CN113438236A - Data full link tracing monitoring method - Google Patents

Data full link tracing monitoring method Download PDF

Info

Publication number
CN113438236A
CN113438236A CN202110705183.7A CN202110705183A CN113438236A CN 113438236 A CN113438236 A CN 113438236A CN 202110705183 A CN202110705183 A CN 202110705183A CN 113438236 A CN113438236 A CN 113438236A
Authority
CN
China
Prior art keywords
data
trusted
record
pointer
credible
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110705183.7A
Other languages
Chinese (zh)
Other versions
CN113438236B (en
Inventor
盛卫平
阎玺
李景红
孟浩
郑少飞
孙婧
郑腾霄
古明
王佳宁
成雨蔚
黄婉琳
胡晨怡
郑洪权
王志敏
雷平
侯文川
苑洪亮
张振清
刘伯宇
阴皓
何熹
李晓华
王峰
郭艳明
刘亚军
谢慧敏
谢钧
韩晶晶
付朋侠
孙宁宁
杨守东
陈超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Henan Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Henan Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Henan Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202110705183.7A priority Critical patent/CN113438236B/en
Publication of CN113438236A publication Critical patent/CN113438236A/en
Application granted granted Critical
Publication of CN113438236B publication Critical patent/CN113438236B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

A data full link tracing monitoring method belongs to the field of data processing. It includes: the data source end uploads a data file encryption record, a credible authentication encryption record, a secret key encryption record, and a related data file pointer, a credible pointer and credible data to a record block chain; the data black box uploads a data acquisition record and a credible authentication record, the data operation end uploads a data operation record, and a block chain is recorded to establish a block, wherein the content of the block comprises a data file encryption record, a credible authentication encryption record, a secret key encryption record, a data acquisition record, a credible authentication record, a data operation record, and a related data file pointer, a credible pointer and credible data. Through uploading the operation records, the purposes of operation backtracking and data monitoring can be realized, and therefore the safety of data operation is improved.

Description

Data full link tracing monitoring method
Technical Field
The invention relates to the technical field of data processing, in particular to a data full link tracing monitoring method.
Background
The digital audit requires realization of audit full coverage, full audit and cross-domain audit, large data integration and aggregation are required to be performed on professional data such as company personal data, financial data, marketing data, engineering data, material data and the like, audit intermediate data have the characteristics of massive data (stock data 430TB, incremental data 340GB), diversity (structured data, semi-structured data, unstructured data), reality (data integrity and accuracy are guaranteed), a plurality of business information systems are involved, along with expansion of audit coverage, the data capacity of an audit intermediate table is larger and larger, the difficulty of safety management of massive data is high, responsibility is high, and an advanced technical means is urgently needed to be applied to guarantee data safety. For this reason, it is necessary to encrypt the financial data and record the data acquisition behavior and the operation behavior so as to monitor the data.
Disclosure of Invention
The invention aims to provide a data full link tracing monitoring method to improve the safety of data operation.
The technical scheme of the invention is as follows:
a data full link tracing monitoring method comprises the following steps: the data source end uploads a data file encryption record, a credible authentication encryption record, a secret key encryption record, and a related data file pointer, a credible pointer and credible data to a record block chain; the data black box uploads a data acquisition record and a credible authentication record to a recording block chain, the data operation end uploads a data operation record to the recording block chain, the recording block chain establishes a block, and the block content comprises a data file encryption record, a credible authentication encryption record, a secret key encryption record, a data acquisition record, a credible authentication record, a data operation record, and a related data file pointer, a credible pointer and credible data.
Preferably, the data source end uploads the data file pointer and the encrypted data file to the data console.
Further, the data black box acquires the encrypted data file from the data middlebox according to the data file pointer and generates a data acquisition record.
Preferably, the data source end uploads the trusted pointer and the trusted data to the trusted authentication center in a correlated manner, and the trusted authentication center is used for operating the trusted pointer random generator.
Preferably, the trusted authentication center further stores a master key MK and a public parameter PK, the data source generates a symmetric key K, and obtains the public parameter PK from the trusted authentication center, and generates a key EK based on the symmetric key K, the public parameter PK and the access structure tree T, the data blackbox sends the access attribute set a to the trusted authentication center, the trusted authentication center generates a private key SK based on the master key MK, the public parameter PK and the access attribute set a, and sends the private key SK to the data blackbox, and the data blackbox uses the private key SK to decrypt the key EK, so as to obtain the symmetric key K.
Still further preferably, the data black box acquires an encrypted data file from a data staging platform according to a data file pointer, acquires a trusted pointer and trusted data from a recording block chain according to the data file pointer, and uses the symmetric key K to decrypt the encrypted data file to generate second data; and encrypting the second data based on the trusted pointer, generating and sending trusted verification data to a trusted authentication center, comparing the trusted data with the trusted verification data by the trusted authentication center, returning a comparison result, outputting the comparison result by the data black box and generating a trusted authentication record, wherein the comparison result is first information if the trusted data is equal to the trusted verification data, and the comparison result is second information if the trusted data is not equal to the trusted verification data. The first information expresses the trustworthy meaning of the second data and the second information expresses the suspect meaning of the second data.
Preferably, the data source end obtains a symmetric key K, symmetrically encrypts the first data, and generates content encrypted data and a data file encrypted record; encrypting the first data based on the trusted pointer to generate trusted data and a trusted authentication encryption record; and encrypting the symmetric key K based on the public parameter PK and the attribute of the access structure tree T to generate an encryption key EK and an encryption record of the key EK, wherein the encryption key EK corresponds to at least one private key SK, and the first data uniquely corresponds to the data file pointer.
Preferably, the data source obtains a trusted pointer, where the trusted pointer is a first-level root of trust RT1Combining the first data and the primary root of trust RT1For the first combined data, useThe abstract processing method calculates the abstract value H of the first combined data2Let the second level root of trust RT2=H2The secondary root of trust RT2Is the trusted data.
The invention has the beneficial effects that:
1. through uploading the operation records, the purposes of operation backtracking and data monitoring can be realized, and therefore the safety of data operation is improved.
2. The data file pointer is matched with the data file, so that the data file can be stored in a centralized manner, such as in a data center, and the data security is improved.
3. The trusted pointer randomly generated by the trusted authentication center can enable data to form unique data, so that trusted authentication is realized conveniently, and the security of the data is improved.
4. The symmetric key K is encrypted to form the key EK, so that the symmetric key K is conveniently spread under the condition of improving the security, and the data security is improved.
5. The decryption and the credible authentication of the encrypted data file improve the safety of the data under the condition of avoiding data leakage.
Detailed Description
The following examples are presented to illustrate the present invention and to assist those skilled in the art in understanding and practicing the present invention. Unless otherwise indicated, the following embodiments and technical terms therein should not be understood to depart from the background of the technical knowledge in the technical field.
In the present invention, the association of data means that two or more data are associated. A pointer refers to a set of data that uniquely points to another set of data, which is similar to a data ID, i.e., a data ID uniquely points to the data to which it corresponds.
Invention 1
A data encryption method comprises a data encryption step, a data credible encryption step and a decryption secret key encryption step.
In the Data encryption step, a pair of symmetric keys K is randomly generated using the national cryptographic algorithm SM4, the first Data is symmetrically encrypted, and the content encrypted Data ED, ED is encrypted (Data, K).
Trusted encryption of dataIn the step, the first Data is encrypted based on the trusted pointer to generate trusted encrypted Data. Wherein, the credible pointer is a random number. Specifically, a primary root of trust RT is obtained1Combining the first data and the primary root of trust RT1Calculating the abstract value H of the first combined data by using an abstract processing method for the first combined data2Let the second level root of trust RT2=H2The trusted encryption data comprises the associated primary root of trust RT1And the secondary root of trust RT2. Wherein, the first level trusted root RT1Is a trusted pointer. In addition, another method may be adopted. Specifically, the abstract processing method is used for calculating the abstract value H of the first data1(ii) a Obtaining a first-level root of trust RT1Combining said digest values H1And the primary root of trust RT1Calculating the abstract value H of the first combined data by using the abstract processing method for the first combined data2Let the second level root of trust RT2=H2The trusted encryption data comprises the associated primary root of trust RT1And the secondary root of trust RT2. Wherein, the first level trusted root RT1Is a trusted pointer.
And an encryption step of secret keys, namely establishing a master key MK, a public parameter PK, an access structure tree T and an access attribute set A, encrypting a symmetric key K based on the public parameter PK and the access structure tree T, and generating an access key EK, wherein EK is Encrypt (K, PK, T). The access key EK corresponds to at least one access private key SK, which is generated on the basis of a master key MK, a public parameter PK and an access attribute set a, SK ═ (MK, PK, a). The access structure tree T is used to define the access rights of the data, specifically, the types of the data that can be asked, cannot be accessed, and the like.
In use, the content encryption data ED and the first data pointer may be stored in association within the data center. First-level root of trust RT1May be generated by a trusted certificate authority, a master key MK, a public parameter PK, and an associated primary root of trust RT1And secondary root of trust RT2May be stored in the trusted authentication center, and the private key SK may also be generated by the trusted authentication center. When using data encryption methodEncryption behavior of the involved data encryption step, trusted encryption behavior of the data trusted encryption step and associated first data pointer and primary root of trust RT1And an encryption behavior such as a decryption key encryption step can construct a block and place the block in the recording block linkage. Wherein the first data pointer uniquely corresponds to the first data.
Invention 2
A method of data decryption comprising the steps of:
and obtaining the access secret key EK, and decrypting the access secret key EK by using the access secret key SK to obtain a symmetric secret key K. The access secret key EK is obtained by encrypting the symmetric secret key K based on the public parameter PK and the access structure tree T attribute, and the access secret key SK is generated based on the master secret key MK, the public parameter PK and the access attribute set A.
And acquiring content encrypted data, and using the symmetric key K to decrypt the content encrypted data to obtain second data.
And acquiring a trusted pointer and trusted encryption data according to the first data pointer, encrypting the second data based on the trusted pointer to generate trusted verification data, comparing the trusted encryption data with the trusted verification data, wherein if the trusted encryption data is equal to the trusted verification data, the second data is equal to the first data, and if the trusted encryption data is not equal to the trusted verification data, the second data is different from the first data. Specifically, the trusted pointer is a first-level root of trust RT1The generation method of the credible verification data comprises the following steps: processing the combined second data and the primary root of trust RT using a digest processing method1Obtaining a second level proof root RT2', second level proof root RT2' is trusted authentication data. In addition, the generation method of the trusted verification data may further be: calculating a summary value H 'of the second data by using a summary processing method'1Combining the digest value H'1And the primary root of trust RT1Calculating a digest value H 'of the second combined data using the digest processing method for the second combined data'2Let the second level verify the root RT2′=H′2The secondary verification root RT2' is trusted authentication data.
The first data pointer uniquely corresponds to first data, and the content encryption data is obtained by encrypting the first data by using a symmetric key K.
In this embodiment, the content encryption data and the first data pointer are stored in the data center in an associated manner, the first data pointer and the trusted pointer are stored in an associated manner in a block of the record block chaining contract, the trusted pointer and the trusted encryption data are stored in an associated manner in the trusted authentication center, and the trusted encryption data and the trusted verification data are compared in the trusted authentication center, where the comparison method is: and sending the credible verification data and the credible pointer to a credible authentication center in an associated manner, comparing the credible encryption data and the credible verification data by the credible authentication center based on the credible pointer, returning a comparison result, returning first information if the credible encryption data is equal to the credible verification data, and returning second information if the credible encryption data is not equal to the credible verification data. The first information expresses the trustworthy meaning of the second data and the second information expresses the suspect meaning of the second data.
In this embodiment, the digest processing method is a Hash algorithm.
In addition, the trusted encryption data and the trusted verification data may be compared locally, and at this time, the first data pointer, the trusted encryption data, and the trusted pointer are stored in association in the block of the record block chaining contract.
And during data operation, if the second data is equal to the first data, performing data operation by using the second data. If the second data is different from the first data, the first data is reapplied.
Invention 3 data monitoring assembly
A method of data monitoring, comprising:
the data source end uploads a data file encryption record, a credible authentication encryption record, a secret key encryption record, and a related data file pointer, a credible pointer and credible data to a record block chain;
the data black box uploads a data acquisition record and a credible authentication record to a recording block chain;
the data operation end uploads a data operation record to the recording block chain;
and recording a block chain establishing block, wherein the content of the block comprises a data file encryption record, a credible authentication encryption record, a key encryption record, a data acquisition record, a credible authentication record, a data operation record, and an associated data file pointer, a credible pointer and credible data.
In this embodiment, the data source end uploads the data file pointer and the encrypted data file to the data middlebox. And the data black box acquires the encrypted data file from the data middling station according to the data file pointer and generates a data acquisition record.
In this embodiment, the data source further associates and uploads the trusted pointer and the trusted data to the trusted authentication center, where the trusted authentication center is configured to operate a trusted pointer random generator, and the pointer random generator is configured to generate a random trusted pointer. And the association uploading refers to uploading the data to a target position after associating.
In this embodiment, the trusted authentication center further stores a master key MK and a public parameter PK, the data source generates a symmetric key K, and obtains the public parameter PK from the trusted authentication center, and generates a key EK based on the symmetric key K, the public parameter PK and the access structure tree T, where EK is Encrypt (K, PK, T). The data black box sends an access attribute set A to a trusted authentication center, and the trusted authentication center generates a private key SK based on a master key MK, a public parameter PK and the access attribute set A, wherein SK is (MK, PK, A). The trusted authentication center sends the private key SK to the data black box, and the data black box uses the private key SK to decrypt the secret key EK to obtain the symmetric secret key K. The data black box acquires an encrypted data file from the data staging according to the data file pointer, acquires a trusted pointer and trusted data from the recording block chain according to the data file pointer, and uses the symmetric secret key K to decrypt the encrypted data file to generate second data; and encrypting the second data based on the credible pointer, generating and sending credible verification data to a credible authentication center, comparing the credible data with the credible verification data by the credible authentication center, returning a comparison result, outputting the comparison result by the data black box and generating a credible authentication record, wherein the comparison result is first information if the credible data is equal to the credible verification data, and the comparison result is second information if the credible data is not equal to the credible verification data. The first information expresses the trustworthy meaning of the second data and the second information expresses the suspect meaning of the second data.
In the embodiment, a data source end obtains a symmetric key K, symmetrically encrypts first data, and generates content encrypted data and a data file encrypted record; encrypting the first data based on the trusted pointer to generate trusted data and a trusted authentication encryption record; and encrypting the symmetric key K based on the public parameter PK and the attribute of the access structure tree T to generate an access key EK and a key encryption record, wherein the access key EK corresponds to at least one access private key SK, and the first data uniquely corresponds to the data file pointer.
In this embodiment, the data source end obtains a trusted pointer, where the trusted pointer is a first-level root of trust RT1Combining the first data with the primary root of trust RT1Calculating the abstract value H of the first combined data by using an abstract processing method for the first combined data2Let the second level root of trust RT2=H2The secondary root of trust RT2Is trusted data.
The data operation record is the record generated by the data operation end in the process of operating the second data.
The present invention is described in detail with reference to the examples. It should be understood that in practice the description of all possible embodiments is not exhaustive and that the inventive concepts are described herein as far as possible by way of illustration. Without departing from the inventive concept of the present invention and without any creative work, a person skilled in the art should, in all of the embodiments, make optional combinations of technical features and experimental changes of specific parameters, or make a routine replacement of the disclosed technical means by using the prior art in the technical field to form specific embodiments, which belong to the content implicitly disclosed by the present invention.

Claims (8)

1. A data full link tracing monitoring method is characterized by comprising the following steps:
the data source end uploads a data file encryption record, a credible authentication encryption record, a secret key encryption record, and a related data file pointer, a credible pointer and credible data to a record block chain;
the data black box uploads a data acquisition record and a credible authentication record to a recording block chain;
the data operation end uploads a data operation record to the recording block chain;
and recording a block chain establishing block, wherein the content of the block comprises a data file encryption record, a credible authentication encryption record, a key encryption record, a data acquisition record, a credible authentication record, a data operation record, and an associated data file pointer, a credible pointer and credible data.
2. The method for full link trace-back monitoring of data of claim 1, wherein the data source side uploads a data file pointer and an encrypted data file to a data middlebox.
3. The method for full link trace-back monitoring of data according to claim 2, wherein the data black box obtains an encrypted data file from the data middlebox according to a data file pointer and generates a data obtaining record.
4. The method for full link retroactive monitoring of data of claim 1, wherein the data source end association uploads a trusted pointer and trusted data to a trusted certificate authority, the trusted certificate authority being configured to run a trusted pointer random generator.
5. The method for full-link data tracing monitoring according to claim 4, wherein the trusted authentication center further stores a master key MK and a public parameter PK, the data source generates a symmetric key K, and obtains the public parameter PK from the trusted authentication center, and generates a key EK based on the symmetric key K, the public parameter PK and the access structure tree T, the data blackbox sends an access attribute set a to the trusted authentication center, the trusted authentication center generates a private key SK based on the master key MK, the public parameter PK and the access attribute set a, and sends the private key SK to the data blackbox, and the data blackbox uses the private key SK to unscramble the key EK to obtain the symmetric key K.
6. The method for full-link retroactive monitoring of data according to claim 5, wherein the data black box obtains the encrypted data file from the data relay station according to the data file pointer, obtains the trusted pointer and the trusted data from the recording block chain according to the data file pointer, and uses the symmetric key K to decrypt the encrypted data file by the data black box to generate the second data; and encrypting the second data based on the trusted pointer, generating and sending trusted verification data to a trusted authentication center, comparing the trusted data with the trusted verification data by the trusted authentication center, returning a comparison result, outputting the comparison result by the data black box and generating a trusted authentication record, wherein the comparison result is first information if the trusted data is equal to the trusted verification data, and the comparison result is second information if the trusted data is not equal to the trusted verification data.
7. The data full-link tracing monitoring method according to claim 1, characterized in that the data source end obtains a symmetric key K, symmetrically encrypts the first data, and generates content encrypted data and a data file encrypted record; encrypting the first data based on the trusted pointer to generate trusted data and a trusted authentication encryption record; and encrypting the symmetric key K based on the public parameter PK and the attribute of the access structure tree T to generate an encryption key EK and an encryption record of the key EK, wherein the encryption key EK corresponds to at least one private key SK, and the first data uniquely corresponds to the data file pointer.
8. The method for full-link retroactive monitoring of data of claim 7, wherein the data source obtains a trusted pointer, the trusted pointer being a primary root of trust RT1Combining the first data and the primary root of trust RT1Calculating the abstract value H of the first combined data by using an abstract processing method for the first combined data2Let the second level root of trust RT2=H2The secondary root of trust RT2Is the trusted data.
CN202110705183.7A 2021-06-24 2021-06-24 Data full link tracing monitoring method Active CN113438236B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110705183.7A CN113438236B (en) 2021-06-24 2021-06-24 Data full link tracing monitoring method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110705183.7A CN113438236B (en) 2021-06-24 2021-06-24 Data full link tracing monitoring method

Publications (2)

Publication Number Publication Date
CN113438236A true CN113438236A (en) 2021-09-24
CN113438236B CN113438236B (en) 2022-11-18

Family

ID=77755323

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110705183.7A Active CN113438236B (en) 2021-06-24 2021-06-24 Data full link tracing monitoring method

Country Status (1)

Country Link
CN (1) CN113438236B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016197769A1 (en) * 2015-06-12 2016-12-15 深圳大学 Cloud storage ciphertext access control system based on table attributes
CN107977789A (en) * 2017-12-05 2018-05-01 国网河南省电力公司南阳供电公司 Based on the audit work method under big data information
CN109040045A (en) * 2018-07-25 2018-12-18 广东工业大学 A kind of cloud storage access control method based on the encryption of ciphertext policy ABE base
CN109768987A (en) * 2019-02-26 2019-05-17 重庆邮电大学 A kind of storage of data file security privacy and sharing method based on block chain
CN109831305A (en) * 2019-01-11 2019-05-31 如般量子科技有限公司 Anti- quantum calculation label decryption method and system based on unsymmetrical key pond
US10673617B1 (en) * 2018-04-24 2020-06-02 George Antoniou Methods, system and point-to-point encryption device microchip for AES-sea 512-bit key using identity access management utilizing blockchain ecosystem to improve cybersecurity
CN111327620A (en) * 2020-02-27 2020-06-23 福州大学 Data security traceability and access control system under cloud computing framework
CN111526200A (en) * 2020-04-27 2020-08-11 远光软件股份有限公司 Data storage access method and system based on block chain and cloud platform
US20200287788A1 (en) * 2019-03-08 2020-09-10 Ciena Corporation Registering collaborative configuration changes of a network element in a blockchain ledger
CN112765650A (en) * 2021-01-05 2021-05-07 西安电子科技大学 Attribute-based searchable encryption block chain medical data sharing method

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016197769A1 (en) * 2015-06-12 2016-12-15 深圳大学 Cloud storage ciphertext access control system based on table attributes
CN107977789A (en) * 2017-12-05 2018-05-01 国网河南省电力公司南阳供电公司 Based on the audit work method under big data information
US10673617B1 (en) * 2018-04-24 2020-06-02 George Antoniou Methods, system and point-to-point encryption device microchip for AES-sea 512-bit key using identity access management utilizing blockchain ecosystem to improve cybersecurity
CN109040045A (en) * 2018-07-25 2018-12-18 广东工业大学 A kind of cloud storage access control method based on the encryption of ciphertext policy ABE base
CN109831305A (en) * 2019-01-11 2019-05-31 如般量子科技有限公司 Anti- quantum calculation label decryption method and system based on unsymmetrical key pond
CN109768987A (en) * 2019-02-26 2019-05-17 重庆邮电大学 A kind of storage of data file security privacy and sharing method based on block chain
US20200287788A1 (en) * 2019-03-08 2020-09-10 Ciena Corporation Registering collaborative configuration changes of a network element in a blockchain ledger
CN111327620A (en) * 2020-02-27 2020-06-23 福州大学 Data security traceability and access control system under cloud computing framework
CN111526200A (en) * 2020-04-27 2020-08-11 远光软件股份有限公司 Data storage access method and system based on block chain and cloud platform
CN112765650A (en) * 2021-01-05 2021-05-07 西安电子科技大学 Attribute-based searchable encryption block chain medical data sharing method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
张晓东,等: "基于属性基加密的区块链数据共享模型", 《计算机研究与应用》 *
徐健等: "基于区块链网络的医疗记录安全储存访问方案", 《计算机应用》 *

Also Published As

Publication number Publication date
CN113438236B (en) 2022-11-18

Similar Documents

Publication Publication Date Title
CN106911513B (en) trusted device management method based on decentralized network
CN102577229B (en) Key certification in one round trip
CN110430161B (en) Unsupervised data anonymous sharing method and system based on block chain
CN108833440B (en) Block chain-based network security audit system and network security audit method
CN102075544A (en) Encryption system, encryption method and decryption method for local area network shared file
CN104580250A (en) System and method for authenticating credible identities on basis of safety chips
KR20080105872A (en) Method and apparatus for authenticating between clients using session key shared with server
CA2497561A1 (en) Method and system of securely escrowing private keys in a public key infrastructure
CN111274599A (en) Data sharing method based on block chain and related device
CN113420319A (en) Data privacy protection method and system based on block chain and permission contract
CN106790261A (en) Distributed file system and the method for certification communication between its interior joint
US12052353B2 (en) Method for securing a data exchange in a distributed infrastructure
CN112954039B (en) Block chain evidence-storing method
Accorsi Log data as digital evidence: What secure logging protocols have to offer?
CN108132977A (en) Ciphertext database querying method and system based on vertical division
CN111885154B (en) Distributed data security sharing method and system based on certificate chain
CN113204757A (en) Information interaction method, device and system
CN116232639A (en) Data transmission method, device, computer equipment and storage medium
WO2024139926A1 (en) Grading processing, encryption, and verification method for rail transit data, and system
CN113890768A (en) Equipment authentication method and system, Internet of things equipment and authentication server
CN110516451B (en) Block chain-based derived ciphertext piece secret level change and decryption reminding notification method
CN113438236B (en) Data full link tracing monitoring method
CN112364370A (en) Privacy protection cloud auditing method based on block chain
CN108768958B (en) Verification method for data integrity and source based on no leakage of verified information by third party
CN113434862B (en) Data black box type credible calculation method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant