CN110098919A - The acquisition methods of data permission based on block chain - Google Patents
The acquisition methods of data permission based on block chain Download PDFInfo
- Publication number
- CN110098919A CN110098919A CN201910346045.7A CN201910346045A CN110098919A CN 110098919 A CN110098919 A CN 110098919A CN 201910346045 A CN201910346045 A CN 201910346045A CN 110098919 A CN110098919 A CN 110098919A
- Authority
- CN
- China
- Prior art keywords
- indicate
- user
- attribute
- key
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of data permission acquisition methods based on block chain, mainly solve the problems, such as in available data authority acquiring scheme that authority acquiring is inflexible and privacy leakage, implementation are as follows: 1) generate the public private key pair of system parameter and attribute authority (aa);2) user's registration, and generate global public private key pair;3) authorization additional attribute authority and temporal properties authority;4) user encrypts data using attribute encryption technology;5) user generates re-encrypted private key, agent's re-encrypted symmetric key ciphertext;6) authority request person's ciphertext data ciphertext obtains data permission.Due to using attribute encryption technology, proxy re-encryption technology in the present invention, authority acquiring relevant information is saved using block chain simultaneously, increase the flexibility of data permission acquisition, improve the safety of data permission acquisition, it ensure that the fairness that data permission obtains, can be used for the acquisition of data permission in virtual network.
Description
Technical field
The invention belongs to technical field of network security, a kind of acquisition methods of the data permission further related to can be used
The acquisition of data permission in virtual network.
Background technique
As smart machine largely uses, more and more data are generated daily, and people recognize the valence of data gradually
Value.Traditional data trade method be easy to cause leaking data, damages the interests of data owner.Distributed trading scheme,
User needs to keep presence, auxiliary data buyer verifying and purchase data.If user time or computing capability are limited,
With regard to needing to sell data by agent.But it must be ensured that agent will not obtain any information of data content, want simultaneously
Guarantee the authenticity of data.The operation of user could be not only reduced in this way, but also guaranteed the fairness of transaction.
Patent document " the digital rights pipe for anonymous digital content shared of the Koninklike Philips Electronics N. V. in its application
Reason " (publication number: CN 109416709A, application number: 201780029276.4, the applying date: 2019.03.01) disclose a kind of use
In the method that management is shifted from the first equipment to the second equipment, digital content access right, comprising: pass through at authenticating device
Use at least one first identifying code of public key encryption at least one equipment in being piped off by the authenticating device
R1 generates the first authentication data collection C;The first authentication data collection C and the second identifying code R2 are provided from the authenticating device
The authenticating device is returned to from second equipment to first equipment, and by response message M.But this method is still
So existing shortcoming is that message M can only be transferred to another equipment from an equipment, can not incited somebody to action by each permission transfer
Message M's is transferred to multiple equipment from an equipment;And if the first equipment is malice, it is transferred out of the permission of mistake, is not had
There are effective means to guarantee the correct permission of acquisition of the second equipment.
Liu Fang et al. is (public in a kind of patent document " distributed authorization management method under scenes of internet of things " of its application
The number of opening: 109088857 A of CN, application number: 201810763942.3, applying date: 2018.07.12) in disclose one kind in object
Distributed authorization management method under networking scenario.Wherein, this method comprises:, distribution is realized using block chain technology
The permission of formula authorizes process.Using block chain can not tamper, Lai Shixian resource authorization information, the resource authorization transfer of power letter
The public audit of the important informations such as breath, in addition, Internet of Things applies the characteristic that there are " user is more ", " resource apparatus amount of access is big ",
In order to free equipment owner from licensing process, agent authorization and revocation agent authorization function are pointedly devised
Energy.It proposes using block chain technology and realizes the authorization of resource service, thoroughly solve the problems, such as single point failure, and be stored in
Information entire disclosure above block chain is transparent, and permission transfer process is all recorded on block chain, and all links of authorization are complete
The supervision of net node and control.But the shortcoming that this method still has is, due to the characteristic of block chain full disclosure, benefit
With all records such as the imparting of block chain storage permission, revocation, transfers, a degree of privacy of user leakage will cause;And it is every
One authorization messages is set as a message blocks, the carrying cost of block chain user can with time excessively rapid growth, be user with
Carry out biggish storage pressure.
Summary of the invention
It is an object of the invention in view of the above shortcomings of the prior art, propose the fictitious assets permission pipe based on block chain
Reason method, effectively to search failure cause, permission avoided to shift the leakage to privacy of user when permission is shifted and broken down,
Reduce memory space requirements.
The technical solution for realizing the object of the invention is, using attribute encryption technology encryption data, to pass through encryption attribute particulate
The permission of the access control management user of degree is generated for user decrypted private key using more attribute authority (aa)s, avoids attribute authority (aa) power
It is excessive;Using the technology of proxy re-encryption to the ciphertext re-encrypted of encryption attribute, while changing original access strategy, generation
Reason quotient can not obtain any information of data clear text;The Hash, original close of the numbers of data, description information is saved using block chain
The Hash of literary Hash, symmetric key, a permission transfer a, it is only necessary to record, the space occupied ratio are done on block chain
It is smaller;Permission shifts when something goes wrong, and arbitration organ is by the information on block chain, the reason of decision problem;As long as permission is asked
The attribute for the person of asking meets access strategy, so that it may corresponding permission is obtained, to avoid the privacy exposure of authority request person.It is realized
Step includes the following:
(1) it initializes:
Common parameter PP needed for (1a) generates encryption attribute using security parameter, including multiplicative cyclic group G1And its it generates
Bilinear map e:G on first g and rank p and multiplicative cyclic group1×G1→GT;
(1b) is each to reside attribute authority (aa) AAKDistribution needs the attribute set managed, is generated using attribute authority (aa) key
Method generates the public private key pair of each resident attribute authority (aa)
(2) user's registration:
(2a) each user registers on block chain, obtains the public private key pair (pk on block chainu-ecc,sku-ecc);
(2b) uses user's global secret generation method, generates the global public key pk of useruAnd global private key sku;
(3) identification authorization:
The user's authorization for needing to sell data is a temporal properties authority by (3a)Manage one group of attributeMake
With attribute authority (aa) key generation method, temporal properties authority is generatedPublic private key pair
Agency's authorization is an additional attribute authority by (3b)Manage one group of attributeUse attribute authority (aa)
Key generation method generates additional attribute authorityPublic private key pair
(4) user handles data:
The symmetric key key encryption that (4a) user is generated using oneself will shift the data m of permission, obtain the ciphertext of data
cnum;
(4b) each resides attribute authority (aa) AAKIt is raw for user according to user property x using user's decruption key generation method
At decrypted private key SKj;
(4c) user uses symmetric key ciphertext generation method, obtains the ciphertext CT of symmetric key key:
(4d) user uses the hash function of impact resistant, calculates the Hash H of data ciphertextcWith the Hash H of symmetric keykey;
(4e) user generated data number num and data specifying-information desnum, and data number num, data description are believed
Cease desnum, data ciphertext cnum, symmetric key ciphertext CT be sent to agent;
(4f) user is by data number num, data specifying-information desnum, data ciphertext Hash Hc, symmetric key Kazakhstan
Uncommon HkeyIt is recorded on block chain;
The price of (4g) user generated data is sent to agent, and pays earnest money to agent's branch;
(5) negotiate new access strategy:
(5a) agent, which formulates, needs to shift the data storage scheme and access strategy of permission, and by the corresponding property set S of the access strategyP
It is sent to user;
(5b) user selects self-administered property set STiIn a subset be added SP, it is corresponding to obtain new access strategy
Attribute set S(M',ρ'), according to attribute set S(M',ρ')Using re-encrypted private key generating algorithm, calculate symmetric key ciphertext CT's
Re-encrypted private key rkc, by rkcIt is sent to agent:
(5c) agent uses proxy re-encryption algorithm, and re-encrypted symmetric key ciphertext CT obtains new access strategy
Corresponding ciphertext CT';
(5d) agent is by data specifying-information desnumAnd new access strategy (M', ρ ') is broadcasted;
(6) data permission is obtained:
(6a) authority request person checks agential broadcast message, searches the data for needing to buy;
(6b) resides attribute authority (aa) AAKUsing user's decruption key generation method, generated and its attribute for authority request person
Corresponding decrypted private key SKj;
(6c) additional attribute authorityUsing user's decruption key generation method, additional attribute authority is generatedManagement
AttributeCorresponding decrypted private key
(6d) temporal properties authorityUsing user's decruption key generation method, temporal properties authority is generatedManagement
AttributeCorresponding decrypted private key
(6e) authority request person is to additional attribute authority (aa)Buy decrypted private keyAnd it is authoritative to temporal properties
Buy decrypted private key
(6f) authority request person uses the decipherment algorithm of encryption attribute, and decryption obtains symmetric key key', and with symmetrically close
Key key' ciphertext data ciphertext cnumObtain data clear text m';
(7) authority request person checks whether data clear text m' meets data specifying-information desnum, if so, log off,
Otherwise, request arbitration organ is arbitrated, and is compensated authority request person.
Compared with the prior art, the present invention has the following advantages:
First, the present invention is due to using attribute encryption technology encryption data, so that the decryption of data is only current with user
Attribute is related, can extremely flexibly control the permission of data, and by primary encryption, permission can be transferred to multiple full
The user of sufficient access strategy, overcoming data permission in the prior art can not while shift in many ways from a direction, so that of the invention
Method data permission obtain it is more convenient.
Second, the present invention is due to using Re-encryption Technology, the re-encrypted private key that agent uses user to submit, re-encrypted
The data ciphertext that user submits, so that agent can not know any letter of data content when changing the access strategy of data
The shortcomings that breath overcomes all record full disclosures such as permission imparting, revocation, transfer in the prior art, may reveal privacy, makes
The data permission acquisition for obtaining method of the invention is safer.
Third, the present invention are close due to the data number, the description information of data, data that use block chained record user to submit
Text Hash and symmetric key Hash, and generate information on block chain the space occupied very little, arbitration organ according to
Information on block chain judges the failure cause of permission transfer, has no basis when overcoming permission transfer failure in the prior art
The excessive problem of the memory space of failure cause and judgment basis is judged, so that method of the invention has more practicability.
Detailed description of the invention
Fig. 1 is the general flow chart of the method for the present invention;
Fig. 2 is the sub-process figure that user handles data in the present invention;
Fig. 3 is the sub-process figure for negotiating new access strategy in the present invention;
Fig. 4 is the sub-process figure that data permission is obtained in the present invention.
Specific implementation measure
The present invention is described in further detail with reference to the accompanying drawing.
Referring to Fig.1, to realization of the invention, steps are as follows:
Step 1, it initializes.
Common parameter PP needed for generating encryption attribute using security parameter, including multiplicative cyclic group G1And its generate member g
With the bilinear map e:G in rank p and multiplicative cyclic group1×G1→GT;
For each resident attribute authority (aa) AAKDistribution needs the attribute set managed, and generates each resident attribute authority (aa)
Public private key pair
The existing method for generating attribute authority (aa) public private key pair has based on bilinear map and based on discrete cipher system, this reality
Example generates attribute authority (aa) public private key pair in such a way that the two combines, and has stronger safety, generates the public and private key of attribute authority (aa)
Pair calculation formula it is as follows:
Wherein,Indicate attribute authority (aa) AAKPrivate key,Indicate attribute authority (aa) AAKPublic key, αk,βkIt is respectively
By attribute authority (aa) AAKFrom finite field ZpTwo random numbers of middle selection, vxIndicate attribute authority (aa) AAKThe attribute x managed it is from having
Confinement ZpThe random number of middle selection, SAAIndicate attribute authority (aa) AAKThe attribute set of management.
Step 2, user's registration.
Each user registers on block chain, obtains the public private key pair (pk on block chainu-ecc,sku-ecc), then
Generate the global public key pk of useruAnd global private key sku。
The existing user's overall situation public key and the method for global private key of generating has based on discrete logarithm cipher system and based on big number
Cipher system is decomposed, this example is used but is not limited to be generated the global public key of user and global private based on discrete logarithm cipher system
Key guarantees the confidentiality of the global public and private key of user, it is as follows to generate formula:
sku=H1(sku-ecc),
Wherein, skuIndicate the global private key of user, pkuIndicate the global public key of user, sku-eccIndicate the block of user
Private key on chain, g indicate multiplicative cyclic group G1Generation member, H1() impact resistant hash function indicates { 0,1 }*→Zp's
Mapping.
Step 3, identification authorization.
It 3.1) is a temporal properties authority by the user's authorization for needing to sell dataManage one group of attributeIt will
Agency's authorization is an additional attribute authorityManage one group of attribute
The technical solution of existing encryption attribute adds additional two kinds without additional increased attribute authority (aa), this example
Property authority, one is by agent authorize for additional attribute it is authoritative, it is authoritative for temporal properties one is authorizing user, make total
It is more convenient according to permission transfer.
3.2) temporal properties authority is generatedPublic private key pair
The existing method for generating attribute authority (aa) public private key pair has based on bilinear map and based on discrete cipher system, this reality
Example generates attribute authority (aa) public private key pair in such a way that the two combines, and has stronger safety, generates the public and private key of attribute authority (aa)
Pair formula it is as follows:
Wherein,Indicate temporal properties authorityPrivate key,Indicate temporal properties authorityPublic key,
αkT,βkTIt is by temporal properties authority respectivelyFrom finite field ZpTwo random numbers of middle selection, vxTIndicate temporal properties authorityThe attribute xT managed it is from finite field ZpThe random number of middle selection,Indicate temporal properties authorityThe attribute of management
Set;
3.3) additional attribute authority is generatedPublic private key pair
The existing method for generating attribute authority (aa) public private key pair has based on bilinear map and based on discrete cipher system, this reality
Example generates attribute authority (aa) public private key pair in such a way that the two combines, and has stronger safety, generates the public and private key of attribute authority (aa)
Pair calculation formula it is as follows:
Wherein,Indicate additional attribute authorityPrivate key,Indicate additional attribute authorityPublic key,
αkE,βkEIt is by additional attribute authority respectivelyFrom finite field ZpTwo random numbers of middle selection, vxEIndicate additional attribute authorityThe attribute xE managed it is from finite field ZpTwo random numbers of middle selection,Indicate additional attribute authorityManagement
Attribute set.
Step 4, user handles data.
Referring to Fig. 2, to the realization of step, steps are as follows:
4.1) the symmetric key key encryption that user is generated using oneself will shift the data m of permission, obtain the ciphertext of data
cnum;
4.2) attribute authority (aa) AA is each residedK, decrypted private key SK is generated for user according to user propertyj:
The existing method for generating user's decrypted private key has based on discrete logarithm cipher system and decomposes password body based on big number
System, this example, which is used, generates user's decrypted private key based on discrete logarithm cipher system, guarantees the confidentiality of user's decrypted private key.It is raw
It is as follows at formula:
Wherein,Indicate the first decrypted private key,Indicate the second decrypted private key,Indicate third decrypted private key,Indicate the 4th decrypted private key, αk
And βkRespectively indicate two random numbers of attribute authority (aa) selection, rj,KIndicate attribute authority (aa) choosing when decrypted private key is generated for user
The random number selected, vxIndicate the random number that attribute authority (aa) is generated according to the attribute x managed, g is multiplicative cyclic group G1Generation
Member, SuIndicate the attribute set of user;
4.3) user generates the ciphertext CT of symmetric key key:
The existing method for generating symmetric key ciphertext using attribute encryption technology has based on tree-like access structure and based on line
Property secret sharing scheme, this example use but be not limited to based on linear secret sharing scheme generate symmetric key ciphertext, guarantee pair
Claim the confidentiality of key ciphertext, it is as follows to generate formula:
CT=(C0,C1,Ci,2,C3,Ci,4,Ci,5),
Wherein, C1=gsIndicate the first ciphertext,Indicate the second ciphertext,Indicate third ciphertext,Indicate the 4th ciphertext,Indicate the 5th ciphertext,Indicate the 6th
Ciphertext, s indicate user from finite field ZpFirst random number of selection, riIndicate user from finite field ZpN random number of selection,Indicate the secret shadow that user calculates,It indicates by the first random number s and finite field ZpIn
Random number v2,v3,...,vnThe vector of generation, M indicate the matrix of first m × n of user's selection, MiIndicate the i-th row of M, ρ
It indicates an injective function, every a line of matrix M is mapped to attribute set S(M,ρ)Each of attribute, i.e. ρ (Mi) → x, x
It is S(M,ρ)In an attribute, αkAnd βkRespectively indicate two random numbers of attribute authority (aa) selection, vxIndicate attribute authority (aa) according to institute
The random number that the attribute x of management is generated, e (g, g) indicate G1×G1→GTBilinear map, GTIt is a multiplicative cyclic group, g
It is multiplicative cyclic group G1Generation member, K ∈ IAIndicate attribute set S(M,ρ)In the corresponding attribute authority (aa) of attribute;
4.4) user calculates the Hash H of data ciphertextcWith the Hash H of symmetric keykey:
Hc=H (cnum)
Hkey=H (key)
Wherein, H (cnum) indicate to calculate data ciphertext c using the hash function H of impact resistantnumHash, H (key) indicate
The Hash of data symmetric key key is calculated using the hash function H of impact resistant;
4.5) user generated data number num and data specifying-information desnum, and data number num, data description are believed
Cease desnum, data ciphertext cnum, symmetric key ciphertext CT be sent to agent;
4.6) user is by data number num, data specifying-information desnum, data ciphertext Hash Hc, symmetric key Kazakhstan
Uncommon HkeyIt is recorded on block chain;
4.7) price of user generated data is sent to agent, and pays earnest money to agent's branch.
Step 5, negotiate new access strategy.
Referring to Fig. 3, steps are as follows for the realization of this step:
5.1) agent, which formulates, needs to shift the data storage scheme and access strategy of permission, and by the corresponding property set S of the access strategyP
It is sent to user;
5.2) user selects self-administered property setIn a subset be added SP, it is corresponding to obtain new access strategy
Attribute set S(M',ρ'), calculate the re-encrypted private key rk of symmetric key ciphertext CTc, by rkcIt is sent to agent:
The existing method for generating re-encrypted private key has based on discrete logarithm cipher system and is based on homomorphic cryptography cipher system,
This example, which is used, generates re-encrypted private key based on discrete logarithm cipher system, guarantees the confidentiality of re-encrypted private key.Calculation formula
It is as follows:
rkc=(rk1,C′t,C'x),
Wherein, rk1=(rkj,1,rkj,2,rkj,3) indicate first part's re-encrypted private key,Indicate the first re-encrypted private key,Indicate the second re-encrypted private key,Indicate third re-encrypted private key,
Indicate second part re-encrypted private key,Indicate the first hiding private key,Indicate the second hiding private key,Indicate that third hides private key,
C'x=(C '1,C′i,2,C′i,4,C′i,5,C'0) indicate Part III re-encrypted private key, C '1=gs'Indicate new access
First ciphertext of strategy,Indicate the second ciphertext of new access strategy,Indicate the third of new access strategy
Ciphertext,Indicate the 4th ciphertext of new access strategy,Indicate new access
5th ciphertext of strategy,
Indicate the secret shadow that user calculates, M'iIndicate that the i-th row of M', M' indicate the second of user's selection
The matrix of a m × n, ri' indicate the n random number that user selects, αkAnd βkTwo for respectively indicating attribute authority (aa) selection are random
Number, vxIndicate the random number that attribute authority (aa) is generated according to the attribute x managed, k indicates the second random number of user's selection, X table
Show the third random number of user's selection, x1Indicating the 4th random number of user's selection, s' indicates the 5th random number of user's selection,
G is multiplicative cyclic group G1Generation member, rj,KIndicate the random number that attribute authority (aa) is selected when decrypted private key is generated for user, H2
() is the hash function of an impact resistant, is indicated { 0,1 }*→G1Mapping, K ∈ IA' indicate attribute set S(M',ρ')In category
The corresponding attribute authority (aa) of property;
5.3) agent's re-encrypted symmetric key ciphertext CT obtains the corresponding ciphertext CT' of new access strategy:
The existing method for generating re-encryption ciphertext has based on discrete logarithm cipher system and is based on homomorphic cryptography cipher system,
This example, which is used, generates re-encrypted private key based on discrete logarithm cipher system, guarantees that generation re-encryption ciphertext will not leak data sheet
It is as follows to generate formula for the information of body:
CT'=(C0,C′t,C'x,C'2),
Wherein,Indicate the 6th ciphertext,
Indicate second part re-encrypted private key,Indicate the first hiding private key,Indicate the second hiding private key,Indicate that third hides private key,
C'x=(C '1,C′i,2,C′i,4,C′i,5,C'0) indicate Part III re-encrypted private key, C '1=gs'Indicate new access
First ciphertext of strategy,Indicate the second ciphertext of new access strategy,Indicate the third of new access strategy
Ciphertext,Indicate the 4th ciphertext of new access strategy,Indicate new access
5th ciphertext of strategy,
Indicate first part's re-encryption ciphertext, C1=gs
Indicate the first ciphertext,Indicate the second ciphertext,Indicate third ciphertext,
Indicate the first re-encrypted private key,Indicate the second re-encrypted private key,Indicate that third re-encryption is close
Key,
αkAnd βkIndicate two random numbers of attribute authority (aa) selection, vxIndicate that attribute authority (aa) is generated according to the attribute x managed
Random number, g is multiplicative cyclic group G1Generation member, rj,KIndicate what attribute authority (aa) was selected when decrypted private key is generated for user
Random number, H2() is the hash function of an impact resistant, is indicated { 0,1 }*→G1Mapping, k indicate user selection second with
Machine number, X indicate the third random number of user's selection, x1Indicate the 4th random number of user's selection, s' indicates the of user's selection
Five random numbers,Indicate the secret shadow that user calculates, M'iIndicate that the i-th row of M', M' indicate the of user's selection
The matrix of two m × n, ri' indicate that user generates Part III re-encrypted private key C'xWhen, n random number of selection, λ 'iIt indicates
User is calculating Part III re-encrypted private key C'xWhen, the secret shadow being calculated, K ∈ IAIndicate attribute set S(M,ρ)In
The corresponding attribute authority (aa) of attribute, K ∈ IA' indicate attribute set S(M',ρ')In the corresponding attribute authority (aa) of attribute;
5.4) agent is by data specifying-information desnumAnd new access strategy (M', ρ ') is broadcasted.
Step 6, data permission is obtained.
Referring to Fig. 4, the realization of data permission is obtained in the present invention, and steps are as follows:
6.1) authority request person checks agential broadcast message, searches the data for needing to buy;
6.2) attribute authority (aa) AA is residedKDecrypted private key SK corresponding with its attribute is generated for authority request personj:
The existing method for generating user's decrypted private key has based on discrete logarithm cipher system and decomposes password body based on big number
System, this example, which is used, generates user's decrypted private key based on discrete logarithm cipher system, guarantees the confidentiality of user's decrypted private key,
It is as follows to generate formula:
Wherein,Indicate the first resident decrypted private key,
Indicate the second resident decrypted private key,
Indicate that third resides decrypted private key,
Indicate the 4th resident decrypted private key,
αkAnd βkRespectively indicate resident attribute authority (aa) AAKTwo random numbers of selection, rj,KIndicate resident attribute authority (aa) AAK?
The random number selected when generating decrypted private key for authority request person, vxIndicate attribute authority (aa) AAKIt is generated according to the attribute x managed
Random number, g is multiplicative cyclic group G1Generation member, SuIndicate the attribute set of authority request person;
6.3) additional attribute authorityGenerate additional attribute authorityThe attribute of managementCorresponding decrypted private key
The existing method for generating user's decrypted private key has based on discrete logarithm cipher system and decomposes password body based on big number
System, this example, which is used, generates user's decrypted private key based on discrete logarithm cipher system, guarantees the confidentiality of user's decrypted private key,
It is as follows to generate formula:
Wherein,Indicate the first additional decrypted private key,
Indicate the second additional decrypted private key,
Indicate the additional decrypted private key of third,
Indicate the 4th additional decrypted private key,
αekAnd βekRespectively indicate resident attribute authority (aa)Two random numbers of selection, re,KIndicate resident attribute authority (aa)The random number selected when generating decrypted private key for authority request person, vexIndicate attribute authority (aa)According to the category managed
Property ex generate random number, g is multiplicative cyclic group G1Generation member, SeIndicate attribute authority (aa)The attribute set of management;
6.4) temporal properties authorityGenerate temporal properties authorityThe attribute of managementCorresponding decrypted private key
The existing method for generating user's decrypted private key has based on discrete logarithm cipher system and decomposes password body based on big number
System, this example, which is used, generates user's decrypted private key based on discrete logarithm cipher system, guarantees the confidentiality of user's decrypted private key.It is raw
It is as follows at formula:
Wherein,Indicate the first temporary decryption private key,
Indicate the second temporary decryption private key,
Indicate third temporary decryption private key,
Indicate the 4th temporary decryption private key,
αtkAnd βtkRespectively indicate resident attribute authority (aa)Two random numbers of selection, rt,KIndicate resident attribute authority (aa)The random number selected when generating decrypted private key for authority request person, vtxIndicate attribute authority (aa)According to the category managed
Property tx generate random number, g is multiplicative cyclic group G1Generation member, StIndicate attribute authority (aa)The attribute set of management.
6.5) authority request person is to additional attribute authority (aa)Buy decrypted private keyAnd it is authoritative to temporal properties
Buy decrypted private key
6.6) authority request person's decrypted symmetric key ciphertext CT obtains symmetric key key', and is decrypted with symmetric key key'
Data ciphertext cnumObtain data clear text m';
The existing method for generating user's decrypted symmetric key ciphertext has based on tree-like access structure and linear privacy sharing side
Case, this example use the ciphertext based on linear secret sharing scheme decrypted symmetric key, guarantee the safety of decryption.Decrypt formula
It is as follows:
Wherein,Indicate the 6th ciphertext,
Indicate first part's re-encryption ciphertext, C1=gs
Indicate the first ciphertext,Indicate the second ciphertext,Indicate third ciphertext,
Indicate the first re-encrypted private key,Indicate the second re-encrypted private key,Indicate that third re-encryption is close
Key,
Indicate the third random number of user's selection,Indicate new access plan
The 5th ciphertext slightly, H2() is the hash function of an impact resistant, is indicated { 0,1 }*→G1Mapping,
Indicate half decryption ciphertext,Indicate new
Second ciphertext of access strategy,Indicate the third ciphertext of new access strategy,Indicate new access plan
The 4th ciphertext slightly,Indicate the first decrypted private key,Indicate that third decryption is private
Key,Indicate the 4th decrypted private key,
θi' it is the value determined by linear secret sharing scheme, and ∑ρ(i)∈x'θ'i·λ'i=s', ρ (i) ∈ x' indicate to use
The attribute x' at family meets mapping ρ (M'i) mapping attribute, M'iIndicate that the i-th row of M', M' indicate second m × n of user's selection
Matrix, λi' indicate that user is calculating Part III re-encrypted private key C'xWhen obtained secret shadow, s' indicates user's selection
5th random number, ri' indicate that user generates Part III re-encrypted private key C'xWhen, n random number of selection, rj,KIndicate attribute
The random number that authority selects when decrypted private key is generated for user, SuIndicate the attribute set of user, αkAnd βkIndicate attribute authority (aa)
Two random numbers of selection, vxIndicate the random number that attribute authority (aa) is generated according to the attribute x managed, e (g, g) indicates G1×G1
→GTBilinear map, GTIt is a multiplicative cyclic group, g is multiplicative cyclic group G1Generation member.
Step 7, confirm permission.
Authority request person checks whether data clear text m' meets data specifying-information desnum, if so, log off, it is no
Then, request arbitration organ is arbitrated, and is compensated authority request person:
The method of existing arbitration is based on having user that data is submitted to arbitrate and arbitrate based on data have been saved, this reality
Example combines both methods, guarantees the fairness of arbitration, is accomplished by
7.1) symmetric key key' is sent to arbitration organ by authority request person, and arbitration organ is solved using symmetric key key'
Ciphertext data ciphertext cnum, data clear text m' is obtained, and calculate data ciphertext cnumHash H'cAnd the Hash of symmetric key key'
H'key;
7.2) arbitration organ compares the result that the result that step 4 obtains is obtained with step 7.1, and judgement is three following
Whether condition meets simultaneously:
The Hash H for the data ciphertext that user records on block chaincThe H' obtained with step 7.1cIt is identical;
The Hash H for the symmetric key that user records on block chainkeyThe H' obtained with step 7.1keyIt is identical;
It decrypts obtained data clear text m' and meets data description file desnum;
If above three condition all meets, the requests for arbitration of permission requestor is rejected, is logged off;
Otherwise, agent notifies user, and deducts the guarantee fund of user, then compensates data price three to authority request person
Compensation again, and the malicious act of user is recorded on block chain.
Above description is only example of the present invention, does not constitute any limitation of the invention, it is clear that for
It, all may be without departing substantially from the principle of the invention, knot after having understood the contents of the present invention and principle for one of skill in the art
In the case where structure, various modifications and change in form and details are carried out, but these amendments based on inventive concept and change
Become still within the scope of the claims of the present invention.
Claims (10)
1. a kind of acquisition methods of the data permission based on block chain, which is characterized in that include the following:
(1) it initializes:
Common parameter PP needed for (1a) generates encryption attribute using security parameter, including multiplicative cyclic group G1And its generate member g with
Bilinear map e:G in rank p and multiplicative cyclic group1×G1→GT;
(1b) is each to reside attribute authority (aa) AAKDistribution needs the attribute set that manages, using attribute authority (aa) key generation method,
Generate the public private key pair of each resident attribute authority (aa)
(2) user's registration:
(2a) each user registers on block chain, obtains the public private key pair (pk on block chainu-ecc,sku-ecc);
(2b) uses user's global secret generation method, generates the global public key pk of useruAnd global private key sku;
(3) identification authorization:
The user's authorization for needing to sell data is a temporal properties authority by (3a)Manage one group of attributeUse category
Property authority's key generation method, generate temporal properties authorityPublic private key pair
Agency's authorization is an additional attribute authority by (3b)Manage one group of attributeUse attribute authority (aa) key
Generation method generates additional attribute authorityPublic private key pair
(4) user handles data:
The symmetric key key encryption that (4a) user is generated using oneself will shift the data m of permission, obtain the ciphertext c of datanum;
(4b) each resides attribute authority (aa) AAKUsing user's decruption key generation method, solution is generated for user according to user property x
Close private key SKj;
(4c) user uses symmetric key ciphertext generation method, obtains the ciphertext CT of symmetric key key:
(4d) user uses the hash function of impact resistant, calculates the Hash H of data ciphertextcWith the Hash H of symmetric keykey;
(4e) user generated data number num and data specifying-information desnum, and by data number num, data specifying-information
desnum, data ciphertext cnum, symmetric key ciphertext CT be sent to agent;
(4f) user is by data number num, data specifying-information desnum, data ciphertext Hash Hc, symmetric key Hash Hkey
It is recorded on block chain;
The price of (4g) user generated data is sent to agent, and pays earnest money to agent's branch;
(5) negotiate new access strategy:
(5a) agent, which formulates, needs to shift the data storage scheme and access strategy of permission, and by the corresponding property set S of the access strategyPIt sends
To user;
(5b) user selects self-administered property setIn a subset be added SP, obtain the corresponding category of new access strategy
Property set S(M',ρ'), according to attribute set S(M',ρ')Using re-encrypted private key generating algorithm, adding again for symmetric key ciphertext CT is calculated
Key rkc, by rkcIt is sent to agent:
(5c) agent uses proxy re-encryption algorithm, and it is corresponding to obtain new access strategy by re-encrypted symmetric key ciphertext CT
Ciphertext CT';
(5d) agent is by data specifying-information desnumAnd new access strategy (M', ρ ') is broadcasted;
(6) data permission is obtained:
(6a) authority request person checks agential broadcast message, searches the data for needing to buy;
(6b) resides attribute authority (aa) AAKUsing user's decruption key generation method, generated for authority request person corresponding with its attribute
Decrypted private key SKj;
(6c) additional attribute authorityUsing user's decruption key generation method, additional attribute authority is generatedThe category of management
PropertyCorresponding decrypted private key
(6d) temporal properties authorityUsing user's decruption key generation method, temporal properties authority is generatedThe category of management
PropertyCorresponding decrypted private key
(6e) authority request person is to additional attribute authority (aa)Buy decrypted private keyAnd it is authoritative to temporal propertiesPurchase
Decrypted private key
(6f) authority request person uses the decipherment algorithm of encryption attribute, and decryption obtains symmetric key key', and uses symmetric key
Key' ciphertext data ciphertext cnumObtain data clear text m';
(7) authority request person checks whether data clear text m' meets data specifying-information desnum, if so, log off, it is no
Then, request arbitration organ is arbitrated, and is compensated authority request person.
2. the method according to claim 1, wherein (1b), (3a), the attribute authority (aa) key generation side in (3b)
Method is accomplished by
The first step selects two random number α by each attribute authority (aa)k,βk∈Zp, random to the attribute x selection one of each management
Number vx∈Zp, wherein ZpIndicate that rank is the finite field of p;
Second step calculates AndWherein, e (g, g) indicates G1×G1→GTBilinear map, GTIt is one
A multiplicative cyclic group, g are multiplicative cyclic group G1Generation member;
Third step, the random number selected by attribute authority (aa) in the first step, obtains the private key of attribute authority (aa)
By the calculated result of second step, the public key of attribute authority (aa) is obtainedWherein, x ∈ SAA
Indicate the attribute x of attribute authority (aa) AA management.
3. being generated the method according to claim 1, wherein using user's global secret generation method in (2b)
The global public key pk of useruAnd global private key sku, realize that steps are as follows:
(2b1) is according to the block chain private key sk of useru-ecc, calculate the global private key of user: sku=H1(sku-ecc), wherein H1
() is an impact resistant hash function, is indicated { 0,1 }*→ZpMapping;
(2b2) obtains the global public key of user according to the global private key of user:
4. the method according to claim 1, wherein (4b), (6b), (6c), user's decrypted private key in (6d)
Generating algorithm realizes that steps are as follows:
The first step is that user selects a random number r by each attribute authority (aa)j,K∈Zp;
Second step, according to system common parameter PP, the global public key pk of useru, the attribute authority (aa) private key that has generated and first step choosing
The random number r selectedj,K, the decrypted private key SK of attribute authority (aa) calculating userj:
Wherein,Indicate the first decrypted private key,Indicate the second decrypted private key,Indicate third decrypted private key,Indicate the 4th decrypted private key, αk
And βkIndicate two random numbers of attribute authority (aa) selection, rj,KIndicate what attribute authority (aa) was selected when decrypted private key is generated for user
Random number, vxIndicate the random number that attribute authority (aa) is generated according to the attribute x managed, g is multiplicative cyclic group G1Generation member, Su
Indicate the attribute set of user.
5. the method according to claim 1, wherein in (4c) user use symmetric key ciphertext generation method,
The ciphertext CT of symmetric key key is obtained, realizes that steps are as follows:
(4c1) user selects the first random number s ∈ Zp, construct vectorWherein v2,v3,...,vnIt is from having
Confinement ZpThe random number of middle selection;
(4c2) user selects the matrix M and an injective function ρ of first m × n, and every a line of matrix M is mapped to property set
Close S(M,ρ)Each of attribute, i.e. ρ (Mi) → x, wherein MiIndicate the i-th row of M, x is S(M,ρ)In an attribute;
The vector that (4c3) is obtained according to (4c1)The matrix M that (4c2) is obtained, user calculate secret shadow
(4c4) user selects n random number ri∈Zp, and according to the random number r of selectioni, attribute authority (aa) public keySystem is public
Parameter PP altogether calculates the ciphertext CT of symmetric key key:
CT=(C0,C1,Ci,2,C3,Ci,4,Ci,5),
Wherein, C1=gsIndicate the first ciphertext,Indicate the second ciphertext,Indicate third ciphertext,
Indicate the 4th ciphertext,Indicate the 5th ciphertext,Indicate the 6th ciphertext, αk
And βkIndicate two random numbers of attribute authority (aa) selection, vxIndicate the random number that attribute authority (aa) is generated according to the attribute x managed, e
(g, g) indicates G1×G1→GTBilinear map, GTIt is a multiplicative cyclic group, g is multiplicative cyclic group G1Generation member, K ∈
IAIndicate attribute set S(M,ρ)In the corresponding attribute authority (aa) of attribute.
6. being calculated the method according to claim 1, wherein user uses the hash function of impact resistant in (4d)
The Hash H of data ciphertextcWith the Hash H of symmetric keykey, it is calculated by following formula:
Hc=H (cnum)
Hkey=H (key)
Wherein, H (cnum) indicate to calculate data ciphertext c using the hash function H of impact resistantnumHash, H (key) indicate use
The hash function H of impact resistant calculates the Hash of data symmetric key key.
7. the method according to claim 1, wherein user is according to attribute set S in (5b)(M',ρ')Using again plus
Close key schedule calculates the re-encrypted private key rk of symmetric key ciphertext CTc, realize that steps are as follows:
(5b1) user selects the second random number k ∈ ZpWith third random number X ∈ G1, wherein ZpIndicate that rank is the finite field of p;
The random number of (5b2) according to (5b1) selection, the decrypted private key SK of userj, attribute authority (aa) AAKPublic keySystem is public
Parameter PP altogether, user calculate first part's re-encrypted private key rk1:
rk1=(rkj,1,rkj,2,rkj,3),
Wherein,Indicate the first re-encrypted private key,Indicate that second adds again
Key,Indicate third re-encrypted private key, αkAnd βkIndicate two random numbers of attribute authority (aa) selection, vxIt indicates to belong to
Property the random number that is generated according to the attribute x that is managed of authority, g is multiplicative cyclic group G1Generation member, rj,KIndicate that attribute authority (aa) exists
The random number selected when decrypted private key is generated for user, H2() is the hash function of an impact resistant, is indicated { 0,1 }*→G1's
Mapping;
(5b3) user selects the 4th random number x1∈Zp, and according to random number x1, user decrypted private key SKj, attribute authority (aa) AAK
Public keyAnd system common parameter PP, calculate second part re-encrypted private key C 't:
Wherein,Indicate the first hiding private key,Indicate the second hiding private key,Indicate the
Three hiding private keys, αkAnd βkIndicate two random numbers of attribute authority (aa) selection, vxIndicate attribute authority (aa) according to the attribute x managed
The random number of generation, g are multiplicative cyclic group G1Generation member, rj,KIndicate attribute authority (aa) choosing when decrypted private key is generated for user
The random number selected;
(5b4) user selects the 5th random number s' ∈ Zp, construct vectorWherein v2',v3',...,
vn' it is from finite field ZpThe random number of middle selection;
(5b5) user selects the matrix M' of second m × n, wherein M'iIndicate the i-th row of M';
The vector that (5b6) is obtained according to (5b4)The matrix M' that (5b5) is obtained calculates secret shadow
(5b7) user selects n random number ri'∈RZp, according to the random number r of selectioni', (5b4) selection random number s', attribute
The corresponding attribute authority (aa) public key of x' and system common parameter PP calculate Part III re-encrypted private key C 'x:
C′x=(C '1,C′i,2,C′i,4,C′i,5,C′0),
Wherein, C '1=gs'Indicate the first ciphertext of new access strategy,Indicate the second ciphertext of new access strategy,Indicate the third ciphertext of new access strategy,Indicate the 4th ciphertext of new access strategy,Indicate the 5th ciphertext of new access strategy, αkAnd βkIndicate attribute authority (aa) selection two with
Machine number, vxIndicate the random number that attribute authority (aa) is generated according to the attribute x managed, g is multiplicative cyclic group G1Generation member, K ∈
IA' indicate attribute set S(M',ρ')In the corresponding attribute authority (aa) of attribute;
(5b8) is according to first part re-encrypted private key rk1, second part re-encrypted private key C 'tWith Part III re-encrypted private key
C′x, obtain re-encrypted private key rkc=(rk1,C′t,C′x);
Wherein,Indicate the first re-encrypted private key,Indicate that second adds again
Key,Indicate third re-encrypted private key, αkAnd βkIndicate two random numbers of attribute authority (aa) selection, vxIt indicates to belong to
Property the random number that is generated according to the attribute x that is managed of authority, g is multiplicative cyclic group G1Generation member, rj,KIndicate that attribute authority (aa) exists
The random number selected when decrypted private key is generated for user, H2() is the hash function of an impact resistant, is indicated { 0,1 }*→G1's
Mapping.
8. the method according to claim 1, wherein agent uses proxy re-encryption algorithm in (5c), again
Encrypted symmetric key ciphertext CT realizes that steps are as follows:
(5c1) is according to re-encrypted private key rkc, symmetric key ciphertext CT, agent's calculating first part's re-encryption ciphertext C '2:
Wherein, C1=gsIndicate the first ciphertext,Indicate the second ciphertext,Indicate third ciphertext,Indicate the first re-encrypted private key,Indicate the second re-encrypted private key,Indicate third re-encrypted private key, αkAnd βkIndicate two random numbers of attribute authority (aa) selection, vxIndicate attribute authority (aa)
According to the random number that the attribute x managed is generated, g is multiplicative cyclic group G1Generation member, rj,KIndicate attribute authority (aa) for user
The random number selected when generating decrypted private key, H2() is the hash function of an impact resistant, is indicated { 0,1 }*→G1Mapping;
(5c2) is according to symmetric key ciphertext CT, re-encrypted private key rkcFirst part's re-encryption ciphertext C ' obtained in (5c1)2,
Obtain the corresponding ciphertext CT'=(C of new access strategy (M', ρ ')0,C′t,C′x,C′2),
Wherein,Indicate the 6th ciphertext,Indicate second part
Re-encrypted private key,Indicate the first hiding private key,Indicate the second hiding private key,Table
Show that third hides private key, C 'x=(C '1,C′i,2,C′i,4,C′i,5,C′0) indicate Part III re-encrypted private key, C '1=gs'It indicates
First ciphertext of new access strategy,Indicate the second ciphertext of new access strategy,Indicate new access strategy
Third ciphertext,Indicate the 4th ciphertext of new access strategy,It indicates
5th ciphertext of new access strategy, αkAnd βkIndicate two random numbers of attribute authority (aa) selection, vxIndicate attribute authority (aa) according to being managed
The random number that the attribute x of reason is generated, g is multiplicative cyclic group G1Generation member, rj,KIndicate that decryption is being generated for user in attribute authority (aa)
The random number selected when private key, H2() is the hash function of an impact resistant, is indicated { 0,1 }*→G1Mapping, x1It indicates to use
4th random number of family selection, s' indicate the 5th random number of user's selection, ri' indicate that user's generation Part III re-encryption is close
Key C 'xWhen, n random number of selection, λ 'iIndicate that user is calculating Part III re-encrypted private key C 'xWhen, what is be calculated is secret
Close share, K ∈ IAIndicate attribute set S(M,ρ)In the corresponding attribute authority (aa) of attribute, K ∈ IA' indicate attribute set S(M',ρ')In
The corresponding attribute authority (aa) of attribute.
9. the method according to claim 1, wherein authority request person is calculated using the decryption of encryption attribute in (6f)
Method, decryption obtain symmetric key key', realize that steps are as follows:
(6f1) is according to the decrypted private key SK of userj, the new corresponding ciphertext CT' of access strategy (M', ρ '), user by following formula into
It racks and holds half to decrypt, obtain half decryption ciphertext T:
Wherein, θi' it is the value determined by linear secret sharing scheme, and ∑ρ(i)∈x'θ'i·λ'i=s', ρ (i) ∈ x' are indicated
The attribute x' of user meets mapping ρ (M'i) mapping attribute, λ 'iIndicate that user is calculating Part III re-encrypted private key C 'xWhen
Obtained secret shadow, s' indicate the 5th random number of user's selection,Indicate the second close of new access strategy
Text,Indicate the third ciphertext of new access strategy,Indicate the 4th ciphertext of new access strategy,Indicate the first decrypted private key,Indicate third decrypted private key,Indicate the 4th decrypted private key, ri' indicate that user generates Part III re-encrypted private key C 'xWhen, selection
N random number, rj,KIndicate the random number that attribute authority (aa) is selected when decrypted private key is generated for user, SuIndicate the category of user
Property set, αkAnd βkIndicate two random numbers of attribute authority (aa) selection, vxIndicate that attribute authority (aa) is generated according to the attribute x managed
Random number, e (g, g) indicate G1×G1→GTBilinear map, GTIt is a multiplicative cyclic group, g is multiplicative cyclic group G1's
Generate member;
(6f2) is according to the global private key sk of useruThe half decryption ciphertext T that (6f1) is obtained, user calculate third random number
X:Wherein,Indicate the 5th ciphertext of new access strategy;
(6f3) user calculates symmetric key according to new access strategy (M', ρ ') corresponding ciphertext CT' and third random number XWherein,Indicate the 6th ciphertext,Indicate first part's re-encryption ciphertext, C1=gsIndicate first
Ciphertext,Indicate the second ciphertext,Indicate third ciphertext,It indicates
First re-encrypted private key,Indicate the second re-encrypted private key,Indicate third re-encrypted private key, H2
() is the hash function of an impact resistant, is indicated { 0,1 }*→G1Mapping.
10. the method according to claim 1, wherein authority request person requests arbitration organ's progress secondary in (7)
It cuts out, authority request person is compensated, realize that steps are as follows:
Symmetric key key' is sent to arbitration organ by (7a) authority request person, and number is decrypted using symmetric key key' by arbitration organ
According to ciphertext cnum, data clear text m' is obtained, and calculate data ciphertext cnumHash H'cAnd the Hash H of symmetric key key'
'key;
(7b) arbitration organ compares the result that (4d) is obtained with (7a) obtained result, and whether following three conditions of judgement
Meet simultaneously:
The Hash H for the data ciphertext that user records on block chaincThe H' obtained with (7a)cIt is identical;
The Hash H for the symmetric key that user records on block chainkeyThe H' obtained with (7a)keyIt is identical;
It decrypts obtained data clear text m' and meets data description file desnum;
If above three condition all meets, the requests for arbitration of permission requestor is rejected, is logged off;
Otherwise, agent notifies user, and deducts the guarantee fund of user, then compensates data price three times to authority request person
Compensation, and the malicious act of user is recorded on block chain.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910346045.7A CN110098919B (en) | 2019-04-26 | 2019-04-26 | Block chain-based data permission acquisition method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910346045.7A CN110098919B (en) | 2019-04-26 | 2019-04-26 | Block chain-based data permission acquisition method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110098919A true CN110098919A (en) | 2019-08-06 |
CN110098919B CN110098919B (en) | 2021-06-25 |
Family
ID=67446074
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910346045.7A Active CN110098919B (en) | 2019-04-26 | 2019-04-26 | Block chain-based data permission acquisition method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110098919B (en) |
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110493347A (en) * | 2019-08-26 | 2019-11-22 | 重庆邮电大学 | Data access control method and system in large-scale cloud storage based on block chain |
CN110519286A (en) * | 2019-09-01 | 2019-11-29 | 江西理工大学 | A kind of intelligent transportation Data Access Security method based on alliance's block chain |
CN110740033A (en) * | 2019-08-19 | 2020-01-31 | 杭州云象网络技术有限公司 | block chain multi-party data sharing method based on secret sharing technology |
CN111050317A (en) * | 2019-12-07 | 2020-04-21 | 江西理工大学 | Intelligent traffic data safety sharing method based on alliance block chain |
CN111191288A (en) * | 2019-12-30 | 2020-05-22 | 中电海康集团有限公司 | Block chain data access authority control method based on proxy re-encryption |
CN111277412A (en) * | 2020-02-18 | 2020-06-12 | 暨南大学 | Data security sharing system and method based on block chain key distribution |
CN111327597A (en) * | 2020-01-21 | 2020-06-23 | 暨南大学 | Digital evidence obtaining method based on block chain privacy protection and fine-grained access control |
CN111415718A (en) * | 2020-02-29 | 2020-07-14 | 重庆邮电大学 | Electronic prescription sharing method based on block chain and conditional proxy re-encryption |
CN111586010A (en) * | 2020-04-29 | 2020-08-25 | 中国联合网络通信集团有限公司 | Key distribution method and device |
CN111614678A (en) * | 2020-05-22 | 2020-09-01 | 中国联合网络通信集团有限公司 | Anti-disclosure method, anti-disclosure device and encryption device |
CN111681002A (en) * | 2020-06-10 | 2020-09-18 | 浙江工商大学 | Fair data transaction method and system based on block chain |
CN111783128A (en) * | 2020-07-24 | 2020-10-16 | 国网湖南省电力有限公司 | Verifiable distributed database access control method |
CN112257112A (en) * | 2020-11-16 | 2021-01-22 | 国网河南省电力公司信息通信公司 | Data access control method based on block chain |
CN112613050A (en) * | 2020-12-22 | 2021-04-06 | 北京八分量信息科技有限公司 | Data access method and device based on big data system and related products |
CN112632576A (en) * | 2020-12-22 | 2021-04-09 | 北京八分量信息科技有限公司 | Data access method and device for protecting privacy in big data system and related products |
CN113193953A (en) * | 2021-04-16 | 2021-07-30 | 南通大学 | Multi-authority attribute-based encryption method based on block chain |
CN113779612A (en) * | 2021-09-30 | 2021-12-10 | 国网湖南省电力有限公司 | Data sharing method and system based on block chain and hidden strategy attribute encryption |
CN113872969A (en) * | 2021-09-28 | 2021-12-31 | 安徽大学 | Automatic driving vehicle in-vehicle message re-encryption method based on proxy re-encryption mechanism |
CN114513327A (en) * | 2021-12-30 | 2022-05-17 | 电子科技大学 | Block chain-based Internet of things privacy data rapid sharing method |
WO2022121673A1 (en) * | 2020-12-09 | 2022-06-16 | International Business Machines Corporation | Decentralized broadcast encryption and key generation facility |
CN115277052A (en) * | 2022-06-07 | 2022-11-01 | 国网北京市电力公司 | Data encryption method and device based on block chain and electronic equipment |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170048217A1 (en) * | 2015-08-10 | 2017-02-16 | Cisco Technology, Inc. | Group membership block chain |
CN108964892A (en) * | 2018-06-25 | 2018-12-07 | 北京迪曼森科技有限公司 | Generation method, application method, management system and the application system of trusted application mark |
CN109120639A (en) * | 2018-09-26 | 2019-01-01 | 众安信息技术服务有限公司 | A kind of data cloud storage encryption method and system based on block chain |
CN109145612A (en) * | 2018-07-05 | 2019-01-04 | 东华大学 | The cloud data sharing method of anti-data tampering, user's collusion is realized based on block chain |
CN109189727A (en) * | 2018-09-14 | 2019-01-11 | 江西理工大学 | A kind of block chain ciphertext cloud storage sharing method based on property broker re-encryption |
CN109347878A (en) * | 2018-11-30 | 2019-02-15 | 西安电子科技大学 | The data verification of decentralization and data safety transaction system and method |
CN109345438A (en) * | 2018-10-11 | 2019-02-15 | 北京理工大学 | A kind of alliance of secret protection calls a taxi method and system |
CN109559124A (en) * | 2018-12-17 | 2019-04-02 | 重庆大学 | A kind of cloud data safety sharing method based on block chain |
CN109635536A (en) * | 2018-12-14 | 2019-04-16 | 北京汉升链商科技有限公司 | Identity data access control method, device and system |
-
2019
- 2019-04-26 CN CN201910346045.7A patent/CN110098919B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170048217A1 (en) * | 2015-08-10 | 2017-02-16 | Cisco Technology, Inc. | Group membership block chain |
CN108964892A (en) * | 2018-06-25 | 2018-12-07 | 北京迪曼森科技有限公司 | Generation method, application method, management system and the application system of trusted application mark |
CN109145612A (en) * | 2018-07-05 | 2019-01-04 | 东华大学 | The cloud data sharing method of anti-data tampering, user's collusion is realized based on block chain |
CN109189727A (en) * | 2018-09-14 | 2019-01-11 | 江西理工大学 | A kind of block chain ciphertext cloud storage sharing method based on property broker re-encryption |
CN109120639A (en) * | 2018-09-26 | 2019-01-01 | 众安信息技术服务有限公司 | A kind of data cloud storage encryption method and system based on block chain |
CN109345438A (en) * | 2018-10-11 | 2019-02-15 | 北京理工大学 | A kind of alliance of secret protection calls a taxi method and system |
CN109347878A (en) * | 2018-11-30 | 2019-02-15 | 西安电子科技大学 | The data verification of decentralization and data safety transaction system and method |
CN109635536A (en) * | 2018-12-14 | 2019-04-16 | 北京汉升链商科技有限公司 | Identity data access control method, device and system |
CN109559124A (en) * | 2018-12-17 | 2019-04-02 | 重庆大学 | A kind of cloud data safety sharing method based on block chain |
Non-Patent Citations (3)
Title |
---|
HOANG GIANG DO,WEE KEONG NG: ""Blockchain-based System for Secure Data Storage with Private Keyword Search"", 《2017 IEEE 13TH WORLD CONGRESS ON SERVICES》 * |
WENHAI SUN ECT.: ""Protecting Your Right: Verifiable Attribute-Based Keyword Search with Fine-Grained Owner-Enforced Search Authorization in the Cloud"", 《IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS》 * |
赵志远,王建华,朱智强,孙磊: ""云存储环境下属性基加密综述"", 《计算机应用研究》 * |
Cited By (36)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110740033A (en) * | 2019-08-19 | 2020-01-31 | 杭州云象网络技术有限公司 | block chain multi-party data sharing method based on secret sharing technology |
CN110493347B (en) * | 2019-08-26 | 2020-07-14 | 重庆邮电大学 | Block chain-based data access control method and system in large-scale cloud storage |
CN110493347A (en) * | 2019-08-26 | 2019-11-22 | 重庆邮电大学 | Data access control method and system in large-scale cloud storage based on block chain |
CN110519286A (en) * | 2019-09-01 | 2019-11-29 | 江西理工大学 | A kind of intelligent transportation Data Access Security method based on alliance's block chain |
CN110519286B (en) * | 2019-09-01 | 2021-12-24 | 江西理工大学 | Intelligent traffic data security access method based on alliance block chain |
CN111050317A (en) * | 2019-12-07 | 2020-04-21 | 江西理工大学 | Intelligent traffic data safety sharing method based on alliance block chain |
CN111050317B (en) * | 2019-12-07 | 2022-08-02 | 江西理工大学 | Intelligent traffic data safety sharing method based on alliance block chain |
CN111191288B (en) * | 2019-12-30 | 2023-10-13 | 中电海康集团有限公司 | Block chain data access right control method based on proxy re-encryption |
CN111191288A (en) * | 2019-12-30 | 2020-05-22 | 中电海康集团有限公司 | Block chain data access authority control method based on proxy re-encryption |
CN111327597A (en) * | 2020-01-21 | 2020-06-23 | 暨南大学 | Digital evidence obtaining method based on block chain privacy protection and fine-grained access control |
CN111277412B (en) * | 2020-02-18 | 2023-03-24 | 暨南大学 | Data security sharing system and method based on block chain key distribution |
CN111277412A (en) * | 2020-02-18 | 2020-06-12 | 暨南大学 | Data security sharing system and method based on block chain key distribution |
CN111415718A (en) * | 2020-02-29 | 2020-07-14 | 重庆邮电大学 | Electronic prescription sharing method based on block chain and conditional proxy re-encryption |
CN111415718B (en) * | 2020-02-29 | 2024-02-09 | 沈培君 | Electronic prescription sharing method based on blockchain and conditional proxy re-encryption |
CN111586010B (en) * | 2020-04-29 | 2022-04-01 | 中国联合网络通信集团有限公司 | Key distribution method and device |
CN111586010A (en) * | 2020-04-29 | 2020-08-25 | 中国联合网络通信集团有限公司 | Key distribution method and device |
CN111614678A (en) * | 2020-05-22 | 2020-09-01 | 中国联合网络通信集团有限公司 | Anti-disclosure method, anti-disclosure device and encryption device |
CN111681002A (en) * | 2020-06-10 | 2020-09-18 | 浙江工商大学 | Fair data transaction method and system based on block chain |
CN111681002B (en) * | 2020-06-10 | 2023-05-02 | 浙江工商大学 | Fair data transaction method and system based on blockchain |
CN111783128B (en) * | 2020-07-24 | 2021-09-28 | 国网湖南省电力有限公司 | Verifiable distributed database access control method |
CN111783128A (en) * | 2020-07-24 | 2020-10-16 | 国网湖南省电力有限公司 | Verifiable distributed database access control method |
CN112257112A (en) * | 2020-11-16 | 2021-01-22 | 国网河南省电力公司信息通信公司 | Data access control method based on block chain |
CN112257112B (en) * | 2020-11-16 | 2022-10-14 | 国网河南省电力公司信息通信公司 | Data access control method based on block chain |
WO2022121673A1 (en) * | 2020-12-09 | 2022-06-16 | International Business Machines Corporation | Decentralized broadcast encryption and key generation facility |
GB2616804A (en) * | 2020-12-09 | 2023-09-20 | Ibm | Decentralized broadcast encryption and key generation facility |
US11876903B2 (en) | 2020-12-09 | 2024-01-16 | International Business Machines Corporation | Decentralized broadcast encryption and key generation facility |
CN112632576A (en) * | 2020-12-22 | 2021-04-09 | 北京八分量信息科技有限公司 | Data access method and device for protecting privacy in big data system and related products |
CN112613050A (en) * | 2020-12-22 | 2021-04-06 | 北京八分量信息科技有限公司 | Data access method and device based on big data system and related products |
CN113193953A (en) * | 2021-04-16 | 2021-07-30 | 南通大学 | Multi-authority attribute-based encryption method based on block chain |
CN113872969B (en) * | 2021-09-28 | 2024-01-19 | 安徽大学 | Message re-encryption method in automatic driving vehicle based on proxy re-encryption mechanism |
CN113872969A (en) * | 2021-09-28 | 2021-12-31 | 安徽大学 | Automatic driving vehicle in-vehicle message re-encryption method based on proxy re-encryption mechanism |
CN113779612A (en) * | 2021-09-30 | 2021-12-10 | 国网湖南省电力有限公司 | Data sharing method and system based on block chain and hidden strategy attribute encryption |
CN113779612B (en) * | 2021-09-30 | 2023-06-13 | 国网湖南省电力有限公司 | Data sharing method and system based on blockchain and hidden policy attribute encryption |
CN114513327B (en) * | 2021-12-30 | 2022-11-08 | 电子科技大学 | Block chain-based Internet of things private data rapid sharing method |
CN114513327A (en) * | 2021-12-30 | 2022-05-17 | 电子科技大学 | Block chain-based Internet of things privacy data rapid sharing method |
CN115277052A (en) * | 2022-06-07 | 2022-11-01 | 国网北京市电力公司 | Data encryption method and device based on block chain and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN110098919B (en) | 2021-06-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110098919A (en) | The acquisition methods of data permission based on block chain | |
CN112989415B (en) | Private data storage and access control method and system based on block chain | |
CN111986755B (en) | Data sharing system based on blockchain and attribute-based encryption | |
US8566247B1 (en) | System and method for secure communications involving an intermediary | |
CN110008746A (en) | Medical records storage, shared and safety Claims Resolution model and method based on block chain | |
Chaudhari et al. | Privacy preserving searchable encryption with fine-grained access control | |
CN109559124A (en) | A kind of cloud data safety sharing method based on block chain | |
US7181017B1 (en) | System and method for secure three-party communications | |
CN108632032A (en) | The safe multi-key word sequence searching system of no key escrow | |
CN110474893A (en) | A kind of isomery is across the close state data safety sharing method of trust domain and system | |
CN102187618B (en) | Method and apparatus for pseudonym generation and authentication | |
Sharma et al. | RSA based encryption approach for preserving confidentiality of big data | |
Du et al. | A medical information service platform based on distributed cloud and blockchain | |
CN107635018B (en) | Cross-domain medical cloud storage system supporting emergency access control and safe deduplication | |
CN110086615A (en) | A kind of more authorized party's ciphertext policy ABE base encryption methods of distribution that medium is obscured | |
John et al. | Provably secure data sharing approach for personal health records in cloud storage using session password, data access key, and circular interpolation | |
KR101022213B1 (en) | Method and apparatus for sharing and secondary use of medical data based on multi-proxy re-encryption | |
Olakanmi et al. | FEACS: A fog enhanced expressible access control scheme with secure services delegation among carers in E-health systems | |
CN114866323A (en) | User-controllable private data authorization sharing system and method | |
KR20220125567A (en) | System and method for sharing patient's medical data in medical cloud environment | |
CN115412259B (en) | Block chain-based cloud health system searchable proxy signcryption method and product | |
CN115361126B (en) | Partial strategy hidden attribute encryption method and system capable of verifying outsourcing | |
CN113660278B (en) | Quantum attack resistant non-interactive attribute proxy re-encryption method and system | |
JPH11143359A (en) | Enciphering device, decoding device, information sharing device, enciphering method, decoding method, information processing method, and recording medium | |
CN113990399A (en) | Gene data sharing method and device for protecting privacy and safety |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |