CN110098919A - The acquisition methods of data permission based on block chain - Google Patents

The acquisition methods of data permission based on block chain Download PDF

Info

Publication number
CN110098919A
CN110098919A CN201910346045.7A CN201910346045A CN110098919A CN 110098919 A CN110098919 A CN 110098919A CN 201910346045 A CN201910346045 A CN 201910346045A CN 110098919 A CN110098919 A CN 110098919A
Authority
CN
China
Prior art keywords
indicate
user
attribute
key
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910346045.7A
Other languages
Chinese (zh)
Other versions
CN110098919B (en
Inventor
高军涛
于海勇
刘奇
吴通
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201910346045.7A priority Critical patent/CN110098919B/en
Publication of CN110098919A publication Critical patent/CN110098919A/en
Application granted granted Critical
Publication of CN110098919B publication Critical patent/CN110098919B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of data permission acquisition methods based on block chain, mainly solve the problems, such as in available data authority acquiring scheme that authority acquiring is inflexible and privacy leakage, implementation are as follows: 1) generate the public private key pair of system parameter and attribute authority (aa);2) user's registration, and generate global public private key pair;3) authorization additional attribute authority and temporal properties authority;4) user encrypts data using attribute encryption technology;5) user generates re-encrypted private key, agent's re-encrypted symmetric key ciphertext;6) authority request person's ciphertext data ciphertext obtains data permission.Due to using attribute encryption technology, proxy re-encryption technology in the present invention, authority acquiring relevant information is saved using block chain simultaneously, increase the flexibility of data permission acquisition, improve the safety of data permission acquisition, it ensure that the fairness that data permission obtains, can be used for the acquisition of data permission in virtual network.

Description

The acquisition methods of data permission based on block chain
Technical field
The invention belongs to technical field of network security, a kind of acquisition methods of the data permission further related to can be used The acquisition of data permission in virtual network.
Background technique
As smart machine largely uses, more and more data are generated daily, and people recognize the valence of data gradually Value.Traditional data trade method be easy to cause leaking data, damages the interests of data owner.Distributed trading scheme, User needs to keep presence, auxiliary data buyer verifying and purchase data.If user time or computing capability are limited, With regard to needing to sell data by agent.But it must be ensured that agent will not obtain any information of data content, want simultaneously Guarantee the authenticity of data.The operation of user could be not only reduced in this way, but also guaranteed the fairness of transaction.
Patent document " the digital rights pipe for anonymous digital content shared of the Koninklike Philips Electronics N. V. in its application Reason " (publication number: CN 109416709A, application number: 201780029276.4, the applying date: 2019.03.01) disclose a kind of use In the method that management is shifted from the first equipment to the second equipment, digital content access right, comprising: pass through at authenticating device Use at least one first identifying code of public key encryption at least one equipment in being piped off by the authenticating device R1 generates the first authentication data collection C;The first authentication data collection C and the second identifying code R2 are provided from the authenticating device The authenticating device is returned to from second equipment to first equipment, and by response message M.But this method is still So existing shortcoming is that message M can only be transferred to another equipment from an equipment, can not incited somebody to action by each permission transfer Message M's is transferred to multiple equipment from an equipment;And if the first equipment is malice, it is transferred out of the permission of mistake, is not had There are effective means to guarantee the correct permission of acquisition of the second equipment.
Liu Fang et al. is (public in a kind of patent document " distributed authorization management method under scenes of internet of things " of its application The number of opening: 109088857 A of CN, application number: 201810763942.3, applying date: 2018.07.12) in disclose one kind in object Distributed authorization management method under networking scenario.Wherein, this method comprises:, distribution is realized using block chain technology The permission of formula authorizes process.Using block chain can not tamper, Lai Shixian resource authorization information, the resource authorization transfer of power letter The public audit of the important informations such as breath, in addition, Internet of Things applies the characteristic that there are " user is more ", " resource apparatus amount of access is big ", In order to free equipment owner from licensing process, agent authorization and revocation agent authorization function are pointedly devised Energy.It proposes using block chain technology and realizes the authorization of resource service, thoroughly solve the problems, such as single point failure, and be stored in Information entire disclosure above block chain is transparent, and permission transfer process is all recorded on block chain, and all links of authorization are complete The supervision of net node and control.But the shortcoming that this method still has is, due to the characteristic of block chain full disclosure, benefit With all records such as the imparting of block chain storage permission, revocation, transfers, a degree of privacy of user leakage will cause;And it is every One authorization messages is set as a message blocks, the carrying cost of block chain user can with time excessively rapid growth, be user with Carry out biggish storage pressure.
Summary of the invention
It is an object of the invention in view of the above shortcomings of the prior art, propose the fictitious assets permission pipe based on block chain Reason method, effectively to search failure cause, permission avoided to shift the leakage to privacy of user when permission is shifted and broken down, Reduce memory space requirements.
The technical solution for realizing the object of the invention is, using attribute encryption technology encryption data, to pass through encryption attribute particulate The permission of the access control management user of degree is generated for user decrypted private key using more attribute authority (aa)s, avoids attribute authority (aa) power It is excessive;Using the technology of proxy re-encryption to the ciphertext re-encrypted of encryption attribute, while changing original access strategy, generation Reason quotient can not obtain any information of data clear text;The Hash, original close of the numbers of data, description information is saved using block chain The Hash of literary Hash, symmetric key, a permission transfer a, it is only necessary to record, the space occupied ratio are done on block chain It is smaller;Permission shifts when something goes wrong, and arbitration organ is by the information on block chain, the reason of decision problem;As long as permission is asked The attribute for the person of asking meets access strategy, so that it may corresponding permission is obtained, to avoid the privacy exposure of authority request person.It is realized Step includes the following:
(1) it initializes:
Common parameter PP needed for (1a) generates encryption attribute using security parameter, including multiplicative cyclic group G1And its it generates Bilinear map e:G on first g and rank p and multiplicative cyclic group1×G1→GT
(1b) is each to reside attribute authority (aa) AAKDistribution needs the attribute set managed, is generated using attribute authority (aa) key Method generates the public private key pair of each resident attribute authority (aa)
(2) user's registration:
(2a) each user registers on block chain, obtains the public private key pair (pk on block chainu-ecc,sku-ecc);
(2b) uses user's global secret generation method, generates the global public key pk of useruAnd global private key sku
(3) identification authorization:
The user's authorization for needing to sell data is a temporal properties authority by (3a)Manage one group of attributeMake With attribute authority (aa) key generation method, temporal properties authority is generatedPublic private key pair
Agency's authorization is an additional attribute authority by (3b)Manage one group of attributeUse attribute authority (aa) Key generation method generates additional attribute authorityPublic private key pair
(4) user handles data:
The symmetric key key encryption that (4a) user is generated using oneself will shift the data m of permission, obtain the ciphertext of data cnum
(4b) each resides attribute authority (aa) AAKIt is raw for user according to user property x using user's decruption key generation method At decrypted private key SKj
(4c) user uses symmetric key ciphertext generation method, obtains the ciphertext CT of symmetric key key:
(4d) user uses the hash function of impact resistant, calculates the Hash H of data ciphertextcWith the Hash H of symmetric keykey
(4e) user generated data number num and data specifying-information desnum, and data number num, data description are believed Cease desnum, data ciphertext cnum, symmetric key ciphertext CT be sent to agent;
(4f) user is by data number num, data specifying-information desnum, data ciphertext Hash Hc, symmetric key Kazakhstan Uncommon HkeyIt is recorded on block chain;
The price of (4g) user generated data is sent to agent, and pays earnest money to agent's branch;
(5) negotiate new access strategy:
(5a) agent, which formulates, needs to shift the data storage scheme and access strategy of permission, and by the corresponding property set S of the access strategyP It is sent to user;
(5b) user selects self-administered property set STiIn a subset be added SP, it is corresponding to obtain new access strategy Attribute set S(M',ρ'), according to attribute set S(M',ρ')Using re-encrypted private key generating algorithm, calculate symmetric key ciphertext CT's Re-encrypted private key rkc, by rkcIt is sent to agent:
(5c) agent uses proxy re-encryption algorithm, and re-encrypted symmetric key ciphertext CT obtains new access strategy Corresponding ciphertext CT';
(5d) agent is by data specifying-information desnumAnd new access strategy (M', ρ ') is broadcasted;
(6) data permission is obtained:
(6a) authority request person checks agential broadcast message, searches the data for needing to buy;
(6b) resides attribute authority (aa) AAKUsing user's decruption key generation method, generated and its attribute for authority request person Corresponding decrypted private key SKj
(6c) additional attribute authorityUsing user's decruption key generation method, additional attribute authority is generatedManagement AttributeCorresponding decrypted private key
(6d) temporal properties authorityUsing user's decruption key generation method, temporal properties authority is generatedManagement AttributeCorresponding decrypted private key
(6e) authority request person is to additional attribute authority (aa)Buy decrypted private keyAnd it is authoritative to temporal properties Buy decrypted private key
(6f) authority request person uses the decipherment algorithm of encryption attribute, and decryption obtains symmetric key key', and with symmetrically close Key key' ciphertext data ciphertext cnumObtain data clear text m';
(7) authority request person checks whether data clear text m' meets data specifying-information desnum, if so, log off, Otherwise, request arbitration organ is arbitrated, and is compensated authority request person.
Compared with the prior art, the present invention has the following advantages:
First, the present invention is due to using attribute encryption technology encryption data, so that the decryption of data is only current with user Attribute is related, can extremely flexibly control the permission of data, and by primary encryption, permission can be transferred to multiple full The user of sufficient access strategy, overcoming data permission in the prior art can not while shift in many ways from a direction, so that of the invention Method data permission obtain it is more convenient.
Second, the present invention is due to using Re-encryption Technology, the re-encrypted private key that agent uses user to submit, re-encrypted The data ciphertext that user submits, so that agent can not know any letter of data content when changing the access strategy of data The shortcomings that breath overcomes all record full disclosures such as permission imparting, revocation, transfer in the prior art, may reveal privacy, makes The data permission acquisition for obtaining method of the invention is safer.
Third, the present invention are close due to the data number, the description information of data, data that use block chained record user to submit Text Hash and symmetric key Hash, and generate information on block chain the space occupied very little, arbitration organ according to Information on block chain judges the failure cause of permission transfer, has no basis when overcoming permission transfer failure in the prior art The excessive problem of the memory space of failure cause and judgment basis is judged, so that method of the invention has more practicability.
Detailed description of the invention
Fig. 1 is the general flow chart of the method for the present invention;
Fig. 2 is the sub-process figure that user handles data in the present invention;
Fig. 3 is the sub-process figure for negotiating new access strategy in the present invention;
Fig. 4 is the sub-process figure that data permission is obtained in the present invention.
Specific implementation measure
The present invention is described in further detail with reference to the accompanying drawing.
Referring to Fig.1, to realization of the invention, steps are as follows:
Step 1, it initializes.
Common parameter PP needed for generating encryption attribute using security parameter, including multiplicative cyclic group G1And its generate member g With the bilinear map e:G in rank p and multiplicative cyclic group1×G1→GT
For each resident attribute authority (aa) AAKDistribution needs the attribute set managed, and generates each resident attribute authority (aa) Public private key pair
The existing method for generating attribute authority (aa) public private key pair has based on bilinear map and based on discrete cipher system, this reality Example generates attribute authority (aa) public private key pair in such a way that the two combines, and has stronger safety, generates the public and private key of attribute authority (aa) Pair calculation formula it is as follows:
Wherein,Indicate attribute authority (aa) AAKPrivate key,Indicate attribute authority (aa) AAKPublic key, αkkIt is respectively By attribute authority (aa) AAKFrom finite field ZpTwo random numbers of middle selection, vxIndicate attribute authority (aa) AAKThe attribute x managed it is from having Confinement ZpThe random number of middle selection, SAAIndicate attribute authority (aa) AAKThe attribute set of management.
Step 2, user's registration.
Each user registers on block chain, obtains the public private key pair (pk on block chainu-ecc,sku-ecc), then Generate the global public key pk of useruAnd global private key sku
The existing user's overall situation public key and the method for global private key of generating has based on discrete logarithm cipher system and based on big number Cipher system is decomposed, this example is used but is not limited to be generated the global public key of user and global private based on discrete logarithm cipher system Key guarantees the confidentiality of the global public and private key of user, it is as follows to generate formula:
sku=H1(sku-ecc),
Wherein, skuIndicate the global private key of user, pkuIndicate the global public key of user, sku-eccIndicate the block of user Private key on chain, g indicate multiplicative cyclic group G1Generation member, H1() impact resistant hash function indicates { 0,1 }*→Zp's Mapping.
Step 3, identification authorization.
It 3.1) is a temporal properties authority by the user's authorization for needing to sell dataManage one group of attributeIt will Agency's authorization is an additional attribute authorityManage one group of attribute
The technical solution of existing encryption attribute adds additional two kinds without additional increased attribute authority (aa), this example Property authority, one is by agent authorize for additional attribute it is authoritative, it is authoritative for temporal properties one is authorizing user, make total It is more convenient according to permission transfer.
3.2) temporal properties authority is generatedPublic private key pair
The existing method for generating attribute authority (aa) public private key pair has based on bilinear map and based on discrete cipher system, this reality Example generates attribute authority (aa) public private key pair in such a way that the two combines, and has stronger safety, generates the public and private key of attribute authority (aa) Pair formula it is as follows:
Wherein,Indicate temporal properties authorityPrivate key,Indicate temporal properties authorityPublic key, αkTkTIt is by temporal properties authority respectivelyFrom finite field ZpTwo random numbers of middle selection, vxTIndicate temporal properties authorityThe attribute xT managed it is from finite field ZpThe random number of middle selection,Indicate temporal properties authorityThe attribute of management Set;
3.3) additional attribute authority is generatedPublic private key pair
The existing method for generating attribute authority (aa) public private key pair has based on bilinear map and based on discrete cipher system, this reality Example generates attribute authority (aa) public private key pair in such a way that the two combines, and has stronger safety, generates the public and private key of attribute authority (aa) Pair calculation formula it is as follows:
Wherein,Indicate additional attribute authorityPrivate key,Indicate additional attribute authorityPublic key, αkEkEIt is by additional attribute authority respectivelyFrom finite field ZpTwo random numbers of middle selection, vxEIndicate additional attribute authorityThe attribute xE managed it is from finite field ZpTwo random numbers of middle selection,Indicate additional attribute authorityManagement Attribute set.
Step 4, user handles data.
Referring to Fig. 2, to the realization of step, steps are as follows:
4.1) the symmetric key key encryption that user is generated using oneself will shift the data m of permission, obtain the ciphertext of data cnum
4.2) attribute authority (aa) AA is each residedK, decrypted private key SK is generated for user according to user propertyj:
The existing method for generating user's decrypted private key has based on discrete logarithm cipher system and decomposes password body based on big number System, this example, which is used, generates user's decrypted private key based on discrete logarithm cipher system, guarantees the confidentiality of user's decrypted private key.It is raw It is as follows at formula:
Wherein,Indicate the first decrypted private key,Indicate the second decrypted private key,Indicate third decrypted private key,Indicate the 4th decrypted private key, αk And βkRespectively indicate two random numbers of attribute authority (aa) selection, rj,KIndicate attribute authority (aa) choosing when decrypted private key is generated for user The random number selected, vxIndicate the random number that attribute authority (aa) is generated according to the attribute x managed, g is multiplicative cyclic group G1Generation Member, SuIndicate the attribute set of user;
4.3) user generates the ciphertext CT of symmetric key key:
The existing method for generating symmetric key ciphertext using attribute encryption technology has based on tree-like access structure and based on line Property secret sharing scheme, this example use but be not limited to based on linear secret sharing scheme generate symmetric key ciphertext, guarantee pair Claim the confidentiality of key ciphertext, it is as follows to generate formula:
CT=(C0,C1,Ci,2,C3,Ci,4,Ci,5),
Wherein, C1=gsIndicate the first ciphertext,Indicate the second ciphertext,Indicate third ciphertext,Indicate the 4th ciphertext,Indicate the 5th ciphertext,Indicate the 6th Ciphertext, s indicate user from finite field ZpFirst random number of selection, riIndicate user from finite field ZpN random number of selection,Indicate the secret shadow that user calculates,It indicates by the first random number s and finite field ZpIn Random number v2,v3,...,vnThe vector of generation, M indicate the matrix of first m × n of user's selection, MiIndicate the i-th row of M, ρ It indicates an injective function, every a line of matrix M is mapped to attribute set S(M,ρ)Each of attribute, i.e. ρ (Mi) → x, x It is S(M,ρ)In an attribute, αkAnd βkRespectively indicate two random numbers of attribute authority (aa) selection, vxIndicate attribute authority (aa) according to institute The random number that the attribute x of management is generated, e (g, g) indicate G1×G1→GTBilinear map, GTIt is a multiplicative cyclic group, g It is multiplicative cyclic group G1Generation member, K ∈ IAIndicate attribute set S(M,ρ)In the corresponding attribute authority (aa) of attribute;
4.4) user calculates the Hash H of data ciphertextcWith the Hash H of symmetric keykey:
Hc=H (cnum)
Hkey=H (key)
Wherein, H (cnum) indicate to calculate data ciphertext c using the hash function H of impact resistantnumHash, H (key) indicate The Hash of data symmetric key key is calculated using the hash function H of impact resistant;
4.5) user generated data number num and data specifying-information desnum, and data number num, data description are believed Cease desnum, data ciphertext cnum, symmetric key ciphertext CT be sent to agent;
4.6) user is by data number num, data specifying-information desnum, data ciphertext Hash Hc, symmetric key Kazakhstan Uncommon HkeyIt is recorded on block chain;
4.7) price of user generated data is sent to agent, and pays earnest money to agent's branch.
Step 5, negotiate new access strategy.
Referring to Fig. 3, steps are as follows for the realization of this step:
5.1) agent, which formulates, needs to shift the data storage scheme and access strategy of permission, and by the corresponding property set S of the access strategyP It is sent to user;
5.2) user selects self-administered property setIn a subset be added SP, it is corresponding to obtain new access strategy Attribute set S(M',ρ'), calculate the re-encrypted private key rk of symmetric key ciphertext CTc, by rkcIt is sent to agent:
The existing method for generating re-encrypted private key has based on discrete logarithm cipher system and is based on homomorphic cryptography cipher system, This example, which is used, generates re-encrypted private key based on discrete logarithm cipher system, guarantees the confidentiality of re-encrypted private key.Calculation formula It is as follows:
rkc=(rk1,C′t,C'x),
Wherein, rk1=(rkj,1,rkj,2,rkj,3) indicate first part's re-encrypted private key,Indicate the first re-encrypted private key,Indicate the second re-encrypted private key,Indicate third re-encrypted private key,
Indicate second part re-encrypted private key,Indicate the first hiding private key,Indicate the second hiding private key,Indicate that third hides private key,
C'x=(C '1,C′i,2,C′i,4,C′i,5,C'0) indicate Part III re-encrypted private key, C '1=gs'Indicate new access First ciphertext of strategy,Indicate the second ciphertext of new access strategy,Indicate the third of new access strategy Ciphertext,Indicate the 4th ciphertext of new access strategy,Indicate new access 5th ciphertext of strategy,
Indicate the secret shadow that user calculates, M'iIndicate that the i-th row of M', M' indicate the second of user's selection The matrix of a m × n, ri' indicate the n random number that user selects, αkAnd βkTwo for respectively indicating attribute authority (aa) selection are random Number, vxIndicate the random number that attribute authority (aa) is generated according to the attribute x managed, k indicates the second random number of user's selection, X table Show the third random number of user's selection, x1Indicating the 4th random number of user's selection, s' indicates the 5th random number of user's selection, G is multiplicative cyclic group G1Generation member, rj,KIndicate the random number that attribute authority (aa) is selected when decrypted private key is generated for user, H2 () is the hash function of an impact resistant, is indicated { 0,1 }*→G1Mapping, K ∈ IA' indicate attribute set S(M',ρ')In category The corresponding attribute authority (aa) of property;
5.3) agent's re-encrypted symmetric key ciphertext CT obtains the corresponding ciphertext CT' of new access strategy:
The existing method for generating re-encryption ciphertext has based on discrete logarithm cipher system and is based on homomorphic cryptography cipher system, This example, which is used, generates re-encrypted private key based on discrete logarithm cipher system, guarantees that generation re-encryption ciphertext will not leak data sheet It is as follows to generate formula for the information of body:
CT'=(C0,C′t,C'x,C'2),
Wherein,Indicate the 6th ciphertext,
Indicate second part re-encrypted private key,Indicate the first hiding private key,Indicate the second hiding private key,Indicate that third hides private key,
C'x=(C '1,C′i,2,C′i,4,C′i,5,C'0) indicate Part III re-encrypted private key, C '1=gs'Indicate new access First ciphertext of strategy,Indicate the second ciphertext of new access strategy,Indicate the third of new access strategy Ciphertext,Indicate the 4th ciphertext of new access strategy,Indicate new access 5th ciphertext of strategy,
Indicate first part's re-encryption ciphertext, C1=gs Indicate the first ciphertext,Indicate the second ciphertext,Indicate third ciphertext, Indicate the first re-encrypted private key,Indicate the second re-encrypted private key,Indicate that third re-encryption is close Key,
αkAnd βkIndicate two random numbers of attribute authority (aa) selection, vxIndicate that attribute authority (aa) is generated according to the attribute x managed Random number, g is multiplicative cyclic group G1Generation member, rj,KIndicate what attribute authority (aa) was selected when decrypted private key is generated for user Random number, H2() is the hash function of an impact resistant, is indicated { 0,1 }*→G1Mapping, k indicate user selection second with Machine number, X indicate the third random number of user's selection, x1Indicate the 4th random number of user's selection, s' indicates the of user's selection Five random numbers,Indicate the secret shadow that user calculates, M'iIndicate that the i-th row of M', M' indicate the of user's selection The matrix of two m × n, ri' indicate that user generates Part III re-encrypted private key C'xWhen, n random number of selection, λ 'iIt indicates User is calculating Part III re-encrypted private key C'xWhen, the secret shadow being calculated, K ∈ IAIndicate attribute set S(M,ρ)In The corresponding attribute authority (aa) of attribute, K ∈ IA' indicate attribute set S(M',ρ')In the corresponding attribute authority (aa) of attribute;
5.4) agent is by data specifying-information desnumAnd new access strategy (M', ρ ') is broadcasted.
Step 6, data permission is obtained.
Referring to Fig. 4, the realization of data permission is obtained in the present invention, and steps are as follows:
6.1) authority request person checks agential broadcast message, searches the data for needing to buy;
6.2) attribute authority (aa) AA is residedKDecrypted private key SK corresponding with its attribute is generated for authority request personj:
The existing method for generating user's decrypted private key has based on discrete logarithm cipher system and decomposes password body based on big number System, this example, which is used, generates user's decrypted private key based on discrete logarithm cipher system, guarantees the confidentiality of user's decrypted private key, It is as follows to generate formula:
Wherein,Indicate the first resident decrypted private key,
Indicate the second resident decrypted private key,
Indicate that third resides decrypted private key,
Indicate the 4th resident decrypted private key,
αkAnd βkRespectively indicate resident attribute authority (aa) AAKTwo random numbers of selection, rj,KIndicate resident attribute authority (aa) AAK? The random number selected when generating decrypted private key for authority request person, vxIndicate attribute authority (aa) AAKIt is generated according to the attribute x managed Random number, g is multiplicative cyclic group G1Generation member, SuIndicate the attribute set of authority request person;
6.3) additional attribute authorityGenerate additional attribute authorityThe attribute of managementCorresponding decrypted private key
The existing method for generating user's decrypted private key has based on discrete logarithm cipher system and decomposes password body based on big number System, this example, which is used, generates user's decrypted private key based on discrete logarithm cipher system, guarantees the confidentiality of user's decrypted private key, It is as follows to generate formula:
Wherein,Indicate the first additional decrypted private key,
Indicate the second additional decrypted private key,
Indicate the additional decrypted private key of third,
Indicate the 4th additional decrypted private key,
αekAnd βekRespectively indicate resident attribute authority (aa)Two random numbers of selection, re,KIndicate resident attribute authority (aa)The random number selected when generating decrypted private key for authority request person, vexIndicate attribute authority (aa)According to the category managed Property ex generate random number, g is multiplicative cyclic group G1Generation member, SeIndicate attribute authority (aa)The attribute set of management;
6.4) temporal properties authorityGenerate temporal properties authorityThe attribute of managementCorresponding decrypted private key
The existing method for generating user's decrypted private key has based on discrete logarithm cipher system and decomposes password body based on big number System, this example, which is used, generates user's decrypted private key based on discrete logarithm cipher system, guarantees the confidentiality of user's decrypted private key.It is raw It is as follows at formula:
Wherein,Indicate the first temporary decryption private key,
Indicate the second temporary decryption private key,
Indicate third temporary decryption private key,
Indicate the 4th temporary decryption private key,
αtkAnd βtkRespectively indicate resident attribute authority (aa)Two random numbers of selection, rt,KIndicate resident attribute authority (aa)The random number selected when generating decrypted private key for authority request person, vtxIndicate attribute authority (aa)According to the category managed Property tx generate random number, g is multiplicative cyclic group G1Generation member, StIndicate attribute authority (aa)The attribute set of management.
6.5) authority request person is to additional attribute authority (aa)Buy decrypted private keyAnd it is authoritative to temporal properties Buy decrypted private key
6.6) authority request person's decrypted symmetric key ciphertext CT obtains symmetric key key', and is decrypted with symmetric key key' Data ciphertext cnumObtain data clear text m';
The existing method for generating user's decrypted symmetric key ciphertext has based on tree-like access structure and linear privacy sharing side Case, this example use the ciphertext based on linear secret sharing scheme decrypted symmetric key, guarantee the safety of decryption.Decrypt formula It is as follows:
Wherein,Indicate the 6th ciphertext,
Indicate first part's re-encryption ciphertext, C1=gs Indicate the first ciphertext,Indicate the second ciphertext,Indicate third ciphertext, Indicate the first re-encrypted private key,Indicate the second re-encrypted private key,Indicate that third re-encryption is close Key,
Indicate the third random number of user's selection,Indicate new access plan The 5th ciphertext slightly, H2() is the hash function of an impact resistant, is indicated { 0,1 }*→G1Mapping,
Indicate half decryption ciphertext,Indicate new Second ciphertext of access strategy,Indicate the third ciphertext of new access strategy,Indicate new access plan The 4th ciphertext slightly,Indicate the first decrypted private key,Indicate that third decryption is private Key,Indicate the 4th decrypted private key,
θi' it is the value determined by linear secret sharing scheme, and ∑ρ(i)∈x'θ'i·λ'i=s', ρ (i) ∈ x' indicate to use The attribute x' at family meets mapping ρ (M'i) mapping attribute, M'iIndicate that the i-th row of M', M' indicate second m × n of user's selection Matrix, λi' indicate that user is calculating Part III re-encrypted private key C'xWhen obtained secret shadow, s' indicates user's selection 5th random number, ri' indicate that user generates Part III re-encrypted private key C'xWhen, n random number of selection, rj,KIndicate attribute The random number that authority selects when decrypted private key is generated for user, SuIndicate the attribute set of user, αkAnd βkIndicate attribute authority (aa) Two random numbers of selection, vxIndicate the random number that attribute authority (aa) is generated according to the attribute x managed, e (g, g) indicates G1×G1 →GTBilinear map, GTIt is a multiplicative cyclic group, g is multiplicative cyclic group G1Generation member.
Step 7, confirm permission.
Authority request person checks whether data clear text m' meets data specifying-information desnum, if so, log off, it is no Then, request arbitration organ is arbitrated, and is compensated authority request person:
The method of existing arbitration is based on having user that data is submitted to arbitrate and arbitrate based on data have been saved, this reality Example combines both methods, guarantees the fairness of arbitration, is accomplished by
7.1) symmetric key key' is sent to arbitration organ by authority request person, and arbitration organ is solved using symmetric key key' Ciphertext data ciphertext cnum, data clear text m' is obtained, and calculate data ciphertext cnumHash H'cAnd the Hash of symmetric key key' H'key
7.2) arbitration organ compares the result that the result that step 4 obtains is obtained with step 7.1, and judgement is three following Whether condition meets simultaneously:
The Hash H for the data ciphertext that user records on block chaincThe H' obtained with step 7.1cIt is identical;
The Hash H for the symmetric key that user records on block chainkeyThe H' obtained with step 7.1keyIt is identical;
It decrypts obtained data clear text m' and meets data description file desnum
If above three condition all meets, the requests for arbitration of permission requestor is rejected, is logged off;
Otherwise, agent notifies user, and deducts the guarantee fund of user, then compensates data price three to authority request person Compensation again, and the malicious act of user is recorded on block chain.
Above description is only example of the present invention, does not constitute any limitation of the invention, it is clear that for It, all may be without departing substantially from the principle of the invention, knot after having understood the contents of the present invention and principle for one of skill in the art In the case where structure, various modifications and change in form and details are carried out, but these amendments based on inventive concept and change Become still within the scope of the claims of the present invention.

Claims (10)

1. a kind of acquisition methods of the data permission based on block chain, which is characterized in that include the following:
(1) it initializes:
Common parameter PP needed for (1a) generates encryption attribute using security parameter, including multiplicative cyclic group G1And its generate member g with Bilinear map e:G in rank p and multiplicative cyclic group1×G1→GT
(1b) is each to reside attribute authority (aa) AAKDistribution needs the attribute set that manages, using attribute authority (aa) key generation method, Generate the public private key pair of each resident attribute authority (aa)
(2) user's registration:
(2a) each user registers on block chain, obtains the public private key pair (pk on block chainu-ecc,sku-ecc);
(2b) uses user's global secret generation method, generates the global public key pk of useruAnd global private key sku
(3) identification authorization:
The user's authorization for needing to sell data is a temporal properties authority by (3a)Manage one group of attributeUse category Property authority's key generation method, generate temporal properties authorityPublic private key pair
Agency's authorization is an additional attribute authority by (3b)Manage one group of attributeUse attribute authority (aa) key Generation method generates additional attribute authorityPublic private key pair
(4) user handles data:
The symmetric key key encryption that (4a) user is generated using oneself will shift the data m of permission, obtain the ciphertext c of datanum
(4b) each resides attribute authority (aa) AAKUsing user's decruption key generation method, solution is generated for user according to user property x Close private key SKj
(4c) user uses symmetric key ciphertext generation method, obtains the ciphertext CT of symmetric key key:
(4d) user uses the hash function of impact resistant, calculates the Hash H of data ciphertextcWith the Hash H of symmetric keykey
(4e) user generated data number num and data specifying-information desnum, and by data number num, data specifying-information desnum, data ciphertext cnum, symmetric key ciphertext CT be sent to agent;
(4f) user is by data number num, data specifying-information desnum, data ciphertext Hash Hc, symmetric key Hash Hkey It is recorded on block chain;
The price of (4g) user generated data is sent to agent, and pays earnest money to agent's branch;
(5) negotiate new access strategy:
(5a) agent, which formulates, needs to shift the data storage scheme and access strategy of permission, and by the corresponding property set S of the access strategyPIt sends To user;
(5b) user selects self-administered property setIn a subset be added SP, obtain the corresponding category of new access strategy Property set S(M',ρ'), according to attribute set S(M',ρ')Using re-encrypted private key generating algorithm, adding again for symmetric key ciphertext CT is calculated Key rkc, by rkcIt is sent to agent:
(5c) agent uses proxy re-encryption algorithm, and it is corresponding to obtain new access strategy by re-encrypted symmetric key ciphertext CT Ciphertext CT';
(5d) agent is by data specifying-information desnumAnd new access strategy (M', ρ ') is broadcasted;
(6) data permission is obtained:
(6a) authority request person checks agential broadcast message, searches the data for needing to buy;
(6b) resides attribute authority (aa) AAKUsing user's decruption key generation method, generated for authority request person corresponding with its attribute Decrypted private key SKj
(6c) additional attribute authorityUsing user's decruption key generation method, additional attribute authority is generatedThe category of management PropertyCorresponding decrypted private key
(6d) temporal properties authorityUsing user's decruption key generation method, temporal properties authority is generatedThe category of management PropertyCorresponding decrypted private key
(6e) authority request person is to additional attribute authority (aa)Buy decrypted private keyAnd it is authoritative to temporal propertiesPurchase Decrypted private key
(6f) authority request person uses the decipherment algorithm of encryption attribute, and decryption obtains symmetric key key', and uses symmetric key Key' ciphertext data ciphertext cnumObtain data clear text m';
(7) authority request person checks whether data clear text m' meets data specifying-information desnum, if so, log off, it is no Then, request arbitration organ is arbitrated, and is compensated authority request person.
2. the method according to claim 1, wherein (1b), (3a), the attribute authority (aa) key generation side in (3b) Method is accomplished by
The first step selects two random number α by each attribute authority (aa)kk∈Zp, random to the attribute x selection one of each management Number vx∈Zp, wherein ZpIndicate that rank is the finite field of p;
Second step calculates AndWherein, e (g, g) indicates G1×G1→GTBilinear map, GTIt is one A multiplicative cyclic group, g are multiplicative cyclic group G1Generation member;
Third step, the random number selected by attribute authority (aa) in the first step, obtains the private key of attribute authority (aa) By the calculated result of second step, the public key of attribute authority (aa) is obtainedWherein, x ∈ SAA Indicate the attribute x of attribute authority (aa) AA management.
3. being generated the method according to claim 1, wherein using user's global secret generation method in (2b) The global public key pk of useruAnd global private key sku, realize that steps are as follows:
(2b1) is according to the block chain private key sk of useru-ecc, calculate the global private key of user: sku=H1(sku-ecc), wherein H1 () is an impact resistant hash function, is indicated { 0,1 }*→ZpMapping;
(2b2) obtains the global public key of user according to the global private key of user:
4. the method according to claim 1, wherein (4b), (6b), (6c), user's decrypted private key in (6d) Generating algorithm realizes that steps are as follows:
The first step is that user selects a random number r by each attribute authority (aa)j,K∈Zp
Second step, according to system common parameter PP, the global public key pk of useru, the attribute authority (aa) private key that has generated and first step choosing The random number r selectedj,K, the decrypted private key SK of attribute authority (aa) calculating userj:
Wherein,Indicate the first decrypted private key,Indicate the second decrypted private key,Indicate third decrypted private key,Indicate the 4th decrypted private key, αk And βkIndicate two random numbers of attribute authority (aa) selection, rj,KIndicate what attribute authority (aa) was selected when decrypted private key is generated for user Random number, vxIndicate the random number that attribute authority (aa) is generated according to the attribute x managed, g is multiplicative cyclic group G1Generation member, Su Indicate the attribute set of user.
5. the method according to claim 1, wherein in (4c) user use symmetric key ciphertext generation method, The ciphertext CT of symmetric key key is obtained, realizes that steps are as follows:
(4c1) user selects the first random number s ∈ Zp, construct vectorWherein v2,v3,...,vnIt is from having Confinement ZpThe random number of middle selection;
(4c2) user selects the matrix M and an injective function ρ of first m × n, and every a line of matrix M is mapped to property set Close S(M,ρ)Each of attribute, i.e. ρ (Mi) → x, wherein MiIndicate the i-th row of M, x is S(M,ρ)In an attribute;
The vector that (4c3) is obtained according to (4c1)The matrix M that (4c2) is obtained, user calculate secret shadow
(4c4) user selects n random number ri∈Zp, and according to the random number r of selectioni, attribute authority (aa) public keySystem is public Parameter PP altogether calculates the ciphertext CT of symmetric key key:
CT=(C0,C1,Ci,2,C3,Ci,4,Ci,5),
Wherein, C1=gsIndicate the first ciphertext,Indicate the second ciphertext,Indicate third ciphertext, Indicate the 4th ciphertext,Indicate the 5th ciphertext,Indicate the 6th ciphertext, αk And βkIndicate two random numbers of attribute authority (aa) selection, vxIndicate the random number that attribute authority (aa) is generated according to the attribute x managed, e (g, g) indicates G1×G1→GTBilinear map, GTIt is a multiplicative cyclic group, g is multiplicative cyclic group G1Generation member, K ∈ IAIndicate attribute set S(M,ρ)In the corresponding attribute authority (aa) of attribute.
6. being calculated the method according to claim 1, wherein user uses the hash function of impact resistant in (4d) The Hash H of data ciphertextcWith the Hash H of symmetric keykey, it is calculated by following formula:
Hc=H (cnum)
Hkey=H (key)
Wherein, H (cnum) indicate to calculate data ciphertext c using the hash function H of impact resistantnumHash, H (key) indicate use The hash function H of impact resistant calculates the Hash of data symmetric key key.
7. the method according to claim 1, wherein user is according to attribute set S in (5b)(M',ρ')Using again plus Close key schedule calculates the re-encrypted private key rk of symmetric key ciphertext CTc, realize that steps are as follows:
(5b1) user selects the second random number k ∈ ZpWith third random number X ∈ G1, wherein ZpIndicate that rank is the finite field of p;
The random number of (5b2) according to (5b1) selection, the decrypted private key SK of userj, attribute authority (aa) AAKPublic keySystem is public Parameter PP altogether, user calculate first part's re-encrypted private key rk1:
rk1=(rkj,1,rkj,2,rkj,3),
Wherein,Indicate the first re-encrypted private key,Indicate that second adds again Key,Indicate third re-encrypted private key, αkAnd βkIndicate two random numbers of attribute authority (aa) selection, vxIt indicates to belong to Property the random number that is generated according to the attribute x that is managed of authority, g is multiplicative cyclic group G1Generation member, rj,KIndicate that attribute authority (aa) exists The random number selected when decrypted private key is generated for user, H2() is the hash function of an impact resistant, is indicated { 0,1 }*→G1's Mapping;
(5b3) user selects the 4th random number x1∈Zp, and according to random number x1, user decrypted private key SKj, attribute authority (aa) AAK Public keyAnd system common parameter PP, calculate second part re-encrypted private key C 't:
Wherein,Indicate the first hiding private key,Indicate the second hiding private key,Indicate the Three hiding private keys, αkAnd βkIndicate two random numbers of attribute authority (aa) selection, vxIndicate attribute authority (aa) according to the attribute x managed The random number of generation, g are multiplicative cyclic group G1Generation member, rj,KIndicate attribute authority (aa) choosing when decrypted private key is generated for user The random number selected;
(5b4) user selects the 5th random number s' ∈ Zp, construct vectorWherein v2',v3',..., vn' it is from finite field ZpThe random number of middle selection;
(5b5) user selects the matrix M' of second m × n, wherein M'iIndicate the i-th row of M';
The vector that (5b6) is obtained according to (5b4)The matrix M' that (5b5) is obtained calculates secret shadow
(5b7) user selects n random number ri'∈RZp, according to the random number r of selectioni', (5b4) selection random number s', attribute The corresponding attribute authority (aa) public key of x' and system common parameter PP calculate Part III re-encrypted private key C 'x:
C′x=(C '1,C′i,2,C′i,4,C′i,5,C′0),
Wherein, C '1=gs'Indicate the first ciphertext of new access strategy,Indicate the second ciphertext of new access strategy,Indicate the third ciphertext of new access strategy,Indicate the 4th ciphertext of new access strategy,Indicate the 5th ciphertext of new access strategy, αkAnd βkIndicate attribute authority (aa) selection two with Machine number, vxIndicate the random number that attribute authority (aa) is generated according to the attribute x managed, g is multiplicative cyclic group G1Generation member, K ∈ IA' indicate attribute set S(M',ρ')In the corresponding attribute authority (aa) of attribute;
(5b8) is according to first part re-encrypted private key rk1, second part re-encrypted private key C 'tWith Part III re-encrypted private key C′x, obtain re-encrypted private key rkc=(rk1,C′t,C′x);
Wherein,Indicate the first re-encrypted private key,Indicate that second adds again Key,Indicate third re-encrypted private key, αkAnd βkIndicate two random numbers of attribute authority (aa) selection, vxIt indicates to belong to Property the random number that is generated according to the attribute x that is managed of authority, g is multiplicative cyclic group G1Generation member, rj,KIndicate that attribute authority (aa) exists The random number selected when decrypted private key is generated for user, H2() is the hash function of an impact resistant, is indicated { 0,1 }*→G1's Mapping.
8. the method according to claim 1, wherein agent uses proxy re-encryption algorithm in (5c), again Encrypted symmetric key ciphertext CT realizes that steps are as follows:
(5c1) is according to re-encrypted private key rkc, symmetric key ciphertext CT, agent's calculating first part's re-encryption ciphertext C '2:
Wherein, C1=gsIndicate the first ciphertext,Indicate the second ciphertext,Indicate third ciphertext,Indicate the first re-encrypted private key,Indicate the second re-encrypted private key,Indicate third re-encrypted private key, αkAnd βkIndicate two random numbers of attribute authority (aa) selection, vxIndicate attribute authority (aa) According to the random number that the attribute x managed is generated, g is multiplicative cyclic group G1Generation member, rj,KIndicate attribute authority (aa) for user The random number selected when generating decrypted private key, H2() is the hash function of an impact resistant, is indicated { 0,1 }*→G1Mapping;
(5c2) is according to symmetric key ciphertext CT, re-encrypted private key rkcFirst part's re-encryption ciphertext C ' obtained in (5c1)2, Obtain the corresponding ciphertext CT'=(C of new access strategy (M', ρ ')0,C′t,C′x,C′2),
Wherein,Indicate the 6th ciphertext,Indicate second part Re-encrypted private key,Indicate the first hiding private key,Indicate the second hiding private key,Table Show that third hides private key, C 'x=(C '1,C′i,2,C′i,4,C′i,5,C′0) indicate Part III re-encrypted private key, C '1=gs'It indicates First ciphertext of new access strategy,Indicate the second ciphertext of new access strategy,Indicate new access strategy Third ciphertext,Indicate the 4th ciphertext of new access strategy,It indicates 5th ciphertext of new access strategy, αkAnd βkIndicate two random numbers of attribute authority (aa) selection, vxIndicate attribute authority (aa) according to being managed The random number that the attribute x of reason is generated, g is multiplicative cyclic group G1Generation member, rj,KIndicate that decryption is being generated for user in attribute authority (aa) The random number selected when private key, H2() is the hash function of an impact resistant, is indicated { 0,1 }*→G1Mapping, x1It indicates to use 4th random number of family selection, s' indicate the 5th random number of user's selection, ri' indicate that user's generation Part III re-encryption is close Key C 'xWhen, n random number of selection, λ 'iIndicate that user is calculating Part III re-encrypted private key C 'xWhen, what is be calculated is secret Close share, K ∈ IAIndicate attribute set S(M,ρ)In the corresponding attribute authority (aa) of attribute, K ∈ IA' indicate attribute set S(M',ρ')In The corresponding attribute authority (aa) of attribute.
9. the method according to claim 1, wherein authority request person is calculated using the decryption of encryption attribute in (6f) Method, decryption obtain symmetric key key', realize that steps are as follows:
(6f1) is according to the decrypted private key SK of userj, the new corresponding ciphertext CT' of access strategy (M', ρ '), user by following formula into It racks and holds half to decrypt, obtain half decryption ciphertext T:
Wherein, θi' it is the value determined by linear secret sharing scheme, and ∑ρ(i)∈x'θ'i·λ'i=s', ρ (i) ∈ x' are indicated The attribute x' of user meets mapping ρ (M'i) mapping attribute, λ 'iIndicate that user is calculating Part III re-encrypted private key C 'xWhen Obtained secret shadow, s' indicate the 5th random number of user's selection,Indicate the second close of new access strategy Text,Indicate the third ciphertext of new access strategy,Indicate the 4th ciphertext of new access strategy,Indicate the first decrypted private key,Indicate third decrypted private key,Indicate the 4th decrypted private key, ri' indicate that user generates Part III re-encrypted private key C 'xWhen, selection N random number, rj,KIndicate the random number that attribute authority (aa) is selected when decrypted private key is generated for user, SuIndicate the category of user Property set, αkAnd βkIndicate two random numbers of attribute authority (aa) selection, vxIndicate that attribute authority (aa) is generated according to the attribute x managed Random number, e (g, g) indicate G1×G1→GTBilinear map, GTIt is a multiplicative cyclic group, g is multiplicative cyclic group G1's Generate member;
(6f2) is according to the global private key sk of useruThe half decryption ciphertext T that (6f1) is obtained, user calculate third random number
X:Wherein,Indicate the 5th ciphertext of new access strategy;
(6f3) user calculates symmetric key according to new access strategy (M', ρ ') corresponding ciphertext CT' and third random number XWherein,Indicate the 6th ciphertext,Indicate first part's re-encryption ciphertext, C1=gsIndicate first Ciphertext,Indicate the second ciphertext,Indicate third ciphertext,It indicates First re-encrypted private key,Indicate the second re-encrypted private key,Indicate third re-encrypted private key, H2 () is the hash function of an impact resistant, is indicated { 0,1 }*→G1Mapping.
10. the method according to claim 1, wherein authority request person requests arbitration organ's progress secondary in (7) It cuts out, authority request person is compensated, realize that steps are as follows:
Symmetric key key' is sent to arbitration organ by (7a) authority request person, and number is decrypted using symmetric key key' by arbitration organ According to ciphertext cnum, data clear text m' is obtained, and calculate data ciphertext cnumHash H'cAnd the Hash H of symmetric key key' 'key
(7b) arbitration organ compares the result that (4d) is obtained with (7a) obtained result, and whether following three conditions of judgement Meet simultaneously:
The Hash H for the data ciphertext that user records on block chaincThe H' obtained with (7a)cIt is identical;
The Hash H for the symmetric key that user records on block chainkeyThe H' obtained with (7a)keyIt is identical;
It decrypts obtained data clear text m' and meets data description file desnum
If above three condition all meets, the requests for arbitration of permission requestor is rejected, is logged off;
Otherwise, agent notifies user, and deducts the guarantee fund of user, then compensates data price three times to authority request person Compensation, and the malicious act of user is recorded on block chain.
CN201910346045.7A 2019-04-26 2019-04-26 Block chain-based data permission acquisition method Active CN110098919B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910346045.7A CN110098919B (en) 2019-04-26 2019-04-26 Block chain-based data permission acquisition method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910346045.7A CN110098919B (en) 2019-04-26 2019-04-26 Block chain-based data permission acquisition method

Publications (2)

Publication Number Publication Date
CN110098919A true CN110098919A (en) 2019-08-06
CN110098919B CN110098919B (en) 2021-06-25

Family

ID=67446074

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910346045.7A Active CN110098919B (en) 2019-04-26 2019-04-26 Block chain-based data permission acquisition method

Country Status (1)

Country Link
CN (1) CN110098919B (en)

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110493347A (en) * 2019-08-26 2019-11-22 重庆邮电大学 Data access control method and system in large-scale cloud storage based on block chain
CN110519286A (en) * 2019-09-01 2019-11-29 江西理工大学 A kind of intelligent transportation Data Access Security method based on alliance's block chain
CN110740033A (en) * 2019-08-19 2020-01-31 杭州云象网络技术有限公司 block chain multi-party data sharing method based on secret sharing technology
CN111050317A (en) * 2019-12-07 2020-04-21 江西理工大学 Intelligent traffic data safety sharing method based on alliance block chain
CN111191288A (en) * 2019-12-30 2020-05-22 中电海康集团有限公司 Block chain data access authority control method based on proxy re-encryption
CN111277412A (en) * 2020-02-18 2020-06-12 暨南大学 Data security sharing system and method based on block chain key distribution
CN111327597A (en) * 2020-01-21 2020-06-23 暨南大学 Digital evidence obtaining method based on block chain privacy protection and fine-grained access control
CN111415718A (en) * 2020-02-29 2020-07-14 重庆邮电大学 Electronic prescription sharing method based on block chain and conditional proxy re-encryption
CN111586010A (en) * 2020-04-29 2020-08-25 中国联合网络通信集团有限公司 Key distribution method and device
CN111614678A (en) * 2020-05-22 2020-09-01 中国联合网络通信集团有限公司 Anti-disclosure method, anti-disclosure device and encryption device
CN111681002A (en) * 2020-06-10 2020-09-18 浙江工商大学 Fair data transaction method and system based on block chain
CN111783128A (en) * 2020-07-24 2020-10-16 国网湖南省电力有限公司 Verifiable distributed database access control method
CN112257112A (en) * 2020-11-16 2021-01-22 国网河南省电力公司信息通信公司 Data access control method based on block chain
CN112613050A (en) * 2020-12-22 2021-04-06 北京八分量信息科技有限公司 Data access method and device based on big data system and related products
CN112632576A (en) * 2020-12-22 2021-04-09 北京八分量信息科技有限公司 Data access method and device for protecting privacy in big data system and related products
CN113193953A (en) * 2021-04-16 2021-07-30 南通大学 Multi-authority attribute-based encryption method based on block chain
CN113779612A (en) * 2021-09-30 2021-12-10 国网湖南省电力有限公司 Data sharing method and system based on block chain and hidden strategy attribute encryption
CN113872969A (en) * 2021-09-28 2021-12-31 安徽大学 Automatic driving vehicle in-vehicle message re-encryption method based on proxy re-encryption mechanism
CN114513327A (en) * 2021-12-30 2022-05-17 电子科技大学 Block chain-based Internet of things privacy data rapid sharing method
WO2022121673A1 (en) * 2020-12-09 2022-06-16 International Business Machines Corporation Decentralized broadcast encryption and key generation facility
CN115277052A (en) * 2022-06-07 2022-11-01 国网北京市电力公司 Data encryption method and device based on block chain and electronic equipment

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170048217A1 (en) * 2015-08-10 2017-02-16 Cisco Technology, Inc. Group membership block chain
CN108964892A (en) * 2018-06-25 2018-12-07 北京迪曼森科技有限公司 Generation method, application method, management system and the application system of trusted application mark
CN109120639A (en) * 2018-09-26 2019-01-01 众安信息技术服务有限公司 A kind of data cloud storage encryption method and system based on block chain
CN109145612A (en) * 2018-07-05 2019-01-04 东华大学 The cloud data sharing method of anti-data tampering, user's collusion is realized based on block chain
CN109189727A (en) * 2018-09-14 2019-01-11 江西理工大学 A kind of block chain ciphertext cloud storage sharing method based on property broker re-encryption
CN109347878A (en) * 2018-11-30 2019-02-15 西安电子科技大学 The data verification of decentralization and data safety transaction system and method
CN109345438A (en) * 2018-10-11 2019-02-15 北京理工大学 A kind of alliance of secret protection calls a taxi method and system
CN109559124A (en) * 2018-12-17 2019-04-02 重庆大学 A kind of cloud data safety sharing method based on block chain
CN109635536A (en) * 2018-12-14 2019-04-16 北京汉升链商科技有限公司 Identity data access control method, device and system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170048217A1 (en) * 2015-08-10 2017-02-16 Cisco Technology, Inc. Group membership block chain
CN108964892A (en) * 2018-06-25 2018-12-07 北京迪曼森科技有限公司 Generation method, application method, management system and the application system of trusted application mark
CN109145612A (en) * 2018-07-05 2019-01-04 东华大学 The cloud data sharing method of anti-data tampering, user's collusion is realized based on block chain
CN109189727A (en) * 2018-09-14 2019-01-11 江西理工大学 A kind of block chain ciphertext cloud storage sharing method based on property broker re-encryption
CN109120639A (en) * 2018-09-26 2019-01-01 众安信息技术服务有限公司 A kind of data cloud storage encryption method and system based on block chain
CN109345438A (en) * 2018-10-11 2019-02-15 北京理工大学 A kind of alliance of secret protection calls a taxi method and system
CN109347878A (en) * 2018-11-30 2019-02-15 西安电子科技大学 The data verification of decentralization and data safety transaction system and method
CN109635536A (en) * 2018-12-14 2019-04-16 北京汉升链商科技有限公司 Identity data access control method, device and system
CN109559124A (en) * 2018-12-17 2019-04-02 重庆大学 A kind of cloud data safety sharing method based on block chain

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
HOANG GIANG DO,WEE KEONG NG: ""Blockchain-based System for Secure Data Storage with Private Keyword Search"", 《2017 IEEE 13TH WORLD CONGRESS ON SERVICES》 *
WENHAI SUN ECT.: ""Protecting Your Right: Verifiable Attribute-Based Keyword Search with Fine-Grained Owner-Enforced Search Authorization in the Cloud"", 《IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS》 *
赵志远,王建华,朱智强,孙磊: ""云存储环境下属性基加密综述"", 《计算机应用研究》 *

Cited By (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110740033A (en) * 2019-08-19 2020-01-31 杭州云象网络技术有限公司 block chain multi-party data sharing method based on secret sharing technology
CN110493347B (en) * 2019-08-26 2020-07-14 重庆邮电大学 Block chain-based data access control method and system in large-scale cloud storage
CN110493347A (en) * 2019-08-26 2019-11-22 重庆邮电大学 Data access control method and system in large-scale cloud storage based on block chain
CN110519286A (en) * 2019-09-01 2019-11-29 江西理工大学 A kind of intelligent transportation Data Access Security method based on alliance's block chain
CN110519286B (en) * 2019-09-01 2021-12-24 江西理工大学 Intelligent traffic data security access method based on alliance block chain
CN111050317A (en) * 2019-12-07 2020-04-21 江西理工大学 Intelligent traffic data safety sharing method based on alliance block chain
CN111050317B (en) * 2019-12-07 2022-08-02 江西理工大学 Intelligent traffic data safety sharing method based on alliance block chain
CN111191288B (en) * 2019-12-30 2023-10-13 中电海康集团有限公司 Block chain data access right control method based on proxy re-encryption
CN111191288A (en) * 2019-12-30 2020-05-22 中电海康集团有限公司 Block chain data access authority control method based on proxy re-encryption
CN111327597A (en) * 2020-01-21 2020-06-23 暨南大学 Digital evidence obtaining method based on block chain privacy protection and fine-grained access control
CN111277412B (en) * 2020-02-18 2023-03-24 暨南大学 Data security sharing system and method based on block chain key distribution
CN111277412A (en) * 2020-02-18 2020-06-12 暨南大学 Data security sharing system and method based on block chain key distribution
CN111415718A (en) * 2020-02-29 2020-07-14 重庆邮电大学 Electronic prescription sharing method based on block chain and conditional proxy re-encryption
CN111415718B (en) * 2020-02-29 2024-02-09 沈培君 Electronic prescription sharing method based on blockchain and conditional proxy re-encryption
CN111586010B (en) * 2020-04-29 2022-04-01 中国联合网络通信集团有限公司 Key distribution method and device
CN111586010A (en) * 2020-04-29 2020-08-25 中国联合网络通信集团有限公司 Key distribution method and device
CN111614678A (en) * 2020-05-22 2020-09-01 中国联合网络通信集团有限公司 Anti-disclosure method, anti-disclosure device and encryption device
CN111681002A (en) * 2020-06-10 2020-09-18 浙江工商大学 Fair data transaction method and system based on block chain
CN111681002B (en) * 2020-06-10 2023-05-02 浙江工商大学 Fair data transaction method and system based on blockchain
CN111783128B (en) * 2020-07-24 2021-09-28 国网湖南省电力有限公司 Verifiable distributed database access control method
CN111783128A (en) * 2020-07-24 2020-10-16 国网湖南省电力有限公司 Verifiable distributed database access control method
CN112257112A (en) * 2020-11-16 2021-01-22 国网河南省电力公司信息通信公司 Data access control method based on block chain
CN112257112B (en) * 2020-11-16 2022-10-14 国网河南省电力公司信息通信公司 Data access control method based on block chain
WO2022121673A1 (en) * 2020-12-09 2022-06-16 International Business Machines Corporation Decentralized broadcast encryption and key generation facility
GB2616804A (en) * 2020-12-09 2023-09-20 Ibm Decentralized broadcast encryption and key generation facility
US11876903B2 (en) 2020-12-09 2024-01-16 International Business Machines Corporation Decentralized broadcast encryption and key generation facility
CN112632576A (en) * 2020-12-22 2021-04-09 北京八分量信息科技有限公司 Data access method and device for protecting privacy in big data system and related products
CN112613050A (en) * 2020-12-22 2021-04-06 北京八分量信息科技有限公司 Data access method and device based on big data system and related products
CN113193953A (en) * 2021-04-16 2021-07-30 南通大学 Multi-authority attribute-based encryption method based on block chain
CN113872969B (en) * 2021-09-28 2024-01-19 安徽大学 Message re-encryption method in automatic driving vehicle based on proxy re-encryption mechanism
CN113872969A (en) * 2021-09-28 2021-12-31 安徽大学 Automatic driving vehicle in-vehicle message re-encryption method based on proxy re-encryption mechanism
CN113779612A (en) * 2021-09-30 2021-12-10 国网湖南省电力有限公司 Data sharing method and system based on block chain and hidden strategy attribute encryption
CN113779612B (en) * 2021-09-30 2023-06-13 国网湖南省电力有限公司 Data sharing method and system based on blockchain and hidden policy attribute encryption
CN114513327B (en) * 2021-12-30 2022-11-08 电子科技大学 Block chain-based Internet of things private data rapid sharing method
CN114513327A (en) * 2021-12-30 2022-05-17 电子科技大学 Block chain-based Internet of things privacy data rapid sharing method
CN115277052A (en) * 2022-06-07 2022-11-01 国网北京市电力公司 Data encryption method and device based on block chain and electronic equipment

Also Published As

Publication number Publication date
CN110098919B (en) 2021-06-25

Similar Documents

Publication Publication Date Title
CN110098919A (en) The acquisition methods of data permission based on block chain
CN112989415B (en) Private data storage and access control method and system based on block chain
CN111986755B (en) Data sharing system based on blockchain and attribute-based encryption
US8566247B1 (en) System and method for secure communications involving an intermediary
CN110008746A (en) Medical records storage, shared and safety Claims Resolution model and method based on block chain
Chaudhari et al. Privacy preserving searchable encryption with fine-grained access control
CN109559124A (en) A kind of cloud data safety sharing method based on block chain
US7181017B1 (en) System and method for secure three-party communications
CN108632032A (en) The safe multi-key word sequence searching system of no key escrow
CN110474893A (en) A kind of isomery is across the close state data safety sharing method of trust domain and system
CN102187618B (en) Method and apparatus for pseudonym generation and authentication
Sharma et al. RSA based encryption approach for preserving confidentiality of big data
Du et al. A medical information service platform based on distributed cloud and blockchain
CN107635018B (en) Cross-domain medical cloud storage system supporting emergency access control and safe deduplication
CN110086615A (en) A kind of more authorized party's ciphertext policy ABE base encryption methods of distribution that medium is obscured
John et al. Provably secure data sharing approach for personal health records in cloud storage using session password, data access key, and circular interpolation
KR101022213B1 (en) Method and apparatus for sharing and secondary use of medical data based on multi-proxy re-encryption
Olakanmi et al. FEACS: A fog enhanced expressible access control scheme with secure services delegation among carers in E-health systems
CN114866323A (en) User-controllable private data authorization sharing system and method
KR20220125567A (en) System and method for sharing patient's medical data in medical cloud environment
CN115412259B (en) Block chain-based cloud health system searchable proxy signcryption method and product
CN115361126B (en) Partial strategy hidden attribute encryption method and system capable of verifying outsourcing
CN113660278B (en) Quantum attack resistant non-interactive attribute proxy re-encryption method and system
JPH11143359A (en) Enciphering device, decoding device, information sharing device, enciphering method, decoding method, information processing method, and recording medium
CN113990399A (en) Gene data sharing method and device for protecting privacy and safety

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant