CN112560071A - Data sharing method with functions of auditing and designating verifier - Google Patents
Data sharing method with functions of auditing and designating verifier Download PDFInfo
- Publication number
- CN112560071A CN112560071A CN202011578108.0A CN202011578108A CN112560071A CN 112560071 A CN112560071 A CN 112560071A CN 202011578108 A CN202011578108 A CN 202011578108A CN 112560071 A CN112560071 A CN 112560071A
- Authority
- CN
- China
- Prior art keywords
- data
- digital signature
- auditor
- user
- owner
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data sharing method with functions of auditing and designating verifiers. The invention has three types of participants, namely a data owner, a data auditor and a data user. The data owner shares own data to the data user. The data auditor will audit the shared data and modify it according to the regulations. To ensure the authenticity of the data, the data owner needs to digitally sign the data before sending it. When the data needs to be modified, the data auditor does not need to interact with the data owner, and the data auditor directly modifies the data and generates a corresponding new digital signature. Only the data consumer can verify the source of the data, i.e. only the data consumer can verify the validity of the digital signature.
Description
Technical Field
The invention belongs to the technical field of information security, and relates to a data sharing method with functions of auditing and designating a verifier.
Background
At present, people pay more and more attention to the security problem of mass data storage of computers and the anti-theft and anti-tampering problems of sensitive data. The database system is used as a core component of a computer information system, and the database file is used as an aggregate of information, so that the security of the database system is important in the information industry. In order to ensure the security of the database, for some applications in important departments or sensitive fields, it is necessary to encrypt important data stored in the database.
After the database is encrypted, the database system often needs to give different users different usage rights. The traditional key distribution and management mechanism is difficult to distinguish users with different use authorities, and can not prevent legal users from using the database without the right, nor verify the illegal use of the database by the users. By adopting a digital signature technology in the modern cryptographic technology, security protection can be implemented on an encryption key and an authorization certificate of the database, and a legal user can access the database according to authorization after providing a correct authorization certificate.
In a data sharing system using conventional digital signatures, when data needs to be modified, a data auditor must interact with a data owner, modify the data, and re-sign the data.
In a data sharing system using modifiable digital signatures, anyone can verify the authenticity of the data, which to some extent reveals privacy, i.e. where the data came from. In a data sharing system, only the data user needs to be able to verify the source of the data.
Disclosure of Invention
The invention provides a data sharing method with functions of auditing and designating verifiers, aiming at the defects of the prior art.
The technical scheme of the invention is as follows:
the invention comprises the following steps:
step 1, generating system parameters
The system parameters comprise: bilinear group with large prime number q And bilinear mapping thereon One generator g, and two hash functions H: and H':
step 2, the data owner is selected fromRandomly selecting a random number x as a signature private key and calculatingWhereinIs an integer in the range of 1 to (q-1);
the data owner discloses a signature verification public key pk ═ y of the data owner, and reserves a signature private key sk ═ x of the data owner;
step 3, the data auditorRandomly selecting a random number v as a data modification private key and calculating a data modification public key
The data auditor discloses a data modification public key u and reserves a data modification private key v of the data auditor;
step 4, the data user slaveRandomly selects a random number x' as a private key, and calculates a public key of a data user
The data user discloses a public key y 'of the data user and reserves a private key x' of the data user;
step 5, when the data m needs to be shared, the data owner carries out digital signature on the data m to be shared, and the data owner does the following operations:
d) Setting (r, sigma) as a digital signature of the data m, and marking sig as (r, sigma);
e) sending the data m and the digital signature sig thereof to a data auditor;
step 5, when the data auditor receives the data m and the digital signature sig thereof, the data m is audited correspondingly;
if the verification is passed, the data m and the digital signature sig thereof are forwarded to a data user;
if the audit is not passed, the following operations are carried out:
g) Setting (r ', σ) as a digital signature of the data m', and marking as sig '═ r', σ;
h) sending the data m 'and the digital signature sig' thereof to a data user;
step 6, after receiving the data m 'and the digital signature sig' thereof, the data user verifies the validity of the data m 'and the digital signature sig', and if the following equation is established, the signature is valid;
the invention has the beneficial effects that:
1. when the data needs to be modified, the data auditor does not need to interact with the data owner, and the corresponding new digital signature is directly modified and generated.
2. Only the data consumer can verify the source of the data, i.e. only the data consumer can verify the validity of the digital signature.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
There are three types of participants in the present invention, data owner, data auditor and data user respectively. The data owner shares own data to the data user. The data auditor will audit the shared data and modify it according to the regulations. To ensure the authenticity of the data, the data owner needs to digitally sign the data before sending it. In addition, in the present invention, a plurality of data owners, a plurality of data auditors, and a plurality of data users may exist simultaneously.
The specific steps of the present invention are described in detail below with reference to fig. 1:
step 1, system parameter generation (this step may be performed by an authority).
The system parameters include: bilinear group with large prime number q And bilinear mapping thereon One generator g, and two hash functions H:and H':all people in the system know these system parameters.
Wherein the bilinear map is defined in bilinear groups A mapping of (a). In particular, the present invention relates to a method for producing,is a finite cyclic group of order large prime number q, mapped The following three conditions are satisfied:
When in useAt first, callSymmetric bilinear mapping, otherwise referred to as asymmetric bilinear mapping.
Step 2, the data owner is selected fromRandomly selecting a random number x and calculatingThe data owner discloses its signature verification public key pk ═ y, but retains its own signature private key sk ═ x.
Step 3, the data auditorRandomly selecting a random number v and calculatingThe data auditor discloses its data modification public key u, but retains its own data modification private key v.
Step 4, the data user slaveRandomly selecting a random number x' and calculatingThe data consumer publishes its public key y 'but retains its own private key x'.
And 5, when data needs to be shared, the data owner carries out digital signature on the data.
Assuming that the data to be shared is m, the data owner does the following:
d) Setting (r, sigma) as a digital signature of the data m, and marking sig as (r, sigma);
e) and sending the data m and the digital signature sig thereof to a data auditor.
And 6, when the data m and the digital signature sig thereof are received by the data auditor, carrying out related audit on the data m. If the verification is passed, the data m and the digital signature sig thereof are forwarded to the data user. If the audit is not passed, the following operation is performed (assuming that the modified data is m')
g) Setting (r ', σ) as a digital signature of the data m', and marking as sig '═ r', σ;
h) and sending the data m 'and the digital signature sig' thereof to a data user.
And 6, after receiving the data and the digital signature thereof, the data user verifies the validity of the data and the digital signature thereof. According to the above step, it can be known that the data and the digital signature received by the data user may be m and sig, or m 'and sig'. But mathematically, both cases are essentially the same, so that the validity of the signature can be verified by the following equation.
Claims (1)
1. A data sharing method having a function of auditing and designating verifiers, characterized by comprising the steps of:
step 1, systemGenerating system parameters, wherein the system parameters comprise: bilinear group with large prime number qAnd bilinear mapping thereonOne generator g of (1), and two hash functionsAnd
step 2, the data owner is selected fromRandomly selecting a random number x as a signature private key and calculatingWhereinIs an integer in the range of 1 to (q-1);
the data owner discloses a signature verification public key pk ═ y of the data owner, and reserves a signature private key sk ═ x of the data owner;
step 3, the data auditorRandomly selecting a random number v as a data modification private key and calculating a data modification public key
The data auditor discloses a data modification public key u and reserves a data modification private key v of the data auditor;
step 4, the data user slaveRandomly selects a random number x' as a private key, and calculates a public key of a data user
The data user discloses a public key y 'of the data user and reserves a private key x' of the data user;
step 5, when the data m needs to be shared, the data owner carries out digital signature on the data m to be shared, and the data owner does the following operations:
d) Setting (r, sigma) as a digital signature of the data m, and marking sig as (r, sigma);
e) sending the data m and the digital signature sig thereof to a data auditor;
step 5, when the data auditor receives the data m and the digital signature sig thereof, the data m is audited correspondingly;
if the verification is passed, the data m and the digital signature sig thereof are forwarded to a data user;
if the audit is not passed, the following operations are carried out:
g) Setting (r ', σ) as a digital signature of the data m', and marking as sig '═ r', σ;
h) sending the data m 'and the digital signature sig' thereof to a data user;
step 6, after receiving the data m 'and the digital signature sig' thereof, the data user verifies the validity of the data m 'and the digital signature sig', and if the following equation is established, the signature is valid;
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011578108.0A CN112560071B (en) | 2020-12-28 | 2020-12-28 | Data sharing method with functions of auditing and designating verifier |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011578108.0A CN112560071B (en) | 2020-12-28 | 2020-12-28 | Data sharing method with functions of auditing and designating verifier |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112560071A true CN112560071A (en) | 2021-03-26 |
CN112560071B CN112560071B (en) | 2022-06-14 |
Family
ID=75033874
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011578108.0A Active CN112560071B (en) | 2020-12-28 | 2020-12-28 | Data sharing method with functions of auditing and designating verifier |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112560071B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101420304A (en) * | 2008-11-25 | 2009-04-29 | 西安理工大学 | Security protection method for electronic document digital signature based on discrete logarithm |
US20090327735A1 (en) * | 2008-06-26 | 2009-12-31 | Microsoft Corporation | Unidirectional multi-use proxy re-signature process |
WO2014109059A1 (en) * | 2013-01-11 | 2014-07-17 | 株式会社日立製作所 | Data encryption storage system and method |
CN107147720A (en) * | 2017-05-16 | 2017-09-08 | 安徽大学 | Traceable effective public auditing method and traceable effective public auditing system in cloud storage data sharing |
CN108664814A (en) * | 2018-05-16 | 2018-10-16 | 东南大学 | A kind of group data integrity verification method based on agency |
-
2020
- 2020-12-28 CN CN202011578108.0A patent/CN112560071B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090327735A1 (en) * | 2008-06-26 | 2009-12-31 | Microsoft Corporation | Unidirectional multi-use proxy re-signature process |
CN101420304A (en) * | 2008-11-25 | 2009-04-29 | 西安理工大学 | Security protection method for electronic document digital signature based on discrete logarithm |
WO2014109059A1 (en) * | 2013-01-11 | 2014-07-17 | 株式会社日立製作所 | Data encryption storage system and method |
CN107147720A (en) * | 2017-05-16 | 2017-09-08 | 安徽大学 | Traceable effective public auditing method and traceable effective public auditing system in cloud storage data sharing |
CN108664814A (en) * | 2018-05-16 | 2018-10-16 | 东南大学 | A kind of group data integrity verification method based on agency |
Non-Patent Citations (1)
Title |
---|
詹士潇: "高性能联盟区块链技术研究", 《软件学报》, 30 June 2019 (2019-06-30) * |
Also Published As
Publication number | Publication date |
---|---|
CN112560071B (en) | 2022-06-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102129532B (en) | Method and system for digital copyright protection | |
CN107508667B (en) | Ciphertext policy ABE base encryption method and its device of the fix duty without key escrow can be disclosed | |
CN101107611B (en) | Private and controlled ownership sharing method, device and system | |
CN107146120B (en) | Electronic invoice generation method and generation device | |
CN109074433A (en) | Method and system for verifying digital asset integrity using distributed hash tables and point-to-point distributed ledgers | |
CN102025507B (en) | Digital copyright management method for protecting digital content consumer privacy | |
CN113129518B (en) | Electric vehicle charging system and resource management method thereof | |
AU2008261152A1 (en) | Privacy-Protected Biometric Tokens | |
CN101206696A (en) | Apparatus, method and system for protecting personal information | |
KR100635280B1 (en) | Security method using electronic signature | |
CN108551435B (en) | Verifiable encryption group signature method with anonymity | |
CN101833623B (en) | Digital rights management method and system | |
CN112749417A (en) | Electronic academic certificate data protection and sharing system based on block chain | |
CA2303450C (en) | Method for publishing certification information representative of selectable subsets of rights and apparatus and portable data storage media used to practice said method | |
CN114969786A (en) | Block chain-based insurance function data processing method, node and system | |
CN101359986B (en) | Apparatus and method for direct anonymous attestation from bilinear maps | |
CN112560071B (en) | Data sharing method with functions of auditing and designating verifier | |
CN101661573B (en) | Method for producing electronic seal and method for using electronic seal | |
CN103235908A (en) | Digital safety protection algorithm | |
CN116484969A (en) | Training method and device of federal learning model and automobile | |
CN112650813B (en) | Data sharing method for distributed auditing | |
CN112560070B (en) | Data sharing method with auditing function | |
CN112559456B (en) | Data sharing method with privacy protection auditing and deleting functions | |
Chen et al. | VILS: A verifiable image licensing system | |
CN115776396A (en) | Data processing method and device, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |