CN109787747A - Anti- quantum calculation multi-enciphering cloud storage method and system based on multiple unsymmetrical key ponds - Google Patents
Anti- quantum calculation multi-enciphering cloud storage method and system based on multiple unsymmetrical key ponds Download PDFInfo
- Publication number
- CN109787747A CN109787747A CN201811638175.XA CN201811638175A CN109787747A CN 109787747 A CN109787747 A CN 109787747A CN 201811638175 A CN201811638175 A CN 201811638175A CN 109787747 A CN109787747 A CN 109787747A
- Authority
- CN
- China
- Prior art keywords
- key
- defence
- file
- public
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The present invention relates to a kind of anti-quantum calculation multi-enciphering cloud storage method and system based on multiple unsymmetrical key ponds, user terminal is furnished with key card, the ciphertext formed using file key data file encryption is encrypted again, and by file key upload server in an encrypted form;Server receives user terminal personal key, data key, the public and private key pointer random number of defence, the ciphertext of encryption, the defence key for defending public key encryption;User terminal downloads each parameter value, obtains file key using identity private key in one's own side's key card, and using defending public and private key pointer to obtain ciphertext, file key decrypts ciphertext and obtains data file.In cloud storage overall process, server can not contact all kinds of keys of user terminal and data file, and the ciphertext stored on server has carried out further encryption using defence public key, simultaneously with only to public key disclosed in key card to file key encryption, using key card storage of public keys, the setting of key card reduces a possibility that stealing key by Malware.
Description
Technical field
The present invention relates to cloud storage field more particularly to a kind of anti-quantum calculation multi-encipherings based on unsymmetrical key pond
Cloud storage method and system.
Background technique
With the development of science and technology, cloud storage has increasingly becomed a kind of trend, various cloud storage technologies emerge one after another, and are
Guarantee the safety of cloud storage data, it will usually guarantee the safety of data using various encryption methods, for example, can pass through
Asymmetric-key encryption guarantees the safeties of data, asymmetric-key encryption need to be respectively completed using different keys plus
Close and decryption oprerations, one publishes, i.e. public key, another is saved by user oneself is secret, i.e. private key.Information transmitter is used
Public key goes to encrypt, and information receiver goes to decrypt with private key;Or information transmitter goes to encrypt with private key, and information receiver uses
Public key goes to decrypt.
Due to mostly using shared storage in cloud storage, this makes service provider need to control private key, leads to private key
Safety is lower.Publication No. CN103236934A, the invention of entitled " a kind of method of cloud storage security control " are special
Sharp document discloses a kind of for solving the problems, such as the lower method of private key safety.The invention uses two different encryptions
Mode encrypts the private key of user and stores respectively.
As most people is understood, quantum computer has great potential in password cracking.Mainstream is non-now
Symmetrically (public key) Encryption Algorithm, such as RSA cryptographic algorithms, it is most of to be all based in factorization or the finite field of big integer
The two difficult math questions of the calculating of dispersion index.Their difficulty that cracks also is dependent on the efficiency solved these problems.Tradition
On computer, it is desirable that solve the two difficult math questions, the cost time is the exponential time (to crack the time with the growth of public key length
Increased with exponential), this is unacceptable in practical applications.It and is that your elegant algorithm for making to measure of quantum computer can be with
In polynomial time (time is cracked as the growth of public key length is increased with the speed of k power, wherein k is long with public key
Spend unrelated constant) carry out integer factorization or discrete logarithm and calculate, thus for RSA, discrete logarithm Encryption Algorithm it is broken
Solution provides may.
There are the demand of cloud in data in current enterprise or public institution sometimes, and public cloud is generally not susceptible to these units letter
Appoint, is considered the possible problematic or key of information security and is easy to be obtained and cracked by hacker, therefore cause public cloud visitor
There is trouble and worry at family to cloud in data.
Problem of the existing technology:
(1) key storage is carried out on Cloud Server has certain risk.Public cloud client looks back cloud in data
Sorrow.
(2) invention of Publication No. CN103236934A, entitled " a kind of method of cloud storage security control " are special
Sharp document encrypts file key using client public key, due to quantum calculation function obtain quickly through public key it is corresponding
Private key, therefore the program is easy to be cracked by quantum computer.
Summary of the invention
Based on this, it is necessary in view of the above-mentioned problems, it is more to provide a kind of anti-quantum calculation based on multiple unsymmetrical key ponds
Re-encryption cloud storage method and system.
A kind of anti-quantum calculation multi-enciphering cloud storage method based on multiple unsymmetrical key ponds, user terminal is configured with close
Key card, the user terminal form ciphertext using file key data file encryption and ciphertext are uploaded to service in an encrypted form
Device, the file key be generated using generator in key card, and the user terminal by the file key in an encrypted form
It is uploaded to the server;
The cipher mode of the ciphertext includes: to generate defence key, defence key encryption using generator in key card
The ciphertext is simultaneously uploaded to the server, meanwhile, prevented using defending public and private key pointer random number to generate in conjunction with the key card
Public key is driven, the server is uploaded after defence key described in the defence public key encryption, while what is uploaded further includes that the defence is public
Private key pointer random number;
The file key cipher mode is to encrypt the file key using identity public key to obtain personal key, and make
The file key, which is encrypted, with file characteristic value obtains data key;The personal key, the data key are respectively as adding
The file key of close form is sent to the server.
Currently there are many storage cloud services, including many public clouds.The server of storage cloud is referred to as server, at
Storage cloud client used in member is user terminal.
User terminal is the equipment of access storage cloud in the present embodiment, can be mobile terminal, or be fixed terminal.User terminal is equal
Equipped with key card, the side of issuing of key card is the supervisor side of key card, generally the administrative department of certain enterprise or public institution;
The employees at different levels of the member that the key card side of being awarded is managed by the supervisor side of key card, generally certain enterprise or public institution,
It carries out cloud data access using user terminal.Supervisor side's application that user terminal arrives key card first is opened an account.When user terminal carries out
Register it is granted after, key card (have unique key card ID) will be obtained.Key card stores client enrollment register information,
It is also built-in with identity authentication protocol, key schedule and verification function is included at least or other is relevant to authentication
Algorithm.
The user terminal has one or more in one of the embodiments, stores in the key card of each user terminal configuration
There is identical pool of keys, the pool of keys includes defence unsymmetrical key pond, identity unsymmetrical key pond, and the defence is asymmetric
Pool of keys, identity unsymmetrical key pond include public key area and private key area, and the user terminal for uploading data file passes through one's own side
Key card in generator generate file key with data file encryption, the user terminal of downloading data file, which utilizes, comes from server
The pool of keys of true random number combination one's own side solve file key accordingly to decrypt data file.
User side key in key card is all downloaded from down the same quantum network service station, and to the master of the same key card
For Guan Fang, the pool of keys stored in each key card for issuing is completely the same.Preferably, what is stored in key card is close
Key pond size can be 1G, 2G, 4G, 8G, 16G, 32G, 64G, 128G, 256G, 512G, 1024G, 2048G, 4096G etc..Its
Capacity depends on requirement of the supervisor side to safety, and capacity is bigger, and safety is higher.In the present invention, the key zone of key card such as Fig. 2
It is shown, it is divided into defence unsymmetrical key pond (public/private keys), identity unsymmetrical key pond (public key) and identity unsymmetrical key
(private key).Wherein, the public key and private key for defending unsymmetrical key pond correspond, and the public key area in identity unsymmetrical key pond possesses
This organizes the public key of all users, and the private key area in identity unsymmetrical key pond stores the private key of this user.
The identity public key encryption file key obtains the generation method packet of personal key in one of the embodiments,
It includes: identity public key pointer random number combination identity public key pointer function being obtained into identity public key pointer, is referred to using the identity public key
Needle extracts corresponding identity public key from the key card, which obtains the personal key.
In one of the embodiments, the generation method of the defence public key include: by the public and private key pointer of the defence with
Machine number combines defence public key pointer function to obtain defence public key pointer, is extracted from the key card using the defence public key pointer
Corresponding defence public key.
The hash value of data file is uploaded to the server by the user terminal in one of the embodiments, described
Whether hash value carries out the mark of duplicate removal as shown server.
A kind of anti-quantum calculation multi-enciphering cloud storage method based on multiple unsymmetrical key ponds, server are received and are deposited
The data file of the multi-enciphering from user terminal is stored up, and receives and stores personal key from user terminal and data are close
Key;
The encryption method of the data file of the multi-enciphering includes: the file key generated using generator in key card
Data file encryption forms ciphertext, enables the defence key that generator generates in key card encrypt the ciphertext and forms multi-enciphering
Data file, meanwhile, public and private key pointer random number combination key card will be defendd to generate defence public key, enabled described in defence public key encryption
Key is defendd, the server receives and stores the public and private key pointer random number of the defence, the data file of multi-enciphering, defence
The defence key of public key encryption;
The generating mode of the personal key is to encrypt the file key using identity public key to obtain personal key;
The generating mode of the data key is to encrypt the file key using file characteristic value to obtain data key.
The server also receives and stores the data file from the user terminal in one of the embodiments,
Hash value, wherein whether the hash value of the data file carries out the sign of duplicate removal as server;
When server judges duplicate removal according to the sign, the server is close to user terminal transmission data
Key;
When server is not required to duplicate removal according to sign judgement, the data from the user terminal are received and stored
The hash value of file.
A kind of anti-quantum calculation multi-enciphering cloud storage system based on multiple unsymmetrical key ponds, including server and use
Family end,
User terminal is configured with key card, and the user terminal using file key data file encryption forms ciphertext and by ciphertext
It is uploaded to server in an encrypted form, the file key is to generate using generator in key card, and the user terminal will
The file key is uploaded to the server in an encrypted form;
The cipher mode of the ciphertext includes: to generate defence key, defence key encryption using generator in key card
The ciphertext is simultaneously uploaded to the server, meanwhile, prevented using defending public and private key pointer random number to generate in conjunction with the key card
Public key is driven, the server is uploaded after defence key described in the defence public key encryption, while what is uploaded further includes that the defence is public
Private key pointer random number;
The file key cipher mode is to encrypt the file key using identity public key to obtain personal key, and make
The file key, which is encrypted, with file characteristic value obtains data key;The personal key, the data key are respectively as adding
The file key of close form is sent to the server;
Institute's server receive and store personal key from user terminal, data key, the public and private key pointer random number of defence,
The ciphertext of encryption, the defence key for defending public key encryption;
User terminal is downloaded personal key, the public and private key pointer random number of defence, the defence key for defending public key encryption and is added
Close ciphertext, user terminal decrypt the personal key using the identity private key in the key card that one's own side is configured and obtain file
Key is extracted defence private key in conjunction with the key card using the public and private key pointer random number of defence, is obtained using the defence private key
It must defend key and then obtain ciphertext, decrypt the ciphertext using the file key and obtain data file.
The generation method of the defence private key includes: that will defend public and private key pointer random number in one of the embodiments,
Defence private key pointer is obtained in conjunction with defence private key pointer function, extracts correspondence from the key card using the defence private key pointer
Defence private key.
A kind of above-mentioned anti-quantum calculation multi-enciphering cloud storage method and system based on multiple unsymmetrical key ponds, including
User terminal and server, user terminal are configured with key card, and user terminal utilizes file key data file encryption and in an encrypted form
It is uploaded to server, and file key is uploaded to server by user terminal in an encrypted form;Server receives and stores to use by oneself
The personal key at family end, the public and private key pointer random number of defence, the ciphertext of encryption, defends the defence of public key encryption close at data key
Key;User terminal downloads the close of personal key, the public and private key pointer random number of defence, the defence key of defence public key encryption and encryption
Text, user terminal decrypt the personal key using the identity private key in the key card that one's own side is configured and obtain file key,
Defence private key is extracted in conjunction with the key card using the public and private key pointer random number of defence, is defendd using the defence private key
Key obtains ciphertext in turn, decrypts the ciphertext using the file key and obtains data file.In cloud storage overall process, clothes
Business device can not touch all kinds of keys of user terminal (public key, private key, file key etc.) and plaintext data file, while server
The personal key and data key of upper storage are the file key encrypted using distinct methods, and the ciphertext stored on server makes
Further encryption has been carried out with defence public key.Using only adding to public key disclosed in key card to file key in the present embodiment
It is close, and key card storage of public keys is used, key card is independent hardware isolated equipment, substantially reduces and is grasped by Malware or malice
A possibility that stealing key.Since quantum computer is unable to get client public key, it is then also unable to get corresponding private key, because
This program is not easy to be cracked by quantum computer.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of cloud storage system provided in an embodiment of the present invention;
Fig. 2 is the key zone structural schematic diagram of user terminal provided in an embodiment of the present invention;
Fig. 3 is defence unsymmetrical key pond provided in an embodiment of the present invention storage mode flow chart;
Fig. 4 is identity unsymmetrical key provided in an embodiment of the present invention pond storage mode flow chart;
Fig. 5 is the public and private key reading manner flow chart of defence provided in an embodiment of the present invention;
(a) is partially defence public key reading manner flow chart in figure;
(b) is partially defence private key reading manner flow chart in figure.
Fig. 6 is identity public key reading manner flow chart provided in an embodiment of the present invention
Fig. 7 is the storage method timing diagram for being not required to duplicate removal that the embodiment of the present invention 1 provides;
Fig. 8 is the storage method timing diagram for needing duplicate removal that the embodiment of the present invention 1 provides;
Fig. 9 is the schematic diagram of certain file storage area of server provided in an embodiment of the present invention;
Figure 10 is the timing diagram for the read method that the embodiment of the present invention 2 provides.
Specific embodiment
In following steps, operates in many places that each user terminal is related to, all carried out in matched key card.
A kind of anti-quantum calculation multi-enciphering cloud storage system based on multiple unsymmetrical key ponds, including server and use
Family end,
User terminal is configured with key card, and the user terminal using file key data file encryption forms ciphertext and by ciphertext
It is uploaded to server in an encrypted form, the file key is to generate using generator in key card, and the user terminal will
The file key is uploaded to the server in an encrypted form;
The cipher mode of the ciphertext includes: to generate defence key, defence key encryption using generator in key card
The ciphertext is simultaneously uploaded to the server, meanwhile, prevented using defending public and private key pointer random number to generate in conjunction with the key card
Public key is driven, the server is uploaded after defence key described in the defence public key encryption, while what is uploaded further includes that the defence is public
Private key pointer random number;
The file key cipher mode is to encrypt the file key using identity public key to obtain personal key, and make
The file key, which is encrypted, with file characteristic value obtains data key;The personal key, the data key are respectively as adding
The file key of close form is sent to the server;
Institute's server receive and store personal key from user terminal, data key, the public and private key pointer random number of defence,
The ciphertext of encryption, the defence key for defending public key encryption;
User terminal is downloaded personal key, the public and private key pointer random number of defence, the defence key for defending public key encryption and is added
Close ciphertext, user terminal decrypt the personal key using the identity private key in the key card that one's own side is configured and obtain file
Key is extracted defence private key in conjunction with the key card using the public and private key pointer random number of defence, is obtained using the defence private key
It must defend key and then obtain ciphertext, decrypt the ciphertext using the file key and obtain data file.
Fig. 1 is the structural schematic diagram of cloud storage system provided in an embodiment of the present invention, and user terminal includes:
This hash value is uploaded to service by hash value computing module, the hash value of the data file for calculating new user
Device, for whether there is the data file with identical hash value in the judgement of server judgment module storing data file.
Key production module, it is matched by the user terminal when result judged for the judgment module in server is no
Generator, that is, randomizer generates file key kf in key card.
The key production module of user terminal be also used for storage of public keys defence unsymmetrical key pond and identity it is asymmetric
Pool of keys.Defence unsymmetrical key pond (public key) is expressed as DPKP, and defence unsymmetrical key pond (private key) is expressed as DSKP, identity
Unsymmetrical key pond (public key) is expressed as IPKP, and identity unsymmetrical key (private key) is expressed as ISK.
It defends the storage mode in unsymmetrical key pond as shown in figure 3, verbal description is as follows: defence is taken at random to some user
Public and private key pointer random number rd defends public and private key pointer random number rd that specific defence public key pointer function fpp is combined to be prevented
Imperial public key pointer pp and the defence public key pk that the user is stored in from the corresponding position in defence unsymmetrical key pond DPKP;Defence is public
Private key pointer random number rd combines specific defence private key pointer function fsp to obtain defence private key pointer sp and asymmetric from defending
Corresponding position in pool of keys DSKP is stored in the defence private key sk of the user.Defending public key pk and defence private key sk is pairs of public affairs
Private key pair.
The storage mode in identity unsymmetrical key pond is as shown in figure 4, verbal description is as follows: taking identity at random to some user
Public key pointer random number rk obtains identity public key pointer rkp in conjunction with specific identity public key pointer function frkp and from corresponding
Corresponding position in identity unsymmetrical key pond IPKP is stored in the identity public key krk of the user.
Encryption/decryption module, for being encrypted using file key to data file;And utilize two kinds of different encryption sides
Formula carries out encryption to file key kf and forms personal key and data key;Wherein, using user identity private key as decruption key pair
Personal key can obtain file key kf after being decrypted;Using the characteristic value of data file before encrypting as decruption key logarithm
File key kf can be obtained after being decrypted according to key.
Server includes:
Memory module, for the hash value of storage file, encrypted data file, the personal key of encryption and encryption
Data key;
Judgment module judges for duplicate removal, before the data file of storage user, judgement in storing data file whether
There are identical data file and notify key authorization module;If the determination result is YES, then notify key authorization module to user
End send encryption data key, if judging result be it is no, by the hash value received be sent to memory module preservation.
Key authorization module, when result for judging in judgment module is is, the data for sending encryption to user terminal are close
Key sends the information without same data file to user terminal when the result that judgment module judges is no.
Key authorization module is divided into sending submodule again and receives submodule.Sending submodule for send data key or
Information receives submodule for receiving the personal key of the user from user terminal, data key and encrypted
Data file sends it to memory module preservation.
The present invention is further described in detail below with reference to the accompanying drawings and embodiments.It should be appreciated that described herein
Specific embodiment is used only for explaining the present invention, is not intended to limit the present invention.
Embodiment 1
The hash value of data file is uploaded to server by step 1.1. user terminal: before user terminal uploads data file,
The hash value of data file is first calculated, and the hash value is uploaded to server.Server, will be right in order to mitigate storage pressure
File carries out ciphertext duplicate removal, i.e. identification duplicate file.
Step 1.2. server identifies duplicate file: server accounts for the hash value of file to identify repetition text
Part thinks have identical data file to need duplicate removal if two parts of file hash values having the same.If server judges
Duplicate removal is not needed, server saves this hash value received and executes step 1.3.If desired duplicate removal, server execute step
1.4。
It will be understood by those skilled in the art that in some cases, same user may successively upload same data text
Part, then server end is if it is determined that the data file derives from when the user expects to upload again and uploaded data file
Same user will not execute any operation.
If step 1.3. server does not need duplicate removal, file is stored in the timing diagram on Cloud Server as shown in fig. 7, text
Word description is as follows:
Step 1.3.1 server notice user terminal generates random number: after server saves the hash value received, by server
There is no the information with same data file to be sent to user terminal.The user terminal is identified as user terminal 1, user terminal 1 below
Identity be ID1, and so on.
Step 1.3.2 user terminal 1 handles information and the content stored on the server will be needed to be sent to server: user
End 1 receives server there is no after the information of data file having the same, and user terminal 1 occurs according to the matched true random number of institute
Device generates file key kf.
After obtaining file key kf, user terminal 1 obtains ciphertext kff using file key kf data file encryption, and encryption is calculated
Method can be symmetric encipherment algorithm;
User terminal 1 obtains personal key 1 using identity public key krk1 encryption file key kf.This patent plaintext identity public key
It is underground, only public identity public key pointer random number.The process of identity public key krk is obtained such as by identity public key pointer random number rk
Shown in Fig. 6, verbal description is as follows:
Specific identity public key pointer function frkp is combined to obtain identity using the identity public key pointer random number rk of oneself
Then public key pointer rkp takes out identity public key krk from the corresponding position in corresponding identity unsymmetrical key pond IPKP.
User terminal 1 generates file characteristic value, and obtains data key using file characteristic value encryption file key kf;File
The calculation method of characteristic value is predefined algorithm, can be but not limited to Hash calculating, compressing file or alternative document feature
Computational algorithm;
Obtaining ciphertext, after data key and personal key 1, user terminal 1 takes the public and private key pointer random number rd of defence, into
One step obtains shown in defence public key pk, process such as Fig. 5 (a), and verbal description is as follows:
Defend public and private key pointer random number rd that specific defence public key pointer function fpp is combined to obtain defence public key pointer
Then pp takes out defence public key pk from the corresponding position in corresponding defence unsymmetrical key pond DPKP.
User terminal 1 generates defence key kd according to the matched real random number generator of institute, is encrypted using defence key kd close
Literary kff reuses defence public key pk encryption defence key kd.
User terminal 1 will defend public and private key pointer random number rd, using the defence key kd of defence public key pk encryption, using anti-
The ciphertext and data key and personal key 1 of imperial key kd encryption are sent to server.
Step 1.3.3 server save corresponding information: server by the public and private key pointer random number rd of the defence received, use
The defence key kd for defending public key pk encryption, using defence key kd encryption ciphertext and data key and personal key 1 into
Row saves.
If step 1.4. server needs duplicate removal, file is stored in the timing diagram on Cloud Server as shown in figure 8, text
It is described as follows:
Step 1.4.1 server sends data key to user terminal: data key is sent to user terminal by server.Below
The user terminal is identified as user terminal 2, the identity of user terminal 2 is ID2.
Step 1.4.2 user terminal 2 handles information and the content stored on the server will be needed to be sent to server: user
After end 2 receives information, file is obtained according to Generating Data File file characteristic value, and using file characteristic value ciphertext data key
Key kf.
User terminal 2 obtains identity public key krk according to identity public key pointer random number rk, and detailed process is as shown in Figure 6.It uses
Identity public key encryption file key kf obtains personal key 2, and ID2 and personal key 2 are then sent to server.
Step 1.4.3 server saves corresponding information: server is saved after receiving ID2 and personal key 2.
After n user uploads same file, the memory block of this document is close as shown in figure 9, store documentary hash value
Literary area, data key, ID (1~n), r (1~n) and the personal key (1~n) using pk (1~n) encryption.Wherein, ciphertext area
Including defending public and private key pointer random number rd, add using the defence key kd of defence public key pk encryption and using defence key kd
Close file cipher text.File cipher text is the data file for using file key kf to encrypt.
Embodiment 2
Figure 10 is a kind of timing diagram of file reading provided in an embodiment of the present invention.
Step 2.1. user terminal uploads the ID and data file hash value of oneself: by taking user terminal n as an example, user terminal by IDn,
The hash value for wanting the file read is uploaded to server.
Corresponding information is sent to user terminal by step 2.2. server: after server receives file hash value, being found and is somebody's turn to do
The memory block of the corresponding file of hash value (defends the ciphertext area content of IDn, personal key n and this document memory block public and private
Key pointer random number rd, the defence key kd of defence public key pk encryption and the ciphertext of defence key kd encryption) it is sent to user terminal.
Step 2.3. user terminal obtains file key: to obtain file close using identity private key decryption personal key n for user terminal
Key kf.
Step 2.4. user terminal obtains data file: user terminal is by defending public and private key pointer random number rd non-right from defending
Claim to extract in pool of keys DSKP shown in defence private key sk, specific steps such as Fig. 5 (b), is decrypted and prevented using defence private key sk
Imperial key kd reuses defence key kd and decrypts to obtain ciphertext.Ciphertext is decrypted using file key, obtains data file, is completed
Reading to server file.
In cloud storage overall process of the present invention, server end can not all touch user terminal all kinds of keys (public key, private key, text
Part key etc.) and plaintext data file.Moreover, the personal key stored on server is using different from data key
The file key of method encryption, and the ciphertext stored on server has carried out further encryption using defence public key.This patent makes
With only encrypting to public key disclosed in key card to file key, and key card storage of public keys is used, key card is independent
Hardware isolated equipment, a possibility that stealing key by Malware or malicious operation, substantially reduce.Since quantum computer can not
Client public key is obtained, is then also unable to get corresponding private key, therefore the program is not easy to be cracked by quantum computer.
Disclosed above is only the embodiment of the present invention, but the present invention is not limited to this, those skilled in the art
Various changes and modifications can be made to the invention without departing from the spirit and scope of the present invention.These obvious modification and variations are equal
Should belong to the present invention claims protection scope protection in.In addition, although being used some specific terms in this specification, this
A little terms merely for convenience of description, are not constituted the present invention any specifically limited.
Each technical characteristic of the upper embodiment can be combined arbitrarily, for simplicity of description, not to above-mentioned implementation
The all possible combination of each technical characteristic in example is all described, as long as however, the combination of these technical characteristics is not present
Contradiction all should be considered as described in this specification.
The embodiments described above only express several embodiments of the present invention, and the description thereof is more specific and detailed, but simultaneously
It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art
It says, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to protection of the invention
Range.Therefore, the scope of protection of the patent of the invention shall be subject to the appended claims.
Claims (9)
1. a kind of anti-quantum calculation multi-enciphering cloud storage method based on multiple unsymmetrical key ponds, which is characterized in that user
End be configured with key card, the user terminal using file key data file encryption formed ciphertext and by ciphertext in an encrypted form
It is uploaded to server, the file key is to generate using generator in key card, and the user terminal is by the file key
It is uploaded to the server in an encrypted form;
The cipher mode of the ciphertext includes: to generate to defend key using generator in key card, described in defence key encryption
Ciphertext is simultaneously uploaded to the server, meanwhile, public affairs are defendd using defending public and private key pointer random number to generate in conjunction with the key card
Key uploads the server after defence key described in the defence public key encryption, while what is uploaded further includes the public and private key of defence
Pointer random number;
The file key cipher mode is to encrypt the file key using identity public key to obtain personal key, and use text
Part characteristic value encrypts the file key and obtains data key;The personal key, the data key are respectively as encryption shape
The file key of formula is sent to the server.
2. the anti-quantum calculation multi-enciphering cloud storage method according to claim 1 based on multiple unsymmetrical key ponds,
It is characterized in that, the user terminal has one or more, identical pool of keys, institute are stored in the key card of each user terminal configuration
Stating pool of keys includes defence unsymmetrical key pond, identity unsymmetrical key pond, and the defence unsymmetrical key pond, the identity are non-
Pool of symmetric keys includes public key area and private key area, and generator is raw in the key card that the user terminal for uploading data file passes through one's own side
At file key with data file encryption, the user terminal of downloading data file utilizes the true random number combination one's own side from server
Pool of keys solve file key accordingly to decrypt data file.
3. the anti-quantum calculation multi-enciphering cloud storage method according to claim 1 based on multiple unsymmetrical key ponds,
It is characterized in that, it includes: by identity public key pointer that the identity public key encryption file key, which obtains the generation method of personal key,
Random number combination identity public key pointer function obtains identity public key pointer, is mentioned from the key card using the identity public key pointer
Corresponding identity public key is taken, which obtains the personal key.
4. the anti-quantum calculation multi-enciphering cloud storage method according to claim 1 based on multiple unsymmetrical key ponds,
It is characterized in that, the generation method of the defence public key includes: that the public and private key pointer random number of defence is combined defence public key
Pointer function obtains defence public key pointer, and corresponding defence public key is extracted from the key card using the defence public key pointer.
5. the anti-quantum calculation multi-enciphering cloud storage method according to claim 1 based on multiple unsymmetrical key ponds,
It is characterized in that, the hash value of data file is uploaded to the server by the user terminal, the hash value is as shown clothes
Whether business device carries out the mark of duplicate removal.
6. a kind of anti-quantum calculation multi-enciphering cloud storage method based on multiple unsymmetrical key ponds, which is characterized in that service
Device receives and stores the data file of the multi-enciphering from user terminal, and receives and stores the personal key from user terminal
And data key;
The encryption method of the data file of the multi-enciphering includes: to be encrypted using the file key that generator in key card generates
Data file forms ciphertext, and the defence key that generator generates in key card is enabled to encrypt the data that the ciphertext forms multi-enciphering
File, meanwhile, public and private key pointer random number combination key card will be defendd to generate defence public key, enable and being defendd described in defence public key encryption
Key, the server receive and store the public and private key pointer random number of the defence, the data file of multi-enciphering, defence public key
The defence key of encryption;
The generating mode of the personal key is to encrypt the file key using identity public key to obtain personal key;
The generating mode of the data key is to encrypt the file key using file characteristic value to obtain data key.
7. the anti-quantum calculation multi-enciphering cloud storage method according to claim 6 based on multiple unsymmetrical key ponds,
It is characterized in that, the server also receives and stores the hash value of the data file from the user terminal, wherein the number
The sign of duplicate removal whether is carried out as server according to the hash value of file;
When server judges duplicate removal according to the sign, the server sends data key to the user terminal;
When server is not required to duplicate removal according to sign judgement, the data file from the user terminal is received and stored
Hash value.
8. a kind of anti-quantum calculation multi-enciphering cloud storage system based on multiple unsymmetrical key ponds, including server and user
End, which is characterized in that
User terminal is configured with key card, and the user terminal forms ciphertext and by ciphertext using file key data file encryption to add
Close form is uploaded to server, and the file key is to be generated using generator in key card, and the user terminal will be described
File key is uploaded to the server in an encrypted form;
The cipher mode of the ciphertext includes: to generate to defend key using generator in key card, described in defence key encryption
Ciphertext is simultaneously uploaded to the server, meanwhile, public affairs are defendd using defending public and private key pointer random number to generate in conjunction with the key card
Key uploads the server after defence key described in the defence public key encryption, while what is uploaded further includes the public and private key of defence
Pointer random number;
The file key cipher mode is to encrypt the file key using identity public key to obtain personal key, and use text
Part characteristic value encrypts the file key and obtains data key;The personal key, the data key are respectively as encryption shape
The file key of formula is sent to the server;
Institute's server receives and stores personal key, data key, the public and private key pointer random number of defence, encryption from user terminal
Ciphertext, defend public key encryption defence key;
User terminal downloads personal key, the public and private key pointer random number of defence, the defence key of defence public key encryption and encryption
Ciphertext, it is close that user terminal decrypts the personal key acquisition file using the identity private key in the key card that one's own side is configured
Key is extracted defence private key in conjunction with the key card using the public and private key pointer random number of defence, is obtained using the defence private key
Defence key obtains ciphertext in turn, utilizes the file key to decrypt the ciphertext and obtains data file.
9. the anti-quantum calculation multi-enciphering cloud storage system according to claim 8 based on multiple unsymmetrical key ponds,
It is characterized in that, the generation method of the defence private key includes: that public and private key pointer random number will be defendd to combine defence private key pointer
Function obtains defence private key pointer, and corresponding defence private key is extracted from the key card using the defence private key pointer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811638175.XA CN109787747B (en) | 2018-12-29 | 2018-12-29 | Anti-quantum-computation multi-encryption cloud storage method and system based on multiple asymmetric key pools |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811638175.XA CN109787747B (en) | 2018-12-29 | 2018-12-29 | Anti-quantum-computation multi-encryption cloud storage method and system based on multiple asymmetric key pools |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109787747A true CN109787747A (en) | 2019-05-21 |
| CN109787747B CN109787747B (en) | 2022-06-14 |
Family
ID=66499037
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811638175.XA Active CN109787747B (en) | 2018-12-29 | 2018-12-29 | Anti-quantum-computation multi-encryption cloud storage method and system based on multiple asymmetric key pools |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109787747B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110930251A (en) * | 2019-10-18 | 2020-03-27 | 如般量子科技有限公司 | Anti-quantum computing cloud storage method and system based on alliance chain and implicit certificate |
| CN112187948A (en) * | 2020-10-09 | 2021-01-05 | 中国农业银行股份有限公司四川省分行 | Method and device for uploading approval files in encrypted batch based on Springboot framework |
| CN113438238A (en) * | 2021-06-25 | 2021-09-24 | 北京八分量信息科技有限公司 | User information anti-theft automatic alarm system based on decentralization |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546181A (en) * | 2012-01-09 | 2012-07-04 | 西安电子科技大学 | Cloud storage encrypting and deciphering method based on secret key pool |
| CN106611128A (en) * | 2016-07-19 | 2017-05-03 | 四川用联信息技术有限公司 | Secondary encryption-based data validation and data recovery algorithm in cloud storage |
| CN108989033A (en) * | 2018-07-31 | 2018-12-11 | 如般量子科技有限公司 | A kind of cloud storage method of controlling security and system based on public keys pond |
| CN108985099A (en) * | 2018-07-31 | 2018-12-11 | 如般量子科技有限公司 | It is a kind of that cloud storage method of controlling security and system are acted on behalf of based on public keys pond |
| CN109104276A (en) * | 2018-07-31 | 2018-12-28 | 如般量子科技有限公司 | A kind of cloud storage method of controlling security and system based on pool of keys |
-
2018
- 2018-12-29 CN CN201811638175.XA patent/CN109787747B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546181A (en) * | 2012-01-09 | 2012-07-04 | 西安电子科技大学 | Cloud storage encrypting and deciphering method based on secret key pool |
| CN106611128A (en) * | 2016-07-19 | 2017-05-03 | 四川用联信息技术有限公司 | Secondary encryption-based data validation and data recovery algorithm in cloud storage |
| CN108989033A (en) * | 2018-07-31 | 2018-12-11 | 如般量子科技有限公司 | A kind of cloud storage method of controlling security and system based on public keys pond |
| CN108985099A (en) * | 2018-07-31 | 2018-12-11 | 如般量子科技有限公司 | It is a kind of that cloud storage method of controlling security and system are acted on behalf of based on public keys pond |
| CN109104276A (en) * | 2018-07-31 | 2018-12-28 | 如般量子科技有限公司 | A kind of cloud storage method of controlling security and system based on pool of keys |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110930251A (en) * | 2019-10-18 | 2020-03-27 | 如般量子科技有限公司 | Anti-quantum computing cloud storage method and system based on alliance chain and implicit certificate |
| CN110930251B (en) * | 2019-10-18 | 2023-09-29 | 如般量子科技有限公司 | Anti-quantum computing cloud storage method and system based on alliance chain and implicit certificate |
| CN112187948A (en) * | 2020-10-09 | 2021-01-05 | 中国农业银行股份有限公司四川省分行 | Method and device for uploading approval files in encrypted batch based on Springboot framework |
| CN112187948B (en) * | 2020-10-09 | 2023-04-25 | 中国农业银行股份有限公司四川省分行 | Approval file encryption batch uploading method and device based on SpringBoot framework |
| CN113438238A (en) * | 2021-06-25 | 2021-09-24 | 北京八分量信息科技有限公司 | User information anti-theft automatic alarm system based on decentralization |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109787747B (en) | 2022-06-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109151053A (en) | Anti- quantum calculation cloud storage method and system based on public asymmetric key pond | |
| CN109150519A (en) | Anti- quantum calculation cloud storage method of controlling security and system based on public keys pond | |
| CN103124269B (en) | Based on the Bidirectional identity authentication method of dynamic password and biological characteristic under cloud environment | |
| CN104219228B (en) | A kind of user's registration, user identification method and system | |
| US7913085B2 (en) | System and method of per-packet keying | |
| Janbandhu et al. | Novel biometric digital signatures for Internet‐based applications | |
| CN109104276A (en) | A kind of cloud storage method of controlling security and system based on pool of keys | |
| CN104253694B (en) | A kind of time slot scrambling for network data transmission | |
| US20110145576A1 (en) | Secure method of data transmission and encryption and decryption system allowing such transmission | |
| CN100536393C (en) | Secret shared key mechanism based user management method | |
| CN108985099A (en) | It is a kind of that cloud storage method of controlling security and system are acted on behalf of based on public keys pond | |
| US20150113283A1 (en) | Protecting credentials against physical capture of a computing device | |
| CN109543434B (en) | Block chain information encryption method, decryption method, storage method and device | |
| CN101815091A (en) | Cipher providing equipment, cipher authentication system and cipher authentication method | |
| CN106130716A (en) | Cipher key exchange system based on authentication information and method | |
| CN108989033A (en) | A kind of cloud storage method of controlling security and system based on public keys pond | |
| CN107465665A (en) | A kind of file encryption-decryption method based on fingerprint identification technology | |
| CN109495251A (en) | Anti- quantum calculation wired home cloud storage method and system based on key card | |
| CN109347923A (en) | Anti- quantum calculation cloud storage method and system based on unsymmetrical key pond | |
| CN109787747A (en) | Anti- quantum calculation multi-enciphering cloud storage method and system based on multiple unsymmetrical key ponds | |
| CN109299618B (en) | Quantum-resistant computing cloud storage method and system based on quantum key card | |
| CN111416712A (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
| CN106230840B (en) | A kind of command identifying method of high security | |
| CN109687960A (en) | Cloud storage method and system is acted on behalf of in anti-quantum calculation based on multiple public asymmetric key ponds | |
| CN106257859A (en) | A kind of password using method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |