CN111523131B - High-security encrypted data storage method - Google Patents
High-security encrypted data storage method Download PDFInfo
- Publication number
- CN111523131B CN111523131B CN202010297743.5A CN202010297743A CN111523131B CN 111523131 B CN111523131 B CN 111523131B CN 202010297743 A CN202010297743 A CN 202010297743A CN 111523131 B CN111523131 B CN 111523131B
- Authority
- CN
- China
- Prior art keywords
- plaintext
- content
- ciphertext
- key
- hash value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a high-security encryption data storage method, which comprises the following steps: the data owner establishes the structural content of the encrypted data, wherein the structural content comprises a special identifier and descriptive content; the special identifier is used for confirming the structure attribute of the structure content; carrying out hash operation on the structural content by a data owner to obtain a hash value h, and uploading the structural content to a storage service system under a chain; the data owner writes the hash value h to the blockchain; the encrypted data storage method with high security combines information capable of verifying whether plaintext is tampered into the structural content by customizing the structural content of the structure, the structural content is stored in a storage service system under a chain, a corresponding hash value is written into a blockchain, and a plaintext data acquirer can judge whether plaintext is tampered through the structural content, so that the data acquirer is prevented from being spoofed by tampered plaintext.
Description
Technical Field
The invention relates to the field of block chain bundles, in particular to a high-security encryption data storage method.
Background
The non-tamperable attribute is one of the characteristics of a blockchain, and in order to realize the non-tamperable attribute of data on the blockchain, an under-chain data storage scheme based on data content hash addressing is currently available, and the non-tamperable attribute of the data is realized by storing a hash value of the data content under the chain on the blockchain.
For example, a data storage scheme IPFS based on data content hash addressing is to divide data according to a fixed length, calculate and combine each divided piece in a merck tree mode, and establish a one-to-one correspondence between merck root hash values and data content so as to realize the non-tamperability of the data under the chain.
However, different blockchain application fields have different requirements on data, such as a requirement on encryption protection of the data, if the hash of the content of the ciphertext data is simply recorded directly on the blockchain, the tamper-proof property of the ciphertext data is solved, but the tamper-proof property of the plaintext data corresponding to the ciphertext data cannot be achieved. Through the ciphertext data after symmetric encryption, a plurality of plaintext data and symmetric keys can be corresponding, and if the content hash of the ciphertext data is simply stored, the tamper-proof property of the corresponding plaintext data cannot be ensured.
Disclosure of Invention
The invention aims to solve the technical problems that: aiming at the problem that plaintext data in the application field of block chains in the prior art is tampered, the encrypted data storage method with high security is provided to solve the problem.
The technical scheme adopted for solving the technical problems is as follows: a high-security encryption data storage method comprises the following steps:
the data owner establishes the structural content of the encrypted data, wherein the structural content comprises a special identifier and descriptive content;
the special identifier is used for confirming the structure attribute of the structure content;
if the data owner encrypts plaintext m using key dek and a symmetric encryption algorithm to obtain ciphertext c, the data owner uses public key pk A Encrypting the key dek to obtain a key ciphertext, wherein the description content comprises: data format of plaintext m, encryption algorithm type of plaintext m, ciphertext c, encryption algorithm type of key dek, public key pk A And a key ciphertext;
if the data owner uses the public key pk A And encrypting the plaintext m by using an asymmetric encryption algorithm to obtain a ciphertext c', wherein the description contents comprise: data format of plaintext m, encryption algorithm type of plaintext m, ciphertext c' and public key pk A ;
Carrying out hash operation on the structural content by a data owner to obtain a hash value h, and uploading the structural content to a storage service system under a chain;
the data owner writes the hash value h to the blockchain.
Preferably, the method further comprises the following steps:
the data owner compares the data size of the plaintext m with a preset threshold f;
when the data size of the plaintext m is greater than the threshold f, the data owner encrypts the plaintext m using the key dek and the symmetric encryption algorithm;
when the data size of the plaintext m is less than or equal to the threshold f, the data owner uses the public key pk A And an asymmetric encryption algorithm encrypts the plaintext m.
Preferably, the structural content is represented as a first byte array, and the structural attribute of the structural content is:
in the first byte array, the first 2 bytes represent the special identifier, the data format of the plaintext m is represented by 2 bytes, the encryption algorithm type of the plaintext m is represented by 2 bytes, the ciphertext c is represented by a second byte array, the encryption algorithm type of the key dek is represented by 2 bytes, and the public key pk A Denoted as third byte array, the key ciphertext edek denoted as fourth byte array, and ciphertext c' denoted as fifth byte array.
Preferably, if the data owner encrypts plaintext m using key dek and a symmetric encryption algorithm, the verifier obtains ciphertext c "and key dek ' and decrypts ciphertext c" using key dek ', resulting in plaintext m '; or the verifier obtains the plaintext m 'and the key dek'; the verifier verifies the plaintext m' by:
the verifier obtains the structural content to be verified from the storage service system and carries out hash operation on the structural content to be verified to obtain a hash value h' to be verified, and the verifier obtains the hash value h from the blockchain;
the verifier compares the hash value h with the hash value h ', and if the hash value h is consistent with the hash value h', the structural content to be verified is proved to be correct;
the verifier reads the first 2 bytes of the structural content and verifies the structural attribute of the structural content;
if the structure attribute is correct, the verifier analyzes the description content according to the definition of the structure attribute;
the verifier encrypts the plaintext m 'by using the secret key dek' and the encryption algorithm type of the plaintext m in the descriptive content to obtain a ciphertext c ', and verifies whether the ciphertext c' is consistent with the ciphertext c in the descriptive content;
the verifier uses the type of encryption algorithm and public key pk describing the key dek in the content A The key dek ' is encrypted to obtain a key ciphertext edek ', and whether the key ciphertext edek ' is consistent with the key ciphertext edek in the descriptive content is verified.
Preferably, if the data owner uses the public key pk A And encrypting the plaintext m by using an asymmetric encryption algorithm, so that a verifier obtains the plaintext m ', and verifies the plaintext m' by using the following steps:
the verifier obtains the structural content to be verified from the storage service system and carries out hash operation on the structural content to be verified to obtain a hash value h' to be verified, and the verifier obtains the hash value h from the blockchain;
the verifier compares the hash value h with the hash value h ', and if the hash value h is consistent with the hash value h', the structural content to be verified is proved to be correct;
the verifier reads the first 2 bytes of the structural content and verifies the structural attribute of the structural content;
if the structure attribute is correct, the verifier analyzes the description content according to the definition of the structure attribute;
the verifier uses the type of encryption algorithm describing the plaintext m in the content and the public key pk A And encrypting the plaintext m 'to obtain a ciphertext c', and verifying whether the ciphertext c 'is consistent with the ciphertext c' in the descriptive content.
Preferably, the method further comprises the following steps:
if the data owner encrypts plaintext m using key dek and a symmetric encryption algorithm:
the data owner obtains a hash value h from the blockchain, and obtains structural content from the storage service system by using the hash value h;
the data owner reads the first 2 bytes of the structural content and verifies the structural attribute of the structural content;
if the structure attribute is correct, the data owner analyzes the description content according to the definition of the structure attribute;
data owner validates public key pk A If correct, use private key sk A Decrypting the key ciphertext edek to obtain a key dek;
the data owner decrypts ciphertext c using key dek to obtain plaintext m.
Preferably, the method further comprises the following steps:
if the data owner uses the public key pk A And the asymmetric encryption algorithm encrypts the plaintext m:
the data owner obtains a hash value h from the blockchain, and obtains structural content from the storage service system by using the hash value h;
the data owner reads the first 2 bytes of the structural content and verifies the structural attribute of the structural content;
if the structure attribute is correct, the data owner analyzes the description content according to the definition of the structure attribute;
data owner validates public key pk A If correct, use private key sk A And decrypting the ciphertext c' to obtain a plaintext m.
The method has the beneficial effects that the high-security encryption data storage method combines the information capable of verifying whether the plaintext is tampered into the structural content by customizing the structural content of the structure, the structural content is stored in the storage service system under the chain, the corresponding hash value is written into the blockchain, and the plaintext data acquirer can judge whether the plaintext is tampered through the structural content, so that the data acquirer is prevented from being spoofed by the tampered plaintext.
Drawings
The invention will be further described with reference to the drawings and examples.
FIG. 1 is a flow chart of one embodiment of a high security encrypted data storage method of the present invention.
FIG. 2 is a flow chart of the present invention for verifying the authenticity of plaintext
Detailed Description
Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative only and are not to be construed as limiting the invention.
In the description of the present invention, it should be understood that the terms "center", "longitudinal", "lateral", "length", "width", "thickness", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", "axial", "radial", "circumferential", etc. indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings are merely for convenience in describing the present invention and simplifying the description, and do not indicate or imply that the device or element being referred to must have a specific orientation, be configured and operated in a specific orientation, and thus should not be construed as limiting the present invention.
Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. In the description of the present invention, it should be noted that, unless explicitly specified and limited otherwise, the terms "connected," "connected," and "connected" are to be construed broadly, and may be either fixedly connected, detachably connected, or integrally connected, for example; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium. The specific meaning of the above terms in the present invention will be understood in specific cases by those of ordinary skill in the art. Furthermore, in the description of the present invention, unless otherwise indicated, the meaning of "a plurality" is two or more.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and further implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
As shown in fig. 1, the present invention provides a high security encrypted data storage method, which includes the following steps:
the data owner establishes the structural content of the encrypted data, wherein the structural content comprises a special identifier expressed as a first byte array and descriptive content; the structural attributes of the structural content are:
in the first byte array, the first 2 bytes represent a special identifier; the data format of plaintext m is expressed as 2 bytes, such as Word format, JPEG format, PDF format, JSON format, XML format, text format, protobuf format, etc.; a format may be additionally defined, called other format, indicating that it is an unknown format; the encryption algorithm type of the plaintext m is expressed as 2 bytes, such as AES, ECC, RSA, SM2, SM4, etc.; ciphertext c is represented as a second byte array, and the encryption algorithm type of key dek is represented as 2 bytes, such as ECC, RSA, SM2, etc.; public key pk A Denoted as third byte array, the key ciphertext edek denoted as fourth byte array, and ciphertext c' denoted as fifth byte array. The special identifier is used to confirm the structural properties of the structural content.
For both symmetric encryption and asymmetric encryption, which are encryption schemes for plaintext, the data owner may store the data in the following two ways.
One is that if the data owner encrypts plaintext m using key dek and a symmetric encryption algorithm, resulting in ciphertext c, the data owner uses public key pk A Encrypting the key dek to obtain a key ciphertext, wherein the description contents comprise: data format of plaintext m, encryption algorithm type of plaintext m, ciphertext c, encryption algorithm type of key dek, public key pk A And a key ciphertext;
carrying out hash operation on the structural content by a data owner to obtain a hash value h, and uploading the structural content to a storage service system under a chain;
the data owner writes the hash value h to the blockchain.
When the verifier receives a plaintext data or a ciphertext data and a decryption key sent by an untrusted third party, the verifier does not determine whether the plaintext data is tampered, and although the conventional storage mode can verify the ciphertext data, the key provided by the third party cannot be confirmed, so that the verifier cannot prove the authenticity of the plaintext all the time. In this example, as shown in FIG. 2, the verifier may verify the plaintext data by:
if the verifier obtains ciphertext c "and key dek ' from an untrusted third party, then key dek ' is used to decrypt ciphertext c" to obtain plaintext m ';
the verifier obtains the structural content to be verified from the storage service system and carries out hash operation on the structural content to be verified to obtain a hash value h' to be verified, and the verifier obtains the hash value h from the blockchain;
the verifier compares the hash value h with the hash value h ', and if the hash value h is consistent with the hash value h', the structural content to be verified is proved to be correct;
the verifier reads the first 2 bytes of the structural content and verifies the structural attribute of the structural content through the special identifier;
if the structure attribute is correct, the verifier analyzes the description content according to the definition of the structure attribute;
the verifier encrypts the plaintext m 'by using the secret key dek' and the encryption algorithm type of the plaintext m in the descriptive content to obtain a ciphertext c ', and verifies whether the ciphertext c' is consistent with the ciphertext c in the descriptive content;
the verifier uses the type of encryption algorithm and public key pk describing the key dek in the content A The key dek ' is encrypted to obtain a key ciphertext edek ', and whether the key ciphertext edek ' is consistent with the key ciphertext edek in the descriptive content is verified.
If the verification can pass, the instruction book verifier obtains the plaintext data and is not tampered with.
In the other case, the data owner uses the public key pk A And encrypting the plaintext m by an asymmetric encryption algorithm to obtain a ciphertext c', wherein the descriptive contents comprise: data format of plaintext m, encryption algorithm type of plaintext m, ciphertext c' and public key pk A ;
Carrying out hash operation on the structural content by a data owner to obtain a hash value h, and uploading the structural content to a storage service system under a chain;
the data owner writes the hash value h to the blockchain.
The verification mode of the verifier is as follows: the verifier obtains the structural content to be verified from the storage service system and carries out hash operation on the structural content to be verified to obtain a hash value h' to be verified, and the verifier obtains the hash value h from the blockchain;
the verifier compares the hash value h with the hash value h ', and if the hash value h is consistent with the hash value h', the structural content to be verified is proved to be correct;
the verifier reads the first 2 bytes of the structural content and verifies the structural attribute of the structural content;
if the structure attribute is correct, the verifier analyzes the description content according to the definition of the structure attribute;
the verifier uses the type of encryption algorithm describing the plaintext m in the content and the public key pk A And encrypting the plaintext m 'to obtain a ciphertext c', and verifying whether the ciphertext c 'is consistent with the ciphertext c' in the descriptive content.
It can be seen that whatever way the data owner takes, the verifier can verify the authenticity of the plaintext by the way in the embodiment when obtaining untrusted plaintext data.
For both encryption schemes, the data owner reads the decrypted data in two ways:
if the data owner encrypts plaintext m using key dek and a symmetric encryption algorithm:
the data owner obtains a hash value h from the blockchain, and obtains the structural content from the storage service system by using the hash value h;
the data owner reads the first 2 bytes of the structural content and verifies the structural attribute of the structural content;
if the structure attribute is correct, the data owner analyzes the description content according to the definition of the structure attribute;
data owner validates public key pk A If correct, use private key sk A Decrypting the key ciphertext edek to obtain a key dek;
the data owner decrypts ciphertext c using key dek to obtain plaintext m.
If the data owner uses the public key pk A And asymmetry ofThe encryption algorithm encrypts the plaintext m:
the data owner obtains a hash value h from the blockchain, and obtains the structural content from the storage service system by using the hash value h;
the data owner reads the first 2 bytes of the structural content and verifies the structural attribute of the structural content;
if the structure attribute is correct, the data owner analyzes the description content according to the definition of the structure attribute;
data owner validates public key pk A If correct, use private key sk A And decrypting the ciphertext c' to obtain a plaintext m.
In addition, the data owner compares the data size of the plaintext m with a preset threshold f;
when the data size of the plaintext m is greater than the threshold f, the data owner encrypts the plaintext m using the key dek and the symmetric encryption algorithm;
when the data size of the plaintext m is less than or equal to the threshold f, the data owner uses the public key pk A And an asymmetric encryption algorithm encrypts the plaintext m.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the terms do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
With the above-described preferred embodiments according to the present invention as an illustration, the above-described descriptions can be used by persons skilled in the relevant art to make various changes and modifications without departing from the scope of the technical idea of the present invention. The technical scope of the present invention is not limited to the description, but must be determined according to the scope of claims.
Claims (6)
1. A highly secure encrypted data storage method comprising the steps of:
the data owner establishes the structural content of the encrypted data, wherein the structural content comprises a special identifier and descriptive content;
the special identifier is used for confirming the structure attribute of the structure content;
if the data owner encrypts plaintext m using key dek and a symmetric encryption algorithm to obtain ciphertext c, the data owner uses public key pk A Encrypting the key dek to obtain a key ciphertext, wherein the description content comprises: data format of plaintext m, encryption algorithm type of plaintext m, ciphertext c, encryption algorithm type of key dek, public key pk A And a key ciphertext;
if the data owner uses the public key pk A And encrypting the plaintext m by using an asymmetric encryption algorithm to obtain a ciphertext c', wherein the description contents comprise: data format of plaintext m, encryption algorithm type of plaintext m, ciphertext c' and public key pk A ;
Carrying out hash operation on the structural content by a data owner to obtain a hash value h, and uploading the structural content to a storage service system under a chain;
the data owner writes the hash value h to the blockchain;
if the data owner encrypts plaintext m using key dek and a symmetric encryption algorithm, the verifier obtains ciphertext c "and key dek ' and decrypts ciphertext c" using key dek ', resulting in plaintext m '; or the verifier obtains the plaintext m 'and the key dek'; the verifier verifies the plaintext m' by:
the verifier obtains the structural content to be verified from the storage service system and carries out hash operation on the structural content to be verified to obtain a hash value h' to be verified, and the verifier obtains the hash value h from the blockchain;
the verifier compares the hash value h with the hash value h ', and if the hash value h is consistent with the hash value h', the structural content to be verified is proved to be correct;
the verifier reads the first 2 bytes of the structural content and verifies the structural attribute of the structural content;
if the structure attribute is correct, the verifier analyzes the description content according to the definition of the structure attribute;
the verifier encrypts the plaintext m 'by using the secret key dek' and the encryption algorithm type of the plaintext m in the descriptive content to obtain a ciphertext c ', and verifies whether the ciphertext c' is consistent with the ciphertext c in the descriptive content;
the verifier uses the type of encryption algorithm and public key pk describing the key dek in the content A The key dek ' is encrypted to obtain a key ciphertext edek ', and whether the key ciphertext edek ' is consistent with the key ciphertext edek in the descriptive content is verified.
2. A method of storing encrypted data with high security according to claim 1, further comprising the steps of:
the data owner compares the data size of the plaintext m with a preset threshold f;
when the data size of the plaintext m is greater than the threshold f, the data owner encrypts the plaintext m using the key dek and the symmetric encryption algorithm;
when the data size of the plaintext m is less than or equal to the threshold f, the data owner uses the public key pk A And an asymmetric encryption algorithm encrypts the plaintext m.
3. A highly secure encrypted data storage method according to claim 2, wherein: the structural content is expressed as a first byte array, and the structural attribute of the structural content is as follows:
in the first byte array, the first 2 bytes represent the special identifier, the data format of the plaintext m is represented by 2 bytes, the encryption algorithm type of the plaintext m is represented by 2 bytes, the ciphertext c is represented by a second byte array, the encryption algorithm type of the key dek is represented by 2 bytes, and the public key pk A Denoted as third byte array, the key ciphertext edek denoted as fourth byte array, and ciphertext c' denoted as fifth byte array.
4. A highly secure encrypted data storage method according to claim 3, wherein:
if the data owner uses the public key pk A And encrypting the plaintext m by using an asymmetric encryption algorithm, so that a verifier obtains the plaintext m ', and verifies the plaintext m' by using the following steps:
the verifier obtains the structural content to be verified from the storage service system and carries out hash operation on the structural content to be verified to obtain a hash value h' to be verified, and the verifier obtains the hash value h from the blockchain;
the verifier compares the hash value h with the hash value h ', and if the hash value h is consistent with the hash value h', the structural content to be verified is proved to be correct;
the verifier reads the first 2 bytes of the structural content and verifies the structural attribute of the structural content;
if the structure attribute is correct, the verifier analyzes the description content according to the definition of the structure attribute;
the verifier uses the type of encryption algorithm describing the plaintext m in the content and the public key pk A And encrypting the plaintext m 'to obtain a ciphertext c', and verifying whether the ciphertext c 'is consistent with the ciphertext c' in the descriptive content.
5. The high security encrypted data storage method according to claim 4, further comprising the steps of:
if the data owner encrypts plaintext m using key dek and a symmetric encryption algorithm:
the data owner obtains a hash value h from the blockchain, and obtains structural content from the storage service system by using the hash value h;
the data owner reads the first 2 bytes of the structural content and verifies the structural attribute of the structural content;
if the structure attribute is correct, the data owner analyzes the description content according to the definition of the structure attribute;
data owner validates public key pk A If correct, use private key sk A Decrypting key ciphertext edekObtaining a key dek;
the data owner decrypts ciphertext c using key dek to obtain plaintext m.
6. The high security encrypted data storage method according to claim 5, further comprising the steps of:
if the data owner uses the public key pk A And the asymmetric encryption algorithm encrypts the plaintext m:
the data owner obtains a hash value h from the blockchain, and obtains structural content from the storage service system by using the hash value h;
the data owner reads the first 2 bytes of the structural content and verifies the structural attribute of the structural content;
if the structure attribute is correct, the data owner analyzes the description content according to the definition of the structure attribute;
data owner validates public key pk A If correct, use private key sk A And decrypting the ciphertext c' to obtain a plaintext m.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010297743.5A CN111523131B (en) | 2020-04-16 | 2020-04-16 | High-security encrypted data storage method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010297743.5A CN111523131B (en) | 2020-04-16 | 2020-04-16 | High-security encrypted data storage method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111523131A CN111523131A (en) | 2020-08-11 |
| CN111523131B true CN111523131B (en) | 2023-07-04 |
Family
ID=71903991
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010297743.5A Active CN111523131B (en) | 2020-04-16 | 2020-04-16 | High-security encrypted data storage method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111523131B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112131599A (en) * | 2020-09-15 | 2020-12-25 | 北京海益同展信息科技有限公司 | Method, device, equipment and computer readable medium for checking data |
| CN112733205A (en) * | 2021-01-20 | 2021-04-30 | 天地(常州)自动化股份有限公司 | Data tampering rapid identification method, device, equipment and medium |
| CN112861147A (en) * | 2021-01-28 | 2021-05-28 | 罗子尧 | Medical big data sharing and analysis management system based on block chain and 5G |
| CN116401718A (en) * | 2023-06-08 | 2023-07-07 | 科大讯飞股份有限公司 | Block chain-based data protection method and device, electronic equipment and storage medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109347878B (en) * | 2018-11-30 | 2020-06-05 | 西安电子科技大学 | Decentralized data verification and data security transaction system and method |
| CN109598144A (en) * | 2018-12-07 | 2019-04-09 | 暨南大学 | A kind of mass spectrometric data asset management system and method |
| CN110417556A (en) * | 2019-07-02 | 2019-11-05 | 北京交通大学 | Encryption and stamped signature verification method in block chain |
-
2020
- 2020-04-16 CN CN202010297743.5A patent/CN111523131B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111523131A (en) | 2020-08-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111523131B (en) | High-security encrypted data storage method | |
| CN100468438C (en) | Encryption and decryption method for realizing hardware and software binding | |
| US5568554A (en) | Method for improving the processing and storage performance of digital signature schemes | |
| CN103246842B (en) | For verifying the method and apparatus with data encryption | |
| US9584310B2 (en) | Protecting a white-box implementation against attacks | |
| US9537657B1 (en) | Multipart authenticated encryption | |
| CN109067814B (en) | Media data encryption method, system, device and storage medium | |
| US8995653B2 (en) | Generating a secret key from an asymmetric private key | |
| CN110096901A (en) | Electronic contract data encryption storage method and signed client end | |
| US6718468B1 (en) | Method for associating a password with a secured public/private key pair | |
| EP3001599B1 (en) | Method and system for backing up private key of electronic signature token | |
| CN107086915A (en) | A kind of data transmission method, data sending terminal and data receiver | |
| JP2010050760A (en) | Content protection apparatus, and content utilization apparatus | |
| CN102916971A (en) | Electronic data curing system and method | |
| CN102904712A (en) | Information encrypting method | |
| KR20020016636A (en) | Self authentication ciphertext chaining | |
| CN111586076A (en) | Remote control and telemetry information tamper-proof encryption and decryption method and system based on mixed password | |
| CN103544453A (en) | USB (universal serial bus) KEY based virtual desktop file protection method and device | |
| KR20080050934A (en) | Method for conditional inserting authentication code and apparatus therefor, method for conditional using data through authenticating and apparatus therefor | |
| CN105281910A (en) | Internet of things lock with CA digital certificate serving as network access identity identifier and network access identity identification method | |
| US6704868B1 (en) | Method for associating a pass phase with a secured public/private key pair | |
| CN113259116A (en) | Sensor data uplink method and system based on aggregated signature | |
| CN107566127B (en) | IKI trusted digital identifier generation method and application method | |
| Van Aubel et al. | Non-repudiation and End-to-End security for electric-vehicle charging | |
| CN113486389B (en) | Data storage method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |