to data user carry out the global private key of initialization generation, set up close to clear data using global private key
Text index;Data encryption module calls key management module, performs data association message and data user's grant column list uploads behaviour
Make;Generation ciphertext is encrypted in the symmetric key set pair clear data that data encryption module is returned using key management module;Number
Searching ciphertext module is called according to encrypting module, ciphertext and ciphertext index upload operation is performed;Data user calls data encryption mould
Block, performs inquiry request upload operation;The inquiry request that data encryption module is sent according to data user is entered using global private key
Row encryption generation trapdoor and ciphertext scope;Data encryption module calls searching ciphertext module, performs trapdoor and ciphertext scope is uploaded
Operation.
Data association message and data user's grant column list that key management module is sent according to data encryption module, set up
Symmetric key Hash tree and key state Hash tree, realize the storage and management to set of symmetric keys;Key management module according to
Return ciphertext and the identity of data user that searching ciphertext module is sent, decruption key is calculated using symmetric key Hash tree, and
Decruption key is sent to data user;Data user calls key management module, performs the data user's identity letter being revoked
Cease upload operation;The data user's identity information being revoked that key management module is sent according to data user, updates and authorizes number
According to user list information and key state Hash tree, recalculate set of symmetric keys followed by symmetric key Hash tree and call
Data encryption module generates ciphertext to clear data re-encrypted.
Trapdoor and ciphertext scope that searching ciphertext module is sent according to data encryption module, first with trapdoor and index into
Row matching obtains relevance degree, then judges the relevance degrees of data whether in the range of cryptogram search, if in cryptogram search model
In enclosing, then corresponding ciphertext is returned into data user, otherwise give up the data;Searching ciphertext module calls key management mould
Block, performs and returns to ciphertext and user identity upload operation.
Wherein, data encryption module and key management module can be deployed in believable privately owned Cloud Server, searching ciphertext
Module can be deployed in publicly-owned Cloud Server.
As shown in figure 5, being looked into based on any multidimensional ciphertext interval managed with efficient key provided in an embodiment of the present invention
The querying method of device is ask, including:
Step 101, generation trapdoor and ciphertext model is encrypted using global private key according to searching request in data encryption module
Enclose, and trapdoor and ciphertext scope are sent to searching ciphertext module;
Step 102, searching ciphertext module match obtaining relevance degree according to trapdoor and ciphertext index, then judges data
Relevance degree whether in the range of cryptogram search, if relevance degree is in the range of cryptogram search, searching ciphertext module will correspondence
Ciphertext be sent to user, corresponding ciphertext and data user identity are sent to key management module;
Step 103, key management module calculates decruption key according to corresponding ciphertext and data user identity, and will decryption
Key is sent to user.
As shown in fig. 6, generation trapdoor is encrypted and close using global private key according to searching request in data encryption module
Literary scope, and trapdoor and ciphertext scope are sent to before searching ciphertext module, in addition to:
Step 104, data encryption module passes through according to data and the global private key of user's grant column list initialization generation are uploaded
Global private key sets up ciphertext index to clear data, and data encryption module calls searching ciphertext module, performs ciphertext upload operation;
Step 105, key management module sets up symmetric key Hash tree and close according to data and data user's grant column list
Key state Hash tree, generates set of symmetric keys;
Step 106, generation ciphertext, data encryption is encrypted according to symmetric key set pair clear data in data encryption module
Module calls searching ciphertext module, performs ciphertext upload operation.
When data user needs dynamic to leave, key management module updates according to the identity information for being revoked data user
Authorization data user list information and key state Hash tree, set of symmetric keys is recalculated according to symmetric key Hash tree;Number
The set of symmetric keys recalculated according to management module according to key management module, generates ciphertext to data encryption again.
It is preferred that, a kind of multidimensional ciphertext interval query device work managed with efficient key provided in an embodiment of the present invention
Make flow, it is specific as follows:
Data user calls data encryption module, performs data and data user's grant column list upload operation.
The data that data encryption module is sent according to data user carry out the global private key of initialization generation, utilize global private key
Ciphertext index is set up to clear data;Data encryption module calls searching ciphertext module, performs ciphertext index upload operation.
Data set relevant information and data user's grant column list that key management module is sent according to data encryption module, build
Vertical symmetric key Hash tree and key state Hash tree, realize the storage and management to set of symmetric keys.
The different data of symmetric key set pair that data encryption module is returned according to key management module are entered using aes algorithm
Row encryption generation ciphertext;Data encryption module calls searching ciphertext module, performs ciphertext upload operation.
Data user calls data encryption module, performs inquiry request upload operation;Data encryption module please according to inquiry
Ask and generation trapdoor and ciphertext scope is encrypted using global private key;Data encryption module calls searching ciphertext module, performs and falls into
Door and ciphertext scope upload operation.
Trapdoor and ciphertext scope that searching ciphertext module is sent according to data encryption module, first with trapdoor and index into
Row matching obtains relevance degree, then judges the relevance degrees of data whether in the range of cryptogram search, if in cryptogram search model
In enclosing, then corresponding ciphertext is returned into data user, otherwise give up the data;Searching ciphertext module calls key management mould
Block, performs and returns to ciphertext upload operation.
Return ciphertext and the identity of data user that key management module is sent according to searching ciphertext module, using symmetrical close
Key Hash tree calculates decruption key, and decruption key is sent into data user.
When data user needs dynamic to leave, its workflow is as follows:
The data user's identity information being revoked that key management module is sent according to data user, updates authorization data and uses
Family list information and key state Hash tree, set of symmetric keys is recalculated followed by symmetric key Hash tree;
Ciphertext list to be updated and corresponding key that data encryption module is sent according to key management module, are performed close
Text updates operation.
Fig. 2 is a kind of data encryption module schematic diagram provided in an embodiment of the present invention, and data encryption module is implemented
It is as follows:
Data owner calls data encryption module, performs data and data user's grant column list upload operation;Data add
Close module carries out the global private key of initialization generation, and wherein global secret is a triple (M1,M2, S), wherein M1It is first random
Invertible matrix, M2It is the second random invertible matrix, S is the vector randomly selected;Set up and indexed in plain text according to data;Utilize the overall situation
Data are divided into two parts, i.e. the first data vector d by the random vector S in private key1With the second data vector d2, recycle
The first random invertible matrix M in global private key1With the second random invertible matrix M2Respectively to the first data vector d1With the second number
According to vectorial d2It is encrypted and obtains ciphertext index.
Data encryption module calls key management module, and data encryption module sends the phase of data set to key management module
Close information and data user's grant column list;The symmetric key set pair that data encryption module is returned using key management module is different
Generation ciphertext is encrypted using aes algorithm in data;
Data encryption module calls searching ciphertext module, performs ciphertext and ciphertext index upload operation;
Data user calls data encryption module, performs inquiry request upload operation, wherein inquiry request include inquiry to
Measure Q and query context vector R;Data encryption module will be inquired about according to query vector Q using the random vector S in global private key
Vectorial Q is divided into two parts, i.e. the first query vector Q1With the second query vector Q2, recycle first in global private key random
Invertible matrix M1Inverse matrix and the second random invertible matrix M2Inverse matrix respectively to the first query vector Q1With second inquire about to
Measure Q2It is encrypted and obtains trapdoor;
Data encryption module calls searching ciphertext module, session key is negotiated with searching ciphertext module, using aes algorithm
Query context vector R is encrypted and obtains ciphertext scope, trapdoor and ciphertext scope upload operation is performed.
Fig. 3 is a kind of key management module schematic diagram provided in an embodiment of the present invention, and key management module is implemented
It is as follows:
The relevant information and data user's grant column list for the data set that key management module is sent according to data encryption module,
Symmetric key Hash tree and key state Hash tree are set up, efficient storage and the management of symmetric key is realized;Wherein symmetric key
Hash tree refers to:Each set of symmetric keys is managed by a Hash tree with key, and the root node of Hash tree is corresponding
Key value is set to root key, and the symmetric key value of each child node is calculated using father node key value;Key state Hash tree
Refer to:The state value of Hash tree record node manages to carry out the key revocation of node, and wherein the initial value of state is 0;
Return ciphertext and the identity of data user that key management module is sent according to searching ciphertext module, according to symmetrical close
Key Hash tree calculates the symmetric key value of each child node using root key and father node key value, that is, calculates xth layer in Hash tree
In the corresponding key value K of y-th of nodex,y:Kx,y=H (Kparent,x||y||*Sx,y), wherein KparentIt is Kx,yFather node pair
The key answered, it is well-known key;H, which will be one, to gather { 0,1 }*Middle element is mapped to { 0,1 }256In hash function, wherein
{ 0,1 }*Represent the bit set of strings of random length, { 0,1 }256It is the bit set of strings that length is 256, | | series connection computing is represented,
X | | y is the S in order to ensure that key is differentx,yRefer to the revocation state value of node, in Sx,yPreceding increase and decrease ' * ' is in order to avoid straight
Connecing series connection may caused two key same problem;
Data owner calls key management module, performs the data subscriber information upload operation being revoked;
The data user's identity information being revoked that key management module is sent according to data user, updates authorization data and uses
Family list information and key state Hash tree, are added up to the key revocation state value of respective nodes in key state Hash tree
1, represent that this node once cancel.And calculated according to symmetric key Hash tree using root key and father node key value
The symmetric key value of each child node, then recalculates set of symmetric keys and calls data encryption module to be updated ciphertext,
Old symmetric key decryption ciphertext can not be utilized by being revoked the data user of authority.
Fig. 4 is a kind of searching ciphertext module diagram provided in an embodiment of the present invention, and searching ciphertext module is implemented
It is as follows:
Trapdoor and ciphertext scope that searching ciphertext module is sent according to data encryption module, first with data encryption mould
The secret key decryption query context that block is consulted;Match using trapdoor and index progress afterwards and obtain relevance degree, then judge data
Whether relevance degree is in query context, if in query context, corresponding ciphertext is returned into data user, by correspondence
Otherwise ciphertext and data user identity give up the data to key management module;Searching ciphertext module calls key management module,
Implementing result ciphertext and data user identity upload operation.
Above description is only example of the present invention, does not constitute any limitation of the invention.Obviously for this
, all may be without departing substantially from the principle of the invention, the premise of structure after the content of the invention and principle is understood for the professional in field
Under, the amendment and improvement of algorithm are carried out, but these amendments and improvement based on inventive algorithm are in the claim of the present invention
Within protection domain.
Claims (9)
1. the multidimensional ciphertext interval query device managed with efficient key, it is characterised in that including:It is data encryption module, close
Key management module and searching ciphertext module;
The data encryption module is used to generation trapdoor and ciphertext scope is encrypted using global private key according to searching request, and
Trapdoor and ciphertext scope are sent to searching ciphertext module, the global private key is that data encryption module is sent according to data user
Data initialized and generated;
The searching ciphertext module match obtaining relevance degree according to trapdoor and ciphertext index, then judges the degree of correlation of data
Whether value is in the range of cryptogram search, and the ciphertext index is set up by data encryption module according to global private key, when data
Relevance degree is in the range of cryptogram search, and corresponding ciphertext is sent to data user by searching ciphertext module, by corresponding ciphertext
With data user identity to key management module;
The key management module calculates decruption key according to corresponding ciphertext and data user identity, and decruption key is sent
To data user.
2. the multidimensional ciphertext interval query device managed as claimed in claim 1 with efficient key, it is characterised in that described
Data encryption module is additionally operable to, according to data and the global private key of user's grant column list initialization generation are uploaded, pass through global private key pair
Clear data sets up ciphertext index, and generation ciphertext, the set of symmetric keys is encrypted according to symmetric key set pair clear data
Generated by key management module according to data and data user's grant column list.
3. the multidimensional ciphertext interval query device managed as claimed in claim 1 with efficient key, it is characterised in that described
Key management module is additionally operable to set up symmetric key Hash tree and key state Hash according to data and data user's grant column list
Tree, generates set of symmetric keys.
4. the multidimensional ciphertext interval query device managed as claimed in claim 1 with efficient key, it is characterised in that described
Key management module is additionally operable to update authorization data user list information and key according to the identity information for being revoked data user
State Hash tree, set of symmetric keys is recalculated according to symmetric key Hash tree.
5. the multidimensional ciphertext interval query device managed as claimed in claim 4 with efficient key, it is characterised in that described
Data encryption module is additionally operable to the set of symmetric keys recalculated according to key management module, data encryption is generated again close
Text.
6. the issuer based on any multidimensional ciphertext interval query device managed with efficient key described in claim 1-5
Method, it is characterised in that including:
Generation trapdoor and ciphertext scope is encrypted using global private key according to searching request in data encryption module, and by trapdoor and
Ciphertext scope is sent to searching ciphertext module;
Searching ciphertext module according to trapdoor and ciphertext index match obtaining relevance degree, then judges that the relevance degrees of data is
It is no in the range of cryptogram search, if relevance degree is in the range of cryptogram search, corresponding ciphertext is sent to by searching ciphertext module
User, key management module is sent to by corresponding ciphertext and data user identity;
Key management module calculates decruption key according to corresponding ciphertext and data user identity, and decruption key is sent into use
Family.
7. the multidimensional ciphertext interval query method managed as claimed in claim 6 with efficient key, it is characterised in that in institute
State data encryption module and generation trapdoor and ciphertext scope is encrypted using global private key according to searching request, and by trapdoor and close
Literary scope is sent to before searching ciphertext module, in addition to:
Data encryption module is according to data and the global private key of user's grant column list initialization generation are uploaded, by global private key to bright
Literary data set up ciphertext index, and data encryption module calls searching ciphertext module, performs ciphertext upload operation;
Key management module sets up symmetric key Hash tree and key state Hash tree according to data and data user's grant column list,
Generate set of symmetric keys;
Generation ciphertext is encrypted according to symmetric key set pair clear data in data encryption module, and data encryption module calls ciphertext
Module is retrieved, ciphertext and ciphertext index upload operation is performed.
8. the multidimensional ciphertext interval query method managed as claimed in claim 6 with efficient key, it is characterised in that also wrap
Include, key management module updates authorization data user list information and key state according to the identity information for being revoked data user
Hash tree, set of symmetric keys is recalculated according to symmetric key Hash tree.
9. the multidimensional ciphertext interval query method managed as claimed in claim 9 with efficient key, it is characterised in that also wrap
Include, the set of symmetric keys that data management module is recalculated according to key management module, ciphertext is generated to data encryption again.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710543080.9A CN107294701B (en) | 2017-07-05 | 2017-07-05 | Multidimensional ciphertext interval query device and method with efficient key management |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710543080.9A CN107294701B (en) | 2017-07-05 | 2017-07-05 | Multidimensional ciphertext interval query device and method with efficient key management |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107294701A true CN107294701A (en) | 2017-10-24 |
CN107294701B CN107294701B (en) | 2021-05-18 |
Family
ID=60100193
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710543080.9A Active CN107294701B (en) | 2017-07-05 | 2017-07-05 | Multidimensional ciphertext interval query device and method with efficient key management |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107294701B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110096899A (en) * | 2019-04-29 | 2019-08-06 | 腾讯科技(深圳)有限公司 | A kind of data query method and device |
CN113098691A (en) * | 2021-03-25 | 2021-07-09 | 北京百度网讯科技有限公司 | Digital signature method, signature information verification method, related device and electronic equipment |
CN113158087A (en) * | 2021-04-09 | 2021-07-23 | 深圳前海微众银行股份有限公司 | Query method and device for space text |
CN117494174A (en) * | 2023-12-28 | 2024-02-02 | 北京遥感设备研究所 | Multidimensional data encryption range query method and device, storage medium and electronic equipment |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130148803A1 (en) * | 2011-12-09 | 2013-06-13 | Electronics And Telecommunications Research Institute | Multi-user searchable encryption system and method with index validation and tracing |
CN105187425A (en) * | 2015-09-02 | 2015-12-23 | 南京理工大学紫金学院 | Certificate-free threshold decryption method for security of cloud calculation communication system |
CN105592100A (en) * | 2016-01-26 | 2016-05-18 | 西安电子科技大学 | Government services cloud access control method based on attribute encryption |
CN106209774A (en) * | 2016-06-24 | 2016-12-07 | 西安电子科技大学 | The cloud service outsourcing access right control method obscured based on undistinguishable |
CN106302449A (en) * | 2016-08-15 | 2017-01-04 | 中国科学院信息工程研究所 | A kind of ciphertext storage cloud service method open with searching ciphertext and system |
CN106559422A (en) * | 2016-11-10 | 2017-04-05 | 西安电子科技大学 | Multidimensional ciphertext interval query method based on key agreement |
CN106599719A (en) * | 2016-12-12 | 2017-04-26 | 西安电子科技大学 | Ciphertext retrieval method supporting efficient key management |
CN106850216A (en) * | 2017-03-31 | 2017-06-13 | 西安电子科技大学 | A kind of key revocation method of key management tree in cloud database |
-
2017
- 2017-07-05 CN CN201710543080.9A patent/CN107294701B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130148803A1 (en) * | 2011-12-09 | 2013-06-13 | Electronics And Telecommunications Research Institute | Multi-user searchable encryption system and method with index validation and tracing |
CN105187425A (en) * | 2015-09-02 | 2015-12-23 | 南京理工大学紫金学院 | Certificate-free threshold decryption method for security of cloud calculation communication system |
CN105592100A (en) * | 2016-01-26 | 2016-05-18 | 西安电子科技大学 | Government services cloud access control method based on attribute encryption |
CN106209774A (en) * | 2016-06-24 | 2016-12-07 | 西安电子科技大学 | The cloud service outsourcing access right control method obscured based on undistinguishable |
CN106302449A (en) * | 2016-08-15 | 2017-01-04 | 中国科学院信息工程研究所 | A kind of ciphertext storage cloud service method open with searching ciphertext and system |
CN106559422A (en) * | 2016-11-10 | 2017-04-05 | 西安电子科技大学 | Multidimensional ciphertext interval query method based on key agreement |
CN106599719A (en) * | 2016-12-12 | 2017-04-26 | 西安电子科技大学 | Ciphertext retrieval method supporting efficient key management |
CN106850216A (en) * | 2017-03-31 | 2017-06-13 | 西安电子科技大学 | A kind of key revocation method of key management tree in cloud database |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110096899A (en) * | 2019-04-29 | 2019-08-06 | 腾讯科技(深圳)有限公司 | A kind of data query method and device |
CN110096899B (en) * | 2019-04-29 | 2023-06-23 | 腾讯科技(深圳)有限公司 | Data query method and device |
CN113098691A (en) * | 2021-03-25 | 2021-07-09 | 北京百度网讯科技有限公司 | Digital signature method, signature information verification method, related device and electronic equipment |
CN113098691B (en) * | 2021-03-25 | 2021-11-23 | 北京百度网讯科技有限公司 | Digital signature method, signature information verification method, related device and electronic equipment |
CN113158087A (en) * | 2021-04-09 | 2021-07-23 | 深圳前海微众银行股份有限公司 | Query method and device for space text |
CN117494174A (en) * | 2023-12-28 | 2024-02-02 | 北京遥感设备研究所 | Multidimensional data encryption range query method and device, storage medium and electronic equipment |
CN117494174B (en) * | 2023-12-28 | 2024-03-29 | 北京遥感设备研究所 | Multidimensional data encryption range query method and device, storage medium and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN107294701B (en) | 2021-05-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Li et al. | Full verifiability for outsourced decryption in attribute based encryption | |
CN105871543B (en) | Multiple key cipher text retrieval method under more data owner's backgrounds based on attribute | |
WO2019090988A1 (en) | Cryptography attribute-based access control method and system based on dynamic rule | |
CN114065265B (en) | Fine-grained cloud storage access control method, system and equipment based on blockchain technology | |
CN104486315B (en) | A kind of revocable key outsourcing decryption method based on contents attribute | |
CN107948146B (en) | Connection keyword retrieval method based on attribute encryption in hybrid cloud | |
CN108768951B (en) | Data encryption and retrieval method for protecting file privacy in cloud environment | |
CN114826703B (en) | Block chain-based data search fine granularity access control method and system | |
WO2016106752A1 (en) | Shared data access control method, device and system | |
CN107634829A (en) | Encrypted electronic medical records system and encryption method can search for based on attribute | |
CN112989375B (en) | Hierarchical optimization encryption lossless privacy protection method | |
CN106599719A (en) | Ciphertext retrieval method supporting efficient key management | |
CN107294701A (en) | The multidimensional ciphertext interval query device and querying method managed with efficient key | |
CN108632385B (en) | Time sequence-based cloud storage privacy protection method for multi-branch tree data index structure | |
CN112332979B (en) | Ciphertext search method, system and equipment in cloud computing environment | |
Xiang et al. | Achieving verifiable, dynamic and efficient auditing for outsourced database in cloud | |
CN106934301A (en) | A kind of safely outsourced data processing method of relevant database for supporting ciphertext data manipulation | |
CN105721485A (en) | Secure nearest neighbor query method for multiple data owners in outsourcing cloud environment | |
CN114640458B (en) | Fine granularity multi-user security searchable encryption method in cloud-edge cooperative environment | |
CN106874516A (en) | Efficient cipher text retrieval method based on KCB trees and Bloom filter in a kind of cloud storage | |
CN105897419B (en) | A kind of multi-user's dynamic keyword word can search for encryption method | |
CN104935588B (en) | A kind of hierarchical encryption management method of safe cloud storage system | |
Park et al. | PKIS: practical keyword index search on cloud datacenter | |
Yan et al. | Secure and efficient big data deduplication in fog computing | |
CN116663046A (en) | Private data sharing and retrieving method, system and equipment based on blockchain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |