CN112165472A - Internet of things data security sharing method based on privacy protection - Google Patents
Internet of things data security sharing method based on privacy protection Download PDFInfo
- Publication number
- CN112165472A CN112165472A CN202011001418.6A CN202011001418A CN112165472A CN 112165472 A CN112165472 A CN 112165472A CN 202011001418 A CN202011001418 A CN 202011001418A CN 112165472 A CN112165472 A CN 112165472A
- Authority
- CN
- China
- Prior art keywords
- terminal member
- attribute
- information
- ciphertext
- shared
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Abstract
The invention provides an Internet of things data security sharing method based on privacy protection, which comprises the following steps: initializing protocol parameters in an information sharing network domain; registering a terminal member; the terminal member acquires the attribute authority parameters of the terminal member, calculates an encryption key according to the Chinese remainder theorem, encrypts the shared information resources and stores the encrypted information resources in a linked database; calculating intermediate parameters required by the stored information resources, generating index information of the shared ciphertext and encapsulating the index information in a block, and so on, wherein each terminal member stores the related information of the ciphertext in the block to generate a block chain; access and sharing of ciphertext. According to the invention, identity and attribute parameter matching double authentication is adopted to prevent collusion attack and protect personal privacy, an attribute matching access control strategy is combined with a block chain technology to ensure the safety of shared resource information, the storage burden is reduced, the information resource sharing in the industrial Internet of things is more flexible, efficient and practical, and the method has important field research significance and commercial application value.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a privacy protection-based industrial Internet of things data security sharing method.
Background
The rapid development and continuous innovation of the computer technology and the Internet of things improve the efficiency of information storage and real-time exchange. Modern industrial systems require the application of industrial internet of things systems to realize higher-level data sharing, which necessitates data interaction between different internet of things systems in the form of an open network. However, such a highly open network is vulnerable to illegal attacks, which may cause various data to be damaged or lost, and may seriously affect the normal operation of the industrial system. Privacy protection and data security are security problems needing to be guaranteed for resource sharing, access control is one of the fundamental technologies for data information protection, and data can be guaranteed to be accessed only by users with corresponding permissions. And information resources are obtained and decrypted through attribute parameter matching, so that fine-grained, safe and flexible access to shared data is guaranteed.
The important foundation and core of industrial internet of things technology remains the internet. Through the integration of various wired networks, wireless networks and the Internet, in the industrial Internet of things, in order to guarantee the confidentiality and the leakage resistance of shared information and the personal privacy of information sharers among mobile terminals, shared resources are uploaded to a linked database of a block chain after being encrypted, the linked storage addresses and index information of the shared resources are stored in the block chain, a data visitor determines and downloads ciphertext resources according to the index information in the blocks, and then a decryption key is calculated to decrypt the ciphertext. Because the access to the internet of things is not limited by time and regions, the encryption of the shared resource information in the network environment is an important guarantee for the safety of information resources.
In order to prevent an illegal terminal from joining in inter-domain data sharing, a terminal member needs to perform identity authentication in the process of information resource sharing. The traditional identity authentication method is easy to expose personal identity information in the identity authentication process, and the identity authentication with hidden attributes is adopted, so that the personal privacy can be well protected. At present, research aiming at an industrial internet of things data security sharing method based on privacy protection does not appear yet. A series of challenging problems need to be solved, and the work of setting an access control strategy, identity authentication, personal privacy protection and the like in the information sharing process is unprecedented.
Disclosure of Invention
Aiming at the technical problems that personal identity information is easy to expose and sensitive data cannot be flexibly protected in the identity authentication process of the existing information resource sharing method, the invention provides the privacy protection-based Internet of things data security sharing method.
In order to achieve the purpose, the technical scheme of the invention is realized as follows: a method for safely sharing data of an Internet of things based on privacy protection comprises the following steps:
the method comprises the following steps: initialization of protocol parameters in an information sharing network domain: the CA and each terminal member generate respective public/private key pairs;
step two: registration of terminal members:
A) the authentication center CA selects network attribute parameters which are in one-to-one correspondence with the network attributes in the network attribute set, simultaneously generates attribute serial numbers which are in correspondence with the ordered network attribute set, and broadcasts the network attributes in the network attribute set, the corresponding network attribute parameters and the attribute serial numbers to all terminal members in the domain;
B) each terminal member calculates intermediate parameters required by terminal member registration by using the attributes in the respective ordered attribute set, and then sends the intermediate parameters to a Certificate Authority (CA);
C) after receiving the message sent by each terminal member, the CA verifies the identity of each terminal member, if the verification is passed, the CA selects a series of random numbers, calculates the attribute authority parameters and the signature, and sends the attribute authority parameters, the signature and the public key to each registered terminal member;
D) after each terminal member receives the message sent by the authentication center CA, the terminal member calculates the attribute authority parameters and intermediate parameters required by the registration of the terminal member, the terminal member verifies the identity of the authentication center CA and the correctness of the attribute authority parameters, if the verification is passed, each terminal member obtains the attribute authority parameters corresponding to the attributes, and the registration of each terminal member is successful;
E) the CA sends the public key, the attribute authority parameter, the attribute serial number and the corresponding network attribute parameter to each terminal member and stores the public key, the attribute authority parameter, the attribute serial number and the corresponding network attribute parameter in a block of each terminal member;
step three: information resource encryption storage:
F) the terminal member acquires the attribute authority parameters of the terminal member, calculates an encryption key by using the attribute serial number and the corresponding network attribute parameters according to the Chinese remainder theorem, encrypts the shared information resource into a ciphertext and stores the ciphertext in a linked database of the block chain;
G) the terminal members calculate intermediate parameters required by information resource storage according to the IP address sequencing, generate index information of a shared ciphertext, send the intermediate parameters required by the ciphertext, a public key, the IP address of the next terminal member and the attribute authority parameters acquired from the authentication center CA to the next terminal member, and package the information, the storage address of the ciphertext and a timestamp in a block;
H) after the next terminal member acquires the message sent by the last terminal member, the IP address and the attribute authority parameters are compared, if the message is correct, the terminal member writes a new block, calculates the intermediate parameters required by the stored ciphertext, generates the index information of the shared ciphertext, sends the intermediate parameters required by the stored resource, the public key, the IP address of the next terminal member and the attribute authority parameters acquired from the authentication center CA to the next terminal member, and encapsulates the information, the stored address of the ciphertext and the timestamp in a block; by analogy, each terminal member stores the relevant information of the ciphertext in the block to generate a block chain so that other terminal members can access the ciphertext;
step four: ciphertext access and sharing:
I) each terminal member determines a ciphertext which the terminal member wants to access according to the index information of the ciphertext resource in the block chain, then sends a public key, an attribute authority parameter and a signature of the terminal member to the terminal member possessing the ciphertext resource, and the terminal member possessing the ciphertext resource verifies the identity of the terminal member and returns a storage address to the terminal member; the terminal member downloads the ciphertext information from the linked database according to the storage address, selects the corresponding attribute authority parameters and the network attribute parameters according to the attribute serial number in the terminal member block with the ciphertext resource, calculates a decryption key according to the Chinese remainder theorem, and decrypts the ciphertext information to obtain the shared ciphertext.
The index information comprises the category, brief description, keywords and attribute serial numbers required by encryption of the ciphertext resources.
The method for generating the respective public/private key pair by the authentication center CA and each terminal member in the first step comprises the following steps:
(1) the CA randomly selects the master key and uses the generator of the additive groupCalculating a public/private key pair: the authentication center CA randomly selects a positive integerAs a system private key, and calculates a public key PKA=SKAg1The authentication center CA will (SK)A,PKA) As a public/private key pair of the system; wherein, g1Is an addition group G1The generation element of (a) is generated,representing a set of integers of order q, q being an addition group G1Prime order of;
(2) each terminal member u in the domainiRandomly selecting a public key, and calculating a private key of the public key by using a generator of an addition group: each terminal member uiSelecting a random positive integerComputing terminal member uiPrivate key ofAnd public keyWherein i is more than or equal to 1 and less than or equal to n, n is the number of terminal members in the domain,is a terminal member uiThe identity of (2) is identified,is a hash function, {0,1}*Representing a set of numeric strings of arbitrary length consisting of binary 0 and 1.
The method for registering the terminal member in the second step comprises the following steps:
A) the CA selects a group of positive integers p of pairwise reciprocity elements1,p2,....,pRThe certification center CA sets the ordered network attribute set Attr as { a ═ a1,A2,...,Aν,...,ARAnd an attribute order number S corresponding to the set of network attributes1,S2,...,Sν,...,SRAnd positive integer p1,p2,....,pν,....pRComposition message { (A)1,S1,p1),(A2,S2,p2),...,(AR,SR,pR) Broadcasting to all terminal members in the domain; wherein, the network attribute Aν<Aν+1,1≤ν≤R,R∈N*Representing the number of network attributes, N*Denotes a positive integer, SνThe representation corresponds to the network attribute AνAttribute sequence number of pνThe representation corresponds to an attribute AνAn attribute parameter;
B) terminal member uiUsing its ordered set of attributesThe attribute element in (1) calculates an intermediate variableAndterminal member uiTo transmit informationSending the information to a certification center CA; wherein i is more than or equal to 1 and less than or equal to n,and oiRepresenting intermediate variables, attribute sets, required for registration of a terminal memberri∈N*And attributeriIs a terminal member uiNumber of attributes of (a)i,kIs a terminal member uiKth of (1)The number of the attributes is one,indicating terminal member uiThe identity of (2) is identified,indicating terminal member uiThe public key of (2); PKARepresenting the public key of the certificate authority CA,indicating terminal member uiA random positive integer of the public key and the private key is calculated,is a hash function, | | is a connection symbol;
C) CA receiving terminal member u of authentication centeriTransmitted messageThereafter, the certificate authority CA calculates intermediate variablesAnd passes the verificationWhether to authenticate terminal member u in standingiIf the equality holds, the certificate authority CA selects the identity corresponding to each attribute ai,kRandom number of1≤k≤riThen, the intermediate variable χ is calculatedi,k=ιi,kθi,kAndauthentication center CA will informationTo registered terminalsPerson ui(ii) a If the equality is not satisfied, the authentication center CA will use the terminal member uiEliminating the region; wherein k represents a terminal member uiThe kth attribute of (1), χi,kIs a terminal member uiThe k-th attribute parameter of (2),iis terminal member uiRegistering required intermediate parameters;
D) terminal member uiReceiving the information sent by the authentication center CAThen, terminal member uiComputing attribute rights parametersAnd intermediate variablesTerminal member uiBy verifying equation e: (i,g1)=e(Φi,PKA) Whether the identity and the attribute a of the authentication center CA are established or noti,kCorresponding attribute authority parameter Ti,kIf the equation holds, the terminal member uiObtain each attribute a thereofi,kCorresponding attribute authority parameter, terminal member uiThe registration is successful; if the equality is not true, terminal member uiThe registration fails; wherein the content of the first and second substances,attribute authority parameter, phi, representing terminal memberiRepresenting intermediate variables required for verifying the identity of the certificate authority CA; e (-) is a computable bilinear mapping function;
E) authentication center CA will informationSend to terminal member uiAnd stored to terminal member uiOn the block of (a).
Said verification equationThe method comprises the following steps:the verification equation e: (i,g1)=e(Φi,PKA) The method comprises the following steps:
the method for encrypting the shared information resource into a ciphertext and storing the ciphertext in the downlink database of the block chain in the step F) comprises the following steps:
1) each having an ordered set of attributesTerminal member uiWhen sharing its information resource, terminal member uiAccording to attribute serial number corresponding to its attributeObtaining corresponding network attribute parametersComputing equation by using own attribute authority parametersCalculating a unique solution according to the Chinese remainder theoremWherein the content of the first and second substances,(ii) a Group key 1≤υ≤ri,P、pυAnd yυIntermediate variables required for key calculation; mod represents a remainder function;
2) each terminal member uiCalculate group key groupkeyThen, for the information to be sharedAnd (3) encryption: terminal member uiComputing an encrypted ciphertextEncrypting information m; terminal member uiSharing the encrypted ciphertext ci,mUpload to the down-link database and forward the ciphertext ci,mIs stored at the addressReturning to the down-link database in the block for storage; wherein the content of the first and second substances,is a plaintext space.
The method for storing the index information of the ciphertext shared in the steps G) and H) comprises the following steps:
1) in the domain, each terminal member u participating in resource sharingiBroadcasting its IP address and public key;
2) after the terminal members in the domain receive the messages broadcast by other members, each terminal member sorts according to the size of the IP address, and each terminal member stores the public keys and the IP addresses of the former terminal member and the latter terminal member; ordered set ordered according to the size of the IP address asn is the number of terminal members in the domain,indicating terminal member uiOf public key, IPiIndicating terminal member uiThe IP address of (2);
3) terminal member uiAccording to information shared by Certificate Authority (CA)Computing signaturesTerminal member uiInformation shared to itCategorizing acquisition of categories of shared resourcesGiving a short overview of shared resourcesExtracting keywords of shared informationAttribute serial number corresponding to attribute used when encrypting information mGenerating index information of the shared resource informationTerminal member uiObtaining the storage address of the shared information m in the down-link databaseTerminal member uiSending messagesGiving IP address as IPi+1Terminal member ui+1(ii) a Terminal member uiRecording time information timeiAnd will transmit the messagePackaging into a block; therein, SigiIs terminal member uiTime, signature ofiDenoted as time stamp;respectively representing attribute serial numbers corresponding to the attributes used in encryption;
4) terminal member ui+1Receiving terminal member uiTransmitted informationThen, terminal member ui+1The IP address of the user and the terminal member uiComparing IP addresses in the blocks of (1), and comparing informationIf the attribute authority parameters are the same as those stored in the block by the authentication center CA, if the IP address and the information are the sameAre all the same, terminal member ui+1Writing a new tile, terminal member ui+1ComputingAnd passes the verification equationVerifying terminal member uiIf the equality holds, terminal member ui+1Determining that the message was sent by the previous member, terminal member ui+1According to information shared by Certificate Authority (CA)Computing signaturesTerminal member ui+1Information shared to itCategorizing acquisition of categories of shared resourcesGive a short summary of shared resourcesDescription of (1)Extracting keywords of shared resourcesAttribute serial number corresponding to attribute used when encrypting the shared information mThereby generating index information of the shared resource informationObtaining storage address of shared resource in down-link databaseTerminal member ui+1Sending messagesGiving IP address as IPi+2Terminal member ui+2(ii) a Terminal member ui+1Recording time information timei+1And will transmit the messagePackaging into a block; if the equality is not true, terminal member ui+1Determining that the message was not sent by a previous terminal member, ignoring the message, and kicking the terminal member sending the message out of the network domain; therein, Sigi+1Is terminal member ui+1Time, signature ofi+1Denoted as time stamp;
5) each terminal member uiThe index information and identity information of the shared information are encapsulated in their respective tiles and linked into a chain of tiles.
the method for accessing and sharing the resources in the fourth step comprises the following steps:
(1) each terminal member u in the domainjDetermining the information to be accessed according to the index information in the block chain, and the terminal member ujTerminal member u of owner viewing the informationiIndex information in the block to obtain corresponding attribute serial numberAnd sends information according to the attribute sequence numberTo the owner uiWherein, signingTerminal member uiCalculating intermediate variablesTerminal member uiBy verifying the equationWhether a verification terminal member u is establishedjThe identity of (a); if the equation holds, terminal member uiThe linked database address of the shared resourceReturned to terminal member uj(ii) a If the equality is not satisfied, then the terminal member u is representedjThe identity is in a problem and the resource cannot be accessed; wherein j is more than or equal to 1 and less than or equal to n, i is not equal to j, i is more than or equal to 1 and less than or equal to n, uiTerminal member, mu, representing the owner of the resource informationiIntermediate variables required for resource access, H2(. -) represents a hash function; r isjIs a terminal member ujThe number of the attributes of (a) is,indicating terminal member ujThe private key of (1);
(2) terminal member ujAccording to owner ukShared resource of (2)Downloading information c of corresponding cipher textk,mThen according to the obtained attribute serial numberSelecting corresponding attribute authority parameters and network attribute parameters, and calculating decryption key according to Chinese remainder theoremAccording to the decryption key xjAnd decrypting the ciphertext ck,mCalculating to obtain plaintext, i.e. shared resource
compared with the prior art, the invention has the beneficial effects that: terminal members in the domain perform identity authentication through an identity authentication technology with hidden attributes before performing information resource sharing; after the identity of each terminal member is confirmed, attribute authority parameters corresponding to the attribute of each terminal member are calculated, an encryption key is calculated according to the Chinese remainder theorem, then shared data resources are encrypted and uploaded to a down-link database, the storage address of the ciphertext resource is returned to an on-link block for storage, and meanwhile, index information and personal identity information of the shared resources are stored in the on-link block, so that the safety and leakage resistance of the information resources can be guaranteed, the storage burden of the block chain can be reduced, and users can conveniently search the data resources. The terminal members in the domain of the invention adopt a symmetric encryption algorithm to encrypt the shared information, the members who need to access the information and have attribute parameter matching can download the data resource according to the down-link storage address, and the attribute serial number in the index information selects the corresponding attribute authority parameter and the network attribute parameter to calculate the decryption key for decryption and viewing; the identity authentication technology with hidden attributes is adopted to realize the effects of personal privacy protection and identity authentication in the identity authentication process of resource information sharing, and the traceability that data information cannot be falsified and illegal attacks is guaranteed by utilizing the advantages of the block chain technology, and meanwhile, the problem of large communication traffic and calculation amount is avoided. When accessing the resources of the data, the shared resources can be decrypted only by passing identity authentication and successfully matching the attribute authority parameters, so that collusion attack of illegal terminals is avoided. According to the invention, a ciphertext attribute authentication technology is adopted to protect personal privacy, an attribute matching access control strategy is applied, and a block chain technology is combined to ensure the safety of shared resource information and the transparency of data storage, and a data resource storage mode combining block chain on-index storage and chain off-database storage is adopted to reduce the storage burden, so that the calculation and communication in the information sharing process are lighter; the safety of shared data and illegal attack tracing are guaranteed by utilizing the characteristics of non-tampering and traceability of the block chain technology; when accessing information resources, the identity and attribute parameter matching double authentication is adopted to prevent collusion attack, so that the information resource sharing in the industrial Internet of things is more flexible, efficient and practical, and the method has important field research significance and commercial application value.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic flow chart of the present invention.
Fig. 2 is a diagram illustrating specific information transmission for resource information sharing according to embodiment 1 of the present invention.
FIG. 3 is a block diagram of data storage for resource information sharing according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive effort based on the embodiments of the present invention, are within the scope of the present invention.
Aiming at the problems of confidentiality, integrity and leakage resistance of data resources when information is safely shared among mobile terminals in a network under the complex communication environment of the industrial Internet of things; meanwhile, in the internet of things, a mobile terminal can access the internet of things at any time and any place to cause the problems of complexity, randomness and the like of communication environment personnel. Firstly, a CA in a domain randomly selects a main encryption key and calculates a corresponding public/private key pair, each terminal member in the domain randomly selects a public key, and then calculates a private key of the terminal member by using a generating element of an addition group; secondly, the authentication center CA selects corresponding prime numbers as network attribute parameters according to the number of the attributes in the intra-domain network attribute set, generates corresponding attribute serial numbers, and broadcasts the information to each terminal member in the domain; each terminal member calculates the intermediate variable required by the registration of the terminal member by using the attribute of the terminal member and sends the intermediate variable to an authentication center CA in the domain, the authentication center CA verifies the identity of each terminal member and then calculates the corresponding attribute parameter, the authentication center CA sends the intermediate parameter, the attribute parameter and the public key required by the registration of the terminal to each terminal member, each terminal member calculates the attribute authority parameter corresponding to the attribute of the terminal member after receiving the message, then verifies the identity of the authentication center CA and the correctness of the attribute authority parameter, and if the verification is passed, the registration of each terminal is completed. The CA in the domain sends the public key, the attribute parameters, the corresponding attribute serial number and the corresponding network attribute parameters to each terminal member and stores the public key, the attribute parameters, the corresponding attribute serial number and the corresponding network attribute parameters in a block. And then, the terminal member calculates an encryption key according to the Chinese remainder theorem by using the corresponding attribute authority parameter and the corresponding network attribute parameter, encrypts shared resource information by using the encryption key to generate an encryption ciphertext, uploads the ciphertext to a downlink database of the block chain, and stores a downlink storage address of the shared resource in the uplink block. The terminal members classify the ciphertext resources, combine the category, the general description, the keywords and the serial numbers of the attributes required by encryption of the ciphertext resources into index information to be stored in the blocks on the chain of the terminal members, and store the identity information of the terminal members in the blocks to generate block chains; finally, the terminal members determine the ciphertext which the terminal members want to access according to the index information in the block, and after the ciphertext which the terminal members want to access is determined, the terminal members sign and send the related parameter information to all the terminal members of the resource; all the terminal members of the resource verify the identity of the access terminal member, and if the identity passes the verification, the storage address of the shared resource is sent to the access terminal member; and after downloading the corresponding ciphertext according to the ciphertext storage address, the access terminal member selects the corresponding attribute authority parameter and the network attribute parameter according to the attribute serial number, calculates a corresponding decryption key according to the Chinese remainder theorem, and then decrypts the ciphertext.
1. Theoretical basic knowledge and associated definitions to which the invention relates
1.1 bilinear mapping problem
Property 3. calculability: there are efficient algorithms, for the generator ω, ρ ∈ G1E (ω, ρ) can be calculated.
1.2 computational complexity problem
Definition 2.Diffie-Hellman inverse problem operation (ICDH): give g1,ag1And abg1For the parametersCalculating (ab/a) g1。
1.3 theorem of Chinese remainder
Giving a series of positive integers p of pairwise reciprocity1,p2,...,pnI.e. gcd (p)i,pj) 1(i ≠ j); wherein p ═ p1p2...pn=piDi,Di=p1p2...pi-1pi+1...pnCalculating the equationTo derive a unique solutionWherein, yi·Di mod pi1, i 1,2, n, gcd () represents a function that verifies whether positive integers are prime, pi、li、yiThe intermediate variables required for the key calculation, mod represents the remainder function and x represents the key.
Example 1
Under the condition of complex data sharing, an authentication center CA in a domain needs to perform identity authentication on a terminal member sharing data information, but when the identity information is provided, the identity information is easy to leak or be stolen. For safety, when information is shared and authenticated by multiple parties, personal identity privacy needs to be protected. During information sharing, confidentiality, integrity and leakage resistance of communication information are guaranteed, and members meeting an access policy are required to share the information. In view of the application background, the invention provides a privacy protection-based industrial internet of things data security sharing method, as shown in fig. 1, comprising the following steps: firstly, initializing parameters of terminal members participating in information resource sharing, and respectively generating respective public/private key pairs; registering terminal members in the domain, performing hidden attribute identity authentication on the terminal members in the domain before information encryption storage and information resource access, calculating corresponding attribute authority parameters according to respective attribute sets of the terminal members, and sending public keys, attribute parameters, attribute serial numbers and network attribute parameters of the terminal members to the terminal members and storing the public keys, the attribute parameters, the attribute serial numbers and the network attribute parameters in blocks of the terminal members by an authentication center CA; thirdly, information encryption storage, each terminal member selects corresponding attribute authority parameters and network attribute parameters according to the own attribute, then calculates an encryption key by using the Chinese remainder theorem, encrypts the data information shared by the terminal members by using the encryption key, uploads the encrypted ciphertext to a down-link database of a block chain, returns the storage address of the encrypted ciphertext to an on-link block, generates index information consisting of the category, brief description, keywords and serial numbers of the attribute used for encryption of the shared ciphertext, stores the index information in the block, uploads the identity information of each terminal member to each block, generates a block chain, and the structure of the block is shown in FIG. 3; and fourthly, each terminal member determines the shared resource which the terminal member wants to access according to the index information in the block chain, then sends the identity information of the terminal member to the terminal member which has the resource which the terminal member wants to access, the terminal member which has the data resource verifies the identity of the access terminal, after the authentication is passed, the storage address of the shared resource is sent to the access terminal, the terminal member downloads the ciphertext according to the storage address of the ciphertext, selects the corresponding attribute authority parameter and the network attribute parameter according to the attribute serial number in the index information, and then calculates a decryption key according to the Chinese remainder theorem to decrypt the ciphertext so as to obtain the shared resource. A model diagram of the entire system is shown in fig. 2. The method comprises the following specific steps:
the method comprises the following steps: information sharing network initialization protocol parameters: and generating a public/private key pair of the authentication center CA and each terminal member.
Suppose that the information sharing network comprises an authentication center CA and n terminal members, wherein the authentication center CA is used for generating system parameters and a system master key, and the authentication center CA is also used for verifying the identity of a terminal member entity so as to track the identity of an anonymous terminal member in a block chain. Set of n terminal members with U ═ U1,u2,...,unDenotes that the identities of the respective n terminal members are setAnd (4) showing. The authentication center CA defines a network attribute sequence ATTR ═ a arranged in a specified order1|A2|...|ARThe corresponding network attribute set is Attr ═ a1,A2,...,Aj,...,ARAnd network attribute Aj<Aj+1,j<R,R∈N*Representing the number of network attributes, N*Representing a positive integer.1≤riR is less than or equal to terminal member u in networkiOrdered attribute set of (2), arranged with the ordered attribute setSequence-wise corresponding property sequencesr∈N*And attribute ai,r-1<ai,r,riIndicating terminal member uiR ofiAnd null indicates that the attribute value is null.
If the terminal member wants to store the shared resource on the blockchain, or the terminal member wants to access the resource on the blockchain, the terminal member must be a legal authenticated member and have corresponding access right.
The method for generating respective public/private key pairs by the authentication center CA in the information sharing network domain and each terminal member in the network comprises the following steps:
the certificate authority CA within the domain runs the key generation algorithm KeyGen (1)λ) Obtaining public and private key pair (SK)A,PKA) Wherein the authentication center CA randomly selects a positive integerAs a system private key, and calculates a public key PKA=SKAg1(ii) a Authentication center CA will (SK)A,PKA) As a public/private key pair of the system. Each terminal member u in the domainiSelecting a random positive integer from E to UComputingIs terminal member uiThe private key of (1). Calculate its public keyThe system parameter is params ═ (PK)A,q,G1,G2,g1,e,H1,H2) (ii) a Wherein, g1Is an addition group G1The generation element of (a) is generated,representing a set of integers of order q, q being an addition group G1KeyGen () represents a key generation algorithm, and λ represents an intermediate variable required for key calculation; i is more than or equal to 1 and less than or equal to n, n is the number of terminal members in the domain, and U is { U ═1,u2,...,unIs a set of n terminal members,is a terminal member uiThe private key of (a) is used,is a terminal member uiThe public key of (a) is stored,is a terminal member uiThe identity of (2) is identified,are two hash functions, {0,1}*Representing a set of numeric strings of arbitrary length consisting of binary 0 and 1.
Step two: and registering the terminal member.
In order to prevent unauthorized terminal members from participating in information resource sharing, only terminal members with authority are allowed to participate in information encryption storage and information resource access. The invention adopts the identity authentication mode of hidden attribute, and the identity authentication is carried out on the terminal members in the domain before information uploading and information access, thereby avoiding the participation of other unauthorized users. Each terminal member interacts with the authentication center CA to generate an attribute authority parameter corresponding to each attribute. And finally, the authentication center CA sends the public key, the attribute authority parameter, the network attribute parameter and the attribute serial number of the authentication center CA to each block and stores the public key, the attribute authority parameter, the network attribute parameter and the attribute serial number in the blocks on the chain.
The invention realizes the safe sharing of intra-domain information, has the function of traditional identity authentication, can protect the personal privacy problem, matches and accesses according to the attribute authority parameters, and terminal members with different attribute authority parameters access data with different sensitivity degrees, thereby avoiding the leakage of sensitive information. The specific implementation method for registering the terminal member comprises the following steps:
(1) the CA selects a group of positive integers p of pairwise reciprocity elements1,p2,....,pRI.e. gcd (p)ν,pα) R, ν ≠ α,1, 2, · v ≠ α; the authentication center CA combines the network attribute set and the attribute sequence number corresponding to the network attribute set and the positive integer into a message { (A)1,S1,p1),(A2,S2,p2),...,(AR,SR,pR) Broadcasting to all terminal members in the network domain; wherein A isν(1. ltoreq. v. ltoreq.R) represents a network attribute, and the network attribute Aα<Aα+1,α<R,R∈N*Representing the number of network attributes, N*Denotes a positive integer, SνThe representation corresponds to the network attribute AνAttribute sequence number of pνThe representation corresponds to an attribute AνAn attribute parameter;
(2) owning property setsTerminal member uiComputing intermediate variables using attribute elements in attribute setsAndthen terminal member uiTo transmit informationSending the information to a certification center CA; wherein i is more than or equal to 1 and less than or equal to n,and oiRepresenting intermediate variables, attribute sets, required for registration of a terminal memberr∈N*And attribute ai,r-1<ai,r,riIs a terminal member uiThe number of the attributes of (a) is,indicating terminal member uiThe ID of (a) is stored in the memory,indicating terminal member uiThe public key of (2); PKARepresenting the public key of the certificate authority CA,representation of terminal Member uiCalculating positive integers required by the public key and the private key,is a hash function and represents a concatenation symbol.
(3) Receiving terminal member u by authentication center CAiTransmitted messageThereafter, the certificate authority CA calculates intermediate variablesAnd according to the formulaWhether to authenticate terminal member u in standingiIf the equality holds, the certificate authority CA selects the identity corresponding to each attribute ai,kRandom number of1≤k≤riThen calculating the intermediate variable χi,k=ιi,kθi,kAndauthentication center CA will informationSent to registered terminal member ui. If the verification is not passed, the authentication center CA rejects the terminal member from the domain of the information sharing network. Wherein k represents a terminal member uiThe kth attribute of (1), χi,kIs a terminal member uiThe k-th attribute parameter of (2),iis terminal member uiThe intermediate parameters required for registration. Note that: for two different terminal members uiAnd ul(i ≠ l) two attributes a corresponding to each otheri,jAnd al,kIf j is k, then the random number iotai,j=ιl,k。
(4) terminal member uiReceiving the information sent by the authentication center CAThen, terminal member uiComputing attribute rights parametersAnd intermediate variablesThen, terminal member uiBy verifying equation e: (i,g1)=e(Φi,PKA) Whether the identity and the attribute a of the authentication center CA are established or noti,kCorresponding attribute authority parameter Ti,kIf the verification is passed, the terminal member uiObtain each attribute a thereofi,kCorresponding attribute authority parameter, terminal member uiThe registration is successful; if the verification fails, the terminal member is indicated to fail to register; wherein the content of the first and second substances,attribute authority parameters representing terminal members, which are terminal member muiIntermediate variable, Φ, required for registrationiRepresenting an intermediate variable, PK, required for verifying the identity of a certificate authority CAARepresenting the public key of the certificate authority CA, e (-) is a computable bilinear mapping function formula. Wherein, equation e: (i,g1)=e(Φi,PKA) The proving method comprises the following steps:
(5) finally, the authentication center CA sends the informationSend to terminal member uiAnd stored to terminal member uiOn the block of (a).
Step three: and (5) encrypting and storing the information resource.
Terminal members in the domain calculate an encryption key by using the Chinese remainder theorem, encrypt shared resource information and upload the encrypted resource information to a downlink database, and then store a storage address in an uplink block; and simultaneously, generating index information of the shared ciphertext and the identity information of each terminal member, uploading the index information and the identity information to each block, and generating a block chain. The index information comprises the category of the ciphertext, brief description of the ciphertext, keywords and a serial number corresponding to an attribute parameter used during encryption of the ciphertext. The process is as follows:
(1) the method for encrypting the shared resources and storing the shared resources under the link comprises the following steps:
1) each owning attribute setTerminal member uiWhen sharing the data resource, firstly, according to the attribute sequence number corresponding to the attribute of the userObtaining corresponding network attribute parametersThen, the self attribute authority parameters are used for calculationAccording to the Chinese remainder theorem, a unique solution can be calculatedWherein the content of the first and second substances, the shared information is encrypted and decrypted as a group key, so that the information sharing safety between terminal members in the network domain is ensured. Wherein, k is more than or equal to 1 and less than or equal to n, k is not equal to i, groupkeyAnd xiPresentation key, P, pυAnd yυIntermediate variables required for key calculation; mod represents the remainder function.
2) Each terminal member uiCalculate the secret xiThen, for the information he wants to shareEncryption: terminal member uiBy calculation ofResource m is encrypted. Then, terminal member uiCiphertext resource c to be sharedi,mUploading to the on-chain database and transmitting the cipher text resource ci,mIs stored at the addressReturning to the chain storage in the blocks; wherein the content of the first and second substances,as a plaintext space, ci,mIs an encrypted ciphertext.
(2) The method for storing the index information of the shared resources on the chain comprises the following steps:
1) in the network domain, each terminal u participating in resource sharingiBroadcast his IP address and public key;
2) after the terminal members in the domain receive the messages broadcast by other members, each member is sorted according to the size of the IP address. Each member then stores the public keys and IP addresses of its previous and next members. Assume a sequence set of
3) Terminal member uiAccording to information shared by Certificate Authority (CA)Computing signaturesThen, terminal member uiEncrypted information shared theretoCategorizing acquisition of categories of shared resourcesThen a brief overview of the shared resources is givenDescription of the inventionThe method is mainly used for searching the resources by the resource accessor. At the same time, extracting keywords of shared resourcesAttribute sequence number corresponding to attribute used when encrypting the shared resourceThereby generating index information of the shared resource informationFinally, the storage address of the shared resource in the down-link database is obtainedThen, terminal member uiSending messagesGiving IP address as IPi+1Terminal member ui+1. Finally, terminal member uiRecording time information timeiAnd will transmit the messagePackaging into a block; therein, SigiIs terminal member uiTime, signature ofiDenoted as time stamps.Respectively representing the attribute serial number corresponding to each attribute used in encryption.
4) Terminal member ui+1Receiving terminal member uiTransmitted informationThen, terminal member ui+1The IP address of the user and the terminal member uiIP address comparison in blocks and comparing informationIf the IP address and information are the same as those stored in the block by the authentication center CAAre all equal, terminal member ui+1A new block is written. Terminal member ui+1ComputingAnd according to the equationVerifying terminal member uiIf the equality holds, terminal member ui+1It may be determined that the message was sent by a previous member; terminal member ui+1According to information shared by Certificate Authority (CA)ComputingThen, terminal member ui+1Resource shared to itCategorizing acquisition of categories of shared resourcesThen a brief overview of the shared resources is givenAt the same time, extracting keywords of shared resourcesAttribute sequence number corresponding to attribute used when encrypting the shared resourceThereby generating index information of the shared resource informationFinally, the storage address of the shared resource in the down-link database is obtainedThen, terminal member ui+1Sending messagesGiving IP address as IPi+2Is terminal toPerson ui+2. Finally, terminal member ui+1Recording time information timei+1And will transmit the messagePackaging into a block; therein, Sigi+1Is terminal member ui+1Time, signature ofi+1Denoted as time stamps.
5) according to the above calculation process, each terminal member encapsulates the index information and identity information of the shared resource in their respective tiles and links them into a chain of tiles.
Step four: resource access and sharing
The terminal members in the domain determine ciphertext resources to be accessed according to the index information in the block, then send the identity information of the terminal members to the terminal members with shared ciphertext resources to be accessed, the terminal members with the access resources verify the identity of the access terminal, after the verification is passed, the terminal members with the access resources return the storage address of the ciphertext resources to the access terminal, the access terminal downloads the ciphertext resources according to the address, then selects corresponding parameters according to the index information and calculates a decryption key by using the Chinese remainder theorem, the ciphertext resources are decrypted to access and view, and the process is as follows:
(1) each terminal member u in the network domainjDetermining the data resource to be accessed according to the index information in the block chain, and the terminal member ujView the data resource owner uiIndex information in the block to obtain corresponding attribute serial numberAnd sends information according to the attribute sequence numberTo the owner uiWherein, signingOwner uiComputingThen owner ukBy verifying the equationWhether a verification terminal member u is establishedjThe identity of (c). If the verification passes, the owner ukThe linked database address of the shared resourceReturned to terminal member uj. Wherein j is more than or equal to 1 and less than or equal to n, i is not equal to j, i is more than or equal to 1 and less than or equal to n, mukIntermediate variables required for resource access, H2(. -) represents a hash function; r isjIs a terminal member ujThe number of the attributes of (a) is,indicating terminal member ujThe private key of (1).
(2) terminal member ujAccording to owner ukShared resource of (2)Downloading corresponding cipher text information ck,mThen according to the obtained attribute serial numberSelecting corresponding attribute authority parameters and network attribute parameters, and calculating decryption key according to Chinese remainder theoremAccording to the decryption key xjAnd decrypting the ciphertext ck,mCalculating to obtain plaintext, i.e. shared resource
Example 2
Fig. 1 shows a specific embodiment for explaining the contents and implementation methods of the present invention. In this embodiment, for convenience of illustration, the number of terminal members participating in information resource sharing is at most 10, and the entity set of the terminal members is expressed asThe set of corresponding entity terminal membership is represented asThe authentication center CA defines the attribute set of all terminal members as Attr ═ a1,A2,A3U terminal memberi(1. ltoreq. i. ltoreq.10) as attri={ai,1,ai,2,ai,3U terminal memberυ(1 is more than or equal to upsilon is less than or equal to 10, upsilon is not equal to i) is attrυ={aυ,1,aυ,2}. The details introduced in this example are not intended to limit the scope of the claims but to assist in understanding the manner of practicing the invention. Those skilled in the art will understand that: various modifications, changes or substitutions to the preferred embodiment steps are possible without departing from the spirit and scope of the invention and its appended claims. Therefore, the present invention should not be limited to the disclosure of the preferred embodiments and the accompanying drawings.
The method comprises the following steps: initialization
Hypothetical information sharing networkThe network comprises a certification center CA and 10 terminal members, wherein the certification center CA is used for generating system parameters and a system master key. The certification authority CA is also used to verify the identity of the terminal entity to track the identity of the anonymous terminal member in the blockchain. Set of 10 terminal members U ═ U1,u2,...,u10Denotes that the identities of the respective 10 terminal members are grouped togetherAnd (4) showing. The authentication center CA defines a network attribute sequence ATTR ═ a arranged in a specified order1|A2|A3The corresponding network attribute set is Attr ═ a1,A2,A3And A isj<Aj+1(j<3),R∈N*Indicating the number of network attributes. attri={ai,1,ai,2,ai,3Is terminal member u in the networkiCorresponding to the network attribute set arrangement order attri=ai,1|ai,2|ai,3,r∈N*And attribute ai,r-1<ai,rAnd r represents a terminal member uiThe r-th attribute of (1). (N)*Represents a positive integer)
If a terminal member wants to store the shared resource on the blockchain or the terminal wants to access the resource on the blockchain, the terminal member must be a legal authenticated member and have a corresponding access right.
The method for generating respective public/private key pairs by the authentication center CA in the information sharing network domain and each terminal member in the network comprises the following steps:
the certificate authority CA within the domain runs the key generation algorithm KeyGen (1)λ) Obtaining public and private key pair (SK)A,PKA) Wherein, in the step (A),as a system private key, and calculates a public key PKA=SKAg1(ii) a Each terminal member u in the domainiSelecting a random positive integer from e U (i is more than or equal to 1 and less than or equal to 10)ComputingIs terminal member uiThe private key of (1). Then calculates its public keyThe system parameter is params ═ (PK)A,q,G1,G2,g1,e,H1,H2) (ii) a Wherein, g1Is an addition group G1The generation element of (a) is generated,representing a set of integers of order q, q being an addition group G1Prime order of; i is more than or equal to 1 and less than or equal to 10, 10 is the number of terminal members in the domain,is a terminal member uiThe private key of (a) is used,is a terminal member uiThe public key of (a) is stored,is a terminal member uiThe identity of (2) is identified,are two hash functions.
Suppose G1Is an addition group, G2Is a multiplication loop group, calculating an addition group G1And multiplication cyclic group G2The discrete logarithm problem of (g) is difficult to solve1∈G1Is an addition group G1A generator of (1), an addition group G1And multiplication cyclic group G2With the same prime order q, there is one doubletLinear mapping function e G1×G1→G2。Are two hash functions.
The certificate authority CA within the domain runs the key generation algorithm KeyGen (1)λ) Obtaining public and private key pair (SK)A,PKA) Wherein, in the step (A),as a system private key, and calculates a public key PKA=SKAg1(ii) a Each terminal member u in the domainiSelecting a random positive integer from e U (i is more than or equal to 1 and less than or equal to 10)ComputingIs terminal member uiThe private key of (1). Then calculates its public keyThe system parameter is params ═ (PK)A,q,G1,G2,g1,e,H1,H2) (ii) a Wherein i is more than or equal to 1 and less than or equal to 10.
Step two: terminal member registration
(1) The CA selects a positive integer p of two-two mutualins1,p2,p3The authentication center CA uses the network attribute set and the corresponding attribute serial number and the positive integer { (A)1,S1,p1),(A2,S2,p2),(A3,S3,p3) Broadcasting to all terminal members in the network domain; wherein A isj(1. ltoreq. j. ltoreq.3) represents a network attribute, the network attribute Aj<Aj+1,j<3,SjThe representation corresponds to an attribute AjAttribute sequence number of pjThe representation corresponds to an attribute AjThe attribute parameter of (2).
(2) Possess attribute set attri={ai,1,ai,2,ai,3Terminal member u ofiComputing using attribute elements in an attribute setAndthen terminal member uiTo transmit informationSending the information to a certification center CA; wherein i is more than or equal to 1 and less than or equal to 10, thetai,1θi,2θi,3And oiRepresenting intermediate variables, attribute sets, required for registration of a terminal memberAnd attribute ai,1<ai,2<ai,3,Indicating terminal member uiThe ID of (a) is stored in the memory,indicating terminal member uiThe public key of (2).
(3) Receiving terminal member u by authentication center CAiTransmitted messageThen, the authentication center CA calculatesAnd passes the verification equationWhether a verification terminal member u is establishediIf the verification is passed, the certificate authority CA selects the identity corresponding to each attribute ai,kRandom number of(1. ltoreq. k. ltoreq.3), and then calculating χi,k=ιi,kθi,kAndi=SKA(ιi,1ai,1+ιi,2ai,2+ιi,3ai,3)g1(Note: for two different terminals member uiAnd ul(i ≠ l) two attributes a corresponding to each otheri,jAnd al,kIf j is k, iotai,j=ιl,k). The authentication center CA then passes the information { PKA,i,(χi,1,χi,2,χi,3) Sending it to registered terminal member ui. If the verification is not passed, the authentication center CA rejects the member from the network domain; wherein, χi,kIs the attribute parameter of the terminal member, k is more than or equal to 1 and less than or equal to 3,iis an intermediate parameter required by the registration of the terminal member; wherein, verifyingThe proving method comprises the following steps:
(4) terminal member uiReceiving information { PK sent by a certification center CAA,i,(χi,1,χi,2,χi,3) After that, terminal member ui(1. ltoreq. i.ltoreq.10) calculationAnd phii=(Ti,1+Ti,2+Ti,3). Terminal member uiBy verifying equation e: (i,g1)=e(Φi,PKA) Whether the identity and the attribute a of the authentication center CA are established or noti,k(k is more than or equal to 1 and less than or equal to 3) corresponding attribute authority parameter Ti,kIf the verification is passed, the terminal member uiObtain each attribute a thereofi,k(k is more than or equal to 1 and less than or equal to 3), and each terminal is successfully registered; if the verification fails, the terminal member is indicated to fail to register; wherein, Ti,1,Ti,2,Ti,3Attribute authority parameter, mu, representing a terminal memberiRegistering required intermediate variables for the terminal members; PKAA public key representing a certificate authority CA, e (-) being a computable bilinear mapping function formula; wherein, equation e: (i,g1)=e(Φi,PKA) The proving method comprises the following steps:
(5) finally, the authentication center CA sends the informationSend to terminal member uiAnd store to uiOn the block of (a).
Step three, resource encryption storage
Terminal members in the domain calculate an encryption key by using the Chinese remainder theorem, encrypt shared resource information and upload the encrypted resource information to a downlink database, and then store a storage address in an uplink block; meanwhile, index information (including the type of the ciphertext, brief description of the ciphertext, keywords and serial numbers corresponding to attribute parameters used during ciphertext encryption) for generating the shared ciphertext and identity information of each terminal member are uploaded to respective blocks, and block chains are generated. The specific process is as follows:
(1) the method for encrypting the shared resources and storing the shared resources under the link comprises the following steps:
1) each owning attribute set { a }i,1,ai,2,ai,3U terminal memberi(i is more than or equal to 1 and less than or equal to 10), when sharing the data resource, firstly, according to the attribute serial number { S corresponding to the own attribute1,S2,S3Get the corresponding network attribute parameter { p }1,p2,p3And then calculating by using the attribute authority parameters of the users
According to the Chinese remainder theorem, a unique solution can be calculatedWherein the content of the first and second substances, the shared information is encrypted and decrypted as a group key, so that the information sharing safety between terminals in a network domain is ensured. Wherein i is more than or equal to 1 and less than or equal to 10, groupkey,xiRepresenting a secret key, P, Pυ,yυIntermediate variables required for key calculation.
2) Each terminal member uiAfter calculating the key, the information to be sharedEncryption: terminal member uiBy calculation ofResource m is encrypted. Then, terminal member uiCiphertext resource c to be sharedi,mUploading to an on-chain database. Then, the memory address of the cipher text resource is usedReturning to the chain storage in the blocks; wherein the content of the first and second substances,as a plaintext space, ci,mIs an encrypted ciphertext.
(2) The method for storing the index information chain of the shared resource comprises the following steps:
1) in the network domain, each terminal u participating in resource sharingi(1 ≦ i ≦ 10) broadcasting his IP address and public key;
2) after the members in the domain receive the messages broadcast by other members, each member is sorted according to the size of the IP address. Each member then stores the public keys and IP addresses of its previous and next members. We have found thatAssume a sequence set of
3) Terminal member uiAccording to information shared by Certificate Authority (CA)ComputingThen uiResource shared to itCategorizing acquisition of categories of shared resourcesThen a brief overview of the shared resources is given(mainly for resource visitors to find resources). At the same time, extracting keywords of shared resourcesAn attribute sequence number (S) corresponding to an attribute used when encrypting the shared resource1,m,S2,m,S3,m) Thereby generating index information of the shared resource informationFinally, the storage address of the shared resource in the down-link database is obtainedThen, terminal member uiSending messagesGiving IP address as IPi+1Terminal member ui+1. Finally, terminal member uiRecording time information timeiAnd will transmit the messagePackaging into a block; therein, SigiIs terminal member uiTime, signature ofiDenoted as time stamps.
4) Terminal member ui+1Receiving terminal member uiTransmitted informationThen, terminal member ui+1The IP address of the user and the terminal member uiIP address comparison in blocks and comparison of information (χ)i,1,χi,2,χi,3) If the IP address and information (x) are the same as those stored in the block by CAi,1,χi,2,χi,3) Are all equal, terminal member ui+1A new block is written. Terminal member ui+1Calculating mui=H2(χi,1||χi,2||χi,3) And according to the equationVerification of uiIf the equality holds, terminal member ui+1It may be determined that the message was sent by a previous member; terminal member ui+1According to information shared by CAComputingThen, terminal member ui+1Resource shared to itCategorizing acquisition of categories of shared resourcesThen a brief overview of the shared resources is given(mainly for resource visitors to find resources). At the same time, extracting keywords of shared resourcesAn attribute sequence number (S) corresponding to an attribute used when encrypting the shared resource1,m,S2,m,S3,m) Thereby generating index information of the shared resource informationFinally, the storage address of the shared resource in the down-link database is obtainedThen, terminal member ui+1Sending messagesGiving IP address as IPi+2Terminal member ui+2. Finally, terminal member ui+1Recording time information timei+1And will transmit the messagePackaging into a block; therein, Sigi+1Is terminal member ui+1Time, signature ofi+1Denoted as time stamp; wherein the content of the first and second substances,the proving method comprises the following steps:
5) according to the above calculation process, each terminal member encapsulates the index information and identity information of the shared resource in their respective blocks and links them into block chains;
resource access and sharing
The terminal members in the domain determine the data resources to be accessed according to the index information in the block, then send the identity information of the terminal members to the terminal members with the shared resources to be accessed, the terminal members with the accessed resources verify the identity of the access terminal, after the verification is passed, the terminal members with the accessed resources return the storage address of the resources to the access terminal, the access terminal downloads the resource ciphertext according to the address, then selects the corresponding parameters according to the index information and calculates the decryption key by using the Chinese remainder theorem, decrypts the ciphertext for access and viewing, and the process is as follows:
(1) each terminal member u in the network domainj(j is more than or equal to 1 and less than or equal to 10, i is not equal to j) determining the data resource which is to be accessed according to the index information in the block chain, and u isjView the data resource owner ukIndex information in the block, obtaining corresponding attribute serial number (S)1,m,S2,m,S3,m) And sends information according to the attribute sequence numberFeeding uk(k is more than or equal to 1 and less than or equal to 10, k is not equal to j), wherein,ukcalculating muk=H2(χj,1||χj,2||χj,3) Then u iskBy the equationVerification of ujThe identity of (c). If the verification passes, ukThe linked database address of the shared resourceIs returned to uj. Wherein j is more than or equal to 1 and less than or equal to 10, mukIntermediate variables required for resource access, H2(. -) represents a hash function; wherein the equationThe proving method comprises the following steps:
(2) terminal member ujAccording to terminal member ukShared resource of (2)Downloading corresponding cipher text information ck,mThen according to the obtained attribute serial number (S)1,m,S2,m,S3,m) Selecting corresponding attribute authority parameters and network attribute parameters, and calculating decryption key according to Chinese remainder theoremDecipher the ciphertext ck,mCalculating to obtain a plaintext
The authentication center and the terminal members in the information sharing network domain generate respective public/private key pairs; terminal members in the domain interact with the authentication center CA to perform attribute authentication to obtain attribute authority parameters and other related attribute parameters, and registration is completed; after verifying the identity of each terminal member, the CA sends the public key of the CA, the public key of each terminal member, the attribute parameters, the network attribute parameters and the attribute serial number to each terminal member, and each terminal member stores the information in respective block; the terminal member selects corresponding parameters to calculate an encryption key according to the Chinese remainder theorem and encrypts shared resource information into a ciphertext, stores the ciphertext in a linked database of a block chain, and stores a storage address of the shared ciphertext in a linked block; storing the category of the shared ciphertext resource, the general description information, the key words, index information such as serial numbers corresponding to attribute parameters used in ciphertext encryption and the like and a down-link storage address, namely identity information of each terminal member in each block to generate a block chain; the terminal member determines the data resource to be accessed according to the index information in the block chain, then sends the identity information of the terminal member to the terminal member with the shared resource to be accessed, the terminal member with the accessed resource verifies the identity of the access terminal, after the verification is passed, the terminal member with the accessed resource returns the down-link storage address of the resource to the access terminal, the access terminal downloads the resource ciphertext according to the storage address, then selects the corresponding attribute parameter according to the index information and calculates the decryption key by using the Chinese remainder theorem, decrypts the ciphertext to check the resource information, and thereby obtains the shared resource information.
The invention is based on hidden attribute authentication and block chain technology theory, and is provided on the premise of taking decision bilinear Diffie-Hellman (DBDH) problem as a safety hypothesis, the identity authentication technology adopting hidden attribute realizes personal privacy protection in the identity authentication process of resource information sharing, and the block chain technology is adopted to store data, thereby not only ensuring the safety of data information, but also evenly distributing calculation and communication expenses on each node, adopting identity and attribute authority parameter matching joint authentication, avoiding collusion attack of terminal members without authority, and ensuring the safety and flexibility of information resource safety sharing. The invention realizes identity authentication of each terminal member in the industrial Internet of things, encrypts and uploads information resources to the downlink database, and then downloads, decrypts and checks the resource information to be accessed according to the index information ciphertext storage address and the calculation parameter in the block, so as to realize safety and flexibility of information resource sharing.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (10)
1. A method for safely sharing data of an Internet of things based on privacy protection is characterized by comprising the following steps:
the method comprises the following steps: initialization of protocol parameters in an information sharing network domain: the CA and each terminal member generate respective public/private key pairs;
step two: registration of terminal members:
A) the authentication center CA selects network attribute parameters which are in one-to-one correspondence with the network attributes in the network attribute set, simultaneously generates attribute serial numbers which are in correspondence with the ordered network attribute set, and broadcasts the network attributes in the network attribute set, the corresponding network attribute parameters and the attribute serial numbers to all terminal members in the domain;
B) each terminal member calculates intermediate parameters required by terminal member registration by using the attributes in the respective ordered attribute set, and then sends the intermediate parameters to a Certificate Authority (CA);
C) after receiving the message sent by each terminal member, the CA verifies the identity of each terminal member, if the verification is passed, the CA selects a series of random numbers, calculates the attribute authority parameters and the signature, and sends the attribute authority parameters, the signature and the public key to each registered terminal member;
D) after each terminal member receives the message sent by the authentication center CA, the terminal member calculates the attribute authority parameters and intermediate parameters required by the registration of the terminal member, the terminal member verifies the identity of the authentication center CA and the correctness of the attribute authority parameters, if the verification is passed, each terminal member obtains the attribute authority parameters corresponding to the attributes, and the registration of each terminal member is successful;
E) the CA sends the public key, the attribute authority parameter, the attribute serial number and the corresponding network attribute parameter to each terminal member and stores the public key, the attribute authority parameter, the attribute serial number and the corresponding network attribute parameter in a block of each terminal member;
step three: information resource encryption storage:
F) the terminal member acquires the attribute authority parameters of the terminal member, calculates an encryption key by using the attribute serial number and the corresponding network attribute parameters according to the Chinese remainder theorem, encrypts the shared information resource into a ciphertext and stores the ciphertext in a linked database of the block chain;
G) the terminal members calculate intermediate parameters required by information resource storage according to the IP address sequencing, generate index information of a shared ciphertext, send the intermediate parameters required by the ciphertext, a public key, the IP address of the next terminal member and the attribute authority parameters acquired from the authentication center CA to the next terminal member, and package the information, the storage address of the ciphertext and a timestamp in a block;
H) after the next terminal member acquires the message sent by the last terminal member, the IP address and the attribute authority parameters are compared, if the message is correct, the terminal member writes a new block, calculates the intermediate parameters required by the stored ciphertext, generates the index information of the shared ciphertext, sends the intermediate parameters required by the stored resource, the public key, the IP address of the next terminal member and the attribute authority parameters acquired from the authentication center CA to the next terminal member, and encapsulates the information, the stored address of the ciphertext and the timestamp in a block; by analogy, each terminal member stores the relevant information of the ciphertext in the block to generate a block chain so that other terminal members can access the ciphertext;
step four: ciphertext access and sharing:
I) each terminal member determines a ciphertext which the terminal member wants to access according to the index information of the ciphertext resource in the block chain, then sends a public key, an attribute authority parameter and a signature of the terminal member to the terminal member possessing the ciphertext resource, and the terminal member possessing the ciphertext resource verifies the identity of the terminal member and returns a storage address to the terminal member; the terminal member downloads the ciphertext information from the linked database according to the storage address, selects the corresponding attribute authority parameters and the network attribute parameters according to the attribute serial number in the terminal member block with the ciphertext resource, calculates a decryption key according to the Chinese remainder theorem, and decrypts the ciphertext information to obtain the shared ciphertext.
2. The Internet of things data security sharing method based on privacy protection as claimed in claim 1, wherein the index information includes category, brief description, keyword of cipher text resource and attribute serial number required for encryption.
3. The Internet of things data security sharing method based on privacy protection as claimed in claim 1 or 2, wherein in the first step, the method for the authentication center CA and each terminal member to generate respective public/private key pairs is as follows:
(1) the CA randomly selects a master key, and calculates a public/private key pair by using a generator of the addition group: the authentication center CA randomly selects a positive integerAs a system private key, and calculates a public key PKA=SKAg1The authentication center CA will (SK)A,PKA) As a public/private key pair of the system; wherein, g1Is an addition group G1The generation element of (a) is generated,representing a set of integers of order q, q being an addition group G1Prime order of;
(2) each terminal member u in the domainiRandomly selecting a public key, and calculating a private key of the public key by using a generator of an addition group: each terminal member uiSelecting a random positive integerComputing terminal member uiPrivate key ofAnd public keyWherein i is more than or equal to 1 and less than or equal to n, n is the number of terminal members in the domain,is a terminal member uiThe identity of (2) is identified,is a hash function, {0,1}*Representing a set of numeric strings of arbitrary length consisting of binary 0 and 1.
4. The Internet of things data security sharing method based on privacy protection as claimed in claim 3, wherein the method for registering the terminal member in the second step is as follows:
A) the CA selects a group of positive integers p of pairwise reciprocity elements1,p2,....,pRThe certification center CA sets the ordered network attribute set Attr as { a ═ a1,A2,...,Aν,...,ARAnd an attribute order number S corresponding to the set of network attributes1,S2,...,Sν,...,SRAnd positive integer p1,p2,....,pν,....pRComposition message { (A)1,S1,p1),(A2,S2,p2),...,(AR,SR,pR) Broadcasting to all terminal members in the domain; wherein, the network attribute Aν<Aν+1,1≤ν≤R,R∈N*Representing the number of network attributes, N*Denotes a positive integer, SνThe representation corresponds to the network attribute AνAttribute sequence number of pνThe representation corresponds to an attribute AνAn attribute parameter;
B) terminal member uiUsing its ordered set of attributes attri={ai,1,ai,2,...,ai,k,...,ai,riThe attribute elements in the } compute intermediate variablesAndterminal member uiTo transmit informationSending the information to a certification center CA; wherein i is more than or equal to 1 and less than or equal to n, thetai,1,θi,2,...,And oiRepresenting intermediate variables, attribute sets, required for registration of a terminal memberri∈N*And attributeriIs a terminal member uiNumber of attributes of (a)i,kIs a terminal member uiThe (k) th attribute of (2),indicating terminal member uiThe identity of (2) is identified,indicating terminal member uiThe public key of (2); PKARepresenting the public key of the certificate authority CA,indicating terminal member uiA random positive integer of the public key and the private key is calculated,is a hash function, | | is a connection symbol;
C) CA receiving terminal member u of authentication centeriTransmitted messageThereafter, the certificate authority CA calculates intermediate variablesAnd passes the verificationWhether to authenticate terminal member u in standingiIf the equality holds, the certificate authority CA selects the identity corresponding to each attribute ai,kRandom number ofThen, the intermediate variable χ is calculatedi,k=ιi,kθi,kAndauthentication center CA will informationSent to registered terminal member ui(ii) a If the equality is not satisfied, the authentication center CA will use the terminal member uiEliminating the region; wherein k represents a terminal member uiThe kth attribute of (1), χi,kIs a terminal member uiThe k-th attribute parameter of (2),iis terminal member uiRegistering required intermediate parameters;
D) terminal member uiReceiving the information sent by the authentication center CAThen, terminal member uiComputing attribute rights parametersAnd intermediate variablesTerminal member uiBy verifying equation e: (i,g1)=e(Φi,PKA) Whether the identity and the attribute a of the authentication center CA are established or noti,kCorresponding attribute authority parameter Ti,kIf the equation holds, the terminal member uiObtain each attribute a thereofi,kCorresponding attribute authority parameter, terminal member uiThe registration is successful; if the equality is not true, terminal member uiThe registration fails; wherein, Ti,1,Ti,2,...,Ti,riAttribute authority parameter, phi, representing terminal memberiRepresenting intermediate variables required for verifying the identity of the certificate authority CA;e (-) is a computable bilinear mapping function;
6. the Internet of things data security sharing method based on privacy protection as claimed in claim 4, wherein the method for encrypting the information resource shared in step three, namely F), into the ciphertext and storing the ciphertext in the downlink database of the blockchain comprises the following steps:
1) each having an ordered set of attributesTerminal member uiWhen sharing its information resource, terminal member uiAccording to the attribute serial number S corresponding to the attribute1,S2,...,SriGet the corresponding network attribute parameterComputing equation by using own attribute authority parametersTo produce a unique solutionWherein the content of the first and second substances,(ii) a Group keyP、pυAnd yυIntermediate variables required for key calculation; mod represents a remainder function;
2) each terminal member uiCalculating group key groupkeyThen, for the information to be sharedAnd (3) encryption: terminal member uiComputing an encrypted ciphertextEncrypting information m; terminal member uiSharing the encrypted ciphertext ci,mUpload to the down-link database and forward the ciphertext ci,mIs stored at the addressReturning to the down-link database in the block for storage; wherein the content of the first and second substances,is a plaintext space.
7. The Internet of things data security sharing method based on privacy protection as claimed in claim 6, wherein the method for storing the index information of the ciphertext shared in the steps G) and H) is as follows:
1) in the domain, participate in resource sharingEach terminal member u ofiBroadcasting its IP address and public key;
2) after the terminal members in the domain receive the messages broadcast by other members, each terminal member sorts according to the size of the IP address, and each terminal member stores the public keys and the IP addresses of the former terminal member and the latter terminal member; ordered set ordered according to the size of the IP address asn is the number of terminal members in the domain,indicating terminal member uiOf public key, IPiIndicating terminal member uiThe IP address of (2);
3) terminal member uiAccording to information shared by Certificate Authority (CA)Computing signaturesTerminal member uiInformation shared to itCategorizing acquisition of categories of shared resourcesGiving a short overview of shared resourcesExtracting keywords of shared informationAttribute serial number corresponding to attribute used when encrypting information mGenerating index information of the shared resource informationTerminal member uiObtaining the storage address of the shared information m in the down-link databaseTerminal member uiSending messagesGiving IP address as IPi+1Terminal member ui+1(ii) a Terminal member uiRecording time information timeiAnd will transmit the messagePackaging into a block; therein, SigiIs terminal member uiTime, signature ofiDenoted as time stamp; s1,m,S2,m,...,Respectively representing attribute serial numbers corresponding to the attributes used in encryption;
4) terminal member ui+1Receiving terminal member uiTransmitted informationThen, terminal member ui+1The IP address of the user and the terminal member uiComparing IP addresses in the blocks of (1), and comparing informationIf the attribute authority parameters are the same as those stored in the block by the authentication center CA, if the IP address and the information are the sameAre all the same, terminal member ui+1Writing a new tile, terminal member ui+1ComputingAnd passes the verification equationVerifying terminal member uiIf the equality holds, terminal member ui+1Determining that the message was sent by the previous member, terminal member ui+1According to information shared by Certificate Authority (CA)Computing signaturesTerminal member ui+1Information shared to itCategorizing acquisition of categories of shared resourcesGiving a short overview of shared resourcesExtracting keywords of shared resourcesAttribute serial number corresponding to attribute used when encrypting the shared information mThereby generating index information of the shared resource informationObtaining storage address of shared resource in down-link databaseTerminal member ui+1Sending messagesGiving IP address as IPi+2Terminal member ui+2(ii) a Terminal member ui+1Recording time information timei+1And will transmit the messagePackaging into a block; if the equality is not true, terminal member ui+1Determining that the message was not sent by a previous terminal member, ignoring the message, and kicking the terminal member sending the message out of the network domain; therein, Sigi+1Is terminal member ui+1Time, signature ofi+1Denoted as time stamp;
5) each terminal member uiThe index information and identity information of the shared information are encapsulated in their respective tiles and linked into a chain of tiles.
9. the Internet of things data security sharing method based on privacy protection as claimed in claim 7, wherein the resource access and sharing method in the fourth step is as follows:
(1) each terminal member u in the domainjDetermining a desired access based on index information in a block chainInformation asked, terminal member ujTerminal member u of owner viewing the informationiIndex information in the block to obtain corresponding attribute serial numberAnd sends information according to the attribute sequence numberTo the owner uiWherein, signingTerminal member uiCalculating intermediate variablesTerminal member uiBy verifying the equationWhether a verification terminal member u is establishedjThe identity of (a); if the equation holds, terminal member uiThe linked database address of the shared resourceReturned to terminal member uj(ii) a If the equality is not satisfied, then the terminal member u is representedjThe identity is in a problem and the resource cannot be accessed; wherein j is more than or equal to 1 and less than or equal to n, i is not equal to j, i is more than or equal to 1 and less than or equal to n, uiTerminal member, mu, representing the owner of the resource informationiIntermediate variables required for resource access, H2(. -) represents a hash function; r isjIs a terminal member ujThe number of the attributes of (a) is,indicating terminal member ujThe private key of (1);
(2) terminal member ujAccording to owner ukShared resource of (2)Downloading information c of corresponding cipher textk,mThen according to the obtained attribute serial numberSelecting corresponding attribute authority parameters and network attribute parameters, and calculating decryption key according to Chinese remainder theoremAccording to the decryption key xjAnd decrypting the ciphertext ck,mCalculating to obtain plaintext, i.e. shared resource
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011001418.6A CN112165472B (en) | 2020-09-22 | 2020-09-22 | Internet of things data security sharing method based on privacy protection |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011001418.6A CN112165472B (en) | 2020-09-22 | 2020-09-22 | Internet of things data security sharing method based on privacy protection |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112165472A true CN112165472A (en) | 2021-01-01 |
CN112165472B CN112165472B (en) | 2022-09-27 |
Family
ID=73864360
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011001418.6A Active CN112165472B (en) | 2020-09-22 | 2020-09-22 | Internet of things data security sharing method based on privacy protection |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112165472B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112835912A (en) * | 2021-04-20 | 2021-05-25 | 卓尔智联(武汉)研究院有限公司 | Data storage method and device based on block chain and storage medium |
CN113472528A (en) * | 2021-06-28 | 2021-10-01 | 深圳供电局有限公司 | Method and system for safely transmitting data between mechanisms |
CN113489733A (en) * | 2021-07-13 | 2021-10-08 | 郑州轻工业大学 | Block chain-based content center network privacy protection method |
CN113672981A (en) * | 2021-08-20 | 2021-11-19 | 国网河南省电力公司信息通信公司 | Electric power thing networking data access control system based on block chain |
CN117407849A (en) * | 2023-12-14 | 2024-01-16 | 四川省电子产品监督检验所 | Industrial data security protection method and system based on industrial Internet technology |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103107992A (en) * | 2013-02-04 | 2013-05-15 | 杭州师范大学 | Multistage authority management method for cloud storage enciphered data sharing |
CN106503994A (en) * | 2016-11-02 | 2017-03-15 | 西安电子科技大学 | Block chain private data access control method based on encryption attribute |
WO2018158102A1 (en) * | 2017-02-28 | 2018-09-07 | Airbus Helicopters | Integrated method and device for storing and sharing data |
CN109257173A (en) * | 2018-11-21 | 2019-01-22 | 郑州轻工业学院 | Asymmetric group key agreement method based on authority information exchange |
CN110011795A (en) * | 2019-04-12 | 2019-07-12 | 郑州轻工业学院 | Symmetric group cryptographic key negotiation method based on block chain |
CN110166258A (en) * | 2019-06-21 | 2019-08-23 | 郑州轻工业学院 | The group key agreement method authenticated based on secret protection and attribute |
CN110266482A (en) * | 2019-06-21 | 2019-09-20 | 郑州轻工业学院 | A kind of asymmetric group key agreement method based on block chain |
CN110912897A (en) * | 2019-11-27 | 2020-03-24 | 郑州轻工业大学 | Book resource access control method based on ciphertext attribute authentication and threshold function |
CN111447058A (en) * | 2020-03-30 | 2020-07-24 | 郑州轻工业大学 | Book resource access control method based on Chinese remainder theorem |
-
2020
- 2020-09-22 CN CN202011001418.6A patent/CN112165472B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103107992A (en) * | 2013-02-04 | 2013-05-15 | 杭州师范大学 | Multistage authority management method for cloud storage enciphered data sharing |
CN106503994A (en) * | 2016-11-02 | 2017-03-15 | 西安电子科技大学 | Block chain private data access control method based on encryption attribute |
WO2018158102A1 (en) * | 2017-02-28 | 2018-09-07 | Airbus Helicopters | Integrated method and device for storing and sharing data |
CN109257173A (en) * | 2018-11-21 | 2019-01-22 | 郑州轻工业学院 | Asymmetric group key agreement method based on authority information exchange |
CN110011795A (en) * | 2019-04-12 | 2019-07-12 | 郑州轻工业学院 | Symmetric group cryptographic key negotiation method based on block chain |
CN110166258A (en) * | 2019-06-21 | 2019-08-23 | 郑州轻工业学院 | The group key agreement method authenticated based on secret protection and attribute |
CN110266482A (en) * | 2019-06-21 | 2019-09-20 | 郑州轻工业学院 | A kind of asymmetric group key agreement method based on block chain |
CN110912897A (en) * | 2019-11-27 | 2020-03-24 | 郑州轻工业大学 | Book resource access control method based on ciphertext attribute authentication and threshold function |
CN111447058A (en) * | 2020-03-30 | 2020-07-24 | 郑州轻工业大学 | Book resource access control method based on Chinese remainder theorem |
Non-Patent Citations (2)
Title |
---|
ZHANGQIKUN 等: "Group Key Agreement Protocol Based on Privacy Protection and Attribute Authentication", 《SECURITY AND PRIVACY IN EMERGING DECENTRALIZED COMMUNICATION ENVIRONMENT》 * |
李勇、等: "云环境下一种隐私文件分类存储与保护方案", 《计算机应用研究》 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112835912A (en) * | 2021-04-20 | 2021-05-25 | 卓尔智联(武汉)研究院有限公司 | Data storage method and device based on block chain and storage medium |
CN113472528A (en) * | 2021-06-28 | 2021-10-01 | 深圳供电局有限公司 | Method and system for safely transmitting data between mechanisms |
CN113472528B (en) * | 2021-06-28 | 2023-12-01 | 深圳供电局有限公司 | Method and system for safely transmitting data between institutions |
CN113489733A (en) * | 2021-07-13 | 2021-10-08 | 郑州轻工业大学 | Block chain-based content center network privacy protection method |
CN113489733B (en) * | 2021-07-13 | 2022-07-29 | 郑州轻工业大学 | Content center network privacy protection method based on block chain |
CN113672981A (en) * | 2021-08-20 | 2021-11-19 | 国网河南省电力公司信息通信公司 | Electric power thing networking data access control system based on block chain |
CN113672981B (en) * | 2021-08-20 | 2023-06-23 | 国网河南省电力公司信息通信公司 | Block chain-based data access control system for electric power Internet of things |
CN117407849A (en) * | 2023-12-14 | 2024-01-16 | 四川省电子产品监督检验所 | Industrial data security protection method and system based on industrial Internet technology |
CN117407849B (en) * | 2023-12-14 | 2024-02-23 | 四川省电子产品监督检验所 | Industrial data security protection method and system based on industrial Internet technology |
Also Published As
Publication number | Publication date |
---|---|
CN112165472B (en) | 2022-09-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112165472B (en) | Internet of things data security sharing method based on privacy protection | |
CN110266482B (en) | Asymmetric group key negotiation method based on block chain | |
Odelu et al. | Provably secure authenticated key agreement scheme for smart grid | |
CN112019591B (en) | Cloud data sharing method based on block chain | |
CN110011795B (en) | Symmetric group key negotiation method based on block chain | |
CN109257173B (en) | Asymmetric group key negotiation method based on authority information exchange | |
CN109145612B (en) | Block chain-based cloud data sharing method for preventing data tampering and user collusion | |
CN110912897B (en) | Book resource access control method based on ciphertext attribute authentication and threshold function | |
CN112383550B (en) | Dynamic authority access control method based on privacy protection | |
AU2003202511A1 (en) | Methods for authenticating potential members invited to join a group | |
Xu et al. | Server-aided bilateral access control for secure data sharing with dynamic user groups | |
Xu et al. | Expressive bilateral access control for internet-of-things in cloud-fog computing | |
Chen et al. | CL-ME: Efficient certificateless matchmaking encryption for Internet of Things | |
Zhang et al. | VCLPKES: Verifiable certificateless public key searchable encryption scheme for industrial Internet of Things | |
Kamil et al. | A lightweight CLAS scheme with complete aggregation for healthcare mobile crowdsensing | |
Huang et al. | Privacy-preserving public auditing for non-manager group | |
Yu et al. | EC-SVC: Secure can bus in-vehicle communications with fine-grained access control based on edge computing | |
Diffie et al. | New Directions in cryptography (1976) | |
CN117201132A (en) | Multi-committee attribute base encryption method capable of achieving complete decentralization and application of multi-committee attribute base encryption method | |
CN111447058B (en) | Book resource access control method based on Chinese remainder theorem | |
Hwang et al. | Robust stream‐cipher mode of authenticated encryption for secure communication in wireless sensor network | |
Vangala et al. | Blockchain-Based Robust Data Security Scheme in IoT-Enabled Smart Home. | |
CN116318663A (en) | Multi-strategy safe ciphertext data sharing method based on privacy protection | |
CN113346993B (en) | Layered dynamic group key negotiation method based on privacy protection | |
CN115941221A (en) | Access control method based on block chain in mobile edge cloud cooperation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |