CN113438235B - Data layered credible encryption method - Google Patents

Data layered credible encryption method Download PDF

Info

Publication number
CN113438235B
CN113438235B CN202110705139.6A CN202110705139A CN113438235B CN 113438235 B CN113438235 B CN 113438235B CN 202110705139 A CN202110705139 A CN 202110705139A CN 113438235 B CN113438235 B CN 113438235B
Authority
CN
China
Prior art keywords
data
trusted
encryption
root
trust
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110705139.6A
Other languages
Chinese (zh)
Other versions
CN113438235A (en
Inventor
李景红
盛卫平
阎玺
孟浩
郑少飞
孙婧
郑腾霄
古明
王佳宁
成雨蔚
何熹
李晓华
刘伯宇
阴皓
黄婉琳
胡晨怡
郑洪权
王志敏
雷平
侯文川
苑洪亮
张振清
王峰
郭艳明
刘亚军
谢慧敏
谢钧
韩晶晶
付朋侠
郭栋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Henan Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Henan Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Henan Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202110705139.6A priority Critical patent/CN113438235B/en
Publication of CN113438235A publication Critical patent/CN113438235A/en
Application granted granted Critical
Publication of CN113438235B publication Critical patent/CN113438235B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

A data layered credible encryption method belongs to the field of data processing. The method comprises a data encryption step, a content encryption step and a data encryption step, wherein a symmetric key K is obtained, first data are symmetrically encrypted, and content encryption data are generated; a data credible encryption step of encrypting the first data based on a credible pointer to generate credible encrypted data; and a secret key decryption step, namely encrypting the symmetric key K based on the public parameter PK and the attribute of the access structure tree T to generate an access key EK, wherein the access key EK corresponds to at least one access private key SK. It has high security of encrypted data.

Description

Data layered credible encryption method
Technical Field
The invention relates to the technical field of data processing, in particular to a data layered trusted encryption method.
Background
The digital audit requires realization of audit full coverage, full audit and cross-domain audit, large data integration and aggregation are required to be performed on professional data such as company personal data, financial data, marketing data, engineering data, material data and the like, audit intermediate data have the characteristics of mass (stock data 430TB, incremental data 340 GB), diversity (structured data, semi-structured data, unstructured data), reality (data integrity and accuracy are guaranteed), a plurality of service information systems are involved, along with expansion of audit coverage, the data capacity of an audit intermediate table is larger and larger, the difficulty in safety management of mass data is high, responsibility is high, and it is urgently needed to apply advanced technical means to guarantee data safety.
Patent document CN 109831305a describes an anti-quantum computation signcryption method based on an asymmetric key pool, which is characterized in that both a signcryption party and an encryption verifier participating in signcryption are configured with key fobs, and the key fobs store an asymmetric key pool, a public key pointer random number and a private key; the private keys comprise a first private key used for signing and encrypting and a second private key used for encrypted transmission, the public key pointer random number can be combined with the asymmetric key pool to obtain a first public key corresponding to the first private key and a second public key corresponding to the second private key, and the asymmetric key pool stores the first public key and the second public key respectively corresponding to all users; the quantum-resistant calculation signcryption method comprises the following steps: combining a key fob according to a public key pointer random number corresponding to the verifier to obtain a first public key and a second public key of the verifier; generating a first intermediate parameter, a second intermediate parameter and a third intermediate parameter by using the first random number and the second random number; encrypting the original text by using the first intermediate parameter to obtain a ciphertext; utilizing a hash function to act on the original text and the second intermediate parameter to obtain a parameter r; calculating by using a first random number, a parameter r and a first private key of a signcrypter to obtain a parameter s, and encrypting the parameter s by using a third intermediate parameter to obtain a parameter s'; encrypting the second random number by using a second public key of the encryptor to obtain an encrypted second random number; and sending the random number of the public key pointer of the signcryptor, the encrypted second random number, the ciphertext, the parameter r and the parameter s' as the signcryption to the signcryptor for carrying out the signcryption. The technical scheme can not meet the requirement of data credibility certification.
Disclosure of Invention
The invention aims to provide a data layered credible encryption method, which is used for realizing credible authentication of data while encrypting the data.
The technical scheme of the invention is as follows:
a data layering credible encryption method comprises the following steps:
a data encryption step, namely acquiring a symmetric key K, symmetrically encrypting the first data and generating content encrypted data;
a data credible encryption step of encrypting the first data based on a credible pointer to generate credible encrypted data;
and a secret key decryption step, namely encrypting the symmetric key K based on the public parameter PK and the attribute of the access structure tree T to generate an access key EK, wherein the access key EK corresponds to at least one access private key SK.
Preferably, the access private key SK is generated based on the master key MK, the public parameter PK and the access attribute set a.
Preferably, the trusted pointer is a random number.
Preferably, the data trusted encryption step includes obtaining a primary root of trust RT 1 Combining the first data and the primary root of trust RT 1 Calculating the abstract value H of the first combined data by using an abstract processing method for the first combined data 2 Let the second level root of trust RT 2 =H 2 The trusted encryption data comprises the associated primary root of trust RT 1 And the secondary root of trust RT 2 . Wherein, the first level trusted root RT 1 Is a trusted pointer.
Preferably, the step of encrypting the data includes calculating a digest value H of the first data using a digest processing method 1 (ii) a Obtaining a first-level root of trust RT 1 In combination withThe digest value H 1 And the primary root of trust RT 1 Calculating the abstract value H of the first combined data by using the abstract processing method for the first combined data 2 Let the second level root of trust RT 2 =H 2 The trusted encryption data comprises the associated primary root of trust RT 1 And the secondary root of trust RT 2 . Wherein, the first level trusted root RT 1 Is a trusted pointer.
Further preferably, the digest processing method is a Hash algorithm.
Preferably, the content encryption data and the first data pointer are stored in the data center station in an associated manner, and the primary root of trust RT 1 Generated by a trusted certificate authority, the first data pointer and the primary root of trust RT 1 The first-level trusted root RT is stored in a block of a record block chain contract, and the trusted authentication center is stored in association with the first-level trusted root RT 1 And secondary root of trust RT 2 Wherein the first data pointer uniquely corresponds to the first data.
Preferably, when the first data is transmitted in the trusted execution environment, the step of encrypting the data is executed, and when the content encrypted data is separated from the trusted execution environment, the step of encrypting the data in the trusted execution environment and the step of encrypting the decryption key are executed.
The beneficial effects of the invention are:
1. the content encryption data generated in the data encryption step can improve the security of the first data; the trusted encryption data generated in the data trusted encryption step can meet the requirement of tamper-proof authentication of the first data. The step of encrypting the secret key can improve the difficulty of decryption and improve the confidentiality and the safety of data.
2. The symmetric key K is encrypted based on the public parameter PK and the attribute of the access structure tree T to generate an access secret key EK, the access secret key SK is generated based on the master key MK, the public parameter PK and the access attribute set A, one access secret key corresponding to a plurality of access secret keys can be generated, and the requirement of data confidentiality is met more easily.
3. The credible pointer is a random number, so that the cracking difficulty is increased.
4. The first-level credible root belongs to the credible pointer, and when an encryptor applies for the first-level credible root, the first-level credible root has uniqueness, so that the credible encrypted data has uniqueness, and the anti-tampering authentication requirement of the first data is met.
5. The data center, the trusted authentication center and the record block linkage contract improve the confidentiality and the safety of data.
Detailed Description
The following examples are presented to illustrate the present invention and to assist those skilled in the art in understanding and practicing the present invention. Unless otherwise indicated, the following embodiments and technical terms therein should not be understood to depart from the background of the technical knowledge in the technical field.
In the present invention, the association of data means that two or more data are associated. A pointer refers to a set of data that uniquely points to another set of data, which is similar to a data ID, i.e., a data ID uniquely points to the data to which it corresponds.
Invention 1
A data layered credible encryption method comprises a data encryption step, a data credible encryption step and a decryption secret key encryption step.
In the Data encryption step, a pair of symmetric keys K is randomly generated using the national cryptographic algorithm SM4, the first Data is symmetrically encrypted, and the content encrypted Data ED, ED = Encrypt (Data, K) is generated.
In the Data credible encryption step, the first Data is encrypted based on the credible pointer to generate credible encrypted Data. Wherein, the credible pointer is a random number. Specifically, a primary root of trust RT is obtained 1 Combining the first data and the primary root of trust RT 1 Calculating a digest value H of first combined data for the first combined data using a digest processing method 2 Let the second level root of trust RT 2 =H 2 The trusted encryption data comprises the associated primary root of trust RT 1 And the secondary root of trust RT 2 . Wherein, the first level trusted root RT 1 Is a trusted pointer. In addition, another method may be adopted. Specifically, the abstract processing method is used for calculating the abstract value H of the first data 1 (ii) a Obtaining a first-level root of trust RT 1 In combination withThe digest value H 1 And the primary root of trust RT 1 Calculating the abstract value H of the first combined data by using the abstract processing method for the first combined data 2 Let the second level root of trust RT 2 =H 2 The trusted encryption data comprises the associated primary root of trust RT 1 And the secondary root of trust RT 2 . Among them, the first level trusted root RT 1 Is a trusted pointer.
And a secret key decryption step, namely establishing a master secret key MK, a public parameter PK, an access structure tree T and an access attribute set A, encrypting a symmetric secret key K based on the public parameter PK and the access structure tree T attribute, and generating an access secret key EK, wherein EK = Encrypt (K, PK, T). The access secret key EK corresponds to at least one access secret key SK, the access secret key SK is generated based on the master secret key MK, the public parameter PK and the access attribute set a, SK = (MK, PK, a). The access structure tree T is used to define the access rights of the data, specifically, the types of the data that can be asked, cannot be accessed, and the like.
In use, the content encryption data ED and the first data pointer may be stored in association within the data center. First-level root of trust RT 1 May be generated by a trusted certificate authority, a master key MK, a public parameter PK, and an associated primary root of trust RT 1 And secondary root of trust RT 2 May be stored in the trusted authentication center, and the private key SK may also be generated by the trusted authentication center. Encryption behavior of data encryption steps, trusted encryption behavior of data trusted encryption steps and associated first data pointer and primary root of trust RT involved in using a hierarchical trusted encryption method for data 1 And an encryption behavior such as a decryption key encryption step can construct a block and place the block in the recording block linkage. Wherein the first data pointer uniquely corresponds to the first data.
When the method is used, when the first data is transmitted in the trusted execution environment, only the data encryption step is executed, and when the content encryption data is separated from the trusted execution environment, the data trusted encryption step and the secret key decryption step are executed.
Invention 2
A method of data decryption comprising the steps of:
and obtaining the access secret key EK, and decrypting the access secret key EK by using the access secret key SK to obtain a symmetric secret key K. The access secret key EK is obtained by encrypting the symmetric secret key K based on the public parameter PK and the access structure tree T attribute, and the access secret key SK is generated based on the master secret key MK, the public parameter PK and the access attribute set A.
And acquiring content encrypted data, and using the symmetric key K to decrypt the content encrypted data to obtain second data.
And acquiring a trusted pointer and trusted encryption data according to the first data pointer, encrypting the second data based on the trusted pointer to generate trusted verification data, comparing the trusted encryption data with the trusted verification data, wherein if the trusted encryption data is equal to the trusted verification data, the second data is equal to the first data, and if the trusted encryption data is not equal to the trusted verification data, the second data is different from the first data. Specifically, the trusted pointer is a primary root of trust RT 1 The generation method of the credible verification data comprises the following steps: processing the combined second data and the primary root of trust RT using a digest processing method 1 Obtaining a secondary verification root RT' 2 Second level verification root RT' 2 Is trusted authentication data. In addition, the generation method of the trusted verification data may further be: calculating a summary value H 'of the second data by using a summary processing method' 1 Combining the digest value H' 1 And the primary root of trust RT 1 Calculating a digest value H 'of the second combined data using the digest processing method for the second combined data' 2 Let two levels verify root RT' 2 =H′ 2 And the secondary verification root RT' 2 Is trusted authentication data.
The first data pointer uniquely corresponds to first data, and the content encryption data is obtained by encrypting the first data by using a symmetric key K.
In this embodiment, the content encryption data and the first data pointer are stored in association in the data center, the first data pointer and the trusted pointer are stored in association in a block of a record block chaining contract, the trusted pointer and the trusted encryption data are stored in association in the trusted authentication center, and the trusted encryption data and the trusted verification data are compared in the trusted authentication center, in which the comparison method is: and sending the credible verification data and the credible pointer to a credible authentication center in an associated manner, comparing the credible encryption data and the credible verification data by the credible authentication center based on the credible pointer, returning a comparison result, returning first information if the credible encryption data is equal to the credible verification data, and returning second information if the credible encryption data is not equal to the credible verification data. The first information expresses the trustworthy meaning of the second data and the second information expresses the suspect meaning of the second data.
In this embodiment, the digest processing method is a Hash algorithm.
In addition, the trusted encryption data and the trusted verification data may be compared locally, and at this time, the first data pointer, the trusted encryption data, and the trusted pointer are stored in association in the block of the record block chaining contract.
And during data operation, if the second data is equal to the first data, performing data operation by using the second data. If the second data is different from the first data, the first data is reapplied.
Invention 3
A method of data monitoring, comprising:
the data source end uploads a data file encryption record, a credible authentication encryption record, a secret key encryption record, and a related data file pointer, a credible pointer and credible data to a record block chain;
the data black box uploads a data acquisition record and a credible authentication record to a recording block chain;
the data operation end uploads a data operation record to the recording block chain;
and recording a block chain establishing block, wherein the content of the block comprises a data file encryption record, a credible authentication encryption record, a key encryption record, a data acquisition record, a credible authentication record, a data operation record, and an associated data file pointer, a credible pointer and credible data.
In this embodiment, the data source end uploads the data file pointer and the encrypted data file to the data middlebox. And the data black box acquires the encrypted data file from the data middling station according to the data file pointer and generates a data acquisition record.
In this embodiment, the data source further associates and uploads the trusted pointer and the trusted data to the trusted authentication center, where the trusted authentication center is configured to operate the trusted pointer random generator, and the pointer random generator is configured to generate the random trusted pointer. And the association uploading refers to uploading the data to a target position after associating.
In this embodiment, the trusted authentication center further stores a master key MK and a public parameter PK, the data source generates a symmetric key K, and obtains the public parameter PK from the trusted authentication center, and generates a key EK based on the symmetric key K, the public parameter PK and the access structure tree T, and EK = Encrypt (K, PK, T). The data black box sends the access attribute set A to the trusted authentication center, and the trusted authentication center generates a private key SK, SK = (MK, PK, A) based on a master key MK, public parameters PK and the access attribute set A. The trusted authentication center sends the private key SK to the data black box, and the data black box uses the private key SK to decrypt the secret key EK to obtain the symmetric secret key K. The data black box acquires an encrypted data file from the data staging according to the data file pointer, acquires a trusted pointer and trusted data from the recording block chain according to the data file pointer, and uses the symmetric secret key K to decrypt the encrypted data file to generate second data; and encrypting second data based on the trusted pointer, generating and sending trusted verification data to a trusted authentication center, comparing the trusted data with the trusted verification data by the trusted authentication center, returning a comparison result, outputting the comparison result by the data black box and generating a trusted authentication record, wherein the comparison result is first information if the trusted data is equal to the trusted verification data, and the comparison result is second information if the trusted data is not equal to the trusted verification data. The first information expresses the trustworthy meaning of the second data and the second information expresses the suspect meaning of the second data.
In the embodiment, a data source end obtains a symmetric key K, symmetrically encrypts first data, and generates content encrypted data and a data file encrypted record; encrypting the first data based on the trusted pointer to generate trusted data and a trusted authentication encryption record; and encrypting the symmetric key K based on the public parameter PK and the attribute of the access structure tree T to generate an access key EK and a key encryption record, wherein the access key EK corresponds to at least one access key SK, and the first data uniquely corresponds to the data file pointer.
In this embodiment, the data source end obtains a trusted pointer, which is a first-level root of trust RT 1 Combining the first data with the primary root of trust RT 1 Calculating the abstract value H of the first combined data by using an abstract processing method for the first combined data 2 Let the second level root of trust RT 2 =H 2 The secondary root of trust RT 2 Is trusted data.
The data operation record is the record generated by the data operation end in the process of operating the second data.
The present invention is described in detail with reference to the examples. It should be understood that in practice the description of all possible embodiments is not exhaustive and that the inventive concepts are described herein as far as possible by way of illustration. Without departing from the inventive concept of the present invention and without any creative work, a person skilled in the art should, in all of the embodiments, make optional combinations of technical features and experimental changes of specific parameters, or make a routine replacement of the disclosed technical means by using the prior art in the technical field to form specific embodiments, which belong to the content implicitly disclosed by the present invention.

Claims (10)

1. A data layered trusted encryption method is characterized by comprising the following steps:
a data encryption step, namely acquiring a symmetric key K, symmetrically encrypting first data and generating content encryption data;
a data credible encryption step of encrypting the first data based on a credible pointer to generate credible encrypted data;
an encryption step of secret key decryption, namely encrypting a symmetric key K based on public parameters PK and attributes of an access structure tree T to generate an access key EK, wherein the access key EK is corresponding to at least one access private key SK;
the data trusted encryption step comprises the steps of obtaining a first-level trusted root RT 1 Combining the first data and the primary root of trust RT 1 For the first combined data, calculating using a digest processing methodThe summary value H of the first combined data 2 Let the second level root of trust RT 2 =H 2 The trusted encryption data comprises the associated primary root of trust RT 1 And the secondary root of trust RT 2
First-level root of trust RT 1 The pointer is a credible pointer which is a random number.
2. The method for hierarchical trusted encryption of data according to claim 1, wherein said access private key SK is generated based on a master key MK, public parameters PK and a set of access attributes a.
3. The data layered trusted encryption method of claim 1, wherein said digest processing method is a Hash algorithm.
4. The method for hierarchical trusted encryption of data according to claim 1 wherein said content encryption data and first data pointer are stored in association within a data center, said primary root of trust RT 1 Generated by a trusted certificate authority, the first data pointer and the primary root of trust RT 1 The first-level credible root RT is stored in a block of a record block chain contract, and the first-level credible root RT is stored in the credible authentication center in a correlation manner 1 And secondary root of trust RT 2 Wherein the first data pointer uniquely corresponds to the first data.
5. The hierarchical trusted data encryption method as claimed in claim 1, wherein the step of encrypting the data is performed when the first data is transmitted in the trusted execution environment, and the step of encrypting the content encrypted data is performed when the content encrypted data is separated from the trusted execution environment.
6. A data layered trusted encryption method is characterized by comprising the following steps:
a data encryption step, namely acquiring a symmetric key K, symmetrically encrypting the first data and generating content encrypted data;
a data credible encryption step of encrypting the first data based on a credible pointer to generate credible encrypted data;
an encryption step of secret key decryption, namely encrypting a symmetric key K based on public parameters PK and attributes of an access structure tree T to generate an access key EK, wherein the access key EK is corresponding to at least one access private key SK;
the data trusted encryption step includes calculating a digest value H of the first data using a digest processing method 1 (ii) a Obtaining a first-level root of trust RT 1 Combining said digest values H 1 And the primary root of trust RT 1 Calculating the abstract value H of the first combined data by using the abstract processing method for the first combined data 2 Let the second level root of trust RT 2 =H 2 The trusted encryption data comprises the associated primary root of trust RT 1 And the secondary root of trust RT 2
First-level root of trust RT 1 The pointer is a credible pointer which is a random number.
7. The method for hierarchical trusted encryption of data according to claim 6, wherein said access private key SK is generated based on a master key MK, a public parameter PK, and an access attribute set A.
8. The hierarchical trusted data encryption method according to claim 6, wherein said digest processing method is a Hash algorithm.
9. The hierarchical trusted data encryption method according to claim 6, wherein said content encryption data and said first data pointer are stored in association in a data center, said primary root of trust RT being 1 Generated by a trusted certificate authority, the first data pointer and the primary root of trust RT 1 The first-level trusted root RT is stored in a block of a record block chain contract, and the trusted authentication center is stored in association with the first-level trusted root RT 1 And secondary root of trust RT 2 Wherein the first data pointer uniquely corresponds to the first data.
10. The hierarchical trusted data encryption method as claimed in claim 6, wherein the step of encrypting the data is performed while the first data is being transferred in the trusted execution environment, and the step of encrypting the content encrypted data is performed while the content encrypted data is being released from the trusted execution environment.
CN202110705139.6A 2021-06-24 2021-06-24 Data layered credible encryption method Active CN113438235B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110705139.6A CN113438235B (en) 2021-06-24 2021-06-24 Data layered credible encryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110705139.6A CN113438235B (en) 2021-06-24 2021-06-24 Data layered credible encryption method

Publications (2)

Publication Number Publication Date
CN113438235A CN113438235A (en) 2021-09-24
CN113438235B true CN113438235B (en) 2022-10-18

Family

ID=77755310

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110705139.6A Active CN113438235B (en) 2021-06-24 2021-06-24 Data layered credible encryption method

Country Status (1)

Country Link
CN (1) CN113438235B (en)

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102624522B (en) * 2012-03-30 2015-08-19 华中科技大学 A kind of key encryption method based on file attribute
US10390221B2 (en) * 2016-07-25 2019-08-20 Ford Global Technologies, Llc Private vehicle-to-vehicle communication
CN107786339A (en) * 2016-08-31 2018-03-09 陈新 It is layered controllable alliance's block catenary system
CN107370595A (en) * 2017-06-06 2017-11-21 福建中经汇通有限责任公司 One kind is based on fine-grained ciphertext access control method
CN108200181B (en) * 2018-01-11 2021-03-19 中国人民解放军战略支援部队信息工程大学 Cloud storage oriented revocable attribute-based encryption system and method
CN108881314B (en) * 2018-08-28 2021-02-02 南京邮电大学 Privacy protection method and system based on CP-ABE ciphertext under fog computing environment
CN109120639B (en) * 2018-09-26 2021-03-16 众安信息技术服务有限公司 Data cloud storage encryption method and system based on block chain
FR3096852B1 (en) * 2019-05-28 2021-06-18 Commissariat Energie Atomique CONFIDENTIAL VEHICLE DATA PROCESSING METHOD
CN110855671B (en) * 2019-11-15 2022-02-08 三星电子(中国)研发中心 Trusted computing method and system
CN111191288B (en) * 2019-12-30 2023-10-13 中电海康集团有限公司 Block chain data access right control method based on proxy re-encryption
CN112487464A (en) * 2020-12-14 2021-03-12 深圳前海微众银行股份有限公司 Encrypted data sharing method and device based on block chain
CN112836229B (en) * 2021-02-10 2023-01-31 北京深安信息科技有限公司 Trusted data access control scheme for attribute-based encryption and block chaining

Also Published As

Publication number Publication date
CN113438235A (en) 2021-09-24

Similar Documents

Publication Publication Date Title
CN110430161B (en) Unsupervised data anonymous sharing method and system based on block chain
CN111130757A (en) Multi-cloud CP-ABE access control method based on block chain
US10079686B2 (en) Privacy-preserving attribute-based credentials
CN102075544A (en) Encryption system, encryption method and decryption method for local area network shared file
CN110719295B (en) Identity-based food data security-oriented proxy re-encryption method and device
CN113761582B (en) Group signature-based supervision blockchain transaction privacy protection method and system
CN110838915B (en) Cloud storage data sharing method for forward security key aggregation
CN104994068A (en) Multimedia content protection and safe distribution method in cloud environment
CN114584295B (en) Universal black box traceability method and device for attribute-based proxy re-encryption system
Kim et al. Harnessing policy authenticity for hidden ciphertext policy attribute-based encryption
CN106790261A (en) Distributed file system and the method for certification communication between its interior joint
Udendhran A hybrid approach to enhance data security in cloud storage
CN114095171A (en) Identity-based wearable proxy re-encryption method
CN113438235B (en) Data layered credible encryption method
CN113434862B (en) Data black box type credible calculation method
CN113438236B (en) Data full link tracing monitoring method
CN114629640A (en) White-box accountable attribute-based encryption system and method for solving key escrow problem
Rasmussen et al. Weak and strong deniable authenticated encryption: on their relationship and applications
CN112989378A (en) File trusted intermediate storage architecture based on attribute encryption
CN111222118A (en) Certification information generation and query method based on alliance chain
CN115484031B (en) SGX-based trusted-free third-party cloud storage ciphertext deduplication method and system
CN114117475B (en) Improved attribute-based encryption scheme system and encryption algorithm thereof
CN117614610B (en) Access control method based on block chain and attribute-based encryption
CN115550006B (en) Cloud control platform self-adaptive safety protection method based on trust confirmation of cloud control platform
Renner et al. Towards key management challenges in the smart grid

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant