CN109120639A - A kind of data cloud storage encryption method and system based on block chain - Google Patents
A kind of data cloud storage encryption method and system based on block chain Download PDFInfo
- Publication number
- CN109120639A CN109120639A CN201811122831.0A CN201811122831A CN109120639A CN 109120639 A CN109120639 A CN 109120639A CN 201811122831 A CN201811122831 A CN 201811122831A CN 109120639 A CN109120639 A CN 109120639A
- Authority
- CN
- China
- Prior art keywords
- encryption
- key
- private key
- access
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000013475 authorization Methods 0.000 claims description 23
- 230000000694 effects Effects 0.000 claims description 3
- 230000006870 function Effects 0.000 description 6
- 238000006243 chemical reaction Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000011217 control strategy Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000003014 reinforcing effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of data cloud storage encryption methods and system based on block chain, method includes: data owner after forming file cipher text using symmetric key encryption file, key ciphertext is formed using own public key encrypted symmetric key, and secondary encryption is carried out to key ciphertext using the public key of attribute key pair, file cipher text and the key ciphertext of secondary encryption are carried out storing on cloud together, encryption attribute public private key pair is generated by proxy re-encryption module;It is generated the access mandate of file cipher text by proxy re-encryption module to the re-encrypted private key of data access person, and block chain is written into the private key of re-encrypted private key and encryption attribute public key pair;The access control policy of file cipher text is written in intelligent contract data owner.The embodiment of the present invention realizes the encryption storage of data file on cloud, while using intelligent contract technology, realizing the access control of data on cloud, sufficiently ensureing privacy and the safety of data by combining Re-encryption Technology and attribute encryption technology.
Description
Technical field
The present invention relates to field of information security technology, in particular to a kind of data cloud storage encryption method based on block chain
And system.
Background technique
With being constantly progressive for network technology, cloud storage service is widely used.Pass through cloud storage service, user
Remote server can be stored data into, easily to guarantee that the confidentiality of the data in cloud, transmission terminal in data are arrived in storage
Often data are encrypted, it will be in the storage to Cloud Server of encrypted ciphertext.However, conventional public-key infrastructure, by
The mode of this centralization of Key Management Center realizes the management of the whole network key, distribution, if the safety of cipher key center is attacked,
The safety of key safety and encryption data to the whole network causes great threat, cannot so as to cause the data confidentiality of cloud storage
Ensure.
Summary of the invention
To solve one of technical problem of the existing technology, the present invention provides a kind of data clouds based on block chain to deposit
Encryption method and system are stored up, by combining Re-encryption Technology and attribute encryption technology, the encryption storage of data file on realization cloud,
Simultaneously using intelligent contract technology, the access control of data on cloud is realized, sufficiently ensure privacy and the safety of data.This hair
Bright specific technical solution is as follows:
In a first aspect, providing a kind of data cloud storage encryption method based on block chain, which comprises
Data owner is added after being carried out encryption to file using symmetric key and forming file cipher text using the public key of oneself
The close symmetric key forms key ciphertext;
The data owner carries out the key ciphertext using the public key of the encryption attribute public private key pair of the file
Secondary encryption forms secondary encryption key ciphertext, and the file cipher text and the secondary encryption key ciphertext is uploaded together
It is stored to Cloud Server, wherein the encryption attribute public private key pair is that the pre- agency first passed through on block catenary system adds again
What close module generated;
It is generated the access mandate of the file cipher text by the proxy re-encryption module on the block catenary system to data
The re-encrypted private key of visitor, and the private key of the re-encrypted private key and the encryption attribute public private key pair is respectively written into described
Block chain;
The access control policy of the file cipher text is written to the intelligence of the block catenary system by the data owner
In contract.
In one embodiment, the encryption attribute public private key pair is number of the proxy re-encryption module based on the file
According to safety level information or authorization access object Role Information or according to the Role Information distribution security level generate.
In one embodiment, authorization access strategy of the access control policy based on the file cipher text and authorization access
Object generates;
Wherein, the authorization access strategy includes the limitation of file path, listed files, access time and the access right of access
Limit at least one of validity period.
In one embodiment, the method also includes:
If the data access person requests access to the file cipher text of the Cloud Server storage, by the cloud service
The attribute information of the data access person is sent to the block catenary system by device;
If the attribute information of the data access person meets the access control policy in the intelligent contract, to the cloud
The private key for the encryption attribute public private key pair that the multiple key ciphertext of server storage is stored using the block chain is belonged to
Property decrypts the key ciphertext;
The secondary encrypted cryptographic key of the block chain storage is accessed by the intelligent contract, and passes through the generation
It manages re-encryption module and the key ciphertext is converted into generation re-encrypted private key ciphertext using the re-encrypted private key, to return to
The person that states data access;
The data access person is decrypted the re-encrypted private key ciphertext using the private key of oneself, to obtain to solve
The symmetric key of the close file cipher text.
In one embodiment, the intelligent contract is indicated the access control policy in the form of Policy Tree.
Second aspect, the present invention provides a kind of data cloud storage encryption system based on block chain, including first terminal,
Second terminal, Cloud Server and block catenary system, wherein
The first terminal includes:
Encrypting module is made for data owner after being carried out encryption to file using symmetric key and forming file cipher text
Symmetric key described in public key encryption with oneself forms key ciphertext;
Secondary encrypting module uses the public key pair of the encryption attribute public private key pair of the file for the data owner
The key ciphertext carries out secondary encryption, forms secondary encryption key ciphertext, and by the file cipher text and the secondary encryption
Key ciphertext is uploaded to Cloud Server together and is stored, wherein the encryption attribute public private key pair is pre- to first pass through block chain
What the proxy re-encryption module in system generated;
Writing module, for the block to be written in the access control policy of the file cipher text by the data owner
In the intelligent contract of catenary system;
The Cloud Server includes:
Cloud storage module, the file cipher text and the secondary encryption key ciphertext for being uploaded to the first terminal
It is stored;
The block catenary system includes:
The proxy re-encryption module, for generating the encryption attribute public private key pair and by the access of the file cipher text
The re-encrypted private key for the person that licenses to data access and re-encryption calculating, attribute key decryption calculate, and the re-encryption is close
The private key of key and the encryption attribute public private key pair is respectively written into block chain;
The block chain, for storing the private key of the re-encrypted private key and the encryption attribute public private key pair;
Block chain network, the block chain network are deployed with the intelligent contract.
In one embodiment, the encryption attribute public private key pair is number of the proxy re-encryption module based on the file
According to safety level information or authorization access object Role Information or according to the Role Information distribution security level generate.
In one embodiment, authorization access strategy of the access control policy based on the file cipher text and authorization access
Object generates;
Wherein, the authorization access strategy includes the limitation of file path, listed files, access time and the access right of access
Limit at least one of validity period.
In one embodiment, the second terminal includes:
Access request module requests access to the file cipher text of the Cloud Server storage for data access person;
The Cloud Server further include:
Request sending module, if the file for the data access person to request access to the Cloud Server storage is close
The attribute information of the data access person is then sent to the block chain by text;
The proxy re-encryption module, if the attribute information specifically for the data access person meets the intelligent contract
In access control policy, then to the Cloud Server storage the secondary encryption key ciphertext using the block chain storage
Encryption attribute public private key pair private key carry out attribute decrypt the key ciphertext;
The proxy re-encryption module is specifically also used to access the block catenary system storage by the intelligent contract
The re-encrypted private key, and the key ciphertext is converted using the re-encrypted private key and generates re-encrypted private key ciphertext, to return
Back to the data access person;
The second terminal further include:
Deciphering module solves the re-encrypted private key ciphertext using the private key of oneself for the data access person
It is close, to obtain the symmetric key plaintext to decrypt the file cipher text.
In one embodiment, the intelligent contract carries out the access control policy in the form of access control policy tree
It indicates.
Compared with prior art, the data cloud storage encryption method and system based on block chain provided according to the present invention,
By after carrying out encryption to file using symmetric key and forming file cipher text, using the public key encryption of oneself by data owner
Symmetric key forms key ciphertext, and carries out secondary encryption using the public key of the encryption attribute public private key pair of file to key ciphertext
Secondary encryption key ciphertext is formed, is carried out finally, file cipher text and secondary encryption key ciphertext are uploaded to Cloud Server together
Storage;Meanwhile generating the access mandate of file cipher text in conjunction with proxy re-encryption technology to the re-encrypted private key of data access person,
And the private key of the encryption attribute public private key pair of file and re-encrypted private key are written in block chain, from there through by block chain
Decentralization distributed network, so as to remove conventional center key management system trust, realize cloud on number
It is stored according to the encryption of file;In addition, the access control of data on cloud is realized, so as to protect by using intelligent contract technology
Hinder the safety of data file on cloud.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for
For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is the flow chart for the data cloud storage encryption method based on block chain that one embodiment of the invention provides;
Fig. 2 be another embodiment of the present invention provides the data cloud storage encryption method based on block chain flow chart;
Fig. 3 be another embodiment of the present invention provides the data cloud storage encryption system based on block chain block diagram.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached in the embodiment of the present invention
Figure, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only this
Invention a part of the embodiment, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art exist
Every other embodiment obtained under the premise of creative work is not made, shall fall within the protection scope of the present invention.
Data cloud storage encryption method provided in an embodiment of the present invention based on block chain solves and adds on data file cloud
Close secure storage, while by combining Re-encryption Technology and attribute encryption technology, solve traditional secrete key management system centralization
The drawbacks of key management;In addition, realizing the access control of data on cloud by using intelligent contract technology, dynamically licensing to
The ciphertext data deciphering of data access side, so that data source is not necessarily to that the circulation side of data is known in advance, the data text on reinforcing cloud
While the safety of part, the access control mechanisms of ciphertext data can be neatly realized.
Before being illustrated to the data cloud storage encryption method provided by the invention based on block chain, first to the present invention
Term involved in each embodiment is introduced.
About block chain, block chain is that different data are loaded different hash values by head sequentially in time by one kind
A kind of linked data structure to link together, and its characteristic that can not be distorted and can not forge is guaranteed by the knowledge of cryptography
And a kind of distributed account book formed.Broadly, block chain technology is exactly to store and test using disclosed linked data structure
Card significant data is generated block data using distributed node and unified common recognition mechanism, is guaranteed using the knowledge of cryptography
The safety and anti-tamper characteristic, its chain structure of data transmission and access for the retrospect of transaction data and can lead to again
The intelligent contract of automatized script code composition is crossed to program the distributed basis framework and meter completely new with one kind of operation data
Calculate normal form.
About proxy re-encryption technology, the encryption of data file is added by data source (generally data owner)
Close, the decryption of data file ciphertext is decrypted jointly by the side of licensing for acting on behalf of node and data, is just able to achieve cryptograph files
Decryption is clear text file.Node is acted on behalf of using proxy re-encryption technology, proxy re-encryption technology is by ciphertext from a public key encryption
The ciphertext for being converted to another public key encryption acts on behalf of node maintenance re-encrypted private key.If producer's A (data of data file
Encipherer) access mandate of data will be generated into re-encrypted private key to B, A, and re-encrypted private key is entrusted to and acts on behalf of node, B
After authorization, to node request decryption is acted on behalf of, node is acted on behalf of using re-encrypted private key, the ciphertext data file of A public key encryption is turned
The cryptograph files of B public key encryption are turned to, B takes new cryptograph files, it is only necessary to pair in file header is decrypted with the private key of itself
Claim key ciphertext, generates symmetric key in plain text, and use symmetric key plaintext decryption data file ciphertext, read data file
Cleartext information.
Fig. 1 is the flow chart for the data cloud storage encryption method based on block chain that one embodiment of the invention provides, reference
Shown in Fig. 1, this method may include step:
S1, data owner use the public affairs of oneself after carrying out encryption to file using symmetric key and forming file cipher text
Key encrypted symmetric key forms key ciphertext.
In the present embodiment, data owner locally generates reliable random number symmetric key, with the symmetric key to file
It is encrypted, generates file cipher text.Data owner belonging to file will encrypt the symmetric key of file using the public key of oneself
Asymmetric encryption is carried out, symmetric key ciphertext is generated.Wherein, the corresponding private key of public key and public key of data owner is pre- Mr.
At, private key is taken care of by data owner, and data owner is symmetric key by private key energy decrypted symmetric key ciphertext
In plain text, and plaintext symmetric key decryption cryptograph files are used, generates clear text file, reads the raw information of file.Specific
In implementation process, data owner can be at the terminal by operation Encrypt function, using the public key of oneself as Encrypt
The input of function encrypts symmetric key, generates key ciphertext.The embodiment of the present invention is to the public key for generating data owner
The process of private key pair is not limited.
In the embodiment of the present invention, the symmetric key due to that can decrypt file cipher text is carried out by the public key of data owner
Encryption, the private key due to that can decrypt encrypted symmetric key is taken care of by data owner, so that other users can not
The file cipher text that data owner uploads on Cloud Server directly is accessed, therefore can ensure the safety of data file on cloud
Property.
S2, data owner carry out secondary encryption to key ciphertext using the public key of the encryption attribute public private key pair of file,
Secondary encryption key ciphertext is formed, and file cipher text and secondary encryption key ciphertext are uploaded to Cloud Server together and deposited
Storage.
Wherein, the encryption attribute public private key pair of file is that the pre- proxy re-encryption module first passed through on block catenary system generates
's.Specifically, the correlation attribute information of file is sent the proxy re-encryption module on block catenary system by data owner,
Proxy re-encryption module correlation attribute information file-based generates encryption attribute public private key pair, and by encryption attribute public private key pair
In public key be distributed to data owner.Wherein, the correlation attribute information of file includes but is not limited to the data safety etc. of file
Grade information, authorization access the Role Information of object, the security level distributed according to Role Information.
Data owner uses key ciphertext the side of encryption attribute using the public key of the encryption attribute public private key pair of file
Formula carries out secondary encryption, forms secondary encryption key ciphertext, and using file cipher text and secondary encryption key ciphertext as a text
Part is integrally uploaded to Cloud Server together and is stored.
It should be noted that multiple encryption attribute public private key pairs also can be generated in proxy re-encryption module, it is all in data
It, can be based on the secondary encryption of a variety of encryption attributes, shape after person forms key ciphertext using the public key encryption symmetric key of oneself
At multiple secondary encryption key ciphertexts, data access person needs that there are multiple corresponding attribute informations to respectively correspond decryption multiple two
Secondary encryption key ciphertext can just obtain corresponding key ciphertext.
S3, it is generated by the proxy re-encryption module on block catenary system and gives the access mandate of file cipher text to data access person
Re-encrypted private key, and the private key of re-encrypted private key and encryption attribute public private key pair is respectively written into block chain.
In the present embodiment, it is all that proxy re-encryption module can use the data that data owner inputs on local terminal
The public key of the data access person of the private key of person and data access person broadcast generates re-encrypted private key, so as to by the visit of file cipher text
Ask the person that licenses to data access, it is to be understood that the quantity of data access person is not limited to one.
Block catenary system is based on common recognition mechanism and carries out distributed storage to encryption attribute key and re-encrypted private key, and passes through
Block chain network synchronizes the data on each block chain node.
In the present embodiment, re-encrypted private key is generated by proxy re-encryption module, so as to subsequently through proxy re-encryption skill
Art carries out ciphertext conversion to key ciphertext, and thus, it is possible to alleviate the burden at data owner end, while it is close also to strengthen key
The confidentiality of text, so as to guarantee the confidentiality of cloud data.
S4, by data owner will file cipher text access control policy write-in block catenary system intelligent contract in.
In the present embodiment, authorization access strategy of the access control policy based on file cipher text and authorization access object are generated,
Wherein, the authorization access strategy includes the limitation of file path, listed files, access time and the access authority validity period of access
At least one of.
After the intelligent contract of block catenary system is written in the access control policy of file cipher text by data consumer, intelligent contract
Access control policy can be indicated in the form of Policy Tree.
It should be noted that the embodiment of the present invention is not limited the execution sequence of step S3 and step S4, step S3
It can be executed before step S4 execution or when executing or after executing.
In the embodiment of the present invention, by by data owner, carrying out encryption to file using symmetric key, to form file close
Wen Hou forms key ciphertext using the public key encryption symmetric key of oneself, and public using the encryption attribute of file to key ciphertext
The public key of private key pair carries out secondary encryption and forms secondary encryption key ciphertext, finally, file cipher text and secondary encryption key is close
Text is uploaded to Cloud Server together and is stored;Meanwhile it generating in conjunction with proxy re-encryption technology by the access mandate of file cipher text
To the re-encrypted private key of data access person, and by the private key of the encryption attribute public private key pair of file and re-encrypted private key write area
In block catenary system, from there through the distributed network of the removal centralization by block chain, so as to remove conventional center
Key management system trust, realize cloud on data file encryption storage;In addition, by using intelligent contract technology, it is real
The access control of data on existing cloud, so as to ensure the safety of data file on cloud.
Fig. 2 be another embodiment of the present invention provides the data cloud storage encryption method based on block chain flow chart,
In the embodiment, the data cloud storage encryption method based on block chain is somebody's turn to do other than including step described in Fig. 1, further includes
Step S5~S8, in order to describe that step described in Fig. 1 is omitted for purpose of brevity.As shown in Fig. 2, should the number based on block chain
According to cloud storage encryption method further include:
If S5, data access person request access to the file cipher text of Cloud Server storage, by Cloud Server by data access
The attribute information of person is sent to block catenary system.
Wherein, the identity of the attribute information of the data access person person that can be data access, it is several for including but is not limited to
According to one or more of the title, type and position of visitor.
If the attribute information of S6, data access person meet the access control policy in intelligent contract, Cloud Server is deposited
The private key for the encryption attribute public private key pair that the secondary encryption key ciphertext of storage is stored using block chain carries out attribute and decrypts key
Ciphertext.
In the present embodiment, if having permission the re-encrypted private key for calling the storage of block chain, be using the visit in intelligent contract
Ask what control strategy was controlled, only data access person has corresponding security attribute, could pass through proxy re-encryption module
Attribute is carried out to the secondary encryption key ciphertext stored on Cloud Server and decrypts key ciphertext, it is thus possible to guarantee key ciphertext
Safety, thus improve stored on cloud encryption file safety.
S7, the re-encrypted private key that the storage of block chain is accessed by intelligent contract, and weight is utilized by proxy re-encryption module
Key ciphertext is converted and generates re-encryption ciphertext by encryption key, with the person that returns to data access.
In the present embodiment, re-encrypted private key corresponding with file cipher text on block chain is accessed by intelligent contract, and pass through
The conversion of key ciphertext is generated the weight at the public key encryption via data access person using re-encrypted private key by proxy re-encryption module
Encryption key ciphertext obtains key consequently facilitating follow-up data visitor decrypts re-encrypted private key ciphertext using the private key of oneself
Ciphertext.
S8, data access person are decrypted re-encrypted private key ciphertext using the private key of oneself, to obtain to solve ciphertext
The symmetric key of part ciphertext.
In the present embodiment, data access person can be by executing Decrypt function, by the private of data access person at the terminal
Key is decrypted the key ciphertext got from block chain as the input of Decrypt function.After successful decryption, obtain
Symmetric key gets plaintext document so as to use symmetric key that the file cipher text obtained from cloud is decrypted.
In the embodiment of the present invention, secondary encryption is carried out since data owner is based on encryption attribute to key ciphertext, and will
Intelligent contract is written in the access control policy of file cipher text, therefore the attribute information of only data access person meets access control plan
When slightly, key ciphertext could be decrypted in data access person, and since key ciphertext is added via the public key of data owner
It is dense at, therefore key ciphertext is only subjected to conversion generation by using the re-encrypted private key that proxy re-encryption module generates
Re-encrypted private key ciphertext, and by data access person using itself private key decrypt re-encrypted private key ciphertext, can just get to
The symmetric key of the file cipher text of cloud storage is decrypted, and then can just obtain plaintext document.Thus, it is possible to avoid data text on cloud
Part is accessed by unsuitable user or is revealed by incomplete trusted data center or ISP, so as to realize
The shared purpose of data file dynamic on cloud.
Fig. 3 be another embodiment of the present invention provides the data cloud storage encryption system based on block chain block diagram, such as Fig. 3
Shown, the data cloud storage encryption system provided in an embodiment of the present invention based on block chain may include first terminal 310, second
Terminal 320, Cloud Server 330 and block catenary system 340: where
First terminal 310 includes:
Encrypting module 311, for data owner after carrying out encryption to file using symmetric key and forming file cipher text,
Symmetric key described in public key encryption using oneself forms key ciphertext;
Secondary encrypting module 312, for data owner using the public key of the encryption attribute public private key pair of file to key
Ciphertext carries out secondary encryption, forms secondary encryption key ciphertext, and file cipher text and secondary encryption key ciphertext are uploaded together
It is stored to Cloud Server, wherein encryption attribute public private key pair is the pre- proxy re-encryption mould first passed through on block catenary system
What block generated;
Writing module 313, for block catenary system being written in the access control policy of file cipher text by data owner
Intelligent contract in;
Cloud Server 330 includes:
Cloud storage module 331, the file cipher text and secondary encryption key ciphertext for uploading to first terminal carry out
Storage;
Block catenary system 340 includes:
Proxy re-encryption module 341, for generating encryption attribute public private key pair and by the access mandate of file cipher text to number
It is calculated according to the re-encrypted private key of visitor and re-encryption calculating, attribute key decryption, and by re-encrypted private key and encryption attribute
The private key of public private key pair is respectively written into block chain;
Block chain 342, for storing the private key of re-encrypted private key and encryption attribute public private key pair;
Block chain network 343, block chain network 343 are deployed with intelligent contract.
Further, encryption attribute public private key pair be proxy re-encryption module data safety class information file-based or
Authorization access object Role Information or according to Role Information distribution security level generate.
Further, authorization access strategy of the access control policy based on file cipher text and authorization access object generate;
Wherein, authorization access strategy includes that file path, listed files, the access time limitation of access and access authority have
At least one of effect phase.
Further, second terminal 320 includes:
Access request module 321 requests access to the file cipher text of Cloud Server storage for data access person;
Cloud Server 330 further includes request sending module 332:
Request sending module 332 will count if requesting access to the file cipher text of Cloud Server storage for data access person
Block chain is sent to according to the attribute information of visitor;
Proxy re-encryption module 341, if the attribute information specifically for data access person meets the access in intelligent contract
Control strategy, then the encryption attribute public private key pair secondary encryption key ciphertext of Cloud Server storage stored using block chain
Private key carries out attribute and decrypts key ciphertext;
Proxy re-encryption module 341 is specifically also used to access the re-encrypted private key stored on block chain by intelligent contract,
And key ciphertext is converted using re-encrypted private key and generates re-encrypted private key ciphertext, with the person that returns to data access;
Second terminal 320 further include:
Deciphering module 322 is decrypted re-encrypted private key ciphertext using the private key of oneself for data access person, to obtain
It takes to decrypt the symmetric key of file cipher text.
Further, intelligent contract is indicated access control policy in the form of Policy Tree.
The embodiment of the invention provides a kind of data cloud storage encryption system based on block chain, which passes through by data
The owner uses the public key encryption symmetric key shape of oneself after carrying out encryption to file using symmetric key and forming file cipher text
At key ciphertext, and secondary encryption is carried out using the public key of the encryption attribute public private key pair of file to key ciphertext and forms secondary add
Key ciphertext stores finally, file cipher text and secondary encryption key ciphertext are uploaded to Cloud Server together;Meanwhile
It generates the access mandate of file cipher text in conjunction with proxy re-encryption technology to the re-encrypted private key of data access person, and by file
Encryption attribute public private key pair private key and re-encrypted private key write-in block catenary system in, from there through the removal by block chain
The distributed network of centralization, so as to remove conventional center key management system trust, realize cloud on data text
The encryption of part stores;In addition, the access control of data on cloud is realized, so as to ensure cloud by using intelligent contract technology
The safety of upper data file.
All the above alternatives can form alternative embodiment of the invention using any combination, herein no longer
It repeats one by one.
It should be understood that the data cloud storage encryption system provided by the above embodiment based on block chain executes and is based on area
It, only the example of the division of the above functional modules, can in practical application when the data cloud storage encryption method of block chain
To be as needed completed by different functional modules above-mentioned function distribution, i.e., the internal structure of system is divided into different
Functional module, to complete all or part of the functions described above.In addition, the above-mentioned data cloud storage encryption based on block chain
System and the data cloud storage encryption method embodiment based on block chain belong to same design, and specific implementation process is detailed in method
Embodiment, which is not described herein again.
Those of ordinary skill in the art will appreciate that realizing that all or part of the steps of above-described embodiment can pass through hardware
It completes, associated hardware can also be instructed to complete by program, the program can store can in a kind of computer
It reads in storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and
Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (10)
1. a kind of data cloud storage encryption method based on block chain, which is characterized in that the described method includes:
Data owner uses the public key encryption institute of oneself after carrying out encryption to file using symmetric key and forming file cipher text
It states symmetric key and forms key ciphertext;
The data owner carries out the key ciphertext using the public key of the encryption attribute public private key pair of the file secondary
Encryption, forms secondary encryption key ciphertext, and the file cipher text and the secondary encryption key ciphertext are uploaded to cloud together
Server is stored, wherein the encryption attribute public private key pair is the pre- proxy re-encryption mould first passed through on block catenary system
What block generated;
It is generated the access mandate of the file cipher text by the proxy re-encryption module on the block catenary system to data access
The re-encrypted private key of person, and the private key of the re-encrypted private key and the encryption attribute public private key pair is respectively written into block chain;
The access control policy of the file cipher text is written to the intelligent contract of the block catenary system by the data owner
In.
2. the method according to claim 1, wherein the encryption attribute public private key pair is the proxy re-encryption
Data safety class information or authorization of the module based on the file access the Role Information of object or according to the Role Information
What the security level of distribution generated.
3. the method according to claim 1, wherein the access control policy awarding based on the file cipher text
It weighs access strategy and authorization access object generates;
Wherein, the authorization access strategy includes that file path, listed files, the access time limitation of access and access authority have
At least one of effect phase.
4. according to claim 1 to method described in 3 any one, which is characterized in that the method also includes:
If the data access person requests access to the file cipher text of the Cloud Server storage, will by the Cloud Server
The attribute information of the data access person is sent to the block catenary system;
If the attribute information of the data access person meets the access control policy in the intelligent contract, to the cloud service
The private key for the encryption attribute public private key pair that the secondary encryption key ciphertext of device storage is stored using the block chain is belonged to
Property decrypts the key ciphertext;
The re-encrypted private key of the block chain storage is accessed by the intelligent contract, and passes through the proxy re-encryption mould
The key ciphertext is converted using the re-encrypted private key and generates re-encrypted private key ciphertext by block, to return to the data access
Person;
The data access person is decrypted the re-encrypted private key ciphertext using the private key of oneself, to obtain to decrypt
State the symmetric key of file cipher text.
5. according to the method described in claim 4, it is characterized in that, the intelligence contract is to the access control policy with strategy
The form of tree is indicated.
6. a kind of data cloud storage encryption system based on block chain, which is characterized in that including first terminal, second terminal, cloud
Server and block catenary system, wherein
The first terminal includes:
Encrypting module, for data owner after carrying out encryption to file using symmetric key and forming file cipher text, using certainly
Symmetric key described in oneself public key encryption forms key ciphertext;
Secondary encrypting module, for the data owner using the public key of the encryption attribute public private key pair of the file to described
Key ciphertext carries out secondary encryption, forms secondary encryption key ciphertext, and by the file cipher text and the secondary encryption key
Ciphertext is uploaded to Cloud Server together and is stored, wherein the encryption attribute public private key pair is pre- to first pass through block catenary system
On proxy re-encryption module generate;
Writing module, for the block linkwork to be written in the access control policy of the file cipher text by the data owner
In the intelligent contract of system;
The Cloud Server includes:
Cloud storage module, the file cipher text and the secondary encryption key ciphertext for uploading to the first terminal carry out
Storage;
The block catenary system includes:
The proxy re-encryption module, for generating the encryption attribute public private key pair and by the access mandate of the file cipher text
Re-encrypted private key and re-encryption calculating to data access person, attribute key decryption calculate, and by the re-encrypted private key and
The private key of the encryption attribute public private key pair is respectively written into block chain;
The block chain, for storing the private key of the re-encrypted private key and the encryption attribute public private key pair;
Block chain network, the block chain network are deployed with the intelligent contract.
7. system according to claim 6, which is characterized in that the encryption attribute public private key pair is the proxy re-encryption
Data safety class information or authorization of the module based on the file access the Role Information of object or according to the Role Information
What the security level of distribution generated.
8. system according to claim 6, which is characterized in that the access control policy is awarded based on the file cipher text
It weighs access strategy and authorization access object generates;
Wherein, the authorization access strategy includes that file path, listed files, the access time limitation of access and access authority have
At least one of effect phase.
9. according to system described in claim 6 to 8 any one, which is characterized in that
The second terminal includes:
Access request module requests access to the file cipher text of the Cloud Server storage for data access person;
The Cloud Server further includes request sending module:
The request sending module, if the file for the data access person to request access to the Cloud Server storage is close
The attribute information of the data access person is then sent to the block chain by text;
The proxy re-encryption module, if the attribute information specifically for the data access person meets in the intelligent contract
Access control policy, the then category for using the block chain to store the secondary encryption key ciphertext of Cloud Server storage
Property encryption public private key pair private key carry out attribute decrypt the key ciphertext;
The proxy re-encryption module, be specifically also used to access by the intelligent contract the described heavy of the block chain storage plus
Key, and the key ciphertext is converted using the re-encrypted private key and generates re-encrypted private key ciphertext, it is described to return to
Data access person;
The second terminal further include:
Deciphering module is decrypted the re-encrypted private key ciphertext using the private key of oneself for the data access person, with
Obtain the symmetric key to decrypt the file cipher text.
10. system according to claim 9, which is characterized in that the intelligence contract is to the access control policy with plan
The form slightly set is indicated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811122831.0A CN109120639B (en) | 2018-09-26 | 2018-09-26 | Data cloud storage encryption method and system based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811122831.0A CN109120639B (en) | 2018-09-26 | 2018-09-26 | Data cloud storage encryption method and system based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109120639A true CN109120639A (en) | 2019-01-01 |
| CN109120639B CN109120639B (en) | 2021-03-16 |
Family
ID=64856768
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811122831.0A Active CN109120639B (en) | 2018-09-26 | 2018-09-26 | Data cloud storage encryption method and system based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109120639B (en) |
Cited By (57)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109818751A (en) * | 2019-02-02 | 2019-05-28 | 百度在线网络技术(北京)有限公司 | Key handling and application method, device, equipment and storage medium |
| CN109831444A (en) * | 2019-02-28 | 2019-05-31 | 南京邮电大学 | A kind of encryption attribute cloud storage access control method based on agency |
| CN109889508A (en) * | 2019-01-25 | 2019-06-14 | 北京融链科技有限公司 | A kind of right management method and device |
| CN109902494A (en) * | 2019-01-24 | 2019-06-18 | 北京融链科技有限公司 | Data encryption storage method, device and document storage system |
| CN109934599A (en) * | 2019-03-20 | 2019-06-25 | 众安信息技术服务有限公司 | Source tracing method based on block chain and device of tracing to the source |
| CN109933995A (en) * | 2019-01-31 | 2019-06-25 | 广州中国科学院软件应用技术研究所 | A kind of user's protecting sensitive data and system based on cloud service and block chain |
| CN109951497A (en) * | 2019-04-03 | 2019-06-28 | 陕西医链区块链集团有限公司 | A kind of personal data authorization method of block chain |
| CN109948367A (en) * | 2019-03-27 | 2019-06-28 | 南京星链高科技发展有限公司 | A kind of medical data authorization method based on block chain technology |
| CN110022211A (en) * | 2019-04-01 | 2019-07-16 | 王龙 | A kind of data screening system based on block chain |
| CN110099048A (en) * | 2019-04-19 | 2019-08-06 | 中共中央办公厅电子科技学院(北京电子科技学院) | A kind of cloud storage method and apparatus |
| CN110098919A (en) * | 2019-04-26 | 2019-08-06 | 西安电子科技大学 | The acquisition methods of data permission based on block chain |
| CN110224984A (en) * | 2019-05-07 | 2019-09-10 | 平安科技(深圳)有限公司 | A kind of multi-party authorization method and device based on block chain technology |
| CN110245117A (en) * | 2019-06-13 | 2019-09-17 | 南开大学 | The credible delet method of data and system on a kind of cloud based on block chain |
| CN110266687A (en) * | 2019-06-21 | 2019-09-20 | 杭州云象网络技术有限公司 | A kind of Internet of Things TSM Security Agent data sharing modularity using block chain technology |
| CN110430186A (en) * | 2019-07-31 | 2019-11-08 | 国网电子商务有限公司 | Block chain data transacting system and method based on proxy re-encryption and intelligent contract |
| CN110430161A (en) * | 2019-06-27 | 2019-11-08 | 布比(北京)网络技术有限公司 | It is a kind of that data anonymous sharing method and system are supervised based on block chain |
| CN110460581A (en) * | 2019-07-12 | 2019-11-15 | 捷德(中国)信息科技有限公司 | Sharing files method, equipment, SE device, is shared end and medium at system |
| CN110519286A (en) * | 2019-09-01 | 2019-11-29 | 江西理工大学 | A kind of intelligent transportation Data Access Security method based on alliance's block chain |
| CN110519260A (en) * | 2019-08-23 | 2019-11-29 | 联想(北京)有限公司 | A kind of information processing method and information processing unit |
| CN110535833A (en) * | 2019-08-07 | 2019-12-03 | 中国石油大学(北京) | A kind of data sharing control method based on block chain |
| CN110555318A (en) * | 2019-09-17 | 2019-12-10 | 山东爱城市网信息技术有限公司 | privacy data protection method based on block chain |
| CN110572370A (en) * | 2019-08-16 | 2019-12-13 | 湖北工业大学 | Agent re-encryption system and method for resisting quantum attack |
| CN110784463A (en) * | 2019-10-24 | 2020-02-11 | 深圳市超算科技开发有限公司 | File storage and access method and system based on block chain |
| CN110798315A (en) * | 2019-11-11 | 2020-02-14 | 腾讯科技(深圳)有限公司 | Data processing method and device based on block chain and terminal |
| CN110941809A (en) * | 2019-11-27 | 2020-03-31 | 苏州国芯科技股份有限公司 | File encryption and decryption method and device, fingerprint password device and readable storage medium |
| CN111008855A (en) * | 2019-12-10 | 2020-04-14 | 上海中信信息发展股份有限公司 | Retroactive data access control method based on improved proxy re-encryption |
| CN111191288A (en) * | 2019-12-30 | 2020-05-22 | 中电海康集团有限公司 | Block chain data access authority control method based on proxy re-encryption |
| CN111324898A (en) * | 2020-01-20 | 2020-06-23 | 福州大学 | Block chain-based electronic medical document dual-access control system |
| CN111371790A (en) * | 2020-03-05 | 2020-07-03 | 中国工商银行股份有限公司 | Data encryption sending method based on alliance chain, related method, device and system |
| CN111385301A (en) * | 2020-03-06 | 2020-07-07 | 湖南智慧政务区块链科技有限公司 | Block chain data sharing encryption and decryption method, equipment and storage medium |
| CN111447174A (en) * | 2020-02-19 | 2020-07-24 | 江苏荣泽信息科技股份有限公司 | Data encryption method based on block chain |
| CN111526197A (en) * | 2020-04-24 | 2020-08-11 | 远光软件股份有限公司 | Cloud data secure sharing method |
| CN111541678A (en) * | 2020-04-17 | 2020-08-14 | 上海朝夕网络技术有限公司 | Block chain-based proxy re-encryption method, system and storage medium |
| CN111586065A (en) * | 2020-05-12 | 2020-08-25 | 山东浪潮商用系统有限公司 | Data authorization method based on block chain |
| CN111726318A (en) * | 2019-03-18 | 2020-09-29 | 苏宁易购集团股份有限公司 | Sensitive data transaction method and system based on block chain |
| CN111935080A (en) * | 2020-06-24 | 2020-11-13 | 布比(北京)网络技术有限公司 | Data sharing method and device for block chain, computer equipment and storage medium |
| CN112333175A (en) * | 2020-03-11 | 2021-02-05 | 合肥达朴汇联科技有限公司 | Data transmission method, system, equipment and storage medium based on intermediate node |
| CN112422282A (en) * | 2020-11-18 | 2021-02-26 | 中国电子科技集团公司第三十研究所 | Centralized efficient group session key management method |
| CN112436936A (en) * | 2020-11-11 | 2021-03-02 | 安徽量安通信息科技有限公司 | Cloud storage method and system with quantum encryption function |
| CN112613061A (en) * | 2021-01-06 | 2021-04-06 | 上海泰砥科技有限公司 | Electronic prescription sharing method and device based on proxy re-encryption |
| CN112671533A (en) * | 2020-12-11 | 2021-04-16 | 苏州浪潮智能科技有限公司 | Electronic data storage system, method and medium |
| CN112787976A (en) * | 2019-11-06 | 2021-05-11 | 阿里巴巴集团控股有限公司 | Data encryption, decryption and sharing method, device, system and storage medium |
| CN112804064A (en) * | 2021-01-26 | 2021-05-14 | 西安邮电大学 | Attribute encryption access control system and method based on block chain |
| CN112906032A (en) * | 2021-03-15 | 2021-06-04 | 上海交通大学 | File secure transmission method, system and medium based on CP-ABE and block chain |
| CN112926066A (en) * | 2021-02-23 | 2021-06-08 | 华能(浙江)能源开发有限公司玉环分公司 | Proxy re-encryption method for access control |
| GB2592024A (en) * | 2020-02-12 | 2021-08-18 | Cufflink Io Ltd | Methods and apparatus for controlling access to personal data |
| CN113420319A (en) * | 2021-04-08 | 2021-09-21 | 同方股份有限公司 | Data privacy protection method and system based on block chain and permission contract |
| CN113438235A (en) * | 2021-06-24 | 2021-09-24 | 国网河南省电力公司 | Data layered credible encryption method |
| CN113556363A (en) * | 2021-09-18 | 2021-10-26 | 中国人民解放军国防科技大学 | Data sharing method and system based on decentralized and distributed proxy re-encryption |
| CN113949552A (en) * | 2021-10-13 | 2022-01-18 | 广州广电运通金融电子股份有限公司 | Large file encryption and decryption system, method, storage medium and equipment |
| CN113992330A (en) * | 2021-10-30 | 2022-01-28 | 贵州大学 | Block chain data controlled sharing method and system based on proxy re-encryption |
| CN114244838A (en) * | 2021-12-17 | 2022-03-25 | 东软集团股份有限公司 | Encryption method and system, decryption method, device and equipment for block chain data |
| CN114500069A (en) * | 2022-02-10 | 2022-05-13 | 福建福链科技有限公司 | Method and system for storing and sharing electronic contract |
| CN114760081A (en) * | 2020-12-28 | 2022-07-15 | 富泰华工业(深圳)有限公司 | File encryption and decryption method and device and electronic equipment |
| CN115208692A (en) * | 2022-09-07 | 2022-10-18 | 浙江工业大学 | Data sharing method based on uplink and downlink cooperation |
| US11516147B2 (en) | 2019-10-02 | 2022-11-29 | Red Hat, Inc. | Blockchain-based dynamic storage provisioner |
| CN116340984A (en) * | 2023-05-29 | 2023-06-27 | 四川云合数创信息技术有限公司 | User information management method and system based on intelligent community |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104320393A (en) * | 2014-10-24 | 2015-01-28 | 西安电子科技大学 | Effective attribute base agent re-encryption method capable of controlling re-encryption |
| CN104378386A (en) * | 2014-12-09 | 2015-02-25 | 浪潮电子信息产业股份有限公司 | Method for cloud data confidentiality protection and access control |
| CN104580205A (en) * | 2015-01-05 | 2015-04-29 | 南京邮电大学 | CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing |
| CN108063752A (en) * | 2017-11-02 | 2018-05-22 | 暨南大学 | A kind of credible genetic test and data sharing method based on block chain and proxy re-encryption technology |
| CN108400871A (en) * | 2018-01-25 | 2018-08-14 | 南京邮电大学 | In conjunction with the searching ciphertext system and method for identity and the support proxy re-encryption of attribute |
| CN108418681A (en) * | 2018-01-22 | 2018-08-17 | 南京邮电大学 | A kind of searching ciphertext system and method based on attribute for supporting proxy re-encryption |
| CN108462568A (en) * | 2018-02-11 | 2018-08-28 | 西安电子科技大学 | A kind of secure file storage and sharing method based on block chain |
-
2018
- 2018-09-26 CN CN201811122831.0A patent/CN109120639B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104320393A (en) * | 2014-10-24 | 2015-01-28 | 西安电子科技大学 | Effective attribute base agent re-encryption method capable of controlling re-encryption |
| CN104378386A (en) * | 2014-12-09 | 2015-02-25 | 浪潮电子信息产业股份有限公司 | Method for cloud data confidentiality protection and access control |
| CN104580205A (en) * | 2015-01-05 | 2015-04-29 | 南京邮电大学 | CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing |
| CN108063752A (en) * | 2017-11-02 | 2018-05-22 | 暨南大学 | A kind of credible genetic test and data sharing method based on block chain and proxy re-encryption technology |
| CN108418681A (en) * | 2018-01-22 | 2018-08-17 | 南京邮电大学 | A kind of searching ciphertext system and method based on attribute for supporting proxy re-encryption |
| CN108400871A (en) * | 2018-01-25 | 2018-08-14 | 南京邮电大学 | In conjunction with the searching ciphertext system and method for identity and the support proxy re-encryption of attribute |
| CN108462568A (en) * | 2018-02-11 | 2018-08-28 | 西安电子科技大学 | A kind of secure file storage and sharing method based on block chain |
Cited By (76)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109902494A (en) * | 2019-01-24 | 2019-06-18 | 北京融链科技有限公司 | Data encryption storage method, device and document storage system |
| CN109889508A (en) * | 2019-01-25 | 2019-06-14 | 北京融链科技有限公司 | A kind of right management method and device |
| CN109933995A (en) * | 2019-01-31 | 2019-06-25 | 广州中国科学院软件应用技术研究所 | A kind of user's protecting sensitive data and system based on cloud service and block chain |
| CN109933995B (en) * | 2019-01-31 | 2023-04-07 | 广州中国科学院软件应用技术研究所 | User sensitive data protection and system based on cloud service and block chain |
| CN109818751B (en) * | 2019-02-02 | 2021-12-07 | 百度在线网络技术(北京)有限公司 | Key processing and using method, device, equipment and storage medium |
| CN109818751A (en) * | 2019-02-02 | 2019-05-28 | 百度在线网络技术(北京)有限公司 | Key handling and application method, device, equipment and storage medium |
| CN109831444A (en) * | 2019-02-28 | 2019-05-31 | 南京邮电大学 | A kind of encryption attribute cloud storage access control method based on agency |
| CN111726318A (en) * | 2019-03-18 | 2020-09-29 | 苏宁易购集团股份有限公司 | Sensitive data transaction method and system based on block chain |
| CN109934599A (en) * | 2019-03-20 | 2019-06-25 | 众安信息技术服务有限公司 | Source tracing method based on block chain and device of tracing to the source |
| CN109948367A (en) * | 2019-03-27 | 2019-06-28 | 南京星链高科技发展有限公司 | A kind of medical data authorization method based on block chain technology |
| CN109948367B (en) * | 2019-03-27 | 2022-12-06 | 南京星链高科技发展有限公司 | Medical data authorization method based on block chain technology |
| CN110022211A (en) * | 2019-04-01 | 2019-07-16 | 王龙 | A kind of data screening system based on block chain |
| CN109951497A (en) * | 2019-04-03 | 2019-06-28 | 陕西医链区块链集团有限公司 | A kind of personal data authorization method of block chain |
| CN110099048A (en) * | 2019-04-19 | 2019-08-06 | 中共中央办公厅电子科技学院(北京电子科技学院) | A kind of cloud storage method and apparatus |
| CN110098919A (en) * | 2019-04-26 | 2019-08-06 | 西安电子科技大学 | The acquisition methods of data permission based on block chain |
| CN110098919B (en) * | 2019-04-26 | 2021-06-25 | 西安电子科技大学 | Block chain-based data permission acquisition method |
| CN110224984A (en) * | 2019-05-07 | 2019-09-10 | 平安科技(深圳)有限公司 | A kind of multi-party authorization method and device based on block chain technology |
| CN110245117A (en) * | 2019-06-13 | 2019-09-17 | 南开大学 | The credible delet method of data and system on a kind of cloud based on block chain |
| CN110266687A (en) * | 2019-06-21 | 2019-09-20 | 杭州云象网络技术有限公司 | A kind of Internet of Things TSM Security Agent data sharing modularity using block chain technology |
| CN110266687B (en) * | 2019-06-21 | 2021-08-17 | 杭州云象网络技术有限公司 | Method for designing Internet of things security agent data sharing module by adopting block chain technology |
| CN110430161A (en) * | 2019-06-27 | 2019-11-08 | 布比(北京)网络技术有限公司 | It is a kind of that data anonymous sharing method and system are supervised based on block chain |
| CN110430161B (en) * | 2019-06-27 | 2021-08-17 | 布比(北京)网络技术有限公司 | Unsupervised data anonymous sharing method and system based on block chain |
| CN110460581A (en) * | 2019-07-12 | 2019-11-15 | 捷德(中国)信息科技有限公司 | Sharing files method, equipment, SE device, is shared end and medium at system |
| CN110460581B (en) * | 2019-07-12 | 2021-09-28 | 捷德(中国)科技有限公司 | File sharing method, system, equipment, SE device, shared end and medium |
| CN110430186A (en) * | 2019-07-31 | 2019-11-08 | 国网电子商务有限公司 | Block chain data transacting system and method based on proxy re-encryption and intelligent contract |
| CN110535833B (en) * | 2019-08-07 | 2020-06-09 | 中国石油大学(北京) | Data sharing control method based on block chain |
| CN110535833A (en) * | 2019-08-07 | 2019-12-03 | 中国石油大学(北京) | A kind of data sharing control method based on block chain |
| CN110572370B (en) * | 2019-08-16 | 2021-09-14 | 湖北工业大学 | Agent re-encryption system and method for resisting quantum attack |
| CN110572370A (en) * | 2019-08-16 | 2019-12-13 | 湖北工业大学 | Agent re-encryption system and method for resisting quantum attack |
| CN110519260A (en) * | 2019-08-23 | 2019-11-29 | 联想(北京)有限公司 | A kind of information processing method and information processing unit |
| CN110519286B (en) * | 2019-09-01 | 2021-12-24 | 江西理工大学 | Intelligent traffic data security access method based on alliance block chain |
| CN110519286A (en) * | 2019-09-01 | 2019-11-29 | 江西理工大学 | A kind of intelligent transportation Data Access Security method based on alliance's block chain |
| CN110555318A (en) * | 2019-09-17 | 2019-12-10 | 山东爱城市网信息技术有限公司 | privacy data protection method based on block chain |
| US11516147B2 (en) | 2019-10-02 | 2022-11-29 | Red Hat, Inc. | Blockchain-based dynamic storage provisioner |
| CN110784463B (en) * | 2019-10-24 | 2021-08-31 | 深圳市超算科技开发有限公司 | File storage and access method based on block chain |
| CN110784463A (en) * | 2019-10-24 | 2020-02-11 | 深圳市超算科技开发有限公司 | File storage and access method and system based on block chain |
| CN112787976A (en) * | 2019-11-06 | 2021-05-11 | 阿里巴巴集团控股有限公司 | Data encryption, decryption and sharing method, device, system and storage medium |
| CN110798315B (en) * | 2019-11-11 | 2021-04-13 | 腾讯科技(深圳)有限公司 | Data processing method and device based on block chain and terminal |
| CN110798315A (en) * | 2019-11-11 | 2020-02-14 | 腾讯科技(深圳)有限公司 | Data processing method and device based on block chain and terminal |
| CN110941809A (en) * | 2019-11-27 | 2020-03-31 | 苏州国芯科技股份有限公司 | File encryption and decryption method and device, fingerprint password device and readable storage medium |
| CN111008855B (en) * | 2019-12-10 | 2024-02-13 | 上海信联信息发展股份有限公司 | Retrospective data access control method based on improved proxy re-encryption |
| CN111008855A (en) * | 2019-12-10 | 2020-04-14 | 上海中信信息发展股份有限公司 | Retroactive data access control method based on improved proxy re-encryption |
| CN111191288B (en) * | 2019-12-30 | 2023-10-13 | 中电海康集团有限公司 | Block chain data access right control method based on proxy re-encryption |
| CN111191288A (en) * | 2019-12-30 | 2020-05-22 | 中电海康集团有限公司 | Block chain data access authority control method based on proxy re-encryption |
| CN111324898B (en) * | 2020-01-20 | 2023-04-07 | 福州大学 | Block chain-based electronic medical document dual-access control system |
| CN111324898A (en) * | 2020-01-20 | 2020-06-23 | 福州大学 | Block chain-based electronic medical document dual-access control system |
| GB2592024A (en) * | 2020-02-12 | 2021-08-18 | Cufflink Io Ltd | Methods and apparatus for controlling access to personal data |
| CN111447174A (en) * | 2020-02-19 | 2020-07-24 | 江苏荣泽信息科技股份有限公司 | Data encryption method based on block chain |
| CN111371790A (en) * | 2020-03-05 | 2020-07-03 | 中国工商银行股份有限公司 | Data encryption sending method based on alliance chain, related method, device and system |
| CN111385301A (en) * | 2020-03-06 | 2020-07-07 | 湖南智慧政务区块链科技有限公司 | Block chain data sharing encryption and decryption method, equipment and storage medium |
| CN112333175B (en) * | 2020-03-11 | 2023-04-18 | 合肥达朴汇联科技有限公司 | Data transmission method, system, equipment and storage medium based on intermediate node |
| CN112333175A (en) * | 2020-03-11 | 2021-02-05 | 合肥达朴汇联科技有限公司 | Data transmission method, system, equipment and storage medium based on intermediate node |
| CN111541678A (en) * | 2020-04-17 | 2020-08-14 | 上海朝夕网络技术有限公司 | Block chain-based proxy re-encryption method, system and storage medium |
| CN111526197A (en) * | 2020-04-24 | 2020-08-11 | 远光软件股份有限公司 | Cloud data secure sharing method |
| CN111586065A (en) * | 2020-05-12 | 2020-08-25 | 山东浪潮商用系统有限公司 | Data authorization method based on block chain |
| CN111935080A (en) * | 2020-06-24 | 2020-11-13 | 布比(北京)网络技术有限公司 | Data sharing method and device for block chain, computer equipment and storage medium |
| CN112436936A (en) * | 2020-11-11 | 2021-03-02 | 安徽量安通信息科技有限公司 | Cloud storage method and system with quantum encryption function |
| CN112422282A (en) * | 2020-11-18 | 2021-02-26 | 中国电子科技集团公司第三十研究所 | Centralized efficient group session key management method |
| CN112422282B (en) * | 2020-11-18 | 2022-03-18 | 中国电子科技集团公司第三十研究所 | Centralized efficient group session key management method |
| CN112671533A (en) * | 2020-12-11 | 2021-04-16 | 苏州浪潮智能科技有限公司 | Electronic data storage system, method and medium |
| CN114760081A (en) * | 2020-12-28 | 2022-07-15 | 富泰华工业(深圳)有限公司 | File encryption and decryption method and device and electronic equipment |
| CN112613061A (en) * | 2021-01-06 | 2021-04-06 | 上海泰砥科技有限公司 | Electronic prescription sharing method and device based on proxy re-encryption |
| CN112804064A (en) * | 2021-01-26 | 2021-05-14 | 西安邮电大学 | Attribute encryption access control system and method based on block chain |
| CN112926066A (en) * | 2021-02-23 | 2021-06-08 | 华能(浙江)能源开发有限公司玉环分公司 | Proxy re-encryption method for access control |
| CN112906032A (en) * | 2021-03-15 | 2021-06-04 | 上海交通大学 | File secure transmission method, system and medium based on CP-ABE and block chain |
| CN113420319A (en) * | 2021-04-08 | 2021-09-21 | 同方股份有限公司 | Data privacy protection method and system based on block chain and permission contract |
| CN113438235A (en) * | 2021-06-24 | 2021-09-24 | 国网河南省电力公司 | Data layered credible encryption method |
| CN113556363A (en) * | 2021-09-18 | 2021-10-26 | 中国人民解放军国防科技大学 | Data sharing method and system based on decentralized and distributed proxy re-encryption |
| CN113556363B (en) * | 2021-09-18 | 2021-12-17 | 中国人民解放军国防科技大学 | Data sharing method and system based on decentralized and distributed proxy re-encryption |
| CN113949552A (en) * | 2021-10-13 | 2022-01-18 | 广州广电运通金融电子股份有限公司 | Large file encryption and decryption system, method, storage medium and equipment |
| CN113992330A (en) * | 2021-10-30 | 2022-01-28 | 贵州大学 | Block chain data controlled sharing method and system based on proxy re-encryption |
| CN114244838A (en) * | 2021-12-17 | 2022-03-25 | 东软集团股份有限公司 | Encryption method and system, decryption method, device and equipment for block chain data |
| CN114500069A (en) * | 2022-02-10 | 2022-05-13 | 福建福链科技有限公司 | Method and system for storing and sharing electronic contract |
| CN115208692A (en) * | 2022-09-07 | 2022-10-18 | 浙江工业大学 | Data sharing method based on uplink and downlink cooperation |
| CN116340984A (en) * | 2023-05-29 | 2023-06-27 | 四川云合数创信息技术有限公司 | User information management method and system based on intelligent community |
| CN116340984B (en) * | 2023-05-29 | 2023-08-15 | 四川云合数创信息技术有限公司 | User information management method and system based on intelligent community |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109120639B (en) | 2021-03-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109120639A (en) | A kind of data cloud storage encryption method and system based on block chain | |
| CN109559124B (en) | Cloud data security sharing method based on block chain | |
| CN108259169B (en) | File secure sharing method and system based on block chain cloud storage | |
| Shafagh et al. | Droplet: Decentralized authorization and access control for encrypted data streams | |
| CN114039790B (en) | Fine-grained cloud storage security access control method based on blockchain | |
| CN105100083B (en) | A kind of secret protection and support user's revocation based on encryption attribute method and system | |
| CN102655508A (en) | Method for protecting privacy data of users in cloud environment | |
| CN102075544A (en) | Encryption system, encryption method and decryption method for local area network shared file | |
| CN111274599A (en) | Data sharing method based on block chain and related device | |
| CN112487443A (en) | Energy data fine-grained access control method based on block chain | |
| John et al. | Provably secure data sharing approach for personal health records in cloud storage using session password, data access key, and circular interpolation | |
| Sethia et al. | CP-ABE for selective access with scalable revocation: A case study for mobile-based healthfolder. | |
| CN107302524A (en) | A kind of ciphertext data-sharing systems under cloud computing environment | |
| Liu et al. | A blockchain-based secure cloud files sharing scheme with fine-grained access control | |
| Jyoti et al. | A blockchain and smart contract-based data provenance collection and storing in cloud environment | |
| Pervez et al. | SAPDS: self-healing attribute-based privacy aware data sharing in cloud | |
| CN113360944B (en) | Dynamic access control system and method for electric power Internet of things | |
| Ramachandran et al. | Secure and efficient data forwarding in untrusted cloud environment | |
| Gowda et al. | Blockchain-based access control model with privacy preservation in a fog computing environment | |
| Feng et al. | S2PD: A selective sharing scheme for privacy data in vehicular social networks | |
| Luo et al. | Accountable data sharing scheme based on blockchain and SGX | |
| Charanya et al. | Attribute based encryption for secure sharing of E-health data | |
| CN114091058A (en) | Method and system for secure sharing of data between a first area and a second area | |
| CN114003940A (en) | Data security sharing system based on block chain and IBE | |
| Soltani et al. | Data capsule: A self-contained data model as an access policy enforcement strategy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240306 Address after: Room 1179, W Zone, 11th Floor, Building 1, No. 158 Shuanglian Road, Qingpu District, Shanghai, 201702 Patentee after: Shanghai Zhongan Information Technology Service Co.,Ltd. Country or region after: China Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.) Patentee before: ZHONGAN INFORMATION TECHNOLOGY SERVICE Co.,Ltd. Country or region before: China |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240415 Address after: Room 1179, W Zone, 11th Floor, Building 1, No. 158 Shuanglian Road, Qingpu District, Shanghai, 201702 Patentee after: Shanghai Zhongan Information Technology Service Co.,Ltd. Country or region after: China Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.) Patentee before: ZHONGAN INFORMATION TECHNOLOGY SERVICE Co.,Ltd. Country or region before: China |