Summary of the invention
The main purpose of the present invention is to provide a kind of cloud storage data encryption and transmission methods, intelligent contract system, Yun Cun
Store up equipment and computer readable storage medium, it is intended to solve the problems, such as the technology for how avoiding leading to leaking data risk due to mutual trust
Problem.
To achieve the above object, the present invention provides a kind of cloud storage data encryption and transmission method, is applied to intelligent contract system
System, this method comprises:
Receive the first Client-initiated be directed to be stored in cloud storage equipment one encryption file transaction request and
The public key of first user;
The public key that first user is sent to the second user for the encryption file of having the right to trade, so that described second uses
Re-encrypted private key is calculated using the public key of first user and the private key of the second user in family;
The re-encrypted private key is obtained from the second user, and records the preset kind information of the encryption file;And
The mapping relations data of the re-encrypted private key and the preset kind information of the encryption file are sent to described
Cloud storage equipment is generated and is corresponded to so as to encrypt file described in re-encrypted private key re-encrypted described in the cloud storage equipment utilization
Heavy ciphertext part, so that first user obtains the heavy ciphertext part and decrypts.
Optionally, the encryption file in the cloud storage equipment is to be generated according to the public key of the second user.
Optionally, the public key for receiving the first user includes:
The public key while initiating the transaction request or later, is set by first user through block chain node
Preparation gives the intelligent contract system, alternatively, the public key initiates institute in first user by the intelligent contract system
While stating transaction request or later, according to the mapping relations data of predetermined user and public key, determines and simultaneously obtain institute
State the corresponding public key of the first user.
It is optionally, described that using the public key of first user and the private key of the second user re-encryption to be calculated close
Key includes:
According to predetermined proxy re-encryption algorithm to the public key of first user and the private key of the second user
It carries out proxy re-encrypted private key and generates operation, obtain the re-encrypted private key.
To achieve the above object, the present invention further provides a kind of intelligent contract system, the system comprises:
Receiving unit is directed to one be stored in cloud storage equipment encryption file for receiving the first Client-initiated
The public key of transaction request and first user;
Computing unit, for sending the public key of first user to the second user for the encryption file of having the right to trade,
So that re-encrypted private key is calculated using the public key of first user and the private key of the second user in the second user;
Acquiring unit for obtaining the re-encrypted private key from the second user, and records the pre- of the encryption file
If type information;
Transmission unit, for by the re-encrypted private key and it is described encryption file preset kind information mapping relations number
According to the cloud storage equipment is sent to, so as to encrypt text described in re-encrypted private key re-encrypted described in the cloud storage equipment utilization
Part generates corresponding heavy ciphertext part, so that first user obtains the heavy ciphertext part and decrypts.
To achieve the above object, it the present invention further provides a kind of cloud storage data encryption and transmission method, is deposited applied to cloud
Equipment is stored up, this method comprises:
Receive and store the encryption file of second user upload;
Re-encrypted private key is obtained from intelligent contract system and encrypts the mapping relations data of the preset kind information of file;
And
According to the preset kind information of acquired encryption file, the encryption file to re-encryption is determined, and utilize institute
The re-encrypted private key corresponding with the encryption file determined obtained add again to the encryption file determined
It is close, corresponding heavy ciphertext part is generated, it is described heavy for initiating to obtain for the first user of the transaction request of the encryption file
Ciphertext part is simultaneously decrypted.
Optionally, the encryption file is to be generated according to the public key of the second user.
Optionally, described re-encrypted private key to be obtained from the intelligent contract system and the preset kind information of encryption file is reflected
Penetrating relation data includes:
Receive the re-encrypted private key and encryption text that the intelligent contract system is sent to the cloud storage equipment
The mapping relations data of the preset kind information of part;Or
The cloud storage equipment is in real time or timing detects whether the intelligent contract system generates new re-encrypted private key
With the mapping relations data of the preset kind information of encryption file, and the re-encrypted private key and the encryption file are being detected
Preset kind information mapping relations data after, obtain the re-encrypted private key and the encryption from the intelligent contract system
The mapping relations data of the preset kind information of file.
Optionally, the re-encrypted private key is that the intelligent contract system receives the public key of first user and is sent to
The second user, public key and institute of the second user according to predetermined proxy re-encryption algorithm to first user
The private key for stating second user carries out proxy re-encrypted private key generation operation and obtains.
Optionally, first user, which obtains the heavy ciphertext part and decrypts, includes:
The heavy ciphertext part of generation is sent to first user by the cloud storage equipment, alternatively, described first uses
Family is from weight ciphertext part described in the cloud storage device downloads, and then first user is decrypted described heavy close using the private key of oneself
File.
To achieve the above object, described the present invention further provides a kind of cloud storage equipment, including memory, processor
The cloud storage Data Encryption Transmission program that can be run on the processor, the cloud storage data encryption are stored on memory
Such as above-mentioned cloud storage data encryption and transmission method is realized when transfer program is executed by the processor.
To achieve the above object, the present invention further provides a kind of computer readable storage mediums, described computer-readable
Storage medium is stored with cloud storage Data Encryption Transmission program, and the cloud storage Data Encryption Transmission program can be by least one
It manages device to execute, so that at least one described processor executes such as above-mentioned cloud storage data encryption and transmission method.
Compared to the prior art, cloud storage data encryption and transmission method proposed by the invention, intelligent contract system, Yun Cun
Equipment and computer readable storage medium are stored up, according to the private key of second user and can initiate to trade by proxy re-encryption algorithm
The public key of first user of request generates corresponding re-encrypted private key, and will use the according to the re-encrypted private key by cloud storage equipment
The ciphertext of the public key encryption of two users is converted into the ciphertext of the public key encryption with the first user, in this process, intelligent contract
System cannot get the cleartext information of data, to reduce leaking data risk.Also, the first user can download the ciphertext,
It can only be decrypted with the private key of oneself, data trade related side does not need to be related to key exchange during same files
Process, also effectively prevent the risk of leaking data caused by divulging a secret because of key.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that described herein, specific examples are only used to explain the present invention, not
For limiting the present invention.Based on the embodiments of the present invention, those of ordinary skill in the art are not before making creative work
Every other embodiment obtained is put, shall fall within the protection scope of the present invention.
The description and claims of this application and term " first ", " second ", " third ", " in above-mentioned attached drawing
The (if present)s such as four " are to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should manage
The data that solution uses in this way are interchangeable under appropriate circumstances, so that the embodiments described herein can be in addition to illustrating herein
Or the sequence other than the content of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that
Cover it is non-exclusive include, for example, containing the process, method, system, product or equipment of a series of steps or units need not limit
In step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, produce
The other step or units of product or equipment inherently.
It should be noted that the description for being related to " first ", " second " etc. in the present invention is used for description purposes only, and cannot
It is interpreted as its relative importance of indication or suggestion or implicitly indicates the quantity of indicated technical characteristic.Define as a result, " the
One ", the feature of " second " can explicitly or implicitly include at least one of the features.In addition, the skill between each embodiment
Art scheme can be combined with each other, but must be based on can be realized by those of ordinary skill in the art, when technical solution
Will be understood that the combination of this technical solution is not present in conjunction with there is conflicting or cannot achieve when, also not the present invention claims
Protection scope within.
Referring to Fig.1, the configuration diagram of Fig. 1 block chain network system of each embodiment to realize the present invention.
The block chain network system 1 includes intelligent contract system 2, cloud storage equipment 4 and multiple block chain node devices 6.
Wherein:
Intelligent contract system 2 is used to receive user and is stored in cloud storage via being directed to of initiating of block chain node device 6 and sets
The transaction request of encryption file on standby 4 for the encryption file generated re-encrypted private key, and is sent to cloud storage equipment 4.
The re-encrypted private key that cloud storage equipment 4 is used to be generated according to intelligent contract system 2 carries out again the encryption file
Encryption generates corresponding heavy ciphertext part, so that the user obtains the heavy ciphertext part and decrypts.
Block chain node device 6 is used to receive Client-initiated and is directed to the encryption file being stored in cloud storage equipment 4
Transaction request, and the transaction request is sent to intelligent contract system 2.
Referring to the process signal that Fig. 2, Fig. 2 are the cloud storage data encryption and transmission method that first embodiment of the invention proposes
Figure.
In the present embodiment, this method is applied to intelligent contract system 2.This method comprises:
S10 receives the transaction request that the first Client-initiated is directed to an encryption file being stored in cloud storage equipment 4
And the first public key (pkB) of first user.
What the first user can be issued by a block chain node device 6 to intelligent contract system 2 is directed to the cloud storage
The transaction request of an encryption file in equipment 4.The encryption file is the encryption generated according to the public key (pkA) of second user
File (cA).For example, the second user can be the lawful owner of the encryption file.
In the present embodiment, intelligent contract system 2 can obtain the first public key of first user in the following manner:
First public key while initiating the transaction request or later, is set by first user through the block chain node
Standby 6 are sent to the intelligence contract system 2, alternatively, first public key initiates the friendship in first user by the intelligence contract system 2
Easily request while or later, according to the mapping relations data of predetermined user and public key, determine and obtain this first
Corresponding first public key of user.
S20 sends the first public key of first user to the second user for the encryption file of having the right to trade so that this second
Re-encrypted private key (rkA- > B) is calculated using the first private key (skA) of first public key and the second user in user.
In the present embodiment, intelligent contract system 2 can be in the first public key for sending first user to second user
While also send a Notice Of Transactions information, or including this into the Notice Of Transactions information that second user is sent
The first public key of first user.
Second user is after receiving first public key, according to predetermined proxy re-encryption algorithm to oneself first
Private key and first public key carry out operation, and common proxy re-encryption algorithm includes BBS98, AFGH06, GA07 etc..Agency adds again
Close is a kind of key transformation mechanism between ciphertext, during proxy re-encryption, one and half trusted agent people (such as intelligent contract
System 2) ciphertext of the public key encryption with donor is turned by the transition key of agent authorization people (such as second user) generation
The ciphertext of the public key encryption with licensee (such as first user) is turned to, in this process, agent cannot get data
Cleartext information, to reduce leaking data risk.Also, licensee can download the ciphertext, only be with the private key of oneself
It can decrypt.
S30 obtains the re-encrypted private key from the second user, records the preset kind information of the encryption file.
The preset kind information may include exchange hour, the cryptographic hash of transaction file, transaction related side's mark letter
Breath etc..
The mapping relations data of the re-encrypted private key and the preset kind information of the encryption file are sent to the cloud by S40
Equipment 4 is stored, so that the cloud storage equipment 4 utilizes the re-encrypted private key re-encrypted encryption file, is generated corresponding heavy close
File, so that first user obtains the heavy ciphertext part and decrypts.
In the present embodiment, in addition to from the intelligence contract system 2 after obtaining the re-encrypted private key to the cloud storage equipment 4
Except the mapping relations data for sending the re-encrypted private key and the preset kind information of the encryption file, the cloud storage equipment 4 is also
Can the re-encrypted private key and the preset kind information of the encryption file be obtained from the intelligence contract system 2 in the following manner
Mapping relations data:
The cloud storage equipment 4 in real time or timing detect the intelligence contract system 2 whether generate new re-encrypted private key and
The mapping relations data of the preset kind information of file are encrypted, and are detecting the default of the re-encrypted private key and the encryption file
After the mapping relations data of type information, the default of the re-encrypted private key and the encryption file is obtained from the intelligence contract system 2
The mapping relations data of type information.
In addition, the mode that first user obtains the heavy ciphertext part can be the cloud storage equipment 4 by generation this is heavy close
File is sent to first user and is decrypted, alternatively, first user downloads the heavy ciphertext part simultaneously from the cloud storage equipment 4
Decryption.
It is worth noting that, a complete proxy re-encryption process is generally made of following 8 algorithms:
1, system establishes algorithm Setup (1k).Input security parameter 1k, generate system parameter required for proxy re-encryption
params.Following algorithm default input includes system parameter params.
2, key schedule KeyGen (IDi).Input User IDi(such as second user) exports private key for user ski(example
Such as the private key skA of second user).
3, the 2nd layer of ciphertext Encryption Algorithm Enc2(m,y,pki).Input plaintext m, re-encryption condition y and client public key pki(example
Such as the public key pkA of second user), export 1 the 2nd layer of ciphertext ci(such as ciphertext cA).2nd layer of ciphertext can be added again subsequent
It is dense at first layer ciphertext.
4, proxy re-encrypted private key generating algorithm RKeyGen (ski,pkj,y).Input User IDiPrivate key ski(such as the
The private key skA of two users) and User IDjPublic key pkj(such as public key pkB of the first user) and condition y, algorithm generate generation
Manage re-encrypted private key rki->j(such as re-encrypted private key rkA- > B).
5, proxy re-encryption algorithm ReEnc (rki->j,ci).Input re-encrypted private key rki->j(such as re-encrypted private key rkA-
> B) and one be directed to User IDiThe 2nd layer of ciphertext ci(such as ciphertext cA) generates one and is directed to User IDjThe 1st layer of ciphertext cj
(such as ciphertext cB).
6, the 1st layer of ciphertext Encryption Algorithm Enc1(m,pkj).Input plaintext m and User IDjPublic key pkj(such as the first use
The public key pkB at family), it generates one and is directed to User IDjThe 1st layer of ciphertext cj(such as ciphertext cB).
7, the 2nd layer of ciphertext decipherment algorithm Dec2(ski,ci).Input User IDiPrivate key ski(such as the private key of second user
SkA) and one is directed to IDiThe 2nd layer of ciphertext ci(such as ciphertext cA) exports plaintext m.
8, the 1st layer of ciphertext decipherment algorithm Dec1(skj,cj).Input User IDjPrivate key skj(such as the private key of the first user
SkB) and one is directed to IDjThe 1st layer of ciphertext cj(such as ciphertext cB) exports plaintext m.
Also, algorithm above should meet following condition:
Dec2(ski,Enc2(m,y,pki))=m;
Dec1(skj,Enc1(m,pkj))=m;And
Dec1(skj,ReEnc(m,RKeyGen(ski,pkj,y),Enc2(m,y,pki)))=m.
From above procedure as can be seen that the public key (pkA) for one in cloud storage equipment 4 according to second user generates
Encryption file (cA), when second user is according to the first public key (pkB) of the first user and the first private key (skA) of second user
After generating re-encrypted private key (rkA- > B), cloud storage equipment 4, which can use re-encrypted private key (rkA- > B) re-encrypted, to be added
Ciphertext part (cA) obtains weight ciphertext part (cB).After the first user obtains heavy ciphertext part (cB) from cloud storage equipment 4, only need
The private key (skB) that use oneself, can decrypt the heavy ciphertext part (cB), obtain plaintext m.
The cloud storage data encryption and transmission method that the present embodiment proposes can be used by proxy re-encryption algorithm according to second
The first public key of first user of first private key and initiation transaction request at family generates corresponding re-encrypted private key, and via intelligence
Contract system 2 is sent to cloud storage equipment 4, to make cloud storage equipment 4 will be with the public affairs of second user according to the re-encrypted private key
The ciphertext of key encryption is converted into the ciphertext of the public key encryption with the first user, and in this process, intelligent contract system 2 cannot get
The cleartext information of data, to reduce leaking data risk.Also, the first user can download the ciphertext, only with oneself
Private key can be decrypted, and data trade related side does not need to be related to the process of key exchange during same files,
Effectively prevent the risk of leaking data caused by divulging a secret because of key.
It is the functional block diagram for the intelligent contract system that second embodiment of the invention proposes referring to Fig. 3, Fig. 3.The intelligence
Energy contract system 2 operates in block chain network system 1.
In the present embodiment, intelligent contract system 2 includes a series of meter being stored in memory (not shown)
Calculation machine program instruction, such as cloud storage Data Encryption Transmission program 01.When the computer program instructions (are not shown by processor in figure
When executing out), the cloud storage Data Encryption Transmission operation in the present invention may be implemented.Based on the computer program instructions each section
The specific operation realized, the intelligence contract system 2 can be divided into one or more units.For example, in Fig. 3, it should
Intelligent contract system 2 may include receiving unit 202, computing unit 204, acquiring unit 206 and transmission unit 208.Wherein:
Receiving unit 202 is directed to an encryption being stored in cloud storage equipment 4 text for receiving the first Client-initiated
The first public key (pkB) of the transaction request of part and first user.
Computing unit 204, for sending the first public of first user to the second user for the encryption file of having the right to trade
Key, so that re-encrypted private key is calculated using the first private key (skA) of first public key and the second user in the second user
(rkA->B)。
Acquiring unit 206 records the preset kind of the encryption file for obtaining the re-encrypted private key from the second user
Information.
Transmission unit 208, for by the mapping relations number of the re-encrypted private key and the preset kind information of the encryption file
According to the cloud storage equipment 4 is sent to, so that the cloud storage equipment 4 utilizes the re-encrypted private key re-encrypted encryption file, life
At corresponding heavy ciphertext part, so that first user obtains the heavy ciphertext part and decrypts.
The concrete function explanation of above-mentioned each unit please refers to above-mentioned first embodiment, and details are not described herein.
The intelligent contract system 2 that the present embodiment proposes can will initiate the first public key hair of the first user of transaction request
It send to second user, so that second user is by proxy re-encryption algorithm according to the first private key and first public key of second user
Corresponding re-encrypted private key is generated, and the re-encrypted private key is sent to cloud storage equipment 4, to make 4 basis of cloud storage equipment
The re-encrypted private key will be converted into the ciphertext of public key encryption with the first user with the ciphertext of the public key encryption of second user, at this
During a, intelligent contract system 2 cannot get the cleartext information of data, to reduce leaking data risk.Also, first uses
Family can download the ciphertext, only can be decrypted with the private key of oneself, data trade related side during same files not
It needs to be related to the process of key exchange, also effectively prevents the risk of leaking data caused by divulging a secret because of key.
Referring to the process signal that Fig. 4, Fig. 4 are the cloud storage data encryption and transmission method that third embodiment of the invention proposes
Figure.
In the present embodiment, this method is applied to cloud storage equipment 4.This method comprises:
S12 receives and stores the encryption file of second user upload.
In the present embodiment, which can be the lawful owner of the encryption file.Encryption file (cA) root
It is generated according to the public key (pkA) of plaintext m, re-encryption condition y and second user, i.e. cA=Enc2(m,y,pkA)。
S22 obtains re-encrypted private key from intelligent contract system 2 and encrypts the mapping relations of the preset kind information of file
Data.
In the present embodiment, intelligent contract system 2 receive initiate for the encryption file transaction request first
After the first public key (pkB) of user, which is sent to second user.Second user is according to predetermined agency weight
Encryption Algorithm carries out operation to the first private key (skA) of the second user and the first public key (pkB) of the first user, is corresponded to
Re-encrypted private key (rkA- > B), be then forwarded to intelligent contract system 2.The preset kind information may include exchange hour,
Cryptographic hash, transaction related side's identification information of transaction file etc..
The cloud storage equipment 4 can obtain the re-encrypted private key and should add from the intelligence contract system 2 in the following manner
The mapping relations data of the preset kind information of ciphertext part:
Receive the pre- of the re-encrypted private key that the intelligence contract system 2 is sent to the cloud storage equipment 4 and the encryption file
If the mapping relations data of type information;Or
The cloud storage equipment 4 in real time or timing detect the intelligence contract system 2 whether generate new re-encrypted private key and
The mapping relations data of the preset kind information of file are encrypted, and are detecting the default of the re-encrypted private key and the encryption file
After the mapping relations data of type information, the default of the re-encrypted private key and the encryption file is obtained from the intelligence contract system 2
The mapping relations data of type information.
S32 determines the encryption file to re-encryption, and benefit according to the preset kind information of acquired encryption file
With acquired re-encrypted private key corresponding with the encryption file that is determining, the encryption file determined add again
It is close, corresponding heavy ciphertext part is generated, so that the first user obtains the heavy ciphertext part and decrypts.
In the present embodiment, cloud storage equipment 4 is determined according to the preset kind information of acquired encryption file first
To the encryption file (cA) of re-encryption, corresponding re-encrypted private key (rkA- > B) re-encrypted encryption file is then utilized
(cA), weight ciphertext part (cB), i.e. cB=ReEnc (rkA- > B, cA) are obtained.
It initiates to obtain the heavy ciphertext from the cloud storage equipment 4 for the first user of the transaction request of the encryption file (cA)
After part (cB), it is only necessary to using the private key (skB) of oneself, the heavy ciphertext part (cB) can be decrypted, obtain plaintext m.First use
The mode that family obtains the heavy ciphertext part can be the cloud storage equipment by the heavy ciphertext part of generation be sent to first user into
Row decryption, alternatively, first user is from the cloud storage device downloads heavy ciphertext part and decrypts.
The cloud storage data encryption and transmission method that the present embodiment proposes, can pass through getting from intelligent contract system 2
Proxy re-encryption algorithm is generated according to the first public key of the first private key of second user and the first user of initiation transaction request
After re-encrypted private key, it will be converted into the ciphertext of the public key encryption of second user by cloud storage equipment 4 according to the re-encrypted private key
With the ciphertext of the public key encryption of the first user, in this process, intelligent contract system 2 cannot get the cleartext information of data, from
And reduce leaking data risk.Also, the first user can download the ciphertext, can only be decrypted with the private key of oneself, data
Transaction related side does not need to be related to the process of key exchange during same files, effectively prevents letting out because of key yet
The risk of leaking data caused by close.
It is the schematic diagram of internal structure for the cloud storage equipment that fourth embodiment of the invention proposes referring to Fig. 5, Fig. 5.
In the present embodiment, cloud storage equipment 4 can be the block chain equipment that Cloud Server etc. has cloud storage function.
The cloud storage equipment 4 may include memory 11, processor 12 and bus 13.
Wherein, memory 11 include at least a type of readable storage medium storing program for executing, the readable storage medium storing program for executing include flash memory,
Hard disk, multimedia card, card-type memory (for example, SD or DX memory etc.), magnetic storage, disk, CD etc..Memory 11
It can be the internal storage unit of cloud storage equipment 4, such as the hard disk of cloud storage equipment 4 in some embodiments.Memory 11
It is also possible to the grafting being equipped on the External memory equipment of cloud storage equipment 4, such as cloud storage equipment 4 in further embodiments
Formula hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card
(Flash Card) etc..Further, memory 11 can also both internal storage units including cloud storage equipment 4 or including outer
Portion stores equipment.Memory 11 can be not only used for the application software and Various types of data that storage is installed on cloud storage equipment 4, such as
The code etc. of cloud storage Data Encryption Transmission program 02 can be also used for temporarily storing the number that has exported or will export
According to.
Processor 12 can be in some embodiments a central processing unit (Central Processing Unit,
CPU), controller, microcontroller, microprocessor or other data processing chips, the program for being stored in run memory 11
Code or processing data, such as execute cloud storage Data Encryption Transmission program 02 etc..
The bus 13 can be Peripheral Component Interconnect standard (peripheral component interconnect, abbreviation
PCI) bus or expanding the industrial standard structure (extended industry standard architecture, abbreviation EISA)
Bus etc..The bus can be divided into address bus, data/address bus, control bus etc..For convenient for indicating, in Fig. 5 only with one slightly
Line indicates, it is not intended that an only bus or a type of bus.
Further, cloud storage equipment 4 can also include network interface 14, and network interface 14 optionally may include wired
Interface and/or wireless interface (such as WI-FI interface, blue tooth interface), commonly used in being set in the cloud storage equipment 4 with other electronics
Communication connection is established between standby.
Optionally, cloud storage equipment 4 can also include user interface, user interface may include display (Display),
Input unit such as keyboard (Keyboard), optional user interface can also include standard wireline interface and wireless interface.It can
Selection of land, in some embodiments, display can be light-emitting diode display, liquid crystal display, touch-control liquid crystal display and OLED
(Organic Light-Emitting Diode, Organic Light Emitting Diode) touches device etc..Wherein, display can also be appropriate
Referred to as display screen or display unit, for being shown in the information handled in cloud storage equipment 4 and for showing visual use
Family interface.
Fig. 5 illustrates only the cloud storage equipment 4 with component 11-14 and cloud storage Data Encryption Transmission program 02, this
Field technical staff may include ratio it is understood that the structure shown in Fig. 5 does not constitute the restriction to cloud storage equipment 4
It illustrates less perhaps more components and perhaps combines certain components or different component layouts.
In 4 embodiment of cloud storage equipment shown in Fig. 5, as being stored in a kind of memory 11 of computer storage medium
The program code of cloud storage Data Encryption Transmission program 02, processor 12 execute above-mentioned cloud storage Data Encryption Transmission program 02
When program code, following method is realized:
(1) the encryption file of second user upload is received and stored.
(2) re-encrypted private key is obtained from intelligent contract system 2 and encrypt the mapping relations of the preset kind information of file
Data.
(3) according to the preset kind information of acquired encryption file, the encryption file to re-encryption is determined, and utilize
Acquired re-encrypted private key corresponding with the encryption file that is determining add again to the encryption file determined
It is close, corresponding heavy ciphertext part is generated, so that the first user obtains the heavy ciphertext part and decrypts.
The detailed description of the above method please refers to above-mentioned 3rd embodiment, and details are not described herein.
The cloud storage equipment 4 that the present embodiment proposes, can be calculated getting from intelligent contract system 2 by proxy re-encryption
After re-encrypted private key of the method according to the first public key generation of the first private key of second user and the first user of initiation transaction request,
Public affairs with the first user will be converted into the ciphertext of the public key encryption of second user according to the re-encrypted private key by cloud storage equipment 4
The ciphertext of key encryption, in this process, intelligent contract system 2 cannot get the cleartext information of data, let out to reduce data
It divulges a secret danger.Also, the first user can download the ciphertext, can only be decrypted with the private key of oneself, data trade related side is handing over
It does not need to be related to the process of key exchange during easy data file, effectively prevents data caused by divulging a secret because of key yet
The risk of leakage.
The present invention also provides another embodiments, that is, provide a kind of computer readable storage medium, above-mentioned computer
Readable storage medium storing program for executing is stored with cloud storage Data Encryption Transmission program 01 or 02, above-mentioned cloud storage Data Encryption Transmission program 01 or
02 can be executed by least one processor, so that at least one above-mentioned processor executes such as above-mentioned first embodiment or third and implements
The cloud storage data encryption and transmission method of example.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or any combination thereof real
It is existing.When implemented in software, it can entirely or partly realize in the form of a computer program product.
The computer program product includes one or more computer instructions.Load and execute on computers the meter
When calculation machine program instruction, entirely or partly generate according to process or function described in the embodiment of the present invention.The computer can
To be general purpose computer, special purpose computer, computer network or other programmable devices.The computer instruction can be deposited
Storage in a computer-readable storage medium, or from a computer readable storage medium to another computer readable storage medium
Transmission, for example, the computer instruction can pass through wired (example from a web-site, computer, server or data center
Such as coaxial cable, optical fiber, Digital Subscriber Line (DSL)) or wireless (such as infrared, wireless, microwave) mode to another website
Website, computer, server or data center are transmitted.The computer readable storage medium can be computer and can deposit
Any usable medium of storage either includes that the data storages such as one or more usable mediums integrated server, data center are set
It is standby.The usable medium can be magnetic medium, (for example, floppy disk, hard disk, tape), optical medium (for example, DVD) or partly lead
Body medium (such as solid state hard disk Solid State Disk (SSD)) etc.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, device and method can be with
It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit
It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components
It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or
The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of device or unit
It closes or communicates to connect, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product
When, it can store in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially
The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words
It embodies, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can be personal computer, server or the network equipment etc.) executes the complete of each embodiment the method for the application
Portion or part steps.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only
Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various can store journey
The medium of sequence code.
It should be noted that the serial number of the above embodiments of the invention is only for description, do not represent the advantages or disadvantages of the embodiments.And
The terms "include", "comprise" herein or any other variant thereof is intended to cover non-exclusive inclusion, so that packet
Process, device, article or the method for including a series of elements not only include those elements, but also including being not explicitly listed
Other element, or further include for this process, device, article or the intrinsic element of method.Do not limiting more
In the case where, the element that is limited by sentence "including a ...", it is not excluded that including process, device, the article of the element
Or there is also other identical elements in method.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.