CN107995298A - The data reusing method of parallel cloud computing - Google Patents

The data reusing method of parallel cloud computing Download PDF

Info

Publication number
CN107995298A
CN107995298A CN201711285289.6A CN201711285289A CN107995298A CN 107995298 A CN107995298 A CN 107995298A CN 201711285289 A CN201711285289 A CN 201711285289A CN 107995298 A CN107995298 A CN 107995298A
Authority
CN
China
Prior art keywords
data
key
client
encryption
attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711285289.6A
Other languages
Chinese (zh)
Inventor
李垚霖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Boruide Science & Technology Co Ltd
Original Assignee
Chengdu Boruide Science & Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Boruide Science & Technology Co Ltd filed Critical Chengdu Boruide Science & Technology Co Ltd
Priority to CN201711285289.6A priority Critical patent/CN107995298A/en
Publication of CN107995298A publication Critical patent/CN107995298A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of data reusing method of parallel cloud computing, this method includes:Use distributed storage node to provide data storage service for SaaS client, data are protected by high in the clouds storage.The present invention proposes a kind of data reusing method of parallel cloud computing, realizes the efficient and security access of cloud platform data resource, adds the credibility of system;Mitigate manager and client encryption, the computing cost of decryption, improve the security performance of data storage.

Description

The data reusing method of parallel cloud computing
Technical field
The present invention relates to cloud computing, more particularly to a kind of data reusing method of parallel cloud computing.
Background technology
Cloud computing is a kind of computing model for efficiently using computing resource and various data services being provided for client.SaaS will be big Computing resource, storage resource and the software resource of amount link together, and with virtual technology, customizable meter is provided for client Calculation, storage and application service, avoid structure and the maintenance of the heavy infrastructure of client itself.However, the SaaS of centralized management For cloud platform by as the highest priority of attack, its security facing than ever more acid test, the data money of cloud computing Source access control is the core of cloud computing safety problem, and access control is to realize cloud platform secured data resource confidentiality and progress The important means of secret protection.In the cloud platform based on SaaS, data storage and transmission are carried out based on client key, are whole The basic guarantee of security protection system.But there are many problems, including encipherment scheme are general under cloud storage environment for existing program Logical client's encryption and decryption computing cost is big, access control very flexible, distributed storage node administration complexity etc..
The content of the invention
To solve the problems of above-mentioned prior art, the present invention proposes a kind of data reusing side of parallel cloud computing Method, including:
Use distributed storage node to provide data storage service for SaaS client, data are protected by high in the clouds storage Shield.
Preferably, the distributed storage node includes cloud storage service device cluster and control data corporation;Wherein data It is stored in the cloud storage service device cluster, by the data access of control data corporation control client.
Preferably, the method further includes:
Unit is showed by client and realizes that SaaS client sends access request to distributed storage node, distribution is read and deposits The ciphertext on node is stored up, if all properties that SaaS client possesses meet the packaged corresponding access rule of secondary encrypted cipher text Collection, then decryption obtain clear data;If the attribute that SaaS client possesses is unsatisfactory for access rule set, client is needed to carry out identity Verification;If all properties of SaaS client and authentication are invalid, inhibition request accesses.
Preferably, the secondary encryption and decryption are completed by encryption/decryption element, and the encryption/decryption element uses client The plaintext of client carry out secondary encryption, obtain secondary encrypted cipher text, and store and arrive after being packaged to secondary encrypted cipher text The distributed storage node;The packaged secondary encrypted cipher text on distributed storage node decrypted to obtain in decryption bright Literary data, specifically include:
When SaaS client accesses the packaged secondary encrypted cipher text C ", secondary encrypted cipher text C " is decrypted To customers attribute key C ', to ciphering key ' be decrypted, the secondary of the encapsulation is returned to by distributed storage node during decryption Encrypted cipher text and its corresponding message header, utilize shared key kgsDecryption obtains customers' attribute key
Wherein, use the symmetric key K chosen by manager to be encrypted the plaintext that needs store, obtain ciphertext C, adopt Be encrypted with the access rule set pair symmetric key K defined by manager, obtain ciphering key ':
Wherein, T represents the access rule set, any to choose q ∈ ZpAnd q=px(0), X represents all access rule sets The set of all child nodes;It is default one open hash function;
To the ciphering key ' be encrypted, the distributed storage node is each customers attribute G during encryptioniAt random Select customers' attribute keyFor each customers attribute GiSecondary encrypted cipher text C " is established, and is utilized described common There is key to encrypt customers' attribute keyAnd then obtain a message header H ' corresponding to secondary encrypted cipher text C ":
In formula, kgsRepresent shared key.
The present invention compared with prior art, has the following advantages:
1st, build and encrypt, decryption technology based on key, realize the efficient and security access of cloud platform data resource, increase The credibility of system;2nd, the management easy to data resource and index;Effectively mitigate manager and client encryption, the calculating of decryption Expense;3rd, the access rule set of manager's definable oneself is allowed, can flexibly and particulate for client and its attribute change Support on degree ground;4th, realize that data are managed collectively, the retrieval combined using index and search engine, can quickly, it is accurate, inexpensive Acquisition data;5th, the data that store of needs are divided and data mining, then carries out the rule refinement of safety regulation collection, disappeared Except conflict and redundancy;Effectively prevent Malicious clients from illegally stealing, distort private data, improving the security performance of data storage.
Brief description of the drawings
Fig. 1 is the flow chart of the data reusing method of parallel cloud computing according to embodiments of the present invention.
Embodiment
Retouching in detail to one or more embodiment of the invention is hereafter provided together with the attached drawing for illustrating the principle of the invention State.The present invention is described with reference to such embodiment, but the invention is not restricted to any embodiment.The scope of the present invention is only by right Claim limits, and the present invention covers many replacements, modification and equivalent.Illustrate in the following description many details with Just provide a thorough understanding of the present invention.These details are provided for exemplary purposes, and without in these details Some or all details can also realize the present invention according to claims.
An aspect of of the present present invention provides a kind of data reusing method of parallel cloud computing.Fig. 1 is to implement according to the present invention The data reusing method flow chart of the parallel cloud computing of example.Secure storage searching system based on SaaS includes distributed storage section Point, cloud platform security control unit, data processing unit, cipher key management unit, encryption/decryption element and client show unit:
Distributed storage node is used to provide data storage service for SaaS client, and data are protected by high in the clouds storage Shield, it is ensured that data will not be obtained arbitrarily, including for storing the cloud storage service device cluster of data and for controlling client to visit The control data corporation asked;The cloud platform security control unit is managed safely cloud platform, including trust evaluation is single Member and trust control subelement:
The trust evaluation subelement is predicted platform security, is specially:
1) the credential state value R of data is defined:
R=P × Z × W
In formula, P is data probability under attack, and Z is the grade of data, and W is the severity that data are tampered with producing;
2) the credential state value time series of data i is set as Mi={ xi(1), xi(2) ..., xi(n) }, xi(t) data are represented I moment t state value, n be setting total time, t=1,2 ..., n;
3) trust state is transmitted to delivery time of data j from data i and is represented with τ, sequence MiWith MjUnder time τ when Between measure value be λij(τ):
Definite τ,In the case of calculate Time scale value, when Between measure value reflection credential state value transmit situation between data, complete safety prediction;
The trust control subelement carries out graduation management to trust, and credential state value is divided into not according to Grads threshold Same reliability rating, it is corresponding to take different safety regulation set pair trusts to be managed;
The cipher key management unit, under safe SaaS platform environments, generating the initial open parameter of system and master Key, when receiving the request that SaaS client sends, it discloses parameter for encryption/decryption element dissemination system, and is each SaaS Client generates corresponding private key, and participates in distributed storage node under the request of distributed storage node and show unit with client The negotiation of shared key between the SaaS client of access;The cipher key management unit realizes cipher key initialization and key structure:
1) in initialization procedure, generation system initial open parameter PM and master key SK, are specially:
PM={ a, b=sα, e (s, s)β}
SK={ α, sβ}
Wherein, α, β are two random numbers and α, β ∈ Zp, ZpFor the group of integers of mould p;S is the Bilinear Groups G of p ranks1Generation Member;
2) key building process includes structure client private key and shared key, generates corresponding private key first for SaaS client PG:
Wherein, S is the set of client properties, and r ∈ Z are randomly choosed for each clientp, it is each attributeSelect ri ∈Zp
In the shared key of structure, using public encryption system and key agreement protocol generation distributed storage node and Shared key between SaaS client, is specially:Node ID and SaaS Customer IDs are sent to encryption and decryption list by distributed storage node Member, encryption/decryption element sends a public key token A to distributed storage node, and then distributed storage node is given birth to for SaaS client Into a session key, and with after the private key and public key encryption of itself, together with public key token B corresponding with private key and with public key pair The public key token A answered is sent to SaaS client jointly, and the private key and public key are generated using system public parameter;
The encryption/decryption element, the plaintext of the client used client carry out secondary encryption, obtain secondary encrypted cipher text, And the distributed storage node is arrived in storage after being packaged to secondary encrypted cipher text;In decryption by distributed storage node Packaged secondary encrypted cipher text decrypt to obtain clear data, including:
When SaaS client accesses the packaged secondary encrypted cipher text C ", secondary encrypted cipher text C " is decrypted To customers attribute key C ', to ciphering key ' be decrypted, the secondary of the encapsulation is returned to by distributed storage node during decryption Encrypted cipher text and its corresponding message header, utilize shared key kgsDecryption obtains customers' attribute key
The client shows unit, realizes that SaaS client sends access request and read to distributed storage node and is distributed Ciphertext on formula memory node, if all properties that SaaS client possesses meet the packaged corresponding access of secondary encrypted cipher text During rule set, decrypt to obtain clear data by encryption/decryption element;If the attribute that SaaS client possesses is unsatisfactory for access rule set, Client is then needed to carry out authentication;If all properties of SaaS client and authentication are invalid, inhibition request accesses.
Wherein, the encryption/decryption element includes:The plaintext that stores of needs is used by the symmetric key K that manager chooses into Row encryption, obtains ciphertext C:Be encrypted using the access rule set pair symmetric key K defined by manager, obtain ciphering key ':
Wherein, T represents the access rule set, any to choose q ∈ ZpAnd q=px(0), X represents all access rule sets The set of all child nodes;It is default one open hash function;
To the ciphering key ' be encrypted, the distributed storage node is each customers attribute G during encryptioniAt random Select customers' attribute keyFor each customers attribute GiSecondary encrypted cipher text C " is established, and is utilized described common There is key to encrypt customers' attribute keyAnd then obtain a message header H ' corresponding to secondary encrypted cipher text C ":
In formula, kgsRepresent shared key.
The data processing unit carries out Classification Management to cloud platform secured data resource, in cloud platform security control unit On the premise of carrying out graduation management to data, for the data of each reliability rating, classified using clustering algorithm to it, And establish index and carry out Classification Management;Client initiates retrieval request using encrypted term, assists generation auxiliary by TSM Security Agent Key is helped, then by being interacted with security control unit, the encryption file of client's Internet access after being filtered, finally by safety The close data file encryption of agency department's decomposition returns to client and finally decrypts, and obtains clear data.Specifically include:
(1) data format is changed, establishes and be suitable for the form that non-relational database is stored;(2) by data It is divided into conventional data and industry data, data is stored using classifying rules;The rule set includes:For higher than default The conventional data of access frequency uses centralised storage, is safeguarded by control data corporation is unified, for less than default access frequency Industry data use distributed storage, safeguarded respectively by every profession and trade data center;(3) number being adapted with storage organization is established According to searching algorithm, i.e., by the way of indexed search and engine are crawled and be combined:Data directory is initially set up, according to index logarithm According to progress preliminary search;In search engine input word, precise search is carried out to data;Engine is crawled according to certain reptile strategy Matched data are found, and is ranked up according to the matching degree of data and word and feeds back to client.
The data processing unit further includes data dividing unit, data mining unit and access rule optimization unit, institute Data dividing unit is stated to be used to be divided into multiple independent tables of data to the data that client needs to upload;The data mining unit The independent tables of data is ranked up according to predefined ordering rule, the first data cell in each tables of data is pressed Sequence extracts, and is preserved together with the ordering rule as data block, and uses the Encryption Algorithm of client definition to data block It is encrypted;It will need to store the data in distributed storage node by the encryption/decryption element is encrypted and passed by network It is defeated to arrive high in the clouds;After SaaS cloud platforms receive data, it is stored in after carrying out completeness check to the data in memory node, on Independent data table is stated to represent that any association is not present between the data cell two-by-two in tables of data;The access rule optimizes unit Access rule set for the access rule optimization method generation system divided based on resource, including:
(1) based on the independent data table after data mining processing, hierarchical structure is built, the hierarchical structure is three Layer, it includes dispatch layer, logical layer and database layer, and the dispatch layer is to service relevant root node with data dispatch, described Logical layer concentrates associated data for access rule, and the database layer includes the field in all independent tables of data;
(2) access control markup language is based on, the access rule set of the data for different safety class is formulated, will access It is mapped in rule set with the rule of data correlation in the independent tables of data, so that the rule that access rule is concentrated refines To data dimension;
(3) in each enterprising line discipline optimization of independent tables of data, distribution is deleted on each data processing unit Regular conflict and redundancy;
(4) merge the rule after optimization, generate the access rule set of optimization.
Preferably, the encryption/decryption element will be passing through network transmission to that will store the data in distributed storage node When being encrypted and decrypted to high in the clouds, further comprise:
(1) TSM Security Agent is set in SaaS and the third party of client, the TSM Security Agent is single for client and attribute distribution Member distributes customer ID U respectivelyIDD is identified with attribute Dispatching UnitID, including:
Initial phase, TSM Security Agent initialization system parameter;For each trust client, TSM Security Agent distribution UIDAnd it is it Generate token:
Advocate peace for data sink and trust client and generate identity key pair, when client and data host retrieve data or first first When uploading data, corresponding access rights are obtained in the registration of attribute Dispatching Unit, respective attributes collection S is distributed according to the UID of client, Key-function is called to generate privacy key SK and distributed by safe lane;
Meanwhile announce and trust Customer ID certificate parameterWherein, CU∈Zp, ZpStill it is the group of integers of mould p;S is still For the Bilinear Groups G of p ranks1Generation member.
(2) encryption and decryption key, attribute encryption and decryption key and the secondary encryption key of client identity are generated, wherein the visitor The encryption and decryption key of family identity includes UIDPublic key GKUIDAnd UIDPrivate key CKUID, the attribute encryption and decryption key includes attribute DID's Public key GKDIDWith private key CKDID:
CKUID=(ηDID,bDID)
Wherein, ADIDThe all properties that can be distributed for single attribute Dispatching Unit, GKxFor the public key of attribute x, VxFor attribute The version number of x, ηDIDFor the private key parameter of attribute Dispatching Unit, bDIDIt is random for attribute Dispatching Unit for attribute undated parameter, ω The parameter of selection, ω, ηDID,bDID∈ZP
(3) encryption/decryption element is obtained close using data key to that need to store the data encryption in distributed storage node Literary CT, then it is utilized respectively UIDPublic key and DIDPublic key encrypts data key, generation identity key CT UWith attribute key CT D, bag Include:
A, the character string I of two regular lengths is generated at randomK,AK, merge generation data key DK
DK=IK||AK
B, data key D is utilizedKTo the data encryption in distributed storage node need to be stored, ciphertext C is obtainedTAfterwards, utilize DIDPublic key is to AKEncryption, generation attribute key CT D, utilize UIDPublic key is to IKEncryption, generation identity key CT U
Send (UID,CT U, SK) and client and data host are given, while send (UID,GKUID) TSM Security Agent is given, make safe generation Reason assists data host to generate encrypted indexes, assists client to generate retrieval auxiliary key.
Build encrypted keyword index.The keyword data extracted from text data is obtained, is denoted as W={ w1, w2,…,wn};For each keyword wi∈ W, data sink host computer Qi=h (wi)ri, wherein, h is that keyword is mapped to G1 In random number hash function, ri∈ZpIt is a random number.Then data sink chief commander (Q1, Q2,…,Qn) and UIDIt is sent to TSM Security Agent.TSM Security Agent is according to UIDInquire the corresponding GK of data sink masterUID, sequentially for each Qi, calculate Mi=e (Qi, GKUID).TSM Security Agent sends { Mi, 1≤i≤n } and give data host.
(4) when receiving the request of data of client, using secondary encryption key by identity key CTUIt is calculated as given client The ciphertext that can be decrypted, wherein the secondary encryption key is by the primary private key and U of itself of data sinkIDPublic key calculates generation;
Then data host is for each keyword wi, calculate Iwi=[h (UID/ri)]SK, []SKRepresent that random number uses The symmetric key algorithm of safety, key are encrypted for SK.Finally, data host is denoted as I for the encrypted indexes of keyword set W generationsw =[Iw1,Iw2,…,Iwn]。
Retrieval phase includes following 2 processes.1. client first has to pacifying to the data file that search key is w Auxiliary key is generated under the assistance of Full Proxy.Client calculatesThen his identity U is sentIDWithGive TSM Security Agent.After TSM Security Agent receives auxiliary key generation request, the corresponding GK of client is obtained by inquiring aboutUID.Then, return Return retrieval auxiliary keyTo client.2. after client receives retrieval auxiliary key, sendTo security control unit.Asked when security control unit receives retrieval After asking, start to retrieve by following searching algorithm:
For the encrypted indexes of each file, compare using the rope after the retrieval encrypted random number of auxiliary key and decomposition Whether identical draw middle appropriate section, if identical, add it in result set.Security control unit randomly chooses pg∈Zp’ Encryption attribute process is called to encrypt pg, ciphertext is sent to client.Client calls the decipherment algorithm decryption based on attribute, sends solution Result p ' after closegTo host.If the result after decryption is equal to p 'g, distributed storage node be believed that its possess from belong to Property Dispatching Unit assign property set.The property set possessed according to client, further filters retrieval result list, client is had no right The file filter of access falls, and the result after filtering finally is returned to client, the only data of existing customer Internet access just meeting Return.
(5) client receives when data deciphering is carried out after data, is utilized respectively UIDPrivate key CKUIDAnd DIDPrivate key CKDIDDecrypt body Part ciphering key TUWith attribute key CTA, then reconstruct data key, decryption ciphertext CT;
(6) renewal of attribute and identity key is carried out.
Preferably, retrieval scheme of the invention is built upon the Security Index built by location-based HASH functions On the basis of, target is mapped in several sections, similar target is assigned into same section.Wherein Security Index be according to Lower process structure:
1. by feature extraction, antistop list is mapped to its characteristic value collection.
2. once characteristic value is extracted, it is necessary to characteristic value is converted into feature vector to apply location-based HASH, i.e., Characteristic value is mapped to vectorial set.
3. section index construction:Location-based HASH algorithms are applied on vector in second step, according to Search Requirement, A location-based function is constructed from function library.With compound hash function by each maps feature vectors to multiple sections In.If gi(fj) it is hash function giOn characteristic value fjOutput;So gi(fj) it is the section first address indexed, wrap F containing characteristic valuejData item all in this section.Assuming that each data item is allocated an address from 1 to N, N is all The total data item quantity that memory node is stored.If id (Dη) it is data DηAddress, BkIt is a section first address, VBkIt is BkBit vector.So, and if only if gi(fj)=BkWhen, there is VBk[id(Dη)]=1;Otherwise, VBk[id(Dη)]=0.Here fj∈Dη
4. by the way that the encryption of section first address and content is converted into safe rope by location-based HASH index functions Draw.After encryption, the quantity that adds some virtual records in the index to be indexed in hiding data.
In conclusion the present invention proposes a kind of data reusing method of parallel cloud computing, cloud platform data money is realized The efficient and security access in source, adds the credibility of system;Mitigate manager and client encryption, the computing cost of decryption, improve The security performance of data storage.
Obviously, can be with general it should be appreciated by those skilled in the art, above-mentioned each unit of the invention or each step Computing system realize that they can be concentrated in single computing system, or be distributed in multiple computing systems and formed Network on, alternatively, they can be realized with the program code that computing system can perform, it is thus possible to which they are stored Performed within the storage system by computing system.Combined in this way, the present invention is not restricted to any specific hardware and software.
It should be appreciated that the above-mentioned embodiment of the present invention is used only for exemplary illustration or explains the present invention's Principle, without being construed as limiting the invention.Therefore, that is done without departing from the spirit and scope of the present invention is any Modification, equivalent substitution, improvement etc., should all be included in the protection scope of the present invention.In addition, appended claims purport of the present invention Covering the whole changes fallen into scope and border or this scope and the equivalents on border and repairing Change example.

Claims (4)

  1. A kind of 1. data reusing method of parallel cloud computing, it is characterised in that including:
    Use distributed storage node to provide data storage service for SaaS client, data are protected by high in the clouds storage.
  2. 2. according to the method described in claim 1, it is characterized in that, the distributed storage node includes cloud storage service device collection Group and control data corporation;Wherein data are stored in the cloud storage service device cluster, are controlled by the control data corporation The data access of client.
  3. 3. according to the method described in claim 1, it is characterized in that, the method further includes:
    Unit is showed by client and realizes that SaaS client sends access request to distributed storage node, reads distributed storage section Ciphertext on point, if all properties that SaaS client possesses meet the packaged corresponding access rule set of secondary encrypted cipher text, Then decryption obtains clear data;If the attribute that SaaS client possesses is unsatisfactory for access rule set, needs client to carry out identity and test Card;If all properties of SaaS client and authentication are invalid, inhibition request accesses.
  4. 4. according to the method described in claim 3, it is characterized in that, the secondary encryption and decryption are complete by encryption/decryption element Into, the plaintext for the client that the encryption/decryption element uses client carries out secondary encryption, obtains secondary encrypted cipher text, and to two The distributed storage node is arrived in storage after secondary encrypted cipher text is packaged;In decryption by the encapsulation on distributed storage node Good secondary encrypted cipher text is decrypted to obtain clear data, specifically includes:
    When SaaS client accesses the packaged secondary encrypted cipher text C ", secondary encrypted cipher text C " is decrypted to obtain visitor Family group attribute key C ', to ciphering key ' be decrypted, when decryption, is returned to the secondary encryption of the encapsulation by distributed storage node Ciphertext and its corresponding message header, utilize shared key kgsDecryption obtains customers' attribute key
    Wherein, use the symmetric key K chosen by manager to be encrypted the plaintext that stores of needs, obtain ciphertext C, using by The access rule set pair symmetric key K that manager defines is encrypted, obtain ciphering key ':
    Wherein, T represents the access rule set, any to choose q ∈ ZpAnd q=px(0), X represents all of all access rule sets The set of child node;It is default one open hash function;
    To the ciphering key ' be encrypted, the distributed storage node is each customers attribute G during encryptioniRandom selection One customers' attribute keyFor each customers attribute GiSecondary encrypted cipher text C " is established, and is utilized described shared close Key encrypts customers' attribute keyAnd then obtain a message header H ' corresponding to secondary encrypted cipher text C ":
    In formula, kgsRepresent shared key.
CN201711285289.6A 2017-12-07 2017-12-07 The data reusing method of parallel cloud computing Pending CN107995298A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711285289.6A CN107995298A (en) 2017-12-07 2017-12-07 The data reusing method of parallel cloud computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711285289.6A CN107995298A (en) 2017-12-07 2017-12-07 The data reusing method of parallel cloud computing

Publications (1)

Publication Number Publication Date
CN107995298A true CN107995298A (en) 2018-05-04

Family

ID=62036706

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711285289.6A Pending CN107995298A (en) 2017-12-07 2017-12-07 The data reusing method of parallel cloud computing

Country Status (1)

Country Link
CN (1) CN107995298A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109120399A (en) * 2018-08-10 2019-01-01 广东工业大学 A kind of data ciphering method based on asymmetric encryption, decryption method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100250497A1 (en) * 2007-01-05 2010-09-30 Redlich Ron M Electromagnetic pulse (EMP) hardened information infrastructure with extractor, cloud dispersal, secure storage, content analysis and classification and method therefor
CN105959111A (en) * 2016-07-01 2016-09-21 何钟柱 Information security big-data resource access control system based on cloud computing and credible computing
CN106203146A (en) * 2016-08-30 2016-12-07 广东港鑫科技有限公司 A kind of big data safety management system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100250497A1 (en) * 2007-01-05 2010-09-30 Redlich Ron M Electromagnetic pulse (EMP) hardened information infrastructure with extractor, cloud dispersal, secure storage, content analysis and classification and method therefor
CN105959111A (en) * 2016-07-01 2016-09-21 何钟柱 Information security big-data resource access control system based on cloud computing and credible computing
CN106203146A (en) * 2016-08-30 2016-12-07 广东港鑫科技有限公司 A kind of big data safety management system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109120399A (en) * 2018-08-10 2019-01-01 广东工业大学 A kind of data ciphering method based on asymmetric encryption, decryption method and system

Similar Documents

Publication Publication Date Title
CN112765650B (en) Attribute-based searchable encrypted blockchain medical data sharing method
CN106127075B (en) Encryption method can search for based on secret protection under a kind of cloud storage environment
CN108021677A (en) The control method of cloud computing distributed search engine
Liu et al. Cloud-based electronic health record system supporting fuzzy keyword search
CN107634829A (en) Encrypted electronic medical records system and encryption method can search for based on attribute
CN107547525A (en) A kind of method for secret protection of big data query processing
CN105024802B (en) Multi-user's multi-key word based on Bilinear map can search for encryption method in cloud storage
CN103780607B (en) The method of the data de-duplication based on different rights
CN115242518B (en) Medical health data protection system and method in mixed cloud environment
CN105049196B (en) The encryption method that multiple keywords of designated position can search in cloud storage
CN111291407A (en) Data sharing method based on block chain privacy protection
CN108632385B (en) Time sequence-based cloud storage privacy protection method for multi-branch tree data index structure
CN108171066A (en) The cross-domain searching method of keyword and system in a kind of medical treatment cloud under secret protection
CN114826703B (en) Block chain-based data search fine granularity access control method and system
CN112365945A (en) Block chain-based electronic medical record fine-grained access control and ciphertext searchable method
CN102187618A (en) Method and apparatus for pseudonym generation and authentication
CN106326666A (en) Health record information management service system
CN112532650A (en) Block chain-based multi-backup safe deletion method and system
CN112511599A (en) Civil air defense data sharing system and method based on block chain
CN112000632A (en) Ciphertext sharing method, medium, sharing client and system
WO2022242572A1 (en) Personal digital identity management system and method
Gajmal et al. Blockchain-based access control and data sharing mechanism in cloud decentralized storage system
CN108055256A (en) The platform efficient deployment method of cloud computing SaaS
CN107360252A (en) A kind of Data Access Security method that isomery cloud domain authorizes
Raj et al. Enhanced encryption for light weight data in a multi-cloud system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180504