CN113747426A - Data auditing method and system, electronic equipment and storage medium - Google Patents

Data auditing method and system, electronic equipment and storage medium Download PDF

Info

Publication number
CN113747426A
CN113747426A CN202010406084.4A CN202010406084A CN113747426A CN 113747426 A CN113747426 A CN 113747426A CN 202010406084 A CN202010406084 A CN 202010406084A CN 113747426 A CN113747426 A CN 113747426A
Authority
CN
China
Prior art keywords
information
user
encryption key
encryption
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010406084.4A
Other languages
Chinese (zh)
Other versions
CN113747426B (en
Inventor
左海风
黄甫升
张劲
饶波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BOE Technology Group Co Ltd
Hefei Xinsheng Optoelectronics Technology Co Ltd
Original Assignee
BOE Technology Group Co Ltd
Hefei Xinsheng Optoelectronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BOE Technology Group Co Ltd, Hefei Xinsheng Optoelectronics Technology Co Ltd filed Critical BOE Technology Group Co Ltd
Priority to CN202010406084.4A priority Critical patent/CN113747426B/en
Publication of CN113747426A publication Critical patent/CN113747426A/en
Application granted granted Critical
Publication of CN113747426B publication Critical patent/CN113747426B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The disclosure provides a data auditing method and system, electronic equipment and a storage medium, and relates to the technical field of communication security. The method comprises the following steps: acquiring and registering the user according to the identity information of the user, and determining the registration information of the user; acquiring and registering an auditor according to identity information of the auditor to obtain registration information of the auditor; mutual authentication is carried out on the user according to the registration information of the user, and after the user is authenticated to be legal, the user uploads user data to a server; and mutually authenticating with the auditor according to the registration information of the auditor, and enabling the auditor to acquire user data from the server and audit the user data after the auditor is authenticated to be legal. The method and the device can effectively detect whether the user data is attacked or not, and improve the correctness of data audit.

Description

Data auditing method and system, electronic equipment and storage medium
Technical Field
The present disclosure relates to the field of communication security technologies, and in particular, to a data auditing method, a data auditing system, an electronic device, and a computer-readable storage medium.
Background
With the rapid development of wireless communication technology and sensing technology, wireless sensing networks are beginning to be widely applied to the fields of medical health and health, environmental monitoring, military reconnaissance, smart home and the like, and have wide commercial prospects and scientific research values. The wireless body area network is composed of a series of sensors and personal intelligent equipment, personal physiological information can be collected through the sensors deployed on or around a human body, then the collected physiological information is sent to a remote medical institution through the intelligent equipment, and the medical institution can process the physiological information on line and return diagnosis results.
Currently, a user can sign medical data and then upload the medical data to a server, and an auditor generates a medical data audit certificate and then obtains the data from the server and performs data audit. However, since the message communication is open in nature, the wireless body area network is subject to various security attacks, such as simulation attacks, and an attacker can impersonate a legitimate user to upload false medical data, thereby gaining violence or providing convenience to the attacker. Therefore, the confidentiality of the data cannot be guaranteed in the prior art, and the correctness of data audit is low.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure, and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
The present disclosure is directed to a data auditing method, a data auditing system, an electronic device, and a computer-readable storage medium, which overcome the problems that the confidentiality of user data cannot be guaranteed and the correctness of data auditing is low due to the limitations and defects of the related art to some extent.
According to a first aspect of the present disclosure, there is provided a data auditing method, comprising:
acquiring and registering a user according to identity information of the user, and determining registration information of the user;
acquiring and registering an auditor according to identity information of the auditor to obtain registration information of the auditor;
mutually authenticating with the user according to the registration information of the user, and uploading user data to a server by the user after authenticating that the user is legal;
and mutually authenticating with the auditor according to the registration information of the auditor, and after the auditor is authenticated to be legal, enabling the auditor to acquire the user data from the server and audit the user data.
Optionally, the mutually authenticating the user according to the registration information of the user includes:
the user generates user side encryption information according to identification information of a trusted center and a first encryption key and first pseudonym information of the user in registration information of the user, and sends the user side encryption information to the server;
the server encrypts the user side encryption information according to a private key of the server to obtain and send server side encryption information to the trusted center;
the trusted center decrypts the encrypted information at the server side according to the private key of the server to obtain first decrypted information;
when the identification information contained in the first decryption information is the same as the identification information of the trusted center, decrypting the initial encryption information contained in the first decryption information according to the first encryption key to obtain second decryption information;
the trusted center generates an authentication code according to the second decryption information and a private key of the trusted center, encrypts the authentication code, the first pseudonym information and the identification information according to the private key of the trusted center, the first encryption key and a private key of the server, and obtains and sends encrypted information of the trusted center side to the server;
the server decrypts the encrypted information of the trusted center side according to a private key of the server and the first encryption key to obtain third decrypted information, and when identification information in the third decrypted information is the same as that of the trusted center, the third decrypted information is sent to the user;
and the user decrypts the third decryption information according to the public key of the trusted center to obtain fourth decryption information, and when the pseudonym information in the fourth decryption information is the same as the first pseudonym information in the registration information of the user, the user is determined to be legal.
Optionally, the generating, by the user, user-side encryption information according to the identification information of the trusted center and a first encryption key and first pseudonym information of the user in the registration information of the user includes:
the user carries out hash operation on a first encryption key and a random integer of the user to generate a first hash code, and first pseudonym information, the first hash code and the random integer in the registration information of the user are encrypted through the first encryption key to generate initial encryption information;
and generating user side encryption information according to the initial encryption information, the first pseudonym information and the identification information of the trusted center.
Optionally, the generating, by the trust center, an authentication code according to the second decryption information and a private key of the trust center includes:
the trusted center performs hash operation on the first encryption key and an integer in the second decryption information to generate a second hash code;
and when the second hash code is the same as the first hash code, the trusted center performs hash operation on the first hash code and the private key of the trusted center to obtain an authentication code.
Optionally, the auditing method of the embodiment of the present disclosure further includes:
the user determines a second encryption key and generates a third encryption key according to the public key of the trusted center, the second encryption key and the first timestamp;
encrypting the first encryption key and the first time stamp according to the third encryption key, and sending the obtained first encryption information, the second encryption key and the first time stamp to the trusted center;
after the trusted center determines that the first timestamp is valid, a fourth encryption key is generated according to the second encryption key, the public key of the trusted center and the first timestamp, and the first encryption information is decrypted through the fourth encryption key to obtain a fifth encryption key and a second timestamp;
after the second timestamp is determined to be valid, if the registration confidence of all the users contains target registration information and the validity period of the first pseudonym information in the target registration information is invalid, determining an updated validity period; the target registration information comprises an encryption key which is the same as the fifth encryption key;
determining second pseudonym information according to the identity information of the user and the updated validity period, and determining a sixth encryption key;
storing updated registration information determined according to the updated validity period, the second pseudonym information and the sixth encryption key to the local;
performing hash operation on the second pseudonym information, the sixth encryption key and the second timestamp to obtain a first message authentication code;
encrypting the second pseudonym information, the sixth encryption key, the second timestamp and the first message authentication code by using the fourth encryption key to obtain second encryption information, and sending the second encryption information and a seventh encryption key to the user;
the user decrypts the second encrypted information according to the seventh encryption key to obtain fifth decrypted information;
and when the timestamp and the message authentication code in the fifth decryption information are valid, respectively using the sixth encryption key and the second pseudonym information as the own encryption key and the own pseudonym information.
Optionally, the auditing method of the embodiment of the present disclosure further includes:
after the second timestamp is determined to be valid, if target registration information is contained in the registration confidence of all users and the validity period of the first pseudonym information in the target registration information is valid, determining an eighth encryption key;
storing updated registration information determined according to the first pseudonym information, the validity period of the first pseudonym information and the eighth encryption key to the local;
performing hash operation on the first pseudonym information, the eighth encryption key and the second timestamp to obtain a second message authentication code;
encrypting the first pseudonym information, the eighth encryption key, the second timestamp and the second message authentication code by using the third encryption key to obtain third encryption information, and sending the third encryption information and a ninth encryption key to the user;
the user decrypts the third encrypted information according to the ninth encryption key to obtain sixth decrypted information;
and when the time stamp and the message authentication code in the sixth decryption information are valid, taking the eighth encryption key as the own encryption key.
Optionally, after authenticating that the user is legitimate, the method further comprises:
and the user carries out digital signature on the user data to obtain the user data after digital signature, and uploads the user data after digital signature to the server.
According to a second aspect of the present disclosure, there is provided a data auditing system comprising:
the user side is used for sending the identity information of the user to the trusted center;
the auditing end is used for sending the identity information of an auditor to the trusted center;
the trusted center is used for registering the user according to the identity information of the user and determining the registration information of the user; registering an auditor according to identity information of the auditor to obtain registration information of the auditor; performing mutual authentication with the user according to the registration information of the user; performing mutual authentication with the auditor according to the registration information of the auditor;
the user side is also used for uploading user data to the server after the authentication is legal;
the server is used for receiving and storing the user data uploaded by the user side;
and the auditing end is also used for acquiring the user data from the server and auditing the user data after the user data is authenticated to be legal.
Optionally, the user side is further configured to generate user side encryption information according to the identification information of the trusted center and a first encryption key and first pseudonym information of the user in the registration information of the user, and send the user side encryption information to the server;
the server is used for encrypting the user side encryption information according to a private key of the server to obtain and send the server side encryption information to the trusted center;
the trusted center is used for decrypting the encrypted information of the server side according to the private key of the server to obtain first decrypted information; when the identification information contained in the first decryption information is the same as the identification information of the trusted center, decrypting the initial encryption information contained in the first decryption information according to the first encryption key to obtain second decryption information; generating an authentication code according to the second decryption information and a private key of the server, encrypting the authentication code, the first pseudonym information and the identification information according to the private key of the server, the first encryption key and a private key of the server, obtaining and sending encrypted information of a trusted center side to the server;
the server is used for decrypting the encrypted information of the trusted center side according to a private key of the server and the first encryption key to obtain third decrypted information, and when identification information in the third decrypted information is the same as the identification information of the trusted center, the third decrypted information is sent to the user side;
and the user side is used for decrypting the third decryption information according to the public key of the trusted center to obtain fourth decryption information, and when the pseudonym information in the fourth decryption information is the same as the first pseudonym information in the registration information of the user, the user is determined to be legal.
Optionally, the user side is specifically configured to perform a hash operation on a first encryption key and a random integer of the user side to generate a first hash code, and encrypt first pseudonym information, the first hash code, and the random integer in the registration information of the user by using the first encryption key to generate initial encryption information; and generating user side encryption information according to the initial encryption information, the first pseudonym information and the identification information of the trusted center.
Optionally, the trusted center is configured to perform a hash operation on the first encryption key and an integer in the second decryption information to generate a second hash code; and when the second hash code is the same as the first hash code, the trusted center performs hash operation on the first hash code and the private key of the trusted center to obtain an authentication code.
Optionally, the user side is further configured to determine a second encryption key, and generate a third encryption key according to the public key of the trusted center, the second encryption key, and the first timestamp; encrypting the first encryption key and the first time stamp according to the third encryption key, and sending the obtained first encryption information, the second encryption key and the first time stamp to the trusted center;
the trusted center is configured to generate a fourth encryption key according to the second encryption key, the public key of the trusted center, and the first timestamp after determining that the first timestamp is valid, and decrypt the first encrypted information by using the fourth encryption key to obtain a fifth encryption key and a second timestamp;
after the second timestamp is determined to be valid, if the registration confidence of all the users contains target registration information and the validity period of the first pseudonym information in the target registration information is invalid, determining an updated validity period; the target registration information comprises an encryption key which is the same as the fifth encryption key;
determining second pseudonym information according to the identity information of the user and the updated validity period, and determining a sixth encryption key; storing updated registration information determined according to the updated validity period, the second pseudonym information and the sixth encryption key to the local;
performing hash operation on the second pseudonym information, the sixth encryption key and the second timestamp to obtain a first message authentication code;
encrypting the second pseudonym information, the sixth encryption key, the second timestamp and the first message authentication code by using the fourth encryption key to obtain second encryption information, and sending the second encryption information and a seventh encryption key to the user side;
the user side is used for decrypting the second encrypted information according to the seventh encryption key to obtain fifth decrypted information; and when the timestamp and the message authentication code in the fifth decryption information are valid, respectively using the sixth encryption key and the second pseudonym information as the own encryption key and the own pseudonym information.
Optionally, the trusted center is further configured to, after determining that the second timestamp is valid, determine an eighth encryption key if target registration information is included in the registration credits of all users and the validity period of the first pseudonym information in the target registration information is valid;
storing updated registration information determined according to the first pseudonym information, the validity period of the first pseudonym information and the eighth encryption key to the local;
performing hash operation on the first pseudonym information, the eighth encryption key and the second timestamp to obtain a second message authentication code;
encrypting the first pseudonym information, the eighth encryption key, the second timestamp and the second message authentication code by using the third encryption key to obtain third encryption information, and sending the third encryption information and a ninth encryption key to the user side;
the user side is used for decrypting the third encrypted information according to the ninth encryption key to obtain sixth decrypted information; and when the time stamp and the message authentication code in the sixth decryption information are valid, taking the eighth encryption key as the own encryption key.
Optionally, the user side is specifically configured to perform digital signature on the user data to obtain digitally signed user data, and upload the digitally signed user data to the server.
According to a third aspect of the present disclosure, there is provided an electronic device comprising: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform the method of any one of the above via execution of the executable instructions.
According to a fourth aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method of any one of the above.
Exemplary embodiments of the present disclosure may have at least some or all of the following benefits:
in the data auditing method provided by an example embodiment of the disclosure, before a user uploads data to a server and an auditor requests auditing data from the server, the user and the auditor can mutually authenticate with a trust center, and the user and the auditor can obtain the authority to use the server after the authentication is passed, so as to ensure that any attacker cannot imitate a legal user to upload false data and imitate auditor auditing data of the auditor, thereby ensuring the integrity and confidentiality of user data and improving the correctness of data auditing.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without the exercise of inventive faculty.
FIG. 1 shows a flow diagram of a data auditing method in an embodiment of the present disclosure;
FIG. 2 is a flow chart illustrating mutual authentication between a user and a trust center in an embodiment of the present disclosure;
FIG. 3 shows a flow diagram of digital signatures in an embodiment of the present disclosure;
FIG. 4 shows a flow chart of information updating in an embodiment of the present disclosure;
FIG. 5 shows a schematic diagram of a data auditing system in an embodiment of the present disclosure;
FIG. 6 shows a schematic structural diagram of an electronic device suitable for use in implementing embodiments of the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the subject matter of the present disclosure can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and the like. In other instances, well-known technical solutions have not been shown or described in detail to avoid obscuring aspects of the present disclosure.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
Currently, wireless sensor networks are receiving more and more extensive attention from academia and industry. The wireless body area network is taken as a branch of a wireless sensor network, and the important role is self-evident. A wireless body area network is composed of a series of resource-constrained embedded or wearable sensor nodes that are low-power, lightweight, and have wireless communication capabilities.
The sensing nodes in the wireless body area network can collect personal information of users in real time, wherein the personal information comprises physiological information, motion information, health information and the like. Because the user information contains a large amount of privacy information, if the information is attacked or tampered in the information transmission process, the privacy of the patient is revealed, the monitoring terminal can make wrong diagnosis, and the life safety of the patient is seriously damaged.
Therefore, the importance of the privacy of the medical data of the patient in the wireless body area network is particularly important for ensuring the integrity, confidentiality and privacy of the medical data in the transmission process. Also, it is necessary to address these security attacks. Therefore, the embodiment of the disclosure provides a data auditing method, which can ensure the confidentiality of data, effectively detect whether user data is attacked or not, and improve the correctness of data auditing.
Referring to fig. 1, fig. 1 shows a flowchart of a data auditing method in an embodiment of the present disclosure, which may include the following steps:
step S110, the user is registered according to the identity information of the user, and the registration information of the user is determined.
And step S120, registering the auditor according to the identity information of the auditor to obtain the registration information of the auditor.
Step S130, according to the registration information of the user, mutual authentication is carried out with the user, and after the user is authenticated to be legal, the user uploads the user data to the server.
And step S140, performing mutual authentication with the auditor according to the registration information of the auditor, and enabling the auditor to acquire the user data from the server and audit the user data after the auditor is authenticated to be legal.
According to the data auditing method, before the user uploads data to the server and the auditor requests the server for auditing data, the user and the auditor can mutually authenticate with the credible center, and the user and the auditor can obtain the authority of using the server after the authentication is passed, so that any attacker can not imitate the legal user to upload false data and imitate the auditor auditing data, the integrity and confidentiality of user data can be guaranteed, and the correctness of data auditing is improved.
The data auditing method of embodiments of the present disclosure is set forth in more detail below.
In the disclosed embodiment, the trusted center refers to a trusted third party in the wireless body area network, which has sufficient storage capacity and computing capacity and is considered impossible to compromise with the adversary. When an attacker is found to simulate a user or an auditor to send a false message, the credible center can recover the real identity of the sender.
Before step S110 is executed, the trust center and the auditing end may be initialized.
The initialization process of the trusted center may specifically be:
the trust center may select two large prime numbers P and q, a generator P of a group G of order q, and a nonsingular elliptic curve E (y)2=x3+ ax + b (mod) p, where a, b ∈ FpMod denotes the remainder operation, FpRepresenting a finite field containing p data. Wherein the order q is the attribute of the group and represents the number of elements in the group, and the generator P of the group means that the elements in the group can be generated by the product of the minimum number of group elements. For example, when a group is {1,2,4,8}, the generator of the group is {1,2 }.
The trusted center may also select a random number
Figure BDA0002491334470000101
Calculating P as its own private keypubS.p as its own public key;
Figure BDA0002491334470000102
representing a non-zero group of modulo q. Modulo q denotes an operation, for example, for modulo 3, 0, 1,2 can be obtained.
The initialization process of the audit end specifically may be:
generating hash function h, h: G → Z by audit endqRepresenting the process of generating corresponding numbers from points on an elliptic curve by means of a hash operation, ZqRepresenting the group of modes q, G is a point on the elliptic curve E.
And the audit end selects a lightweight encryption algorithm tau, and the symmetric key is sk. Audit end generation pseudo-random number generator
Figure BDA0002491334470000103
And a pseudo-random function SKprf×I→Zq. Wherein,
Figure BDA0002491334470000104
representing from SKpr#In (1) generation
Figure BDA0002491334470000105
In the above-described manner, the process (a),
Figure BDA0002491334470000106
representing the m data in the modulo q group. SKprf×I→ZqRepresenting from SKprfIn the formation of ZqThe process of (1). SKpr#Set of private keys being pseudo-random number generators, SKprfThe method comprises the steps of I, collecting a private key of a pseudorandom function, and I, collecting the sequencing positions of user data blocks. Audit end selects symmetric key pair (k)pr#,kprf) Wherein k ispr#∈SKpr#,kprf∈SKprf
In step S110, the user is registered according to the identity information of the user, and the registration information of the user is determined.
In step S120, the auditor is registered according to the identity information of the auditor, and registration information of the auditor is obtained.
The processes of registering the user and registering the auditor in steps S110 and S120 are similar, and the user is taken as an example for explanation.
The user can submit the identity information RID of the user to the trusted center through an offline mode. When a user connects to the wireless body area network, a tamper resistant device in the wireless body area network may be initialized. The trusted center calculates the intrinsic pseudonym information of the user
Figure BDA0002491334470000111
And the pseudonym information
Figure BDA0002491334470000112
Sent to the user, e.g. via an intelligent chip
Figure BDA0002491334470000113
And sending the data to the user. Wherein, VPiIndicating the validity period of the intrinsic pseudonym information,
Figure BDA0002491334470000114
according to RID and VPiPerforming a hash operation to obtain
Figure BDA0002491334470000115
Where i denotes the number of the user.
The user may then select a random number λiAs its own encryption key, among others,
Figure BDA0002491334470000116
will be lambdai
Figure BDA0002491334470000117
Stored in the tamper resistant device. At the same time, the tuples (RID, VP)i
Figure BDA0002491334470000118
λi) Stored in a member list of the trusted center. The registration information of the user may include: RID, VPi
Figure BDA0002491334470000119
λi. The RID can be stored at the user end,
Figure BDA00024913344700001110
And λiWithout storing the entire registration information.
In step S130, mutual authentication is performed with the user according to the registration information of the user, and after the user is authenticated to be legitimate, the user is made to upload user data to the server.
In this step, mutual authentication refers to mutual authentication between the trust center and the user. In the process, the interaction process of the server and the user and the interaction process of the server and the trusted center are also included. Referring to fig. 2, fig. 2 shows a flowchart of mutual authentication between a user and a trust center in the embodiment of the present disclosure, which may include the following steps:
step S210, the user generates user-side encrypted information according to the identification information of the trusted center and the first encryption key and the first pseudonym information of the user in the registration information of the user, and sends the user-side encrypted information to the server.
In this embodiment of the present disclosure, before performing this step, the user may input his or her fingerprint into the fingerprint verification device, and if the user fingerprint does not match the fingerprint information stored in the device, the user is not allowed to communicate with the trusted center, otherwise, the user is allowed to communicate with the trusted center, and then step S210 is performed.
In one implementation manner of the present disclosure, a user may perform a hash operation on a first encryption key and a random integer of the user to generate a first hash code, and encrypt first pseudonym information, the first hash code, and the random integer in registration information of the user through the first encryption key to generate initial encryption information; and generating user side encryption information according to the initial encryption information, the first pseudonym information and the identification information of the credible center. Of course, the method of generating the user-side encryption information by the user is not limited thereto.
For example, the user may randomly select an integer N, which is a random integer, and then let λ be an integeriHash operation is carried out on the N to generate a first Hash code HC ═ h (lambda)iN). Here, λiI.e. the first encryption key. Then, passing through λiFor intrinsic pseudonym information
Figure BDA0002491334470000121
The HC, N are encrypted and, if so,
Figure BDA0002491334470000122
indicating encrypted information, i.e., initial encryption information. And then, generating user side encryption information according to the initial encryption information, the first pseudonym information and the identification information of the credible center, and sending the user side encryption information to the server. Wherein the server may be a cloud server. The user side encryption information can be initial encryption information and time stamp T1Pseudonym information
Figure BDA0002491334470000123
And identity ID of the trusted centerTACan be expressed as
Figure BDA0002491334470000124
T1Indicating the validity period of the user.
And step S220, the server encrypts the user side encryption information according to the private key of the server to obtain and send the server side encryption information to the trusted center.
When the server receives the message from the user, the server attaches the ID of the serverCloudAnd adding a timestamp T1Is worth obtaining T2. Wherein, T2Indicating the validity period of the server. The server then encrypts the message using its own private key rsk
Figure BDA0002491334470000125
And sends it to the trust center.
Step S230, the trusted center decrypts the encrypted information on the server side according to the private key of the server, so as to obtain first decrypted information. And when the identification information contained in the first decryption information is the same as the identification information of the credible center, decrypting the initial encryption information contained in the first decryption information according to the first encryption key to obtain second decryption information.
In the embodiment of the disclosure, after receiving the message, the trusted center can decrypt the message by using rsk
Figure BDA0002491334470000131
Obtaining first decryption information
Figure BDA0002491334470000132
After the trusted center verifies the identity of the trusted center, lambda can be usediTo pair
Figure BDA0002491334470000133
And decrypting to obtain second decryption information, wherein the second decryption information comprises:
Figure BDA0002491334470000134
HC. And N is added. At this time, the values of the respective parameters in the second decryption information may be changed.
Step S240, the trusted center generates an authentication code according to the second decryption information and its own private key, and encrypts the authentication code, the first pseudonym information, and the identification information according to its own private key, the first encryption key, and the private key of the server, to obtain and send the encrypted information of the trusted center side to the server.
Specifically, the trusted center may perform a hash operation on the first encryption key and an integer in the second decryption information to generate a second hash code. And when the second hash code is the same as the first hash code, the trusted center performs hash operation on the first hash code and the private key of the trusted center to obtain the authentication code. I.e. the encryption key lambdaiAnd the hash is performed with N to generate a second hash code HC'. If HC', HC and its private key s hash to get the authentication code AC h (HC | | s).
Finally, the trusted center uses the private key s pair
Figure BDA0002491334470000135
T3Live, AC encryption
Figure BDA0002491334470000136
Lifetime is the validity period of the authentication code AC. Trusted center uses λiThe rsk encrypts the information to obtain encrypted information of the trusted center side
Figure BDA0002491334470000137
And sending the encrypted information of the trusted center side to the server. Wherein, T3Indicating the validity period of the trusted center.
Step S250, the server decrypts the encrypted information of the trusted center side according to the private key of the server and the first encryption key to obtain third decrypted information, and sends the third decrypted information to the user when the identification information in the third decrypted information is the same as the identification information of the trusted center.
In the embodiment of the disclosure, after receiving the encrypted information from the trusted center, the server decrypts the encrypted information by using its own private key and the first encryption key to obtain the third decrypted information
Figure BDA0002491334470000138
After verifying the identity of the trusted center, the server will
Figure BDA0002491334470000139
And sending the data to the user.
Step S260, the user decrypts the third decryption information according to the public key of the trusted center to obtain fourth decryption information, and when the pseudonym information in the fourth decryption information is the same as the first pseudonym information in the registration information of the user, it is determined that the user is legal.
Specifically, after receiving the third decryption information, the user may use the public key P of the trusted centerpubDecrypt it to obtain the inherent pseudonym information of the user
Figure BDA0002491334470000141
If the user data is equal to the user data, the user is regarded as a legal user, and the user data is allowed to be uploaded to the cloud server. The user data may include: medical data, and the like. Of course, the user may encrypt the data before uploading the data, and specifically, the user may encrypt the data by using the encryption algorithm τ and the symmetric key sk.
In an implementation manner of the present disclosure, to further improve data security, the user data may be digitally signed to obtain digitally signed user data, and the digitally signed user data may be uploaded to the server. Here, the encrypted data may be uploaded to a server together with the digitally signed user data.
Specifically, assume that the user data includes fj,1,fj,2,…,fj,n
Figure BDA0002491334470000142
J is more than or equal to 1 and less than or equal to J, J is a user data subscript, and J is the total amount of user data. m represents a data compression multiple by which the data is compressed,
Figure BDA0002491334470000143
representing an m x n dimensional vector on modulo q.
Figure BDA0002491334470000144
Each user data contains n data blocks. 1,2, …, n,
Figure BDA0002491334470000145
representing the m data in the modulo q group.
Referring to fig. 3, fig. 3 shows a flowchart of digital signature in the embodiment of the present disclosure, and first, through steps S310 to S330, a homomorphic message authentication code of a plurality of user data is generated.
In step S310, a random vector ξ generated by a pseudo-random number generatorj,ξj={ξj,1,ξj,2,…,ξj,m}。
In step S320, a random number ζ generated by a pseudo random functionj,l
In step S330, a homomorphic message authentication code δ is generated by compressing a data block m times using a random vector and a random numberj,l
Figure BDA0002491334470000146
δj,i∈Zq
Figure BDA0002491334470000147
ZqThe data are modulo-q groups, and the data amount included varies.
Then, through steps S340 to S350, the digital signature of the homomorphic message authentication code is calculated by using the elliptic curve signature algorithm.
Step S340 generates a first component, a second component, and a third component of the digital signature.
In the embodiment of the present disclosure, a point on the elliptic curve may be taken as the first component of the digital signature, i.e. the first component V of the digital signaturej,l=rj,lP=(αj,l,βj,l),αj,l、βj,lRepresenting points on an elliptic curve, rj,lIs a random number.
The second component of the digital signature may be tabulatedShown as follows: mu.sj,l=αj,lmod q. Third component v of digital signature computed using homomorphic message authentication code and private key sj,l,vj,l=(rj,lμj,lj,ls)mod q。
Step S350, digitally signing the user data according to the first component, the second component and the third component of the digital signature to obtain the digitally signed user data, and sending the digitally signed user data to the server.
Specifically, the first, second and third components of the digital signature may be represented as ωj,l=(Vj,l,μj,l,vj,l) The set of digital signatures is represented as
Figure BDA0002491334470000151
Can be according to omegaj,lFor user data fj,lAnd carrying out data signature to obtain the user data after digital signature. The method and the device can send the digitally signed user data and the encrypted data aiming at the user data to the server together, and can delete the locally digitally signed user data and the encrypted data at the same time.
In step S140, the auditor is mutually authenticated according to the registration information of the auditor, and after the auditor is authenticated to be legal, the auditor is enabled to obtain the user data from the server and audit the user data.
It should be noted that, similar to the aforementioned registration process, the process of mutual authentication between the user auditor and the trusted center is the same as the process of mutual authentication between the user and the trusted center, and is not described herein again.
The auditor is allowed to obtain user data from the server only after the auditor is determined to be legitimate. The method specifically comprises the following steps:
and generating audit challenge information by the authorized auditor and sending the audit challenge information to the server, wherein the audit challenge information refers to the information of the service requested by the auditor. And the server generates the audit certification response information of the aggregation of the medical big data after receiving the challenge information, and sends the audit certification response information to the authorized auditor. And the auditor detects the validity of the aggregation audit certification response information by using the public key of the elliptic curve signature algorithm and the symmetric key of the lightweight encryption algorithm. After validation, the data may be retrieved from the server.
In the embodiment of the disclosure, the pending data set in the server can be represented as
Figure BDA0002491334470000152
Figure BDA0002491334470000153
k is 0, 1 …, Iq-1,Ak=2kP,AkThe open point generated by P for the elliptic curve. Alternatively, the pending data set may also be represented as
Figure BDA0002491334470000161
For each 0<k<Iq-1,Bk=2kPpubIs an elliptic curve composed of PpubGenerated public points, IqA binary number of bits that is a large prime number q.
In one implementation of the present disclosure, the user may also update the inherent pseudonym identity and encryption key. Therefore, the information is updated regularly, and even if the information stored in the anti-tampering device is leaked due to the bypass attack, the information obtained by an attacker can be effective only in a short time, so that the side channel attack is resisted, and the integrity and confidentiality of user data are ensured.
Referring to fig. 4, fig. 4 shows a flowchart of information update in the embodiment of the present disclosure, which may include the following steps:
step S410, the user determines a second encryption key and generates a third encryption key according to the public key of the trusted center, the second encryption key and the first timestamp; and encrypting the first encryption key and the first time stamp according to the third encryption key, and sending the obtained first encryption information, the second encryption key and the first time stamp to the trusted center.
In particular, useThe user can select a random number r,
Figure BDA0002491334470000162
and obtaining a second encryption key z according to the z ═ r · P. According to pi1i=H3(z,Ppub,rPpub,Ti) Generating a third encryption key pi1i. Wherein H3() Representing a hash operation.
According to
Figure BDA0002491334470000163
Calculating first encryption information piLet T be (z, T)i,pi) Sent to a trusted center, TiIs a first timestamp representing the validity time of the identity information and key stored by the user in the trusted center.
In step S420, after determining that the first timestamp is valid, the trusted center generates a fourth encryption key according to the second encryption key, the public key of the trusted center, and the first timestamp, and decrypts the first encrypted information by using the fourth encryption key to obtain a fifth encryption key and the second timestamp.
Specifically, after the trusted center receives T, T can be checkediIf not, then terminate, otherwise, according to pi2i=H3(z,Ppub,x·z,Ti) Calculating a fourth encryption key pi2iDecryption of
Figure BDA0002491334470000164
To give (lambda'i,T′i). x represents a random number, and x represents a random number,
Figure BDA0002491334470000165
representing a decryption operation.
Step S430, after the second timestamp is determined to be valid, if the registration confidence of all the users contains the target registration information, whether the validity period of the first pseudonym information in the target registration information is valid is judged, and if the validity period is invalid, step S440 is executed; if valid, step S470 is performed. The target registration information includes an encryption key identical to the fifth encryption key.
In the disclosed embodiment, T 'is checked'iAnd if not, terminating. If yes, inquiring member list, if lambda is inquiredi=λ′iTuple of (RID, VP)i
Figure BDA0002491334470000171
λi) If the tuple does not exist, the process is terminated, and if the tuple exists, the information in the tuple is the target registration information.
Step S440, determining an updated validity period, determining second pseudonym information according to the identity information of the user and the updated validity period, and determining a sixth encryption key; and storing the updated registration information determined according to the updated validity period, the second pseudonym information and the sixth encryption key to the local.
If VPiInvalid, then select a new VP'iAccording to
Figure BDA0002491334470000172
Calculating to obtain second pseudonym information
Figure BDA0002491334470000173
And selects a new encryption key
Figure BDA0002491334470000174
Will (RID, VP'i
Figure BDA00024913344700001712
) As updated registration information and added to the member list.
Step S450, performing hash operation on the second pseudonym information, the sixth encryption key and the second timestamp to obtain a first message authentication code; and encrypting the second pseudonym information, the sixth encryption key, the second timestamp and the first message authentication code by using the fourth encryption key to obtain second encryption information, and sending the second encryption information and the seventh encryption key to the user.
In particular, the method comprises the following steps of,can be based on
Figure BDA0002491334470000176
Calculating to obtain a first message authentication code hRTAThe first message authentication code may also be sent to the user. Wherein h isRTAIs an HMAC (Hash-based Message Authentication Code, key dependent Hash Authentication Code),
Figure BDA0002491334470000177
the method is hash operation, and the message authentication codes of different cryptographic algorithms are calculated in different modes. According to
Figure BDA0002491334470000178
Second encryption information is obtained. Will (H)3(z) as a seventh encryption key, adding (H)3(z),p′i) And sending the data to the user.
In step S460, the user decrypts the second encrypted information according to the seventh encryption key to obtain fifth decrypted information. And when the time stamp and the message authentication code in the fifth decryption information are valid, respectively using the sixth encryption key and the second pseudonym information as the own encryption key and the own pseudonym information.
User receives (H)3(z),p′i) Then, can calculate
Figure BDA0002491334470000179
To obtain (A)
Figure BDA00024913344700001710
λ′i,T′i,hRTA') then verify T'iAnd hRTA' if effective, will: (
Figure BDA00024913344700001711
λ′i) As new intrinsic pseudonym information and encryption keys.
Step S470, determining an eighth encryption key, and storing updated registration information determined according to the first pseudonym information, the validity period of the first pseudonym information, and the eighth encryption key to the local; and carrying out hash operation on the first pseudonym information, the eighth encryption key and the second timestamp to obtain a second message authentication code.
Unlike step S440, since the validity period is valid, the encryption key may not be updated, and only the encryption key may be updated. Other processing procedures may refer to the corresponding branch of step S440, and are not described herein again.
Step S480, encrypt the first pseudonym information, the eighth encryption key, the second timestamp, and the second message authentication code with the third encryption key to obtain third encryption information, and send the third encryption information and the ninth encryption key to the user.
Step S490, the user decrypts the third encrypted information according to the ninth encryption key to obtain sixth decrypted information; and when the time stamp and the message authentication code in the sixth decryption information are valid, the eighth encryption key is used as the own encryption key.
According to the data auditing method, before the user sends data to the server and the auditor requests the server for auditing the data, mutual authentication can be respectively carried out with the credible center, and the user and the auditor can obtain the authority of using the server after the authentication is passed, so that no attacker exists in the auditing process. In addition, before an attacker obtains the information stored in the tamper-resistant device through bypass attack, the pseudonym and the encryption key are updated, so that the method is beneficial to resisting side channel attack, the integrity and the confidentiality of user data can be ensured, the privacy of a user can be ensured, the method is also beneficial to batch audit of user data by a third party auditor, whether the user data is attacked or not can be effectively detected, and the correctness of data audit is improved. For example, when the user data is medical data, the misdiagnosis rate of the doctor can be reduced.
It should be noted that although the various steps of the methods of the present disclosure are depicted in the drawings in a particular order, this does not require or imply that these steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.
Further, in the present exemplary embodiment, there is also provided a data auditing system 500, shown in fig. 5, including: a user terminal 510, an audit terminal 520, a trusted center 530 and a server 540;
a user terminal 510, configured to send identity information of a user to a trusted center;
the auditing end 520 is used for sending the identity information of the auditor to the trusted center;
the trusted center 530 is used for registering the user according to the identity information of the user and determining the registration information of the user; registering the auditor according to the identity information of the auditor to obtain registration information of the auditor; performing mutual authentication with the user according to the registration information of the user; performing mutual authentication with an auditor according to the registration information of the auditor;
the user terminal 510 is further configured to upload user data to the server after the authentication is legal;
the server 540 is configured to receive and store user data uploaded by a user side;
the auditing terminal 520 is further configured to obtain the user data from the server after the authentication is legal, and audit the user data.
In an exemplary embodiment of the disclosure, the user side is further configured to generate user side encryption information according to the identification information of the trusted center and a first encryption key and first pseudonym information of the user in the registration information of the user, and send the user side encryption information to the server;
the server is used for encrypting the user side encryption information according to a private key of the server to obtain and send the server side encryption information to the credible center;
the trusted center is used for decrypting the encrypted information of the server side according to the private key of the server to obtain first decrypted information; when the identification information contained in the first decryption information is the same as the identification information of the credible center, decrypting the initial encryption information contained in the first decryption information according to the first encryption key to obtain second decryption information; generating an authentication code according to the second decryption information and the private key of the server, encrypting the authentication code, the first pseudonym information and the identification information according to the private key of the server, the first encryption key and the private key of the server, and obtaining and sending encrypted information of the trusted center side to the server;
the server is used for decrypting the encrypted information of the trusted center side according to the private key of the server and the first encryption key to obtain third decrypted information, and when the identification information in the third decrypted information is the same as the identification information of the trusted center, the third decrypted information is sent to the user side;
and the user side is used for decrypting the third decryption information according to the public key of the trusted center to obtain fourth decryption information, and when the pseudonym information in the fourth decryption information is the same as the first pseudonym information in the registration information of the user, the user is determined to be legal.
In an exemplary embodiment of the present disclosure, the user side is specifically configured to perform a hash operation on a first encryption key and a random integer of the user side to generate a first hash code, and encrypt first pseudonym information, the first hash code, and the random integer in registration information of the user by using the first encryption key to generate initial encryption information; and generating user side encryption information according to the initial encryption information, the first pseudonym information and the identification information of the credible center.
In an exemplary embodiment of the disclosure, the trusted center is configured to perform a hash operation on the first encryption key and an integer in the second decryption information to generate a second hash code; and when the second hash code is the same as the first hash code, the trusted center performs hash operation on the first hash code and the private key of the trusted center to obtain the authentication code.
In an exemplary embodiment of the disclosure, the user side is further configured to determine a second encryption key, and generate a third encryption key according to the public key of the trusted center, the second encryption key, and the first timestamp; encrypting the first encryption key and the first time stamp according to the third encryption key, and sending the obtained first encryption information, the second encryption key and the first time stamp to the trusted center;
the trusted center is used for generating a fourth encryption key according to the second encryption key, the public key of the trusted center and the first timestamp after the first timestamp is determined to be valid, and decrypting the first encrypted information through the fourth encryption key to obtain a fifth encryption key and a second timestamp;
after the second timestamp is determined to be valid, if the registration confidence of all the users contains target registration information and the validity period of the first pseudonym information in the target registration information is invalid, determining an updated validity period; the target registration information comprises an encryption key which is the same as the fifth encryption key;
determining second pseudonym information according to the identity information of the user and the updated validity period, and determining a sixth encryption key; storing updated registration information determined according to the updated validity period, the second pseudonym information and the sixth encryption key to the local;
performing hash operation on the second pseudonym information, the sixth encryption key and the second timestamp to obtain a first message authentication code;
encrypting the second pseudonym information, the sixth encryption key, the second timestamp and the first message authentication code through the fourth encryption key to obtain second encryption information, and sending the second encryption information and the seventh encryption key to the user side;
the user side is used for decrypting the second encrypted information according to the seventh encryption key to obtain fifth decrypted information; and when the time stamp and the message authentication code in the fifth decryption information are valid, respectively using the sixth encryption key and the second pseudonym information as the own encryption key and the own pseudonym information.
In an exemplary embodiment of the disclosure, the trusted center is further configured to, after determining that the second timestamp is valid, determine an eighth encryption key if the target registration information is included in the registration credits of all the users and the validity period of the first pseudonym information in the target registration information is valid;
storing updated registration information determined according to the first pseudonym information, the validity period of the first pseudonym information and the eighth encryption key to the local;
performing hash operation on the first pseudonym information, the eighth encryption key and the second timestamp to obtain a second message authentication code;
encrypting the first pseudonym information, the eighth encryption key, the second timestamp and the second message authentication code through the third encryption key to obtain third encryption information, and sending the third encryption information and the ninth encryption key to the user side;
the user side is used for decrypting the third encrypted information according to the ninth encryption key to obtain sixth decrypted information; and when the time stamp and the message authentication code in the sixth decryption information are valid, the eighth encryption key is used as the own encryption key.
In an exemplary embodiment of the present disclosure, the user side is further configured to perform digital signature on the user data to obtain the digitally signed user data, and upload the digitally signed user data to the server.
The specific details of each device in the system are already described in detail in the corresponding method, and therefore are not described herein again.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
In an exemplary embodiment of the present disclosure, there is also provided an electronic device including: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to perform all or part of the steps of the data auditing method in this example embodiment.
Fig. 6 shows a schematic structural diagram of an electronic device for implementing an embodiment of the present disclosure. It should be noted that the electronic device 600 shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of the application of the embodiments of the present disclosure.
As shown in fig. 6, the electronic apparatus 600 includes a central processor 601, which can perform various appropriate actions and processes according to a program stored in a read only memory 602 or a program loaded from a storage section 608 into a random access memory 603. In the random access memory 603, a cpu 601, a rom 602, and a random access memory 603, which store various programs and data necessary for system operation, are connected to each other via a bus 604. An input/output interface 605 is also connected to bus 604.
The following components are connected to the input/output interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output portion 607 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a Local Area Network (LAN) card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the input/output interface 605 as necessary. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted in the storage section 608 as necessary.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 609, and/or installed from the removable medium 611. The computer program, when executed by the central processor 601, performs various functions defined in the system of the present application.
In an exemplary embodiment of the disclosure, there is also provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method of any one of the above.
It should be noted that the computer readable storage medium shown in the present disclosure can be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer-readable signal medium may include a propagated data signal with computer-readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, radio frequency, etc., or any suitable combination of the foregoing.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (10)

1. A method of data auditing, comprising:
acquiring and registering a user according to identity information of the user, and determining registration information of the user;
acquiring and registering an auditor according to identity information of the auditor to obtain registration information of the auditor;
mutually authenticating with the user according to the registration information of the user, and uploading user data to a server by the user after authenticating that the user is legal;
and mutually authenticating with the auditor according to the registration information of the auditor, and after the auditor is authenticated to be legal, enabling the auditor to acquire the user data from the server and audit the user data.
2. The method of claim 1, wherein the mutually authenticating the user according to the registration information of the user comprises:
the user generates user side encryption information according to identification information of a trusted center and a first encryption key and first pseudonym information of the user in registration information of the user, and sends the user side encryption information to the server;
the server encrypts the user side encryption information according to a private key of the server to obtain and send server side encryption information to the trusted center;
the trusted center decrypts the encrypted information at the server side according to the private key of the server to obtain first decrypted information;
when the identification information contained in the first decryption information is the same as the identification information of the trusted center, decrypting the initial encryption information contained in the first decryption information according to the first encryption key to obtain second decryption information;
the trusted center generates an authentication code according to the second decryption information and a private key of the trusted center, encrypts the authentication code, the first pseudonym information and the identification information according to the private key of the trusted center, the first encryption key and a private key of the server, and obtains and sends encrypted information of the trusted center side to the server;
the server decrypts the encrypted information of the trusted center side according to a private key of the server and the first encryption key to obtain third decrypted information, and when identification information in the third decrypted information is the same as that of the trusted center, the third decrypted information is sent to the user;
and the user decrypts the third decryption information according to the public key of the trusted center to obtain fourth decryption information, and when the pseudonym information in the fourth decryption information is the same as the first pseudonym information in the registration information of the user, the user is determined to be legal.
3. The method according to claim 2, wherein the user generates user-side encryption information according to the identification information of the trusted center and the first encryption key and the first pseudonym information of the user in the registration information of the user, and the method includes:
the user carries out hash operation on a first encryption key and a random integer of the user to generate a first hash code, and first pseudonym information, the first hash code and the random integer in the registration information of the user are encrypted through the first encryption key to generate initial encryption information;
and generating user side encryption information according to the initial encryption information, the first pseudonym information and the identification information of the trusted center.
4. The method of claim 3, wherein the trusted center generates an authentication code according to the second decryption information and its own private key, and comprises:
the trusted center performs hash operation on the first encryption key and an integer in the second decryption information to generate a second hash code;
and when the second hash code is the same as the first hash code, the trusted center performs hash operation on the first hash code and the private key of the trusted center to obtain an authentication code.
5. The method of claim 1, further comprising:
the user determines a second encryption key and generates a third encryption key according to the public key of the trusted center, the second encryption key and the first timestamp;
encrypting the first encryption key and the first time stamp according to the third encryption key, and sending the obtained first encryption information, the second encryption key and the first time stamp to the trusted center;
after the trusted center determines that the first timestamp is valid, a fourth encryption key is generated according to the second encryption key, the public key of the trusted center and the first timestamp, and the first encryption information is decrypted through the fourth encryption key to obtain a fifth encryption key and a second timestamp;
after the second timestamp is determined to be valid, if the registration confidence of all the users contains target registration information and the validity period of the first pseudonym information in the target registration information is invalid, determining an updated validity period; the target registration information comprises an encryption key which is the same as the fifth encryption key;
determining second pseudonym information according to the identity information of the user and the updated validity period, and determining a sixth encryption key;
storing updated registration information determined according to the updated validity period, the second pseudonym information and the sixth encryption key to the local;
performing hash operation on the second pseudonym information, the sixth encryption key and the second timestamp to obtain a first message authentication code;
encrypting the second pseudonym information, the sixth encryption key, the second timestamp and the first message authentication code by using the fourth encryption key to obtain second encryption information, and sending the second encryption information and a seventh encryption key to the user;
the user decrypts the second encrypted information according to the seventh encryption key to obtain fifth decrypted information;
and when the timestamp and the message authentication code in the fifth decryption information are valid, respectively using the sixth encryption key and the second pseudonym information as the own encryption key and the own pseudonym information.
6. The method of claim 5, further comprising:
after the second timestamp is determined to be valid, if target registration information is contained in the registration confidence of all users and the validity period of the first pseudonym information in the target registration information is valid, determining an eighth encryption key;
storing updated registration information determined according to the first pseudonym information, the validity period of the first pseudonym information and the eighth encryption key to the local;
performing hash operation on the first pseudonym information, the eighth encryption key and the second timestamp to obtain a second message authentication code;
encrypting the first pseudonym information, the eighth encryption key, the second timestamp and the second message authentication code by using the third encryption key to obtain third encryption information, and sending the third encryption information and a ninth encryption key to the user;
the user decrypts the third encrypted information according to the ninth encryption key to obtain sixth decrypted information;
and when the time stamp and the message authentication code in the sixth decryption information are valid, taking the eighth encryption key as the own encryption key.
7. The method of claim 1, wherein after authenticating the user is legitimate, the method further comprises:
and the user carries out digital signature on the user data to obtain the user data after digital signature, and uploads the user data after digital signature to the server.
8. A data auditing system, comprising: the system comprises a user side, an audit side, a trusted center and a server;
the user side is used for sending the identity information of the user to the trusted center;
the auditing end is used for sending the identity information of an auditor to the trusted center;
the trusted center is used for registering the user according to the identity information of the user and determining the registration information of the user; registering an auditor according to identity information of the auditor to obtain registration information of the auditor; performing mutual authentication with the user according to the registration information of the user; performing mutual authentication with the auditor according to the registration information of the auditor;
the user side is also used for uploading user data to the server after the authentication is legal;
the server is used for receiving and storing the user data uploaded by the user side;
and the auditing end is also used for acquiring the user data from the server and auditing the user data after the user data is authenticated to be legal.
9. An electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the method of any of claims 1-7 via execution of the executable instructions.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method of any one of claims 1 to 7.
CN202010406084.4A 2020-05-14 2020-05-14 Data auditing method and system, electronic equipment and storage medium Active CN113747426B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010406084.4A CN113747426B (en) 2020-05-14 2020-05-14 Data auditing method and system, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010406084.4A CN113747426B (en) 2020-05-14 2020-05-14 Data auditing method and system, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113747426A true CN113747426A (en) 2021-12-03
CN113747426B CN113747426B (en) 2024-04-05

Family

ID=78723452

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010406084.4A Active CN113747426B (en) 2020-05-14 2020-05-14 Data auditing method and system, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113747426B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114531295A (en) * 2022-03-01 2022-05-24 中国光大银行股份有限公司 User behavior auditing system, method, equipment and storage medium
CN114900373A (en) * 2022-07-11 2022-08-12 南京极域信息科技有限公司 Dynamic encryption system and method for realizing audit data storage
CN115333857A (en) * 2022-10-11 2022-11-11 晨越建设项目管理集团股份有限公司 Detection method for preventing data from being tampered based on smart city system cloud platform

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105704117A (en) * 2015-12-29 2016-06-22 金华鸿正科技有限公司 Internet online voting system
CN107124424A (en) * 2017-05-22 2017-09-01 迈普通信技术股份有限公司 Real name auditing method, equipment and system
CN107517221A (en) * 2017-09-29 2017-12-26 北京计算机技术及应用研究所 A kind of acentric secure and trusted auditing system
CN107592311A (en) * 2017-09-18 2018-01-16 西南石油大学 Towards the cloud storage medical treatment big data lightweight batch auditing method of wireless body area network
CN108712259A (en) * 2018-05-02 2018-10-26 西南石油大学 Identity-based acts on behalf of the efficient auditing method of cloud storage for uploading data
JP2018182487A (en) * 2017-04-10 2018-11-15 アイビーシー株式会社 Electronic certification system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105704117A (en) * 2015-12-29 2016-06-22 金华鸿正科技有限公司 Internet online voting system
JP2018182487A (en) * 2017-04-10 2018-11-15 アイビーシー株式会社 Electronic certification system
CN107124424A (en) * 2017-05-22 2017-09-01 迈普通信技术股份有限公司 Real name auditing method, equipment and system
CN107592311A (en) * 2017-09-18 2018-01-16 西南石油大学 Towards the cloud storage medical treatment big data lightweight batch auditing method of wireless body area network
CN107517221A (en) * 2017-09-29 2017-12-26 北京计算机技术及应用研究所 A kind of acentric secure and trusted auditing system
CN108712259A (en) * 2018-05-02 2018-10-26 西南石油大学 Identity-based acts on behalf of the efficient auditing method of cloud storage for uploading data

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114531295A (en) * 2022-03-01 2022-05-24 中国光大银行股份有限公司 User behavior auditing system, method, equipment and storage medium
CN114900373A (en) * 2022-07-11 2022-08-12 南京极域信息科技有限公司 Dynamic encryption system and method for realizing audit data storage
CN114900373B (en) * 2022-07-11 2022-10-14 南京极域信息科技有限公司 Dynamic encryption system and method for realizing audit data storage
CN115333857A (en) * 2022-10-11 2022-11-11 晨越建设项目管理集团股份有限公司 Detection method for preventing data from being tampered based on smart city system cloud platform
CN115333857B (en) * 2022-10-11 2023-03-07 晨越建设项目管理集团股份有限公司 Detection method for preventing data from being tampered based on smart city system cloud platform

Also Published As

Publication number Publication date
CN113747426B (en) 2024-04-05

Similar Documents

Publication Publication Date Title
CN111639361B (en) Block chain key management method, multi-person common signature method and electronic device
Ullah et al. Elliptic Curve Cryptography; Applications, challenges, recent advances, and future trends: A comprehensive survey
Li et al. Fuzzy identity-based data integrity auditing for reliable cloud storage systems
Fu et al. NPP: A new privacy-aware public auditing scheme for cloud data sharing with group users
CN114730420A (en) System and method for generating signatures
Wei et al. Privacy-preserving implicit authentication protocol using cosine similarity for Internet of Things
Xu et al. A secure and computationally efficient authentication and key agreement scheme for internet of vehicles
CN113747426B (en) Data auditing method and system, electronic equipment and storage medium
JP5224481B2 (en) Password authentication method
CN103414690A (en) Publicly-verifiable cloud data possession checking method
CN112733179B (en) Lightweight non-interactive privacy protection data aggregation method
CN106487786A (en) A kind of cloud data integrity verification method based on biological characteristic and system
CN108390866B (en) Trusted remote certification method and system based on double-agent bidirectional anonymous authentication
Zhou et al. An efficient identity authentication scheme with dynamic anonymity for VANETs
Chen et al. Privacy‐Preserving Data Aggregation Protocol for Fog Computing‐Assisted Vehicle‐to‐Infrastructure Scenario
Xia et al. A secure and efficient authenticated key exchange scheme for smart grid
Lu et al. Improved certificate‐based signature scheme without random oracles
Tian et al. DIVRS: Data integrity verification based on ring signature in cloud storage
CN113364595B (en) Power grid private data signature aggregation method and device and computer equipment
Ali et al. Secure IoT framework for authentication and confidentiality using hybrid cryptographic schemes
Kumar et al. An efficient and secure identity-based integrity auditing scheme for sensitive data with anti-replacement attack on multi-cloud storage
CN111245611A (en) Anti-quantum computing identity authentication method and system based on secret sharing and wearable equipment
Rehman et al. Securing cloud storage by remote data integrity check with secured key generation
CN115550007A (en) Signcryption method and system with equivalence test function based on heterogeneous system
Zhang et al. CKAA: Certificateless key‐agreement authentication scheme in digital twin telemedicine environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant