CN111786779B - Novel accountability security data sharing system and method - Google Patents
Novel accountability security data sharing system and method Download PDFInfo
- Publication number
- CN111786779B CN111786779B CN202010558430.0A CN202010558430A CN111786779B CN 111786779 B CN111786779 B CN 111786779B CN 202010558430 A CN202010558430 A CN 202010558430A CN 111786779 B CN111786779 B CN 111786779B
- Authority
- CN
- China
- Prior art keywords
- data
- log
- sgx
- hardware device
- trusted hardware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a novel accountable security data sharing system and a method, which comprises a data sharing platform used for sharing data by a data owner and a data subscriber; the data sharing platform comprises an access control module, a storage module, a log service module and a trusted hardware device SGX, wherein the storage module, the log service module and the trusted hardware device SGX are connected with the access control module; the log service module maintains logs using a Merkle tree. According to the method, a log structure based on a Merkle tree is adopted to log data subscription behaviors, the state of the log is verified in a trusted hardware device SGX, once the trusted hardware device SGX finds that the log is tampered, decryption service is not provided any more, and therefore abuse of data is prevented; and the trusted hardware device SGX sends a notification message to the user every time the trusted hardware device SGX performs verification and decryption operations, the notification message comprises a verification result of the SGX on the log certification and a signature of the verification result, and the user can realize the accountability function by taking the notification message as evidence.
Description
Technical Field
The invention relates to the technical field of data transmission security, in particular to a novel accountable security data sharing system and method.
Background
Most of the existing data sharing schemes use an access control technology and the like to guarantee illegal access of data, but the security of a data sharing platform is not considered in the schemes. Some data sharing schemes only prevent attacks from the outside, although a cryptographic algorithm is used for data encryption during data storage. Currently, some schemes consider using a tracking algorithm or introducing a trusted third party to perform accountability for attacks from personnel inside a platform, but the existing tracking algorithm has high calculation cost, and a so-called trusted third party is not really and completely trusted at many times.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: in response to the above-identified problems, a new accountable secure data sharing system and method is provided.
The invention provides a novel accountable security data sharing system, which comprises a data sharing platform, a data processing platform and a data processing platform, wherein the data sharing platform is used for sharing data by a data owner and a data subscriber; the data sharing platform comprises an access control module, a storage module, a log service module and a trusted hardware device SGX, wherein the storage module, the log service module and the trusted hardware device SGX are connected with the access control module; the log service module maintains logs using a Merkle tree.
The invention also provides a novel accountable security data sharing method, wherein the method comprises the following steps that a data owner and a data subscriber share data through a data sharing platform, and the data sharing is carried out through the following steps:
s1, the data owner uploads the encrypted data to the data sharing platform;
s2, the storage module of the data sharing platform stores the encrypted data;
s3, the data subscriber sends out a subscription request;
s4, the data sharing platform determines whether the data subscriber can subscribe through the access control module, and calls the log service module to generate log certification when the data subscriber can subscribe, wherein the log service module maintains a log by using a Merkle tree, then inputs the log into a trusted hardware device SGX to perform log certification verification, determines whether to send decrypted data to the data subscriber according to a verification result, and sends a corresponding notification message to the data subscriber; the notification message includes a verification result of the trusted hardware device SGX for the log attestation and a signature of the verification result.
S5, if the data owner receives the notification message online, it can immediately verify which data is currently subscribed by whom by calling the system log. If the data owner is offline currently, the notification messages are stored in the inbox, and when the data owner receives a plurality of notification messages when the data owner is online again, the current system log is called, so that the data owner can verify which data are subscribed by which persons in batches, the subscription sequence of the data and the like.
Further, step S1 includes the following sub-steps:
s11, the data owner ID _ i calculates a shared key k by using a public key PK _ SGX of the trusted hardware device SDX and the public key PK _ ID _ i of the data owner and adopting a DH (Diffie-Hellman) algorithm, and encrypts plaintext data m by using a symmetric encryption algorithm and the key k to obtain a ciphertext C _ i;
s12, the data owner ID _ i uses the plaintext data m to obtain the related index information Tag _ i;
s13, data owner ID _ i uploads (ID _ i, C _ i, Tag _ i) to the data sharing platform.
Further, in step S2, the method for the storage module of the data sharing platform to store the encrypted data includes: stores (ID _ i, C _ i, Tag _ i), and discloses index information Tag _ i.
Further, step S3 includes the following sub-steps:
s31, the data subscriber ID _ j inquires and determines the index information Tag _ i which needs to be subscribed;
s32, when the data subscriber ID _ j sends subscription request to the data sharing platform, it submits index information Tag _ i to the data sharing platform.
Further, step S4 includes the following sub-steps:
s41, the data sharing platform judges whether the access right of the data subscriber ID _ j can subscribe the encrypted data corresponding to the submitted index information Tag _ i through the access control module: if the subscription is not available, terminating the access, otherwise, calculating r _ i ═ Hash (ID _ j, C _ i) and storing r _ i;
s42, the access control module submits (ID _ i, ID _ j, C _ i, Tag _ i, r _ i) to the log service module and obtains the relevant proof Prov _ i;
s43, the access control module digitally signs (ID _ i, ID _ j, C _ i, r _ i, Prov _ i) to obtain signature information Sig _ i, and sends (ID _ i, ID _ j, C _ i, r _ i, Prov _ i, Sig _ i) to the trusted hardware device SGX;
s44, the trusted hardware device SGX verifies the signature information Sig _ i and the associated proof Prov _ i:
if the verification result _ i passes, the trusted hardware device SGX calculates a shared key k by using a private key of the trusted hardware device SGX and a public key of the data owner ID _ i through a DH algorithm, decrypts C _ i by using k, returns decrypted plaintext data m to the data subscriber ID _ j, and sends a notification message that the data has been successfully subscribed to the data owner ID _ i;
if the verification result _ i is failed, the trusted hardware device SGX sends a notification message that the log is tampered to the data owner ID _ i.
Further, the log service module maintains the log by using the Merkle tree, namely, a Merkle tree is maintained for each data owner ID _ i to record the log, and a root node of the Merkle tree is H; when the access control module submits (ID _ i, ID _ j, C _ i, Tag _ i, r _ i) to the log service module, the log service module performs:
(1) adding r _ i into the log, and updating the root node to be H';
(2) generating a presence proof pi and an extension proof p; wherein, a path from pi to a root node H 'is proved, and a path from rho to H' is proved by expansion;
(3) and generating a correlation certificate Prov _ i ═ (H', pi, rho, ID _ i) and returning the correlation certificate to the access control module.
Further, the notification message includes (ID _ i, ID _ j, C _ i, r _ i, prev _ i, Sig _ i), the verification result of the trusted hardware device SGX on the log certificate, and the signature Sig _ SGX _ i of the trusted hardware device SGX on (ID _ i, ID _ j, C _ i, Tag _ i, r _ i, result _ i).
Further, the data owner may receive notification messages online or offline.
In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that:
1. according to the method, a log structure based on a Merkle tree is adopted to log data subscription behaviors, the state of the log is verified in a trusted hardware device SGX, once the trusted hardware device SGX finds that the log is tampered, decryption service is not provided any more, and therefore abuse of data is prevented; and the trusted hardware device SGX sends a notification message to the user every time the trusted hardware device SGX performs verification and decryption operations, the notification message comprises a verification result of the SGX on the log certification and a signature of the verification result, and the user can realize the accountability function by taking the notification message as evidence.
2. The invention uses DH algorithm to calculate the shared key of user and trusted hardware device SGX, can realize the data sharing of multi-user participation.
3. By designing a data subscription process without participation of a data owner and a protocol step that the data owner can call the log and verify, the data owner can be offline at any time, check the notification message when online and verify the log record.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
FIG. 1 is a schematic diagram of the accountable secure data sharing system and method of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the detailed description and specific examples, while indicating the preferred embodiment of the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, which is a schematic diagram of a novel accountable secure data sharing system and method proposed by the present invention, a data owner and a data subscriber share data through a data sharing platform, and in order to solve the problem of internal personnel attack of the existing data sharing platform, the present invention mainly proposes the following two design ideas:
(1) recording data subscription behaviors by adopting a log structure based on a Merkle tree;
(2) by verifying the state of the log in the trusted hardware device SGX, the log is made tamper-proof, thereby preventing misuse of data.
The features and properties of the present invention are described in further detail below with reference to examples.
The novel accountable security data sharing system comprises a data sharing platform, a data processing platform and a data processing platform, wherein the data sharing platform is used for sharing data by a data owner and a data subscriber; the data sharing platform comprises an access control module, a storage module, a log service module and a trusted hardware device SGX, wherein the storage module, the log service module and the trusted hardware device SGX are connected with the access control module; the log service module maintains logs using a Merkle tree.
Based on the accountable security data sharing system, a new accountable security data sharing method can be realized, in the method, a data owner and a data subscriber share data through a data sharing platform, and data sharing is performed through the following steps S1 to S4:
s1, the data owner uploads the encrypted data to the data sharing platform;
the data owner encrypts data by adopting a DH algorithm and a symmetric encryption algorithm, and specifically:
s11, the data owner ID _ i calculates a shared key k by using a public key PK _ SGX of the trusted hardware device SDX and the public key PK _ ID _ i of the data owner through a DH algorithm, and encrypts plaintext data m by using a symmetric encryption algorithm to obtain a ciphertext C _ i;
s12, the data owner ID _ i uses the plaintext data m to obtain the related index information Tag _ i;
s13, data owner ID _ i uploads (ID _ i, C _ i, Tag _ i) to the data sharing platform.
It can be seen that data sharing with multi-user participation can be realized by adding a user ID (e.g. ID _ i) to identify a user identity, and calculating a shared key of the user and the trusted hardware device SGX by using a DH algorithm.
S2, the storage module of the data sharing platform stores the encrypted data;
specifically, (ID _ i, C _ i, Tag _ i) is stored, and index information Tag _ i is disclosed.
S3, the data subscriber sends out a subscription request;
specifically, the method comprises the following steps:
s31, the data subscriber ID _ j inquires and determines the index information Tag _ i which needs to be subscribed;
s32, when the data subscriber ID _ j sends subscription request to the data sharing platform, it submits index information Tag _ i to the data sharing platform.
S4, the data sharing platform determines whether the data subscriber can subscribe through the access control module, and calls the log service module to generate log certification when the data subscriber can subscribe, wherein the log service module maintains a log by using a Merkle tree, then inputs the log into a trusted hardware device SGX to perform log certification verification, determines whether to send decrypted data to the data subscriber according to a verification result, and sends a corresponding notification message to the data subscriber; the notification message includes a verification result of the trusted hardware device SGX for the log attestation and a signature of the verification result.
Specifically, the method comprises the following steps:
s41, the data sharing platform judges whether the access right of the data subscriber ID _ j can subscribe the encrypted data corresponding to the submitted index information Tag _ i through the access control module:
if the subscription is not available, the access is terminated;
otherwise, calculating r _ i as Hash (ID _ j, C _ i) and storing r _ i;
s42, the access control module submits (ID _ i, ID _ j, C _ i, Tag _ i, r _ i) to the log service module and obtains the relevant proof Prov _ i;
the log service module maintains the log by using the Merkle tree, namely, a Merkle tree is maintained for each data owner ID _ i to record the log, and the root node of the Merkle tree is H; when the access control module submits (ID _ i, ID _ j, C _ i, Tag _ i, r _ i) to the log service module, the log service module performs:
(1) adding r _ i into the log, and updating the root node to be H';
(2) generating a presence proof pi and an extension proof p; wherein:
a path from the proof pi to the root node H' exists, which can ensure that the new subscription request is really contained in the new tree;
the extension proves that ρ is the path from H to H 'and it can be ensured that the new tree H' is indeed an extension of the old tree H.
(3) And generating a correlation certificate Prov _ i ═ (H', pi, rho, ID _ i) and returning the correlation certificate to the access control module. Through the steps, a non-falsifiable log is maintained by using the Merkle tree, the behavior information of the user using data is recorded, and the correctness of the record is proved by generating a relevant certificate, so that the user can ask for accountability.
S43, the access control module digitally signs (ID _ i, ID _ j, C _ i, r _ i, Prov _ i) to obtain signature information Sig _ i, and sends (ID _ i, ID _ j, C _ i, r _ i, Prov _ i, Sig _ i) to the trusted hardware device SGX;
s44, the trusted hardware device SGX verifies the signature information Sig _ i and the associated proof Prov _ i:
if the verification result _ i passes, the trusted hardware device SGX calculates a shared key k by using a private key of the trusted hardware device SGX and a public key of the data owner ID _ i through a DH algorithm, decrypts C _ i by using k, returns decrypted plaintext data m to the data subscriber ID _ j, and sends a notification message that the data has been successfully subscribed to the data owner ID _ i;
if the verification result _ i is failed, the trusted hardware device SGX sends a notification message that the log is tampered to the data owner ID _ i;
wherein the data owner may receive the notification message online or offline. That is, the subscription process of the data subscriber ID _ j does not require the participation of the data owner ID _ i, so the data owner ID _ i can be offline at any time, and receive the notification message sent by the trusted hardware device SGX when the data subscriber ID _ i is online again. The notification message includes (ID _ i, ID _ j, C _ i, r _ i, prev _ i, Sig _ i), a verification result of the trusted hardware device SGX on the log certificate, and a signature Sig _ SGX _ i of the trusted hardware device SGX on (ID _ i, ID _ j, C _ i, Tag _ i, r _ i, result _ i). By looking at the notification message, the data owner ID _ i can know which data is used by which data subscriber ID _ j; when the trusted hardware device SGX notifies that the log is tampered with, the data owner ID _ i may call the current log for verification. The notification message sent by the trusted hardware device SGX may be used as proof of user accountability because of the verification result of the log certificate and the signature of the verification result.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (5)
1. A novel accountable security data sharing method is characterized in that a data owner and a data subscriber share data through a data sharing platform, and data sharing is carried out through the following steps:
s1, the data owner uploads the encrypted data to the data sharing platform;
s2, the storage module of the data sharing platform stores the encrypted data;
s3, the data subscriber sends out a subscription request;
s4, the data sharing platform determines whether the data subscriber can subscribe through the access control module, and calls the log service module to generate log certification when the data subscriber can subscribe, wherein the log service module maintains a log by using a Merkle tree, then inputs the log into a trusted hardware device SGX to perform log certification verification, determines whether to send decrypted data to the data subscriber according to a verification result, and sends a corresponding notification message to the data subscriber; the notification message comprises a verification result of the trusted hardware device SGX on the log certificate and a signature of the verification result;
step S1 includes the following sub-steps:
s11, the data owner ID _ i calculates a shared key k by using a public key PK _ SGX of the trusted hardware device SDX and the public key PK _ ID _ i of the data owner through a DH algorithm, and encrypts plaintext data m by using a symmetric encryption algorithm to obtain a ciphertext C _ i;
s12, the data owner ID _ i uses the plaintext data m to obtain the related index information Tag _ i;
s13, uploading (ID _ i, C _ i, Tag _ i) to a data sharing platform by the data owner ID _ i;
the method for storing the encrypted data by the storage module of the data sharing platform in step S2 is as follows: storing (ID _ i, C _ i, Tag _ i) and disclosing index information Tag _ i;
step S3 includes the following sub-steps:
s31, the data subscriber ID _ j inquires and determines the index information Tag _ i which needs to be subscribed;
s32, when a data subscriber ID _ j sends a subscription request to the data sharing platform, the data subscriber ID _ j submits index information Tag _ i to the data sharing platform;
step S4 includes the following sub-steps:
s41, the data sharing platform judges whether the access right of the data subscriber ID _ j can subscribe the encrypted data corresponding to the submitted index information Tag _ i through the access control module: if the subscription is not available, terminating the access, otherwise, calculating r _ i ═ Hash (ID _ j, C _ i) and storing r _ i;
s42, the access control module submits (ID _ i, ID _ j, C _ i, Tag _ i, r _ i) to the log service module and obtains the relevant proof Prov _ i;
s43, the access control module digitally signs (ID _ i, ID _ j, C _ i, r _ i, Prov _ i) to obtain signature information Sig _ i, and sends (ID _ i, ID _ j, C _ i, r _ i, Prov _ i, Sig _ i) to the trusted hardware device SGX;
s44, the trusted hardware device SGX verifies the signature information Sig _ i and the associated proof Prov _ i:
if the verification result _ i passes, the trusted hardware device SGX calculates a shared key k by using a private key of the trusted hardware device SGX and a public key of the data owner ID _ i through a DH algorithm, decrypts C _ i by using k, returns decrypted plaintext data m to the data subscriber ID _ j, and sends a notification message that the data has been successfully subscribed to the data owner ID _ i;
if the verification result _ i is failed, the trusted hardware device SGX sends a notification message that the log is tampered to the data owner ID _ i.
2. The method according to claim 1, wherein the log service module maintains a log using a Merkle tree, which means that a Merkle tree with a root node of H is maintained for each data owner ID _ i to record the log; when the access control module submits (ID _ i, ID _ j, C _ i, Tag _ i, r _ i) to the log service module, the log service module performs:
(1) adding r _ i into the log, and updating the root node to be H';
(2) generating a presence proof pi and an extension proof p; wherein, a path from pi to a root node H 'is proved, and a path from rho to H' is proved by expansion;
(3) and generating a correlation certificate Prov _ i ═ (H', pi, rho, ID _ i) and returning the correlation certificate to the access control module.
3. The method of claim 1, wherein the data subscription process does not require a data owner ID _ i to participate, so that the data owner does not need to be online all the time, can be offline all the time, and can receive the notification message when online again.
4. The accountable security data sharing method according to claim 1, wherein the notification message comprises (ID _ i, ID _ j, C _ i, r _ i, prev _ i, Sig _ i), the result of verification of log attestation by the trusted hardware device SGX result _ i, and the signature Sig _ SGX _ i of the pair of trusted hardware devices SGX (ID _ i, ID _ j, C _ i, Tag _ i, r _ i, result _ i).
5. The accountable security data sharing method according to claim 1 or 4, wherein the data owner can receive the notification message online or offline.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010558430.0A CN111786779B (en) | 2020-06-18 | 2020-06-18 | Novel accountability security data sharing system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010558430.0A CN111786779B (en) | 2020-06-18 | 2020-06-18 | Novel accountability security data sharing system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111786779A CN111786779A (en) | 2020-10-16 |
| CN111786779B true CN111786779B (en) | 2022-03-18 |
Family
ID=72756827
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010558430.0A Active CN111786779B (en) | 2020-06-18 | 2020-06-18 | Novel accountability security data sharing system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111786779B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101039186A (en) * | 2007-05-08 | 2007-09-19 | 中国科学院软件研究所 | Method for auditing safely system log |
| CN104468615A (en) * | 2014-12-25 | 2015-03-25 | 西安电子科技大学 | Data sharing based file access and permission change control method |
| CN106559211A (en) * | 2016-11-22 | 2017-04-05 | 中国电子科技集团公司第三十研究所 | Secret protection intelligence contract method in a kind of block chain |
| CN108418691A (en) * | 2018-03-08 | 2018-08-17 | 湖南大学 | Dynamic network identity identifying method based on SGX |
| CN109040045A (en) * | 2018-07-25 | 2018-12-18 | 广东工业大学 | A kind of cloud storage access control method based on the encryption of ciphertext policy ABE base |
| CN109561110A (en) * | 2019-01-19 | 2019-04-02 | 北京工业大学 | A kind of cloud platform audit log guard method based on SGX |
| CN109643359A (en) * | 2016-06-30 | 2019-04-16 | 微软技术许可有限责任公司 | Control key-value storage verifying |
| EP3483760A1 (en) * | 2017-11-10 | 2019-05-15 | ETH Zurich | Brokered delegation of credentials using trusted execution environments |
| CN110245518A (en) * | 2019-05-31 | 2019-09-17 | 阿里巴巴集团控股有限公司 | A kind of date storage method, device and equipment |
| CN110990827A (en) * | 2019-10-28 | 2020-04-10 | 上海隔镜信息科技有限公司 | Identity information verification method, server and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA3048425A1 (en) * | 2018-07-03 | 2020-01-03 | Royal Bank Of Canada | System and method for an electronic identity brokerage |
-
2020
- 2020-06-18 CN CN202010558430.0A patent/CN111786779B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101039186A (en) * | 2007-05-08 | 2007-09-19 | 中国科学院软件研究所 | Method for auditing safely system log |
| CN104468615A (en) * | 2014-12-25 | 2015-03-25 | 西安电子科技大学 | Data sharing based file access and permission change control method |
| CN109643359A (en) * | 2016-06-30 | 2019-04-16 | 微软技术许可有限责任公司 | Control key-value storage verifying |
| CN106559211A (en) * | 2016-11-22 | 2017-04-05 | 中国电子科技集团公司第三十研究所 | Secret protection intelligence contract method in a kind of block chain |
| EP3483760A1 (en) * | 2017-11-10 | 2019-05-15 | ETH Zurich | Brokered delegation of credentials using trusted execution environments |
| WO2019091907A1 (en) * | 2017-11-10 | 2019-05-16 | Eth Zurich | Brokered delegation of credentials using trusted execution environments |
| CN108418691A (en) * | 2018-03-08 | 2018-08-17 | 湖南大学 | Dynamic network identity identifying method based on SGX |
| CN109040045A (en) * | 2018-07-25 | 2018-12-18 | 广东工业大学 | A kind of cloud storage access control method based on the encryption of ciphertext policy ABE base |
| CN109561110A (en) * | 2019-01-19 | 2019-04-02 | 北京工业大学 | A kind of cloud platform audit log guard method based on SGX |
| CN110245518A (en) * | 2019-05-31 | 2019-09-17 | 阿里巴巴集团控股有限公司 | A kind of date storage method, device and equipment |
| CN110990827A (en) * | 2019-10-28 | 2020-04-10 | 上海隔镜信息科技有限公司 | Identity information verification method, server and storage medium |
Non-Patent Citations (3)
| Title |
|---|
| "33401-d40".《3GPP tsg_sa\WG3_Security》.2016, * |
| Achieving_semantic_security_without_keys_through_coding_and_all-or-nothing_transforms_over_wireless_channels;Marco Baldi;《IEEE XPLORE》;20160925;全文 * |
| 区块链与可信数据管理_问题与方法;钱卫宁;《软件学报》;20171204;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111786779A (en) | 2020-10-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108768988B (en) | Block chain access control method, block chain access control equipment and computer readable storage medium | |
| CN107196966B (en) | Identity authentication method and system based on block chain multi-party trust | |
| EP1197032B1 (en) | Server-assisted regeneration of a strong secret from a weak secret | |
| US7359507B2 (en) | Server-assisted regeneration of a strong secret from a weak secret | |
| US8516259B2 (en) | Verifying authenticity of voice mail participants in telephony networks | |
| CN102647461B (en) | Communication means based on HTTP, server, terminal | |
| CN1677978B (en) | Signing and validating session initiation protocol routing headers | |
| CN113626802B (en) | Login verification system and method for equipment password | |
| CN105681470A (en) | Communication method, server and terminal based on hypertext transfer protocol | |
| CN112765626A (en) | Authorization signature method, device and system based on escrow key and storage medium | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| US20240259196A1 (en) | Timestamp generation method and apparatus, and electronic device and storage medium | |
| US20160080336A1 (en) | Key Usage Detection | |
| CN114499883A (en) | Cross-organization identity authentication method and system based on block chain and SM9 algorithm | |
| CN110176989A (en) | Quantum communications service station identity identifying method and system based on unsymmetrical key pond | |
| US20210111906A1 (en) | Pseudonym credential configuration method and apparatus | |
| CN111786779B (en) | Novel accountability security data sharing system and method | |
| CN114257370A (en) | Identification password processing method, electronic device, system and storage medium | |
| CN113315749B (en) | User data uplink, user data using method, anonymous system and storage medium | |
| CN115580394B (en) | Privacy data desensitization transmission method and system in property digital system | |
| CN116506120B (en) | Key loading method, key system and readable storage medium | |
| CN116112167B (en) | Key management system, method and device | |
| CN114499829B (en) | Key management method and device, electronic equipment and storage medium | |
| CN117728967A (en) | Internet service system based on cloud computing technology | |
| CN118074919A (en) | Method, system and medium for establishing encrypted communication based on trusted hardware remote authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |