CN108038128B - Retrieval method, system, terminal equipment and storage medium of encrypted file - Google Patents

Retrieval method, system, terminal equipment and storage medium of encrypted file Download PDF

Info

Publication number
CN108038128B
CN108038128B CN201711089073.2A CN201711089073A CN108038128B CN 108038128 B CN108038128 B CN 108038128B CN 201711089073 A CN201711089073 A CN 201711089073A CN 108038128 B CN108038128 B CN 108038128B
Authority
CN
China
Prior art keywords
key
target
server
terminal
encrypted file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711089073.2A
Other languages
Chinese (zh)
Other versions
CN108038128A (en
Inventor
王翼
吴逸明
黄度新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201711089073.2A priority Critical patent/CN108038128B/en
Priority to PCT/CN2017/112600 priority patent/WO2019090841A1/en
Publication of CN108038128A publication Critical patent/CN108038128A/en
Application granted granted Critical
Publication of CN108038128B publication Critical patent/CN108038128B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/176Support for shared access to files; File sharing support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Abstract

The invention is suitable for the technical field of electronics, and provides a retrieval method, a system, terminal equipment and a storage medium of an encrypted file, wherein the method comprises the following steps: the method comprises the steps that a first terminal encrypts a shared file by using a first user secret key and sends the encrypted file and index information corresponding to the shared file to a server, the server encrypts the encrypted file by using the first server secret key, a second terminal sends target keyword information to the server, the server obtains a target double-encrypted file matched with the retrieved target keyword information according to the target keyword information and decrypts the target double-encrypted file by using a second server secret key, the server sends the target encrypted file to the second terminal, and the second terminal decrypts the target encrypted file by using the second user secret key. The technical scheme of the invention realizes that a plurality of authorized users can retrieve the shared file through different keys, thereby improving the data security of the shared file.

Description

Retrieval method, system, terminal equipment and storage medium of encrypted file
Technical Field
The present invention relates to the field of electronic technologies, and in particular, to a method, a system, a terminal device, and a storage medium for retrieving an encrypted file.
Background
With the continuous development of cloud computing, more and more users store files in a cloud server, and in order to ensure the security of data on the cloud server, the files are usually encrypted and then uploaded to the cloud server. When a user needs to search for the encrypted files, the search credentials of the search keywords can be sent to the cloud server, the cloud server matches each encrypted file by using the search credentials, the successfully matched encrypted files are returned to the user, and the user can read the files after decrypting the returned files.
However, although the conventional searchable encryption method can achieve the function of retrieving the encrypted file, it only supports a key sharing manner, that is, the data provider and the user share the same key to perform encryption, decryption and retrieval operations on the file, and this key sharing manner easily causes key leakage and affects data security.
Disclosure of Invention
The embodiment of the invention provides a retrieval method of an encrypted file, which aims to solve the problem of low data security caused by the fact that the existing method for retrieving the encrypted file through a shared key mode is adopted.
In a first aspect, an embodiment of the present invention provides a method for retrieving an encrypted file, including:
a first terminal encrypts a shared file by using a first user key to obtain an encrypted file, and sends the encrypted file and index information corresponding to the shared file to a server side, wherein the first user key is generated by a key management center according to a preset root key;
the server encrypts the encrypted file by using a first server key to obtain a double-encrypted file, wherein the first server key is generated by the key management center according to a preset root key and uniquely corresponds to the first user key;
a second terminal acquires target keyword information and sends the target keyword information to the server side, wherein the second terminal is an authorized user side of the first terminal;
the server retrieves the index information according to the target keyword information, acquires a target double-encrypted file matched with the retrieved target keyword information, and decrypts the target double-encrypted file by using a second server key to obtain a target encrypted file, wherein the second server key is generated by the key management center according to the root key;
the server side sends the target encrypted file to the second terminal;
and the second terminal decrypts the target encrypted file by using a second user key to obtain a target shared file, wherein the second user key is generated by the key management center according to the root key and uniquely corresponds to the second server key.
In a second aspect, an embodiment of the present invention provides a retrieval system for encrypted files, including a first terminal, a second terminal, a server, and a key management center; the first terminal and the server, the second terminal and the server, and the key management center are respectively connected with the first terminal, the second terminal and the server through networks;
the first terminal includes:
the system comprises an encryption module, a server and a key management center, wherein the encryption module is used for encrypting a shared file by using a first user key to obtain an encrypted file and sending the encrypted file and index information corresponding to the shared file to the server, and the first user key is generated by the key management center according to a preset root key;
the second terminal includes:
the target keyword module is used for acquiring target keyword information and sending the target keyword information to the server side, wherein the second terminal is an authorized user side of the first terminal;
the server side comprises:
the double encryption module is used for encrypting the encrypted file by using a first server key to obtain a double encrypted file, wherein the first server key is generated by the key management center according to a preset root key and uniquely corresponds to the first user key;
the retrieval module is used for retrieving in the index information according to the target keyword information, acquiring a target double-encrypted file matched with the retrieved target keyword information, and decrypting the target double-encrypted file by using a second server key to obtain a target encrypted file, wherein the second server key is generated by the key management center according to the root key;
the sending module is used for sending the target encrypted file to the second terminal;
the second terminal further includes:
the decryption module is used for decrypting the target encrypted file by using a second user key to obtain a target shared file, wherein the second user key is generated by the key management center according to the root key and is uniquely corresponding to the second server key;
the key management center is configured to generate the first user key, the first server key, the second user key, and the second server key according to the preset root key.
In a third aspect, an embodiment of the present invention provides a terminal device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the encrypted file retrieval method when executing the computer program.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the computer program implements the steps of the retrieval method for the invoice encrypted file.
Compared with the prior art, the embodiment of the invention has the following advantages: a first terminal used as a data provider encrypts a shared file by using a first user key and uploads the encrypted file to a server, the server encrypts the encrypted file by using the first server key, a second terminal used as an authorized user side of the first terminal sends target keyword information for retrieval to the server, the server retrieves a corresponding double-encrypted file according to the target keyword information and decrypts the double-encrypted file by using a second server key, the obtained target encrypted file is sent to the second terminal, the second terminal decrypts the target encrypted file by using a second user key to obtain a target shared file, the first user key and the first server key are uniquely corresponding, the second user key and the second server key are uniquely corresponding, and a management center of the first user key, the first server key, the second user key and the second server key is generated according to a root key, therefore, the first terminal and the second terminal can use different keys to encrypt and decrypt the shared file, and the keys between the different second terminals can be different from each other, so that a plurality of authorized users can retrieve the shared file through different keys, the data security of the shared file is improved, and meanwhile, the server side secondarily encrypts the encrypted file, so that the data security of the shared file is further improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
Fig. 1 is a schematic view of an application scenario of a retrieval method for an encrypted file according to an embodiment of the present invention;
FIG. 2 is a flowchart of an implementation of a method for retrieving an encrypted file according to an embodiment of the present invention;
fig. 3 is a flowchart of implementing step S1 in the encrypted-file retrieving method according to an embodiment of the present invention;
fig. 4 is a flowchart of implementing step S2 in the encrypted-file retrieving method according to an embodiment of the present invention;
fig. 5 is a flowchart of implementing step S4 in the encrypted-file retrieving method according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of an encrypted file retrieval system provided by an embodiment of the present invention;
fig. 7 is a schematic diagram of a terminal device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 shows an application scenario of a retrieval method for an encrypted file according to an embodiment of the present invention, where the application scenario of the retrieval method for an encrypted file relates to a first terminal, a second terminal, a server, and a key management center, where the first terminal is a data provider, the second terminal is an authorized user side of the first terminal, the first terminal may simultaneously authorize a plurality of second terminals as authorized user sides, keys are uniformly distributed by the key management center regardless of the first terminal or each second terminal, the key management center completes management operations such as generation and distribution of all keys used in the retrieval process of the encrypted file, and keys between the first terminal and each second terminal are different, and each terminal completes encryption and decryption of a shared file by using its own key.
Referring to fig. 2, fig. 2 shows an implementation flow of the retrieval method for encrypted files according to the embodiment of the present invention. The details are as follows:
s1: the first terminal encrypts the shared file by using a first user key to obtain an encrypted file, and sends the encrypted file and index information corresponding to the shared file to the server side, wherein the first user key is generated by a key management center according to a preset root key.
In the embodiment of the invention, a key management center generates a first user key and a first service side key in advance according to a preset root key, the first user key is uniquely corresponding to the first service side key, and the key management center sends the first user key to a first terminal and sends the corresponding first service side key to a service side.
It should be noted that, when the second terminal successfully applies for an authorized user side that becomes the first terminal, the key management center generates a second user key and a second server side key of the authorized user side based on the root key that is the same as the root key that is generated by the first user key and the first server side key, and sends the second user key to the second terminal, and sends a corresponding second server side key to the server side.
And the server stores the received key of each server in association with the user identification information of the corresponding user side.
Specifically, the implementation processes of key generation and distribution include (a1) to (a5), which are described in detail as follows:
(a1) the key management center randomly selects a number x from the basic key set as a root key;
(a2) for a user k, including a user of the first user terminal or the second user terminal, the key management center randomly selects a number x from the basic key setk1And calculate xk2=x-xk1(ii) a Wherein k is user identification information of the user side;
(a3) the key management center sends Kuk=(xk1) As a key for user K, let K besk=(xk2) The key is used as a server side key corresponding to the user k;
(a4) the key management center sends KukSending the K to a user K and sending the KskSending the data to a server;
(a5) receiving K by the serverskThen, the user identification information K and KskThe association is saved as (K, K)sk)。
When a first terminal serving as a data provider needs to share data, a first user key is used for encrypting a shared file to be uploaded to obtain an encrypted file.
Specifically, the first terminal encrypts the shared file by using an ElGamal proxy encryption algorithm, and the obtained encrypted file is c (file) ═ gx,grxi1file), wherein the file is a shared file, x is a root key, i is user identification information of the first terminal, xi1 is a first user key, g is a generation element of a cyclic group generated by the key management center according to preset security parameters, r is a randomly selected random number in the basic key set, and the key management center synchronously sends g and r to the first terminal when sending the first user key to the first terminal.
The index information corresponding to the shared file is used for searching the shared file, and the first terminal may identify and determine the corresponding index information by identifying the content of the shared file, or may directly acquire an index key word input by a user to establish the index information, which is not limited herein.
The first terminal sends the encrypted file and the index information to the server and sends the user identification information of the first terminal to the server.
S2: and the server encrypts the encrypted file by using a first server key to obtain a double-encrypted file, wherein the first server key is generated by the key management center according to a preset root key and uniquely corresponds to the first user key.
In the embodiment of the invention, after receiving an encrypted file sent by a first terminal, a server acquires a first server key corresponding to user identification information of the first terminal from a record stored in association according to the user identification information of the first terminal, and secondarily encrypts the encrypted file by using the first server key to obtain a double-encrypted file C*(file)=(gx,(gr)xi2*grxi1file), where xi2 is the first service key, and xi1+xi2X due to (g)r)xi2*grxi1file=grxi2+rxi1file=gr(xi2+xi1)file=grxfile, so the resulting doubly encrypted file is C*(file)=(gx,grxfile), it can be seen that although the first terminal encrypts the shared file using the first user key, the server then performs the second encryption using the first server key, and the finally obtained double-encrypted file is directly related to the root key x.
And the server stores the index information and the double-encrypted file in a related manner, so that the corresponding double-encrypted file can be searched through the index information.
S3: and the second terminal acquires the target keyword information and sends the target keyword information to the server side, wherein the second terminal is an authorized user side of the first terminal.
In the embodiment of the invention, when the second terminal which is an authorized user side needs to search the shared file, target keyword information for searching is obtained, and the target keyword information is generated by the search keyword input by the user of the second terminal.
And the second terminal sends the target keyword information to the server and simultaneously sends the identification information of the second terminal to the server.
S4: and the server retrieves the index information according to the target keyword information to obtain a target double-encrypted file matched with the retrieved target keyword information, and decrypts the target double-encrypted file by using a second server key to obtain the target encrypted file, wherein the second server key is generated by the key management center according to a preset root key.
In the embodiment of the invention, the server receives the target keyword information sent by the second terminal, searches in the pre-stored index information, and if the target keyword information is searched, acquires the target double encrypted file corresponding to the target keyword information.
And the server acquires a second server key corresponding to the identification information of the second terminal from the record stored in association according to the identification information of the second terminal, and decrypts the target double-encrypted file by using the second server key to obtain the target encrypted file.
Specifically, the target double encrypted file is C*(file)=(gx,grxfile), assuming that the identification information of the second terminal is j, the second server key is xj2, and the second user key is xj1, xj1+xj2And decrypting the target double-encrypted file by using the second server-side key to obtain a target encrypted file C' (file) ═ gx,(gr)-xj2*grxfile) due to (g)r)-xj2*grxfile=gr(x-xj2)file=grxj1file, so the finally obtained target encrypted file C' (file) is (g)x,grxj1file). It can be seen that the target encrypted file at this time has become encrypted by the second user key xj1, i.e., the target encrypted file is different from the encrypted file encrypted by the first user key xi 1.
S5: and the server side sends the target encrypted file to the second terminal.
In the practice of the inventionIn an example, the server changes the target encrypted file C' (file) obtained in step S4 to (g)x,grxj1file) to the second terminal.
S6: and the second terminal decrypts the target encrypted file by using a second user key to obtain a target shared file, wherein the second user key is generated by the key management center according to a preset root key and uniquely corresponds to a second server key.
In the embodiment of the present invention, the target encrypted file received by the second terminal has become encrypted according to the second user key xj1, so the second terminal uses its second user key xj1 to complete decryption of the target encrypted file, i.e. grxj1file*(gr)-xj1=grxj1-rxj1Obtaining a target shared file, which is the shared file shared by the first terminal as the data provider in step S1.
It should be noted that, the first user key xi1 and the first server key xi2 used in the encryption process, and the second user key xj1 and the second server key xi2 used in the decryption process may all be different from each other, but x is xi1+xi2=xj1+xj2The method ensures that the final double-encrypted file is only directly related to the root key x, so that the first terminal and the second terminal can respectively use different keys to encrypt and decrypt the shared file, and the data security of the shared file is improved.
In the embodiment corresponding to fig. 2, a first terminal serving as a data provider encrypts a shared file by using a first user key and uploads the encrypted file to a server, the server encrypts the encrypted file by using the first server key, a second terminal serving as an authorized user side of the first terminal sends target keyword information for retrieval to the server, the server retrieves a corresponding double encrypted file according to the target keyword information and decrypts the double encrypted file by using a second server key, the obtained target encrypted file is sent to the second terminal, the second terminal decrypts the target encrypted file by using a second user key to obtain a target shared file, the first user key uniquely corresponds to the first server key, the second user key uniquely corresponds to the second server key, and both the first user key and the first server key as well as the second user key and the second server key are root-rooted at a key management center According to the generation of the key, the first terminal and the second terminal can use different keys to encrypt and decrypt the shared file, and the keys of the different second terminals can be different from each other, so that a plurality of authorized users can retrieve the shared file through different keys, the data security of the shared file is improved, and meanwhile, the server side carries out secondary encryption on the encrypted file, and the data security of the shared file is further improved.
Next, based on the embodiment corresponding to fig. 2, a specific implementation method for encrypting the shared file by the first terminal using the first user key in step S1 to obtain an encrypted file and sending the encrypted file and the index information corresponding to the shared file to the server side is described in detail below by using a specific embodiment.
Referring to fig. 3, fig. 3 shows a specific implementation flow of step S1 provided in the embodiment of the present invention, which is detailed as follows:
s11: the first terminal acquires a shared file and a retrieval key word corresponding to the shared file.
In the embodiment of the invention, the first terminal acquires the shared file provided by the user and the retrieval key word corresponding to the shared file.
The first terminal may identify and determine the corresponding search keyword through the content of the shared file, or may directly obtain the search keyword input by the user, which is not limited herein.
S12: and the first terminal encrypts the shared file by using the first user key to obtain an encrypted file.
In the embodiment of the present invention, the process of the first terminal encrypting the shared file by using the first user key to obtain the encrypted file is the same as the implementation method for obtaining the encrypted file described in step S1, and details thereof are omitted here.
S13: and the first terminal generates a fuzzy keyword set according to the retrieval keywords.
In the embodiment of the invention, the first terminal generates the fuzzy keyword set according to the determined retrieval keywords, the fuzzy keyword set is used for carrying out fuzzy retrieval on the shared file, the fuzzy keyword set comprises a series of fuzzy keywords generated based on the retrieval keywords, and the fuzzy keywords in the fuzzy keyword set are used for carrying out retrieval, so that the retrieval requirement in a larger range can be met.
Further, the specific implementation manner of the first terminal generating the fuzzy keyword set according to the search keyword is detailed as follows:
and the first terminal constructs a fuzzy keyword set in a wildcard character mode according to the retrieval keywords.
Specifically, a fuzzy keyword set S is established for the search keyword w with the editing distance d in a wildcard character modew,dWildcards are used to indicate editing operations at a certain position in the search key. The editing operation comprises three operation modes:
(1) inserting operation: inserting characters into words of the search keywords;
(2) and (3) deleting operation: deleting characters from the words of the search keyword;
(3) and (3) modifying operation: and modifying the characters in the words of the search keywords into other characters.
A fuzzy keyword set constructed by the search keyword w with the edit distance d is represented as Sw,d={S'w,0,S'w,1,...,S'w,dIs of S'w,nRepresenting a set of words having n wildcards based on w, each wildcard representing an editing operation on the search key w.
For example, for an editing distance d of 1 and a search keyword w of student, a fuzzy keyword set S is establishedstudent,1The fuzzy keyword set includes 16 words, each word includes a plurality of words, and each word includes a plurality of words. In general, when the edit distance d of a search keyword w having a search keyword length of l is 1, the structure is modeledSet of ambiguous keywords Sw,1The size of (2l +1) + 1. As the edit distance d increases, its constructed fuzzy keyword set Sw,dThe size of (a) also increases. When the edit distance d is 2 and 3, respectively, its constructed fuzzy keyword set
Figure BDA0001460761170000111
Figure BDA0001460761170000112
That is, for a search keyword of which the search keyword length is l and the edit distance is d, the size of the fuzzy keyword word set constructed in the wildcard manner is represented by O (l) in terms of data complexityd)。
S14: the first terminal encrypts each keyword in the fuzzy keyword set by using a first index key to obtain a first trapdoor set, wherein the first index key is generated by a first user key.
In the embodiment of the invention, the first terminal generates the first index key K by using the first user key xi1I,KIF (xi1), where f is a hash function.
The first index key is used for encrypting each keyword in the Fuzzy keyword set to obtain a first trapdoor set FuzzyEnc1
Figure BDA0001460761170000113
Wherein S isw1,d1To edit distance d1, the fuzzy keyword set with keyword w1 is retrieved and T can be implemented by the public key encryption algorithm RSA.
S15: the first terminal encrypts the identification information of the shared file by using the first index key, and the encrypted identification information, the first trapdoor set and the first index key form index information.
In the embodiment of the present invention, the first terminal uses the first index key K generated in step S14IEncrypting the identification information of the shared file to obtain encrypted identification information F, wherein F is Enc (K)I,fidw) Wherein, fidwFor containing fuzzy key words wThe Enc is implemented by Advanced Encryption Standard (AES) or Data Encryption Standard (DES).
The identification information of the shared file is used to uniquely identify the shared file, and the identification information may be a file unique number, but is not limited thereto, and may be specifically set according to the application requirement, and is not limited herein.
The first terminal encrypts the identification information F and the first trapdoor set FuzzyEnc1And a first index key KIIndex information Index, Index ═ KI,<FuzzyEnc1,F>I.e. that
Figure BDA0001460761170000121
S16: and the first terminal sends the encrypted file and the index information to the server.
In the embodiment of the invention, the first terminal sends the encrypted file C (file) and the Index information Index to the server.
In the embodiment corresponding to fig. 3, the first terminal encrypts the shared file using the first user key to obtain an encrypted file, constructs a fuzzy keyword set in a wildcard manner according to the search keyword, then, each keyword in the fuzzy keyword set is encrypted by using the first index key to obtain a first trapdoor set, and using the first index key to encrypt the identification information of the shared file, and forming the encrypted identification information, the first trapdoor set and the first index key into index information, sending the encrypted file and the index information to the server side together for the server side to retrieve, the fuzzy retrieval of the retrieval keywords is realized by constructing the fuzzy keyword set, the retrieval success rate and the retrieval accuracy can be effectively improved, moreover, the fuzzy keyword set constructed in the wildcard character mode is more complete, and the fuzzy retrieval requirement in a wider range can be met.
Based on the embodiment corresponding to fig. 3, a specific implementation method for the second terminal to obtain the target keyword information and send the target keyword information to the server in step S2 is described in detail below with a specific embodiment.
In the embodiment of the present invention, the target keyword information acquired by the second terminal includes a target trapdoor set.
Referring to fig. 4, fig. 4 shows a specific implementation flow of step S2 provided in the embodiment of the present invention, which is detailed as follows:
s21: and the second terminal acquires the keywords to be retrieved.
In the embodiment of the invention, the second terminal acquires the keyword to be retrieved input by the user.
S22: and the second terminal generates a target fuzzy keyword set according to the keywords to be retrieved.
In the embodiment of the present invention, the process of generating the target fuzzy keyword set by the second terminal according to the keyword to be retrieved may be the same as the process of generating the fuzzy keyword set by the first terminal according to the retrieval keyword in step S13, and details are not described here.
Specifically, the keyword to be retrieved is w2, the editing distance is d2, and the generated target fuzzy keyword set is Sw2,d2
S23: and the second terminal encrypts each keyword in the target fuzzy keyword set by using a second index key to obtain a target trapdoor set, wherein the second index key is generated by a second user key, and the second user key is generated by a key management center according to the root key.
In the embodiment of the present invention, the second terminal generates the second index key K using the second user key xi2J,KJF (xi2), where f is a hash function.
The second index key is used for fuzzy key word set S to the targetw2,d2Encrypting each keyword in the target trapdoor set Fuzzy to obtain a target trapdoor set FuzzyEnc2
Figure BDA0001460761170000131
S24: and the second terminal sends the target trapdoor set to the server.
In the embodiment of the invention, the second terminal enables the target trapdoor set FuzzyEnc2And sending the target keyword information to the server.
In the embodiment corresponding to fig. 4, when the authorized user of the second terminal needs to use the keyword to be retrieved to retrieve the related encrypted file, the second terminal generates the target fuzzy keyword set according to the keyword to be retrieved, the generation process of the target fuzzy keyword set adopts the same method as the generation method of the fuzzy keyword set generated by the first terminal according to the search keyword, then, encrypting each keyword in the target fuzzy keyword set by using a second index key to obtain a target trapdoor set, sending the target trapdoor set serving as target keyword information to a server, so that the service end can carry out retrieval, the fuzzy retrieval is realized by constructing a fuzzy keyword set, the retrieval success rate and the accuracy rate can be effectively improved, moreover, the fuzzy keyword set constructed in the wildcard character mode is more complete, and the fuzzy retrieval requirement in a wider range can be met.
Based on the embodiment corresponding to fig. 4, a specific implementation method of retrieving, by a specific embodiment, the target double-encrypted file matched with the retrieved target keyword information from the index information by the server mentioned in step S4 according to the target keyword information, and decrypting the target double-encrypted file by using the second server key to obtain the target encrypted file is described in detail below.
Referring to fig. 5, fig. 5 shows a specific implementation flow of step S4 provided in the embodiment of the present invention, which is detailed as follows:
s41: and if the server side retrieves the target encryption index matched with the target trapdoor set from the index information, acquiring a corresponding target index key and identification information of the encrypted target shared file according to the target encryption index.
In the embodiment of the invention, after receiving a target trapdoor set sent by a second terminal, a server performs fuzzy retrieval in index information according to the target trapdoor set, wherein the index information is sent to the server by a first terminal and comprises identification information of an encrypted shared file, a first trapdoor set and a first index key. And if the server retrieves the first trapdoor set matched with the target trapdoor set, taking the index information of the retrieved first trapdoor set as a target encryption index.
Assume that the retrieved target encryption index is
Figure BDA0001460761170000141
Then according to the target encryption Index', obtaining the first Index key K contained in the Index informationIAs a target index key, and identification information Enc (K) of the encrypted shared file contained in the index informationI,fidw1) As the identification information of the encrypted target shared file.
It should be noted that, although the target trapdoor set sent by the second terminal is obtained by encrypting with the second index key, and the first trapdoor set in the index information sent by the first terminal stored on the server is obtained by encrypting with the first index key, that is, the encryption keys of the first trapdoor set and the target trapdoor set are different, since the first index key is generated by the first user key, the second index key is generated by the second user key, and both the first user key and the second user key are generated by the key management center according to the same root key, the fuzzy retrieval process performed by the server can realize that the first trapdoor set matching the target trapdoor set is retrieved in the index information.
S42: and the server decrypts the identification information of the target shared file by using the target index key and acquires a target double-encrypted file according to the decrypted identification information.
In this embodiment of the present invention, the server uses the target index key obtained in step S41, that is, the first index key KIIdentification information Enc (K) for target shared fileI,fidw1) Decrypting to obtain the decrypted identification information fidw
Since the server side stores the index information and the double encrypted file in association in step S2, the server side stores the index information and the double encrypted file in association with each other according to the decrypted identifierInformation fidwAnd obtaining a target double encrypted file C corresponding to the identification information*(file)。
S43: and the server decrypts the target double-encrypted file by using the second server key to obtain the target encrypted file.
In the embodiment of the present invention, the process of the server decrypting the target double-encrypted file by using the second server key to obtain the target encrypted file is the same as the implementation method for obtaining the target encrypted file described in step S4, and details are not described here.
In the embodiment corresponding to fig. 5, the server retrieves a target encryption index matching with the target trapdoor set in the index information according to the target trapdoor set sent by the second terminal, and obtains a corresponding target index key and identification information of an encrypted target shared file according to the target encryption index, and further decrypts the identification information of the target shared file using the target index key, and obtains a target double-encrypted file according to the decrypted identification information, and decrypts the target double-encrypted file using the second server key to obtain the target encrypted file, so that the second terminal can decrypt the target encrypted file using its own second user key to obtain the finally retrieved target shared file, thereby implementing that multiple authorized users can retrieve the shared file through different keys, and the data security of the shared file is improved.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
Fig. 6 shows a block diagram of a structure of a retrieval system of an encrypted file according to an embodiment of the present invention, which corresponds to the retrieval method of an encrypted file described in the foregoing embodiment, and only shows a part related to the embodiment of the present invention for convenience of description.
Referring to fig. 6, the retrieval system for encrypted files includes a first terminal 61, a second terminal 62, a server 63 and a key management center 64, wherein the first terminal and the server, the second terminal and the server, and the key management center are respectively connected to the first terminal, the second terminal and the server through a network.
The key management center 64 is configured to generate a first user key, a first service key, a second user key, and a second service key according to a preset root key.
The first terminal 61 includes an encryption module 611, the second terminal 62 includes a target keyword module 621 and a decryption module 622, the server 63 includes a double encryption module 631, a retrieval module 632 and a sending module 633, and each function module is described in detail as follows:
the encryption module 611 is configured to encrypt the shared file by using a first user key to obtain an encrypted file, and send the encrypted file and index information corresponding to the shared file to the server, where the first user key is generated by the key management center according to a preset root key;
the target keyword module 621 is configured to obtain target keyword information and send the target keyword information to a server, where the second terminal 62 is an authorized user side of the first terminal 61;
a decryption module 622, configured to decrypt the target encrypted file using a second user key to obtain a target shared file, where the second user key is generated by the key management center according to the root key and uniquely corresponds to the second server-side key;
the double encryption module 631 is configured to encrypt the encrypted file by using a first server key to obtain a double encrypted file, where the first server key is generated by the key management center according to a preset root key and uniquely corresponds to the first user key;
a retrieval module 632, configured to retrieve from the index information according to the target keyword information, obtain a target double-encrypted file matched with the retrieved target keyword information, and decrypt the target double-encrypted file using a second server key to obtain a target encrypted file, where the second server key is generated by the key management center according to the root key;
a sending module 633, configured to send the target encrypted file to the second terminal 62.
Further, the encryption module 611 includes:
a first obtaining sub-module 6111, configured to obtain a shared file and a search keyword corresponding to the shared file;
the file encryption sub-module 6112 is configured to encrypt the shared file with the first user key to obtain an encrypted file;
a first word set generating submodule 6113, configured to generate a fuzzy keyword set according to the search keyword;
the keyword encryption sub-module 6114 is configured to encrypt each keyword in the fuzzy keyword set by using a first index key to obtain a first trapdoor set, where the first index key is generated by a first user key;
the identification encryption submodule 6115 is configured to encrypt identification information of the shared file by using a first index key, and form index information by using the encrypted identification information, the first trapdoor set, and the first index key;
the first sending sub-module 6116 is configured to send the encrypted file and the index information to the server 63.
Further, the first word set generating submodule 6113 is further configured to construct the fuzzy keyword set in a wildcard manner according to the search keyword.
Further, the target key information includes a target trapdoor set, and the target key module 621 includes:
a second obtaining submodule 6211, configured to obtain a keyword to be retrieved;
a second word set generating submodule 6212, configured to generate a target fuzzy keyword set according to the keyword to be retrieved;
a second encryption submodule 6213, configured to encrypt each keyword in the target fuzzy keyword set by using a second index key to obtain a target trapdoor set, where the second index key is generated by a second user key, and the second user key is generated by the key management center according to the root key;
a second sending submodule 6214, configured to send the target trapdoor set to the server 63.
Further, the retrieving module 632 includes:
a matching submodule 6321, configured to, if a target encryption index that matches the target trapdoor set is retrieved from the index information, obtain a corresponding target index key and identification information of the encrypted target shared file according to the target encryption index;
the first decryption submodule 6322 is configured to decrypt the identification information of the target shared file using the target index key, and obtain a target double-encrypted file according to the decrypted identification information; .
And the second decryption submodule 6323 is configured to decrypt the target double-encrypted file by using the second server-side key, so as to obtain the target encrypted file.
The process of implementing the respective function of each module in the retrieval system of the encrypted file provided by the embodiment of the present invention may specifically refer to the description of the foregoing method embodiment, and is not described herein again.
An embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and the computer program, when executed by a processor, implements the encrypted file retrieval method in the foregoing method embodiment, or the computer program, when executed by the processor, implements functions of each module/unit in the encrypted file retrieval system in the foregoing apparatus embodiment, and is not described herein again to avoid repetition.
Referring to fig. 7, fig. 7 is a schematic diagram of a terminal device according to an embodiment of the present invention. As shown in fig. 7, the terminal device 70 of this embodiment includes: a processor 71, a memory 72, and a computer program 73, such as a retrieval program of an encrypted file, stored in the memory 72 and executable on the processor 71. The processor 71, when executing the computer program 73, implements the steps in the above-described respective encrypted-file retrieval method embodiments, such as the steps S1 to S6 shown in fig. 1. Alternatively, the processor 71, when executing the computer program 73, implements the functions of the modules/units in the above-described device embodiments, such as the functions of the modules/units in the first terminal 61, the second terminal 62, the server 63, and the key management center 64 shown in fig. 6.
Illustratively, the computer program 73 may be divided into one or more modules/units, which are stored in the memory 72 and executed by the processor 71 to carry out the invention. One or more of the modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution of the computer program 73 in the terminal device 70. For example, the computer program 73 may be divided into an encryption module on the first terminal, a target keyword module and a decryption module on the second terminal, a double encryption module, a retrieval module and a transmission module on the server side, a program on the key management center. The specific functions of each functional module are as follows:
and the key management center is used for generating a first user key, a first service side key, a second user key and a second service side key according to the preset root key.
The encryption module is used for encrypting the shared file by using a first user key to obtain an encrypted file and sending the encrypted file and the index information corresponding to the shared file to the server, wherein the first user key is generated by the key management center according to a preset root key;
the target keyword module is used for acquiring target keyword information and sending the target keyword information to the server side, wherein the second terminal is an authorized user side of the first terminal;
the decryption module is used for decrypting the target encrypted file by using a second user key to obtain a target shared file, wherein the second user key is generated by the key management center according to the root key and is uniquely corresponding to a second server key;
the double encryption module is used for encrypting the encrypted file by using a first server key to obtain a double encrypted file, wherein the first server key is generated by a key management center according to a preset root key and uniquely corresponds to a first user key;
the retrieval module is used for retrieving in the index information according to the target keyword information, acquiring a target double-encrypted file matched with the retrieved target keyword information, and decrypting the target double-encrypted file by using a second server key to obtain a target encrypted file, wherein the second server key is generated by the key management center according to the root key;
and the sending module is used for sending the target encrypted file to the second terminal.
Further, the encryption module includes:
the first acquisition submodule is used for acquiring a shared file and a retrieval keyword corresponding to the shared file;
the file encryption submodule is used for encrypting the shared file by using the first user key to obtain an encrypted file;
the first word set generation submodule is used for generating a fuzzy keyword set according to the retrieval keywords;
the key encryption sub-module is used for encrypting each key in the fuzzy key set by using a first index key to obtain a first trapdoor set, wherein the first index key is generated by a first user key;
the identification encryption submodule is used for encrypting the identification information of the shared file by using a first index key and forming index information by the encrypted identification information, the first trapdoor set and the first index key;
and the first sending submodule is used for sending the encrypted file and the index information to the server side.
Further, the first word set generation submodule is further used for constructing the fuzzy keyword set in a wildcard character mode according to the retrieval keywords.
Further, the target key information includes a set of target trapdoors, and the target key module includes:
the second obtaining submodule is used for obtaining the keywords to be retrieved;
the second word set generation submodule is used for generating a target fuzzy keyword set according to the keywords to be retrieved;
the second encryption sub-module is used for encrypting each keyword in the target fuzzy keyword set by using a second index key to obtain a target trapdoor set, wherein the second index key is generated by a second user key, and the second user key is generated by a key management center according to the root key;
and the second sending submodule is used for sending the target trapdoor set to the server side.
Further, the retrieval module includes:
the matching sub-module is used for acquiring a corresponding target index key and identification information of the encrypted target shared file according to the target encryption index if the target encryption index matched with the target trapdoor set is retrieved from the index information;
the first decryption submodule is used for decrypting the identification information of the target shared file by using the target index key and acquiring a target double-encrypted file according to the decrypted identification information; .
And the second decryption submodule is used for decrypting the target double-encrypted file by using the second server-side key to obtain the target encrypted file.
The terminal device 70 may be a computing device such as a desktop computer, a notebook, a palm computer, and a cloud server. Terminal equipment 70 may include, but is not limited to, a processor 71, a memory 72. Those skilled in the art will appreciate that fig. 7 is merely an example of terminal device 70 and does not constitute a limitation of terminal device 70 and may include more or fewer components than shown, or some components may be combined, or different components, e.g., terminal device 70 may also include input-output devices, network access devices, buses, etc.
The Processor 71 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The storage 72 may be an internal storage unit of the terminal device 70, such as a hard disk or a memory of the terminal device 60. The memory 72 may also be an external storage device of the terminal device 70, such as a plug-in hard disk provided on the terminal device 70, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the memory 72 may also include both an internal storage unit of the terminal device 70 and an external storage device. The memory 72 is used to store computer programs and other programs and data required by the terminal device 70. The memory 72 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain other components which may be suitably increased or decreased as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media which may not include electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.

Claims (10)

1. A method for retrieving an encrypted file, the method comprising:
a first terminal encrypts a shared file by using a first user key to obtain an encrypted file, and sends the encrypted file and index information corresponding to the shared file to a server side, wherein the first user key is generated by a key management center according to a preset root key;
the server encrypts the encrypted file by using a first server key to obtain a double-encrypted file, wherein the first server key is generated by the key management center according to a preset root key and uniquely corresponds to the first user key;
a second terminal acquires target keyword information and sends the target keyword information to the server side, wherein the second terminal is an authorized user side of the first terminal;
the server retrieves the index information according to the target keyword information, acquires a target double-encrypted file matched with the retrieved target keyword information, and decrypts the target double-encrypted file by using a second server key to obtain a target encrypted file, wherein the second server key is generated by the key management center according to the root key;
the server side sends the target encrypted file to the second terminal;
and the second terminal decrypts the target encrypted file by using a second user key to obtain a target shared file, wherein the second user key is generated by the key management center according to the root key and is uniquely corresponding to the second server key.
2. The retrieval method of claim 1, wherein the first terminal encrypts the shared file using the first user key to obtain an encrypted file, and sends the encrypted file and the index information corresponding to the shared file to the server side comprises:
the first terminal acquires the shared file and a retrieval keyword corresponding to the shared file;
the first terminal encrypts the shared file by using the first user key to obtain the encrypted file;
the first terminal generates a fuzzy keyword set according to the retrieval keywords;
the first terminal encrypts each keyword in the fuzzy keyword set by using a first index key to obtain a first trapdoor set, wherein the first index key is generated by the first user key;
the first terminal encrypts identification information of the shared file by using the first index key, and the encrypted identification information, the first trapdoor set and the first index key form the index information;
and the first terminal sends the encrypted file and the index information to the server.
3. The retrieval method of claim 2, wherein the first terminal generating a fuzzy keyword set according to the retrieval keyword comprises:
and the first terminal constructs the fuzzy keyword set in a wildcard character mode according to the retrieval keywords.
4. The retrieval method of claim 2 or 3, wherein the target keyword information comprises a target trapdoor set, and the second terminal acquires the target keyword information and sends the target keyword information to the server side comprises:
the second terminal acquires a keyword to be retrieved;
the second terminal generates a target fuzzy keyword set according to the keyword to be retrieved;
the second terminal encrypts each keyword in the target fuzzy keyword set by using a second index key to obtain a target trapdoor set, wherein the second index key is generated by a second user key, and the second user key is generated by the key management center according to the root key;
and the second terminal sends the target trapdoor set to the server.
5. The retrieval method of claim 4, wherein the server performs retrieval in the index information according to the target keyword information to obtain a target double-encrypted file matched with the retrieved target keyword information, and decrypts the target double-encrypted file using a second server key to obtain a target encrypted file, comprising:
if the server side retrieves a target encryption index matched with the target trapdoor set from the index information, acquiring a corresponding target index key and identification information of an encrypted target shared file according to the target encryption index;
the server decrypts the identification information of the target shared file by using the target index key and acquires a target double-encrypted file according to the decrypted identification information;
and the server decrypts the target double-encrypted file by using the second server key to obtain the target encrypted file.
6. The retrieval system of the encrypted file is characterized by comprising a first terminal, a second terminal, a server side and a key management center; the first terminal and the server, the second terminal and the server, and the key management center are respectively connected with the first terminal, the second terminal and the server through networks;
the first terminal includes:
the system comprises an encryption module, a server and a key management center, wherein the encryption module is used for encrypting a shared file by using a first user key to obtain an encrypted file and sending the encrypted file and index information corresponding to the shared file to the server, and the first user key is generated by the key management center according to a preset root key;
the second terminal includes:
the target keyword module is used for acquiring target keyword information and sending the target keyword information to the server side, wherein the second terminal is an authorized user side of the first terminal;
the server side comprises:
the double encryption module is used for encrypting the encrypted file by using a first server key to obtain a double encrypted file, wherein the first server key is generated by the key management center according to a preset root key and uniquely corresponds to the first user key;
the retrieval module is used for retrieving in the index information according to the target keyword information, acquiring a target double-encrypted file matched with the retrieved target keyword information, and decrypting the target double-encrypted file by using a second server key to obtain a target encrypted file, wherein the second server key is generated by the key management center according to the root key;
the sending module is used for sending the target encrypted file to the second terminal;
the second terminal further includes:
the decryption module is used for decrypting the target encrypted file by using a second user key to obtain a target shared file, wherein the second user key is generated by the key management center according to the root key and is uniquely corresponding to the second server key;
the key management center is configured to generate the first user key, the first server key, the second user key, and the second server key according to the preset root key.
7. A retrieval system as recited in claim 6, wherein the encryption module comprises:
the first obtaining submodule is used for obtaining the shared file and the retrieval key words corresponding to the shared file;
the file encryption sub-module is used for encrypting the shared file by using the first user key to obtain the encrypted file;
the first word set generation submodule is used for generating a fuzzy keyword set according to the retrieval keywords;
the key encryption sub-module is used for encrypting each key in the fuzzy key set by using a first index key to obtain a first trapdoor set, wherein the first index key is generated by the first user key;
the identification encryption submodule is used for encrypting the identification information of the shared file by using the first index key and forming the index information by the encrypted identification information, the first trapdoor set and the first index key;
and the first sending submodule is used for sending the encrypted file and the index information to the server.
8. The retrieval system of claim 7, wherein the target key information comprises a set of target trapdoors, the target key module comprising:
the second obtaining submodule is used for obtaining the keywords to be retrieved;
the second word set generation submodule is used for generating a target fuzzy keyword set according to the keywords to be retrieved;
the second encryption sub-module is used for encrypting each keyword in the target fuzzy keyword set by using a second index key to obtain a target trapdoor set, wherein the second index key is generated by a second user key, and the second user key is generated by the key management center according to the root key;
and the second sending submodule is used for sending the target trapdoor set to the server side.
9. A terminal device comprising a memory, a processor and a computer program stored in said memory and executable on said processor, characterized in that said processor implements the steps of the method for retrieving an encrypted file according to any one of claims 1 to 5 when executing said computer program.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method for retrieving an encrypted file according to any one of claims 1 to 5.
CN201711089073.2A 2017-11-08 2017-11-08 Retrieval method, system, terminal equipment and storage medium of encrypted file Active CN108038128B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201711089073.2A CN108038128B (en) 2017-11-08 2017-11-08 Retrieval method, system, terminal equipment and storage medium of encrypted file
PCT/CN2017/112600 WO2019090841A1 (en) 2017-11-08 2017-11-23 Encrypted file retrieval method and system, terminal device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711089073.2A CN108038128B (en) 2017-11-08 2017-11-08 Retrieval method, system, terminal equipment and storage medium of encrypted file

Publications (2)

Publication Number Publication Date
CN108038128A CN108038128A (en) 2018-05-15
CN108038128B true CN108038128B (en) 2020-02-14

Family

ID=62092782

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711089073.2A Active CN108038128B (en) 2017-11-08 2017-11-08 Retrieval method, system, terminal equipment and storage medium of encrypted file

Country Status (2)

Country Link
CN (1) CN108038128B (en)
WO (1) WO2019090841A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109040109B (en) * 2018-08-31 2022-01-21 国鼎网络空间安全技术有限公司 Data transaction method and system based on key management mechanism
CN109660555B (en) * 2019-01-09 2020-07-14 上海交通大学 Content secure sharing method and system based on proxy re-encryption
CN111191266A (en) * 2019-12-31 2020-05-22 中国广核电力股份有限公司 File encryption method and system and decryption method and system
CN113315626B (en) * 2020-02-27 2023-01-10 阿里巴巴集团控股有限公司 Communication method, key management method, device, system and storage medium
CN111737720B (en) * 2020-07-21 2022-03-25 腾讯科技(深圳)有限公司 Data processing method and device and electronic equipment
CN112822255B (en) * 2020-12-31 2023-02-28 平安科技(深圳)有限公司 Block chain-based mail processing method, mail sending end, receiving end and equipment
CN112887087B (en) * 2021-01-20 2023-04-18 成都质数斯达克科技有限公司 Data management method and device, electronic equipment and readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103457733A (en) * 2013-08-15 2013-12-18 中电长城网际系统应用有限公司 Data sharing method and system under cloud computing environment
CN103731432A (en) * 2014-01-11 2014-04-16 西安电子科技大学昆山创新研究院 Multi-user supported searchable encryption system and method
CN107077469A (en) * 2014-10-21 2017-08-18 三菱电机株式会社 Server unit, searching system, terminal installation, search method, server program and terminal program
CN107330340A (en) * 2017-06-19 2017-11-07 国家计算机网络与信息安全管理中心 File encrypting method, equipment, file decryption method, equipment and storage medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040117621A1 (en) * 2002-12-12 2004-06-17 Knight Erik A. System and method for managing resource sharing between computer nodes of a network
CN102176709B (en) * 2010-12-13 2013-11-13 北京交通大学 Method and device with privacy protection function for data sharing and publishing
CN103281377B (en) * 2013-05-31 2016-06-08 北京创世泰克科技股份有限公司 A kind of encrypt data storage and querying method of facing cloud
WO2016063254A1 (en) * 2014-10-23 2016-04-28 Pageproof.Com Limited Encrypted collaboration system and method
CN105320896B (en) * 2015-10-21 2018-04-06 成都卫士通信息产业股份有限公司 A kind of cloud storage encryption and its cipher text retrieval method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103457733A (en) * 2013-08-15 2013-12-18 中电长城网际系统应用有限公司 Data sharing method and system under cloud computing environment
CN103731432A (en) * 2014-01-11 2014-04-16 西安电子科技大学昆山创新研究院 Multi-user supported searchable encryption system and method
CN107077469A (en) * 2014-10-21 2017-08-18 三菱电机株式会社 Server unit, searching system, terminal installation, search method, server program and terminal program
CN107330340A (en) * 2017-06-19 2017-11-07 国家计算机网络与信息安全管理中心 File encrypting method, equipment, file decryption method, equipment and storage medium

Also Published As

Publication number Publication date
WO2019090841A1 (en) 2019-05-16
CN108038128A (en) 2018-05-15

Similar Documents

Publication Publication Date Title
CN108038128B (en) Retrieval method, system, terminal equipment and storage medium of encrypted file
US11477006B2 (en) Secure analytics using an encrypted analytics matrix
US9852306B2 (en) Conjunctive search in encrypted data
US20180212753A1 (en) End-To-End Secure Operations Using a Query Vector
US20150039903A1 (en) Masking query data access pattern in encrypted data
CN111199053B (en) System and method for multi-character wildcard search of encrypted data
JP2014002365A (en) Encrypted data inquiry method and system which can protect privacy
CN109361644B (en) Fuzzy attribute based encryption method supporting rapid search and decryption
US9641328B1 (en) Generation of public-private key pairs
CN114048448A (en) Block chain based dynamic searchable encryption method and device
CN117223002A (en) Encrypted information retrieval
Al Sibahee et al. Efficient encrypted image retrieval in IoT-cloud with multi-user authentication
WO2018116826A1 (en) Message transmission system, communication terminal, server device, message transmission method, and program
CN112042150B (en) Registration device, server device, concealment search system, concealment search method, and computer-readable recording medium
US11829503B2 (en) Term-based encrypted retrieval privacy
CN108920968B (en) File searchable encryption method based on connection keywords
US20230006813A1 (en) Encrypted information retrieval
EP4020265A1 (en) Method and device for storing encrypted data
CN115510490A (en) Method, device, system and equipment for inquiring encrypted data shared by non-secret keys
CN114760081A (en) File encryption and decryption method and device and electronic equipment
CN111602127B (en) Data management device, data management method, and computer-readable storage medium
Ferreira et al. Multimodal indexable encryption for mobile cloud-based applications
JP7440662B2 (en) Multi-key information search
CN115795514A (en) Private information retrieval method, device and system
CN116881516A (en) Method, device, equipment and medium for inquiring enterprise information hiding trace

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant