CN112751673A - Supervision-capable data privacy sharing method based on end side cloud cooperation - Google Patents
Supervision-capable data privacy sharing method based on end side cloud cooperation Download PDFInfo
- Publication number
- CN112751673A CN112751673A CN202110361878.8A CN202110361878A CN112751673A CN 112751673 A CN112751673 A CN 112751673A CN 202110361878 A CN202110361878 A CN 202110361878A CN 112751673 A CN112751673 A CN 112751673A
- Authority
- CN
- China
- Prior art keywords
- data
- key
- chain
- node
- supervision
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Abstract
The invention discloses a method for sharing data privacy capable of being supervised based on end side cloud cooperation, which aims at sharing and supervising the data privacy under an end side cloud scene and comprises the following steps: data cloud storage and metadata generation based on symmetric key encryption, metadata chaining based on distributed keys of a federation chain, and data supervision based on searchable encryption, wherein the supervision mode comprises the following steps: the method comprises two granularity monitoring modes of envelope monitoring, unsealing monitoring and the like, wherein the envelope monitoring confirms whether a user submits a storage certificate of metadata within a certain time under the condition that all nodes are commonly identified; the unsealing supervision acquires a metadata storage certificate of a user, decrypts the stored data and acquires a data plaintext; the block chain system is used for storing the privacy data of the user, protecting the data privacy from being disclosed, and meanwhile, monitoring the data privacy under a sharing condition.
Description
Technical Field
The invention relates to the technical field of edge computing and block chaining, in particular to a method for sharing evidence-storing privacy based on end edge cloud cooperation.
Background
With the opening of the big data era, a great deal of manpower and material resources are input into various industries and areas to develop the construction of a data center, big data application is continuously developed and popularized, various information systems are increasingly complex in scale, data volume is increasingly huge, data types are more and more, and data forms are also increasingly diverse. In the construction of a big data platform, the data resources usually comprise data of the department, and also comprise data of related cooperative departments and public data of the internet. With the continuous accumulation and use of data, the value of the data is larger and larger, and how to safely and reliably use the data becomes an increasingly prominent problem. Data security is typically reinforced from such dimensions as confidentiality, integrity, and availability. The data is protected not only to be read and written correctly and completely, but also to be invisible to people who should not see the data and to be visible to people who can see the data according with an authorization process.
The characteristics of non-tampering and non-repudiation of the block chain technology open a new technical approach for data privacy sharing. The block chain is an account book whole-network public system, and all nodes can participate in consensus and are not beneficial to data privacy protection essentially. The invention realizes the data privacy sharing of two granularity supervision by combining the searchable encryption technology and the block chain technology in the cryptography.
Disclosure of Invention
In order to solve the defects of the prior art, realize the purpose of data sharing under the condition of protecting the data privacy and realize the supervision modes of envelope supervision, unseal supervision and the like on the content of the data, the invention adopts the following technical scheme:
a supervision data privacy sharing method based on end side cloud cooperation comprises the following steps:
s2, the data certificate chaining based on the distributed key, comprising the steps of:
s21, generating secret shards of the credential encryption keys sk, sk based on a symmetric cryptographic algorithm, a Shamir secret sharing mechanism, and a distributed key generation mechanismAnd obtaining an assigned key value of each nodeAnd public keyWherein,,G 1 AndG 2 is two orders of prime numberpThe finite group of cycles of (a) is,gis thatG 1 The generation element of (a) is generated,e: G 1 ×G 1 →G 2 is a bi-linear mapping of the image data,,are two hash functions;
s22, calling the intelligent contract by the block chain nodes, and obtaining the encryption searchable value based on the distributed public key searchable encryption algorithmGenerating encryption metadata based on a public key;
s3, supervising the data content under the condition of privacy status and committee consensus, the supervising method includes: the method comprises two granularity supervision modes of envelope supervision and unseal supervision, wherein the envelope supervision confirms whether a user submits a storage certificate of metadata within a certain time under the condition that all nodes are commonly identified, and the method comprises the following steps:
s311, submitting key words by nodes on the chain of custodywAnd initiating a transaction;
S313, intelligent contract acquisition Block chain savingAnd verifying the public key search keyword, and calculating:
if the equality is established, the keyword is explained to be uplink, otherwise, the keyword is explained to be uplink, and the supervision mode does not know the content of the certificate stored by the user;
the unsealing supervision obtains the metadata storage certificate of the user, decrypts the stored data and obtains the data plaintext, and the unsealing supervision method comprises the following steps:
s321, submitting the key words by the supervision nodewAnd initiating a transaction;
s322, the supervision node calls an intelligent contract, and the node on the supervision chain judges whether the condition of unsealing supervision is met;
S324, based onCalling the smart contract program to obtain the encryption key of the metadata becauseIs encryptionBy consensus recovery of the nodesThereby recovering all information of the data credential;
and S325, calling the intelligent contract program to obtain the metadata according to the metadata encryption key by the user, and obtaining the content of the stored data.
Further, in step S312, the local trapdoorLocally based on its own fragmentation key, calculatingAnd broadcast;
Further, in step S21, the key is distributed, and the system selects a polynomialIn each consensus period of the alliance chain, the block chain nodes independently generate key slices according to the distributed key protocol, and respectively generate own private keysAnd public keyAnd secret reconstructed slice values;
In step S312, the node on the chain of custody receives the information through multi-node negotiationkSecret value of each node, form list =Invoking an intelligent contract, calculatingSo that;
Node calculation local threshold on chain of custodyThe intelligent contracts collecting different nodesForm a;
In the step S323, receivekSecret value of individual nodeAnd node numbering,Form list =And the intelligent contract is called,so that。
Further, the distribution and recovery of the key adopt a distributed (k, n) key protocol, a key is divided into n parts, each member possesses an independent sub-key, and the following conditions are satisfied: any qualified member with no less than k can reconstruct the original key through the held sub-keys (k < n); any set of members within k cannot reconstruct the original key.
Further, in step S22, the distributed public key searchable encryption algorithm includes calculating:
wherein the content of the first and second substances,public key as blockchain node for encryption。
Further, the step S1 includes the following steps:
s11, in order to ensure the safety of the data, the user encrypts the data in a symmetrical encryption mode;
s12, the block chain platform generates a file according to the received data, calculates a digital abstract, uploads the digital abstract to the cloud, and obtains a file storage address;
s13, the block chain platform initiates the transaction, calls the intelligent contract, encrypts and stores the metadata into the block chain network, the metadata comprises the digital abstract and the encrypted file address, the block chain network agrees with the transaction, and the DO generates and outputs the storage certificate of the metadataAnd。
further, in the step S1Andthe information comprises user credentials, time, data hash, storage address, encryption key and the like, the encryption key is a symmetric key used by the user to encrypt files,irepresenting blockchain nodes.
Further, in the step S1, a cloud-chain integrated architecture is constructed, and the encrypted data is stored on the private cloud.
Further, the data encrypted in the step S1 is stored in the Ceph cluster.
Further, the block chain is a union chain based on a practical Byzantine fault-tolerant PBFT mode, and transactions are verified through leader nodes of the PBFT and added to the latest block.
The invention has the advantages and beneficial effects that:
in big data storage, realize the sharing of data through the blockchain technique, under the prerequisite that need not know the content of depositing the card, supervise data, when guaranteeing dimensionalities such as data security, integrality, usability, realize sharing through authorizing, blockchain system is used for depositing the card to user's privacy data, and the protection data privacy is not revealed, realizes simultaneously to supervise under the data privacy shared condition.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Fig. 2 is a flow chart of data uplink and block chain verification in the present invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present invention, are given by way of illustration and explanation only, not limitation.
The traditional physical storage has the problems that resources are scattered, the storage reliability cannot be guaranteed and the like, the storage virtualization means that all scattered and heterogeneous storage devices are mapped into a uniform and continuous addressing logical storage space which is called a virtual storage pool according to a certain strategy, the access address of the virtual storage pool is provided for an application system, and the storage virtualization improves the reliability and the availability of data through technologies such as data mirroring, data verification and multipath and the like.
The Ceph cluster is a data storage part in this embodiment, provides PB-level data storage capability, and meanwhile, the cluster has high scalability and high reliability, and can cope with the problem of insufficient cluster storage capability by adding nodes.
As shown in fig. 1 and 2, a supervisable data privacy sharing method based on end edge cloud collaboration includes the following steps:
step S1, based on the symmetric encrypted data cloud storage and generating a storage credential, the data uploaded by the user is stored in the Ceph cluster in the form of a file, and the digital digest of the data, the storage address of the encrypted file in the Ceph cluster, the data encryption/decryption key, the data access record, and the like are stored in the blockchain.
Initialization and block synchronization: the block chain is based on a P2P network, a central node does not exist, the position of each node is the same, and the nodes can also directly communicate with other nodes to broadcast data to the whole network. After the user starts the block link node to access the alliance link, the alliance link network can perform identity authentication, and only the legal node can successfully join the alliance link. After joining the alliance chain, the node starts to monitor and wait for the broadcast data of the peer nodes in the network, and checks whether the block of the node is the highest block, and if not, the node synchronizes from other nodes.
In order to ensure the security of data, a user encrypts the data into a ciphertext in a symmetric encryption mode and finishes uploading the data, a platform generates a file according to the received data, calculates a digital abstract, stores the digital abstract in a Ceph cluster and obtains a file storage address;
specifically, according to data input by a user and user information, encrypted data is generated by adopting a symmetric key method and is stored in a cloud storage server; the block chain platform initiates a transaction, calls an intelligent contract, takes information such as a digital abstract and an encrypted file address as metadata, encrypts the metadata and stores the metadata in a block chain network, the block chain network agrees with the transaction, and the DO generates and outputs a storage certificate of the metadata:andthe information w comprises user credentials, time, data hash, storage address, encryption key and the like, the encryption key is a symmetric key for encrypting files by the user,irepresenting blockchain nodes;
the cloud chain integrated architecture is constructed, the encrypted data are stored on the private cloud, and the storage certificate of the access data comprises the user certificate, time, a Uniform Resource Location (URL) of data storage, an encryption key and other information to generate the storage certificate.
Step S2, based on data certificate chain of distributed key, firstly, distributing key, system selecting polynomialIn each consensus period of the federation chain, the block chain nodes independently generate key slices according to the distributed key protocol, and respectively generate their private keys and public keys: (,) And secret reconstructed slice valuesWherein,,G 1 AndG 2 is two orders of prime numberpThe finite group of cycles of (a) is,gis thatG 1 The generation element of (a) is generated,e: G 1 ×G 1 →G 2 is a bi-linear mapping of the image data,,two hash functions are adopted, secondly, the block chain node calls an intelligent contract, and an encrypted searchable value is obtained based on a distributed public key searchable encryption algorithmAnd encryption metadata based on symmetric key encryptionAnd finally, willSaving to a block chain;
specifically, the block chain node calls an intelligent contract and generates a public key based on a Shamir distributed secret sharing mechanismAnd obtaining an assigned key value and a public key of each node(ii) a The block chain node calls an intelligent contract to generate a distributed public keyEncrypting searchable values(ii) a The block chain node calls the intelligent contract according to the public keyGenerating an encryption keyskGenerating encrypted metadata(ii) a Block link point generation transaction and packagingThe leader node of the PBFT (a practical byzantine fault tolerant, block chain is a federation chain based on a practical byzantine fault tolerant approach) verifies the transaction and adds it to the latest block.
A distributed public key searchable encryption algorithm comprising the computations:
wherein the content of the first and second substances,the public key, which is the blockchain node, is used to encrypt z, and finally, C is saved onto the blockchain.
Step S3, in the privacy state, the content of the data is supervised under the condition that the committee obtains consensus, and the supervision method includes: and the envelope supervision confirms whether the user submits the metadata storage certificate within a certain time under the condition that all nodes are identified together, and the unsealing supervision acquires the metadata storage certificate of the user, decrypts the stored data and acquires the data plaintext.
1. The envelope supervision process comprises the following steps:
(1) node submission key on chain of custodywAnd initiating a transaction;
(2) recovery of keys, chain of custodyThe node receives through multi-node negotiationkSecret value of each node, form list =And the intelligent contract is called,,list=so that;
(3) Node calculation local threshold on chain of custodyThe intelligent contracts collecting different nodesForm a;
In particular, a local trapdoorLocally based on its own fragmentation key, calculatingAnd broadcast(ii) a Generating a global threshold function, a set of trapdoors,,Representing a supervisory node.
(4) Saved on intelligent contract acquisition blockchainPerforming public key search keyword verification, if the result is True, indicating that the keyword exists in the envelope, and if the result is False, indicating that the keyword is not stored in the envelope;
if the above equation is true, then a certain equation is statedThe user has been uplinked before, but this way of supervision does not know what the user has certified.
(5) And finishing the envelope supervision.
2. The unsealing supervision process comprises the following steps:
(1) supervisory node submits keywordswAnd initiating a transaction;
(2) the supervision node calls an intelligent contract, and the node on the supervision chain judges whether the condition of unsealing supervision is met or not;
(3) recovering the secret key, receivekSecret value of individual node, list =And the intelligent contract is called,so that;
(4) Based onCalling an intelligent contract program to obtain an encryption key of the metadata; due to the fact thatIs encryptionBy consensus recovery of the nodesThereby recovering all information of the data credential;
(5) the user calls an intelligent contract program to obtain metadata according to the metadata encryption key and obtains the content of the stored data, and the data unsealing supervision is completed;
the distribution and recovery of the key adopt a distributed (k, n) key protocol, a key is divided into n parts, each member possesses an independent subkey, and the following conditions are satisfied:
any qualified member with no less than k can reconstruct the original key through the held sub-keys (k < n);
any member set below k cannot reconstruct the original key.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. A supervision data privacy sharing method based on end side cloud cooperation is characterized by comprising the following steps:
s2, searching for encrypted and symmetrically encrypted data certificate uplink based on public key, comprising the steps of:
s21, assigning a key value to each credential chain node based on a distributed key generation mechanismAnd public keyWherein,,G 1 AndG 2 is two orders of prime numberpThe finite group of cycles of (a) is,gis thatG 1 The generation element of (a) is generated,e: G 1 ×G 1 →G 2 is a bi-linear mapping of the image data,,two hash functions are used to generate a certificate encryption key sk, and the sk are recovered and fragmented based on a Shamir secret sharing mechanismAssigning a share to each credit chain node, in particular, randomly constructing a polynomialHandle barDistributing the nodes to the evidence storing chain, wherein n is the number of the evidence storing nodes;
s22, calling the intelligent contract by the deposit certificate chain node, and obtaining the encryption searchable value based on the distributed public key searchable encryption algorithmGenerating encryption metadata based on a public key;
s3, supervising under the condition of privacy status and committee consensus, the supervising method includes: the method comprises the following steps of envelope supervision and unsealing supervision, wherein the envelope supervision confirms whether a user submits a storage certificate of metadata within a certain time under the condition that all nodes are in common knowledge, and the method comprises the following steps:
s311, submitting key words by nodes on the chain of custodywAnd initiating a transaction;
s312, the evidence storing chain link points are commonly identified to obtain the retrieval trapdoor;
S313, intelligent contract acquisition Block chain savingPerform a public key search keyKey verification, calculation:
if the equation is established, the keyword is uplink-linked, otherwise, the keyword is not uplink-linked;
the unsealing supervision obtains the metadata storage certificate of the user, decrypts the stored data and obtains the data plaintext, and the unsealing supervision method comprises the following steps:
s321, submitting the key words by the supervision nodewAnd initiating a transaction;
s322, the supervision node calls an intelligent contract, and the node on the storage chain judges whether the condition of unsealing supervision is met;
S324, based onCalling intelligent contract program to obtain metadata encryption key, and recovering through node consensusTo recover the data credential;
and S325, calling the intelligent contract program to obtain the metadata according to the metadata encryption key by the user, and obtaining the content of the stored data.
2. The supervisable data privacy sharing method based on end edge cloud collaboration as claimed in claim 1, wherein in the step S312, the local trapdoorLocally based on its own fragmentation key, calculatingAnd broadcast;
3. The supervised data privacy sharing method based on end edge cloud coordination as recited in claim 1, wherein in step S21, the key is distributed, and the system selects the polynomialIn each consensus period of the alliance chain, the block chain nodes independently generate key slices according to the distributed key protocol, and respectively generate own private keysAnd public keyAnd secret reconstructed slice values;
In step S312, the node on the chain of custody receives the information through multi-node negotiationkSecret value of each node, form list =Invoking an intelligent contract, calculatingSo that;
Node calculation local threshold on chain of custodyThe intelligent contracts collecting different nodesForm a;
4. The supervised data privacy sharing method based on end edge cloud coordination as claimed in claim 3, wherein the distribution and recovery of the key adopt a distributed (k, n) key protocol, a key is divided into n parts, each member possesses an independent sub-key, and the following conditions are satisfied: any qualified member with no less than k can reconstruct the original key through the held sub-keys (k < n); any set of members within k cannot reconstruct the original key.
5. The supervised data privacy sharing method based on end edge cloud coordination as recited in claim 1, wherein in the step S22, the distributed public key searchable encryption algorithm includes calculating:
6. The supervised data privacy sharing method based on end edge cloud coordination as recited in claim 1, wherein the step S1 includes the steps of:
s11, encrypting data by the user in a symmetric encryption mode;
s12, the certificate storing chain platform generates a file according to the received data, calculates a digital abstract, uploads the digital abstract to the cloud end, and meanwhile obtains a file storage address;
s13, initiating transaction by the deposit chain platform, calling an intelligent contract, encrypting and storing metadata into a deposit chain network, wherein the metadata comprises a digital abstract and an encrypted file address, the deposit chain network agrees with the transaction, and generates and outputs a storage certificate of the metadataAnd。
7. the supervised data privacy sharing method based on end edge cloud coordination as claimed in claim 1, wherein the stored credentials in step S1Andincluding user credentials, time, data hash, storage address, and encryption key, the encryption key being a symmetric key for a user to encrypt files,iand representing the evidence storing chain node.
8. The supervised data privacy sharing method based on end edge cloud coordination as recited in claim 1, wherein in step S1, a cloud-chain integrated architecture is constructed, and the encrypted data is stored in a private cloud.
9. The supervisable data privacy sharing method based on end edge cloud cooperation according to claim 1, wherein the data encrypted in the step S1 is stored in a Ceph cluster.
10. The supervised data privacy sharing method based on end edge cloud coordination as recited in claim 1, wherein the block chain is a federation chain based on a practical Byzantine fault tolerant PBFT mode, and transactions are verified and added to the latest block through leader nodes of the PBFT.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110361878.8A CN112751673B (en) | 2021-04-02 | 2021-04-02 | Supervision-capable data privacy sharing method based on end side cloud cooperation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110361878.8A CN112751673B (en) | 2021-04-02 | 2021-04-02 | Supervision-capable data privacy sharing method based on end side cloud cooperation |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112751673A true CN112751673A (en) | 2021-05-04 |
CN112751673B CN112751673B (en) | 2021-06-25 |
Family
ID=75651705
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110361878.8A Active CN112751673B (en) | 2021-04-02 | 2021-04-02 | Supervision-capable data privacy sharing method based on end side cloud cooperation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112751673B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113542413A (en) * | 2021-07-16 | 2021-10-22 | 北京数牍科技有限公司 | Trusted evidence based supervised privacy computing method and system and computer equipment |
CN114422273A (en) * | 2022-03-29 | 2022-04-29 | 四川高速公路建设开发集团有限公司 | Sensitive decision data safety sharing method in intelligent construction engineering information system |
CN114584325A (en) * | 2022-05-06 | 2022-06-03 | 四川野马科技有限公司 | Bid quoted price data hybrid storage system and method based on block chain and cloud storage |
CN114866236A (en) * | 2022-05-11 | 2022-08-05 | 西安电子科技大学 | Data sharing method for Internet of things in cloud based on alliance chain |
CN115242555A (en) * | 2022-09-21 | 2022-10-25 | 北京邮电大学 | Supervisable cross-chain private data sharing method and device |
WO2023010932A1 (en) * | 2021-08-03 | 2023-02-09 | 之江实验室 | Cloud-edge collaborative multi-mode private data transfer method based on smart contract |
CN116132112A (en) * | 2022-12-22 | 2023-05-16 | 广州大学 | Keyword encryption searching method based on alliance chain intelligent contract |
CN116150793A (en) * | 2023-03-17 | 2023-05-23 | 北京信源电子信息技术有限公司 | DOA-based handle identification analysis technology data protection method and system |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106685989A (en) * | 2017-02-07 | 2017-05-17 | 杭州秘猿科技有限公司 | Privacy communication method based on license chain support and supervision |
EP3379769A1 (en) * | 2017-03-21 | 2018-09-26 | Gemalto Sa | Method of rsa signature or decryption protected using multiplicative splitting of an asymmetric exponent |
CN109120398A (en) * | 2018-08-03 | 2019-01-01 | 河南师范大学 | A kind of privacy sharing method and apparatus based on block catenary system |
CN109768987A (en) * | 2019-02-26 | 2019-05-17 | 重庆邮电大学 | A kind of storage of data file security privacy and sharing method based on block chain |
CN110289951A (en) * | 2019-06-03 | 2019-09-27 | 杭州电子科技大学 | A kind of shared content monitoring method based on Threshold key sharing and block chain |
CN111523133A (en) * | 2020-04-24 | 2020-08-11 | 远光软件股份有限公司 | Block chain and cloud data collaborative sharing method |
CN112163854A (en) * | 2020-09-14 | 2021-01-01 | 北京理工大学 | Hierarchical public key searchable encryption method and system based on block chain |
CN112543187A (en) * | 2020-11-26 | 2021-03-23 | 齐鲁工业大学 | Industrial Internet of things safety data sharing method based on edge block chain |
-
2021
- 2021-04-02 CN CN202110361878.8A patent/CN112751673B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106685989A (en) * | 2017-02-07 | 2017-05-17 | 杭州秘猿科技有限公司 | Privacy communication method based on license chain support and supervision |
EP3379769A1 (en) * | 2017-03-21 | 2018-09-26 | Gemalto Sa | Method of rsa signature or decryption protected using multiplicative splitting of an asymmetric exponent |
CN109120398A (en) * | 2018-08-03 | 2019-01-01 | 河南师范大学 | A kind of privacy sharing method and apparatus based on block catenary system |
CN109768987A (en) * | 2019-02-26 | 2019-05-17 | 重庆邮电大学 | A kind of storage of data file security privacy and sharing method based on block chain |
CN110289951A (en) * | 2019-06-03 | 2019-09-27 | 杭州电子科技大学 | A kind of shared content monitoring method based on Threshold key sharing and block chain |
CN111523133A (en) * | 2020-04-24 | 2020-08-11 | 远光软件股份有限公司 | Block chain and cloud data collaborative sharing method |
CN112163854A (en) * | 2020-09-14 | 2021-01-01 | 北京理工大学 | Hierarchical public key searchable encryption method and system based on block chain |
CN112543187A (en) * | 2020-11-26 | 2021-03-23 | 齐鲁工业大学 | Industrial Internet of things safety data sharing method based on edge block chain |
Non-Patent Citations (3)
Title |
---|
FENG GAO 等: "A Blockchain-Based Privacy-Preserving Payment Mechanism for Vehicle-to-Grid Networks", 《IEEE NETWORK》 * |
吴大鹏 等: ""端—边—云"协同的智慧物联网", 《物联网学报》 * |
李帅 等: "基于Shamir密钥分发算法的Android网盘多点存储系统", 《通信技术》 * |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113542413A (en) * | 2021-07-16 | 2021-10-22 | 北京数牍科技有限公司 | Trusted evidence based supervised privacy computing method and system and computer equipment |
CN113542413B (en) * | 2021-07-16 | 2024-01-05 | 北京数牍科技有限公司 | Manageable privacy computing method, system and computer equipment based on trusted memory card |
WO2023010932A1 (en) * | 2021-08-03 | 2023-02-09 | 之江实验室 | Cloud-edge collaborative multi-mode private data transfer method based on smart contract |
CN114422273A (en) * | 2022-03-29 | 2022-04-29 | 四川高速公路建设开发集团有限公司 | Sensitive decision data safety sharing method in intelligent construction engineering information system |
CN114422273B (en) * | 2022-03-29 | 2022-06-17 | 四川高速公路建设开发集团有限公司 | Sensitive decision data safety sharing method in intelligent construction engineering information system |
CN114584325A (en) * | 2022-05-06 | 2022-06-03 | 四川野马科技有限公司 | Bid quoted price data hybrid storage system and method based on block chain and cloud storage |
CN114866236A (en) * | 2022-05-11 | 2022-08-05 | 西安电子科技大学 | Data sharing method for Internet of things in cloud based on alliance chain |
CN114866236B (en) * | 2022-05-11 | 2024-03-29 | 西安电子科技大学 | Data sharing method of Internet of things in cloud based on alliance chain |
CN115242555A (en) * | 2022-09-21 | 2022-10-25 | 北京邮电大学 | Supervisable cross-chain private data sharing method and device |
CN116132112A (en) * | 2022-12-22 | 2023-05-16 | 广州大学 | Keyword encryption searching method based on alliance chain intelligent contract |
CN116150793A (en) * | 2023-03-17 | 2023-05-23 | 北京信源电子信息技术有限公司 | DOA-based handle identification analysis technology data protection method and system |
CN116150793B (en) * | 2023-03-17 | 2023-10-24 | 北京信源电子信息技术有限公司 | DOA-based handle identification analysis technology data protection method and system |
Also Published As
Publication number | Publication date |
---|---|
CN112751673B (en) | 2021-06-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112751673B (en) | Supervision-capable data privacy sharing method based on end side cloud cooperation | |
EP3788522B1 (en) | System and method for mapping decentralized identifiers to real-world entities | |
EP3788523B1 (en) | System and method for blockchain-based cross-entity authentication | |
CN109756582B (en) | Information recording method, device, node and storage medium in block chain network | |
US10805072B2 (en) | System and method for autonomous dynamic person management | |
CN110474893B (en) | Heterogeneous cross-trust domain secret data secure sharing method and system | |
CN107528688B (en) | Block chain key keeping and recovering method and device based on encryption delegation technology | |
Hota et al. | Capability-based cryptographic data access control in cloud computing | |
EP3089399B1 (en) | Methods and devices for securing keys for a non-secured, distributed environment with applications to virtualization and cloud-computing security and management | |
US10764047B2 (en) | Synchronizable hardware security module | |
WO2021135757A1 (en) | Method and apparatus for executing transaction correctness verification | |
CN112380578A (en) | Edge computing framework based on block chain and trusted execution environment | |
US11343081B2 (en) | Synchronizable hardware security module | |
CN115242555B (en) | Monitorable cross-chain private data sharing method and device | |
CN105071936A (en) | Systems and methods for secure data sharing | |
US10887294B2 (en) | Synchronizable hardware security module | |
El Defrawy et al. | Founding digital currency on secure computation | |
CN113643134A (en) | Internet of things block chain transaction method and system based on multi-key homomorphic encryption | |
US11893577B2 (en) | Cryptographic key storage system and method | |
CN115495768A (en) | Secret-related information processing method and system based on block chain and multi-party security calculation | |
CN110784318B (en) | Group key updating method, device, electronic equipment, storage medium and communication system | |
CN115913513B (en) | Distributed trusted data transaction method, system and device supporting privacy protection | |
CN112003690B (en) | Password service system, method and device | |
Noh et al. | A novel user collusion-resistant decentralized multi-authority attribute-based encryption scheme using the deposit on a blockchain | |
CN114239043A (en) | Shared encryption storage system constructed based on block chain technology |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |