CN112751673A - Supervision-capable data privacy sharing method based on end side cloud cooperation - Google Patents

Supervision-capable data privacy sharing method based on end side cloud cooperation Download PDF

Info

Publication number
CN112751673A
CN112751673A CN202110361878.8A CN202110361878A CN112751673A CN 112751673 A CN112751673 A CN 112751673A CN 202110361878 A CN202110361878 A CN 202110361878A CN 112751673 A CN112751673 A CN 112751673A
Authority
CN
China
Prior art keywords
data
key
chain
node
supervision
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110361878.8A
Other languages
Chinese (zh)
Other versions
CN112751673B (en
Inventor
高丰
郑欢欢
孙爽
王晓江
郁善金
杨涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Lab
Original Assignee
Zhejiang Lab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Lab filed Critical Zhejiang Lab
Priority to CN202110361878.8A priority Critical patent/CN112751673B/en
Publication of CN112751673A publication Critical patent/CN112751673A/en
Application granted granted Critical
Publication of CN112751673B publication Critical patent/CN112751673B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

The invention discloses a method for sharing data privacy capable of being supervised based on end side cloud cooperation, which aims at sharing and supervising the data privacy under an end side cloud scene and comprises the following steps: data cloud storage and metadata generation based on symmetric key encryption, metadata chaining based on distributed keys of a federation chain, and data supervision based on searchable encryption, wherein the supervision mode comprises the following steps: the method comprises two granularity monitoring modes of envelope monitoring, unsealing monitoring and the like, wherein the envelope monitoring confirms whether a user submits a storage certificate of metadata within a certain time under the condition that all nodes are commonly identified; the unsealing supervision acquires a metadata storage certificate of a user, decrypts the stored data and acquires a data plaintext; the block chain system is used for storing the privacy data of the user, protecting the data privacy from being disclosed, and meanwhile, monitoring the data privacy under a sharing condition.

Description

Supervision-capable data privacy sharing method based on end side cloud cooperation
Technical Field
The invention relates to the technical field of edge computing and block chaining, in particular to a method for sharing evidence-storing privacy based on end edge cloud cooperation.
Background
With the opening of the big data era, a great deal of manpower and material resources are input into various industries and areas to develop the construction of a data center, big data application is continuously developed and popularized, various information systems are increasingly complex in scale, data volume is increasingly huge, data types are more and more, and data forms are also increasingly diverse. In the construction of a big data platform, the data resources usually comprise data of the department, and also comprise data of related cooperative departments and public data of the internet. With the continuous accumulation and use of data, the value of the data is larger and larger, and how to safely and reliably use the data becomes an increasingly prominent problem. Data security is typically reinforced from such dimensions as confidentiality, integrity, and availability. The data is protected not only to be read and written correctly and completely, but also to be invisible to people who should not see the data and to be visible to people who can see the data according with an authorization process.
The characteristics of non-tampering and non-repudiation of the block chain technology open a new technical approach for data privacy sharing. The block chain is an account book whole-network public system, and all nodes can participate in consensus and are not beneficial to data privacy protection essentially. The invention realizes the data privacy sharing of two granularity supervision by combining the searchable encryption technology and the block chain technology in the cryptography.
Disclosure of Invention
In order to solve the defects of the prior art, realize the purpose of data sharing under the condition of protecting the data privacy and realize the supervision modes of envelope supervision, unseal supervision and the like on the content of the data, the invention adopts the following technical scheme:
a supervision data privacy sharing method based on end side cloud cooperation comprises the following steps:
s1, storing and generating storage certificate based on data cloud of symmetric encryption
Figure 163371DEST_PATH_IMAGE001
And
Figure 642894DEST_PATH_IMAGE002
s2, the data certificate chaining based on the distributed key, comprising the steps of:
s21, generating secret shards of the credential encryption keys sk, sk based on a symmetric cryptographic algorithm, a Shamir secret sharing mechanism, and a distributed key generation mechanism
Figure 830424DEST_PATH_IMAGE003
And obtaining an assigned key value of each node
Figure 192135DEST_PATH_IMAGE004
And public key
Figure 372581DEST_PATH_IMAGE005
Wherein
Figure 441031DEST_PATH_IMAGE006
,
Figure 48730DEST_PATH_IMAGE007
G 1 AndG 2 is two orders of prime numberpThe finite group of cycles of (a) is,gis thatG 1 The generation element of (a) is generated,e: G 1 ×G 1 G 2 is a bi-linear mapping of the image data,
Figure 897737DEST_PATH_IMAGE008
Figure 865562DEST_PATH_IMAGE009
are two hash functions;
s22, calling the intelligent contract by the block chain nodes, and obtaining the encryption searchable value based on the distributed public key searchable encryption algorithm
Figure 319677DEST_PATH_IMAGE010
Generating encryption metadata based on a public key
Figure 832698DEST_PATH_IMAGE011
S23, mixing
Figure 372264DEST_PATH_IMAGE012
Saving to a block chain;
s3, supervising the data content under the condition of privacy status and committee consensus, the supervising method includes: the method comprises two granularity supervision modes of envelope supervision and unseal supervision, wherein the envelope supervision confirms whether a user submits a storage certificate of metadata within a certain time under the condition that all nodes are commonly identified, and the method comprises the following steps:
s311, submitting key words by nodes on the chain of custodywAnd initiating a transaction;
s312, the secret key is recovered to obtain
Figure 642315DEST_PATH_IMAGE013
S313, intelligent contract acquisition Block chain saving
Figure 950936DEST_PATH_IMAGE014
And verifying the public key search keyword, and calculating:
Figure 697175DEST_PATH_IMAGE015
if the equality is established, the keyword is explained to be uplink, otherwise, the keyword is explained to be uplink, and the supervision mode does not know the content of the certificate stored by the user;
the unsealing supervision obtains the metadata storage certificate of the user, decrypts the stored data and obtains the data plaintext, and the unsealing supervision method comprises the following steps:
s321, submitting the key words by the supervision nodewAnd initiating a transaction;
s322, the supervision node calls an intelligent contract, and the node on the supervision chain judges whether the condition of unsealing supervision is met;
s323, the key is recovered to obtain
Figure 458458DEST_PATH_IMAGE016
S324, based on
Figure 518818DEST_PATH_IMAGE016
Calling the smart contract program to obtain the encryption key of the metadata because
Figure 931214DEST_PATH_IMAGE017
Is encryption
Figure 51616DEST_PATH_IMAGE002
By consensus recovery of the nodes
Figure 362512DEST_PATH_IMAGE002
Thereby recovering all information of the data credential;
and S325, calling the intelligent contract program to obtain the metadata according to the metadata encryption key by the user, and obtaining the content of the stored data.
Further, in step S312, the local trapdoor
Figure 226563DEST_PATH_IMAGE018
Locally based on its own fragmentation key, calculating
Figure 244197DEST_PATH_IMAGE019
And broadcast
Figure 551813DEST_PATH_IMAGE020
Generating a global threshold functionNumber, trap door set
Figure 22109DEST_PATH_IMAGE021
Figure 689850DEST_PATH_IMAGE022
Figure 561991DEST_PATH_IMAGE023
Representing a supervisory node.
Further, in step S21, the key is distributed, and the system selects a polynomial
Figure 86514DEST_PATH_IMAGE024
In each consensus period of the alliance chain, the block chain nodes independently generate key slices according to the distributed key protocol, and respectively generate own private keys
Figure 558952DEST_PATH_IMAGE004
And public key
Figure 764806DEST_PATH_IMAGE005
And secret reconstructed slice values
Figure 491453DEST_PATH_IMAGE025
In step S312, the node on the chain of custody receives the information through multi-node negotiationkSecret value of each node, form list =
Figure 390139DEST_PATH_IMAGE026
Invoking an intelligent contract, calculating
Figure 582830DEST_PATH_IMAGE027
So that
Figure 592374DEST_PATH_IMAGE028
Node calculation local threshold on chain of custody
Figure 501424DEST_PATH_IMAGE029
The intelligent contracts collecting different nodes
Figure 305432DEST_PATH_IMAGE030
Form a
Figure 237616DEST_PATH_IMAGE031
In the step S323, receivekSecret value of individual node
Figure 34539DEST_PATH_IMAGE032
And node numbering
Figure 1358DEST_PATH_IMAGE033
Figure 976268DEST_PATH_IMAGE034
Form list =
Figure 661327DEST_PATH_IMAGE035
And the intelligent contract is called,
Figure 809412DEST_PATH_IMAGE036
so that
Figure 381469DEST_PATH_IMAGE037
Further, the distribution and recovery of the key adopt a distributed (k, n) key protocol, a key is divided into n parts, each member possesses an independent sub-key, and the following conditions are satisfied: any qualified member with no less than k can reconstruct the original key through the held sub-keys (k < n); any set of members within k cannot reconstruct the original key.
Further, in step S22, the distributed public key searchable encryption algorithm includes calculating:
Figure 792859DEST_PATH_IMAGE038
where e () is a bilinear factor map,
Figure 434056DEST_PATH_IMAGE039
as a hash function, random numbers
Figure 323515DEST_PATH_IMAGE040
And outputting:
Figure 514193DEST_PATH_IMAGE041
wherein the content of the first and second substances,
Figure 830905DEST_PATH_IMAGE005
public key as blockchain node for encryption
Figure 21715DEST_PATH_IMAGE001
Further, the step S1 includes the following steps:
s11, in order to ensure the safety of the data, the user encrypts the data in a symmetrical encryption mode;
s12, the block chain platform generates a file according to the received data, calculates a digital abstract, uploads the digital abstract to the cloud, and obtains a file storage address;
s13, the block chain platform initiates the transaction, calls the intelligent contract, encrypts and stores the metadata into the block chain network, the metadata comprises the digital abstract and the encrypted file address, the block chain network agrees with the transaction, and the DO generates and outputs the storage certificate of the metadata
Figure 714865DEST_PATH_IMAGE001
And
Figure 510782DEST_PATH_IMAGE002
further, in the step S1
Figure 11778DEST_PATH_IMAGE042
And
Figure 893146DEST_PATH_IMAGE043
the information comprises user credentials, time, data hash, storage address, encryption key and the like, the encryption key is a symmetric key used by the user to encrypt files,irepresenting blockchain nodes.
Further, in the step S1, a cloud-chain integrated architecture is constructed, and the encrypted data is stored on the private cloud.
Further, the data encrypted in the step S1 is stored in the Ceph cluster.
Further, the block chain is a union chain based on a practical Byzantine fault-tolerant PBFT mode, and transactions are verified through leader nodes of the PBFT and added to the latest block.
The invention has the advantages and beneficial effects that:
in big data storage, realize the sharing of data through the blockchain technique, under the prerequisite that need not know the content of depositing the card, supervise data, when guaranteeing dimensionalities such as data security, integrality, usability, realize sharing through authorizing, blockchain system is used for depositing the card to user's privacy data, and the protection data privacy is not revealed, realizes simultaneously to supervise under the data privacy shared condition.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Fig. 2 is a flow chart of data uplink and block chain verification in the present invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present invention, are given by way of illustration and explanation only, not limitation.
The traditional physical storage has the problems that resources are scattered, the storage reliability cannot be guaranteed and the like, the storage virtualization means that all scattered and heterogeneous storage devices are mapped into a uniform and continuous addressing logical storage space which is called a virtual storage pool according to a certain strategy, the access address of the virtual storage pool is provided for an application system, and the storage virtualization improves the reliability and the availability of data through technologies such as data mirroring, data verification and multipath and the like.
The Ceph cluster is a data storage part in this embodiment, provides PB-level data storage capability, and meanwhile, the cluster has high scalability and high reliability, and can cope with the problem of insufficient cluster storage capability by adding nodes.
As shown in fig. 1 and 2, a supervisable data privacy sharing method based on end edge cloud collaboration includes the following steps:
step S1, based on the symmetric encrypted data cloud storage and generating a storage credential, the data uploaded by the user is stored in the Ceph cluster in the form of a file, and the digital digest of the data, the storage address of the encrypted file in the Ceph cluster, the data encryption/decryption key, the data access record, and the like are stored in the blockchain.
Initialization and block synchronization: the block chain is based on a P2P network, a central node does not exist, the position of each node is the same, and the nodes can also directly communicate with other nodes to broadcast data to the whole network. After the user starts the block link node to access the alliance link, the alliance link network can perform identity authentication, and only the legal node can successfully join the alliance link. After joining the alliance chain, the node starts to monitor and wait for the broadcast data of the peer nodes in the network, and checks whether the block of the node is the highest block, and if not, the node synchronizes from other nodes.
In order to ensure the security of data, a user encrypts the data into a ciphertext in a symmetric encryption mode and finishes uploading the data, a platform generates a file according to the received data, calculates a digital abstract, stores the digital abstract in a Ceph cluster and obtains a file storage address;
specifically, according to data input by a user and user information, encrypted data is generated by adopting a symmetric key method and is stored in a cloud storage server; the block chain platform initiates a transaction, calls an intelligent contract, takes information such as a digital abstract and an encrypted file address as metadata, encrypts the metadata and stores the metadata in a block chain network, the block chain network agrees with the transaction, and the DO generates and outputs a storage certificate of the metadata:
Figure 858828DEST_PATH_IMAGE042
and
Figure 509252DEST_PATH_IMAGE043
the information w comprises user credentials, time, data hash, storage address, encryption key and the like, the encryption key is a symmetric key for encrypting files by the user,irepresenting blockchain nodes;
the cloud chain integrated architecture is constructed, the encrypted data are stored on the private cloud, and the storage certificate of the access data comprises the user certificate, time, a Uniform Resource Location (URL) of data storage, an encryption key and other information to generate the storage certificate.
Step S2, based on data certificate chain of distributed key, firstly, distributing key, system selecting polynomial
Figure 682613DEST_PATH_IMAGE024
In each consensus period of the federation chain, the block chain nodes independently generate key slices according to the distributed key protocol, and respectively generate their private keys and public keys: (
Figure 848015DEST_PATH_IMAGE004
Figure 882967DEST_PATH_IMAGE005
) And secret reconstructed slice values
Figure 387898DEST_PATH_IMAGE044
Wherein
Figure 482893DEST_PATH_IMAGE006
,
Figure 824007DEST_PATH_IMAGE007
G 1 AndG 2 is two orders of prime numberpThe finite group of cycles of (a) is,gis thatG 1 The generation element of (a) is generated,e: G 1 ×G 1 G 2 is a bi-linear mapping of the image data,
Figure 397071DEST_PATH_IMAGE008
Figure 22087DEST_PATH_IMAGE009
two hash functions are adopted, secondly, the block chain node calls an intelligent contract, and an encrypted searchable value is obtained based on a distributed public key searchable encryption algorithm
Figure 84721DEST_PATH_IMAGE010
And encryption metadata based on symmetric key encryption
Figure 162398DEST_PATH_IMAGE011
And finally, will
Figure 54000DEST_PATH_IMAGE012
Saving to a block chain;
specifically, the block chain node calls an intelligent contract and generates a public key based on a Shamir distributed secret sharing mechanism
Figure 533523DEST_PATH_IMAGE045
And obtaining an assigned key value and a public key of each node
Figure 704741DEST_PATH_IMAGE005
(ii) a The block chain node calls an intelligent contract to generate a distributed public key
Figure 269715DEST_PATH_IMAGE005
Encrypting searchable values
Figure 981319DEST_PATH_IMAGE010
(ii) a The block chain node calls the intelligent contract according to the public key
Figure 352168DEST_PATH_IMAGE045
Generating an encryption keyskGenerating encrypted metadata
Figure 959866DEST_PATH_IMAGE011
(ii) a Block link point generation transaction and packaging
Figure 746557DEST_PATH_IMAGE012
The leader node of the PBFT (a practical byzantine fault tolerant, block chain is a federation chain based on a practical byzantine fault tolerant approach) verifies the transaction and adds it to the latest block.
A distributed public key searchable encryption algorithm comprising the computations:
Figure 465114DEST_PATH_IMAGE038
where e () is a bilinear factor map,
Figure 715967DEST_PATH_IMAGE046
as a hash function, random numbers
Figure 743835DEST_PATH_IMAGE040
And outputting:
Figure 17821DEST_PATH_IMAGE041
wherein the content of the first and second substances,
Figure 540069DEST_PATH_IMAGE005
the public key, which is the blockchain node, is used to encrypt z, and finally, C is saved onto the blockchain.
Step S3, in the privacy state, the content of the data is supervised under the condition that the committee obtains consensus, and the supervision method includes: and the envelope supervision confirms whether the user submits the metadata storage certificate within a certain time under the condition that all nodes are identified together, and the unsealing supervision acquires the metadata storage certificate of the user, decrypts the stored data and acquires the data plaintext.
1. The envelope supervision process comprises the following steps:
(1) node submission key on chain of custodywAnd initiating a transaction;
(2) recovery of keys, chain of custodyThe node receives through multi-node negotiationkSecret value of each node, form list =
Figure 848691DEST_PATH_IMAGE026
And the intelligent contract is called,
Figure 548925DEST_PATH_IMAGE027
,list=
Figure 106945DEST_PATH_IMAGE026
so that
Figure 432884DEST_PATH_IMAGE028
(3) Node calculation local threshold on chain of custody
Figure 330433DEST_PATH_IMAGE047
The intelligent contracts collecting different nodes
Figure 450836DEST_PATH_IMAGE030
Form a
Figure 761731DEST_PATH_IMAGE048
In particular, a local trapdoor
Figure 875050DEST_PATH_IMAGE049
Locally based on its own fragmentation key, calculating
Figure 627105DEST_PATH_IMAGE019
And broadcast
Figure 183988DEST_PATH_IMAGE020
(ii) a Generating a global threshold function, a set of trapdoors
Figure 919863DEST_PATH_IMAGE021
Figure 69829DEST_PATH_IMAGE022
Figure 207549DEST_PATH_IMAGE023
Representing a supervisory node.
(4) Saved on intelligent contract acquisition blockchain
Figure 732071DEST_PATH_IMAGE014
Performing public key search keyword verification, if the result is True, indicating that the keyword exists in the envelope, and if the result is False, indicating that the keyword is not stored in the envelope;
specifically, it is calculated to obtain
Figure 689663DEST_PATH_IMAGE050
And then, the chain of custody node calculates:
Figure 161095DEST_PATH_IMAGE015
if the above equation is true, then a certain equation is stated
Figure 137011DEST_PATH_IMAGE001
The user has been uplinked before, but this way of supervision does not know what the user has certified.
(5) And finishing the envelope supervision.
2. The unsealing supervision process comprises the following steps:
(1) supervisory node submits keywordswAnd initiating a transaction;
(2) the supervision node calls an intelligent contract, and the node on the supervision chain judges whether the condition of unsealing supervision is met or not;
(3) recovering the secret key, receivekSecret value of individual node, list =
Figure 770117DEST_PATH_IMAGE035
And the intelligent contract is called,
Figure 480584DEST_PATH_IMAGE036
so that
Figure 286866DEST_PATH_IMAGE037
(4) Based on
Figure 133599DEST_PATH_IMAGE051
Calling an intelligent contract program to obtain an encryption key of the metadata; due to the fact that
Figure 953919DEST_PATH_IMAGE051
Is encryption
Figure 620524DEST_PATH_IMAGE002
By consensus recovery of the nodes
Figure 433759DEST_PATH_IMAGE002
Thereby recovering all information of the data credential;
(5) the user calls an intelligent contract program to obtain metadata according to the metadata encryption key and obtains the content of the stored data, and the data unsealing supervision is completed;
the distribution and recovery of the key adopt a distributed (k, n) key protocol, a key is divided into n parts, each member possesses an independent subkey, and the following conditions are satisfied:
any qualified member with no less than k can reconstruct the original key through the held sub-keys (k < n);
any member set below k cannot reconstruct the original key.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. A supervision data privacy sharing method based on end side cloud cooperation is characterized by comprising the following steps:
s1, storing and generating storage certificate based on data cloud of symmetric encryption
Figure 450772DEST_PATH_IMAGE001
And
Figure 836753DEST_PATH_IMAGE002
s2, searching for encrypted and symmetrically encrypted data certificate uplink based on public key, comprising the steps of:
s21, assigning a key value to each credential chain node based on a distributed key generation mechanism
Figure 209966DEST_PATH_IMAGE003
And public key
Figure 74017DEST_PATH_IMAGE004
Wherein
Figure 731132DEST_PATH_IMAGE005
,
Figure 22436DEST_PATH_IMAGE006
G 1 AndG 2 is two orders of prime numberpThe finite group of cycles of (a) is,gis thatG 1 The generation element of (a) is generated,e: G 1 ×G 1 G 2 is a bi-linear mapping of the image data,
Figure 882945DEST_PATH_IMAGE007
Figure 816266DEST_PATH_IMAGE008
two hash functions are used to generate a certificate encryption key sk, and the sk are recovered and fragmented based on a Shamir secret sharing mechanism
Figure 953986DEST_PATH_IMAGE009
Assigning a share to each credit chain node, in particular, randomly constructing a polynomial
Figure 291557DEST_PATH_IMAGE010
Handle bar
Figure 514728DEST_PATH_IMAGE011
Distributing the nodes to the evidence storing chain, wherein n is the number of the evidence storing nodes;
s22, calling the intelligent contract by the deposit certificate chain node, and obtaining the encryption searchable value based on the distributed public key searchable encryption algorithm
Figure 845216DEST_PATH_IMAGE012
Generating encryption metadata based on a public key
Figure 103022DEST_PATH_IMAGE013
S23, mixing
Figure 375609DEST_PATH_IMAGE014
Storing the data in a certificate storing chain;
s3, supervising under the condition of privacy status and committee consensus, the supervising method includes: the method comprises the following steps of envelope supervision and unsealing supervision, wherein the envelope supervision confirms whether a user submits a storage certificate of metadata within a certain time under the condition that all nodes are in common knowledge, and the method comprises the following steps:
s311, submitting key words by nodes on the chain of custodywAnd initiating a transaction;
s312, the evidence storing chain link points are commonly identified to obtain the retrieval trapdoor
Figure 86076DEST_PATH_IMAGE015
S313, intelligent contract acquisition Block chain saving
Figure 95620DEST_PATH_IMAGE016
Perform a public key search keyKey verification, calculation:
Figure 332566DEST_PATH_IMAGE017
if the equation is established, the keyword is uplink-linked, otherwise, the keyword is not uplink-linked;
the unsealing supervision obtains the metadata storage certificate of the user, decrypts the stored data and obtains the data plaintext, and the unsealing supervision method comprises the following steps:
s321, submitting the key words by the supervision nodewAnd initiating a transaction;
s322, the supervision node calls an intelligent contract, and the node on the storage chain judges whether the condition of unsealing supervision is met;
s323, the key is recovered to obtain
Figure 402154DEST_PATH_IMAGE018
S324, based on
Figure 475283DEST_PATH_IMAGE019
Calling intelligent contract program to obtain metadata encryption key, and recovering through node consensus
Figure 22939DEST_PATH_IMAGE002
To recover the data credential;
and S325, calling the intelligent contract program to obtain the metadata according to the metadata encryption key by the user, and obtaining the content of the stored data.
2. The supervisable data privacy sharing method based on end edge cloud collaboration as claimed in claim 1, wherein in the step S312, the local trapdoor
Figure 255337DEST_PATH_IMAGE020
Locally based on its own fragmentation key, calculating
Figure 620459DEST_PATH_IMAGE021
And broadcast
Figure 39939DEST_PATH_IMAGE022
Generating a global threshold function, a set of trapdoors
Figure 24908DEST_PATH_IMAGE023
Figure 846233DEST_PATH_IMAGE024
Figure 382257DEST_PATH_IMAGE025
Representing a supervisory node.
3. The supervised data privacy sharing method based on end edge cloud coordination as recited in claim 1, wherein in step S21, the key is distributed, and the system selects the polynomial
Figure 289033DEST_PATH_IMAGE026
In each consensus period of the alliance chain, the block chain nodes independently generate key slices according to the distributed key protocol, and respectively generate own private keys
Figure 444071DEST_PATH_IMAGE003
And public key
Figure 260848DEST_PATH_IMAGE004
And secret reconstructed slice values
Figure 108718DEST_PATH_IMAGE027
In step S312, the node on the chain of custody receives the information through multi-node negotiationkSecret value of each node, form list =
Figure 627424DEST_PATH_IMAGE028
Invoking an intelligent contract, calculating
Figure 320574DEST_PATH_IMAGE029
So that
Figure 116491DEST_PATH_IMAGE030
Node calculation local threshold on chain of custody
Figure 243585DEST_PATH_IMAGE031
The intelligent contracts collecting different nodes
Figure 124954DEST_PATH_IMAGE032
Form a
Figure 12007DEST_PATH_IMAGE033
In the step S323, receivekSecret value of individual node
Figure 662431DEST_PATH_IMAGE034
And node numbering
Figure 196312DEST_PATH_IMAGE035
Figure 830555DEST_PATH_IMAGE036
Form list =
Figure 865508DEST_PATH_IMAGE037
Invoking an intelligent contract, calculating
Figure 26231DEST_PATH_IMAGE038
So that
Figure 855646DEST_PATH_IMAGE039
4. The supervised data privacy sharing method based on end edge cloud coordination as claimed in claim 3, wherein the distribution and recovery of the key adopt a distributed (k, n) key protocol, a key is divided into n parts, each member possesses an independent sub-key, and the following conditions are satisfied: any qualified member with no less than k can reconstruct the original key through the held sub-keys (k < n); any set of members within k cannot reconstruct the original key.
5. The supervised data privacy sharing method based on end edge cloud coordination as recited in claim 1, wherein in the step S22, the distributed public key searchable encryption algorithm includes calculating:
Figure 85508DEST_PATH_IMAGE040
where e () is a bilinear factor map,
Figure 924151DEST_PATH_IMAGE041
as a hash function, random numbers
Figure 549168DEST_PATH_IMAGE042
And outputting:
Figure 939698DEST_PATH_IMAGE043
wherein the content of the first and second substances,
Figure 282954DEST_PATH_IMAGE004
public key as blockchain node for encryption
Figure 800654DEST_PATH_IMAGE001
6. The supervised data privacy sharing method based on end edge cloud coordination as recited in claim 1, wherein the step S1 includes the steps of:
s11, encrypting data by the user in a symmetric encryption mode;
s12, the certificate storing chain platform generates a file according to the received data, calculates a digital abstract, uploads the digital abstract to the cloud end, and meanwhile obtains a file storage address;
s13, initiating transaction by the deposit chain platform, calling an intelligent contract, encrypting and storing metadata into a deposit chain network, wherein the metadata comprises a digital abstract and an encrypted file address, the deposit chain network agrees with the transaction, and generates and outputs a storage certificate of the metadata
Figure 545757DEST_PATH_IMAGE001
And
Figure 982554DEST_PATH_IMAGE002
7. the supervised data privacy sharing method based on end edge cloud coordination as claimed in claim 1, wherein the stored credentials in step S1
Figure 672161DEST_PATH_IMAGE044
And
Figure 118186DEST_PATH_IMAGE045
including user credentials, time, data hash, storage address, and encryption key, the encryption key being a symmetric key for a user to encrypt files,iand representing the evidence storing chain node.
8. The supervised data privacy sharing method based on end edge cloud coordination as recited in claim 1, wherein in step S1, a cloud-chain integrated architecture is constructed, and the encrypted data is stored in a private cloud.
9. The supervisable data privacy sharing method based on end edge cloud cooperation according to claim 1, wherein the data encrypted in the step S1 is stored in a Ceph cluster.
10. The supervised data privacy sharing method based on end edge cloud coordination as recited in claim 1, wherein the block chain is a federation chain based on a practical Byzantine fault tolerant PBFT mode, and transactions are verified and added to the latest block through leader nodes of the PBFT.
CN202110361878.8A 2021-04-02 2021-04-02 Supervision-capable data privacy sharing method based on end side cloud cooperation Active CN112751673B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110361878.8A CN112751673B (en) 2021-04-02 2021-04-02 Supervision-capable data privacy sharing method based on end side cloud cooperation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110361878.8A CN112751673B (en) 2021-04-02 2021-04-02 Supervision-capable data privacy sharing method based on end side cloud cooperation

Publications (2)

Publication Number Publication Date
CN112751673A true CN112751673A (en) 2021-05-04
CN112751673B CN112751673B (en) 2021-06-25

Family

ID=75651705

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110361878.8A Active CN112751673B (en) 2021-04-02 2021-04-02 Supervision-capable data privacy sharing method based on end side cloud cooperation

Country Status (1)

Country Link
CN (1) CN112751673B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113542413A (en) * 2021-07-16 2021-10-22 北京数牍科技有限公司 Trusted evidence based supervised privacy computing method and system and computer equipment
CN114422273A (en) * 2022-03-29 2022-04-29 四川高速公路建设开发集团有限公司 Sensitive decision data safety sharing method in intelligent construction engineering information system
CN114584325A (en) * 2022-05-06 2022-06-03 四川野马科技有限公司 Bid quoted price data hybrid storage system and method based on block chain and cloud storage
CN114866236A (en) * 2022-05-11 2022-08-05 西安电子科技大学 Data sharing method for Internet of things in cloud based on alliance chain
CN115242555A (en) * 2022-09-21 2022-10-25 北京邮电大学 Supervisable cross-chain private data sharing method and device
WO2023010932A1 (en) * 2021-08-03 2023-02-09 之江实验室 Cloud-edge collaborative multi-mode private data transfer method based on smart contract
CN116132112A (en) * 2022-12-22 2023-05-16 广州大学 Keyword encryption searching method based on alliance chain intelligent contract
CN116150793A (en) * 2023-03-17 2023-05-23 北京信源电子信息技术有限公司 DOA-based handle identification analysis technology data protection method and system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106685989A (en) * 2017-02-07 2017-05-17 杭州秘猿科技有限公司 Privacy communication method based on license chain support and supervision
EP3379769A1 (en) * 2017-03-21 2018-09-26 Gemalto Sa Method of rsa signature or decryption protected using multiplicative splitting of an asymmetric exponent
CN109120398A (en) * 2018-08-03 2019-01-01 河南师范大学 A kind of privacy sharing method and apparatus based on block catenary system
CN109768987A (en) * 2019-02-26 2019-05-17 重庆邮电大学 A kind of storage of data file security privacy and sharing method based on block chain
CN110289951A (en) * 2019-06-03 2019-09-27 杭州电子科技大学 A kind of shared content monitoring method based on Threshold key sharing and block chain
CN111523133A (en) * 2020-04-24 2020-08-11 远光软件股份有限公司 Block chain and cloud data collaborative sharing method
CN112163854A (en) * 2020-09-14 2021-01-01 北京理工大学 Hierarchical public key searchable encryption method and system based on block chain
CN112543187A (en) * 2020-11-26 2021-03-23 齐鲁工业大学 Industrial Internet of things safety data sharing method based on edge block chain

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106685989A (en) * 2017-02-07 2017-05-17 杭州秘猿科技有限公司 Privacy communication method based on license chain support and supervision
EP3379769A1 (en) * 2017-03-21 2018-09-26 Gemalto Sa Method of rsa signature or decryption protected using multiplicative splitting of an asymmetric exponent
CN109120398A (en) * 2018-08-03 2019-01-01 河南师范大学 A kind of privacy sharing method and apparatus based on block catenary system
CN109768987A (en) * 2019-02-26 2019-05-17 重庆邮电大学 A kind of storage of data file security privacy and sharing method based on block chain
CN110289951A (en) * 2019-06-03 2019-09-27 杭州电子科技大学 A kind of shared content monitoring method based on Threshold key sharing and block chain
CN111523133A (en) * 2020-04-24 2020-08-11 远光软件股份有限公司 Block chain and cloud data collaborative sharing method
CN112163854A (en) * 2020-09-14 2021-01-01 北京理工大学 Hierarchical public key searchable encryption method and system based on block chain
CN112543187A (en) * 2020-11-26 2021-03-23 齐鲁工业大学 Industrial Internet of things safety data sharing method based on edge block chain

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
FENG GAO 等: "A Blockchain-Based Privacy-Preserving Payment Mechanism for Vehicle-to-Grid Networks", 《IEEE NETWORK》 *
吴大鹏 等: ""端—边—云"协同的智慧物联网", 《物联网学报》 *
李帅 等: "基于Shamir密钥分发算法的Android网盘多点存储系统", 《通信技术》 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113542413A (en) * 2021-07-16 2021-10-22 北京数牍科技有限公司 Trusted evidence based supervised privacy computing method and system and computer equipment
CN113542413B (en) * 2021-07-16 2024-01-05 北京数牍科技有限公司 Manageable privacy computing method, system and computer equipment based on trusted memory card
WO2023010932A1 (en) * 2021-08-03 2023-02-09 之江实验室 Cloud-edge collaborative multi-mode private data transfer method based on smart contract
CN114422273A (en) * 2022-03-29 2022-04-29 四川高速公路建设开发集团有限公司 Sensitive decision data safety sharing method in intelligent construction engineering information system
CN114422273B (en) * 2022-03-29 2022-06-17 四川高速公路建设开发集团有限公司 Sensitive decision data safety sharing method in intelligent construction engineering information system
CN114584325A (en) * 2022-05-06 2022-06-03 四川野马科技有限公司 Bid quoted price data hybrid storage system and method based on block chain and cloud storage
CN114866236A (en) * 2022-05-11 2022-08-05 西安电子科技大学 Data sharing method for Internet of things in cloud based on alliance chain
CN114866236B (en) * 2022-05-11 2024-03-29 西安电子科技大学 Data sharing method of Internet of things in cloud based on alliance chain
CN115242555A (en) * 2022-09-21 2022-10-25 北京邮电大学 Supervisable cross-chain private data sharing method and device
CN116132112A (en) * 2022-12-22 2023-05-16 广州大学 Keyword encryption searching method based on alliance chain intelligent contract
CN116150793A (en) * 2023-03-17 2023-05-23 北京信源电子信息技术有限公司 DOA-based handle identification analysis technology data protection method and system
CN116150793B (en) * 2023-03-17 2023-10-24 北京信源电子信息技术有限公司 DOA-based handle identification analysis technology data protection method and system

Also Published As

Publication number Publication date
CN112751673B (en) 2021-06-25

Similar Documents

Publication Publication Date Title
CN112751673B (en) Supervision-capable data privacy sharing method based on end side cloud cooperation
EP3788522B1 (en) System and method for mapping decentralized identifiers to real-world entities
EP3788523B1 (en) System and method for blockchain-based cross-entity authentication
CN109756582B (en) Information recording method, device, node and storage medium in block chain network
US10805072B2 (en) System and method for autonomous dynamic person management
CN110474893B (en) Heterogeneous cross-trust domain secret data secure sharing method and system
CN107528688B (en) Block chain key keeping and recovering method and device based on encryption delegation technology
Hota et al. Capability-based cryptographic data access control in cloud computing
EP3089399B1 (en) Methods and devices for securing keys for a non-secured, distributed environment with applications to virtualization and cloud-computing security and management
US10764047B2 (en) Synchronizable hardware security module
WO2021135757A1 (en) Method and apparatus for executing transaction correctness verification
CN112380578A (en) Edge computing framework based on block chain and trusted execution environment
US11343081B2 (en) Synchronizable hardware security module
CN115242555B (en) Monitorable cross-chain private data sharing method and device
CN105071936A (en) Systems and methods for secure data sharing
US10887294B2 (en) Synchronizable hardware security module
El Defrawy et al. Founding digital currency on secure computation
CN113643134A (en) Internet of things block chain transaction method and system based on multi-key homomorphic encryption
US11893577B2 (en) Cryptographic key storage system and method
CN115495768A (en) Secret-related information processing method and system based on block chain and multi-party security calculation
CN110784318B (en) Group key updating method, device, electronic equipment, storage medium and communication system
CN115913513B (en) Distributed trusted data transaction method, system and device supporting privacy protection
CN112003690B (en) Password service system, method and device
Noh et al. A novel user collusion-resistant decentralized multi-authority attribute-based encryption scheme using the deposit on a blockchain
CN114239043A (en) Shared encryption storage system constructed based on block chain technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant