CN111460480A - A secure ciphertext file sharing method in ciphertext search system - Google Patents

A secure ciphertext file sharing method in ciphertext search system Download PDF

Info

Publication number
CN111460480A
CN111460480A CN202010244397.4A CN202010244397A CN111460480A CN 111460480 A CN111460480 A CN 111460480A CN 202010244397 A CN202010244397 A CN 202010244397A CN 111460480 A CN111460480 A CN 111460480A
Authority
CN
China
Prior art keywords
file
ciphertext
search
data
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010244397.4A
Other languages
Chinese (zh)
Other versions
CN111460480B (en
Inventor
陈宇翔
郝尧
易仲强
张皓
成林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 30 Research Institute
China Information Technology Security Evaluation Center
Original Assignee
CETC 30 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 30 Research Institute filed Critical CETC 30 Research Institute
Priority to CN202010244397.4A priority Critical patent/CN111460480B/en
Publication of CN111460480A publication Critical patent/CN111460480A/en
Application granted granted Critical
Publication of CN111460480B publication Critical patent/CN111460480B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/182Distributed file systems
    • G06F16/1824Distributed file systems implemented using Network-attached Storage [NAS] architecture
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

本发明涉及信息安全技术领域,本发明公开了一种密文搜索系统中安全的密文文件分享方法,数据拥有者将自己的文件数据加密并生成密文索引,并将密文文件和密文索引上传到大数据存储平台,同时将搜索密钥和文件密钥通过安全信道共享给被分享用户,分享用户使用接收到的搜索密钥和文件密钥搜索并解密密文文件。本发明基于密码管理,为用户提供安全的密文文件分享服务,用户只需登录自己的客户端,选择需要分享的用户、文件和文件关键字,即可实现文件分享,分享过程无需传递搜索密钥。被分享用户只需更新自己密文索引,从密管获得文件密钥即可获取分享文件,实现责权划分,提高文件分享过程的安全性。

Figure 202010244397

The invention relates to the technical field of information security, and discloses a secure ciphertext file sharing method in a ciphertext search system. The index is uploaded to the big data storage platform, and the search key and file key are shared to the shared user through a secure channel, and the shared user uses the received search key and file key to search and decrypt ciphertext files. Based on password management, the present invention provides users with a secure ciphertext file sharing service. Users only need to log in to their own clients and select the users, files and file keywords that need to be shared to realize file sharing, and the sharing process does not need to pass search passwords. key. The shared users only need to update their own ciphertext index and obtain the file key from the secret management to obtain the shared file, realize the division of responsibilities and rights, and improve the security of the file sharing process.

Figure 202010244397

Description

一种密文搜索系统中安全的密文文件分享方法A secure ciphertext file sharing method in ciphertext search system

技术领域technical field

本发明涉及信息安全技术领域,尤其涉及一种密文搜索系统中安全的密文文件分享方法。The invention relates to the technical field of information security, in particular to a secure ciphertext file sharing method in a ciphertext search system.

背景技术Background technique

现有密文搜索系统存在如下问题:The existing ciphertext search system has the following problems:

(1)文件分享安全性低。可搜索加密技术在分享密文文件时,将文件密钥和搜索密钥通过“安全信道”方式直接交给被分享用户,被分享用户即使安全获得了搜索密钥和解密密钥,也难以防止密钥在后续不断分享中被泄露,降低了存储的密文文件安全性。(1) The security of file sharing is low. When the searchable encryption technology is sharing ciphertext files, the file key and search key are directly delivered to the shared user through a "secure channel". Even if the shared user obtains the search key and decryption key safely, it is difficult to prevent it. The key is leaked in the subsequent continuous sharing, which reduces the security of the stored ciphertext file.

(2)用户体验差。用户在分享密文文件时,尚无明确的“安全信道”传递方法用于工程实现,通过线下人工传送密钥方法过于繁琐,阻碍了可搜索加密技术的应用。(2) The user experience is poor. When users share ciphertext files, there is no clear "secure channel" transmission method for engineering implementation. The method of manually transmitting keys offline is too cumbersome, which hinders the application of searchable encryption technology.

(3)文件分享安全责任边界不清。密文文件在分享的同时也存在着安全责任,简单的密钥共享、单向责任、简单的审计导致必然导致安全责任“连坐”,既不利于密文文件分享过程中的责任溯源,也挫伤各用户分享密文文件的积极性,不利于密文搜索技术的普及。(3) The boundaries of file sharing security responsibilities are unclear. While ciphertext files are shared, there are also security responsibilities. Simple key sharing, one-way responsibility, and simple auditing will inevitably lead to "joint sitting" of security responsibilities, which is not conducive to the source of responsibility in the process of ciphertext file sharing, but also frustrates The enthusiasm of each user to share ciphertext files is not conducive to the popularization of ciphertext search technology.

由于密文搜索技术具有密文文件和密文索引互相分离的特点,密文文件大小通常远大于密文文件索引大小,借助可信第三方密管管理和更新用户所持有的不同类型密钥,为不同用户签发不同密钥,去除密钥传输风险的同时实现轻量的密文文件安全共享,有助于解决密文文件分享中的安全性低,责权划分模糊、用户体验差等问题,提高存储数据安全性。Since the ciphertext search technology has the feature that the ciphertext file and the ciphertext index are separated from each other, the size of the ciphertext file is usually much larger than the size of the ciphertext file index. , to issue different keys for different users, to realize the safe sharing of lightweight ciphertext files while removing the risk of key transmission, which helps to solve the problems of low security, ambiguous division of responsibilities and rights, and poor user experience in ciphertext file sharing. , to improve the security of stored data.

发明内容SUMMARY OF THE INVENTION

针对密文搜索系统中,不同用户间的密文文件共享需求,本发明提出一种密文搜索系统中安全的密文文件分享方法,该方法无需共享分享者的搜索密钥,也无需增加密文文件的存储空间,只需被分享者用自己的密钥更新索引列表,通过密钥管理服务器分配文件密钥,即可实现轻量、安全、可监管的密文文件共享。该方法不增加被分享者的密文文件存储开销,不共享用户的搜索密钥,防止搜索密钥泄露导致密文文件泄露的风险,有效监管密文文件分享行为。Aiming at the ciphertext file sharing requirements among different users in the ciphertext search system, the present invention proposes a secure ciphertext file sharing method in the ciphertext search system. The storage space of the file is only needed by the sharer to update the index list with their own key, and distribute the file key through the key management server, so that lightweight, secure and supervised ciphertext file sharing can be realized. The method does not increase the storage overhead of the ciphertext file of the shared person, does not share the user's search key, prevents the risk of ciphertext file leakage caused by the leakage of the search key, and effectively supervises the sharing behavior of the ciphertext file.

一种密文搜索系统中安全的密文文件分享方法,包括以下步骤:A secure ciphertext file sharing method in a ciphertext search system, comprising the following steps:

S11.数据拥有者将自己的文件数据加密并生成密文索引,并将密文文件和密文索引上传到大数据存储平台,此时数据拥有者和被分享用户具备了对密文文件的密文搜索能力;S11. The data owner encrypts his own file data and generates a ciphertext index, and uploads the ciphertext file and ciphertext index to the big data storage platform. At this time, the data owner and the shared user have the encryption of the ciphertext file. text search capability;

S12.数据拥有者将搜索密钥和文件密钥通过安全信道共享给被分享用户;S12. The data owner shares the search key and the file key with the shared user through a secure channel;

S13.被分享用户使用接收到的搜索密钥和文件密钥搜索并解密密文文件。S13. The shared user searches and decrypts the ciphertext file using the received search key and file key.

进一步的,数据拥有者能够通过密态数据搜索客户端向所述大数据存储平台存储和读取密文文件,并从密态数据搜索服务子系统查询密文索引,所述密态数据搜索客户端和所述密态数据搜索服务子系统由密态数据密钥管理子系统签发相关密钥。Further, the data owner can store and read the ciphertext file from the big data storage platform through the secret state data search client, and query the ciphertext index from the secret state data search service subsystem, and the secret state data search client. The terminal and the encrypted data search service subsystem are issued the relevant keys by the encrypted data key management subsystem.

进一步的,所述密态数据搜索客户端能够提供用户文件、文件索引、搜索请求的加解密功能,把密文文件发送到所述大数据存储平台存储,并把加密搜索请求发送到所述密态数据搜索服务子系统。Further, the encrypted data search client can provide encryption and decryption functions for user files, file indexes, and search requests, send encrypted files to the big data storage platform for storage, and send encrypted search requests to the encrypted search request. Dynamic data search service subsystem.

进一步的,所述大数据存储平台包括分布式文件系统,所述分布式文件系统用于提供密态搜索服务。Further, the big data storage platform includes a distributed file system, and the distributed file system is used to provide a secret state search service.

进一步的,所述密态数据搜索客户端直接向所述分布式文件系统存储密文文件,并基于所述密态数据搜索服务子系统的关键字索引列表定位存储在所述分布式文件系统的密文文件。Further, the secret state data search client directly stores the ciphertext file in the distributed file system, and locates the ciphertext file stored in the distributed file system based on the keyword index list of the secret state data search service subsystem. ciphertext file.

进一步的,所述密态数据搜索服务子系统部署于单独服务器,且能够建立密文文件的关键字索引列表,用于定位密文文件存储在所述分布式文件系统的位置;所述密态数据搜索服务子系统能够响应所述密态数据搜索客户端的搜索请求,搜索密文文件位置并返回所述密态数据搜索客户端。Further, the secret state data search service subsystem is deployed on a separate server, and can establish a keyword index list of the ciphertext file for locating the location where the ciphertext file is stored in the distributed file system; the secret state The data search service subsystem can respond to the search request of the encrypted data search client, search for the location of the encrypted text file and return to the encrypted data search client.

进一步的,所述密态数据密钥管理子系统能够为所述密态数据搜索客户端提供搜索密钥和文件加密密钥,为所述密态数据搜索服务子系统提供搜索密钥。Further, the encrypted data key management subsystem can provide a search key and a file encryption key for the encrypted data search client, and a search key for the encrypted data search service subsystem.

进一步的,密文文件分享方法具体包括以下步骤:Further, the ciphertext file sharing method specifically includes the following steps:

S21.当数据拥有者选择了要分享的文件、文件关键字和被分享用户后,通过所述密态数据搜索客户端向所述密态数据密钥管理子系统发起共享请求,请求内容包含被分享用户ID和要分享的文件ID及其关键字信息;S21. After the data owner selects the file to be shared, the file keyword and the shared user, initiate a sharing request to the encrypted data key management subsystem through the encrypted data search client, and the request content includes the encrypted data key management subsystem. Share the user ID and the ID of the file to be shared and its keyword information;

S22.所述密态数据密钥管理子系统根据用户提交的请求信息计算文件加密密钥;S22. the encrypted state data key management subsystem calculates the file encryption key according to the request information submitted by the user;

S23.所述密态数据密钥管理子系统通知被分享用户更新索引列表,并通过安全信道向其签发文件密钥;S23. The encrypted state data key management subsystem informs the shared user to update the index list, and issues a file key to it through a secure channel;

S24.被分享用户通过所述密态数据搜索客户端接收分享内容后,所述密态数据搜索客户端使用被分享用户的搜索密钥和分享过来的文件的关键字更新自己的密文索引,并发布到所述分布式文件系统;S24. After the shared user receives the shared content through the encrypted state data search client, the encrypted state data search client uses the shared user's search key and the keyword of the shared file to update its own ciphertext index, and published to the distributed file system;

S25.所述分布式文件系统通知被分享用户索引更新成功;S25. The distributed file system notifies that the shared user index is updated successfully;

S26.所述密态数据密钥管理子系统通知数据拥有者文件分享成功。S26. The encrypted data key management subsystem informs the data owner that the file sharing is successful.

本发明的有益效果在于:本发明基于密码管理,为用户提供安全的密文文件分享服务,用户只需登录自己的客户端,选择需要分享的用户、文件和文件关键字,即可实现文件分享,分享过程无需传递搜索密钥。被分享用户只需更新自己密文索引,从密管获得文件密钥即可获取分享文件,实现责权划分,提高文件分享过程的安全性,具体包括以下优点:The beneficial effects of the present invention are: based on password management, the present invention provides users with a secure ciphertext file sharing service. Users only need to log in to their own client and select users, files and file keywords to be shared, and file sharing can be realized. , the sharing process does not need to pass the search key. The shared users only need to update their own ciphertext index and obtain the file key from the secret management to obtain the shared file, realize the division of responsibilities and rights, and improve the security of the file sharing process, including the following advantages:

(1)低成本:用户在分享自己的文件给其他用户时,无需将密文文件发送给被分享用户后在上传到存储服务端,节约了网络带宽。被分享用户只需更新自己的存储在密文数据搜索服务子系统的密文索引列表,存储服务端HDFS无需增加新的存储开销,节约了存储成本。(1) Low cost: When users share their own files with other users, they do not need to send ciphertext files to the shared users and then upload them to the storage server, saving network bandwidth. The shared users only need to update their own ciphertext index list stored in the ciphertext data search service subsystem, and HDFS on the storage server does not need to add new storage overhead, saving storage costs.

(2)可监管性。用户在分享文件时,由可信第三方的密钥管理服务器通知被分享用户更新索引列表,信任传递责任交接清晰明确,安全监管敏感文件的分享路径。(2) Regulatorability. When a user shares a file, the key management server of a trusted third party notifies the shared user to update the index list. The trust transfer responsibility is clear and clear, and the sharing path of sensitive files is safely supervised.

(3)便捷性与安全性。用户在分享文件时,无需共享自己的搜索密钥也无需发送密文文件给被分享用户后再上传服务端存储,降低了客户端通信开销,让分享过程更加简洁。由可信第三方的密钥管理服务器通过安全信道签发文件密钥被被分享用户。被分享用户使用自己的搜索密钥更新索引,在分享过程中,用户通过私钥完全控制自己数据的主动权,存储端无法获知、窃取或泄露用户明文数据。也无法对用户的搜索行为进行关联分析,提高了安全性。(3) Convenience and safety. When users share files, they do not need to share their own search keys or send ciphertext files to the shared users and then upload them to the server for storage, which reduces the communication overhead of the client and makes the sharing process more concise. The file key is issued by a trusted third-party key management server through a secure channel to be shared with the user. The shared user uses his own search key to update the index. During the sharing process, the user fully controls the initiative of his own data through the private key, and the storage end cannot know, steal or leak the user's plaintext data. It is also impossible to perform correlation analysis on the user's search behavior, which improves security.

(4)密文文件分享中,用户无需共享自己的搜索密钥即可实现文件分享,保证了密钥安全性。(4) In ciphertext file sharing, users can realize file sharing without sharing their own search keys, which ensures key security.

(5)用户只需在客户端选择要分享的用户、文件并设置关键字,即可实现方便快捷、轻量的文件分享。(5) Users only need to select users and files to be shared and set keywords on the client side to realize convenient, fast and lightweight file sharing.

(6)清晰划分文件分享中的责任边界,为安全文件分享和监管分享行为提供技术支撑。(6) Clearly divide the responsibility boundary in file sharing, and provide technical support for safe file sharing and supervision sharing.

附图说明Description of drawings

图1可搜索加密模型;Figure 1 Searchable encryption model;

图2密文文件分享模型;Figure 2 Ciphertext file sharing model;

图3文件安全共享流程。Figure 3 File security sharing process.

具体实施方式Detailed ways

为了对本发明的技术特征、目的和效果有更加清楚的理解,现说明本发明的具体实施方式。应当理解,此处所描述的具体实施例仅用以解释本发明,并不用于限定本发明,即所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明的实施例,本领域技术人员在没有做出创造性劳动的前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to have a clearer understanding of the technical features, objects and effects of the present invention, the specific embodiments of the present invention will now be described. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention, that is, the described embodiments are only a part of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative work fall within the protection scope of the present invention.

本实施例提供了一种密文搜索系统中安全的密文文件分享方法,如图1所示,包括以下步骤:This embodiment provides a secure ciphertext file sharing method in a ciphertext search system, as shown in FIG. 1 , including the following steps:

S11.数据拥有者将自己的文件数据加密并生成密文索引,并将密文文件和密文索引上传到大数据存储平台,此时数据拥有者和被分享用户具备了对密文文件的密文搜索能力;S11. The data owner encrypts his own file data and generates a ciphertext index, and uploads the ciphertext file and ciphertext index to the big data storage platform. At this time, the data owner and the shared user have the encryption of the ciphertext file. text search capability;

S12.数据拥有者将搜索密钥和文件密钥通过安全信道共享给被分享用户;S12. The data owner shares the search key and the file key with the shared user through a secure channel;

S13.被分享用户使用接收到的搜索密钥和文件密钥搜索并解密密文文件。S13. The shared user searches and decrypts the ciphertext file using the received search key and file key.

在本发明的一个优选实施例中,如图2所示,数据拥有者能够通过密态数据搜索客户端向大数据存储平台存储和读取密文文件,并从密态数据搜索服务子系统查询密文索引,密态数据搜索客户端和密态数据搜索服务子系统由密态数据密钥管理子系统签发相关密钥。In a preferred embodiment of the present invention, as shown in FIG. 2 , the data owner can store and read ciphertext files to the big data storage platform through the encrypted data search client, and query the encrypted data search service subsystem from the Ciphertext index, encrypted data search client and encrypted data search service subsystem are issued relevant keys by the encrypted data key management subsystem.

在本发明的一个优选实施例中,密态数据搜索客户端能够提供用户文件、文件索引、搜索请求的加解密功能,把密文文件发送到大数据存储平台存储,并把加密搜索请求发送到密态数据搜索服务子系统。In a preferred embodiment of the present invention, the encrypted data search client can provide encryption and decryption functions for user files, file indexes, and search requests, send encrypted files to the big data storage platform for storage, and send encrypted search requests to Secret state data search service subsystem.

在本发明的一个优选实施例中,大数据存储平台包括分布式文件系统(HDFS,Hadoop Distributed File System),分布式文件系统用于提供密态搜索服务。In a preferred embodiment of the present invention, the big data storage platform includes a distributed file system (HDFS, Hadoop Distributed File System), and the distributed file system is used to provide a secret state search service.

在本发明的一个优选实施例中,密态数据搜索客户端直接向分布式文件系统存储密文文件,并基于密态数据搜索服务子系统的关键字索引列表定位存储在分布式文件系统的密文文件。In a preferred embodiment of the present invention, the encrypted data search client directly stores the encrypted file in the distributed file system, and locates the encrypted file stored in the distributed file system based on the keyword index list of the encrypted data search service subsystem. text file.

在本发明的一个优选实施例中,密态数据搜索服务子系统部署于单独服务器,且能够建立密文文件的关键字索引列表,用于定位密文文件存储在分布式文件系统的位置;密态数据搜索服务子系统能够响应密态数据搜索客户端的搜索请求,搜索密文文件位置并返回密态数据搜索客户端。In a preferred embodiment of the present invention, the encrypted state data search service subsystem is deployed on a separate server, and can establish a keyword index list of the encrypted text file for locating the location where the encrypted text file is stored in the distributed file system; The state data search service subsystem can respond to the search request of the encrypted state data search client, search the location of the encrypted text file and return the encrypted state data search client.

在本发明的一个优选实施例中,密态数据密钥管理子系统能够为密态数据搜索客户端提供搜索密钥和文件加密密钥,为密态数据搜索服务子系统提供搜索密钥。In a preferred embodiment of the present invention, the cryptographic data key management subsystem can provide a cryptographic data search client with a search key and a file encryption key, and provide a cryptographic data search service subsystem with a search key.

在本发明的一个优选实施例中,如图3所示,密文文件分享方法具体包括以下步骤:In a preferred embodiment of the present invention, as shown in FIG. 3 , the ciphertext file sharing method specifically includes the following steps:

S21.当数据拥有者选择了要分享的文件、文件关键字和被分享用户后,通过密态数据搜索客户端向密态数据密钥管理子系统发起共享请求,请求内容包含被分享用户ID和要分享的文件ID及其关键字信息;S21. After the data owner selects the file to be shared, the file keyword and the shared user, initiate a sharing request to the encrypted data key management subsystem through the encrypted data search client, and the request content includes the shared user ID and The ID of the file to be shared and its keyword information;

S22.密态数据密钥管理子系统根据用户提交的请求信息计算文件加密密钥;S22. The encrypted data key management subsystem calculates the file encryption key according to the request information submitted by the user;

S23.密态数据密钥管理子系统通知被分享用户更新索引列表,并通过安全信道向其签发文件密钥;S23. The encrypted data key management subsystem notifies the shared user to update the index list, and issues a file key to it through a secure channel;

S24.被分享用户通过密态数据搜索客户端接收分享内容后,密态数据搜索客户端使用被分享用户的搜索密钥和分享过来的文件的关键字更新自己的密文索引,并发布到分布式文件系统;S24. After the shared user receives the shared content through the encrypted data search client, the encrypted data search client updates its ciphertext index using the shared user's search key and the keyword of the shared file, and publishes it to the distribution file system;

S25.分布式文件系统通知被分享用户索引更新成功;S25. The distributed file system informs the shared user that the index update is successful;

S26.密态数据密钥管理子系统通知数据拥有者文件分享成功。S26. The encrypted data key management subsystem informs the data owner that the file sharing is successful.

综上所述,本发明提出的一种密文搜索系统中安全的密文文件分享方法,无需共享分享者的搜索密钥,也无需增加密文文件的存储空间,只需被分享者用自己的密钥更新索引列表,通过密钥管理服务器分配文件密钥,即可实现轻量、安全、可监管的密文文件共享。该方法不增加被分享者的密文文件存储开销,不共享用户的搜索密钥,防止搜索密钥泄露导致密文文件泄露的风险,有效监管密文文件分享行为。To sum up, the method for safe ciphertext file sharing in a ciphertext search system proposed by the present invention does not need to share the search key of the sharer, nor does it need to increase the storage space of the ciphertext file. The key update index list of , and the file key is distributed through the key management server, which can realize lightweight, secure, and supervised ciphertext file sharing. The method does not increase the storage overhead of the ciphertext file of the shared person, does not share the user's search key, prevents the risk of ciphertext file leakage caused by the leakage of the search key, and effectively supervises the sharing behavior of the ciphertext file.

以上所述仅是本发明的优选实施方式,应当理解本发明并非局限于本文所披露的形式,不应看作是对其他实施例的排除,而可用于各种其他组合、修改和环境,并能够在本文所述构想范围内,通过上述教导或相关领域的技术或知识进行改动。而本领域人员所进行的改动和变化不脱离本发明的精神和范围,则都应在本发明所附权利要求的保护范围内。The foregoing are only preferred embodiments of the present invention, and it should be understood that the present invention is not limited to the forms disclosed herein, and should not be construed as an exclusion of other embodiments, but may be used in various other combinations, modifications, and environments, and Modifications can be made within the scope of the concepts described herein, from the above teachings or from skill or knowledge in the relevant field. However, modifications and changes made by those skilled in the art do not depart from the spirit and scope of the present invention, and should all fall within the protection scope of the appended claims of the present invention.

Claims (8)

1. A secure ciphertext file sharing method in a ciphertext search system is characterized by comprising the following steps:
s11, a data owner encrypts file data of the data owner to generate a ciphertext index, and uploads the ciphertext file and the ciphertext index to a big data storage platform, wherein the data owner and a shared user have ciphertext searching capability for the ciphertext file;
s12, sharing the search key and the file key to the shared user through a secure channel by the data owner;
and S13, the shared user searches and decrypts the ciphertext file by using the received search key and the file key.
2. The method as claimed in claim 1, wherein a data owner can store and read ciphertext files to and from the big data storage platform through a secret data search client, and query a ciphertext index from a secret data search service subsystem, and the secret data search client and the secret data search service subsystem issue related keys from a secret data key management subsystem.
3. The method as claimed in claim 2, wherein the cryptographic data search client is capable of providing encryption and decryption functions of user files, file indexes and search requests, sending the cryptographic files to the big data storage platform for storage, and sending the encrypted search requests to the cryptographic data search service subsystem.
4. The method as claimed in claim 2, wherein the big data storage platform comprises a distributed file system, and the distributed file system is configured to provide a cryptographic search service.
5. The method as claimed in claim 3, wherein the cryptographic data search client directly stores the cryptographic file in the distributed file system, and locates the cryptographic file stored in the distributed file system based on the key index list of the cryptographic data search service subsystem.
6. The method for sharing the safe ciphertext file in the ciphertext search system according to claim 3, wherein the ciphertext data search service subsystem is deployed in a separate server, and is capable of establishing a keyword index list of the ciphertext file, so as to locate a position where the ciphertext file is stored in the distributed file system; the secret state data search service subsystem can respond to the search request of the secret state data search client, search the position of the ciphertext file and return the position to the secret state data search client.
7. The method as claimed in claim 3, wherein the secret data key management subsystem is capable of providing a search key and a file encryption key for the secret data search client, and providing a search key for the secret data search service subsystem.
8. The method for sharing a ciphertext file in a ciphertext search system of claim 3, wherein the method for sharing a ciphertext file specifically comprises the following steps:
s21, after a data owner selects a file to be shared, a file keyword and a shared user, initiating a sharing request to the secret data key management subsystem through the secret data search client, wherein the request content comprises an ID of the shared user, an ID of the file to be shared and keyword information of the ID;
s22, the secret state data key management subsystem calculates a file encryption key according to request information submitted by a user;
s23, the secret state data key management subsystem informs the shared user of updating the index list and issues a file key to the shared user through a secure channel;
s24, after the shared user receives the shared content through the secret state data searching client, the secret state data searching client updates the own ciphertext index by using the searching key of the shared user and the keyword of the shared file and issues the ciphertext index to the distributed file system;
s25, the distributed file system informs the shared user that the index is updated successfully;
and S26, the secret data key management subsystem informs a data owner of successful file sharing.
CN202010244397.4A 2020-03-31 2020-03-31 Secure ciphertext file sharing method in ciphertext search system Active CN111460480B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010244397.4A CN111460480B (en) 2020-03-31 2020-03-31 Secure ciphertext file sharing method in ciphertext search system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010244397.4A CN111460480B (en) 2020-03-31 2020-03-31 Secure ciphertext file sharing method in ciphertext search system

Publications (2)

Publication Number Publication Date
CN111460480A true CN111460480A (en) 2020-07-28
CN111460480B CN111460480B (en) 2022-03-18

Family

ID=71679390

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010244397.4A Active CN111460480B (en) 2020-03-31 2020-03-31 Secure ciphertext file sharing method in ciphertext search system

Country Status (1)

Country Link
CN (1) CN111460480B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112948903A (en) * 2021-03-24 2021-06-11 中国电子科技集团公司第三十研究所 Secret state search technical architecture and method for big data storage

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101957902A (en) * 2009-07-20 2011-01-26 日电(中国)有限公司 Method and equipment for generating an expanded blinded inverted index table and method and equipment for searching united keywords
CN102938767A (en) * 2012-11-13 2013-02-20 西安电子科技大学 Efficient verified fuzzy key word searching method based on cloud data subcontract system
CN103107889A (en) * 2013-02-06 2013-05-15 中电长城网际系统应用有限公司 System and method for cloud computing environment data encryption storage and capable of searching
CN105471856A (en) * 2015-11-19 2016-04-06 中国电子科技网络信息安全有限公司 System and method used for retrieving and sharing large data center platform encryption files
US20160299919A1 (en) * 2013-06-03 2016-10-13 Zettaset, Inc. Management of Intermediate Data Spills during the Shuffle Phase of a Map-Reduce Job
CN106131029A (en) * 2016-07-19 2016-11-16 南京邮电大学 A kind of efficient cipher text searching method resisting attribute key abuse
CN106203171A (en) * 2016-06-03 2016-12-07 中国电子科技网络信息安全有限公司 Big data platform Security Index system and method
CN106302449A (en) * 2016-08-15 2017-01-04 中国科学院信息工程研究所 A kind of ciphertext storage cloud service method open with searching ciphertext and system
CN108494768A (en) * 2018-03-22 2018-09-04 深圳大学 A kind of cipher text searching method and system for supporting access control
CN108664803A (en) * 2018-04-04 2018-10-16 中国电子科技集团公司第三十研究所 A kind of document content fine granularity access control system based on password
CN110166466A (en) * 2019-05-28 2019-08-23 湖南大学 It is a kind of efficiently the multi-user of renewal authority to can search for encryption method and system

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101957902A (en) * 2009-07-20 2011-01-26 日电(中国)有限公司 Method and equipment for generating an expanded blinded inverted index table and method and equipment for searching united keywords
CN102938767A (en) * 2012-11-13 2013-02-20 西安电子科技大学 Efficient verified fuzzy key word searching method based on cloud data subcontract system
CN103107889A (en) * 2013-02-06 2013-05-15 中电长城网际系统应用有限公司 System and method for cloud computing environment data encryption storage and capable of searching
US20160299919A1 (en) * 2013-06-03 2016-10-13 Zettaset, Inc. Management of Intermediate Data Spills during the Shuffle Phase of a Map-Reduce Job
CN105471856A (en) * 2015-11-19 2016-04-06 中国电子科技网络信息安全有限公司 System and method used for retrieving and sharing large data center platform encryption files
CN106203171A (en) * 2016-06-03 2016-12-07 中国电子科技网络信息安全有限公司 Big data platform Security Index system and method
CN106131029A (en) * 2016-07-19 2016-11-16 南京邮电大学 A kind of efficient cipher text searching method resisting attribute key abuse
CN106302449A (en) * 2016-08-15 2017-01-04 中国科学院信息工程研究所 A kind of ciphertext storage cloud service method open with searching ciphertext and system
CN108494768A (en) * 2018-03-22 2018-09-04 深圳大学 A kind of cipher text searching method and system for supporting access control
CN108664803A (en) * 2018-04-04 2018-10-16 中国电子科技集团公司第三十研究所 A kind of document content fine granularity access control system based on password
CN110166466A (en) * 2019-05-28 2019-08-23 湖南大学 It is a kind of efficiently the multi-user of renewal authority to can search for encryption method and system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
HADEER MAHMOUD等: "An approach for Big Data Security based on Hadoop Distributed File system", 《网页在线公开:HTTPS://IEEEXPLORE.IEEE.ORG/STAMP/STAMP.JSP?TP=&ARNUMBER=8316608》 *
许盛伟等: "支持文件动态更新的基于属性可搜索加密方案", 《计算机应用研究》 *
贾强等: "一种面向密文大型数据集的可搜索加密方案", 《东北大学学报(自然科学版)》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112948903A (en) * 2021-03-24 2021-06-11 中国电子科技集团公司第三十研究所 Secret state search technical architecture and method for big data storage

Also Published As

Publication number Publication date
CN111460480B (en) 2022-03-18

Similar Documents

Publication Publication Date Title
CN108989848B (en) Video resource file acquisition method and management system
Puzio et al. ClouDedup: Secure deduplication with encrypted data for cloud storage
US8966287B2 (en) Systems and methods for secure third-party data storage
JP4958246B2 (en) Method, apparatus and system for fast searchable encryption
US10313311B2 (en) Method for storing of data within a cloud storage and a cloud storage system
US11750394B2 (en) Secure decentralized P2P filesystem
US20100169321A1 (en) Method and apparatus for ciphertext indexing and searching
KR100944769B1 (en) File sharing method and system using encryption and decryption to ensure privacy
EP3161992A1 (en) Privacy-preserving querying mechanism on privately encrypted data on semi-trusted cloud
CN111277572A (en) Cloud storage safety duplicate removal method and device, computer equipment and storage medium
CN107707514A (en) A kind of method and system for being used between CDN node encrypt and device
KR102780804B1 (en) Systems and methods for secure identification retrieval
Liu et al. KeyD: Secure key-deduplication with identity-based broadcast encryption
US20200037005A1 (en) Video resource file acquisition method and management system
US12074966B2 (en) Encrypted information retrieval
CN107295018A (en) A kind of safety storage of cloud disc file and sharing method
CN113642014A (en) Data access system based on hybrid cloud and public cloud server
Zhang et al. Enabling Cooperative Privacy-preserving Personalized search in cloud environments
Miguel et al. Hedup: Secure deduplication with homomorphic encryption
CN112948903A (en) Secret state search technical architecture and method for big data storage
US11743356B2 (en) Email notification system
Lin et al. Secure deduplication schemes for content delivery in mobile edge computing
CN111460480A (en) A secure ciphertext file sharing method in ciphertext search system
CN115935426A (en) Remote image feature extraction and retrieval method based on SGX
US20240372721A1 (en) Decentralized Key Storage and Retrieval

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20210510

Address after: 610000, No. 6, pioneering Road, hi tech Zone, Sichuan, Chengdu

Applicant after: NO. 30 INSTITUTE OF CHINA ELECTRONIC TECHNOLOGY Group Corp.

Applicant after: CHINA INFORMATION TECHNOLOGY SECURITY EVALUATION CENTER

Address before: 610000, No. 6, pioneering Road, hi tech Zone, Sichuan, Chengdu

Applicant before: NO. 30 INSTITUTE OF CHINA ELECTRONIC TECHNOLOGY Group Corp.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant