CN113609077A - File retrieval method, system, storage medium and equipment - Google Patents

File retrieval method, system, storage medium and equipment Download PDF

Info

Publication number
CN113609077A
CN113609077A CN202110721833.7A CN202110721833A CN113609077A CN 113609077 A CN113609077 A CN 113609077A CN 202110721833 A CN202110721833 A CN 202110721833A CN 113609077 A CN113609077 A CN 113609077A
Authority
CN
China
Prior art keywords
file
ciphertext
trapdoor
key
sending
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110721833.7A
Other languages
Chinese (zh)
Inventor
张文明
袁秀阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Yunhai Guochuang Cloud Computing Equipment Industry Innovation Center Co Ltd
Original Assignee
Shandong Yunhai Guochuang Cloud Computing Equipment Industry Innovation Center Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Yunhai Guochuang Cloud Computing Equipment Industry Innovation Center Co Ltd filed Critical Shandong Yunhai Guochuang Cloud Computing Equipment Industry Innovation Center Co Ltd
Priority to CN202110721833.7A priority Critical patent/CN113609077A/en
Publication of CN113609077A publication Critical patent/CN113609077A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/14Details of searching files based on file metadata
    • G06F16/148File search processing
    • G06F16/152File search processing using file content signatures, e.g. hash values
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/13File access structures, e.g. distributed indices
    • G06F16/137Hash-based
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Library & Information Science (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention provides a file retrieval method, a file retrieval system, a storage medium and a device, wherein the method comprises the following steps: encrypting the storage file through the storage system to obtain a ciphertext file, sending the ciphertext file to the cloud server, dividing the ciphertext file into a plurality of parts, and sending the parts to each ciphertext server; encrypting the keywords of the storage file by using a key generated by the authority center to obtain a keyword index and sending the keyword index to the cloud server; re-encrypting the keyword index through the cloud server to obtain a keyword index structure table, dividing the keyword index structure table into a plurality of parts and respectively sending the parts to corresponding ciphertext servers; a retrieval user sends a trapdoor request based on an initial retrieval word to an authoritative center, and the authoritative center generates and sends back a trapdoor based on the trapdoor request and a secret key; and receiving the trapdoor sent by the retrieval user through the cloud server, sending the trapdoor to the corresponding ciphertext server for calculation, and enabling the retrieval user to decrypt the ciphertext file corresponding to the calculation result to generate a plaintext file. The invention ensures the safety of the retrieval data.

Description

File retrieval method, system, storage medium and equipment
Technical Field
The invention relates to the technical field of cloud storage, in particular to a file retrieval method, a file retrieval system, a file retrieval storage medium and file retrieval equipment.
Background
With the rapid development of the existing big data, cloud computing and cloud storage technologies, at present, mainstream network services are also carried out on the cloud. Cloud storage is a mode of online storage on the internet, i.e., data is stored on a plurality of virtual servers, which are usually hosted by third parties, rather than on dedicated servers. The data center operator prepares the storage virtualized resources at the back end according to the requirements of the customers, and provides the resources in a storage resource pool mode, so that the customers can use the storage resource pool to store the inquiry files or objects. In practice, these resources may be distributed over numerous server hosts. The cloud storage is through functions such as cluster application, grid technology or distributed file system, and a large number of various different types of storage devices in the network are gathered together through application software to cooperatively work, and data storage and service access functions are provided for the outside together.
While cloud computing and cloud storage are rapidly developed, information security problems such as names, home addresses, identity card numbers, health conditions, financial conditions and the like of users may be leaked or lost during interaction on the cloud. Therefore, how to guarantee the privacy of the cloud storage users becomes a current research hotspot. If all information is stored in a ciphertext mode, personal privacy or business confidentiality is guaranteed, but ordinary encryption means that the information cannot be retrieved. Therefore, a method for searching the required information and ensuring the data security is needed.
Disclosure of Invention
In view of the above, the present invention provides a file retrieval method, a file retrieval system, a storage medium, and a device, so that the required information can be retrieved in cloud storage and data security can be ensured.
Based on the above purpose, the present invention provides a file retrieval method, which comprises the following steps:
encrypting the storage file through a storage system to obtain a ciphertext file and sending the ciphertext file to a cloud server, and dividing the ciphertext file into a plurality of parts and respectively sending the parts to each ciphertext server;
encrypting the keywords of the storage file by using a key generated by an authority center through a storage system to obtain a keyword index, and sending the keyword index to a cloud server;
re-encrypting the keyword index through the cloud server to obtain a keyword index structure table, dividing the keyword index structure table into a plurality of parts to respectively correspond to the divided ciphertext files one by one, and respectively sending the divided keyword index structure table to the corresponding ciphertext servers;
sending a trapdoor request based on an initial search word to an authoritative center by a search user, generating a trapdoor based on the trapdoor request and a secret key through the authoritative center, and returning the trapdoor to the search user;
and receiving the trapdoor sent by the retrieval user through the cloud server, sending the trapdoor to the corresponding ciphertext server for calculation, and returning the ciphertext file corresponding to the calculation result to the retrieval user so that the retrieval user decrypts the trapdoor to obtain the plaintext file.
In some embodiments, encrypting, by the storage system, the storage file to obtain a ciphertext file and sending the ciphertext file to the cloud server comprises:
the storage system encrypts the storage file by using the file key generated by the authority center and through a symmetric encryption algorithm to obtain a ciphertext file, and sends the ciphertext file to the cloud server.
In some embodiments, returning the ciphertext file corresponding to the calculation result to the retrieving user so that the retrieving user decrypts the ciphertext file to obtain the plaintext file includes:
and returning the ciphertext file corresponding to the calculation result to the retrieval user, and decrypting the ciphertext file corresponding to the calculation result by the retrieval user by using the symmetric key which is sent by the authority center and corresponds to the file key to obtain a plaintext file.
In some embodiments, sending, by the search user, a trapdoor request based on the initial search term to the authoritative center, and generating, by the authoritative center, a trapdoor based on the trapdoor request and the key comprises:
and sending a trapdoor request based on the initial search word to the authority center by the search user, matching corresponding keywords for the initial search word through the authority center, and generating the trapdoor based on the matched keywords and the key.
In some embodiments, encrypting, by the storage system, the key of the storage file with the key generated by the authority center to obtain the key index comprises:
the key words of the storage file are encrypted by the storage system through the key and the random parameters generated by the authority center to obtain a key word index, and the random parameters are sent to the cloud server through the authority center.
In some embodiments, sending, by the search user, a trapdoor request based on the initial search term to the authoritative center, and generating, by the authoritative center, a trapdoor based on the trapdoor request and the key further comprises:
and sending a trapdoor request based on the initial search word to the authority center by the search user, matching the initial search word with corresponding keywords through the authority center, providing corresponding random parameters for the matched keywords, and generating the trapdoor based on the matched keywords, the matched random parameters and the key.
In some embodiments, dividing the ciphertext file into multiple shares and sending the multiple shares to each ciphertext server comprises:
and equally dividing the ciphertext file into multiple parts and respectively sending the multiple parts to each ciphertext server.
In another aspect of the present invention, there is also provided a document retrieval system, including:
the system comprises a ciphertext file sending module, a cloud server and a file management module, wherein the ciphertext file sending module is configured to encrypt a storage file through a storage system to obtain a ciphertext file and send the ciphertext file to the cloud server, and divide the ciphertext file into a plurality of parts and respectively send the parts to each ciphertext server;
the key encryption module is configured for encrypting the key of the storage file by using the key generated by the authority center through the storage system to obtain a key index and sending the key index to the cloud server;
the key word index structure table sending module is configured for carrying out re-encryption on the key word index through the cloud server to obtain a key word index structure table, dividing the key word index structure table into a plurality of parts to respectively correspond to the divided ciphertext files one by one, and respectively sending the divided key word index structure table to the corresponding ciphertext server;
the retrieval module is configured for sending a trapdoor request based on an initial retrieval word to the authority center by a retrieval user, generating the trapdoor based on the trapdoor request and a key through the authority center, and returning the trapdoor to the retrieval user; and
and the file obtaining module is configured to receive the trapdoor sent by the retrieval user through the cloud server, send the trapdoor to the corresponding ciphertext server for calculation, and return the ciphertext file corresponding to the calculation result to the retrieval user so that the retrieval user can decrypt the ciphertext file to obtain a plaintext file.
In yet another aspect of the present invention, there is also provided a computer readable storage medium storing computer program instructions which, when executed, implement any one of the methods described above.
In yet another aspect of the present invention, a computer device is provided, which includes a memory and a processor, the memory storing a computer program, the computer program executing any one of the above methods when executed by the processor.
The invention has at least the following beneficial technical effects:
the invention can increase the storage capacity of mass data by storing the ciphertext files in a plurality of ciphertext servers, and the safety of the ciphertext files can be improved because the ciphertext servers are mutually independent; the keyword for retrieval is encrypted and stored in the cloud server, and the encrypted keyword is encrypted again by the cloud server and then divided into a plurality of copies to be stored in the ciphertext servers, so that the safety of information retrieval is improved, and the retrieval efficiency is accelerated by parallel searching of a plurality of ciphertext servers; the trapdoor generated by the authority center not only contains keywords matched based on the initial search terms, but also serves as an authorization pass, and ciphertext files can be directly obtained from the cloud server and a ciphertext server communicated with the cloud server through the trapdoor so as to be decrypted into a searched plaintext file; the invention can search the required information in the cloud storage and ensure the data security.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other embodiments can be obtained by using the drawings without creative efforts.
FIG. 1 is a diagram illustrating a document retrieval method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a document retrieval system provided in accordance with an embodiment of the present invention;
FIG. 3 is a schematic diagram of a computer-readable storage medium for implementing a file retrieval method according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a hardware structure of a computer device for executing a file retrieval method according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following embodiments of the present invention are described in further detail with reference to the accompanying drawings.
It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are used for distinguishing two non-identical entities with the same name or different parameters, and it is understood that "first" and "second" are only used for convenience of expression and should not be construed as limiting the embodiments of the present invention. Furthermore, the terms "comprises" and "comprising," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements does not include all of the other steps or elements inherent in the list.
In view of the above object, a first aspect of the embodiments of the present invention provides an embodiment of a file retrieval method. Fig. 1 is a schematic diagram illustrating an embodiment of a file retrieval method provided by the present invention. As shown in fig. 1, the embodiment of the present invention includes the following steps:
step S10, encrypting the storage file through the storage system to obtain a ciphertext file, sending the ciphertext file to the cloud server, and dividing the ciphertext file into a plurality of parts to be sent to each ciphertext server respectively;
step S20, encrypting the keywords of the storage file by the storage system through the key generated by the authority center to obtain a keyword index, and sending the keyword index to the cloud server;
step S30, re-encrypting the keyword index through the cloud server to obtain a keyword index structure table, dividing the keyword index structure table into a plurality of parts to respectively correspond to the divided ciphertext files one by one, and respectively sending the divided keyword index structure table to the corresponding ciphertext servers;
step S40, a searching user sends a trapdoor request based on an initial search word to an authoritative center, and the trapdoor request and a key are generated through the authoritative center and returned to the searching user;
and step S50, receiving the trapdoor sent by the retrieval user through the cloud server, sending the trapdoor to the corresponding ciphertext server for calculation, and returning the ciphertext file corresponding to the calculation result to the retrieval user so that the retrieval user can decrypt the ciphertext file to obtain a plaintext file.
The embodiment of the invention can increase the storage capacity of mass data by storing the ciphertext files in a plurality of ciphertext servers, and the ciphertext servers are independent from each other, so the security of the ciphertext files can be improved; the keyword for retrieval is encrypted and stored in the cloud server, and the encrypted keyword is encrypted again by the cloud server and then divided into a plurality of copies to be stored in the ciphertext servers, so that the safety of information retrieval is improved, and the retrieval efficiency is accelerated by parallel searching of a plurality of ciphertext servers; the trapdoor generated by the authority center not only contains keywords matched based on the initial search terms, but also serves as an authorization pass, and ciphertext files can be directly obtained from the cloud server and a ciphertext server communicated with the cloud server through the trapdoor so as to be decrypted into a searched plaintext file; according to the embodiment of the invention, the required information can be retrieved in the cloud storage, and the data security can be ensured.
In some embodiments, encrypting, by the storage system, the storage file to obtain a ciphertext file and sending the ciphertext file to the cloud server comprises: the storage system encrypts the storage file by using the file key generated by the authority center and through a symmetric encryption algorithm to obtain a ciphertext file, and sends the ciphertext file to the cloud server.
In some embodiments, returning the ciphertext file corresponding to the calculation result to the retrieving user so that the retrieving user decrypts the ciphertext file to obtain the plaintext file includes: and returning the ciphertext file corresponding to the calculation result to the retrieval user, and decrypting the ciphertext file corresponding to the calculation result by the retrieval user by using the symmetric key which is sent by the authority center and corresponds to the file key to obtain a plaintext file.
In the above embodiment, the authority center is responsible for generating the key and has an authorization authority, the authority center authorizes the search user, and the search user can decrypt the ciphertext file according to the obtained symmetric key corresponding to the file key.
In some embodiments, sending, by the search user, a trapdoor request based on the initial search term to the authoritative center, and generating, by the authoritative center, a trapdoor based on the trapdoor request and the key comprises: and sending a trapdoor request based on the initial search word to the authority center by the search user, matching corresponding keywords for the initial search word through the authority center, and generating the trapdoor based on the matched keywords and the key.
In this embodiment, the search user inputs the initial search term to the authority center, the authority center may screen the corresponding keyword according to the received initial search term, and the entry range of the keyword is smaller than that of the initial search term, which is further refinement of the initial search term. And the trapdoor generated by the authority center comprises the screened keywords and the key of the keywords.
In some embodiments, encrypting, by the storage system, the key of the storage file with the key generated by the authority center to obtain the key index comprises: the key words of the storage file are encrypted by the storage system through the key and the random parameters generated by the authority center to obtain a key word index, and the random parameters are sent to the cloud server through the authority center.
In some embodiments, sending, by the search user, a trapdoor request based on the initial search term to the authoritative center, and generating, by the authoritative center, a trapdoor based on the trapdoor request and the key further comprises: and sending a trapdoor request based on the initial search word to the authority center by the search user, matching the initial search word with corresponding keywords through the authority center, providing corresponding random parameters for the matched keywords, and generating the trapdoor based on the matched keywords, the matched random parameters and the key.
In some embodiments, dividing the ciphertext file into multiple shares and sending the multiple shares to each ciphertext server comprises: and equally dividing the ciphertext file into multiple parts and respectively sending the multiple parts to each ciphertext server.
The file retrieval method of the embodiment of the invention comprises the following 6 functions:
(1) setup (k): the authority center executes the algorithm, inputs the security parameter k, and outputs a cyclic group G of order p generated by G. Randomly selecting master key
Figure BDA0003136777000000071
And auxiliary key
Figure BDA0003136777000000072
Calculating h as gs,h′=gs-s’(ii) a Randomly selecting a pseudo-random function
Figure BDA0003136777000000073
And a random parameter t e [ 0, 1 ]k(ii) a Selecting a hash function
Figure BDA0003136777000000074
And another hash function
Figure BDA0003136777000000075
A symmetric key K of the block encryption algorithm En (-) is selected, and the distribution system parameter params ═ G, p, f, H', H, En (-) is selected.
(2) Encrypt (K, s', t, D, W): the storage system executes the algorithm to encrypt the key words and the files, and inputs a grouping encryption key K, an auxiliary key s', a random parameter t, a file D and a key word list w thereof ═ w { (w)1,w2,...,wm}, random selection
Figure BDA0003136777000000076
Calculate gr、H″=(h′)rAnd hrH' is sent to the server S. Calculating deltai=f[t,H(wi)],
Figure BDA0003136777000000077
Wherein 1 < I < m, and let I ═ gr,hr,E(w1),E(w2),...,E(wn) C ═ E) is calculatednK(D) In that respect Sending the keyword index I and the encrypted file keyword index structure table to a cloud server, equally dividing the ciphertext file C into N parts according to a certain rule, and respectively sending the N parts to a ciphertext server S1,S2,..,Sn
(3) S-Encrypt (I): the cloud server CS executes the algorithm to re-encrypt the keyword index I, inputs the index I and the received h', and calculates
Figure BDA0003136777000000081
Figure BDA0003136777000000082
…,
Figure BDA0003136777000000083
And I ═ gr,hr,E′(w1),E′(w2),...,E′(wn) Calculate H '[ E' (w) ]1)],...,H′[E′(wm)]Replacing the key words, and sending the newly generated file key word index structure table to each ciphertext server S1,S2,..,Sn
(4)GenerateTrapdoor(s′,t,w′1,w′2,...,w′ω): the authority center executes the algorithm to generate a keyword trapdoor, inputs s ', t and a keyword w ' to be retrieved '1,w′2,...,w′ωRandom selection of
Figure BDA0003136777000000084
Calculating Y ═ gr)t″. To each keyword w'iCalculating Ti=t″+f(t,H(w′i) + s', where 1 < i < w. Let trapdoor T ═ T1,T2,...,TwY), sent to the retrieving user.
(5) Seach (T, I, C): and the retrieval user sends the trapdoor acquired from the rights center to the cloud server CS. The cloud server CS executes the algorithm, inputs h ″, and the trapdoor T ═ T ″1,T2,...,TwY), and index I, for 1 < I < w, calculate
Figure BDA0003136777000000085
δ′=f[t,H(w′i)]And
Figure BDA0003136777000000086
i ═ H'1,H′2,...,H′wAnd) send to ciphertext data server S1,S2,..,Sn. The ciphertext data server Sj(j ═ 1, 2.. times, N) the hash value in I ″ is indexed separately with each id (f) in the file key index structure table it ownsi) Hash value of keyword in node (H ' [ E ' (w) ')i)]) And comparing, and adding 1 to the matching degree of the file every time one keyword is successfully matched. SjSelecting the text with the maximum matching degreePiece (S)jThe file with the largest number of search keywords of the search user) is recorded as fx(possibly multiple files) and then query fxFile access authority table and u in user tableiCalculating m ═ A (u)i)∩A(fx) If f isxIf the file is a plurality of files, the calculation is needed for a plurality of times, and if m is more than or equal to x1Then f will bexAdding the Result into a return Result; otherwise uiWithout permission to access fx,SjContinuously verifying the file with the second highest matching degree until the file is found; false is returned if there are no matching files. And then the matching degree values of the files are sent to the cloud server CS. The rest N-1 servers repeat the work in parallel, and through comparison, the cloud server CS informs the server S with the maximum matching degreejSending the corresponding file C' to the user; if there is no matching file, the cloud server CS returns a retrieval failure to the user.
(6) Decrypt (K, C'): the user executes the algorithm to decrypt the ciphertext, inputs the block key K and the received ciphertext C', for
Figure BDA0003136777000000091
Calculating fi=DECk(ENk(fi))。
In a second aspect of the embodiments of the present invention, a file retrieval system is also provided. FIG. 2 is a schematic diagram illustrating an embodiment of a document retrieval system provided by the present invention. As shown in fig. 2, a document retrieval system includes: the ciphertext file sending module 10 is configured to encrypt the storage file through the storage system to obtain a ciphertext file, send the ciphertext file to the cloud server, divide the ciphertext file into a plurality of parts, and send the parts to each ciphertext server; the keyword encryption module 20 is configured to encrypt keywords of the storage file by using a key generated by the authority center through the storage system to obtain a keyword index, and send the keyword index to the cloud server; a keyword index structure table sending module 30 configured to re-encrypt the keyword index through the cloud server to obtain a keyword index structure table, divide the keyword index structure table into a plurality of parts to respectively correspond to the divided ciphertext files one by one, and send the divided keyword index structure table to the corresponding ciphertext servers respectively; the retrieval module 40 is configured to send a trapdoor request based on an initial retrieval word to an authoritative center by a retrieval user, generate a trapdoor based on the trapdoor request and a key through the authoritative center, and return the trapdoor to the retrieval user; and the file obtaining module 50 is configured to receive the trapdoor sent by the retrieval user through the cloud server, send the trapdoor to the corresponding ciphertext server for calculation, and return the ciphertext file corresponding to the calculation result to the retrieval user so that the retrieval user can decrypt the ciphertext file to obtain the plaintext file.
In some embodiments, the ciphertext file sending module 10 includes a first sending module, configured to encrypt, by the storage system, the storage file by using a file key generated by the authority center and through a symmetric encryption algorithm to obtain a ciphertext file, and send the ciphertext file to the cloud server.
In some embodiments, the file obtaining module 50 includes a decryption module configured to return the ciphertext file corresponding to the calculation result to the search user, and decrypt the ciphertext file corresponding to the calculation result by using the symmetric key corresponding to the file key sent by the authority center by the search user to obtain the plaintext file.
In some embodiments, the search module 40 is further configured to send, by the search user, a trapdoor request based on the initial search term to the authoritative center, match the initial search term with a corresponding keyword through the authoritative center, and generate a trapdoor based on the matched keyword and the key.
In some embodiments, the keyword encryption module 20 includes a keyword index obtaining module configured to encrypt the keywords of the storage file by using the key and the random parameter generated by the authority center through the storage system to obtain a keyword index, and send the random parameter to the cloud server through the authority center.
In some embodiments, the search module 40 is further configured to send, by the search user, a trapdoor request based on the initial search term to the authoritative center, match the initial search term with corresponding keywords through the authoritative center, and provide corresponding random parameters for the matched keywords, and generate a trapdoor based on the matched keywords, the matched random parameters, and the key.
In some embodiments, the ciphertext file sending module 10 may include a ciphertext file splitting module configured to split the ciphertext file into multiple portions and send the portions to each of the ciphertext servers.
In a third aspect of the embodiment of the present invention, a computer-readable storage medium is further provided, and fig. 3 is a schematic diagram illustrating a computer-readable storage medium for implementing a file retrieval method according to an embodiment of the present invention. As shown in fig. 3, the computer-readable storage medium 3 stores computer program instructions 31, the computer program instructions 31 implementing the method of any one of the above embodiments when executed by a processor.
It is to be understood that all embodiments, features and advantages set forth above with respect to the document retrieval method according to the present invention are equally applicable, without conflict with one another, to the document retrieval system and the storage medium according to the present invention.
In a fourth aspect of the embodiments of the present invention, there is further provided a computer device, including a memory 402 and a processor 401, where the memory stores a computer program, and the computer program, when executed by the processor, implements the method of any one of the above embodiments.
Fig. 4 is a schematic hardware structure diagram of an embodiment of a computer device for executing a file retrieval method according to the present invention. Taking the computer device shown in fig. 4 as an example, the computer device includes a processor 401 and a memory 402, and may further include: an input device 403 and an output device 404. The processor 401, the memory 402, the input device 403 and the output device 404 may be connected by a bus or other means, and fig. 4 illustrates an example of a connection by a bus. The input device 403 may receive input numeric or character information and generate key signal inputs related to user settings and function controls of the document retrieval system. The output device 404 may include a display device such as a display screen.
The memory 402, which is a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules, such as program instructions/modules corresponding to the file retrieval method in the embodiments of the present application. The memory 402 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by use of a file retrieval method, and the like. Further, the memory 402 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, memory 402 may optionally include memory located remotely from processor 401, which may be connected to local modules via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The processor 401 executes various functional applications of the server and data processing by running nonvolatile software programs, instructions, and modules stored in the memory 402, that is, implements the file retrieval method of the above-described method embodiment.
Finally, it should be noted that the computer-readable storage medium (e.g., memory) herein can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. By way of example, and not limitation, nonvolatile memory can include Read Only Memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM), which can act as external cache memory. By way of example and not limitation, RAM is available in a variety of forms such as synchronous RAM (DRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), and Direct Rambus RAM (DRRAM). The storage devices of the disclosed aspects are intended to comprise, without being limited to, these and other suitable types of memory.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as software or hardware depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the disclosed embodiments of the present invention.
The foregoing is an exemplary embodiment of the present disclosure, but it should be noted that various changes and modifications could be made herein without departing from the scope of the present disclosure as defined by the appended claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. Furthermore, although elements of the disclosed embodiments of the invention may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated.
It should be understood that, as used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly supports the exception. It should also be understood that "and/or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items. The numbers of the embodiments disclosed in the embodiments of the present invention are merely for description, and do not represent the merits of the embodiments.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, of embodiments of the invention is limited to these examples; within the idea of an embodiment of the invention, also technical features in the above embodiment or in different embodiments may be combined and there are many other variations of the different aspects of the embodiments of the invention as described above, which are not provided in detail for the sake of brevity. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of the embodiments of the present invention are intended to be included within the scope of the embodiments of the present invention.

Claims (10)

1. A method for retrieving a document, comprising the steps of:
encrypting a storage file through a storage system to obtain a ciphertext file and sending the ciphertext file to a cloud server, and dividing the ciphertext file into a plurality of parts and respectively sending the parts to each ciphertext server;
encrypting the keywords of the storage file by using a key generated by an authority center through the storage system to obtain a keyword index, and sending the keyword index to the cloud server;
re-encrypting the keyword index through the cloud server to obtain a keyword index structure table, dividing the keyword index structure table into a plurality of parts to respectively correspond to the divided ciphertext files one by one, and respectively sending the divided keyword index structure table to the corresponding ciphertext servers;
sending a trapdoor request based on an initial search word to the authority center by a search user, generating the trapdoor based on the trapdoor request and the key through the authority center, and returning the trapdoor to the search user;
and receiving the trapdoor sent by the retrieval user through the cloud server, sending the trapdoor to a corresponding ciphertext server for calculation, and returning a ciphertext file corresponding to a calculation result to the retrieval user so that the retrieval user decrypts the ciphertext file to obtain a plaintext file.
2. The method of claim 1, wherein encrypting the storage file by the storage system to obtain the ciphertext file and sending the ciphertext file to the cloud server comprises:
and the storage system encrypts the storage file by using the file key generated by the authority center and through a symmetric encryption algorithm to obtain the ciphertext file, and sends the ciphertext file to the cloud server.
3. The method of claim 2, wherein returning the ciphertext file corresponding to the calculation result to the retrieving user so that the retrieving user may decrypt the ciphertext file to obtain a plaintext file comprises:
and returning the ciphertext file corresponding to the calculation result to the search user, and decrypting the ciphertext file corresponding to the calculation result by the search user by using the symmetric key which is sent by the authority center and corresponds to the file key to obtain a plaintext file.
4. The method of claim 1, wherein sending, by a search user, a trapdoor request based on an initial term to the authoritative center, and generating, by the authoritative center, a trapdoor based on the trapdoor request and the key comprises:
and sending a trapdoor request based on an initial search word to the authority center by the search user, matching corresponding keywords for the initial search word through the authority center, and generating the trapdoor based on the matched keywords and the key.
5. The method of claim 1, wherein encrypting, by the storage system, the key of the storage file using a key generated by an authority center to obtain a key index comprises:
and encrypting the keywords of the storage file by using the key and the random parameter generated by the authority center through the storage system to obtain a keyword index, and sending the random parameter to the cloud server through the authority center.
6. The method of claim 5, wherein sending, by a search user, a trapdoor request based on an initial term to the authoritative center, and generating, by the authoritative center, a trapdoor based on the trapdoor request and the key further comprises:
and sending a trapdoor request based on an initial search word to the authority center by the search user, matching corresponding keywords for the initial search word through the authority center, providing corresponding random parameters for the matched keywords, and generating the trapdoor based on the matched keywords, the matched random parameters and the key.
7. The method of claim 1, wherein dividing the ciphertext file into multiple portions and sending the multiple portions to each ciphertext server comprises:
and equally dividing the ciphertext file into multiple parts and respectively sending the multiple parts to each ciphertext server.
8. A document retrieval system, comprising:
the system comprises a ciphertext file sending module, a cloud server and a ciphertext file sending module, wherein the ciphertext file sending module is configured to encrypt a storage file through a storage system to obtain a ciphertext file and send the ciphertext file to the cloud server, and divide the ciphertext file into a plurality of parts and respectively send the parts to each ciphertext server;
the key word encryption module is configured to encrypt key words of the storage file by using a key generated by an authority center through the storage system to obtain a key word index, and send the key word index to the cloud server;
the key word index structure table sending module is configured to re-encrypt the key word index through the cloud server to obtain a key word index structure table, divide the key word index structure table into a plurality of parts to respectively correspond to the divided ciphertext files one by one, and respectively send the divided key word index structure table to the corresponding ciphertext server;
the retrieval module is configured for sending a trapdoor request based on an initial retrieval word to the authority center by a retrieval user, generating the trapdoor based on the trapdoor request and the key through the authority center, and returning the trapdoor to the retrieval user; and
and the file obtaining module is configured to receive the trapdoor sent by the retrieval user through the cloud server, send the trapdoor to a corresponding ciphertext server for calculation, and return a ciphertext file corresponding to a calculation result to the retrieval user so that the retrieval user can decrypt the ciphertext file to obtain a plaintext file.
9. A computer-readable storage medium, characterized in that computer program instructions are stored which, when executed, implement the method according to any one of claims 1-7.
10. A computer device comprising a memory and a processor, characterized in that the memory has stored therein a computer program which, when executed by the processor, performs the method according to any one of claims 1-7.
CN202110721833.7A 2021-06-28 2021-06-28 File retrieval method, system, storage medium and equipment Pending CN113609077A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110721833.7A CN113609077A (en) 2021-06-28 2021-06-28 File retrieval method, system, storage medium and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110721833.7A CN113609077A (en) 2021-06-28 2021-06-28 File retrieval method, system, storage medium and equipment

Publications (1)

Publication Number Publication Date
CN113609077A true CN113609077A (en) 2021-11-05

Family

ID=78336869

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110721833.7A Pending CN113609077A (en) 2021-06-28 2021-06-28 File retrieval method, system, storage medium and equipment

Country Status (1)

Country Link
CN (1) CN113609077A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114489839A (en) * 2022-01-12 2022-05-13 海南车智易通信息技术有限公司 Method and device for loading configuration data aiming at page and server

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011147047A (en) * 2010-01-18 2011-07-28 Nippon Telegr & Teleph Corp <Ntt> Proxy re-encryption system, transmitter, re-encryption key generating device, proxy device, receiver, proxy re-encryption method, programs therefor, and recording medium
CN104408177A (en) * 2014-12-15 2015-03-11 西安电子科技大学 Cipher searching method based on cloud document system
CN108062485A (en) * 2017-12-15 2018-05-22 北京工业大学 A kind of fuzzy keyword searching method of multi-service oriented device multi-user
WO2020133032A1 (en) * 2018-12-27 2020-07-02 深圳技术大学(筹) Multi-user ciphertext search method capable of preventing forgery
CN111556495A (en) * 2020-03-19 2020-08-18 西安电子科技大学 Multi-user searchable encryption method and encryption system in Internet of vehicles environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011147047A (en) * 2010-01-18 2011-07-28 Nippon Telegr & Teleph Corp <Ntt> Proxy re-encryption system, transmitter, re-encryption key generating device, proxy device, receiver, proxy re-encryption method, programs therefor, and recording medium
CN104408177A (en) * 2014-12-15 2015-03-11 西安电子科技大学 Cipher searching method based on cloud document system
CN108062485A (en) * 2017-12-15 2018-05-22 北京工业大学 A kind of fuzzy keyword searching method of multi-service oriented device multi-user
WO2020133032A1 (en) * 2018-12-27 2020-07-02 深圳技术大学(筹) Multi-user ciphertext search method capable of preventing forgery
CN111556495A (en) * 2020-03-19 2020-08-18 西安电子科技大学 Multi-user searchable encryption method and encryption system in Internet of vehicles environment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
黄海平;杜建澎;戴华;王汝传;: "一种基于云存储的多服务器多关键词可搜索加密方案", 电子与信息学报, no. 02 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114489839A (en) * 2022-01-12 2022-05-13 海南车智易通信息技术有限公司 Method and device for loading configuration data aiming at page and server
CN114489839B (en) * 2022-01-12 2023-08-01 海南车智易通信息技术有限公司 Method and device for loading configuration data on page and server

Similar Documents

Publication Publication Date Title
Soofi et al. A review on data security in cloud computing
Kaaniche et al. A secure client side deduplication scheme in cloud storage environments
US9219722B2 (en) Unclonable ID based chip-to-chip communication
Salam et al. Implementation of searchable symmetric encryption for privacy-preserving keyword search on cloud storage
CN108062485A (en) A kind of fuzzy keyword searching method of multi-service oriented device multi-user
US8977857B1 (en) System and method for granting access to protected information on a remote server
US20220209945A1 (en) Method and device for storing encrypted data
Chen et al. Password-authenticated searchable encryption
Shekhawat et al. Privacy-preserving techniques for big data analysis in cloud
Kalaivani et al. Enhanced hierarchical attribute based encryption with modular padding for improved public auditing in cloud computing using semantic ontology
CN112787822B (en) SM 9-based attribute encryption method and system under large attribute set
CN113609077A (en) File retrieval method, system, storage medium and equipment
Raghavendra et al. Index generation and secure multi-user access control over an encrypted cloud data
Yan et al. Secure and efficient big data deduplication in fog computing
CN115694921B (en) Data storage method, device and medium
CN116595560A (en) Fine-granularity multi-user searchable encryption method and device and electronic equipment
Raghavendra et al. DRSMS: Domain and range specific multi-keyword search over encrypted cloud data
Handa et al. An efficient cluster-based multi-keyword search on encrypted cloud data
Silambarasan et al. Attribute-based convergent encryption key management for secure deduplication in cloud
Senthil Kumar et al. Signature verification and bloom hashing technique for efficient cloud data storage
Shan et al. Fuzzy keyword search over encrypted cloud data with dynamic fine-grained access control
Kapse et al. Secure and Efficient Search Technique in Cloud Computing
Mishra et al. Improved cloud security approach with threshold cryptography
Thiyagarajan et al. Cryptographically imposed model for Efficient Multiple Keyword-based Search over Encrypted Data in Cloud by Secure Index using Bloom Filter and False Random Bit Generator.
Chen et al. Searchable encryption system for big data storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination