CN112861157A - Data sharing method based on decentralized identity and proxy re-encryption - Google Patents
Data sharing method based on decentralized identity and proxy re-encryption Download PDFInfo
- Publication number
- CN112861157A CN112861157A CN202110226842.9A CN202110226842A CN112861157A CN 112861157 A CN112861157 A CN 112861157A CN 202110226842 A CN202110226842 A CN 202110226842A CN 112861157 A CN112861157 A CN 112861157A
- Authority
- CN
- China
- Prior art keywords
- data
- user
- encryption
- key
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000013475 authorization Methods 0.000 claims abstract description 9
- 238000004364 calculation method Methods 0.000 claims description 9
- 238000013500 data storage Methods 0.000 claims description 8
- 238000012790 confirmation Methods 0.000 claims description 2
- 230000008569 process Effects 0.000 description 12
- 238000005516 engineering process Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data sharing method based on decentralized identity and proxy re-encryption, which comprises the following steps: a data owner randomly generates a secret key A, encrypts original data R by using the secret key A to obtain encrypted data D, and pushes the encrypted data D to a data storage center for storage; then, the data owner encrypts the secret key A by using the DID public key of the data owner to generate an encrypted ciphertext C1 and generate a container-1, and then stores the container-1; the data user sends a data using request to the data owner, and the data owner authorizes the data user to generate the container-2 authorization information; and the data user requests the data appointed by the corresponding client from the access controller, and after confirming that the data user has the access authority to the data, the data user obtains the original data R through decryption. The invention can strictly protect the absolute control right of the user to the data while sharing the data, and can ensure the data privacy of the user to the maximum extent.
Description
Technical Field
The invention relates to a data sharing method, belongs to the technical field of data sharing in a network, and particularly relates to a data sharing method based on decentralized identity and proxy re-encryption.
Background
Data sharing lets different entities read and use others' data. The degree of data sharing can reflect the information development level of one country and one region laterally. The higher the degree of data sharing in a region, the higher the information development level of the region.
With the increasing cost of internet customer acquisition, many small enterprises and merchants tend to acquire user identity access information interfaces provided by BAT and the like in a alliance identity mode to provide their services. In the past, because the user data scale of the huge Internet enterprises is huge, the phenomenon of data monopoly can be caused according to the Martian effect.
Identity management is the first step in achieving data sharing. In the prior art, most identity management of data sharing platforms adopts a centralized system structure. Centralized digital identity management needs to rely on an authority and the digital identity cannot be directly controlled by the user to be completely deleted.
The data sharing platform has the same entities, and the entities comprise a data holder, a data visitor and a data service party.
Wherein, the data holder provides the party sharing the data resource.
Among them, the data visitor needs to access the party using the shared data resource.
The data service parties share data for data holders and provide intermediate service for data visitors to acquire data.
The traditional centralized data sharing process mainly comprises two steps. The data service side uploads the shared data to the data holder in a service interface or API mode, and the data server stores the data in a server offline after receiving the shared data; the data accessor downloads the shared data to the local through a service interface or API. This process enables data sharing from data holders to data visitors.
In the data sharing process, the data visitor does not directly face the data holder, but needs to complete a series of operations through the data service side. The data service party becomes a hub of the whole data sharing process, plays a role of a trusted third party and plays an extremely important role. The core centralized position of the data service side may bring some safety hazards to the shared data. For example, a data owner delegates access control authority of data to a data service party, and indirectly loses the autonomous control authority of the data, which may bring risks to the data holder that the data is tampered, the data is leaked, and the data is acquired by others without authorization of the data holder; the authenticity and validity of data stored in the server of the data service party are difficult to verify and discriminate; the data has weak security protection capability in the process of sharing and exchanging between entities, and a powerful prevention means is lacked when the data is subjected to security threat.
Therefore, how to implement decentralized data sharing becomes a technical problem which needs to be solved urgently.
A data security sharing and exchanging method and a data security sharing and exchanging platform system are described in patent CN 107241360B. The system uses an access agent subsystem and a request agent subsystem to respectively agent a user to execute the authority granting and acquiring functions of data. The access proxy subsystem corresponds to a data holder, and the request proxy subsystem corresponds to a data visitor. In this patent, the implementation of data sharing is as follows: the access agent subsystem generates description information for the shared data and uploads the description information to a database; the request subagent system acquires the shared data description information from the database, extracts a part for describing the required request data to form second description information, generates a data authority request and issues the data authority request to the network; the access agent subsystem acquires the data permission request and carries out approval, and then issues permission approval information; the request agent subsystem acquires the permission approval information and judges whether the applied permission approval passes, if so, the request agent subsystem issues an access request to the target data; the access proxy subsystem receives the data access request and provides the requested target data to the user proxied by the request proxy subsystem.
The data sharing scheme in the system is too complex in process, and the data sharing efficiency is influenced. On the other hand, in the scheme, the information issued by the access agent subsystem and the request agent subsystem needs to be sent to the block chain storage library, and compared with a centralized system, the information is not really decentralized but only weakly centralized.
In patent CN107566357B, an internet transaction information data storage method based on partition authentication is described. The method is realized by adopting a B2B platform and a block chain technology, so that the transaction information is real and reliable and cannot be tampered. The method needs to establish a cloud platform and a plurality of engineering technology trading areas, and an engineering trading block is established between any two engineering trading areas. Wherein, each project transaction block can share data with the corresponding transaction project area; each transaction engineering block may be data-shared with the cloud platform. The storage method of the transaction data comprises the following steps: and carrying out electronic signature and encryption on the transaction information, accessing the encrypted ciphertext into a transaction block, sending the transaction block to an engineering transaction area through an engineering transaction block, and storing the transaction block in a distributed account book.
A file security sharing method and system based on block chain cloud storage are described in patent CN 108259169A. In the data sharing method of the system, a data holder firstly symmetrically encrypts data and stores encrypted data ciphertext into a cloud; the key used in the encryption process and the decryption process of the symmetric encryption is the same key. The data holder encrypts the symmetric key and stores the ciphertext of the symmetric key as a part of the metadata to the block chain; according to the actual sharing requirement, the cloud end uses a new secret key to carry out proxy re-encryption on the stored data ciphertext; the data accessor obtains the requested data by obtaining a new key and the new data cipher text after re-encryption.
A technical solution for a data sharing method and system, and a blockchain system and a computing device is described in patent CN107592318A, which can greatly save cost and capital investment while sharing data. The process of the data sharing method comprises the following steps: the data holder sends the shared data to the data depositor; after receiving the data, the data depositor stores the data into a local database; the data storer generates description information for the shared data and submits the description information to the block chain system; when a data accessor requests to access the data, the description information of the data is sent to a data storer; after the data storage person receives the request, whether the data access person has corresponding access authority is judged according to the access control authority set by the data holder. If the data storage device is provided with the data storage device, the data storage device sends the data to the data visitor according to the description information.
However, there are some obvious disadvantages based on the existing data sharing method at the present stage. Firstly, the whole process still leaves no credible third party organization to participate in data sharing as a supervisor, and compared with a centralized data sharing system, the methods are only weakly centralized and cannot achieve true decentralized; secondly, in order to ensure the security of data, data is often required to be encrypted before being shared, the encryption method of the existing scheme usually selects a symmetric key to be used for encryption, the symmetric encryption key and the decryption key are the same key, the scheme inevitably needs to upload the symmetric key to the network during data sharing, however, the symmetric key has a risk of being stolen in the network transmission process, which undoubtedly increases the possibility that the shared data is maliciously stolen by others, thereby indirectly causing the loss of the interests of data holders; and thirdly, the access control link lacks fine granularity, and specific data access permission cannot be set for different data visitors according to specific conditions in different scenes, which is not favorable for the expandability of a subsequent system.
For the problems of the existing data sharing method, aiming at the first point, the invention provides a data sharing method based on decentralized identity and proxy re-encryption, wherein a trusted third party is not required to intervene in the method, and a decentralized data sharing system is implemented; aiming at the second point, the invention uses the proxy re-encryption method to re-encrypt the symmetric key used by the encrypted data, thus ensuring the security of the symmetric key in the network transmission process and greatly reducing the risk of data information leakage; aiming at the third point, the invention increases the fine granularity of access control by arranging the identity center module. After receiving the request of the data user, the data holder verifies the identity information of the requester in the distributed digital identity identifier resolver, and then sets corresponding authority for the requester through the identity center.
Disclosure of Invention
In order to solve the defects of the technology, the invention provides a data sharing method based on decentralized identity and proxy re-encryption.
In order to solve the technical problems, the invention adopts the technical scheme that: a data sharing method based on decentralized identity and proxy re-encryption comprises the following steps:
step one, uploading data: a data owner randomly generates a secret key A, encrypts original data R by using the secret key A to obtain encrypted data D, and pushes the encrypted data D to a data storage center for storage; then, the data owner encrypts the secret key A by using the DID public key of the data owner to generate an encrypted ciphertext C1 and generate a container-1, and then stores the container-1;
step two, requesting data: the data user sends a data using request to the data owner, and the data owner acquires the document corresponding to the DID from the DID resolver according to the DID information of the data user to obtain a DID public key of the data user; the data owner uses the DID private key of the data owner and the DID public key of the data user to carry out re-encryption calculation to obtain a re-encryption secret key Kab; the data owner authorizes the data user to generate the license-2 authorization information, and then the data owner returns the id of the license-2 to the data user;
step three, accessing data: the data user requests the access controller for the data specified by the corresponding client; the access controller confirms the access authority after receiving the request, if the access authority is confirmed, the re-encryption key Kab and the encrypted ciphertext C1 are used for carrying out proxy re-encryption calculation to obtain a new ciphertext K, and the proxy re-encryption algorithm can carry out data sharing under the condition that a user secret key is not leaked in a lower-security environment; after confirming that the data user has access authority to the data, pulling the corresponding encrypted data D from the data storage center; the access controller returns the encrypted data D and the new ciphertext K obtained after calculation to the data user; and the data user decrypts the new ciphertext K by using the DID private key of the data user to obtain a symmetric encryption key A, and then decrypts the encrypted data D by using the key A to obtain the original data R.
Further, the key a in the step one is a symmetric key; the data storage center is centralized storage, decentralized storage or block chain storage; the container-1 comprises storage information of data and an encrypted ciphertext C1, and the container-1 is stored in the Identity Hub.
Further, the storage information of the data includes, but is not limited to, the following information: file storage location, file hash, and file size.
Further, the close-2 authorization information in step two includes, but is not limited to, the following information: the data storage position information, the symmetric key information encrypted by the DID public key of the data owner, the re-encryption key Kab, the DID public key of the data user and the effective access time information.
Further, the confirming of the access right in step three specifically includes the following steps:
a. forwarding the request received by the access controller to an Identity Hub;
b. the Identity Hub checks the validity of the data user did;
c. the Identity Hub checks the validity of the access to the request claim.
Further, the data owner and the data user need to have at least one DID information at the same time, and the validity of the DID information can be verified with each other.
The invention can strictly protect the absolute control right of the user to the data while sharing the data, and can ensure the data privacy of the user to the maximum extent.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
Fig. 1 shows a data sharing method based on decentralized identity and proxy re-encryption, which includes the following steps:
step one, uploading data: a data owner randomly generates a secret key A, the secret key A is a symmetric secret key, original data R is encrypted by using the secret key A to obtain encrypted data D, the encrypted data D is pushed to a data storage center for storage, and the data storage center can be centralized storage, non-centralized storage or block chain storage; subsequently, the data owner encrypts the key a with its own DID public key, generates an encrypted ciphertext C1, and generates a container-1, where the container-1 includes storage information of the data and an encrypted ciphertext C1, where the storage information of the data includes, but is not limited to, the following information: storing the file storage position, the file hash and the file size, and then storing the client-1 in the Identity Hub;
step two, requesting data: the data user sends a data using request to the data owner, and the data owner acquires the document corresponding to the DID from the DID resolver according to the DID information of the data user to obtain a DID public key of the data user; the data owner uses the DID private key of the data owner and the DID public key of the data user to carry out re-encryption calculation to obtain a re-encryption secret key Kab; the data owner authorizes the data user and generates the container-2 authorization information, and the container-2 authorization information includes but is not limited to the following information: the data access method comprises the following steps of storing data storage position information, symmetric key information encrypted by a data owner DID public key, a re-encrypted key Kab, a data user DID public key and effective access time information; then the data owner returns the id of the client-2 to the data consumer;
step three, accessing data: the data user requests the access controller for the data specified by the corresponding client; the access controller confirms the access authority after receiving the request, and the confirmation of the access authority specifically comprises the following steps:
a. forwarding the request received by the access controller to an Identity Hub;
b. the Identity Hub checks the validity of the data user did;
c. the Identity Hub checks the validity of the access to the request claim;
if the authorized access is confirmed, a new ciphertext K is obtained by carrying out Proxy re-encryption calculation by using a re-encryption key Kab and an encrypted ciphertext C1, the Proxy re-encryption is a novel public key encryption algorithm with a ciphertext security conversion function, in the Proxy re-encryption algorithm, a semi-trusted agent (Proxy) plays a role of ciphertext conversion, the ciphertext encrypted by a public key of a Delegator can be converted into the ciphertext encrypted by a public key of a Delegator (Delegatee) to the same plaintext, and then the Delegator can decrypt the converted ciphertext by using the private key of the Delegator. In the ciphertext transformation process, the agent must have a ciphertext transformation key (re-encryption key) authorized by the delegator for the delegator, and the agent cannot obtain any information about the plaintext. The proxy re-encryption is used for data dynamic sharing, and the proxy re-encryption can realize the sharing of cloud ciphertext data under the condition of not leaking a decryption key of a data owner;
after confirming that the data user has access authority to the data, pulling the corresponding encrypted data D from the data storage center; the access controller returns the encrypted data D and the new ciphertext K obtained after calculation to the data user; and the data user decrypts the new ciphertext K by using the DID private key of the data user to obtain a symmetric encryption key A, and then decrypts the encrypted data D by using the key A to obtain the original data R.
In the above steps, DID refers to a decentralized digital identity identifier, which is an identifier consisting of a string of characters, and is used to represent a digital identity, and global uniqueness can be achieved without a central registration authority. Typically, an entity may possess multiple identities, each assigned a unique DID value, and an asymmetric key associated therewith. There is no associated information between different identities, thus effectively avoiding the collection of owner identity information. DID is a decentralized verifiable digital identifier and has the characteristics of distribution, autonomous controllability, cross-chain multiplexing and the like. The entity can autonomously complete the registration, parsing, updating or revocation operations of the DID. The DID is specifically analyzed into a DID document, and the DID document comprises a unique identification code of the DID, a public key list, detailed information (a holder, an encryption algorithm, a key state and the like) of the public key and other attribute descriptions of a DID holder; the data owner and the data user need to have at least one DID information at the same time, and the validity of the DID information can be verified with each other.
Claim refers to claims, which are used to prove some identity attribute of an entity, which can be stored and transmitted as a data unit and verified by any entity, the verifiable claims mainly include metadata, Claim content and the signature of the claimant; if the DID of the issuing party is endorsed, the issued Claim is called Proof Claim, and if the DID of the endorsement is an authority, the issued Claim can be considered to have public credibility; if the issuing party is the user himself, i.e. a DID issues Claim to himself, it is called Profile Claim. Because the verifiable statement is issued by the DID, the user can verify the authenticity of the statement by simply chaining to obtain the public key of the DID.
The DID Resolver, a DID parser, is a software component whose API is designed to receive DID lookup requests and execute corresponding DID methods to retrieve authoritative DID documents. To comply with this specification, the DID parser meets the following requirements:
a. whether the DID is valid or not should be verified according to the DID method specification, otherwise, an error is generated;
b. when performing the DID parsing operation, the requirement of the applicable DID method specification must be met;
c. if the DID document is signed, a service for verifying the integrity of the DID document should be provided;
d. a service of returning the request attribute of the DID document may be provided.
The Identity Hub refers to a service for saving and managing data of users in the ecosystem of DID, and the implementation of the Identity Hub satisfies several requirements:
a. the user can control: the Identity Hub can be deployed anywhere by the user's choice, including the user's own mobile phone, PC, etc.;
b. encrypting and storing user data;
c. identity Hub does not hold any private key;
d. the access of user data requires authentication;
e. third parties may be allowed access to the user data after user authorization.
Compared with the prior art, the invention has the following advantages:
(1) the invention relates to a data sharing method based on decentralized identity, a user has absolute control right on data, and based on the characteristic of did Claim, the user can accurately control the sharing range and the sharing time of the data. The DID is an identity system based on a block chain, is a distributed decentralized system, and does not have single point of failure. The invention separates the access function and the storage function of the data to form an independent service, so that the storage function is centralized storage or decentralized storage, or the storage of a block chain can be compatible, and the availability, the effectiveness and the universality of the method are ensured to the greatest extent.
(2) The invention relates to a data sharing method based on proxy re-encryption, which is an encryption method capable of safely converting a ciphertext, converts the ciphertext of one user into the ciphertext which can be decrypted by another user through a proxy server, does not leak the private key and plaintext information of the user, ensures the data security of the user to the maximum extent, and enables the user to store own encrypted data in an environment which is not particularly safe and does not leak own secrets in a data sharing process.
The above embodiments are not intended to limit the present invention, and the present invention is not limited to the above examples, and those skilled in the art may make variations, modifications, additions or substitutions within the technical scope of the present invention.
Claims (6)
1. A data sharing method based on decentralized identity and proxy re-encryption is characterized in that: the method comprises the following steps:
step one, uploading data: a data owner randomly generates a secret key A, encrypts original data R by using the secret key A to obtain encrypted data D, and pushes the encrypted data D to a data storage center for storage; then, the data owner encrypts the secret key A by using the DID public key of the data owner to generate an encrypted ciphertext C1 and generate a container-1, and then stores the container-1;
step two, requesting data: the data user sends a data using request to the data owner, and the data owner acquires the document corresponding to the DID from the DID resolver according to the DID information of the data user to obtain a DID public key of the data user; the data owner uses the DID private key of the data owner and the DID public key of the data user to carry out re-encryption calculation to obtain a re-encryption secret key Kab; the data owner authorizes the data user to generate the license-2 authorization information, and then the data owner returns the id of the license-2 to the data user;
step three, accessing data: the data user requests the access controller for the data specified by the corresponding client; the access controller confirms the access authority after receiving the request, if the access authority is confirmed, the re-encryption key Kab and the encrypted ciphertext C1 are used for carrying out proxy re-encryption calculation to obtain a new ciphertext K, and the proxy re-encryption algorithm can carry out data sharing under the condition that a user secret key is not leaked in a lower-security environment; after confirming that the data user has access authority to the data, pulling the corresponding encrypted data D from the data storage center; the access controller returns the encrypted data D and the new ciphertext K obtained after calculation to the data user; and the data user decrypts the new ciphertext K by using the DID private key of the data user to obtain a symmetric encryption key A, and then decrypts the encrypted data D by using the key A to obtain the original data R.
2. The decentralized identity and proxy re-encryption based data sharing method according to claim 1, wherein: the secret key A in the first step is a symmetric secret key; the data storage center is centralized storage, decentralized storage or block chain storage; the container-1 comprises storage information of data and an encrypted ciphertext C1, and the container-1 is stored in the Identity Hub.
3. The decentralized identity and proxy re-encryption based data sharing method according to claim 2, wherein: the storage information of the data includes, but is not limited to, the following information: file storage location, file hash, and file size.
4. The decentralized identity and proxy re-encryption based data sharing method according to claim 1, wherein: the close-2 authorization information in the second step includes but is not limited to the following information: the data storage position information, the symmetric key information encrypted by the DID public key of the data owner, the re-encryption key Kab, the DID public key of the data user and the effective access time information.
5. The decentralized identity and proxy re-encryption based data sharing method according to claim 1, wherein: the confirmation of the access right in the third step specifically comprises the following steps:
a. forwarding the request received by the access controller to an Identity Hub;
b. the Identity Hub checks the validity of the data user did;
c. the Identity Hub checks the validity of the access to the request claim.
6. The decentralized identity and proxy re-encryption based data sharing method according to claim 1, wherein: the data owner and the data user need to have at least one DID information at the same time, and the validity of the DID information can be verified with each other.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110226842.9A CN112861157A (en) | 2021-03-01 | 2021-03-01 | Data sharing method based on decentralized identity and proxy re-encryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110226842.9A CN112861157A (en) | 2021-03-01 | 2021-03-01 | Data sharing method based on decentralized identity and proxy re-encryption |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112861157A true CN112861157A (en) | 2021-05-28 |
Family
ID=75990644
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110226842.9A Pending CN112861157A (en) | 2021-03-01 | 2021-03-01 | Data sharing method based on decentralized identity and proxy re-encryption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112861157A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113312647A (en) * | 2021-06-23 | 2021-08-27 | 东北大学秦皇岛分校 | Multi-agent data sharing method based on block chain storage |
| CN113992330A (en) * | 2021-10-30 | 2022-01-28 | 贵州大学 | Block chain data controlled sharing method and system based on proxy re-encryption |
| CN114500069A (en) * | 2022-02-10 | 2022-05-13 | 福建福链科技有限公司 | Method and system for storing and sharing electronic contract |
| CN117061248A (en) * | 2023-10-11 | 2023-11-14 | 江南大学附属医院 | Data security protection method and device for data sharing |
| CN117527445A (en) * | 2024-01-02 | 2024-02-06 | 江苏荣泽信息科技股份有限公司 | Data sharing system based on re-encryption and distributed digital identity |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103442059A (en) * | 2013-08-27 | 2013-12-11 | 华为终端有限公司 | File sharing method and device |
| CN109559124A (en) * | 2018-12-17 | 2019-04-02 | 重庆大学 | A kind of cloud data safety sharing method based on block chain |
| CN111277577A (en) * | 2020-01-14 | 2020-06-12 | 北京百度网讯科技有限公司 | Digital identity verification method, device, equipment and storage medium |
-
2021
- 2021-03-01 CN CN202110226842.9A patent/CN112861157A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103442059A (en) * | 2013-08-27 | 2013-12-11 | 华为终端有限公司 | File sharing method and device |
| CN109559124A (en) * | 2018-12-17 | 2019-04-02 | 重庆大学 | A kind of cloud data safety sharing method based on block chain |
| CN111277577A (en) * | 2020-01-14 | 2020-06-12 | 北京百度网讯科技有限公司 | Digital identity verification method, device, equipment and storage medium |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113312647A (en) * | 2021-06-23 | 2021-08-27 | 东北大学秦皇岛分校 | Multi-agent data sharing method based on block chain storage |
| CN113312647B (en) * | 2021-06-23 | 2022-06-24 | 东北大学秦皇岛分校 | Multi-agent data sharing method based on block chain storage |
| CN113992330A (en) * | 2021-10-30 | 2022-01-28 | 贵州大学 | Block chain data controlled sharing method and system based on proxy re-encryption |
| CN114500069A (en) * | 2022-02-10 | 2022-05-13 | 福建福链科技有限公司 | Method and system for storing and sharing electronic contract |
| CN117061248A (en) * | 2023-10-11 | 2023-11-14 | 江南大学附属医院 | Data security protection method and device for data sharing |
| CN117061248B (en) * | 2023-10-11 | 2024-02-20 | 江南大学附属医院 | Data security protection method and device for data sharing |
| CN117527445A (en) * | 2024-01-02 | 2024-02-06 | 江苏荣泽信息科技股份有限公司 | Data sharing system based on re-encryption and distributed digital identity |
| CN117527445B (en) * | 2024-01-02 | 2024-03-12 | 江苏荣泽信息科技股份有限公司 | Data sharing system based on re-encryption and distributed digital identity |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6941146B2 (en) | Data security service | |
| CN111783075B (en) | Authority management method, device and medium based on secret key and electronic equipment | |
| US8407477B2 (en) | Information distribution system and program for the same | |
| CN112861157A (en) | Data sharing method based on decentralized identity and proxy re-encryption | |
| CN101605137B (en) | Safe distribution file system | |
| US11943350B2 (en) | Systems and methods for re-using cold storage keys | |
| US10949556B2 (en) | Method for encrypting data and a method for decrypting data | |
| CN101321064A (en) | Information system access control method and apparatus based on digital certificate technique | |
| CN112685790B (en) | Block chain data security and privacy protection method | |
| CN115567312B (en) | Alliance chain data authority management system and method capable of meeting various scenes | |
| JP2007226470A (en) | Authority management server, authority management method, and authority management program | |
| KR20230063640A (en) | Method and system for managing decentralized data using attribute-based encryption | |
| CN109862009A (en) | A kind of client identity method of calibration and device | |
| CN110807210B (en) | Information processing method, platform, system and computer storage medium | |
| US10764260B2 (en) | Distributed processing of a product on the basis of centrally encrypted stored data | |
| CN111698203A (en) | Cloud data encryption method | |
| CN113239376B (en) | Data sharing method, request method and device based on block chain | |
| CN111541708B (en) | Identity authentication method based on power distribution | |
| CN113987561A (en) | Trusted execution environment-based private data classification method, system and terminal | |
| US11804969B2 (en) | Establishing trust between two devices for secure peer-to-peer communication | |
| Baghel et al. | Multilevel security model for cloud third-party authentication | |
| JP2016038845A (en) | User authentication system, authentication server, user authentication method and program | |
| CN113726523A (en) | Multi-identity authentication method and device based on Cookie and DR identity cryptosystem | |
| CN116015675A (en) | Industrial Internet encryption data exchange method and system based on block chain | |
| LOKESH et al. | Secure Distributed Data Storage by using Proxy Servers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20220216 Address after: P.O. Box 31119, grant house, Furong Road, 802 Xiwan Road, Grand Cayman, Cayman Islands Applicant after: Okoser Holdings Address before: 100089 4001, floor 4, building 3, 8 Chuangye Road, Haidian District, Beijing Applicant before: Beijing Oukai Lianchuang Network Technology Co.,Ltd. |