CN107395609A - Data ciphering method - Google Patents

Data ciphering method Download PDF

Info

Publication number
CN107395609A
CN107395609A CN201710665860.0A CN201710665860A CN107395609A CN 107395609 A CN107395609 A CN 107395609A CN 201710665860 A CN201710665860 A CN 201710665860A CN 107395609 A CN107395609 A CN 107395609A
Authority
CN
China
Prior art keywords
user
server
bag
group
certificate server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710665860.0A
Other languages
Chinese (zh)
Other versions
CN107395609B (en
Inventor
刘颖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Rose Tree Technology Co., Ltd
Original Assignee
Chengdu Hui Zhi Distant View Science And Technology Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Hui Zhi Distant View Science And Technology Ltd filed Critical Chengdu Hui Zhi Distant View Science And Technology Ltd
Priority to CN201710665860.0A priority Critical patent/CN107395609B/en
Publication of CN107395609A publication Critical patent/CN107395609A/en
Application granted granted Critical
Publication of CN107395609B publication Critical patent/CN107395609B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a kind of data ciphering method, this method includes:User sends request bag the certificate server to cloud;Certificate server passes to authentication subprocess server in domain after carrying out re-encryption to request bag;Authentication subprocess server constructs response bag, encrypt and return to user;User completes authentication by decrypting the response bag.The present invention proposes a kind of data ciphering method, and the safety for enhancing environment and policy constraints reads policy control, on the premise of security is ensured, reduces the calculation cost for writing user, meets the application demand of the various data policies across cloud, crossgrade.

Description

Data ciphering method
Technical field
The present invention relates to safe cloud storage, more particularly to a kind of data ciphering method.
Background technology
Computing resource is stored in configurable computing resources shared pool by cloud data storing platform, by facility, on demand Network read computing resource.And safety turns into the key issue for restricting cloud storage development.Cloud storage service business carries in cloud storage For service, and user is in passive position, the serious asymmetry for causing information to control.Information is transferred to cloud storage clothes by cloud storage Be engaged in provider, and enterprise itself can not but control the storage details of information and cloud service provider comprehensively again;And cloud storage is to be directed to Multi-party users, cloud service provider consider inherently safe, and the key message in storage also is presented without normal direction owner.The opposing party Face, although interoperability realizes the shared of inter-domain resource and service between domain in cloud storage platform, how to ensure the pipe in domain The safety of reason object, i.e., how safely to realize shared, the tactful simultaneously strict implement of setting reading of interoperability Subjective and Objective information between domain Read to check, be a urgent problem to be solved.Prior art is by extending on the basis of classical authorization administrative model, between domain Role mapping makes the role in not same area establish incidence relation, but also to easily cause safety hidden for the transmission of role mapping between domain Suffer from.
The content of the invention
To solve the problems of above-mentioned prior art, the present invention proposes a kind of data ciphering method, including:
User sends request bag the certificate server to cloud;Certificate server transmits after carrying out re-encryption to request bag To authentication subprocess server in domain;Authentication subprocess server constructs response bag, encrypt and return to user;User is by decrypting the response Bag completes authentication.
Preferably, request bag is sent the certificate server to cloud by the user, is further comprised:
User generates random number and ID and place group ID is formed into request bag,
Request bag is signed using the private key of affiliated group,
Request bag is encrypted using the public key of certificate server where the user, the authentication service where being sent in cloud Device;
The certificate server passes to authentication subprocess server in domain after carrying out re-encryption to request bag, further comprises:
After the certificate server receives request bag, group ID is obtained from bag, searches the public affairs for obtaining corresponding group Key, after group's public key and certificate server decoding request bag, obtain user's random number;
Then server random number is generated from therein, user is identified into all ID set constructions in ID and group asks Bag is sought, is signed using the private key of certificate server, is encrypted, sent to the public key of authentication subprocess server in the domain The authentication subprocess server;
The authentication subprocess server constructs response bag, encrypt and return to user, further comprise:
The authentication subprocess server is decrypted using private key to ciphertext, and decrypted result and user's random number are constructed together Response bag, encrypted with authentication subprocess privacy key and return to user;
User is decrypted using private key, and verification user random number completes the authentication of data owner.
Preferably, in addition to:
User, to after authentication subprocess server proposes data encryption upload request where it, is carried out according to the feature for reading file Security strategy inspection, including grant decision is associated belonging to user's level Role judgement, data distribution level of confidentiality, such as the colony set Feature is gone beyond the scope, and authentication subprocess server is forwarded to upper level certificate server and asked, the feature of certificate server and cloud platform Management module is communicated, and obtains associated feature list, returns to user.
The present invention compared with prior art, has advantages below:
The present invention proposes a kind of data ciphering method, and the safety for enhancing environment and policy constraints reads policy control, On the premise of ensureing security, the calculation cost for writing user is reduced, meets the application demand across the various data policies of cloud.
Brief description of the drawings
Fig. 1 is the flow chart of data ciphering method according to embodiments of the present invention.
Embodiment
Retouching in detail to one or more embodiment of the invention is hereafter provided together with the accompanying drawing for illustrating the principle of the invention State.The present invention is described with reference to such embodiment, but the invention is not restricted to any embodiment.The scope of the present invention is only by right Claim limits, and the present invention covers many replacements, modification and equivalent.Illustrate in the following description many details with Thorough understanding of the present invention is just provided.These details are provided for exemplary purposes, and without in these details Some or all details can also realize the present invention according to claims.
An aspect of of the present present invention provides a kind of data ciphering method.Fig. 1 is data encryption according to embodiments of the present invention Method flow diagram.
The present invention sets classification certificate server, including root certificate server CGS, subregion certification clothes in cloud storage platform Be engaged in device RGS, authentication subprocess server S GS, key is distributed, the classification progress of feature verification affairs, next stage certification taken by root CGS Business device is signed;Feature management module FMM is established, safeguards the user characteristics list of the overall situation;In cloud storage platform safety framework In to user agent role, the authority owner read control and environment and data resource characteristic description on the basis of, by certification Strategy and about beam control strategy are read in server settings mandate, meet cross-domain digital independent between cloud and privacy of user protection.
Classification certificate server includes PKIX PKI, while also functions as root certificate server CGS role.Feature Management module FMM safeguards the feature list in total system for cloud environment, and certificate server CGS is to trans-regional feature list for response Request.Multiple classification authentication subprocess server S GS carry out authentication by symmetric key certificate mechanism to user, are carried to write user Card tree class is confessed, the addition for completing new user is deleted, and control is read in the mandate that progress ciphertext is read to ciphertext mandate.Cloud storage The user of system includes writing user and reads user.It is that the certification level tree provided according to authentication subprocess server S GS is set to write user Strategy is read, is stored after encryption data in Cloud Server.User's request is read to be read out Cloud Server data storage User.
For data distribution, user is write first after by authentication, is encrypted and is uploaded to certificate server request data Service request;Then the feature structure list that user is pushed according to certificate server is write, completes to read the definition of strategy, and root According to strategy to uploading Cloud Server after data encryption;For digital independent, read user and communicated with certificate server, send and read to ask Ask, after authentication, the reading strategy of generation is judged by policy point, ciphertext is sent after preparatory condition is met and is used to reading Family, if reading user characteristics meets read/write architecture, decryption obtains data.
To uploading Cloud Server after data encryption, further comprise following file creation process.
(1) write user and generate random number r1By the ID of oneself and place group ID composition request bags, affiliated group is used Private key signed, using the public key encryption for writing certificate server CGS where user, the CGS where sending in cloud.Specific table State for:
ECGS(Ecom(r1,UID,filequery),groupID)
After CGS receives request, group identification groupID is obtained from bag, searches the public key for obtaining corresponding group, is used After group's public key and CGS decryption, random number r is obtained1, then from therein generation random number r2, by the mark UID of user And all ID set construction request bags in group, signed using certificate server CGS private key, recognized with son in the domain The public key of card server is encrypted, and sends the authentication subprocess server to;Specifically it is expressed as:
ESGS(ECGS(r1,r2,UID,groupID)
Authentication subprocess server S GS is decrypted using private key to ciphertext, by decrypted result and random number r1, response is constructed together Bag, returned with authentication subprocess server S GS private key encryptions and write user.It is specifically described as:
ESGS(r1,HASH(UID||r2))
Write user to decrypt using SGS private keys, verify r1Complete the authentication of data owner.
(2) first according to read right to document classification, same category is divided into a document cluster.For single file plus Close flow, write user and data encryption upload request proposed to authentication subprocess server S GS where it according to the feature for reading file, Security strategy inspection is carried out, including grant decision is associated belonging to user's level Role judgement, data distribution level of confidentiality, the group such as set The feature of body goes beyond the scope, authentication subprocess server S GS to upper level certificate server CGS forward ask, certificate server CGS with Feature management module FMM is communicated, and obtains associated feature list, and user characteristics list is write in return;
Write user set read it is tactful when:Certificate server is according to user role, authority and text in cloud storage service device Part level of confidentiality, obtain the open parameter and private key of system;Then write user and specify read/write architecture, limit the authority of user, and will license Information is recorded in a manner of XML file;Write user and environment and policy constraints condition, generation constraint control strategy are set;It is right File uses symmetric cryptography, and ciphertext is formed by the use of the random number of generation as symmetric key, data file encryption;Using feature encryption Algorithm for encryption obtains ciphertext.By the certification level feature space of certificate server and write all of user's reading policy characteristics space Element is mapped on certification level tree.Write user and reading Policy Tree is created by spanning tree algorithm.
When reading user to during certificate server request certification, reading user's construction includes UID, affiliated group ID request bag, Using group's private key signature, CGS is sent to after the CGS public key encryptions.
Certificate server obtains group ID from encrypted packet, by inquiring about group's public key and the secret of itself corresponding to acquisition Decryption, is read out the authentication of user, if correct legal, is signed to certificate server using the private key of itself, then ID is encrypted transmission using certificate server public key, corresponding bag is ESGS(ECGS(UID))。
Certificate server certification passes through rear progress security strategy judgement.Detailed process is as follows:
User reads the request of data to strategy execution unit requests;Strategy execution unit collect user data read requests and Information is assessed, is sent to decision package;Whether decision package meets read request according to constraint control file decision-making system environment, if There is any one to be unsatisfactory for, then the request of decision package refusal;The result of decision is informed strategy execution unit by decision package.
It is decrypted if the result of decision that strategy execution unit receives judges to meet condition.It is as follows to decrypt flow:
Certificate server is first carried out private key generating algorithm and carries out private key generation, and then private key and ciphertext send jointly to use Family, decryption acquisition plaintext after user receives.
1. certificate server produces private key.For different user, certificate server is encrypted by certificate mechanism and produces the use The private key at family.
2. reading user decrypts ciphertext.When reading user's reading ciphertext data, carry out judging to meet control according to above-mentioned security strategy After constraints processed, certificate server sends private key corresponding to user's ciphertext and user, reads user and runs decipherment algorithm decryption.If It is the nonleaf node in certification level tree to read node, then needs to perform decryption function repeatedly, until leaf node.
When carrying out user's deletion action, system sends association requests to CGS, after CGS receives request, can change relative group The characteristic ID set of group user, and notify corresponding authentication subprocess server S GS.After authentication subprocess server S GS receives request, produce new Ciphertext, regenerate corresponding private key and be sent to other users in impacted group, so as to ensure ciphertext safety.
In the authentication of the reading user of another preferred embodiment, the present invention installs digital certificate plug-in unit in user terminal. Identity validation is realized using digital certificate and dynamic password.
(1) initial phase, read user u and send connection request to strategy execution unit p, and send IDupAnd INu, it is described IDupRepresent identification identifiers of the user u in strategy execution unit p, INuRepresent user u security attribute information;
Strategy execution unit p after receiving the request, checks information integrity and identifier uniqueness;After inspection, plan Slightly execution unit p one random integers N of generation, and N is sent to u at random;
After reading user receives random integers N, by the password PW of oneself settingupObtained by n times hashing algorithm safety with Demonstrate,prove STupAnd send it to p:
STup=HASH (PWup)N
Wherein password PWupThe password that user u is used in strategy execution unit p is represented, receives security credence STupAfterwards, deposit Store up N, STupAnd INu
(2) registration phase:Read user u and send registration request to cloud storage platform b, request includes IDubAnd INu;The IDub Represent identification identifiers of the user u in cloud storage platform b;
Cloud storage platform b after receiving the request, carries out a series of inspections, and right rear line u sends message MG.
After receiving MG, the password PW that user u oneself will be set is readubSecurity credence ST is obtained by 1 hashing algorithmub And by security credence STubSend to cloud storage platform b.
STub=HASH (PWub)
Read user u and send logging request to cloud storage platform b, cloud storage platform after receiving the request, according to from IDubInquiry Reserved security credence STubAnd send message MG to user.
(3) Qualify Phase
Read user u and send ID to cloud storage platform bup, establish to trust for cloud storage platform b and strategy execution unit p and close System;
Cloud storage platform after receiving the request, by IDupIt is forwarded to strategy execution unit p;
Strategy execution unit p is according to IDupUser u information is read in inquiry, returns to the random integers N of last storage, if Verify for the first time, then the random integers established when returning to initialization, and N-1 is sent to cloud storage platform b, by cloud storage platform B is transmitted to user u;
User u receives random integers N-1, by the password PW of oneselfupSecurity credence is obtained by N-1 hashing algorithm STupAnd send it to cloud storage platform b and strategy execution unit p:
STup=HASH (PWup)N-1
Strategy execution unit p calls the security token ST ' of the last storages of user uup, verify STupWith HASH (ST 'up) be It is no equal;Trusting relationship is established if checking is equal, and sends success message, failed message is sent if authentication failed;
Trusting relationship between cloud storage platform Rb and strategy execution unit p is established;The new safety of strategy execution unit p Voucher STupReplace original security credence ST 'up, original random integers N is replaced with new random integers N-1.
In the grading key distribution of the present invention, symmetric cryptographic key corresponding to each group can be by the use in the group of place Family is calculated in a manner of key agreement.Void where user regards high level group as oneself in low level group in group Intend member.Once the change of users to share authority occurs, data owner is related low to user in corresponding high-level group User distributes the system public parameter calculated required for new symmetric cryptographic key in rank group.After obtaining these parameters, respectively User obtains new symmetric cryptographic key in individual group.
Use below UijRepresent group ViIn user Uj, and by UjIdentity use IDijRepresent.Data owner with Machine chooses master key, if current ViTo read the root node in path, then data owner sets ViCorresponding class value di=1.Section Point ViCorresponding classified information is H1(ki).Wherein H1For hash operations, kiFor default open parameter.If node ViIt is to read path Non-root node, then in the presence of one from some root node to the node longest path.Data owner is by diIt is arranged to above-mentioned most long Interstitial content on path.Node ViCorresponding classified information is to pass through H1(H1…(H1(ki))) by H1(ki) carry out diSecondary hash Computing.
An if user UjAdd group Vi, the user must carry out authorization requests to obtain group to data owner Group ViCorresponding classified information, and its authorization key pair in systems.Complete after authorizing, user UjObtain the key pair authorized Respectively pkij=H2(IDij) kij, H2For another hash operations.kijFor default open parameter.
Make Vi1…VinFor node ViWhole direct precursors in path is read, once obtain open letter corresponding to these nodes Breath and group ViPublic key corresponding to middle other users, user UjGroup V can be calculatediCorresponding symmetric cryptographic key ki
Make ViAnd VjIt is to read two nodes in path, as new group VtAdd in ViAnd VjBetween when, if group Vt In there is no any group member, then data owner performs following operation to complete group VtAddition:
1. calculate VtCorresponding classified information st.Then, data owner calculates VtCorresponding symmetric cryptographic key ktAnd public affairs Open information dt=di+1;
2. data owner updates the public information of these groups, and system is broadcasted.
3. after receiving above-mentioned broadcast message, in involved group VT,Vi, VjIn each user recalculate where group Symmetric cryptographic key corresponding to symmetric cryptographic key corresponding to group and all low level groups.
When deleting an original group, classified information corresponding to each group is without renewal in system.
New user identity IDI, t+1Ask to add group V to certificate serveriWhen, in order to obtain group ViIt is corresponding to relate to Confidential information and symmetric cryptographic key and authorization key pair, the user need first to send authorization requests to data owner.Data , will after the owner completes the mandate of the userIt is appended to ViIn corresponding public information.Then, data own Person carries out message broadcast to system.
After receiving the broadcast message, group ViIn user UjRecalculate ViCorresponding public information.
Preferably, two concerning security matters non-vanishing vectors are distributed for it to each group, certificate server.One of concerning security matters non-zero The product that vector corresponds to row with parameter matrix is symmetric cryptographic key corresponding to the group.If there is grade pass in Liang Ge groups System, then high-level group directly calculates symmetric cryptographic key corresponding to low level group by vector multiplication.Specific processing stream Cheng Wei:
Data owner interacts with certificate server first, and obtains system public parameter.Then, data owner Generate a finite field and a random function F.Then, data owner initializes the hierarchical organization of group, and is each group Group generates and distributes two two-dimentional concerning security matters non-vanishing vector (Yi, Zi).Finally, the work by random function F to concerning security matters non-vanishing vector With data owner calculates the parameter matrix in system public parameter.The concerning security matters non-vanishing vector Z of each groupiWith it is corresponding The inner product of open vector be its corresponding symmetric cryptographic key kij.If Liang Ge groups ViAnd VjWithout hierarchical relationship, then The inner product of vectors associated with each of which is zero.If having hierarchical relationship, the concerning security matters non-vanishing vector of high-level group with it is low The corresponding indirect key of inner product of the open vector of rank group.Again by further calculating, the user in high-level group Symmetric cryptographic key corresponding to low level group can be obtained.
The parameter matrix is obtained by procedure below:
Data owner is group ViRandomly choose non-vanishing vector Yi=(yI, 1, yI, 2) and Zi=(zI, 1, zI, 2), as relating to Confidential information.By all concerning security matters non-vanishing vector YiOne new vectorial W is mapped to by random function Fi
Data owner is by ZiIt is transformed into a n-dimensional vector Xi.To i=1,2, make xI, 1=zI, 1、xI, 2=zI, 2, to i= 3 ... n, xI, 1=zI, 1、xI, 2=zI, iAnd there is x to j ≠ 1, iI, j=0;Obtain the set X of n-dimensional vector1=(x1,1,x1,2, 0,…,0);X2=(x2,1,x2,2,0,…,0);Xn=(xn,1,0,…,0,xn,n);
Calculating matrix
Test X1,X2…XnIt is whether linearly related.If linearly related, Z is reselected1,Z2…Zn.Otherwise it is each class Choose a symmetric cryptographic key and calculating parameter matrix A.I.e. to each group Vi, data owner randomly selects the symmetrical of it Encryption key kI, j
Define Kj=(kJ, 1, kJ, 2... kJ, n) and K=[K1..., Kn]T, then X × A=K;
The equation group in above-mentioned steps is solved, obtains A=X-1×K;
Data owner is by safe lane by ((Yi, Zi), kI, j) it is sent to group ViIn each user, and by F with And A is sent to cloud service provider.
In summary, the present invention proposes a kind of data ciphering method, and the safety for enhancing environment and policy constraints reads plan Slightly control, on the premise of security is ensured, reduce the calculation cost for writing user, meet the various data across cloud, crossgrade The application demand of strategy.
Obviously, can be with general it should be appreciated by those skilled in the art, above-mentioned each module of the invention or each step Computing system realize that they can be concentrated in single computing system, or be distributed in multiple computing systems and formed Network on, alternatively, they can be realized with the program code that computing system can perform, it is thus possible to they are stored Performed within the storage system by computing system.So, the present invention is not restricted to any specific hardware and software combination.
It should be appreciated that the above-mentioned embodiment of the present invention is used only for exemplary illustration or explains the present invention's Principle, without being construed as limiting the invention.Therefore, that is done without departing from the spirit and scope of the present invention is any Modification, equivalent substitution, improvement etc., should be included in the scope of the protection.In addition, appended claims purport of the present invention Covering the whole changes fallen into scope and border or this scope and the equivalents on border and repairing Change example.

Claims (3)

  1. A kind of 1. data ciphering method, it is characterised in that including:
    User sends request bag the certificate server to cloud;Certificate server passes to domain after carrying out re-encryption to request bag Interior authentication subprocess server;Authentication subprocess server constructs response bag, encrypt and return to user;User is complete by decrypting the response bag Into authentication.
  2. 2. according to the method for claim 1, it is characterised in that the user sends request bag the authentication service to cloud Device, further comprise:
    User generates random number and ID and place group ID is formed into request bag,
    Request bag is signed using the private key of affiliated group,
    Request bag is encrypted using the public key of certificate server where the user, the certificate server where being sent in cloud;
    The certificate server passes to authentication subprocess server in domain after carrying out re-encryption to request bag, further comprises:
    After the certificate server receives request bag, group ID is obtained from bag, searches the public key for obtaining corresponding group, is used After group's public key and certificate server decoding request bag, user's random number is obtained;
    Then server random number is generated from therein, user is identified into all ID set construction requests in ID and group Bag, is signed using the private key of certificate server, is encrypted with the public key of authentication subprocess server in the domain, sends institute to State authentication subprocess server;
    The authentication subprocess server constructs response bag, encrypt and return to user, further comprise:
    The authentication subprocess server is decrypted using private key to ciphertext, and decrypted result and user's random number are constructed into response together Bag, encrypted with authentication subprocess privacy key and return to user;
    User is decrypted using private key, and verification user random number completes the authentication of data owner.
  3. 3. the method according to claim 11, in addition to:
    User, to after authentication subprocess server proposes data encryption upload request where it, carries out safety according to the feature for reading file Strategy checks, including associates grant decision belonging to user's level Role judgement, data distribution level of confidentiality, the feature of the colony such as set Go beyond the scope, authentication subprocess server is forwarded to upper level certificate server and asked, the Features Management of certificate server and cloud platform Module is communicated, and obtains associated feature list, returns to user.
CN201710665860.0A 2017-08-07 2017-08-07 Data encryption method Active CN107395609B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710665860.0A CN107395609B (en) 2017-08-07 2017-08-07 Data encryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710665860.0A CN107395609B (en) 2017-08-07 2017-08-07 Data encryption method

Publications (2)

Publication Number Publication Date
CN107395609A true CN107395609A (en) 2017-11-24
CN107395609B CN107395609B (en) 2020-08-28

Family

ID=60343970

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710665860.0A Active CN107395609B (en) 2017-08-07 2017-08-07 Data encryption method

Country Status (1)

Country Link
CN (1) CN107395609B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483200A (en) * 2017-10-18 2017-12-15 成都鼎智汇科技有限公司 Cloud computing big data method for secret protection
CN107493305A (en) * 2017-10-18 2017-12-19 成都鼎智汇科技有限公司 Data ciphering method
CN107749880A (en) * 2017-10-18 2018-03-02 成都鼎智汇科技有限公司 Cloud date storage method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101677312A (en) * 2008-09-18 2010-03-24 韩燕� Internet computer phone authentication method and service system thereof
CN102710605A (en) * 2012-05-08 2012-10-03 重庆大学 Information security management and control method under cloud manufacturing environment
CN104301418A (en) * 2014-10-23 2015-01-21 西安未来国际信息股份有限公司 Cross-domain single point login system and method based on SAML
CN105577757A (en) * 2015-12-15 2016-05-11 国网智能电网研究院 Multilevel management system of intelligent power terminals based on load balancing and authentication method thereof
US20160277390A1 (en) * 2013-12-27 2016-09-22 Sap Se Multi-domain applications with authorization and authentication in cloud environment
US20170169234A1 (en) * 2015-12-13 2017-06-15 Noam Camiel System and method for removing internet attack surface from internet connected devices

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101677312A (en) * 2008-09-18 2010-03-24 韩燕� Internet computer phone authentication method and service system thereof
CN102710605A (en) * 2012-05-08 2012-10-03 重庆大学 Information security management and control method under cloud manufacturing environment
US20160277390A1 (en) * 2013-12-27 2016-09-22 Sap Se Multi-domain applications with authorization and authentication in cloud environment
CN104301418A (en) * 2014-10-23 2015-01-21 西安未来国际信息股份有限公司 Cross-domain single point login system and method based on SAML
US20170169234A1 (en) * 2015-12-13 2017-06-15 Noam Camiel System and method for removing internet attack surface from internet connected devices
CN105577757A (en) * 2015-12-15 2016-05-11 国网智能电网研究院 Multilevel management system of intelligent power terminals based on load balancing and authentication method thereof

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483200A (en) * 2017-10-18 2017-12-15 成都鼎智汇科技有限公司 Cloud computing big data method for secret protection
CN107493305A (en) * 2017-10-18 2017-12-19 成都鼎智汇科技有限公司 Data ciphering method
CN107749880A (en) * 2017-10-18 2018-03-02 成都鼎智汇科技有限公司 Cloud date storage method

Also Published As

Publication number Publication date
CN107395609B (en) 2020-08-28

Similar Documents

Publication Publication Date Title
US10673626B2 (en) Threshold secret share authentication proof and secure blockchain voting with hardware security modules
CN112019591B (en) Cloud data sharing method based on block chain
CN107465681A (en) Cloud computing big data method for secret protection
CN107332858A (en) Cloud date storage method
Sahai et al. Worry-free encryption: functional encryption with public keys
US8423764B2 (en) Method and apparatus for key revocation in an attribute-based encryption scheme
CN104901942B (en) A kind of distributed access control method based on encryption attribute
JP4639084B2 (en) Encryption method and encryption apparatus for secure authentication
CN110149322A (en) A kind of block chain encryption method that irreversible dynamic failure re-examination is rebuild
Rasheed et al. Adaptive group-based zero knowledge proof-authentication protocol in vehicular ad hoc networks
CN105681355B (en) The access control system and its access control method of cloud storage digital library based on encryption attribute
KR20190012969A (en) Data access management system based on blockchain and method thereof
US7822974B2 (en) Implicit trust of authorship certification
CN113536389B (en) Fine-grained controllable decentralized editable block chain construction method and system
CN110933033B (en) Cross-domain access control method for multiple Internet of things domains in smart city environment
CN112383391B (en) Data security protection method based on data attribute authorization, storage medium and terminal
CN114039790A (en) Block chain-based fine-grained cloud storage security access control method
CN113949541B (en) DDS (direct digital synthesizer) secure communication middleware design method based on attribute strategy
CN115348006B (en) Post-quantum security access control encryption and decryption method, device and system
CN107395609A (en) Data ciphering method
Wijesekara A Literature Review on Access Control in Networking Employing Blockchain
CN107483200A (en) Cloud computing big data method for secret protection
CN108763944A (en) Multicenter large attribute Domain Properties base encryption method can be revoked safely in calculating in mist
Wang et al. A role-based access control system using attribute-based encryption
CN115604030B (en) Data sharing method, device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20200731

Address after: Room 401, building 1, No. 88, Qixing Road, Meishan, Beilun District, Ningbo City, Zhejiang Province

Applicant after: Rose Tree Technology Co., Ltd

Address before: 610000 Sichuan city of Chengdu province high tech Zone Kyrgyzstan Road No. 666 Building 2 floor 13 No. 2

Applicant before: CHENGDU HUIZHI YUANJING TECHNOLOGY Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant