CN108881195A - Data safety sharing method and device based on cloud environment - Google Patents
Data safety sharing method and device based on cloud environment Download PDFInfo
- Publication number
- CN108881195A CN108881195A CN201810579506.0A CN201810579506A CN108881195A CN 108881195 A CN108881195 A CN 108881195A CN 201810579506 A CN201810579506 A CN 201810579506A CN 108881195 A CN108881195 A CN 108881195A
- Authority
- CN
- China
- Prior art keywords
- user
- private key
- key
- identity
- cloud server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Abstract
The data safety sharing method and device, method that the present invention provides a kind of based on cloud environment include:The initialization algorithm in preset password component is executed, determines corresponding public and private key;System user information table is initialized, and is stored through safe lane transmission system user information table and recipient's private key to privately owned Cloud Server;Public address system Your Majesty key and recipient's public key;Privately owned Cloud Server is received according to the User Identity and keyword to be checked of user cloud file access request acknowledgment of your inquiry, and carries out cipher-text information retrieval;Transmission retrieves the return file set after determining to the corresponding user terminal of user cloud file access request.According to the technical solution of the present invention, data sharing has flexible access control and the searching ciphertext function based on keyword independent of the shared of same private key, realizes controllable shared and retrieval purpose, while reducing local computing amount and the amount of being locally stored.
Description
Technical field
The present invention relates to technical field of data security, shared in particular to a kind of data safety based on cloud environment
Method and a kind of data safety sharing means based on cloud environment.
Background technique
Although searching ciphertext technology is protects the privacy of cloud data to provide the approach of a kind of " efficient ", it only belongs to
In the single user searching ciphertext the case where, and now the application scenarios of cloud computing data outsourcing storage that can be found everywhere are to searching ciphertext
Requirement it is much more complex.Under current application scenarios, keyword can be based on from cloud service according to access strategy between user
Device is retrieved to obtain shared data, this is a kind of loose, flexible, popular data outsourcing application scenarios.It is current to adapt to
The application scenarios of cloud computing data outsourcing storage are in the related technology that all users with legitimate access rights is allowed to be owned by
The key of data owner is to access the file that the owner shares, but there are a series of defects for this method:
(1)It increases the risk that key is potentially leaked and abused and finds the attacker of key if some user has lost Mi Lang
It can be obtained the ability for accessing the All Files that the user owner shares.
(2)Lead to user key enormous amount, if user has the access authority of the shared file for multiple owners,
So he can be assigned multiple keys, and the quantity of these keys is capable of the number of sources of the shared file of Lawful access with him
(That is the number of data owner)It is directly proportional, and the key of these enormous amounts how is kept properly, it is a stubborn problem.
(3)It is unfavorable for formulating flexibly controllable access strategy, for a user, all sharing files of same owner are all
Access attribute having the same may have access to or inaccessible, set flexible access attribute if need to classify, but will be at multiplication
The quantity of big key.
(4)It is unfavorable for the revocation of access privilege, the search access right of user such as to be cancelled must update the user and be possessed
All data owners key, while issuing updated key, calculation amount again for other related and unrevoked users
It is huge.
Summary of the invention
The purpose of the present invention is to provide one kind securely and reliably, calculation amount is lower, operation is more stable and reliable based on cloud ring
The data safety sharing method in border and a kind of data safety sharing means based on cloud environment.
To achieve the goals above, technical solution of the present invention provides a kind of shared side of the data safety based on cloud environment
Method is suitable for publicly-owned Cloud Server, including:The initialization algorithm in preset password component is executed, determines corresponding public and private key,
Public and private key includes system Your Majesty key, main system private key, recipient's public key, recipient's private key;System user information table is initialized, and
System user information table is sent through safe lane and recipient's private key to privately owned Cloud Server stores;It public address system Your Majesty key and connects
Receipts person's public key;Privately owned Cloud Server is received according to the User Identity of user cloud file access request acknowledgment of your inquiry and to be checked
Keyword is ask, and carries out cipher-text information retrieval;Return file set to user cloud file access after transmission retrieval determines is asked
Seek corresponding user terminal.
In the present solution, executing the initialization algorithm in preset password component, determine that corresponding public and private key, public and private key include
System Your Majesty key, main system private key, recipient's public key, recipient's private key initialize system user information table later, and through safety
Channel sends system user information table and recipient's private key to privately owned Cloud Server stores, public address system Your Majesty key and reception later
Person's public key realizes the configuration of key, is advantageously implemented controllable shared and retrieval purpose, while reducing local computing amount,
By receiving User Identity and to be checked pass of the privately owned Cloud Server according to user cloud file access request acknowledgment of your inquiry
Keyword, and cipher-text information retrieval is carried out, the return file set after transmission retrieval judgement to user cloud file access request pair
The user terminal answered realizes the shared of file, using the flexibility and self-help of publicly-owned Cloud Server, privately owned Cloud Server
Safety realizes the balance of safety and efficiency.
It should be noted that preset password component is the broadcast enciphering IBBE of identity-based and public key can search for adding
Close PEKS, the initialization algorithm of the broadcast enciphering of identity-based are stetup (λ, n), and the specially algorithm inputs security parameter λ
With the maximum number n of the recipient allowed in a broadcast enciphering, output system Your Majesty key and main system private key, public key be can search for
The initialization algorithm of encryption is stetup (λ), and the specially algorithm inputs security parameter λ, exports recipient's public key and recipient
Private key.
Furthermore it is also possible to determine corresponding public and private key, specially by following scheme:It inputs parameter lambda and initializes prime number p
Rank is the two-wire group G for generating member with g, and defines bilinear map ê thereon:G×G→GTAnd binary-coded character set of strings
On hash function H:{0,1 }*→Zp, { 0,1 } * indicates the set being made of the string of binary characters of random length here;
Randomly select g2, g3, { hi}m i=1∈RGWith x ∈ RZp, and output system Your Majesty's key, pk=(G, g1, g2, g3, { hi}m i=1), here
g1=gx;Calculate msk=g2 xAs main system private key;Initialising subscriber information table T and permission set Ρ={ p1, p2..., here, and for each pi∈ Ρ randomly selects symmetrical recipient's private key, with initialising subscriber information table T and power
Limit set Ρ is sent to privately owned Cloud Server storage and management together.
Preferably, further include:When receiving new user's application addition request, it is added according to new user application in requesting
User Identity and main system private key generate the broadcast enciphering private key of the identity-based of corresponding user;Execute preset number
The public and private key of a pair of digital signature scheme is randomly generated in the initialization function of signature algorithm;Determine User Identity, based on body
The broadcast enciphering private key, digital signature scheme private key of part are private key for user, and return to corresponding new user Shen through safe lane
The corresponding user terminal of request please be added;New user's registration information is sent to privately owned Cloud Server, and updates system user information
Table, new user's registration information include User Identity, digital signature scheme public key;When determining revocation user is based on keyword
Retrieval permissions when, send corresponding User Identity to privately owned Cloud Server, so that privately owned Cloud Server is according to user's body
Part identification search simultaneously deletes the list item corresponded in system user information table.
In the present solution, being added according to new user application in requesting by when receiving new user's application addition request
User Identity and main system private key generate the broadcast enciphering private key of the identity-based of corresponding user, are advantageously implemented new
The application of user is added, and by executing the initialization function of preset number signature algorithm, the one of digital signature scheme is randomly generated
To public and private key, determine that User Identity, the broadcast enciphering private key of identity-based, digital signature scheme private key are that user is private later
Key, and return to corresponding new user through safe lane and apply that the corresponding user terminal of request is added, be conducive to user and be total to
Permission is enjoyed, when receiving cryptograph files, can decrypt as clear text file, be read out and use, passes through and sends new user's note
Volume information updates system user information table to privately owned Cloud Server, and new user's registration information includes User Identity, number
Signature scheme public key reduces key and potentially leaks and abuse risk, and user key quantity is smaller, is conducive to be protected
It deposits, storage occupied space is reduced, and calculation amount is smaller, by when the retrieval permissions based on keyword for determining revocation user
When, corresponding User Identity is sent to privately owned Cloud Server, so that privately owned Cloud Server is searched for according to User Identity
And the list item corresponded in system user information table is deleted, realize the more efficiently revocation of access privilege, Er Qiewu
More new key need to be issued again for other related and unrevoked users, reduce calculation amount, promoting data sharing safety
While, improve the efficiency of data sharing.
Technical solution of the present invention additionally provides a kind of data safety sharing method based on cloud environment, is suitable for data master
Terminal, including:The broadcast enciphering algorithm for executing identity-based generates session key and right according to the set of User Identity
The broadcast message head answered;According to session key symmetric cryptography shared file, cryptograph files are generated;Executing public key can search for encryption calculation
Method encrypts keyword relevant to shared file, generates ciphertext keyword;Cipher-text information is sent to publicly-owned cloud service
Device, cipher-text information include the set of User Identity, cryptograph files, ciphertext keyword, broadcast message head.
In the present solution, according to the set of User Identity, generating meeting by the broadcast enciphering algorithm for executing identity-based
Key and corresponding broadcast message head are talked about, is advantageously implemented the generation of cryptograph files, the upload for the data that data master terminal possesses,
By generating cryptograph files according to session key symmetric cryptography shared file, is conducive to the safety for ensureing shared file, passes through
Executing public key can search for Encryption Algorithm, encrypt to keyword relevant to shared file, generates ciphertext keyword, is conducive to
The retrieval for realizing cryptograph files, by sending cipher-text information to publicly-owned Cloud Server, cipher-text information includes User Identity
Set, cryptograph files, ciphertext keyword, broadcast message head are conducive to publicly-owned Cloud Server and are asked according to user to shared file
Ask, carry out the retrieval of cipher-text information, to realize that the safety of data is shared, cipher-text information include User Identity set,
Cryptograph files, ciphertext keyword, broadcast message head, the user for only meeting condition could obtain plaintext corresponding to cryptograph files
File has further ensured the safety of data sharing, and calculation amount is small, and storage occupies little space.
Technical solution of the present invention additionally provides a kind of data safety sharing method based on cloud environment, is suitable for private clound
Server, including:When receiving user cloud file access request, according to User Identity, searching system user is searched
Information table, user cloud file access request include User Identity, keyword to be checked, user using digital signature scheme
Signature of the private key to User Identity and keyword to be checked;When lookup retrieves the respective table in system user information table
, and when signature verification success, search result will be searched and be translated as trapdoor form, and by User Identity and key to be checked
Word is sent to publicly-owned Cloud Server, so that publicly-owned Cloud Server carries out cipher-text information retrieval.
In the present solution, according to User Identity, searching retrieval by when receiving user cloud file access request
System user information table, user cloud file access request include User Identity, keyword to be checked, user's use number
Signature scheme private key is to the signature of User Identity and keyword to be checked, later when lookup retrieves system user information
Corresponding list item in table, and when signature verification success, will search search result and be translated as trapdoor form, and by User Identity
It is sent to publicly-owned Cloud Server with keyword to be checked, so that publicly-owned Cloud Server carries out cipher-text information retrieval, is taken full advantage of
The mutual cooperation of privately owned Cloud Server and publicly-owned Cloud Server further improves the safety of data sharing, utilizes public cloud
The flexibility and self-help of server, the safety of privately owned Cloud Server realize the balance of safety and efficiency, independent of same
Sharing for one private key, is provided simultaneously with flexible access control and the searching ciphertext function based on keyword, is locally stored in liberation
While, also ensure the safety of privately owned Cloud Server storage and the safety of data sharing process.
Technical solution of the present invention additionally provides a kind of data safety sharing method based on cloud environment, and it is whole to be suitable for user
End, including:Receive the private key for user that publicly-owned Cloud Server determines, private key for user include User Identity, identity-based it is wide
Broadcast encryption key, digital signature scheme private key;Receive the return file set after publicly-owned Cloud Server retrieval determines;Execution is based on
The broadcast decipherment algorithm of identity restores the session key with data master terminal;It is decrypted and is returned in file set according to session key
Each cryptograph files, generate corresponding clear text file.
In the present solution, the private key for user determined by receiving publicly-owned Cloud Server, private key for user include User Identity,
Broadcast enciphering private key, the digital signature scheme private key of identity-based are conducive to quickly solve in the cryptograph files for receiving request
Close is clear text file, retrieves the return file set after determining by receiving publicly-owned Cloud Server, executes identity-based later
Decipherment algorithm is broadcasted, the session key with data master terminal is restored, is decrypted returned in file set according to session key later
Each cryptograph files generate corresponding clear text file, and the user for only meeting condition could obtain corresponding to the bright of cryptograph files
File further improves convenience and the safety of data sharing independent of the shared of same private key.
Technical solution of the present invention additionally provides a kind of data safety sharing means based on cloud environment, is suitable for public cloud
Server, including:Execution unit determines corresponding public and private key, public affairs for executing the initialization algorithm in preset password component
Private key includes but is not limited to system Your Majesty key, main system private key, recipient's public key, recipient's private key;Transmission unit, for initial
Change system user information table, and is deposited through safe lane transmission system user information table and recipient's private key to privately owned Cloud Server
Storage;Unit is announced, public address system Your Majesty key and recipient's public key are used for;Receiving unit, for receive privately owned Cloud Server according to
The User Identity and keyword to be checked of user cloud file access request acknowledgment of your inquiry, and carry out cipher-text information retrieval;
It is whole to the corresponding user of user cloud file access request to be used for transmission the return file set after retrieval determines for transmission unit
End.
In the present solution, executing the initialization algorithm in preset password component, determine that corresponding public and private key, public and private key include
System Your Majesty key, main system private key, recipient's public key, recipient's private key initialize system user information table later, and through safety
Channel sends system user information table and recipient's private key to privately owned Cloud Server stores, public address system Your Majesty key and reception later
Person's public key realizes the configuration of key, is advantageously implemented controllable shared and retrieval purpose, while reducing local computing amount,
By receiving User Identity and to be checked pass of the privately owned Cloud Server according to user cloud file access request acknowledgment of your inquiry
Keyword, and cipher-text information retrieval is carried out, the return file set after transmission retrieval judgement to user cloud file access request pair
The user terminal answered realizes the shared of file, using the flexibility and self-help of publicly-owned Cloud Server, privately owned Cloud Server
Safety realizes the balance of safety and efficiency.
It should be noted that preset password component is the broadcast enciphering IBBE of identity-based and public key can search for adding
Close PEKS, the initialization algorithm of the broadcast enciphering of identity-based are stetup (λ, n), and the specially algorithm inputs security parameter λ
With the maximum number n of the recipient allowed in a broadcast enciphering, output system Your Majesty key and main system private key, public key be can search for
The initialization algorithm of encryption is stetup (λ), and the specially algorithm inputs security parameter λ, exports recipient's public key and recipient
Private key.
Furthermore it is also possible to determine corresponding public and private key, specially by following scheme:It inputs parameter lambda and initializes prime number p
Rank is the two-wire group G for generating member with g, and defines bilinear map ê thereon:G×G→GTAnd binary-coded character set of strings
On hash function H:{0,1 }*→Zp, { 0,1 } * indicates the set being made of the string of binary characters of random length here;
Randomly select g2, g3, { hi}m i=1∈RGWith x ∈ RZp, and output system Your Majesty's key, pk=(G, g1, g2, g3, { hi}m i=1), here
g1=gx;Calculate msk=g2 xAs main system private key;Initialising subscriber information table T and permission set Ρ={ p1, p2..., here, and for each pi∈ Ρ randomly selects symmetrical recipient's private key, with initialising subscriber information table T and power
Limit set Ρ is sent to privately owned Cloud Server storage and management together.
Preferably, further include:Generation unit, for when receiving new user and applying that request is added, according to new user Shen
The User Identity in request and main system private key please be added, the broadcast enciphering for generating the identity-based of corresponding user is private
Key;Execution unit is also used to:The initialization function for executing preset number signature algorithm, is randomly generated a pair of digital signature scheme
Public and private key;Determination unit, for determining broadcast enciphering private key, the digital signature scheme private key of User Identity, identity-based
For private key for user, and through safe lane returns to corresponding new user and apply being added and request corresponding user terminal;Transmission unit
It is also used to:New user's registration information is sent to privately owned Cloud Server, and updates system user information table, new user's registration information packet
Include User Identity, digital signature scheme public key;Transmission unit is also used to:When the inspection based on keyword for determining revocation user
Suo Quan prescribes a time limit, and sends corresponding User Identity to privately owned Cloud Server, so that privately owned Cloud Server is according to user identity mark
Know and searches for and delete corresponding to the list item in system user information table.
In the present solution, being added according to new user application in requesting by when receiving new user's application addition request
User Identity and main system private key generate the broadcast enciphering private key of the identity-based of corresponding user, are advantageously implemented new
The application of user is added, and by executing the initialization function of preset number signature algorithm, the one of digital signature scheme is randomly generated
To public and private key, determine that User Identity, the broadcast enciphering private key of identity-based, digital signature scheme private key are that user is private later
Key, and return to corresponding new user through safe lane and apply that the corresponding user terminal of request is added, be conducive to user and be total to
Permission is enjoyed, when receiving cryptograph files, can decrypt as clear text file, be read out and use, passes through and sends new user's note
Volume information updates system user information table to privately owned Cloud Server, and new user's registration information includes User Identity, number
Signature scheme public key reduces key and potentially leaks and abuse risk, and user key quantity is smaller, is conducive to be protected
It deposits, storage occupied space is reduced, and calculation amount is smaller, by when the retrieval permissions based on keyword for determining revocation user
When, corresponding User Identity is sent to privately owned Cloud Server, so that privately owned Cloud Server is searched for according to User Identity
And the list item corresponded in system user information table is deleted, realize the more efficiently revocation of access privilege, Er Qiewu
More new key need to be issued again for other related and unrevoked users, reduce calculation amount, promoting data sharing safety
While, improve the efficiency of data sharing.
Technical solution of the present invention additionally provides a kind of data safety sharing means based on cloud environment, is suitable for data master
Terminal, including:Execution unit, according to the set of User Identity, is generated for executing the broadcast enciphering algorithm of identity-based
Session key and corresponding broadcast message head;Generation unit, for generating ciphertext according to session key symmetric cryptography shared file
File;Execution unit is also used to:Executing public key can search for Encryption Algorithm, encrypt to keyword relevant to shared file,
Generate ciphertext keyword;Transmission unit, for sending cipher-text information to publicly-owned Cloud Server, cipher-text information includes user identity mark
The set of knowledge, cryptograph files, ciphertext keyword, broadcast message head.
In the present solution, according to the set of User Identity, generating meeting by the broadcast enciphering algorithm for executing identity-based
Key and corresponding broadcast message head are talked about, is advantageously implemented the generation of cryptograph files, the upload for the data that data master terminal possesses,
By generating cryptograph files according to session key symmetric cryptography shared file, is conducive to the safety for ensureing shared file, passes through
Executing public key can search for Encryption Algorithm, encrypt to keyword relevant to shared file, generates ciphertext keyword, is conducive to
The retrieval for realizing cryptograph files, by sending cipher-text information to publicly-owned Cloud Server, cipher-text information includes User Identity
Set, cryptograph files, ciphertext keyword, broadcast message head are conducive to publicly-owned Cloud Server and are asked according to user to shared file
Ask, carry out the retrieval of cipher-text information, to realize that the safety of data is shared, cipher-text information include User Identity set,
Cryptograph files, ciphertext keyword, broadcast message head, the user for only meeting condition could obtain plaintext corresponding to cryptograph files
File has further ensured the safety of data sharing, and calculation amount is small, and storage occupies little space.
Technical solution of the present invention additionally provides a kind of data safety sharing means based on cloud environment, is suitable for private clound
Server, including:Retrieval unit is searched, for when receiving user cloud file access request, according to User Identity,
Searching system user message table is searched, user cloud file access request includes User Identity, keyword to be checked, user
Using digital signature scheme private key to the signature of User Identity and keyword to be checked;Transmission unit, for when lookup
The corresponding list item in system user information table is retrieved, and when signature verification success, search result will be searched and be translated as trapdoor shape
Formula, and User Identity and keyword to be checked are sent to publicly-owned Cloud Server, so that publicly-owned Cloud Server carries out ciphertext
Information retrieval.
In the present solution, according to User Identity, searching retrieval by when receiving user cloud file access request
System user information table, user cloud file access request include User Identity, keyword to be checked, user's use number
Signature scheme private key is to the signature of User Identity and keyword to be checked, later when lookup retrieves system user information
Corresponding list item in table, and when signature verification success, will search search result and be translated as trapdoor form, and by User Identity
It is sent to publicly-owned Cloud Server with keyword to be checked, so that publicly-owned Cloud Server carries out cipher-text information retrieval, is taken full advantage of
The mutual cooperation of privately owned Cloud Server and publicly-owned Cloud Server further improves the safety of data sharing, utilizes public cloud
The flexibility and self-help of server, the safety of privately owned Cloud Server realize the balance of safety and efficiency, independent of same
Sharing for one private key, is provided simultaneously with flexible access control and the searching ciphertext function based on keyword, is locally stored in liberation
While, also ensure the safety of privately owned Cloud Server storage and the safety of data sharing process.
Technical solution of the present invention additionally provides a kind of data safety sharing means based on cloud environment, and it is whole to be suitable for user
End, including:Receiving unit, the private key for user determined for receiving publicly-owned Cloud Server, private key for user include User Identity,
Broadcast enciphering private key, the digital signature scheme private key of identity-based;Receiving unit is also used to:Publicly-owned Cloud Server retrieval is received to sentence
Return file set after fixed;Execution unit restores and data master terminal for executing the broadcast decipherment algorithm of identity-based
Session key;Generation unit generates corresponding for decrypting each cryptograph files returned in file set according to session key
Clear text file.
In the present solution, the private key for user determined by receiving publicly-owned Cloud Server, private key for user include User Identity,
Broadcast enciphering private key, the digital signature scheme private key of identity-based are conducive to quickly solve in the cryptograph files for receiving request
Close is clear text file, retrieves the return file set after determining by receiving publicly-owned Cloud Server, executes identity-based later
Decipherment algorithm is broadcasted, the session key with data master terminal is restored, is decrypted returned in file set according to session key later
Each cryptograph files generate corresponding clear text file, and the user for only meeting condition could obtain corresponding to the bright of cryptograph files
File further improves convenience and the safety of data sharing independent of the shared of same private key.
Both had the flexibility and self-help of publicly-owned Cloud Server using mixing cloud environment by above technical scheme,
It can be with secure storage, independent of same further through the cryptograph files that the safety of privately owned Cloud Server uploads data master terminal
Sharing for one private key, has flexible access control and the searching ciphertext function based on keyword, realizes controllable shared and inspection
The purpose of rope, while reducing local computing amount and the amount of being locally stored.
Additional aspect and advantage of the invention will provide in following description section, will partially become from the following description
Obviously, or practice through the invention is recognized.
Detailed description of the invention
Above-mentioned and/or additional aspect of the invention and advantage will become from the description of the embodiment in conjunction with the following figures
Obviously and it is readily appreciated that, wherein:
Fig. 1 is the schematic flow diagram of the data safety sharing method based on cloud environment in an embodiment;
Fig. 2 is the schematic flow diagram of the data safety sharing method based on cloud environment in an embodiment;
Fig. 3 is the schematic flow diagram of the data safety sharing method based on cloud environment in an embodiment;
Fig. 4 is the schematic flow diagram of the data safety sharing method based on cloud environment in an embodiment;
Fig. 5 is the schematic block diagram of the data safety sharing means based on cloud environment in an embodiment;
Fig. 6 is the schematic block diagram of the data safety sharing means based on cloud environment in an embodiment;
Fig. 7 is the schematic block diagram of the data safety sharing means based on cloud environment in an embodiment;
Fig. 8 is the schematic block diagram of the data safety sharing means based on cloud environment in an embodiment.
Specific embodiment
To better understand the objects, features and advantages of the present invention, with reference to the accompanying drawing and specific real
Applying mode, the present invention is further described in detail.It should be noted that in the absence of conflict, the implementation of the application
Feature in example and embodiment can be combined with each other.
In the following description, numerous specific details are set forth in order to facilitate a full understanding of the present invention, still, the present invention may be used also
To be implemented using other than the one described here other modes, therefore, protection scope of the present invention is not by described below
Specific embodiment limitation.
As shown in Figure 1, the data safety sharing method based on cloud environment in the embodiment, is suitable for publicly-owned cloud service
Device includes the following steps:
S102 executes the initialization algorithm in preset password component, determines corresponding public and private key, public and private key includes system Your Majesty
Key, main system private key, recipient's public key, recipient's private key;
S104 initializes system user information table, and sends system user information table and recipient's private key to private through safe lane
There is Cloud Server storage;
S106, public address system Your Majesty key and recipient's public key;
S108 receives privately owned Cloud Server according to the User Identity of user cloud file access request acknowledgment of your inquiry and to be checked
Keyword is ask, and carries out cipher-text information retrieval;
S110, transmission retrieve the return file set after determining to the corresponding user terminal of user cloud file access request.
In the present embodiment, the initialization algorithm in preset password component is executed, determines corresponding public and private key, public and private key packet
System Your Majesty key, main system private key, recipient's public key, recipient's private key are included, initializes system user information table later, and through pacifying
All channel sends system user information table and recipient's private key to privately owned Cloud Server and store, later public address system Your Majesty key with connect
Receipts person's public key realizes the configuration of key, is advantageously implemented controllable shared and retrieval purpose, while reducing local computing
Amount, by receiving privately owned Cloud Server according to the User Identity of user cloud file access request acknowledgment of your inquiry and to be checked
Keyword, and cipher-text information retrieval is carried out, the return file set after transmission retrieval judgement to user cloud file access request
Corresponding user terminal realizes the shared of file, utilizes the flexibility and self-help of publicly-owned Cloud Server, privately owned Cloud Server
Safety, realize the balance of safety and efficiency.
It should be noted that preset password component is the broadcast enciphering IBBE of identity-based and public key can search for adding
Close PEKS, the initialization algorithm of the broadcast enciphering of identity-based are stetup (λ, n), and the specially algorithm inputs security parameter λ
With the maximum number n of the recipient allowed in a broadcast enciphering, output system Your Majesty key and main system private key, public key be can search for
The initialization algorithm of encryption is stetup (λ), and the specially algorithm inputs security parameter λ, exports recipient's public key and recipient
Private key.
Furthermore it is also possible to determine corresponding public and private key, specially by following scheme:It inputs parameter lambda and initializes prime number p
Rank is the two-wire group G for generating member with g, and defines bilinear map ê thereon:G×G→GTAnd binary-coded character set of strings
On hash function H:{0,1 }*→Zp, { 0,1 } * indicates the set being made of the string of binary characters of random length here;
Randomly select g2, g3, { hi}m i=1∈RGWith x ∈ RZp, and output system Your Majesty's key, pk=(G, g1, g2, g3, { hi}m i=1), here
g1=gx;Calculate msk=g2 xAs main system private key;Initialising subscriber information table T and permission set Ρ={ p1, p2..., here, and for each pi∈ Ρ randomly selects symmetrical recipient's private key, with initialising subscriber information table T and power
Limit set Ρ is sent to privately owned Cloud Server storage and management together.
Preferably, further include:When receiving new user's application addition request, it is added according to new user application in requesting
User Identity and main system private key generate the broadcast enciphering private key of the identity-based of corresponding user;Execute preset number
The public and private key of a pair of digital signature scheme is randomly generated in the initialization function of signature algorithm;Determine User Identity, based on body
The broadcast enciphering private key, digital signature scheme private key of part are private key for user, and return to corresponding new user Shen through safe lane
The corresponding user terminal of request please be added;New user's registration information is sent to privately owned Cloud Server, and updates system user information
Table, new user's registration information include User Identity, digital signature scheme public key;When determining revocation user is based on keyword
Retrieval permissions when, send corresponding User Identity to privately owned Cloud Server, so that privately owned Cloud Server is according to user's body
Part identification search simultaneously deletes the list item corresponded in system user information table.
In the present embodiment, by being added according to new user application in requesting when receiving new user's application addition request
User Identity and main system private key, generate the broadcast enciphering private key of the identity-based of corresponding user, be advantageously implemented
The application of new user is added, and by executing the initialization function of preset number signature algorithm, digital signature scheme is randomly generated
A pair of public and private key determines that User Identity, the broadcast enciphering private key of identity-based, digital signature scheme private key are user later
Private key, and return to corresponding new user through safe lane and apply that the corresponding user terminal of request is added, be conducive to user's acquisition
Share Permissions can be decrypted as clear text file when receiving cryptograph files, be read out and use, and pass through and send new user
Registration information updates system user information table to privately owned Cloud Server, and new user's registration information includes User Identity, number
Word signature scheme public key reduces key and potentially leaks and abuse risk, and user key quantity is smaller, is conducive to carry out
It saves, storage occupied space is reduced, and calculation amount is smaller, by when the retrieval permissions based on keyword for determining revocation user
When, corresponding User Identity is sent to privately owned Cloud Server, so that privately owned Cloud Server is searched for according to User Identity
And the list item corresponded in system user information table is deleted, realize the more efficiently revocation of access privilege, Er Qiewu
More new key need to be issued again for other related and unrevoked users, reduce calculation amount, promoting data sharing safety
While, improve the efficiency of data sharing.
As shown in Fig. 2, the data safety sharing method based on cloud environment in the embodiment, is suitable for data master terminal,
Specifically include following steps:
S202 executes the broadcast enciphering algorithm of identity-based, according to the set of User Identity, generates session key and correspondence
Broadcast message head;
S204 generates cryptograph files according to session key symmetric cryptography shared file;
S206, executing public key can search for Encryption Algorithm, encrypt to keyword relevant to shared file, and it is crucial to generate ciphertext
Word;
S208, sends cipher-text information to publicly-owned Cloud Server, cipher-text information include the set of User Identity, cryptograph files,
Ciphertext keyword, broadcast message head.
In the present embodiment, by executing the broadcast enciphering algorithm of identity-based, according to the set of User Identity, generate
Session key and corresponding broadcast message head, are advantageously implemented the generation of cryptograph files, the data that data master terminal possesses it is upper
It passes, by the way that according to session key symmetric cryptography shared file, generation cryptograph files are conducive to the safety for ensureing shared file,
It can search for Encryption Algorithm by executing public key, keyword relevant to shared file encrypted, ciphertext keyword is generated, has
Conducive to the retrieval for realizing cryptograph files, by sending cipher-text information to publicly-owned Cloud Server, cipher-text information includes user identity mark
The set of knowledge, cryptograph files, ciphertext keyword, broadcast message head are conducive to publicly-owned Cloud Server according to user to shared file
Request, carry out the retrieval of cipher-text information, to realize that the safety of data is shared, cipher-text information includes the collection of User Identity
Conjunction, cryptograph files, ciphertext keyword, broadcast message head, the user for only meeting condition could obtain corresponding to cryptograph files
Clear text file has further ensured the safety of data sharing, and calculation amount is small, and storage occupies little space.
As shown in figure 3, the data safety sharing method based on cloud environment in the embodiment, is suitable for privately owned cloud service
Device specifically includes following steps:
S302, according to User Identity, searches searching system user information when receiving user cloud file access request
Table, user cloud file access request include User Identity, keyword to be checked, user using digital signature scheme private key
To the signature of User Identity and keyword to be checked;
S304 will search retrieval knot when lookup retrieves the corresponding list item in system user information table, and signature verification is successful
Fruit is translated as trapdoor form, and User Identity and keyword to be checked are sent to publicly-owned Cloud Server, for public cloud
Server carries out cipher-text information retrieval.
In the present embodiment, by according to User Identity, searching inspection when receiving user cloud file access request
Cable system user message table, user cloud file access request include User Identity, keyword to be checked, user using number
Word signature scheme private key believes the signature of User Identity and keyword to be checked when lookup retrieves system user later
The corresponding list item in table is ceased, and when signature verification success, search result will be searched and be translated as trapdoor form, and by user identity mark
Know and keyword to be checked is sent to publicly-owned Cloud Server, so that publicly-owned Cloud Server carries out cipher-text information retrieval, makes full use of
The mutual cooperation of privately owned Cloud Server and publicly-owned Cloud Server, further improves the safety of data sharing, utilization is publicly-owned
The flexibility and self-help of Cloud Server, the safety of privately owned Cloud Server realize the balance of safety and efficiency, independent of
Sharing for same private key, is provided simultaneously with flexible access control and the searching ciphertext function based on keyword, locally deposits in liberation
While storage, the safety of privately owned Cloud Server storage and the safety of data sharing process have also been ensured.
As shown in figure 4, the data safety sharing method based on cloud environment in the embodiment, is suitable for user terminal, tool
Body includes the following steps:
S402, receives the private key for user that publicly-owned Cloud Server determines, private key for user include User Identity, identity-based it is wide
Broadcast encryption key, digital signature scheme private key;
S404 receives the return file set after publicly-owned Cloud Server retrieval determines;
S406 executes the broadcast decipherment algorithm of identity-based, restores the session key with data master terminal;
S408 decrypts each cryptograph files returned in file set according to session key, generates corresponding clear text file.
In the present embodiment, the private key for user determined by receiving publicly-owned Cloud Server, private key for user includes user identity mark
Know, the broadcast enciphering private key of identity-based, digital signature scheme private key, is conducive to quick in the cryptograph files for receiving request
Decryption is clear text file, retrieves the return file set after determining by receiving publicly-owned Cloud Server, executes identity-based later
Broadcast decipherment algorithm, restore with the session key of data master terminal, decrypted returned in file set according to session key later
Each cryptograph files, generate corresponding clear text file, the user for only meeting condition could obtain corresponding to cryptograph files
Clear text file further improves convenience and the safety of data sharing independent of the shared of same private key.
As shown in figure 5, the data safety sharing means 500 based on cloud environment in the embodiment, are suitable for public cloud and take
Business device, including:Execution unit 502 determines corresponding public and private key for executing the initialization algorithm in preset password component,
Public and private key includes but is not limited to system Your Majesty key, main system private key, recipient's public key, recipient's private key;Transmission unit 504 is used
System user information table and recipient's private key are sent to privately owned cloud service in initialization system user information table, and through safe lane
Device storage;Unit 506 is announced, public address system Your Majesty key and recipient's public key are used for;Receiving unit 508, for receiving private clound
Server carries out ciphertext according to the User Identity and keyword to be checked of user cloud file access request acknowledgment of your inquiry
Information retrieval;Transmission unit 510 is used for transmission the return file set after retrieval determines to user cloud file access request pair
The user terminal answered.
In the present embodiment, the initialization algorithm in preset password component is executed, determines corresponding public and private key, public and private key packet
System Your Majesty key, main system private key, recipient's public key, recipient's private key are included, initializes system user information table later, and through pacifying
All channel sends system user information table and recipient's private key to privately owned Cloud Server and store, later public address system Your Majesty key with connect
Receipts person's public key realizes the configuration of key, is advantageously implemented controllable shared and retrieval purpose, while reducing local computing
Amount, by receiving privately owned Cloud Server according to the User Identity of user cloud file access request acknowledgment of your inquiry and to be checked
Keyword, and cipher-text information retrieval is carried out, the return file set after transmission retrieval judgement to user cloud file access request
Corresponding user terminal realizes the shared of file, utilizes the flexibility and self-help of publicly-owned Cloud Server, privately owned Cloud Server
Safety, realize the balance of safety and efficiency.
It should be noted that preset password component is the broadcast enciphering IBBE of identity-based and public key can search for adding
Close PEKS, the initialization algorithm of the broadcast enciphering of identity-based are stetup (λ, n), and the specially algorithm inputs security parameter λ
With the maximum number n of the recipient allowed in a broadcast enciphering, output system Your Majesty key and main system private key, public key be can search for
The initialization algorithm of encryption is stetup (λ), and the specially algorithm inputs security parameter λ, exports recipient's public key and recipient
Private key.
Furthermore it is also possible to determine corresponding public and private key, specially by following scheme:It inputs parameter lambda and initializes prime number p
Rank is the two-wire group G for generating member with g, and defines bilinear map ê thereon:G×G→GTAnd binary-coded character set of strings
On hash function H:{0,1 }*→Zp, { 0,1 } * indicates the set being made of the string of binary characters of random length here;
Randomly select g2, g3, { hi}m i=1∈RGWith x ∈ RZp, and output system Your Majesty's key, pk=(G, g1, g2, g3, { hi}m i=1), here
g1=gx;Calculate msk=g2 xAs main system private key;Initialising subscriber information table T and permission set Ρ={ p1, p2..., here, and for each pi∈ Ρ randomly selects symmetrical recipient's private key, with initialising subscriber information table T and power
Limit set Ρ is sent to privately owned Cloud Server storage and management together.
The data safety sharing means 500 for being preferably based on cloud environment further include:Generation unit 512 is received for working as
When new user applies that request is added, the User Identity being added in request and main system private key are applied for according to new user, generated
The broadcast enciphering private key of the identity-based of corresponding user;Execution unit 502 is also used to:Execute the first of preset number signature algorithm
The public and private key of a pair of digital signature scheme is randomly generated in beginningization function;Determination unit 514, for determining User Identity, base
It is private key for user in the broadcast enciphering private key of identity, digital signature scheme private key, and returns to corresponding new use through safe lane
Family application, which is added, requests corresponding user terminal;Transmission unit 504 is also used to:New user's registration information is sent to privately owned cloud service
Device, and system user information table is updated, new user's registration information includes User Identity, digital signature scheme public key;It sends
Unit 504 is also used to:When determining the retrieval permissions based on keyword of revocation user, corresponding User Identity is sent extremely
Privately owned Cloud Server, so that privately owned Cloud Server is searched for according to User Identity and is deleted corresponding in system user information table
List item.
In the present embodiment, by being added according to new user application in requesting when receiving new user's application addition request
User Identity and main system private key, generate the broadcast enciphering private key of the identity-based of corresponding user, be advantageously implemented
The application of new user is added, and by executing the initialization function of preset number signature algorithm, digital signature scheme is randomly generated
A pair of public and private key determines that User Identity, the broadcast enciphering private key of identity-based, digital signature scheme private key are user later
Private key, and return to corresponding new user through safe lane and apply that the corresponding user terminal of request is added, be conducive to user's acquisition
Share Permissions can be decrypted as clear text file when receiving cryptograph files, be read out and use, and pass through and send new user
Registration information updates system user information table to privately owned Cloud Server, and new user's registration information includes User Identity, number
Word signature scheme public key reduces key and potentially leaks and abuse risk, and user key quantity is smaller, is conducive to carry out
It saves, storage occupied space is reduced, and calculation amount is smaller, by when the retrieval permissions based on keyword for determining revocation user
When, corresponding User Identity is sent to privately owned Cloud Server, so that privately owned Cloud Server is searched for according to User Identity
And the list item corresponded in system user information table is deleted, realize the more efficiently revocation of access privilege, Er Qiewu
More new key need to be issued again for other related and unrevoked users, reduce calculation amount, promoting data sharing safety
While, improve the efficiency of data sharing.
As shown in fig. 6, the data safety sharing means 600 based on cloud environment in the embodiment, are suitable for data main end
End, including:Execution unit 602, it is raw according to the set of User Identity for executing the broadcast enciphering algorithm of identity-based
At session key and corresponding broadcast message head;Generation unit 604, for according to session key symmetric cryptography shared file, life
At cryptograph files;Execution unit 604 is also used to:Executing public key can search for Encryption Algorithm, to keyword relevant to shared file
It is encrypted, generates ciphertext keyword;Transmission unit 606, for sending cipher-text information to publicly-owned Cloud Server, cipher-text information packet
Include set, the cryptograph files, ciphertext keyword, broadcast message head of User Identity.
In the present embodiment, by executing the broadcast enciphering algorithm of identity-based, according to the set of User Identity, generate
Session key and corresponding broadcast message head, are advantageously implemented the generation of cryptograph files, the data that data master terminal possesses it is upper
It passes, by the way that according to session key symmetric cryptography shared file, generation cryptograph files are conducive to the safety for ensureing shared file,
It can search for Encryption Algorithm by executing public key, keyword relevant to shared file encrypted, ciphertext keyword is generated, has
Conducive to the retrieval for realizing cryptograph files, by sending cipher-text information to publicly-owned Cloud Server, cipher-text information includes user identity mark
The set of knowledge, cryptograph files, ciphertext keyword, broadcast message head are conducive to publicly-owned Cloud Server according to user to shared file
Request, carry out the retrieval of cipher-text information, to realize that the safety of data is shared, cipher-text information includes the collection of User Identity
Conjunction, cryptograph files, ciphertext keyword, broadcast message head, the user for only meeting condition could obtain corresponding to cryptograph files
Clear text file has further ensured the safety of data sharing, and calculation amount is small, and storage occupies little space.
As shown in fig. 7, the data safety sharing means 700 based on cloud environment in the embodiment, are suitable for private clound and take
Business device, including:Retrieval unit 702 is searched, for when receiving user cloud file access request, according to user identity mark
Know, search searching system user message table, user cloud file access request include User Identity, keyword to be checked,
User is using digital signature scheme private key to the signature of User Identity and keyword to be checked;Transmission unit 704, is used for
When lookup retrieves the corresponding list item in system user information table, and signature verification is successful, search result will be searched and be translated as
Trapdoor form, and User Identity and keyword to be checked are sent to publicly-owned Cloud Server, for publicly-owned Cloud Server into
The retrieval of row cipher-text information.
In the present embodiment, by according to User Identity, searching inspection when receiving user cloud file access request
Cable system user message table, user cloud file access request include User Identity, keyword to be checked, user using number
Word signature scheme private key believes the signature of User Identity and keyword to be checked when lookup retrieves system user later
The corresponding list item in table is ceased, and when signature verification success, search result will be searched and be translated as trapdoor form, and by user identity mark
Know and keyword to be checked is sent to publicly-owned Cloud Server, so that publicly-owned Cloud Server carries out cipher-text information retrieval, makes full use of
The mutual cooperation of privately owned Cloud Server and publicly-owned Cloud Server, further improves the safety of data sharing, utilization is publicly-owned
The flexibility and self-help of Cloud Server, the safety of privately owned Cloud Server realize the balance of safety and efficiency, independent of
Sharing for same private key, is provided simultaneously with flexible access control and the searching ciphertext function based on keyword, locally deposits in liberation
While storage, the safety of privately owned Cloud Server storage and the safety of data sharing process have also been ensured.
As shown in figure 8, the data safety sharing means 800 based on cloud environment in the embodiment, are suitable for user terminal,
Including:Receiving unit 802, the private key for user determined for receiving publicly-owned Cloud Server, private key for user include User Identity,
Broadcast enciphering private key, the digital signature scheme private key of identity-based;Receiving unit 802 is also used to:Receive publicly-owned Cloud Server inspection
Return file set after rope judgement;Execution unit 804, for executing the broadcast decipherment algorithm of identity-based, recovery and data
The session key of master terminal;Generation unit 806, for decrypting each ciphertext text returned in file set according to session key
Part generates corresponding clear text file.
In the present embodiment, the private key for user determined by receiving publicly-owned Cloud Server, private key for user includes user identity mark
Know, the broadcast enciphering private key of identity-based, digital signature scheme private key, is conducive to quick in the cryptograph files for receiving request
Decryption is clear text file, retrieves the return file set after determining by receiving publicly-owned Cloud Server, executes identity-based later
Broadcast decipherment algorithm, restore with the session key of data master terminal, decrypted returned in file set according to session key later
Each cryptograph files, generate corresponding clear text file, the user for only meeting condition could obtain corresponding to cryptograph files
Clear text file further improves convenience and the safety of data sharing independent of the shared of same private key.
The technical scheme of the present invention has been explained in detail above with reference to the attached drawings, and the invention proposes a kind of numbers based on cloud environment
Both had publicly-owned according to secure sharing method and a kind of data safety sharing means based on cloud environment using mixing cloud environment
The flexibility and self-help of Cloud Server, the ciphertext text for further through the safety of privately owned Cloud Server data master terminal being uploaded
Part can have flexible access control and the ciphertext inspection based on keyword independent of the shared of same private key with secure storage
Suo Gongneng realizes controllable shared and retrieval purpose, while reducing local computing amount and the amount of being locally stored.
Each technical characteristic of embodiment described above can be combined arbitrarily, for simplicity of description, not to above-mentioned reality
Apply each technical characteristic in example it is all possible combination be all described, as long as however the combination of these technical characteristics be not present
Contradiction all should be considered as described in this specification.
The embodiments described above only express several embodiments of the present invention, and the description thereof is more specific and detailed, but simultaneously
It cannot be therefore understands that for the limitation to patent of invention range.It should be pointed out that for those of ordinary skill in the art,
Under the premise of not departing from design of the invention, various modifications and improvements can be made, these belong to protection of the invention
Range.Therefore, the scope of protection of the patent of the invention shall be subject to the appended claims.
Claims (10)
1. a kind of data safety sharing method based on cloud environment is suitable for publicly-owned Cloud Server, which is characterized in that including:
The initialization algorithm in preset password component is executed, determines corresponding public and private key, the public and private key includes system Your Majesty
Key, main system private key, recipient's public key, recipient's private key;
System user information table is initialized, and sends the system user information table and recipient's private key extremely through safe lane
Privately owned Cloud Server storage;
Announce the system Your Majesty key and recipient's public key;
Receive User Identity and to be checked pass of the privately owned Cloud Server according to user cloud file access request acknowledgment of your inquiry
Keyword, and carry out cipher-text information retrieval;
Transmission retrieves the return file set after determining to the corresponding user terminal of user cloud file access request.
2. the data safety sharing method according to claim 1 based on cloud environment, which is characterized in that further include:
When receiving new user's application addition request, applied that the user identity mark in requesting is added according to the new user
Knowledge and the main system private key, generate the broadcast enciphering private key of the identity-based of corresponding user;
The public and private key of a pair of digital signature scheme is randomly generated in the initialization function for executing preset number signature algorithm;
The User Identity, the broadcast enciphering private key of the identity-based, the digital signature scheme private key are determined to use
Family private key, and return to the corresponding new user through the safe lane and apply that the corresponding user terminal of request is added;
New user's registration information is sent to the privately owned Cloud Server, and updates the system user information table, the new user
Registration information includes the User Identity, the digital signature scheme public key;
When determining the retrieval permissions based on keyword of revocation user, the corresponding User Identity is sent to the private
There is Cloud Server, is searched for and deleted according to the User Identity for the privately owned Cloud Server and used corresponding to the system
List item in the information table of family.
3. a kind of data safety sharing method based on cloud environment is suitable for data master terminal, which is characterized in that including:
The broadcast enciphering algorithm for executing identity-based generates session key and correspondence according to the set of the User Identity
Broadcast message head;
According to the session key symmetric cryptography shared file, cryptograph files are generated;
Executing public key can search for Encryption Algorithm, encrypt to keyword relevant to the shared file, and it is crucial to generate ciphertext
Word;
Cipher-text information is sent to publicly-owned Cloud Server, the cipher-text information includes the set, described close of the User Identity
File, the ciphertext keyword, the broadcast message head.
4. a kind of data safety sharing method based on cloud environment is suitable for privately owned Cloud Server, which is characterized in that including:
When receiving user cloud file access request, according to User Identity, searching system user message table, institute are searched
Stating user cloud file access request includes the User Identity, keyword to be checked, user using digital signature scheme
Signature of the private key to the User Identity and the keyword to be checked;
When lookup retrieves the corresponding list item in the system user information table, and the signature verification is successful, examined searching
Hitch fruit is translated as trapdoor form, and the User Identity and the keyword to be checked are sent to publicly-owned cloud service
Device, so that the publicly-owned Cloud Server carries out cipher-text information retrieval.
5. a kind of data safety sharing method based on cloud environment is suitable for user terminal, which is characterized in that including:
Receive the private key for user that publicly-owned Cloud Server determines, the private key for user include User Identity, identity-based it is wide
Broadcast encryption key, digital signature scheme private key;
Receive the return file set after the publicly-owned Cloud Server retrieval determines;
The broadcast decipherment algorithm of identity-based is executed, the session key with data master terminal is restored;
Each cryptograph files in the return file set are decrypted according to the session key, generate corresponding clear text file.
6. a kind of data safety sharing means based on cloud environment are suitable for publicly-owned Cloud Server, which is characterized in that including:
Execution unit determines corresponding public and private key, the public and private key for executing the initialization algorithm in preset password component
Including but not limited to system Your Majesty key, main system private key, recipient's public key, recipient's private key;
Transmission unit sends the system user information table and institute for initializing system user information table, and through safe lane
Recipient's private key to privately owned Cloud Server is stated to store;
Unit is announced, for announcing the system Your Majesty key and recipient's public key;
Receiving unit, for receiving privately owned Cloud Server according to the user identity mark of user cloud file access request acknowledgment of your inquiry
Knowledge and keyword to be checked, and carry out cipher-text information retrieval;
It is corresponding to user cloud file access request to be used for transmission the return file set after retrieval determines for transmission unit
User terminal.
7. the data safety sharing means according to claim 6 based on cloud environment, which is characterized in that further include:
Generation unit, for being added according to new user's application in requesting when receiving new user's application addition request
The User Identity and the main system private key generate the broadcast enciphering private key of the identity-based of corresponding user;
The execution unit is also used to:The initialization function for executing preset number signature algorithm, is randomly generated digital signature scheme
The public and private key of a pair;
Determination unit, for determining the broadcast enciphering private key of the User Identity, the identity-based, the digital signature
Scheme private key is private key for user, and returns to the corresponding new user through the safe lane and apply that the corresponding use of request is added
Family terminal;
The transmission unit is also used to:New user's registration information is sent to the privately owned Cloud Server, and updates the system and uses
Family information table, the new user's registration information include the User Identity, the digital signature scheme public key;
The transmission unit is also used to:When determining the retrieval permissions based on keyword of revocation user, send corresponding described
User Identity is to the privately owned Cloud Server, so that the privately owned Cloud Server is searched for simultaneously according to the User Identity
Delete the list item corresponded in the system user information table.
8. a kind of data safety sharing means based on cloud environment are suitable for data master terminal, which is characterized in that including:
Execution unit, according to the set of the User Identity, generates meeting for executing the broadcast enciphering algorithm of identity-based
Talk about key and corresponding broadcast message head;
Generation unit, for generating cryptograph files according to the session key symmetric cryptography shared file;
The execution unit is also used to:Execute public key can search for Encryption Algorithm, to keyword relevant to the shared file into
Row encryption, generates ciphertext keyword;
Transmission unit, for sending cipher-text information to publicly-owned Cloud Server, the cipher-text information includes the User Identity
Set, the cryptograph files, the ciphertext keyword, the broadcast message head.
9. a kind of data safety sharing means based on cloud environment are suitable for privately owned Cloud Server, which is characterized in that including:
Retrieval unit is searched, for according to User Identity, searching retrieval when receiving user cloud file access request
System user information table, user cloud file access request include the User Identity, keyword to be checked, user
Using digital signature scheme private key to the signature of the User Identity and the keyword to be checked;
Transmission unit, for retrieving corresponding list item in the system user information table when searching, and the signature verification at
When function, search result will be searched and be translated as trapdoor form, and the User Identity and the keyword to be checked are sent
To publicly-owned Cloud Server, so that the publicly-owned Cloud Server carries out cipher-text information retrieval.
10. a kind of data safety sharing means based on cloud environment are suitable for user terminal, which is characterized in that including:
Receiving unit, the private key for user determined for receiving publicly-owned Cloud Server, the private key for user include User Identity,
Broadcast enciphering private key, the digital signature scheme private key of identity-based;
The receiving unit is also used to:Receive the return file set after the publicly-owned Cloud Server retrieval determines;
Execution unit restores the session key with data master terminal for executing the broadcast decipherment algorithm of identity-based;
Generation unit, for decrypting each cryptograph files in the return file set, generation pair according to the session key
The clear text file answered.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810579506.0A CN108881195A (en) | 2018-06-07 | 2018-06-07 | Data safety sharing method and device based on cloud environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810579506.0A CN108881195A (en) | 2018-06-07 | 2018-06-07 | Data safety sharing method and device based on cloud environment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108881195A true CN108881195A (en) | 2018-11-23 |
Family
ID=64337126
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810579506.0A Pending CN108881195A (en) | 2018-06-07 | 2018-06-07 | Data safety sharing method and device based on cloud environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108881195A (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109981267A (en) * | 2019-03-22 | 2019-07-05 | 西安电子科技大学 | Large-scale consumer multi-key cipher scene cloud encrypting database system and storage querying method |
| CN110012024A (en) * | 2019-04-16 | 2019-07-12 | 广东工业大学 | A kind of data sharing method, system, equipment and computer readable storage medium |
| CN110059055A (en) * | 2019-03-28 | 2019-07-26 | 广东紫晶信息存储技术股份有限公司 | A kind of file storage and read method and device based on distributed private clound |
| CN111314385A (en) * | 2020-03-23 | 2020-06-19 | 郑州悉知信息科技股份有限公司 | Data access method and device |
| CN111625852A (en) * | 2020-05-21 | 2020-09-04 | 杭州尚尚签网络科技有限公司 | Electronic signature method based on document and user private key under hybrid cloud architecture |
| CN111626338A (en) * | 2020-05-06 | 2020-09-04 | 中移雄安信息通信科技有限公司 | Cloud environment matching method, device, equipment and medium based on fusion classification model |
| CN111835692A (en) * | 2019-04-22 | 2020-10-27 | 中国信息通信研究院 | Information distribution management system and method |
| CN111917759A (en) * | 2020-07-27 | 2020-11-10 | 八维通科技有限公司 | Data security interaction method for gas station |
| CN112019553A (en) * | 2020-08-31 | 2020-12-01 | 航天信息股份有限公司 | Data sharing method based on IBE/IBBE |
| CN112187757A (en) * | 2020-09-21 | 2021-01-05 | 上海同态信息科技有限责任公司 | Multilink privacy data circulation system and method |
| CN112257096A (en) * | 2020-11-23 | 2021-01-22 | 中电万维信息技术有限责任公司 | Searching method for cloud storage ciphertext encrypted data |
| CN112383550A (en) * | 2020-11-11 | 2021-02-19 | 郑州轻工业大学 | Dynamic authority access control method based on privacy protection |
| CN112434026A (en) * | 2020-10-29 | 2021-03-02 | 暨南大学 | Secure intellectual property pledge financing method based on Hash chain |
| CN113037743A (en) * | 2021-03-05 | 2021-06-25 | 杭州奕锐电子有限公司 | Encryption method and system for cloud server file |
| CN113642014A (en) * | 2021-07-23 | 2021-11-12 | 广州有信科技有限公司 | Data access system based on hybrid cloud and public cloud server |
| CN114978665A (en) * | 2022-05-17 | 2022-08-30 | 中原银行股份有限公司 | Data verification method and data isolation system based on Redis distributed cache platform |
| CN116781266A (en) * | 2022-01-06 | 2023-09-19 | 西安链科信息技术有限公司 | Data security private cloud control system, control method, medium, equipment and terminal |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103181129A (en) * | 2011-10-25 | 2013-06-26 | 华为技术有限公司 | Data message processing method and system, message forwarding device |
| CN104079429A (en) * | 2014-05-22 | 2014-10-01 | 汉柏科技有限公司 | Hotlinking prevention method based on referer field and Web gateway |
| US20140347479A1 (en) * | 2011-11-13 | 2014-11-27 | Dor Givon | Methods, Systems, Apparatuses, Circuits and Associated Computer Executable Code for Video Based Subject Characterization, Categorization, Identification, Tracking, Monitoring and/or Presence Response |
-
2018
- 2018-06-07 CN CN201810579506.0A patent/CN108881195A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103181129A (en) * | 2011-10-25 | 2013-06-26 | 华为技术有限公司 | Data message processing method and system, message forwarding device |
| US20140347479A1 (en) * | 2011-11-13 | 2014-11-27 | Dor Givon | Methods, Systems, Apparatuses, Circuits and Associated Computer Executable Code for Video Based Subject Characterization, Categorization, Identification, Tracking, Monitoring and/or Presence Response |
| CN104079429A (en) * | 2014-05-22 | 2014-10-01 | 汉柏科技有限公司 | Hotlinking prevention method based on referer field and Web gateway |
Non-Patent Citations (2)
| Title |
|---|
| 李明义: "云环境下加密数据的安全检索机制研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 李晓瑜: "云外包数据安全共享的等级密钥管理", 《中国博士学位论文全文数据库 信息科技辑》 * |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109981267B (en) * | 2019-03-22 | 2021-06-08 | 西安电子科技大学 | Large-scale user multi-key scene cloud encryption database system and storage query method |
| CN109981267A (en) * | 2019-03-22 | 2019-07-05 | 西安电子科技大学 | Large-scale consumer multi-key cipher scene cloud encrypting database system and storage querying method |
| CN110059055A (en) * | 2019-03-28 | 2019-07-26 | 广东紫晶信息存储技术股份有限公司 | A kind of file storage and read method and device based on distributed private clound |
| CN110059055B (en) * | 2019-03-28 | 2022-04-29 | 深圳紫晶存储科技有限公司 | File storage and reading method and device based on distributed private cloud |
| CN110012024A (en) * | 2019-04-16 | 2019-07-12 | 广东工业大学 | A kind of data sharing method, system, equipment and computer readable storage medium |
| CN110012024B (en) * | 2019-04-16 | 2021-07-06 | 广东工业大学 | Data sharing method, system, equipment and computer readable storage medium |
| CN111835692A (en) * | 2019-04-22 | 2020-10-27 | 中国信息通信研究院 | Information distribution management system and method |
| CN111314385A (en) * | 2020-03-23 | 2020-06-19 | 郑州悉知信息科技股份有限公司 | Data access method and device |
| CN111314385B (en) * | 2020-03-23 | 2022-06-28 | 郑州悉知信息科技股份有限公司 | Data access method and device |
| CN111626338A (en) * | 2020-05-06 | 2020-09-04 | 中移雄安信息通信科技有限公司 | Cloud environment matching method, device, equipment and medium based on fusion classification model |
| CN111626338B (en) * | 2020-05-06 | 2022-11-29 | 中移雄安信息通信科技有限公司 | Cloud environment matching method, device, equipment and medium based on fusion classification model |
| CN111625852A (en) * | 2020-05-21 | 2020-09-04 | 杭州尚尚签网络科技有限公司 | Electronic signature method based on document and user private key under hybrid cloud architecture |
| CN111917759A (en) * | 2020-07-27 | 2020-11-10 | 八维通科技有限公司 | Data security interaction method for gas station |
| CN112019553A (en) * | 2020-08-31 | 2020-12-01 | 航天信息股份有限公司 | Data sharing method based on IBE/IBBE |
| CN112187757A (en) * | 2020-09-21 | 2021-01-05 | 上海同态信息科技有限责任公司 | Multilink privacy data circulation system and method |
| CN112434026A (en) * | 2020-10-29 | 2021-03-02 | 暨南大学 | Secure intellectual property pledge financing method based on Hash chain |
| CN112383550B (en) * | 2020-11-11 | 2022-07-26 | 郑州轻工业大学 | Dynamic authority access control method based on privacy protection |
| CN112383550A (en) * | 2020-11-11 | 2021-02-19 | 郑州轻工业大学 | Dynamic authority access control method based on privacy protection |
| CN112257096A (en) * | 2020-11-23 | 2021-01-22 | 中电万维信息技术有限责任公司 | Searching method for cloud storage ciphertext encrypted data |
| CN113037743A (en) * | 2021-03-05 | 2021-06-25 | 杭州奕锐电子有限公司 | Encryption method and system for cloud server file |
| CN113642014A (en) * | 2021-07-23 | 2021-11-12 | 广州有信科技有限公司 | Data access system based on hybrid cloud and public cloud server |
| CN116781266A (en) * | 2022-01-06 | 2023-09-19 | 西安链科信息技术有限公司 | Data security private cloud control system, control method, medium, equipment and terminal |
| CN114978665A (en) * | 2022-05-17 | 2022-08-30 | 中原银行股份有限公司 | Data verification method and data isolation system based on Redis distributed cache platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108881195A (en) | Data safety sharing method and device based on cloud environment | |
| CN111835500B (en) | Searchable encryption data secure sharing method based on homomorphic encryption and block chain | |
| CN106254324B (en) | A kind of encryption method and device of storage file | |
| CN109614818B (en) | Authorized identity-based keyword search encryption method | |
| CN103595793B (en) | Cloud data safe deleting system and method without support of trusted third party | |
| US9379891B2 (en) | Method and system for ID-based encryption and decryption | |
| US20190294811A1 (en) | System and a method for management of confidential data | |
| CN104780161A (en) | Searchable encryption method supporting multiple users in cloud storage | |
| US11296879B2 (en) | Encrypted search | |
| CN103731432A (en) | Multi-user supported searchable encryption system and method | |
| Swathy et al. | Providing advanced security mechanism for scalable data sharing in cloud storage | |
| CN109951513B (en) | Quantum-resistant computing smart home quantum cloud storage method and system based on quantum key card | |
| CN103237040A (en) | Storage method, storage server and storage client | |
| CN104993931B (en) | The encryption searching method of multi-user in a kind of cloud storage | |
| Li et al. | Enabling efficient and secure data sharing in cloud computing | |
| CN104158827A (en) | Cryptograph data sharing method and device, inquiring server and data uploading client terminal | |
| WO2018047698A1 (en) | Encoded message retrieval method, message transmission/reception system, server, terminal, and program | |
| CN110581839A (en) | Content protection method and device | |
| CN109063496A (en) | A kind of method and device of data processing | |
| CN104796411A (en) | Method for safely transmitting, storing and utilizing data in cloud and mobile terminal | |
| Yan et al. | Secure and efficient big data deduplication in fog computing | |
| CN108933758A (en) | Cloud storage encipher-decipher method, device and system can be shared | |
| Chang et al. | Multi-user searchable encryption scheme with constant-size keys | |
| JP6840685B2 (en) | Data sharing method, data sharing system, communication terminal, data sharing server, program | |
| Zheng et al. | Improved anonymous proxy re-encryption with CCA security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20181123 |
|
| WD01 | Invention patent application deemed withdrawn after publication |